[Touch-packages] [Bug 1873627] Re: auditd fails after moving /var it a new filesystem and turning /var/run into a symlink to /run

2021-05-13 Thread Seth Arnold
Thanks for the strace, these looked like the 'important' parts:

sendto(3, {{len=56, type=AUDIT_SET, flags=NLM_F_REQUEST|NLM_F_ACK, seq=3, 
pid=0}, 
"\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa2\xb8\x29\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"...},
 56, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=}, 12) = 56
poll([{fd=3, events=POLLIN}], 1, 500)   = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, {{len=76, type=NLMSG_ERROR, flags=0, seq=3, pid=2734242}, 
{error=-EEXIST, msg={{len=56, type=AUDIT_SET, flags=NLM_F_REQUEST|NLM_F_ACK, 
seq=3, pid=0}, 
"\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa2\xb8\x29\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"...}}},
 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, nl_pid=0, 
nl_groups=}, [12]) = 76
recvfrom(3, {{len=76, type=NLMSG_ERROR, flags=0, seq=3, pid=2734242}, 
{error=-EEXIST, msg={{len=56, type=AUDIT_SET, flags=NLM_F_REQUEST|NLM_F_ACK, 
seq=3, pid=0}, 
"\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa2\xb8\x29\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"...}}},
 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=}, 
[12]) = 76
write(2, "Error setting audit daemon pid ("..., 44Error setting audit daemon 
pid (File exists)) = 44

...

write(2, "The audit daemon is exiting.", 28The audit daemon is exiting.) = 28
write(2, "\n", 1
)   = 1
sendto(3, {{len=56, type=AUDIT_SET, flags=NLM_F_REQUEST|NLM_F_ACK, seq=4, 
pid=0}, 
"\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"...},
 56, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=}, 12) = 56
poll([{fd=3, events=POLLIN}], 1, 500)   = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, {{len=76, type=NLMSG_ERROR, flags=0, seq=4, pid=2734242}, 
{error=-EACCES, msg={{len=56, type=AUDIT_SET, flags=NLM_F_REQUEST|NLM_F_ACK, 
seq=4, pid=0}, 
"\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"...}}},
 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, nl_pid=0, 
nl_groups=}, [12]) = 76
recvfrom(3, {{len=76, type=NLMSG_ERROR, flags=0, seq=4, pid=2734242}, 
{error=-EACCES, msg={{len=56, type=AUDIT_SET, flags=NLM_F_REQUEST|NLM_F_ACK, 
seq=4, pid=0}, 
"\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"...}}},
 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=}, 
[12]) = 76
write(2, "Error setting audit daemon pid ("..., 50Error setting audit daemon 
pid (Permission denied)) = 50
write(2, "\n", 1
)   = 1

I don't understand why it's issuing an AUDIT_SET command after it
already decided to exit -- maybe it's just trying to tear itself down
cleanly.


I found a few cases in the kernel code for returning both file exists and 
permission denied:

kernel/audit.c audit_netlink_ok():

/* Only support auditd and auditctl in initial pid namespace
 * for now. */
if (task_active_pid_ns(current) != _pid_ns)
return -EPERM;

if (!netlink_capable(skb, CAP_AUDIT_CONTROL))
err = -EPERM;
break;


kernel/audit.c audit_receive_msg():

auditd_pid = auditd_pid_vnr();
if (auditd_pid) {
/* replacing a healthy auditd is not allowed */
if (new_pid) {
audit_log_config_change("audit_pid",
new_pid, auditd_pid, 0);
return -EEXIST;
}


kernel/audit.c audit_set_feature():

   /* are we changing a locked feature? */
if (old_lock && (new_feature != old_feature)) {
audit_log_feature_change(i, old_feature, new_feature,
 old_lock, new_lock, 0);
return -EPERM;
}


Do any of these feel applicable to your environment?

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to audit in Ubuntu.
https://bugs.launchpad.net/bugs/1873627

Title:
  auditd fails after moving /var it a new filesystem and turning
  /var/run into a symlink to /run

Status in audit package in Ubuntu:
  Confirmed

Bug description:
  Auditd was working on my system (Ubuntu 18.04LTS, kernel
  4.15.0-1065-aws) until recently. But after splitting off /var into a
  new filesystem it fails to launch.

  running '/sbin/auditd -f' as root indicates a problem writing the pid file 
(no file exists even when it says one does) Post config load command output: 
  Started dispatcher: 

[Touch-packages] [Bug 1926254] Re: x509 Certificate verification fails when basicConstraints=CA:FALSE, pathlen:0 on self-signed leaf certs

2021-05-03 Thread Seth Arnold
Matthew, thanks so much! sounds good to me.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1926254

Title:
  x509 Certificate verification fails when
  basicConstraints=CA:FALSE,pathlen:0 on self-signed leaf certs

Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Focal:
  In Progress
Status in openssl source package in Groovy:
  In Progress
Status in openssl source package in Hirsute:
  Fix Released

Bug description:
  [Impact]

  In openssl 1.1.1f, the below commit was merged:

  commit ba4356ae4002a04e28642da60c551877eea804f7
  Author: Bernd Edlinger 
  Date:   Sat Jan 4 15:54:53 2020 +0100
  Subject: Fix error handling in x509v3_cache_extensions and related functions
  Link: 
https://github.com/openssl/openssl/commit/ba4356ae4002a04e28642da60c551877eea804f7

  This introduced a regression which caused certificate validation to
  fail when certificates violate RFC 5280 [1], namely, when a
  certificate has "basicConstraints=CA:FALSE,pathlen:0". This
  combination is commonly seen by self-signed leaf certificates with an
  intermediate CA before the root CA.

  Because of this, openssl 1.1.1f rejects these certificates and they
  cannot be used in the system certificate store, and ssl connections
  fail when you try to use them to connect to a ssl endpoint.

  The error you see when you try verify is:

  $ openssl verify -CAfile CA/rootCA_cert.pem -untrusted CA/subCA_cert.pem 
user1_cert.pem
  error 20 at 0 depth lookup: unable to get local issuer certificate
  error user1_cert.pem: verification failed

  The exact same certificates work fine on Xenial, Bionic and Hirsute.

  [1] https://tools.ietf.org/html/rfc5280.html

  [Testcase]

  We will create our own root CA, intermediate CA and leaf server
  certificate.

  Create necessary directories:

  $ mkdir reproducer
  $ cd reproducer
  $ mkdir CA

  Write openssl configuration files to disk for each CA and cert:

  $ cat << EOF >> rootCA.cnf
  [ req ]
  prompt  = no
  distinguished_name  = req_distinguished_name
  x509_extensions = usr_cert

  [ req_distinguished_name ]
  C  = DE
  O  = Test Org
  CN = Test RSA PSS Root-CA

  [ usr_cert ]
  basicConstraints= critical,CA:TRUE
  keyUsage= critical,keyCertSign,cRLSign
  subjectKeyIdentifier= hash
  authorityKeyIdentifier  = keyid:always
  EOF

  $ cat << EOF >> subCA.cnf
  [ req ]
  prompt  = no
  distinguished_name  = req_distinguished_name
  x509_extensions = usr_cert

  [ req_distinguished_name ]
  C  = DE
  O  = Test Org
  CN = Test RSA PSS Sub-CA

  [ usr_cert ]
  basicConstraints= critical,CA:TRUE,pathlen:0
  keyUsage= critical,keyCertSign,cRLSign
  subjectKeyIdentifier= hash
  authorityKeyIdentifier  = keyid:always
  EOF

  $ cat << EOF >> user.cnf
  [ req ]
  prompt  = no
  distinguished_name  = req_distinguished_name
  x509_extensions = usr_cert

  [ req_distinguished_name ]
  C  = DE
  O  = Test Org
  CN = Test User

  [ usr_cert ]
  basicConstraints= critical,CA:FALSE,pathlen:0
  keyUsage= critical,digitalSignature,keyAgreement
  extendedKeyUsage= clientAuth,serverAuth
  subjectKeyIdentifier= hash
  authorityKeyIdentifier  = keyid:always
  EOF

  Then generate the necessary RSA keys and form certificates:

  $ openssl genpkey -algorithm RSA-PSS -out rootCA_key.pem -pkeyopt 
rsa_keygen_bits:2048
  $ openssl req -config rootCA.cnf -set_serial 01 -new -batch -sha256 -nodes 
-x509 -days 9125 -out CA/rootCA_cert.pem -key rootCA_key.pem -sigopt 
rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1

  $ openssl genpkey -algorithm RSA-PSS -out subCA_key.pem -pkeyopt 
rsa_keygen_bits:2048
  $ openssl req -config subCA.cnf -new -out subCA_req.pem -key subCA_key.pem 
-sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1
  $ openssl x509 -req -sha256 -in subCA_req.pem -CA CA/rootCA_cert.pem -CAkey 
rootCA_key.pem -out CA/subCA_cert.pem -CAserial rootCA_serial.txt 
-CAcreateserial -extfile subCA.cnf -extensions usr_cert -days 4380 -sigopt 
rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1
  $ c_rehash CA

  $ openssl genpkey -algorithm RSA-PSS -out user1_key.pem -pkeyopt 
rsa_keygen_bits:2048
  $ openssl req -config user.cnf -new -out user1_req.pem -key user1_key.pem 
-sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1
  $ openssl x509 -req -sha256 -in user1_req.pem -CA CA/subCA_cert.pem -CAkey 
subCA_key.pem -out user1_cert.pem -CAserial subCA_serial.txt -CAcreateserial 
-extfile user.cnf -extensions usr_cert -days 1825 -sigopt rsa_padding_mode:pss 
-sigopt rsa_pss_saltlen:-1

  Now, let's try verify the generated certificates:

  $ openssl version
  OpenSSL 1.1.1f  31 Mar 2020
  $ openssl verify -CAfile CA/rootCA_cert.pem -untrusted CA/subCA_cert.pem 
user1_cert.pem
  error 20 at 0 depth lookup: unable to 

[Touch-packages] [Bug 1926254] Re: x509 Certificate verification fails when basicConstraints=CA:FALSE, pathlen:0 on self-signed leaf certs

2021-04-30 Thread Seth Arnold
Hello Dan and Matthew, thanks for working on this. I gave the debdiffs a
look, skimmed through openssl changes, and don't see any reason to not
do this. There *are* larger changes to that function in
https://github.com/openssl/openssl/commit/1e41dadfa7b9f792ed0f4714a3d3d36f070cf30e
-- but it's a fairly invasive change, and I'm not recommending or
suggesting we take it instead. It'd be nice though if someone could
double-check the certs in question against a build that uses this newer
commit and make sure that we're not backporting a very short-lived
functional change.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1926254

Title:
  x509 Certificate verification fails when
  basicConstraints=CA:FALSE,pathlen:0 on self-signed leaf certs

Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Focal:
  In Progress
Status in openssl source package in Groovy:
  In Progress
Status in openssl source package in Hirsute:
  Fix Released

Bug description:
  [Impact]

  In openssl 1.1.1f, the below commit was merged:

  commit ba4356ae4002a04e28642da60c551877eea804f7
  Author: Bernd Edlinger 
  Date:   Sat Jan 4 15:54:53 2020 +0100
  Subject: Fix error handling in x509v3_cache_extensions and related functions
  Link: 
https://github.com/openssl/openssl/commit/ba4356ae4002a04e28642da60c551877eea804f7

  This introduced a regression which caused certificate validation to
  fail when certificates violate RFC 5280 [1], namely, when a
  certificate has "basicConstraints=CA:FALSE,pathlen:0". This
  combination is commonly seen by self-signed leaf certificates with an
  intermediate CA before the root CA.

  Because of this, openssl 1.1.1f rejects these certificates and they
  cannot be used in the system certificate store, and ssl connections
  fail when you try to use them to connect to a ssl endpoint.

  The error you see when you try verify is:

  $ openssl verify -CAfile CA/rootCA_cert.pem -untrusted CA/subCA_cert.pem 
user1_cert.pem
  error 20 at 0 depth lookup: unable to get local issuer certificate
  error user1_cert.pem: verification failed

  The exact same certificates work fine on Xenial, Bionic and Hirsute.

  [1] https://tools.ietf.org/html/rfc5280.html

  [Testcase]

  We will create our own root CA, intermediate CA and leaf server
  certificate.

  Create necessary directories:

  $ mkdir reproducer
  $ cd reproducer
  $ mkdir CA

  Write openssl configuration files to disk for each CA and cert:

  $ cat << EOF >> rootCA.cnf
  [ req ]
  prompt  = no
  distinguished_name  = req_distinguished_name
  x509_extensions = usr_cert

  [ req_distinguished_name ]
  C  = DE
  O  = Test Org
  CN = Test RSA PSS Root-CA

  [ usr_cert ]
  basicConstraints= critical,CA:TRUE
  keyUsage= critical,keyCertSign,cRLSign
  subjectKeyIdentifier= hash
  authorityKeyIdentifier  = keyid:always
  EOF

  $ cat << EOF >> subCA.cnf
  [ req ]
  prompt  = no
  distinguished_name  = req_distinguished_name
  x509_extensions = usr_cert

  [ req_distinguished_name ]
  C  = DE
  O  = Test Org
  CN = Test RSA PSS Sub-CA

  [ usr_cert ]
  basicConstraints= critical,CA:TRUE,pathlen:0
  keyUsage= critical,keyCertSign,cRLSign
  subjectKeyIdentifier= hash
  authorityKeyIdentifier  = keyid:always
  EOF

  $ cat << EOF >> user.cnf
  [ req ]
  prompt  = no
  distinguished_name  = req_distinguished_name
  x509_extensions = usr_cert

  [ req_distinguished_name ]
  C  = DE
  O  = Test Org
  CN = Test User

  [ usr_cert ]
  basicConstraints= critical,CA:FALSE,pathlen:0
  keyUsage= critical,digitalSignature,keyAgreement
  extendedKeyUsage= clientAuth,serverAuth
  subjectKeyIdentifier= hash
  authorityKeyIdentifier  = keyid:always
  EOF

  Then generate the necessary RSA keys and form certificates:

  $ openssl genpkey -algorithm RSA-PSS -out rootCA_key.pem -pkeyopt 
rsa_keygen_bits:2048
  $ openssl req -config rootCA.cnf -set_serial 01 -new -batch -sha256 -nodes 
-x509 -days 9125 -out CA/rootCA_cert.pem -key rootCA_key.pem -sigopt 
rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1

  $ openssl genpkey -algorithm RSA-PSS -out subCA_key.pem -pkeyopt 
rsa_keygen_bits:2048
  $ openssl req -config subCA.cnf -new -out subCA_req.pem -key subCA_key.pem 
-sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1
  $ openssl x509 -req -sha256 -in subCA_req.pem -CA CA/rootCA_cert.pem -CAkey 
rootCA_key.pem -out CA/subCA_cert.pem -CAserial rootCA_serial.txt 
-CAcreateserial -extfile subCA.cnf -extensions usr_cert -days 4380 -sigopt 
rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1
  $ c_rehash CA

  $ openssl genpkey -algorithm RSA-PSS -out user1_key.pem -pkeyopt 
rsa_keygen_bits:2048
  $ openssl req -config user.cnf -new -out user1_req.pem -key user1_key.pem 
-sigopt 

[Touch-packages] [Bug 1892559] Re: [MIR] ccid libpam-pkcs1 libpcsc-perl opensc pcsc-tools pcsc-lite

2021-04-29 Thread Seth Arnold
Thanks Marco, I'll take pam-pkcs11 off our todo list. (This can be
reversed, of course. If it turns out to be necessary for something,
someone shout. :)

Thanks

** Changed in: pam-pkcs11 (Ubuntu)
   Status: New => Invalid

** Changed in: pam-pkcs11 (Ubuntu)
 Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1892559

Title:
  [MIR] ccid libpam-pkcs1 libpcsc-perl opensc pcsc-tools pcsc-lite

Status in ccid package in Ubuntu:
  New
Status in opensc package in Ubuntu:
  Incomplete
Status in pam-pkcs11 package in Ubuntu:
  Invalid
Status in pcsc-lite package in Ubuntu:
  New
Status in pcsc-perl package in Ubuntu:
  Invalid
Status in pcsc-tools package in Ubuntu:
  Invalid

Bug description:
  ==> ccid <==
  [Availability]
  ccid is in universe, and builds on all architectures.

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  No CVEs for ccid are listed in our database.
  Doesn't appear to bind to a socket.
  No privileged executables, but does have udev rules.
  Probably needs a security review.

  [Quality assurance]
  No test suite.
  Does require odd hardware that we'll probably need to buy.
  I don't see debconf questions.
  ccid is well maintained in Debian by upstream author.
  One open wishlist bug in BTS, harmless.

  One open bug in launchpad, not security, but looks very frustrating
  for the users. The upstream author was engaged but it never reached
  resolution.  https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465

  Has a debian/watch file.
  Quilt packaging.

  P: ccid source: no-dep5-copyright
  P: ccid source: package-uses-experimental-debhelper-compat-version 13

  [Dependencies]
  Minimal dependencies, in main

  [Standards compliance]
  Appears to satisfy FHS and Debian policy

  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.

  [Background information]
  ccid provides drivers to interact with usb-connected smart card readers.

  ==> libpam-pkcs11 <==
  [Availability]
  Source package pam-pkcs11 is in universe and builds on all architectures.

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  No CVEs in our database.
  Doesn't appear to bind to sockets.
  No privileged executables (but is a PAM module).
  As a PAM module this will require a security review.

  [Quality assurance]
  The package does not call pam-auth-update in its postinst #1650366
  Does not ask questions during install.
  One Ubuntu bug claims very poor behaviour if a card isn't plugged in.
  No Debian bugs.
  Occasional updates in Debian by long-term maintainer.
  Does require odd hardware that we'll probably need to buy.
  Does not appear to run tests during build.
  Has scary warnings in the build logs.
  Has a debian/watch file.

  Ancient standards version; other smaller lintian messages, mostly
  documentation problems.

  Quilt packaging.

  [Dependencies]
  Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1
  All are in main.

  [Standards compliance]
  The package does not call pam-auth-update in its postinst #1650366
  Otherwise looks to conform to FHS and Debian policies

  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.

  [Background information]
  This PAM module can use CRLs and full-chain verification of certificates.
  It can also do LDAP, AD, and Kerberos username mapping.

  ==> libpcsc-perl <==
  [Availability]
  Source package pcsc-perl is in universe, builds for all architectures,
  plus i386

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  There are no cves for pcsc-perl in our database.
  No privileged executables.
  Doesn't appear to bind to sockets.
  Probably needs a security review.

  [Quality assurance]
  Library package not intended to be used directly.
  No debconf questions.
  No bugs in Debian.
  No bugs in Ubuntu.
  Does require odd hardware that we'll probably need to buy.
  Tests exist, not run during the build; probably can't run during the build.
  Includes debian/watch file.
  A handful of lintian issues
  Quilt packaging.

  [Dependencies]
  libpcsc-perl depends upon libpcsclite1, libc6, perl, perlapi-5.30.0.
  All are in main.

  [Standards compliance]
  One oddity, Card.pod is stored in 
/usr/lib/x86_64-linux-gnu/perl5/5.30/Chipcard/PCSC/
  Many other perl packages have .pod files in these directory trees so maybe
  it's fine, but it seems 

[Touch-packages] [Bug 1923273] Re: libcaca buffer-overflow

2021-04-09 Thread Seth Arnold
** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libcaca in Ubuntu.
https://bugs.launchpad.net/bugs/1923273

Title:
  libcaca buffer-overflow

Status in libcaca package in Ubuntu:
  New

Bug description:
  Hello Ubuntu Security Team
  I use libfuzzer to test libcaca api .I found two crash

  - https://github.com/cacalabs/libcaca/issues/53

  - https://github.com/cacalabs/libcaca/issues/54

  
  ## Vendor of Product
  https://github.com/cacalabs/libcaca

  
  ## Affected Product Code Base
  libcaca e4968ba
  
  ## Affected Component
  affected component:libcaca.so
  
  ## Affected source code file
  affected source code file(As call stack):

 ->caca_export_canvas_to_memory()  in
  libcaca/caca/codec/export.c

 ->caca_export_memory()in
  libcaca/caca/codec/export.c

 -> export_tga()in  
libcaca/caca/codec/export.c

-> export_troff()   in  
libcaca/caca/codec/export.c

   
  ## Attack Type
  Context-dependent

  
  ## Impact Denial of Service
  true

  
  ## Reference
  https://github.com/cacalabs/libcaca

  
  ## Discoverer
  fdgnneig

  
  ## Verification process and POC

  ### Verification steps:

  1.Get the source code of libcaca:

  2.Compile the libcaca.so library:

  ```shell
  $ cd libcaca
  $ apt-get install automake libtool pkg-config -y
  $ ./bootstrap
  $ ./configure
  $ make

  3.Run POC.sh to compile poc_troff.cc 、poc_tga.cc

  4.Run POC

  
  POC.sh
  ```
  cat << EOF > poc_troff.cc
  #include "config.h"
  #include "caca.h"
  //#include "common-image.h"
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 

  using namespace std;

  extern "C"  int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t
  Size) {

   if(Size<8) return 0;
   size_t len=0;
   char* buffer = (char*)malloc(Size+1);
   memset(buffer,0,Size);
   memcpy(buffer,Data,Size);
   buffer[Size]='\0';
   caca_canvas_t *cv;
   cv = caca_create_canvas(0,0);
   for(int i=0;i<4;i++)
 caca_create_frame(cv,0);
   for(int i=0;i<4;i++){
 caca_set_frame(cv,i);
 caca_import_canvas_from_memory(cv,buffer,strlen(buffer),"");
   }
   void* reData = caca_export_canvas_to_memory(cv,"troff",);
   if(reData!=NULL) free(reData);
   caca_free_canvas(cv);
   cv=NULL;
   free(buffer);
   buffer=NULL;

  }

  
  int main(int args,char* argv[]){

 size_t  len = 0;
 unsigned char buffer[] = 
{0x5f,0x20,0x6f,0x75,0x6e,0x64,0x0a,0x40,0x11};
 len = sizeof(buffer)/sizeof(unsigned char);
 LLVMFuzzerTestOneInput((const uint8_t*)buffer,len);
 printf("%d\n",sizeof(buffer)/sizeof(unsigned char));

 return 0;

  }
  EOF

  clang++ -g poc_troff.cc -O2 -fno-omit-frame-pointer -fsanitize=address
  -I./caca/ -lcaca -L./caca/.libs/ -Wl,-rpath,./caca/.libs/  -o
  poc_troff

  
  cat << EOF > poc_tga.cc
  #include "config.h"
  #include "caca.h"
  #include 
  #include 
  #include 
  #include 
  #include 
  #include 

  using namespace std;

  extern "C"  int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t
  Size) {

   if(Size<8) return 0;
   size_t len=0;
   char* buffer = (char*)malloc(Size+1);
   memset(buffer,0,Size);
   memcpy(buffer,Data,Size);
   buffer[Size]='\0';
   caca_canvas_t *cv;
   cv = caca_create_canvas(0,0);
   for(int i=0;i<4;i++)
 caca_create_frame(cv,0);
   for(int i=0;i<4;i++){
 caca_set_frame(cv,i);
 caca_import_canvas_from_memory(cv,buffer,strlen(buffer),"");
   }
   void* reData = caca_export_canvas_to_memory(cv,"tga",);
   if(reData!=NULL) free(reData);
   caca_free_canvas(cv);
   cv=NULL;
   free(buffer);
   buffer=NULL;
 return 0;
  }

  int main(int args,char* argv[]){

 size_t  len = 0;
 unsigned char buffer[] = 
{0x00,0xff,0xff,0x23,0x64,0x72,0x23,0x20,0x11};
 len = sizeof(buffer)/sizeof(unsigned char);
 LLVMFuzzerTestOneInput((const uint8_t*)buffer,len);
 printf("%d\n",sizeof(buffer)/sizeof(unsigned char));

 return 0;
  }
  EOF

  clang++ -g poc_tga.cc -O2 -fno-omit-frame-pointer 

[Touch-packages] [Bug 1923262] Re: backup /etc/passwd- file should be mode 0600

2021-04-09 Thread Seth Arnold
Hello, this sounds like surprising advice to me -- afterall the
/etc/passwd file is 644. I don't know what would be the point of hiding
this 'backup' file. Does the benchmark give a rationale for this?

Thanks

** Information type changed from Private Security to Public Security

** Changed in: shadow (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1923262

Title:
  backup /etc/passwd- file should be mode 0600

Status in shadow package in Ubuntu:
  Incomplete

Bug description:
  CIS hardening benchmarks (6.1.6) suggest that the /etc/passwd- file
  should be mode 0600 (or more restrictive).

  However, this file is 0644 after it is created when the /etc/passwd
  file is modified. (Ie, a hardening script that creates a hardened
  system for initial use could change this mode, but it will go out of
  compliance the next time a backup file is made.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1923262/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1921552] Re: xscreensavers

2021-04-05 Thread Seth Arnold
Thank you for taking the time to report this bug and helping to make
Ubuntu better.  Reviewing your dmesg attachment to this bug report it
seems that there may be a problem with your hardware.  I'd recommend
performing a back up and then investigating the situation.  Measures you
might take include checking cable connections and using software tools
to investigate the health of your hardware.  In the event that is is not
in fact an error with your hardware please set the bug's status back to
New.  Thanks and good luck!

** Changed in: xorg (Ubuntu)
   Status: Fix Released => Invalid

** Changed in: xorg (Ubuntu)
   Importance: Undecided => Low

** Tags added: hardware-error

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1921552

Title:
  xscreensavers

Status in xorg package in Ubuntu:
  Invalid

Bug description:
  Something about 'daemon' or 'run demo'

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: xorg 1:7.7+19ubuntu14
  ProcVersionSignature: Ubuntu 5.4.0-70.78-generic 5.4.94
  Uname: Linux 5.4.0-70-generic x86_64
  .tmp.unity_support_test.0:
   
  ApportVersion: 2.20.11-0ubuntu27.16
  Architecture: amd64
  CasperMD5CheckResult: skip
  CompizPlugins: No value set for 
`/apps/compiz-1/general/screen0/options/active_plugins'
  CompositorRunning: None
  Date: Fri Mar 26 16:31:19 2021
  DistUpgraded: 2021-01-08 14:56:49,798 DEBUG icon theme changed, re-reading
  DistroCodename: focal
  DistroVariant: ubuntu
  ExtraDebuggingInterest: I just need to know a workaround
  GraphicsCard:
   Advanced Micro Devices, Inc. [AMD/ATI] Wrestler [Radeon HD 6310] [1002:9802] 
(prog-if 00 [VGA controller])
 Subsystem: Lenovo Wrestler [Radeon HD 6310] [17aa:397f]
  InstallationDate: Installed on 2020-12-18 (98 days ago)
  InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 
(20140722.2)
  MachineType: LENOVO 2181
  ProcEnviron:
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-70-generic 
root=UUID=c44a1ac5-9dee-4bf8-a246-6303f68e5c24 ro quiet splash
  SourcePackage: xorg
  UpgradeStatus: Upgraded to focal on 2021-01-08 (77 days ago)
  dmi.bios.date: 10/02/2012
  dmi.bios.vendor: LENOVO
  dmi.bios.version: 6CCN93WW(V8.05)
  dmi.board.asset.tag: No Asset Tag
  dmi.board.name: Lenovo G585
  dmi.board.vendor: LENOVO
  dmi.board.version: 3193WIN8 STD MLT
  dmi.chassis.asset.tag: No Asset Tag
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: Lenovo G585
  dmi.modalias: 
dmi:bvnLENOVO:bvr6CCN93WW(V8.05):bd10/02/2012:svnLENOVO:pn2181:pvrLenovoG585:rvnLENOVO:rnLenovoG585:rvr3193WIN8STDMLT:cvnLENOVO:ct10:cvrLenovoG585:
  dmi.product.family: IDEAPAD
  dmi.product.name: 2181
  dmi.product.sku: LENOVO_MT_2181
  dmi.product.version: Lenovo G585
  dmi.sys.vendor: LENOVO
  version.compiz: compiz 1:0.9.14.1+20.04.20200211-0ubuntu1
  version.libdrm2: libdrm2 2.4.102-1ubuntu1~20.04.1
  version.libgl1-mesa-dri: libgl1-mesa-dri 20.2.6-0ubuntu0.20.04.1
  version.libgl1-mesa-glx: libgl1-mesa-glx 20.2.6-0ubuntu0.20.04.1
  version.xserver-xorg-core: xserver-xorg-core 2:1.20.9-2ubuntu1.2~20.04.1
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.10.6-1
  version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-1
  version.xserver-xorg-video-intel: xserver-xorg-video-intel 
2:2.99.917+git20200226-1
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.16-1
  xserver.bootTime: Tue Feb  9 06:34:08 2021
  xserver.configfile: default
  xserver.logfile: /var/log/Xorg.0.log
  xserver.version: 2:1.20.9-2ubuntu1.2~20.04.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1921552/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1922212] Re: SSHD does not honor configuration files

2021-04-01 Thread Seth Arnold
Hello Jeffrey, this reminds me a little of
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1876320 -- but
it's also something that should have been addressed last year.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1922212

Title:
  SSHD does not honor configuration files

Status in openssh package in Ubuntu:
  New

Bug description:
  I'm working on Ubuntu 20, x86_64, fully patched.

 # lsb_release -a
 Distributor ID:Ubuntu
 Description:   Ubuntu 20.04.2 LTS
 ...

  We are seeing reports of failed password-based logins using root:

 jounralctl -xe
 ...
 Apr 01 09:08:21 localhost sshd[239302]: Failed password for root from 
49.88.112.77 port 36206 ssh2
 Apr 01 09:08:21 localhost sshd[239302]: Failed password for root from 
49.88.112.77 port 36206 ssh2
 ...

  There are three attempts every second or two (literally):

 # journalctl -xe | grep -i -c 'Failed password for root'
 324

  Our OpenSSH server is configured with both no-password based logins
  and no-root logins.

 # ls /etc/ssh/sshd_config.d/
 10_pubkey_auth.conf  20_disable_root_login.conf

 # cat /etc/ssh/sshd_config.d/10_pubkey_auth.conf 
 # Disable passwords
 PasswordAuthentication no
 ChallengeResponseAuthentication no
 UsePAM no
 # Enable public key
 PubkeyAuthentication yes

 # cat /etc/ssh/sshd_config.d/20_disable_root_login.conf 
 PermitRootLogin no

  The config files are included last in our /etc/ssh/sshd_config file:

 # tail -n 3 /etc/ssh/sshd_config

 # For some reason OpenSSH does not include additional conf files by 
default.
 Include /etc/ssh/sshd_config.d/*.conf

  I dislike modifying /etc/ssh/sshd_config since it will be overwritten
  by the distro. With that said, I modified it without success.

  It really annoys me that we can't secure this service. Something looks
  very broken here.

  -

  # apt-cache show openssh-server
  Package: openssh-server
  Architecture: amd64
  Version: 1:8.2p1-4ubuntu0.2
  Multi-Arch: foreign
  Priority: optional
  Section: net
  Source: openssh
  Origin: Ubuntu
  Maintainer: Ubuntu Developers 
  Original-Maintainer: Debian OpenSSH Maintainers 
  Bugs: https://bugs.launchpad.net/ubuntu/+filebug

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1922212/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1921423] Re: package sudo 1.8.31-1ubuntu1.2 failed to install/upgrade: o subprocesso instalado, do pacote sudo, o script post-installation retornou erro do status de saída 1

2021-03-25 Thread Seth Arnold
Hello Alex, I would guess that the reason why the permissions are
incorrect is probably whatever tool added four copies of this to your
sudoers:

ALL ALL=(ALL) NOPASSWD:/usr/share/dtsremoter/remoterserver
ALL ALL=(ALL) NOPASSWD:/usr/share/dtsremoter/remoterdelegate

Any tool that would do that is probably pretty poorly written. That's my
guess where to lay blame.

If you don't have any open root command shells, I suggest rebooting into
a recovery mode to change the permissions on the file. If you get the
same "Operação não permitida" response, try chattr -i /etc/sudoers and
then try again.

Thanks

** Changed in: sudo (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1921423

Title:
  package sudo 1.8.31-1ubuntu1.2 failed to install/upgrade: o
  subprocesso instalado, do pacote sudo, o script post-installation
  retornou erro do status de saída 1

Status in sudo package in Ubuntu:
  Incomplete

Bug description:
  The privileges of my /etc/sudoers file is 220. I don't have any idea
  on how it was changed, and I tried many different ways to chmod it and
  I didn't get to do it, even booting from another media and trying to
  chmod the file didn't work.

  It's the main reason of the many errors that started happening when
  updating this machine.

  I can't stop this machine now, and I don't want to run the risk of
  trying to use the installation software to try to repair it.

  If you have any idea on how to chmod the file, I'll be grateful.

  Best regards,

  Alex Leandro Rosa

  ProblemType: Package
  DistroRelease: Ubuntu 20.04
  Package: sudo 1.8.31-1ubuntu1.2
  ProcVersionSignature: Ubuntu 5.4.0-70.78-generic 5.4.94
  Uname: Linux 5.4.0-70-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.16
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Thu Mar 25 15:00:47 2021
  ErrorMessage: o subprocesso instalado, do pacote sudo, o script 
post-installation retornou erro do status de saída 1
  InstallationDate: Installed on 2018-12-12 (833 days ago)
  InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
  Python3Details: /usr/bin/python3.8, Python 3.8.5, python3-minimal, 
3.8.2-0ubuntu2
  PythonDetails: /usr/bin/python2.7, Python 2.7.18, python-is-python2, 2.7.17-4
  RelatedPackageVersions:
   dpkg 1.19.7ubuntu3
   apt  2.0.4
  SourcePackage: sudo
  Title: package sudo 1.8.31-1ubuntu1.2 failed to install/upgrade: o 
subprocesso instalado, do pacote sudo, o script post-installation retornou erro 
do status de saída 1
  UpgradeStatus: Upgraded to focal on 2020-09-30 (175 days ago)
  VisudoCheck:
   /etc/sudoers: análise OK
   /etc/sudoers.d/README: análise OK
  mtime.conffile..etc.sudoers: 2020-12-30T18:27:17.782421

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1921423/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1766628] Re: apparmor denies VLC to open files in devmode

2021-03-19 Thread Seth Arnold
AppArmor just enforces the policies that were given to it; please report
this issue to whoever packaged the snap you're using.

Thanks

** Changed in: apparmor (Ubuntu)
   Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1766628

Title:
  apparmor denies VLC to open files in devmode

Status in apparmor package in Ubuntu:
  Invalid

Bug description:
  I see failures in VLC trying to open files and prefs while VLC snap
  seemingly uses devmode since this is on Debian "testing".

  Failures:
  ^[[1;3CApr 24 17:50:24 coal kernel: [ 7997.906298] audit: type=1400 
audit(1524581424.694:1944): apparmor="DENIED" operation="link" info="Failed 
name lookup - deleted entry" error=-2 profile="snap.vlc.vlc" 
name="/home/thresh/snap/vlc/288/.local/share/#268898190" pid=19173 comm="vlc" 
requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000
  Apr 24 17:50:24 coal kernel: [ 7997.906308] audit: type=1400 
audit(1524581424.694:1945): apparmor="DENIED" operation="link" 
profile="snap.vlc.vlc" 
name="/home/thresh/snap/vlc/288/.local/share/user-places.xbel.tbcache" 
pid=19173 comm="vlc" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000 
target="/home/thresh/snap/vlc/288/.local/share/#268898190"
  Apr 24 17:50:24 coal kernel: [ 7997.912113] audit: type=1400 
audit(1524581424.698:1946): apparmor="DENIED" operation="link" info="Failed 
name lookup - deleted entry" error=-2 profile="snap.vlc.vlc" 
name="/home/thresh/snap/vlc/288/.local/share/#268898190" pid=19173 comm="vlc" 
requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000
  Apr 24 17:50:24 coal kernel: [ 7997.912122] audit: type=1400 
audit(1524581424.698:1947): apparmor="DENIED" operation="link" 
profile="snap.vlc.vlc" 
name="/home/thresh/snap/vlc/288/.local/share/user-places.xbel" pid=19173 
comm="vlc" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000 
target="/home/thresh/snap/vlc/288/.local/share/#268898190"
  Apr 24 17:50:28 coal kernel: [ 8001.418173] audit: type=1400 
audit(1524581428.206:1948): apparmor="DENIED" operation="link" info="Failed 
name lookup - deleted entry" error=-2 profile="snap.vlc.vlc" 
name="/home/thresh/snap/vlc/288/.local/share/#268898190" pid=19173 comm="vlc" 
requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000
  Apr 24 17:50:28 coal kernel: [ 8001.418180] audit: type=1400 
audit(1524581428.206:1949): apparmor="DENIED" operation="link" 
profile="snap.vlc.vlc" 
name="/home/thresh/snap/vlc/288/.local/share/user-places.xbel.tbcache" 
pid=19173 comm="vlc" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000 
target="/home/thresh/snap/vlc/288/.local/share/#268898190"
  Apr 24 17:50:28 coal kernel: [ 8001.422473] audit: type=1400 
audit(1524581428.210:1950): apparmor="DENIED" operation="link" info="Failed 
name lookup - deleted entry" error=-2 profile="snap.vlc.vlc" 
name="/home/thresh/snap/vlc/288/.local/share/#268898190" pid=19173 comm="vlc" 
requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000
  Apr 24 17:50:28 coal kernel: [ 8001.422481] audit: type=1400 
audit(1524581428.210:1951): apparmor="DENIED" operation="link" 
profile="snap.vlc.vlc" 
name="/home/thresh/snap/vlc/288/.local/share/user-places.xbel" pid=19173 
comm="vlc" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000 
target="/home/thresh/snap/vlc/288/.local/share/#268898190"
  Apr 24 17:50:28 coal kernel: [ 8001.556305] audit: type=1400 
audit(1524581428.342:1952): apparmor="DENIED" operation="link" info="Failed 
name lookup - deleted entry" error=-2 profile="snap.vlc.vlc" 
name="/run/user/1000/snap.vlc/#511744" pid=19173 comm="vlc" requested_mask="l" 
denied_mask="l" fsuid=1000 ouid=1000
  Apr 24 17:50:28 coal kernel: [ 8001.556318] audit: type=1400 
audit(1524581428.342:1953): apparmor="DENIED" operation="link" 
profile="snap.vlc.vlc" name="/run/user/1000/snap.vlc/vlcxkYxzT.1.slave-socket" 
pid=19173 comm="vlc" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000 
target="/run/user/1000/snap.vlc/#511744"
  Apr 24 17:50:28 coal kernel: [ 8001.556324] audit: type=1400 
audit(1524581428.342:1954): apparmor="DENIED" operation="link" info="Failed 
name lookup - deleted entry" error=-2 profile="snap.vlc.vlc" 
name="/run/user/1000/snap.vlc/#511744" pid=19173 comm="vlc" requested_mask="l" 
denied_mask="l" fsuid=1000 ouid=1000
  Apr 24 17:50:28 coal kernel: [ 8001.556332] audit: type=1400 
audit(1524581428.342:1955): apparmor="DENIED" operation="link" 
profile="snap.vlc.vlc" name="/run/user/1000/snap.vlc/vlcbTrpmK.1.slave-socket" 
pid=19173 comm="vlc" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000 
target="/run/user/1000/snap.vlc/#511744"
  Apr 24 17:50:28 coal kernel: [ 8001.556338] audit: type=1400 
audit(1524581428.342:1956): apparmor="DENIED" operation="link" info="Failed 
name lookup - deleted entry" error=-2 profile="snap.vlc.vlc" 
name="/run/user/1000/snap.vlc/#511744" pid=19173 comm="vlc" 

[Touch-packages] [Bug 1899193] Re: local denial of service due to parsing bugs in arfile.cc

2021-02-26 Thread Seth Arnold
** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1899193

Title:
  local denial of service due to parsing bugs in arfile.cc

Status in apt package in Ubuntu:
  Fix Released
Status in aptdaemon package in Ubuntu:
  Fix Released
Status in python-apt package in Ubuntu:
  Fix Released

Bug description:
  # GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2020-168`,
  `GHSL-2020-169`, `GHSL-2020-170`

  The [GitHub Security Lab](https://securitylab.github.com) team has
  identified potential security vulnerabilities in aptd.

  We are committed to working with you to help resolve these issues. In
  this report you will find everything you need to effectively
  coordinate a resolution of these issues with the GHSL team.

  If at any point you have concerns or questions about this process,
  please do not hesitate to reach out to us at `security...@github.com`
  (please include `GHSL-2020-168`, `GHSL-2020-169`, or `GHSL-2020-170`
  as a reference).

  If you are _NOT_ the correct point of contact for this report, please
  let us know!

  ## Summary

  The aptd daemon is a system service for installing and updating
  packages. It is accessible via
  [dbus](https://www.freedesktop.org/wiki/Software/dbus/) and has a
  method named "InstallFile" which is used for installing local `.deb`
  packages. Although polkit is used to prevent an unprivileged user from
  using "InstallFile" to install a malicious `.deb` package, it does not
  prevent aptd from parsing the contents of the `.deb` file. The parsing
  logic is provided by two packages, [libapt-pkg-
  dev](https://packages.ubuntu.com/focal/libapt-pkg-dev) and [python-
  apt](https://packages.ubuntu.com/source/focal/python-apt), and is
  implemented in C. These two packages contain several bugs, which an
  unprivileged user can exploit to trigger a local denial of service
  attack.

  ## Product

  aptd

  ## Tested Version

  * libapt-pkg-dev: version 2.0.2ubuntu0.1
  * python-apt: 2.0.0ubuntu0.20.04.1
  * Tested on Ubuntu 20.04.1 LTS

  ## Details

  ### Issue 1: aptd crash due to integer overflow in arfile.cc
  (GHSL-2020-168)

  A crafted `.deb` package can trigger a negative integer overflow at
  [arfile.cc, line
  116](https://git.launchpad.net/ubuntu/+source/apt/tree/apt-
  pkg/contrib/arfile.cc?h=applied/ubuntu/focal-
  updates=4c264e60b524855b211751e1632ba48526f6b44d#n116):

  ```c
  Memb->Size -= Len;
  ```

  Due to the integer overflow, the value of `Memb->Size` is
  `0x`. This leads to an out-of-memory error at
  [arfile.cc, line 602](https://git.launchpad.net/ubuntu/+source/python-
  apt/tree/python/arfile.cc?h=applied/ubuntu/focal-
  updates=0f7cc93acdb51d943114f1cd79002288c4ca4d24#n602):

  ```c
  char* value = new char[member->Size];
  ```

  The out-of-memory error causes aptd to crash.

  Please note that the source locations above refer to two separate
  files, both named `arfile.cc`. The first is from the libapt-pkg-dev
  package and the second is from the python-apt package.

  To trigger the crash, first use the attached source file named
  "createdeb.c" to generate the malicious `.deb` file:

  ```bash
  gcc createdeb.c -o createdeb
  ./createdeb crash test.deb
  ```

  Now use `dbus-send` to send the malicious `.deb` file to aptd:

  ```bash
  $ dbus-send --system --type="method_call" --print-reply --dest=org.debian.apt 
/org/debian/apt org.debian.apt.InstallFile string:`realpath test.deb` 
boolean:true
  method return time=1602245339.731762 sender=:1.287 -> destination=:1.288 
serial=8 reply_serial=2
 string "/org/debian/apt/transaction/90f29de930854568964af1918f6ca5eb"
  $ dbus-send --system --type="method_call" --print-reply --dest=org.debian.apt 
/org/debian/apt/transaction/90f29de930854568964af1918f6ca5eb 
org.debian.apt.transaction.Run
  ```

  Note that you need to use the "transaction id" returned by the first
  `dbus-send` in the second `dbus-send` command.

   Impact

  This issue may lead to local denial of service.

   Resources

  I have attached `createdeb.c`, which can be used to generate the
  malicious `.deb` file.

  ### Issue 2: aptd infinite loop due to integer overflow in arfile.cc
  (GHSL-2020-169)

  This issue is very similar to issue 1, but is caused by a different
  bug. This bug occurs during the call to `StrToNum` at [arfile.cc, line
  92](https://git.launchpad.net/ubuntu/+source/apt/tree/apt-
  pkg/contrib/arfile.cc?h=applied/ubuntu/focal-
  updates=4c264e60b524855b211751e1632ba48526f6b44d#n92):

  ```c
  StrToNum(Head.Size,Memb->Size,sizeof(Head.Size)) == false)
  ```

  The bug is due to the use of `strtoul` in
  [StrToNum](https://git.launchpad.net/ubuntu/+source/apt/tree/apt-
  pkg/contrib/strutl.cc?h=applied/ubuntu/focal-
  updates=4c264e60b524855b211751e1632ba48526f6b44d#n1169):

  ```c
  

[Touch-packages] [Bug 1915945] Re: package sudo 1.8.31-1ubuntu1.2 failed to install/upgrade: installed sudo package post-installation script subprocess returned error exit status 1

2021-02-23 Thread Seth Arnold
What's the output of:

lsattr -l /etc/sudoers

Please note that the sudoers file should only ever be edited with
visudo, which will perform safety checks on the file when you try to
save it.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1915945

Title:
  package sudo 1.8.31-1ubuntu1.2 failed to install/upgrade: installed
  sudo package post-installation script subprocess returned error exit
  status 1

Status in sudo package in Ubuntu:
  Incomplete

Bug description:
  I've put the system to upgrade and this error occured!!

  I tried many ways to correct it but all attempts were unsuccesfull.

  Best regards,

  ProblemType: Package
  DistroRelease: Ubuntu 20.04
  Package: sudo 1.8.31-1ubuntu1.2
  ProcVersionSignature: Ubuntu 5.4.0-65.73-generic 5.4.78
  Uname: Linux 5.4.0-65-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.16
  AptOrdering:
   software-properties-common:amd64: Install
   software-properties-gtk:amd64: Install
   python3-software-properties:amd64: Install
   NULL: ConfigurePending
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Wed Feb 17 13:43:57 2021
  DuplicateSignature:
   package:sudo:1.8.31-1ubuntu1.2
   Setting up sudo (1.8.31-1ubuntu1.2) ...
   chown: alterando o dono de '/etc/sudoers': Operação não permitida
   dpkg: error processing package sudo (--configure):
installed sudo package post-installation script subprocess returned error 
exit status 1
  ErrorMessage: installed sudo package post-installation script subprocess 
returned error exit status 1
  InstallationDate: Installed on 2018-12-12 (797 days ago)
  InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
  Python3Details: /usr/bin/python3.8, Python 3.8.5, python3-minimal, 
3.8.2-0ubuntu2
  PythonDetails: /usr/bin/python2.7, Python 2.7.18, python-is-python2, 2.7.17-4
  RelatedPackageVersions:
   dpkg 1.19.7ubuntu3
   apt  2.0.4
  SourcePackage: sudo
  Title: package sudo 1.8.31-1ubuntu1.2 failed to install/upgrade: installed 
sudo package post-installation script subprocess returned error exit status 1
  UpgradeStatus: Upgraded to focal on 2020-09-30 (139 days ago)
  VisudoCheck:
   /etc/sudoers: análise OK
   /etc/sudoers.d/README: análise OK
  mtime.conffile..etc.sudoers: 2020-12-30T18:27:17.782421

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1915945/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1916256] Re: NVIDIA Driver not working

2021-02-19 Thread Seth Arnold
** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1916256

Title:
  NVIDIA Driver not working

Status in xorg package in Ubuntu:
  New

Bug description:
  hello so i have a issue with NVIDIA driver on a 4k res the system is laggy 1 
frame per sec and 
  it shows me a glitch when i move the taps 

  like : https://imgur.com/3LWJbbC

  thanks in advance

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: xorg 1:7.7+19ubuntu14
  ProcVersionSignature: Ubuntu 5.8.0-43.49~20.04.1-generic 5.8.18
  Uname: Linux 5.8.0-43-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  .proc.driver.nvidia.capabilities.gpu0: Error: [Errno 21] Is a directory: 
'/proc/driver/nvidia/capabilities/gpu0'
  .proc.driver.nvidia.capabilities.mig: Error: [Errno 21] Is a directory: 
'/proc/driver/nvidia/capabilities/mig'
  .proc.driver.nvidia.gpus..01.00.0: Error: [Errno 21] Is a directory: 
'/proc/driver/nvidia/gpus/:01:00.0'
  .proc.driver.nvidia.registry: Binary: ""
  .proc.driver.nvidia.suspend: suspend hibernate resume
  .proc.driver.nvidia.suspend_depth: default modeset uvm
  .proc.driver.nvidia.version:
   NVRM version: NVIDIA UNIX x86_64 Kernel Module  460.32.03  Sun Dec 27 
19:00:34 UTC 2020
   GCC version:
  ApportVersion: 2.20.11-0ubuntu27.16
  Architecture: amd64
  BootLog: Error: [Errno 13] Permission denied: '/var/log/boot.log'
  CasperMD5CheckResult: skip
  CompositorRunning: None
  CurrentDesktop: ubuntu:GNOME
  Date: Fri Feb 19 09:30:48 2021
  DistUpgraded: Fresh install
  DistroCodename: focal
  DistroVariant: ubuntu
  ExtraDebuggingInterest: Yes, if not too technical
  GraphicsCard:
   Intel Corporation Skylake GT2 [HD Graphics 520] [8086:1916] (rev 07) 
(prog-if 00 [VGA controller])
 Subsystem: Hewlett-Packard Company Skylake GT2 [HD Graphics 520] 
[103c:80e5]
 Subsystem: Hewlett-Packard Company GM107M [GeForce GTX 950M] [103c:80e5]
  InstallationDate: Installed on 2021-02-19 (0 days ago)
  InstallationMedia: Ubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 
(20210209.1)
  MachineType: HP HP ENVY Notebook
  ProcEnviron:
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.8.0-43-generic 
root=UUID=d6d44f80-a9fe-4951-b886-8035f1017eff ro quiet splash vt.handoff=7
  SourcePackage: xorg
  Symptom: display
  UpgradeStatus: No upgrade log present (probably fresh install)
  acpidump: Error: command ['pkexec', '/usr/share/apport/dump_acpi_tables.py'] 
failed with exit code 126: Error executing command as another user: Request 
dismissed
  dmi.bios.date: 03/04/2016
  dmi.bios.release: 15.53
  dmi.bios.vendor: Insyde
  dmi.bios.version: F.35
  dmi.board.asset.tag: Type2 - Board Asset Tag
  dmi.board.name: 80E5
  dmi.board.vendor: HP
  dmi.board.version: 87.60
  dmi.chassis.asset.tag: Chassis Asset Tag
  dmi.chassis.type: 10
  dmi.chassis.vendor: HP
  dmi.chassis.version: Chassis Version
  dmi.ec.firmware.release: 87.60
  dmi.modalias: 
dmi:bvnInsyde:bvrF.35:bd03/04/2016:br15.53:efr87.60:svnHP:pnHPENVYNotebook:pvrType1ProductConfigId:rvnHP:rn80E5:rvr87.60:cvnHP:ct10:cvrChassisVersion:
  dmi.product.family: 103C_5335KV G=N L=CON B=HP S=ENV
  dmi.product.name: HP ENVY Notebook
  dmi.product.sku: V8S44EA#A2N
  dmi.product.version: Type1ProductConfigId
  dmi.sys.vendor: HP
  version.compiz: compiz N/A
  version.libdrm2: libdrm2 2.4.102-1ubuntu1~20.04.1
  version.libgl1-mesa-dri: libgl1-mesa-dri 20.2.6-0ubuntu0.20.04.1
  version.libgl1-mesa-glx: libgl1-mesa-glx N/A
  version.nvidia-graphics-drivers: nvidia-graphics-drivers-* N/A
  version.xserver-xorg-core: xserver-xorg-core 2:1.20.9-2ubuntu1.2~20.04.1
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
  version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-1
  version.xserver-xorg-video-intel: xserver-xorg-video-intel 
2:2.99.917+git20200226-1
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.16-1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1916256/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1915945] Re: package sudo 1.8.31-1ubuntu1.2 failed to install/upgrade: installed sudo package post-installation script subprocess returned error exit status 1

2021-02-17 Thread Seth Arnold
Hello,

chown: alterando o dono de '/etc/sudoers': Operação não permitida

Is there any chance you've set attrs on this file to prevent it from
being modified?

THanks

** Changed in: sudo (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1915945

Title:
  package sudo 1.8.31-1ubuntu1.2 failed to install/upgrade: installed
  sudo package post-installation script subprocess returned error exit
  status 1

Status in sudo package in Ubuntu:
  Incomplete

Bug description:
  I've put the system to upgrade and this error occured!!

  I tried many ways to correct it but all attempts were unsuccesfull.

  Best regards,

  ProblemType: Package
  DistroRelease: Ubuntu 20.04
  Package: sudo 1.8.31-1ubuntu1.2
  ProcVersionSignature: Ubuntu 5.4.0-65.73-generic 5.4.78
  Uname: Linux 5.4.0-65-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.16
  AptOrdering:
   software-properties-common:amd64: Install
   software-properties-gtk:amd64: Install
   python3-software-properties:amd64: Install
   NULL: ConfigurePending
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Wed Feb 17 13:43:57 2021
  DuplicateSignature:
   package:sudo:1.8.31-1ubuntu1.2
   Setting up sudo (1.8.31-1ubuntu1.2) ...
   chown: alterando o dono de '/etc/sudoers': Operação não permitida
   dpkg: error processing package sudo (--configure):
installed sudo package post-installation script subprocess returned error 
exit status 1
  ErrorMessage: installed sudo package post-installation script subprocess 
returned error exit status 1
  InstallationDate: Installed on 2018-12-12 (797 days ago)
  InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
  Python3Details: /usr/bin/python3.8, Python 3.8.5, python3-minimal, 
3.8.2-0ubuntu2
  PythonDetails: /usr/bin/python2.7, Python 2.7.18, python-is-python2, 2.7.17-4
  RelatedPackageVersions:
   dpkg 1.19.7ubuntu3
   apt  2.0.4
  SourcePackage: sudo
  Title: package sudo 1.8.31-1ubuntu1.2 failed to install/upgrade: installed 
sudo package post-installation script subprocess returned error exit status 1
  UpgradeStatus: Upgraded to focal on 2020-09-30 (139 days ago)
  VisudoCheck:
   /etc/sudoers: análise OK
   /etc/sudoers.d/README: análise OK
  mtime.conffile..etc.sudoers: 2020-12-30T18:27:17.782421

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1915945/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1878194] Re: [Sennheiser HD 4.50 BTNC] Bluetooth headset not working when selecting HSP/HFP audio profile in Focal Fossa

2021-02-17 Thread Seth Arnold
*** This bug is a duplicate of bug 1871794 ***
https://bugs.launchpad.net/bugs/1871794

** Information type changed from Public Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1878194

Title:
  [Sennheiser HD 4.50 BTNC] Bluetooth headset not working when selecting
  HSP/HFP audio profile in Focal Fossa

Status in bluez package in Ubuntu:
  Confirmed
Status in pulseaudio package in Ubuntu:
  Confirmed

Bug description:
  After updating the release from Ubuntu 19.10 to 20.04, the bluetooth
  headset doesn't work anymore when HSP/HFP profile is selected.

  With Ubuntu 19.10 the headset was working, there was audio and the mic
  was perfect for video conferencing.

  [Steps to reproduce]
  1. Connect headset (used blueman to setup and connect)
  1.1. When connected the system automatically selects A2DP profile
  2. Start playing audio (browser or other)
  3. Change profile to HSP/HFP with pavucontrol (or blueman)
  4. The audio disappears and microphone is not working (no input)
  5. Optionally switch back to A2DP and the audio comes back

  [Expected]
  When switching to HSP/HFP the audio should keep playing and the microphone 
should start working

  [Notes]
  I tried with pavucontrol to switch between profiles while playing audio from 
a browser.
  As side note there's a led in the headset that still blinks when switching 
profile.

  I tried deleting the pulse folder under user's profile .config without
  success, also reinstalled packages and did a `sudo alsa force-reload`
  and rebooting several times.

  Note: not sure this is a duplicate of [Bug #1576559], it looks quite
  different since the profile changes but the headset stops working.

  [System info]
  Ubuntu: 20.04 - Linux 5.4.0-29-generic x86_64
  pulseaudio: 1:13.99.1-1ubuntu3
  bluez: 5.53-0ubuntu3

  Headset: Sennheiser HD 4.50 BTNC

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1878194/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1915913] Re: OpenSSL Multiple Denial of Service Vulnerabilities

2021-02-17 Thread Seth Arnold
Hello, there are untested packages in https://launchpad.net/~ubuntu-
security-proposed/+archive/ubuntu/ppa/+packages in case you wish to test
them in your environment.

Thanks

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1915913

Title:
  OpenSSL Multiple Denial of Service Vulnerabilities

Status in openssl package in Ubuntu:
  New

Bug description:
  Multiple vulnerabilities have been reported in OpenSSL, which can be
  exploited by malicious people to cause a DoS (Denial of Service).

  1

  An error related to the "X509_issuer_and_serial_hash()" function
  (crypto/x509/x509_cmp.c) can be exploited to trigger a NULL pointer
  dereference and subsequently cause a crash.

  2

  An integer overflow error related to CipherUpdate calls can be
  exploited to cause a crash.

  The vulnerabilities are reported in versions prior to 1.1.1j and prior
  to 1.0.2y.

  Affected Software

  The following software is affected by the described vulnerability.
  Please check the vendor links below to see if exactly your version is
  affected.

  OpenSSL 1.x

  Solution

  Update to version 1.1.1j or 1.0.2y.

  References

  1. https://www.openssl.org/news/secadv/20210216.txt 

  2. 
https://github.com/openssl/openssl/commit/8130d654d1de922ea224fa18ee3bc7262edc39c0
 

  3. 
https://github.com/openssl/openssl/commit/c9fb704cf3af5524eb8e79961e31b60eee8c3c47
 


  
  Please provide an update.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1915913/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1915908] Re: package openssh-server 1:8.2p1-4ubuntu0.1 failed to install/upgrade: installed openssh-server package post-installation script subprocess returned error exit status

2021-02-17 Thread Seth Arnold
Hello, note this line from the automatically added contents:

 SSHDConfig: Error: command ['/usr/sbin/sshd', '-T'] failed with exit
code 255: /etc/ssh/sshd_config line 1: garbage at end of line; "to".

It looks like your /etc/ssh/sshd_config file may be incorrect.

Thanks

** Changed in: openssh (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1915908

Title:
  package openssh-server 1:8.2p1-4ubuntu0.1 failed to install/upgrade:
  installed openssh-server package post-installation script subprocess
  returned error exit status 1

Status in openssh package in Ubuntu:
  Incomplete

Bug description:
  sh.service - OpenBSD Secure Shell server
   Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: 
enabled)
   Active: activating (auto-restart) (Result: exit-code) since Wed 
2021-02-17 15:42:28 IST; 11ms ago
 Docs: man:sshd(8)
   man:sshd_config(5)
  Process: 24813 ExecStartPre=/usr/sbin/sshd -t (code=exited, 
status=255/EXCEPTION)
  dpkg: error processing package openssh-server (--configure):
   installed openssh-server package post-installation script subprocess 
returned error exit status 1
  Processing triggers for systemd (245.4-4ubuntu3.4) ...
  Processing triggers for man-db (2.9.1-1) ...
  Processing triggers for ufw (0.36-6) ...
  Errors were encountered while processing:
   openssh-server
  E: Sub-process /usr/bin/dpkg returned an error code (1)

  ProblemType: Package
  DistroRelease: Ubuntu 20.04
  Package: openssh-server 1:8.2p1-4ubuntu0.1
  ProcVersionSignature: Ubuntu 5.4.0-65.73-generic 5.4.78
  Uname: Linux 5.4.0-65-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.16
  AptOrdering:
   openssh-server:amd64: Install
   NULL: ConfigurePending
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Wed Feb 17 15:42:28 2021
  ErrorMessage: installed openssh-server package post-installation script 
subprocess returned error exit status 1
  InstallationDate: Installed on 2021-01-05 (42 days ago)
  InstallationMedia: Ubuntu 18.04.4 LTS "Bionic Beaver" - Release amd64 
(20200203.1)
  Python3Details: /usr/bin/python3.8, Python 3.8.5, python3-minimal, 
3.8.2-0ubuntu2
  PythonDetails: /usr/bin/python3.8, Python 3.8.5, python-is-python3, 3.8.2-4
  RelatedPackageVersions:
   dpkg 1.19.7ubuntu3
   apt  2.0.4
  SSHDConfig: Error: command ['/usr/sbin/sshd', '-T'] failed with exit code 
255: /etc/ssh/sshd_config line 1: garbage at end of line; "to".
  SourcePackage: openssh
  Title: package openssh-server 1:8.2p1-4ubuntu0.1 failed to install/upgrade: 
installed openssh-server package post-installation script subprocess returned 
error exit status 1
  UpgradeStatus: Upgraded to focal on 2021-02-04 (12 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1915908/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1914839] Re: package upgrade should replace /etc/ssl/certs/ca-certificates.crt atomically

2021-02-05 Thread Seth Arnold
** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ca-certificates in Ubuntu.
https://bugs.launchpad.net/bugs/1914839

Title:
  package upgrade should replace /etc/ssl/certs/ca-certificates.crt
  atomically

Status in ca-certificates package in Ubuntu:
  New

Bug description:
  While upgrading the ca-certificates package, a process got the error:

  SSL_ca_file /etc/ssl/certs/ca-certificates.crt does not exist

  This file should be replaced atomically, with no time gap where the
  file does not exist.

  (I am flagging this as a security vulnerability because, while I did
  not experience any security issue, I can imagine at least the
  possibility of this being exploitable in some way in some
  circumstances.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1914839/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1914279] Re: linux from security may force reboots without complete dkms modules

2021-02-02 Thread Seth Arnold
Re test rebuilds, that's certainly the intention, but there are
occasional problems:

https://launchpad.net/bugs/1910555
https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-340/+bug/1910709
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1910503 (virtualbox, 
probably not in scope)

These three were discussed a bit on https://discourse.ubuntu.com/t
/improvements-for-hardware-support-in-ubuntu-desktop-installation-
media/20606

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1914279

Title:
  linux from security may force reboots without complete dkms modules

Status in apt package in Ubuntu:
  New
Status in dkms package in Ubuntu:
  New
Status in linux package in Ubuntu:
  Confirmed
Status in linux-meta package in Ubuntu:
  New
Status in unattended-upgrades package in Ubuntu:
  New
Status in update-manager package in Ubuntu:
  New

Bug description:
  Whilst discussing

  https://discourse.ubuntu.com/t/improvements-for-hardware-support-in-
  ubuntu-desktop-installation-media/20606

  We have noticed a reference to somebody not having working backport-
  iwlwifi-dkms, whilst SRU of that happened before the v5.4 -> v5.8
  switch.

  However, kernel meta switch was pushed to security pocket, but the
  dkms modules are all in -updates only.

  This may result in people automatically installing the new kernel with
  unatanded upgrades; dkms modules failing to build; and a reboot
  required flag left on disk.

  At this point launching update manager will not offer to install dkms
  modules from updates, and will guide the users to reboot. which
  will then cause them to boot the new kernel without the dkms modules
  that might be providing networking for them.

  Should dkms modules SRUs always getting published into -security
  pocket, as well as the -updates pocket?

  Should linux maintainer scripts prevent touching reboot required flag
  if any dkms modules fail to build?

  Should apt / unattanded-upgrades / update-manager always update dkms
  modules with kernels?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1914279/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1914148] Re: Firefox connstantly disabled on Apparmor

2021-02-01 Thread Seth Arnold
The Firefox AppArmor profile isn't enabled by default because it forces
the user to change how they interact with their browser.

Consider that the profile really allows downloads only into ~/Downloads/
directories. (There's other places that are writable, but even less
suitable for downloads.) Many users prefer to download directly to their
existing directory structure.

Consider the wide variety of plugins that may supply helper executables.
Plugins failing without a good interface in the browser to know why they
have failed would be very confusing.

Consider the huge number of applications that people install to handle
mime types. People want to be able to click a link to any random file
and have the browser offer to launch the helper.

People who are fine with all these impositions in how they can use
Firefox can enable the Firefox profile. They'll know how to debug issues
when they arise, and furthermore, probably already have a workflow that
makes it easy to work with the AppArmor policy restrictions.

But most Ubuntu users are completely unaware that they're running
AppArmor on many of their services. Surely some of this group would like
to use it more, if only they knew about it, but also many people just
need their computers to keep working as they always have.

If we enable this one profile, we run the serious risk that users will
disable AppArmor entirely.

Thanks

** Package changed: apparmor (Ubuntu) => firefox (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1914148

Title:
  Firefox connstantly  disabled on Apparmor

Status in firefox package in Ubuntu:
  New

Bug description:
  Once again Apparmor policies are constantly disabled for Firefox. 
  -I've reported this bug in December, then came a patch, then for the last 
month of January -  regardless of updates, Firefox profiles are skipped.
  - You cannot be serious?
  -This is a consistent seccurity issue!
  - Please write rules that consistently work or teach us how to do so / deal 
with Mozilla

  "Feb 02 00:17:24 USER apparmor.systemd[1117]: Skipping profile in 
/etc/apparmor.d/disable: usr.bin.firefox
  Feb 02 00:17:24 USER apparmor.systemd[1118]: Skipping profile in 
/etc/apparmor.d/disable: usr.sbin.rsyslogd
  Feb 02 00:17:24 USER systemd[1]: Finished Load AppArmor profiles.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1914148/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1872504] Re: date modified is wrong for files on an exfat formatted drive

2021-01-22 Thread Seth Arnold
I added the linux source package to this bug because I've heard this
commit addresses the issue:

https://github.com/gregkh/linux/commit/099340d3e758cca06a82bf5dcff8b9a8acbdcb0a

Thanks

** Also affects: linux (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1872504

Title:
  date modified is wrong for files on an exfat formatted drive

Status in linux package in Ubuntu:
  New
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  When using exfat formatted drives (e.g. my camera card) with focal
  fossa any access causes the date modified to be set, even when it
  would not normally be set, and it is set a month into the future.

  Installing exfat-fuse and exfat-utils results in the correct
  behaviour.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: ubuntu-release-upgrader-core 1:20.04.18
  ProcVersionSignature: Ubuntu 5.4.0-21.25-generic 5.4.27
  Uname: Linux 5.4.0-21-generic x86_64
  ApportVersion: 2.20.11-0ubuntu26
  Architecture: amd64
  CasperMD5CheckResult: skip
  CrashDB: ubuntu
  CurrentDesktop: ubuntu:GNOME
  Date: Mon Apr 13 17:27:30 2020
  InstallationDate: Installed on 2020-04-12 (1 days ago)
  InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Beta amd64 (20200409)
  PackageArchitecture: all
  ProcEnviron:
   LANGUAGE=en_GB:en
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_GB.UTF-8
   SHELL=/bin/bash
  SourcePackage: ubuntu-release-upgrader
  Symptom: dist-upgrade
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1872504/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1912855] Re: debugfs shouldn't be mounted by default

2021-01-22 Thread Seth Arnold
I'm inclined to say an admin should ask to mount this explicitly,
however stgraber pointed out on irc that lxd premounts /sys/kernel/debug
in part to placate upstart in guests. This may have implications for
disabling /lib/systemd/system/sys-kernel-debug.mount by default.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1912855

Title:
  debugfs shouldn't be mounted by default

Status in systemd package in Ubuntu:
  New

Bug description:
  On modern Ubuntu systems, /sys/kernel/debug is mounted by default due
  to sys-kernel-debug.mount being enabled by default.

  AFAIK, this FS doesn't need to be mounted for normal operations and
  back in the day, there were concerns about the security implications
  of having it enabled/mounted by default
  (https://lists.ubuntu.com/archives/kernel-
  team/2011-January/013418.html).

  Would it be possible to not have it mounted by default?

  
  $ apt-cache policy systemd
  systemd:
Installed: 245.4-4ubuntu3.4
Candidate: 245.4-4ubuntu3.4
Version table:
   *** 245.4-4ubuntu3.4 500
  500 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 
Packages
  100 /var/lib/dpkg/status
   245.4-4ubuntu3 500
  500 http://us.archive.ubuntu.com/ubuntu focal/main amd64 Packages
  $ lsb_release -rd
  Description:  Ubuntu 20.04.1 LTS
  Release:  20.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1912855/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1910576] Re: [MIR] libbpf (dependency of iproute2)

2021-01-14 Thread Seth Arnold
Thanks Christian, I think you're right, this probably doesn't need a
security review and being centralized in one place will probably be
easier to maintain.

Thanks

** Changed in: libbpf (Ubuntu)
   Status: New => Fix Committed

** Changed in: libbpf (Ubuntu)
 Assignee: Seth Arnold (seth-arnold) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iproute2 in Ubuntu.
https://bugs.launchpad.net/bugs/1910576

Title:
  [MIR] libbpf (dependency of iproute2)

Status in iproute2 package in Ubuntu:
  Invalid
Status in libbpf package in Ubuntu:
  Fix Committed

Bug description:
  [Availability]
  libbpf | 0.1.0-1 | groovy/universe  | source
  libbpf | 0.3-2   | hirsute/universe | source

  [Rationale]
  Libbpf is (or is about to become) a dependency for building iproute2 which 
already is in main. Using BPF is becoming more wide-spread. The library allows 
to load and use eBPF programs from user-space (functionality provided by the 
kernel). It is already maintained in main for Debian 
(https://tracker.debian.org/pkg/libbpf)

  [Security]
  Since the code is taken out of the Linux kernel, this should be treated 
similar to the kernel for security. Research uncovered no records about 
security issues.

  [Quality assurance]
  At this point there are no open bug reports against libbpf (except this one) 
in Ubuntu. Also no open bugs found in Debian. Project is taken from the kernel 
source and claims static analysis via LGTM and Coverty. Also has CI via Travis 
(https://travis-ci.com/github/libbpf/libbpf).
  Right now there are no dep-8 tests. Though potentially it should be possible 
to create those, would this really add additional benefit beyond having 
upstream CI?
  A test build on hirsute was showing no warnings beyond lintian complaining 
about things which would be changed if we had delta (unstable as series for 
example). Otherwise was clean.

  [Dependencies]
  libc6: main
  libelf1: main
  zlib1g: main

  [Standards compliance]
  $ lintian --pedantic libbpf_0.3-2.dsc
  P: libbpf source: no-homepage-field
  P: libbpf source: silent-on-rules-requiring-root

  [Maintenance]
  As this is only taking out code from the kernel into a separate library 
package, the maintenance effort should be minimal. Packaging is done in Debian 
and is synced into Ubuntu (no delta).

  [Background information]
  A discourse about why this is packaged outside the kernel can be found at 
https://lwn.net/Articles/836911/.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1910576/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1911836] Re: package linux-image-5.4.0-62-generic 5.4.0-62.70 failed to install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1

2021-01-14 Thread Seth Arnold
Hello, I think the core of your problem is this:

Error 24 : Write error : cannot write compressed block

Caused by a full /boot:

/dev/sda2  483946424596 34365  93% /boot


Truncate a few older files in /boot (start a shell via sudo -s, then find files 
with ls -l, then use `> vmlinux-whatever` to truncate files from an old kernel).

Once you've truncated a kernel and symbols file, you probably have
enough disk space free to run:

sudo apt install -f
sudo apt autoremove

Thanks

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1911836

Title:
  package linux-image-5.4.0-62-generic 5.4.0-62.70 failed to
  install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools
  exited with return code 1

Status in initramfs-tools package in Ubuntu:
  New

Bug description:
  Possibly related to https://bugs.launchpad.net/ubuntu/+bug/1911835

  These just happened during the same update cycle.

  ProblemType: Package
  DistroRelease: Ubuntu 20.04
  Package: linux-image-5.4.0-62-generic 5.4.0-62.70
  ProcVersionSignature: Ubuntu 5.4.0-60.67-generic 5.4.78
  Uname: Linux 5.4.0-60-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.14
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Thu Jan 14 21:19:12 2021
  ErrorMessage: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with 
return code 1
  HibernationDevice: RESUME=UUID=b9d6e51c-6ef1-4b05-916a-17aa1a75141c
  InstallationDate: Installed on 2016-07-02 (1657 days ago)
  InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 
(20160420.1)
  MachineType: LENOVO 80K9
  ProcFB: 0 i915drmfb
  ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.4.0-60-generic 
root=/dev/mapper/ubuntu--vg-root ro quiet splash vt.handoff=7
  PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No 
PulseAudio daemon running, or not running as session daemon.
  Python3Details: /usr/bin/python3.8, Python 3.8.5, python3-minimal, 
3.8.2-0ubuntu2
  PythonDetails: /usr/bin/python2.7, Python 2.7.18, python-is-python2, 2.7.17-4
  RelatedPackageVersions: grub-pc 2.04-1ubuntu26.7
  SourcePackage: initramfs-tools
  Title: package linux-image-5.4.0-62-generic 5.4.0-62.70 failed to 
install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with 
return code 1
  UpgradeStatus: Upgraded to focal on 2020-12-06 (39 days ago)
  dmi.bios.date: 07/21/2015
  dmi.bios.vendor: Lenovo
  dmi.bios.version: A9CN61WW
  dmi.board.asset.tag: No Asset Tag
  dmi.board.name: Lenovo Edge 15
  dmi.board.vendor: LENOVO
  dmi.board.version: SDK0J40700 WIN
  dmi.chassis.asset.tag: No Asset Tag
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: Lenovo Edge 15
  dmi.modalias: 
dmi:bvnLenovo:bvrA9CN61WW:bd07/21/2015:svnLENOVO:pn80K9:pvrLenovoEdge15:rvnLENOVO:rnLenovoEdge15:rvrSDK0J40700WIN:cvnLENOVO:ct10:cvrLenovoEdge15:
  dmi.product.family: IDEAPAD
  dmi.product.name: 80K9
  dmi.product.sku: LENOVO_MT_80K9_BU_idea_FM_Lenovo Edge 15
  dmi.product.version: Lenovo Edge 15
  dmi.sys.vendor: LENOVO

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1911836/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1908733] Re: CVE-2020-1971 OpenSSL package upgrade issue

2020-12-22 Thread Seth Arnold
Hello, you've replaced the Ubuntu OpenSSL packages with Ondrej's OpenSSL
packages. You can ask him if he has performed the corresponding update
yet: https://github.com/oerdnj/deb.sury.org

Thanks

** Information type changed from Private Security to Public Security

** Changed in: openssl (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1908733

Title:
  CVE-2020-1971 OpenSSL package upgrade issue

Status in openssl package in Ubuntu:
  Invalid

Bug description:
  Hello,

  I have tested it on 4 vurtual machines (details below):

  # uname -a
  Linux web2 4.15.0-128-generic #131-Ubuntu SMP Wed Dec 9 06:57:35 UTC 2020 
x86_64 x86_64 x86_64 GNU/Linux

  
  # lsb_release -rd
  Description:Ubuntu 18.04.5 LTS
  Release:18.04

  $ apt-cache policy openssl
  openssl:
Installed: 1.1.1g-1+ubuntu18.04.1+deb.sury.org+1
Candidate: 1.1.1g-1+ubuntu18.04.1+deb.sury.org+1
Version table:
   *** 1.1.1g-1+ubuntu18.04.1+deb.sury.org+1 500
  500 http://ppa.launchpad.net/ondrej/apache2/ubuntu bionic/main amd64 
Packages
  100 /var/lib/dpkg/status
   1.1.1g-1+ubuntu18.04.1+deb.sury.org+1 500
  500 http://ppa.launchpad.net/ondrej/php/ubuntu bionic/main amd64 
Packages
   1.1.1-1ubuntu2.1~18.04.7 500
  500 http://il.archive.ubuntu.com/ubuntu bionic-updates/main amd64 
Packages
  500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 
Packages
   1.1.0g-2ubuntu4 500
  500 http://il.archive.ubuntu.com/ubuntu bionic/main amd64 Packages


  My OpenSSL version is: openssl 1.1.1g-1+ubuntu18.04.1+deb.sury.org+1

  I wanted to install patch to fix "CVE-2020-1971" on my virtual
  machines. But found next issue: there is article (
  https://ubuntu.com/security/CVE-2020-1971) with package name
  (version), where "CVE-2020-1971" issues is fixed -->
  "1.1.1-1ubuntu2.1~18.04.7".

  Normal (expected?) behaviour for me (in my case) is to do next:

  sudo apt update
  sudo apt upgrade

  After this all packages in my system should be upgraded to latest
  versions.

  But in fact - OpenSSL package remained same
  1.1.1g-1+ubuntu18.04.1+deb.sury.org+1

  When i check:

  $ apt list openssl
  Listing... Done
  openssl/bionic,now 1.1.1g-1+ubuntu18.04.1+deb.sury.org+1 amd64 [installed]
  N: There are 3 additional versions. Please use the '-a' switch to see them.

  $ apt list openssl -a
  Listing... Done
  openssl/bionic,now 1.1.1g-1+ubuntu18.04.1+deb.sury.org+1 amd64 [installed]
  openssl/bionic 1.1.1g-1+ubuntu18.04.1+deb.sury.org+1 amd64
  openssl/bionic-updates,bionic-security 1.1.1-1ubuntu2.1~18.04.7 amd64
  openssl/bionic 1.1.0g-2ubuntu4 amd64

  Ok, lets install latest package --> 1.1.1-1ubuntu2.1~18.04.7:

  sudo apt install openssl=1.1.1-1ubuntu2.1~18.04.7

  And here i receive next:

  
  Reading package lists... Done
  Building dependency tree
  Reading state information... Done
  The following packages will be DOWNGRADED:
openssl
  0 upgraded, 0 newly installed, 1 downgraded, 0 to remove and 0 not upgraded.
  Need to get 614 kB of archives.
  After this operation, 132 kB disk space will be freed.
  Do you want to continue? [Y/n] yn
  Get:1 http://il.archive.ubuntu.com/ubuntu bionic-updates/main amd64 openssl 
amd6

 4 1.1.1-1ubuntu2.1~18.04.7 [614 kB]
  Fetched 614 kB in 0s (1,367 kB/s)
  dpkg: warning: downgrading openssl from 1.1.1g-1+ubuntu18.04.1+deb.sury.org+1 
to  

1.1.1-1ubuntu2.1~18.04.7

  Is this correct behavior? Why newest version (mentioned in
  https://ubuntu.com/security/CVE-2020-1971) considered as DOWNGRADE?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1908733/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1908073] Re: package python3 3.8.2-0ubuntu2 failed to install/upgrade: new python3 package pre-removal script subprocess returned error exit status 127

2020-12-14 Thread Seth Arnold
** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python3-defaults in
Ubuntu.
https://bugs.launchpad.net/bugs/1908073

Title:
  package python3 3.8.2-0ubuntu2 failed to install/upgrade: new python3
  package pre-removal script subprocess returned error exit status 127

Status in python3-defaults package in Ubuntu:
  New

Bug description:
  dont know

  ProblemType: Package
  DistroRelease: Ubuntu 20.04
  Package: python3 3.8.2-0ubuntu2
  ProcVersionSignature: Ubuntu 5.4.0-56.62-generic 5.4.73
  Uname: Linux 5.4.0-56-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.13
  AptOrdering:
   python3:amd64: Install
   NULL: ConfigurePending
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Mon Dec 14 18:15:13 2020
  ErrorMessage: new python3 package pre-removal script subprocess returned 
error exit status 127
  InstallationDate: Installed on 2020-12-03 (10 days ago)
  InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731)
  Python3Details: /usr/bin/python3.8, Python 3.8.5, unpackaged
  PythonDetails: /usr/bin/python3.8, Python 3.8.5, unpackaged
  RelatedPackageVersions:
   dpkg 1.19.7ubuntu3
   apt  2.0.2ubuntu0.2
  SourcePackage: python3-defaults
  Title: package python3 3.8.2-0ubuntu2 failed to install/upgrade: new python3 
package pre-removal script subprocess returned error exit status 127
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python3-defaults/+bug/1908073/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1907905] Re: buging

2020-12-14 Thread Seth Arnold
** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1907905

Title:
  buging

Status in xorg package in Ubuntu:
  New

Bug description:
  just have a lot of gren points and com`s and disapiering picture

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: xorg 1:7.7+19ubuntu14
  ProcVersionSignature: Ubuntu 5.8.0-32.34~20.04.1-generic 5.8.18
  Uname: Linux 5.8.0-32-generic x86_64
  .tmp.unity_support_test.0:
   
  ApportVersion: 2.20.11-0ubuntu27.14
  Architecture: amd64
  BootLog: Error: [Errno 13] Permission denied: '/var/log/boot.log'
  CasperMD5CheckResult: skip
  CompositorRunning: None
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Dec 12 15:32:53 2020
  DistUpgraded: Fresh install
  DistroCodename: focal
  DistroVariant: ubuntu
  ExtraDebuggingInterest: Yes, including running git bisection searches
  GraphicsCard:
   Intel Corporation 2nd Generation Core Processor Family Integrated Graphics 
Controller [8086:0116] (rev 09) (prog-if 00 [VGA controller])
 Subsystem: Lenovo 2nd Generation Core Processor Family Integrated Graphics 
Controller [17aa:5000]
  InstallationDate: Installed on 2020-11-14 (27 days ago)
  InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731)
  MachineType: LENOVO 33663VG
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.8.0-32-generic 
root=UUID=d4192c33-e4f0-4468-8ebe-426000ec3852 ro quiet splash vt.handoff=7
  SourcePackage: xorg
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/02/2013
  dmi.bios.release: 2.54
  dmi.bios.vendor: LENOVO
  dmi.bios.version: H0ET94WW (2.54 )
  dmi.board.asset.tag: Not Available
  dmi.board.name: 33663VG
  dmi.board.vendor: LENOVO
  dmi.board.version: Win8 STD DPK TPG
  dmi.chassis.asset.tag: No Asset Information
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: Not Available
  dmi.ec.firmware.release: 2.54
  dmi.modalias: 
dmi:bvnLENOVO:bvrH0ET94WW(2.54):bd08/02/2013:br2.54:efr2.54:svnLENOVO:pn33663VG:pvrThinkPadEdgeE530c:rvnLENOVO:rn33663VG:rvrWin8STDDPKTPG:cvnLENOVO:ct10:cvrNotAvailable:
  dmi.product.family: ThinkPad Edge E530c
  dmi.product.name: 33663VG
  dmi.product.sku: LENOVO_MT_3366
  dmi.product.version: ThinkPad Edge E530c
  dmi.sys.vendor: LENOVO
  version.compiz: compiz N/A
  version.libdrm2: libdrm2 2.4.102-1ubuntu1~20.04.1
  version.libgl1-mesa-dri: libgl1-mesa-dri 20.2.1-1~ubuntu0.20.04.2
  version.libgl1-mesa-glx: libgl1-mesa-glx N/A
  version.xserver-xorg-core: xserver-xorg-core 2:1.20.8-2ubuntu2.6
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
  version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-1
  version.xserver-xorg-video-intel: xserver-xorg-video-intel 
2:2.99.917+git20200226-1
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.16-1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1907905/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1897369] Re: apparmor: Allow cups-browsed to change nice value (CAP_SYS_NICE)

2020-12-01 Thread Seth Arnold
It may also be an option to set the desired scheduling parameters via
systemd.exec(5) parameters instead of asking the daemon to do the
changes itself.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1897369

Title:
  apparmor: Allow cups-browsed to change nice value (CAP_SYS_NICE)

Status in cups package in Ubuntu:
  Confirmed

Bug description:
  In Ubuntu 20.04.1 with *cups-browsed* 1.27.4-1, apparmor prevents
  `/usr/sbin/cups-browsed` to change its nice value.

  $ sudo dmesg | grep apparmor
  [541870.509461] audit: type=1400 audit(1600898428.089:60): 
apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" 
pid=62030 comm="cups-browsed" capability=23  capname="sys_nice"
  [628298.779668] audit: type=1400 audit(1600984854.115:61): 
apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" 
pid=66850 comm="cups-browsed" capability=23  capname="sys_nice"
  [714667.424963] audit: type=1400 audit(1601071220.527:62): 
apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" 
pid=76828 comm="cups-browsed" capability=23  capname="sys_nice"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1897369/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1905758] Re: package libglib2.0-0:i386 2.66.1-2 failed to install/upgrade: dependency problems - leaving triggers unprocessed

2020-11-30 Thread Seth Arnold
** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to glib2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1905758

Title:
  package libglib2.0-0:i386 2.66.1-2 failed to install/upgrade:
  dependency problems - leaving triggers unprocessed

Status in glib2.0 package in Ubuntu:
  New

Bug description:
  .

  ProblemType: Package
  DistroRelease: Ubuntu 20.10
  Package: libglib2.0-0:i386 2.66.1-2
  ProcVersionSignature: Ubuntu 5.8.0-7630.32~1605108806~20.10~7e52b13-generic 
5.8.17
  Uname: Linux 5.8.0-7630-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.20.11-0ubuntu50.2
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Thu Nov 19 17:43:35 2020
  ErrorMessage: dependency problems - leaving triggers unprocessed
  PackageArchitecture: i386
  Python3Details: /usr/bin/python3.8, Python 3.8.6, python3-minimal, 
3.8.6-0ubuntu1
  PythonDetails: N/A
  RelatedPackageVersions:
   dpkg 1.20.5ubuntu2
   apt  2.1.10
  SourcePackage: glib2.0
  Title: package libglib2.0-0:i386 2.66.1-2 failed to install/upgrade: 
dependency problems - leaving triggers unprocessed
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/1905758/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1905285] Re: socket-activated sshd breaks on concurrent connections

2020-11-23 Thread Seth Arnold
Hello Marcin, the Description section of
https://www.freedesktop.org/software/systemd/man/systemd.unit.html gives
information on how to modify configurations without having them undone
by future updates; the systemctl edit command automates the process of
using these local modifications.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1905285

Title:
  socket-activated sshd breaks on concurrent connections

Status in openssh package in Ubuntu:
  New

Bug description:
  This is mostly the same issue as https://bugs.debian.org/cgi-
  bin/bugreport.cgi?bug=934663.

  With the default configuration of openssh-server and systemd, sshd
  will complain and crash when multiple connections are made and
  terminated in a quick succession, e.g. with `ssh-keyscan`. It results
  in the following errors in /var/log/auth.log:

  ```
  Nov 22 20:53:34 {host} sshd[14567]: Unable to negotiate with {client} port 
41460: no matching host key type found. Their offer: 
sk-ecdsa-sha2-nistp...@openssh.com [preauth]
  Nov 22 20:53:34 {host} sshd[14570]: fatal: chroot("/run/sshd"): No such file 
or directory [preauth]
  Nov 22 20:53:34 {host} sshd[14569]: fatal: chroot("/run/sshd"): No such file 
or directory [preauth]
  Nov 22 20:53:34 {host} sshd[14568]: fatal: chroot("/run/sshd"): No such file 
or directory [preauth]
  Nov 22 20:53:34 {host} sshd[14566]: fatal: chroot("/run/sshd"): No such file 
or directory [preauth]
  Nov 22 20:53:47 {host} sshd[14584]: Connection closed by {client} port 59312 
[preauth]
  Nov 22 20:53:47 {host} sshd[14586]: fatal: chroot("/run/sshd"): No such file 
or directory [preauth]
  Nov 22 20:53:48 {host} sshd[14585]: fatal: chroot("/run/sshd"): No such file 
or directory [preauth]
  ```

  as well as e.g. missing responses in ssh-keyscan:

  ```
  $ ssh-keyscan -vvv {host}
  debug2: fd 3 setting O_NONBLOCK
  debug3: conalloc: oname {host} kt 2
  debug2: fd 4 setting O_NONBLOCK
  debug3: conalloc: oname {host} kt 4
  debug2: fd 5 setting O_NONBLOCK
  debug3: conalloc: oname {host} kt 8
  debug2: fd 6 setting O_NONBLOCK
  debug3: conalloc: oname {host} kt 32
  debug2: fd 7 setting O_NONBLOCK
  debug3: conalloc: oname {host} kt 64
  debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.1 pat OpenSSH* compat 0x0400
  # {host}:22 SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
  debug3: send packet: type 20
  debug1: SSH2_MSG_KEXINIT sent
  debug3: receive packet: type 20
  debug1: SSH2_MSG_KEXINIT received
  debug2: local client KEXINIT proposal
  debug2: KEX algorithms: 
curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
  debug2: host key algorithms: sk-ecdsa-sha2-nistp...@openssh.com
  debug2: ciphers ctos: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com
  debug2: ciphers stoc: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com
  debug2: MACs ctos: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
  debug2: MACs stoc: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
  debug2: compression ctos: none,z...@openssh.com
  debug2: compression stoc: none,z...@openssh.com
  debug2: languages ctos:
  debug2: languages stoc:
  debug2: first_kex_follows 0
  debug2: reserved 0
  debug2: peer server KEXINIT proposal
  debug2: KEX algorithms: 
curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
  debug2: host key algorithms: 
rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
  debug2: ciphers ctos: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com
  debug2: ciphers stoc: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com
  debug2: MACs ctos: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
  debug2: MACs stoc: 

[Touch-packages] [Bug 1901264] Re: package dbus 1.12.20-1ubuntu1 failed to install/upgrade: triggers looping, abandoned

2020-10-23 Thread Seth Arnold
** Also affects: ubuntu-release-upgrader (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dbus in Ubuntu.
https://bugs.launchpad.net/bugs/1901264

Title:
  package dbus 1.12.20-1ubuntu1 failed to install/upgrade: triggers
  looping, abandoned

Status in dbus package in Ubuntu:
  New
Status in ubuntu-release-upgrader package in Ubuntu:
  New

Bug description:
  I ran into this issue when trying to upgrade from 20.04 to 20.10.
  Looks like there are a lot of dbus issues when trying upgrade. There
  are other issues similar to this one and almost all of them are
  observed during the release upgrade.

  ProblemType: Package
  DistroRelease: Ubuntu 20.10
  Package: dbus 1.12.20-1ubuntu1
  ProcVersionSignature: Ubuntu 5.8.0-25.26-generic 5.8.14
  Uname: Linux 5.8.0-25-generic x86_64
  ApportVersion: 2.20.11-0ubuntu50
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Sat Oct 24 02:45:57 2020
  ErrorMessage: triggers looping, abandoned
  InstallationDate: Installed on 2019-12-24 (304 days ago)
  InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Release amd64 (20191017)
  Python3Details: /usr/bin/python3.8, Python 3.8.6, python3-minimal, 
3.8.6-0ubuntu1
  PythonDetails: /usr/bin/python2.7, Python 2.7.18, python-is-python2, 2.7.17-4
  RelatedPackageVersions:
   dpkg 1.20.5ubuntu2
   apt  2.1.10
  SourcePackage: dbus
  Title: package dbus 1.12.20-1ubuntu1 failed to install/upgrade: triggers 
looping, abandoned
  UpgradeStatus: Upgraded to groovy on 2020-10-23 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/1901264/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1899019] Re: Typo in UDisks action

2020-10-19 Thread Seth Arnold
Hello Kevin, thanks for the excellent GHSL-2020-161 report. Given that
the polkit rules are intentional, if ancient, and the udisks2 team
doesn't want to treat the symlink finding as a security bug, I'm going
to open this publicly and mark it wontfix, to reflect what's likely
going to happen for our currently released systems.

I do hope upstream handles the symlink discovery eventually but I can
appreciate why they wouldn't want to handle it as a security issue.

Thanks

** Information type changed from Private Security to Public Security

** Changed in: policykit-desktop-privileges (Ubuntu)
   Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to policykit-desktop-
privileges in Ubuntu.
https://bugs.launchpad.net/bugs/1899019

Title:
  Typo in UDisks action

Status in policykit-desktop-privileges package in Ubuntu:
  Won't Fix

Bug description:
  It appears that com.ubuntu.desktop.pkla contains a typo in the UDisks
  section:

  [Mounting, checking, etc. of internal drives]
  Identity=unix-group:admin;unix-group:sudo
  
Action=org.freedesktop.udisks.filesystem-*;org.freedesktop.udisks.drive-ata-smart*;org.freedesktop.udisks2.filesystem-mount-system;org.freedesktop.udisks2.encrypted-unlock-system;org.freedesktop.udisks2.filesystem-fstab;
  ResultActive=yes

  Notice that the first two actions contain the string "udisks", rather
  than "udisks2", which appears to be a typo.

  However, the typo is actually a lucky accident because it is
  preventing a vulnerability in UDisks from being exploited. The
  vulnerable code in UDisks is protected by the `org.freedesktop.udisks2
  .filesystem-take-ownership` polkit action, so it will become
  accessible if the typo is fixed. I have separately reported the UDisks
  vulnerability to the maintainers of UDisks. I have attached a copy of
  that report for your information.

  I would recommend removing the first two actions from this file. Since
  they don't currently work, presumably nobody will miss them if they
  are removed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/policykit-desktop-privileges/+bug/1899019/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1899046] Re: /usr/bin/aa-notify:ModuleNotFoundError:/usr/bin/aa-notify@39

2020-10-08 Thread Seth Arnold
Traceback (most recent call last):
  File "/usr/bin/aa-notify", line 39, in 
import psutil
ModuleNotFoundError: No module named 'psutil'

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1899046

Title:
  /usr/bin/aa-notify:ModuleNotFoundError:/usr/bin/aa-notify@39

Status in apparmor package in Ubuntu:
  In Progress

Bug description:
  The Ubuntu Error Tracker has been receiving reports about a problem regarding 
apparmor.  This problem was most recently seen with package version 
3.0.0~beta1-0ubuntu6, the problem page at 
https://errors.ubuntu.com/problem/69bb6832fe7b294bd7e2d75970fdc903f412c409 
contains more details, including versions of packages affected, stacktrace or 
traceback, and individual crash reports.
  If you do not have access to the Ubuntu Error Tracker and are a software 
developer, you can request it at http://forms.canonical.com/reports/.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1899046/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1892559] Re: [MIR] ccid libpam-pkcs1 libpcsc-perl opensc pcsc-tools pcsc-lite

2020-10-07 Thread Seth Arnold
Christian, Joy has gone through the bugs and either closed old ones or
made some progress on still-relevant ones. How does it look to you now?
Thanks Joy!

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1892559

Title:
  [MIR] ccid libpam-pkcs1 libpcsc-perl opensc pcsc-tools pcsc-lite

Status in ccid package in Ubuntu:
  New
Status in opensc package in Ubuntu:
  Incomplete
Status in pam-pkcs11 package in Ubuntu:
  New
Status in pcsc-lite package in Ubuntu:
  New
Status in pcsc-perl package in Ubuntu:
  Invalid
Status in pcsc-tools package in Ubuntu:
  Invalid

Bug description:
  ==> ccid <==
  [Availability]
  ccid is in universe, and builds on all architectures.

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  No CVEs for ccid are listed in our database.
  Doesn't appear to bind to a socket.
  No privileged executables, but does have udev rules.
  Probably needs a security review.

  [Quality assurance]
  No test suite.
  Does require odd hardware that we'll probably need to buy.
  I don't see debconf questions.
  ccid is well maintained in Debian by upstream author.
  One open wishlist bug in BTS, harmless.

  One open bug in launchpad, not security, but looks very frustrating
  for the users. The upstream author was engaged but it never reached
  resolution.  https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465

  Has a debian/watch file.
  Quilt packaging.

  P: ccid source: no-dep5-copyright
  P: ccid source: package-uses-experimental-debhelper-compat-version 13

  [Dependencies]
  Minimal dependencies, in main

  [Standards compliance]
  Appears to satisfy FHS and Debian policy

  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.

  [Background information]
  ccid provides drivers to interact with usb-connected smart card readers.

  ==> libpam-pkcs11 <==
  [Availability]
  Source package pam-pkcs11 is in universe and builds on all architectures.

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  No CVEs in our database.
  Doesn't appear to bind to sockets.
  No privileged executables (but is a PAM module).
  As a PAM module this will require a security review.

  [Quality assurance]
  The package does not call pam-auth-update in its postinst #1650366
  Does not ask questions during install.
  One Ubuntu bug claims very poor behaviour if a card isn't plugged in.
  No Debian bugs.
  Occasional updates in Debian by long-term maintainer.
  Does require odd hardware that we'll probably need to buy.
  Does not appear to run tests during build.
  Has scary warnings in the build logs.
  Has a debian/watch file.

  Ancient standards version; other smaller lintian messages, mostly
  documentation problems.

  Quilt packaging.

  [Dependencies]
  Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1
  All are in main.

  [Standards compliance]
  The package does not call pam-auth-update in its postinst #1650366
  Otherwise looks to conform to FHS and Debian policies

  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.

  [Background information]
  This PAM module can use CRLs and full-chain verification of certificates.
  It can also do LDAP, AD, and Kerberos username mapping.

  ==> libpcsc-perl <==
  [Availability]
  Source package pcsc-perl is in universe, builds for all architectures,
  plus i386

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  There are no cves for pcsc-perl in our database.
  No privileged executables.
  Doesn't appear to bind to sockets.
  Probably needs a security review.

  [Quality assurance]
  Library package not intended to be used directly.
  No debconf questions.
  No bugs in Debian.
  No bugs in Ubuntu.
  Does require odd hardware that we'll probably need to buy.
  Tests exist, not run during the build; probably can't run during the build.
  Includes debian/watch file.
  A handful of lintian issues
  Quilt packaging.

  [Dependencies]
  libpcsc-perl depends upon libpcsclite1, libc6, perl, perlapi-5.30.0.
  All are in main.

  [Standards compliance]
  One oddity, Card.pod is stored in 
/usr/lib/x86_64-linux-gnu/perl5/5.30/Chipcard/PCSC/
  Many other perl packages have .pod files in these directory trees so maybe
  it's fine, but it seems funny all the same.

  Otherwise appears to satisfy FHS and Debian policy.

  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  

[Touch-packages] [Bug 1898590] Re: Verify DNS fingerprints not working

2020-10-06 Thread Seth Arnold
Hello, dig will do dns lookups itself, it doesn't rely on the host
resolver configuration. Does your host resolver configuration support
dnssec? It might be worth using tcpdump or tshark or wireshark to see if
the queries are properly formed, and if the replies are correct.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1898590

Title:
  Verify DNS fingerprints not working

Status in openssh package in Ubuntu:
  New

Bug description:
  When setting in /etc/ssh/ssh_config VerifyHostKeyDNS to yes the fingerprints 
are fetched, but the result is always:
  debug1: found n insecure fingerprints in DNS
  With dig +dnssec -tsshfp hostname the result is ok: ad flg is set.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1898590/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1898157] Re: package python3 3.8.2-0ubuntu2 failed to install/upgrade: installed python3 package post-installation script subprocess returned error exit status 4

2020-10-06 Thread Seth Arnold
** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python3-defaults in
Ubuntu.
https://bugs.launchpad.net/bugs/1898157

Title:
  package python3 3.8.2-0ubuntu2 failed to install/upgrade: installed
  python3 package post-installation script subprocess returned error
  exit status 4

Status in python3-defaults package in Ubuntu:
  New

Bug description:
  Hello

  
  while upgrading from 18.04 LTS to 20.04 LTS I found this Error, please 
resolve it

  ProblemType: Package
  DistroRelease: Ubuntu 20.04
  Package: python3 3.8.2-0ubuntu2
  ProcVersionSignature: Ubuntu 5.4.0-48.52-generic 5.4.60
  Uname: Linux 5.4.0-48-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.9
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Fri Oct  2 10:43:58 2020
  ErrorMessage: installed python3 package post-installation script subprocess 
returned error exit status 4
  InstallationDate: Installed on 2020-04-04 (180 days ago)
  InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 
(20180725)
  Python3Details: /usr/bin/python3.8, Python 3.8.2, python3-minimal, 
3.8.2-0ubuntu2
  PythonDetails: /usr/bin/python2.7, Python 2.7.18rc1, python-is-python2, 
2.7.17-4
  RelatedPackageVersions:
   dpkg 1.19.7ubuntu3
   apt  2.0.2ubuntu0.1
  SourcePackage: python3-defaults
  Title: package python3 3.8.2-0ubuntu2 failed to install/upgrade: installed 
python3 package post-installation script subprocess returned error exit status 4
  UpgradeStatus: Upgraded to focal on 2020-10-02 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python3-defaults/+bug/1898157/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1885633] Re: [ZDI-CAN-11233]: apport Unnecessary Privileges Information Disclosure Vulnerability

2020-09-24 Thread Seth Arnold
** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1885633

Title:
  [ZDI-CAN-11233]: apport Unnecessary Privileges Information Disclosure
  Vulnerability

Status in apport package in Ubuntu:
  Fix Released
Status in apport source package in Xenial:
  Fix Released
Status in apport source package in Bionic:
  Fix Released
Status in apport source package in Eoan:
  Confirmed
Status in apport source package in Focal:
  Fix Released

Bug description:
  -- VULNERABILITY DETAILS  
   
  * Version tested:18.04.4 LTS amd64 server 
   
  * Installer file:ubuntu-18.04.4-live-server-amd64.iso 
   
  * Platform tested:-   
   

   
  ---   
   

   
  ### Analysis  
   

   
  Apport which is crash reporter in Ubuntu will execute gdbus to check if pid 
is in a closing user session. Before executing the binary, it drop privilege to 
crashed process's uid. But it doesn't drop group id, so it can be used to leak 
file which is owned by root group.  
 

   
  It leads to anyone can read the file which can only be read by root group, 
but the file size must be 16bytes. 

  reproduce step
   
  ```   
   
  ubuntu@ubuntu:/tmp$ echo -ne "SECURESECRETHERE" > securefile  
   
  ubuntu@ubuntu:/tmp$ sudo chown root:root securefile   
   
  ubuntu@ubuntu:/tmp$ sudo chmod 440 securefile 
   
  ubuntu@ubuntu:/tmp$ su - zdi  
   
  Password: 
   
  zdi@ubuntu:~$ id  
   
  uid=1001(zdi) gid=1001(zdi) groups=1001(zdi)  
   
  zdi@ubuntu:~$ cd /tmp/
   
  zdi@ubuntu:/tmp$ ls -al securefile
   
  -r--r- 1 root root 16 Jun 16 04:33 securefile 
   
  zdi@ubuntu:/tmp$ cat securefile   
   
  cat: securefile: Permission denied
   
  zdi@ubuntu:/tmp$ nc -lp  & 

[Touch-packages] [Bug 1882098] Re: Packagekit lets user install untrusted local packages in Bionic and Focal

2020-09-22 Thread Seth Arnold
Please use CVE-2020-16122 for this issue. Thanks.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-16122

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to packagekit in Ubuntu.
https://bugs.launchpad.net/bugs/1882098

Title:
  Packagekit lets user install untrusted local packages in Bionic and
  Focal

Status in packagekit package in Ubuntu:
  Triaged

Bug description:
  We have packagekit configured to allow users to install trusted
  packages from preconfigured repositories, but disallowed them to
  install any untrusted packages.

  The policykit configuration we use is following:

  [tld.univ.packagekit]
  Identity=unix-group:adm;
  
Action=org.freedesktop.packagekit.package-install;org.freedesktop.packagekit.package-reinstall;org.freedesktop.packagekit.package-remove;org.freedesktop.packagekit.system-sources-refresh;org.freedesktop.packagekit.system-update;org.freedesktop.packagekit.repair-system;
  ResultAny=auth_self
  ResultActive=auth_self
  ResultInactive=auth_self

  [tld.univ.packagekit-deny]
  Identity=unix-user:*;
  Action=org.freedesktop.packagekit.package-install-untrusted;
  ResultAny=no

  We would expect this to prevent users from installing local packages
  downloaded from random repositories, however this does not seem to be
  the case.

  pkcon install-local random_package.deb will happily prompt for the
  user to authenticate and will install the package, while pkcon
  --allow-untrusted install-local random_package.deb will prompt for
  root password, which the user does not have.

  Our initial toughts was that the issue would be in packagekitd, but
  after further investigations it looks like the issue could be in aptcc
  backend.

  We are more than happy to provide you with further details, but the
  above should be enough to reproduce the issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1892559] Re: [MIR] ccid libpam-pkcs1 libpcsc-perl opensc pcsc-tools pcsc-lite

2020-09-16 Thread Seth Arnold
ubuntu-security is now subscribed to pcsc-lite bugs.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1892559

Title:
  [MIR] ccid libpam-pkcs1 libpcsc-perl opensc pcsc-tools pcsc-lite

Status in ccid package in Ubuntu:
  New
Status in opensc package in Ubuntu:
  Incomplete
Status in pam-pkcs11 package in Ubuntu:
  New
Status in pcsc-lite package in Ubuntu:
  New
Status in pcsc-perl package in Ubuntu:
  Invalid
Status in pcsc-tools package in Ubuntu:
  Invalid

Bug description:
  ==> ccid <==
  [Availability]
  ccid is in universe, and builds on all architectures.

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  No CVEs for ccid are listed in our database.
  Doesn't appear to bind to a socket.
  No privileged executables, but does have udev rules.
  Probably needs a security review.

  [Quality assurance]
  No test suite.
  Does require odd hardware that we'll probably need to buy.
  I don't see debconf questions.
  ccid is well maintained in Debian by upstream author.
  One open wishlist bug in BTS, harmless.

  One open bug in launchpad, not security, but looks very frustrating
  for the users. The upstream author was engaged but it never reached
  resolution.  https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465

  Has a debian/watch file.
  Quilt packaging.

  P: ccid source: no-dep5-copyright
  P: ccid source: package-uses-experimental-debhelper-compat-version 13

  [Dependencies]
  Minimal dependencies, in main

  [Standards compliance]
  Appears to satisfy FHS and Debian policy

  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.

  [Background information]
  ccid provides drivers to interact with usb-connected smart card readers.

  ==> libpam-pkcs11 <==
  [Availability]
  Source package pam-pkcs11 is in universe and builds on all architectures.

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  No CVEs in our database.
  Doesn't appear to bind to sockets.
  No privileged executables (but is a PAM module).
  As a PAM module this will require a security review.

  [Quality assurance]
  The package does not call pam-auth-update in its postinst #1650366
  Does not ask questions during install.
  One Ubuntu bug claims very poor behaviour if a card isn't plugged in.
  No Debian bugs.
  Occasional updates in Debian by long-term maintainer.
  Does require odd hardware that we'll probably need to buy.
  Does not appear to run tests during build.
  Has scary warnings in the build logs.
  Has a debian/watch file.

  Ancient standards version; other smaller lintian messages, mostly
  documentation problems.

  Quilt packaging.

  [Dependencies]
  Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1
  All are in main.

  [Standards compliance]
  The package does not call pam-auth-update in its postinst #1650366
  Otherwise looks to conform to FHS and Debian policies

  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.

  [Background information]
  This PAM module can use CRLs and full-chain verification of certificates.
  It can also do LDAP, AD, and Kerberos username mapping.

  ==> libpcsc-perl <==
  [Availability]
  Source package pcsc-perl is in universe, builds for all architectures,
  plus i386

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  There are no cves for pcsc-perl in our database.
  No privileged executables.
  Doesn't appear to bind to sockets.
  Probably needs a security review.

  [Quality assurance]
  Library package not intended to be used directly.
  No debconf questions.
  No bugs in Debian.
  No bugs in Ubuntu.
  Does require odd hardware that we'll probably need to buy.
  Tests exist, not run during the build; probably can't run during the build.
  Includes debian/watch file.
  A handful of lintian issues
  Quilt packaging.

  [Dependencies]
  libpcsc-perl depends upon libpcsclite1, libc6, perl, perlapi-5.30.0.
  All are in main.

  [Standards compliance]
  One oddity, Card.pod is stored in 
/usr/lib/x86_64-linux-gnu/perl5/5.30/Chipcard/PCSC/
  Many other perl packages have .pod files in these directory trees so maybe
  it's fine, but it seems funny all the same.

  Otherwise appears to satisfy FHS and Debian policy.

  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.

  [Background information]
  Dependency of 

[Touch-packages] [Bug 1895294] Re: Fix Raccoon vulnerability (CVE-2020-1968)

2020-09-15 Thread Seth Arnold
Alternatively, you could use one of the recommended TLS configurations
from Mozilla, https://wiki.mozilla.org/Security/Server_Side_TLS which do
not enable the unsafe cryptography suites.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1895294

Title:
  Fix Raccoon vulnerability (CVE-2020-1968)

Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Xenial:
  Confirmed

Bug description:
  Xenial's current OpenSSL (1.0.2g-1ubuntu4.16) seems to not have been
  patched yet against the Raccoon Attack (CVE-2020-1968):

  - https://www.openssl.org/news/secadv/20200909.txt
  - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1968
  - https://raccoon-attack.com/

  Ubuntu's CVE tracker still lists this as NEEDED for Xenial:

  - https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1968.html
  - https://people.canonical.com/~ubuntu-security/cve/pkg/openssl.html

  Other supported Ubuntu releases use versions of OpenSSL that are not
  affected.

  Indeed:

    $ apt-cache policy openssl
    openssl:
  Installed: 1.0.2g-1ubuntu4.16

    $ apt-get changelog openssl | grep CVE-2020-1968 || echo "Not patched"
    Not patched

  What is the status?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1895294/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1892559] Re: [MIR] ccid libpam-pkcs1 libpcsc-perl opensc pcsc-tools pcsc-lite

2020-09-15 Thread Seth Arnold
** Changed in: pcsc-lite (Ubuntu)
   Status: Incomplete => New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1892559

Title:
  [MIR] ccid libpam-pkcs1 libpcsc-perl opensc pcsc-tools pcsc-lite

Status in ccid package in Ubuntu:
  New
Status in opensc package in Ubuntu:
  Incomplete
Status in pam-pkcs11 package in Ubuntu:
  New
Status in pcsc-lite package in Ubuntu:
  New
Status in pcsc-perl package in Ubuntu:
  Invalid
Status in pcsc-tools package in Ubuntu:
  Invalid

Bug description:
  ==> ccid <==
  [Availability]
  ccid is in universe, and builds on all architectures.

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  No CVEs for ccid are listed in our database.
  Doesn't appear to bind to a socket.
  No privileged executables, but does have udev rules.
  Probably needs a security review.

  [Quality assurance]
  No test suite.
  Does require odd hardware that we'll probably need to buy.
  I don't see debconf questions.
  ccid is well maintained in Debian by upstream author.
  One open wishlist bug in BTS, harmless.

  One open bug in launchpad, not security, but looks very frustrating
  for the users. The upstream author was engaged but it never reached
  resolution.  https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465

  Has a debian/watch file.
  Quilt packaging.

  P: ccid source: no-dep5-copyright
  P: ccid source: package-uses-experimental-debhelper-compat-version 13

  [Dependencies]
  Minimal dependencies, in main

  [Standards compliance]
  Appears to satisfy FHS and Debian policy

  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.

  [Background information]
  ccid provides drivers to interact with usb-connected smart card readers.

  ==> libpam-pkcs11 <==
  [Availability]
  Source package pam-pkcs11 is in universe and builds on all architectures.

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  No CVEs in our database.
  Doesn't appear to bind to sockets.
  No privileged executables (but is a PAM module).
  As a PAM module this will require a security review.

  [Quality assurance]
  The package does not call pam-auth-update in its postinst #1650366
  Does not ask questions during install.
  One Ubuntu bug claims very poor behaviour if a card isn't plugged in.
  No Debian bugs.
  Occasional updates in Debian by long-term maintainer.
  Does require odd hardware that we'll probably need to buy.
  Does not appear to run tests during build.
  Has scary warnings in the build logs.
  Has a debian/watch file.

  Ancient standards version; other smaller lintian messages, mostly
  documentation problems.

  Quilt packaging.

  [Dependencies]
  Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1
  All are in main.

  [Standards compliance]
  The package does not call pam-auth-update in its postinst #1650366
  Otherwise looks to conform to FHS and Debian policies

  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.

  [Background information]
  This PAM module can use CRLs and full-chain verification of certificates.
  It can also do LDAP, AD, and Kerberos username mapping.

  ==> libpcsc-perl <==
  [Availability]
  Source package pcsc-perl is in universe, builds for all architectures,
  plus i386

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  There are no cves for pcsc-perl in our database.
  No privileged executables.
  Doesn't appear to bind to sockets.
  Probably needs a security review.

  [Quality assurance]
  Library package not intended to be used directly.
  No debconf questions.
  No bugs in Debian.
  No bugs in Ubuntu.
  Does require odd hardware that we'll probably need to buy.
  Tests exist, not run during the build; probably can't run during the build.
  Includes debian/watch file.
  A handful of lintian issues
  Quilt packaging.

  [Dependencies]
  libpcsc-perl depends upon libpcsclite1, libc6, perl, perlapi-5.30.0.
  All are in main.

  [Standards compliance]
  One oddity, Card.pod is stored in 
/usr/lib/x86_64-linux-gnu/perl5/5.30/Chipcard/PCSC/
  Many other perl packages have .pod files in these directory trees so maybe
  it's fine, but it seems funny all the same.

  Otherwise appears to satisfy FHS and Debian policy.

  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.

  [Background information]
  Dependency 

[Touch-packages] [Bug 1894172] Re: isc-dhcp-server using wrong env variable for INTERFACES

2020-09-04 Thread Seth Arnold
see also https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1774342

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1894172

Title:
  isc-dhcp-server using wrong env variable for INTERFACES

Status in isc-dhcp package in Ubuntu:
  Triaged
Status in isc-dhcp source package in Bionic:
  Triaged
Status in isc-dhcp source package in Focal:
  Confirmed

Bug description:
  When checking isc-dhcp-server unit file I saw isc-dhcp-server is being
  started by:

  ConditionPathExists=/etc/default/isc-dhcp-server
  ConditionPathExists=|/etc/ltsp/dhcpd.conf
  ConditionPathExists=|/etc/dhcp/dhcpd.conf

  [Service]
  EnvironmentFile=/etc/default/isc-dhcp-server
  RuntimeDirectory=dhcp-server
  # The leases files need to be root:dhcpd even when dropping privileges
  ExecStart=/bin/sh -ec '\
  CONFIG_FILE=/etc/dhcp/dhcpd.conf; \
  if [ -f /etc/ltsp/dhcpd.conf ]; then CONFIG_FILE=/etc/ltsp/dhcpd.conf; 
fi; \
  [ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases; \
  chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases; \
  chmod 775 /var/lib/dhcp ; chmod 664 /var/lib/dhcp/dhcpd.leases; \
  exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid 
-cf $CONFIG_FILE $INTERFACES'

  But the /etc/default/isc-dhcp-server file sets $INTERFACESv4 and
  $INTERFACESv6.

  This has only been working because cmdline sets -4 and subnet
  declaration in dhcpd.conf file makes dhcp-server to bind to the
  correct interfaces, as it looks like.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1894172/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1893241] Re: attack alias sudo with nasty payload

2020-08-28 Thread Seth Arnold
Hello Patrik, thanks for your concern for Ubuntu's security.

As you said, there are numerous possibilities for trouble when an
account is compromised in this fashion. Placing malicious versions of
utilities into ~/bin is another common choice. (Usually shell aliases,
functions, and ~/bin/ replacements of common utilities is in the realm
of "students playing practical jokes on each other when they first use
Unix systems".)

Consider a slight modification of your function, to call it 'ls' or 'mv'
or 'cat'. Would it be any less dangerous? If the user used sudo in that
terminal recently, it's bad news. If the user didn't authenticate to
sudo recently they will be prompted for a password, they may wonder why,
and start to investigate. How? With 'vi'? With 'cat'? With 'alias'? Each
of those could also do other malicious things.

A more enterprising attacker with the ability to modify user files could
install a keylogger, or cause shell sessions to start with script(1) or
similar utilities, or use ptrace-based debugging techniques to read
secrets from user processes, etc. These would be more reliable and
harder to spot.

On Ubuntu, it is a convention that the first user account on the
computer gets sudo access; while this is very convenient, it's also a
risk. It is also common for higher-security environments for one person
to have multiple accounts: one used for administrative actions and one
used for their personal work on the computer.

It is also important to recall that root access is not necessarily the
most important goal of an attacker. Computers work with a wide variety
of data from a wide variety of sources and threats like cryptolockers or
data exfiltration often doesn't need root privileges to be
catastrophically bad for a user or an organization.

There's no simple solution to address what you've found. It used to be
common for system administrators to run periodic checks of all user
files to make sure permissions made sense, there was nothing malicious
in them, etc. (This was my introduction to Unix security in the 90s; an
ircii plugin I had downloaded added '+ +' to my ~/.rhosts file. It was
spotted by the sysadmin a few hours later thanks to an automated tool.)

In addition to checking for too-wide write permissions, also be sure to
protect your account with good, high-quality, passwords, and disable
password authentication where you can, so you can rely upon ssh
authorized_keys instead. Lock your screen before suspending your laptop
or walking away from your desktop. Be careful with what USB and Firewire
devices you plug into your computer. And so on.

We can't realistically try to handle "someone has write access to my
home directory" as a threat model. If someone has write access to your
home directory they can do a great deal of damage.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1893241

Title:
  attack alias sudo with nasty payload

Status in bash package in Ubuntu:
  Won't Fix

Bug description:
  Put the alias below in ~/.bashrc, which is writable by the current
  user and wait for the user to open up a shell and become root.

  There are numerous of possibilities. If you exchange
  "/tmp/aBSoLuTLYNoTHiNG" to "/" it becomes dangerous. Or imagine an
  attacker that can't become a root in any other way and wants to setup
  a botnet.

  $ alias sudo='function f() { sudo -- rm -rf  "/tmp/aBSoLuTLYNoTHiNG" ; sudo 
touch "/tmp/aBSoLuTLYNoTHiNG" ; echo "Everything removed!!" ;  sudo "$@" ; } ; 
f "$@"'
  $ stat /tmp/aBSoLuTLYNoTHiNG 
  stat: cannot stat '/tmp/aBSoLuTLYNoTHiNG': No such file or directory
  $ sudo echo 'hello wonderful world!'
  Everything removed!!
  hello wonderful world!
  $ stat /tmp/aBSoLuTLYNoTHiNG 
File: /tmp/aBSoLuTLYNoTHiNG
Size: 0 Blocks: 0  IO Block: 4096   regular empty file
  Device: fd00h/64768d  Inode: 4718664 Links: 1
  Access: (0644/-rw-r--r--)  Uid: (0/root)   Gid: (0/root)
  Access: 2020-08-27 18:09:50.960080579 +0200
  Modify: 2020-08-27 18:09:50.960080579 +0200
  Change: 2020-08-27 18:09:50.960080579 +0200
   Birth: -

  File written by root! Fastest fix: Sudo is not allowed to be an alias.

  Extra information:
  $ lsb_release -rd
  Description:  Ubuntu 20.04.1 LTS
  Release:  20.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1893241/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1893241] Re: attack alias sudo with nasty payload

2020-08-28 Thread Seth Arnold
** Information type changed from Private Security to Public Security

** Changed in: bash (Ubuntu)
   Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1893241

Title:
  attack alias sudo with nasty payload

Status in bash package in Ubuntu:
  Won't Fix

Bug description:
  Put the alias below in ~/.bashrc, which is writable by the current
  user and wait for the user to open up a shell and become root.

  There are numerous of possibilities. If you exchange
  "/tmp/aBSoLuTLYNoTHiNG" to "/" it becomes dangerous. Or imagine an
  attacker that can't become a root in any other way and wants to setup
  a botnet.

  $ alias sudo='function f() { sudo -- rm -rf  "/tmp/aBSoLuTLYNoTHiNG" ; sudo 
touch "/tmp/aBSoLuTLYNoTHiNG" ; echo "Everything removed!!" ;  sudo "$@" ; } ; 
f "$@"'
  $ stat /tmp/aBSoLuTLYNoTHiNG 
  stat: cannot stat '/tmp/aBSoLuTLYNoTHiNG': No such file or directory
  $ sudo echo 'hello wonderful world!'
  Everything removed!!
  hello wonderful world!
  $ stat /tmp/aBSoLuTLYNoTHiNG 
File: /tmp/aBSoLuTLYNoTHiNG
Size: 0 Blocks: 0  IO Block: 4096   regular empty file
  Device: fd00h/64768d  Inode: 4718664 Links: 1
  Access: (0644/-rw-r--r--)  Uid: (0/root)   Gid: (0/root)
  Access: 2020-08-27 18:09:50.960080579 +0200
  Modify: 2020-08-27 18:09:50.960080579 +0200
  Change: 2020-08-27 18:09:50.960080579 +0200
   Birth: -

  File written by root! Fastest fix: Sudo is not allowed to be an alias.

  Extra information:
  $ lsb_release -rd
  Description:  Ubuntu 20.04.1 LTS
  Release:  20.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1893241/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1892559] Re: [MIR] ccid libpam-pkcs1 libpcsc-perl opensc pcsc-tools pcsc-lite

2020-08-26 Thread Seth Arnold
Done, thanks Christian!

** Description changed:

  ==> ccid <==
  [Availability]
  ccid is in universe, and builds on all architectures.
  
  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.
  
  [Security]
  No CVEs for ccid are listed in our database.
  Doesn't appear to bind to a socket.
  No privileged executables, but does have udev rules.
  Probably needs a security review.
  
  [Quality assurance]
  No test suite.
  Does require odd hardware that we'll probably need to buy.
  I don't see debconf questions.
  ccid is well maintained in Debian by upstream author.
  One open wishlist bug in BTS, harmless.
  
  One open bug in launchpad, not security, but looks very frustrating
  for the users. The upstream author was engaged but it never reached
  resolution.  https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465
  
  Has a debian/watch file.
  Quilt packaging.
  
  P: ccid source: no-dep5-copyright
  P: ccid source: package-uses-experimental-debhelper-compat-version 13
  
  [Dependencies]
  Minimal dependencies, in main
  
  [Standards compliance]
  Appears to satisfy FHS and Debian policy
  
  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.
  
  [Background information]
  ccid provides drivers to interact with usb-connected smart card readers.
- 
  
  ==> libpam-pkcs11 <==
  [Availability]
  Source package pam-pkcs11 is in universe and builds on all architectures.
  
  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.
  
  [Security]
  No CVEs in our database.
  Doesn't appear to bind to sockets.
  No privileged executables (but is a PAM module).
  As a PAM module this will require a security review.
  
  [Quality assurance]
  The package does not call pam-auth-update in its postinst #1650366
  Does not ask questions during install.
  One Ubuntu bug claims very poor behaviour if a card isn't plugged in.
  No Debian bugs.
  Occasional updates in Debian by long-term maintainer.
  Does require odd hardware that we'll probably need to buy.
  Does not appear to run tests during build.
  Has scary warnings in the build logs.
  Has a debian/watch file.
  
  Ancient standards version; other smaller lintian messages, mostly
  documentation problems.
  
  Quilt packaging.
  
  [Dependencies]
  Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1
  All are in main.
  
  [Standards compliance]
  The package does not call pam-auth-update in its postinst #1650366
  Otherwise looks to conform to FHS and Debian policies
  
  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.
  
  [Background information]
  This PAM module can use CRLs and full-chain verification of certificates.
  It can also do LDAP, AD, and Kerberos username mapping.
  
  ==> libpcsc-perl <==
  [Availability]
  Source package pcsc-perl is in universe, builds for all architectures,
  plus i386
  
  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.
  
  [Security]
  There are no cves for pcsc-perl in our database.
  No privileged executables.
  Doesn't appear to bind to sockets.
  Probably needs a security review.
  
  [Quality assurance]
  Library package not intended to be used directly.
  No debconf questions.
  No bugs in Debian.
  No bugs in Ubuntu.
  Does require odd hardware that we'll probably need to buy.
  Tests exist, not run during the build; probably can't run during the build.
  Includes debian/watch file.
  A handful of lintian issues
  Quilt packaging.
  
  [Dependencies]
  libpcsc-perl depends upon libpcsclite1, libc6, perl, perlapi-5.30.0.
  All are in main.
  
  [Standards compliance]
  One oddity, Card.pod is stored in 
/usr/lib/x86_64-linux-gnu/perl5/5.30/Chipcard/PCSC/
  Many other perl packages have .pod files in these directory trees so maybe
  it's fine, but it seems funny all the same.
  
  Otherwise appears to satisfy FHS and Debian policy.
  
  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.
  
  [Background information]
  Dependency of pcsc-tools; this library provides an API to work with smart
  cards and card readers.
  
  ==> opensc <==
  [Availability]
  Both opensc and opensc-pkcs11
  In universe, builds for all architectures.
  
  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.
  
  [Security]
  26 CVEs in our database. None open in groovy.
  No privileged executables.
  Does not appear to bind to sockets.
  Probably needs a security 

[Touch-packages] [Bug 1892455] Re: [MIR] libselinux1

2020-08-21 Thread Seth Arnold
libselinux1 has been in main for many years:

http://archive.ubuntu.com/ubuntu/pool/main/libs/libselinux/

Balint recently did some +1 work that mentioned libselinux:
https://lists.ubuntu.com/archives/ubuntu-devel/2020-July/041095.html but
I don't read that as suggesting that libselinux1 has been moved out of
main.

The archives also don't show libselinux1 in universe:

http://archive.ubuntu.com/ubuntu/pool/universe/libs/libselinux/

Can you double-check my reasoning here?

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libselinux in Ubuntu.
https://bugs.launchpad.net/bugs/1892455

Title:
  [MIR] libselinux1

Status in libselinux package in Ubuntu:
  New

Bug description:
  Many applications have Flatpak integration using libflatpak. The
  Ubuntu desktop team would like libflatpak in main so we can easily
  build such applications (LP: #1812456). libselinux is a dependency of
  this, so it would also need to be in main. We don't need SELinux
  functionality, and do not expect any other SELinux packages to be
  installed by default.

  Availability
  
  In Universe, builds for all architectures and in sync with Debian.

  Rationale
  =
  Required for libostree-1-1 being in main (LP: #1892454)

  Security
  
  This will need a Security review.

  Quality Assurance
  =
  Should be subscribed to by Ubuntu Desktop Bugs.

  Contains a single .so and doesn't have any debconf prompts. Package is
  maintained in Debian. No major bugs in Debian or Ubuntu.

  UI Standards
  
  N/A

  Dependencies
  
  All in main.

  Standards Compliance
  
  Package uses standards version 4.5.0.

  Maintenance
  ===
  Actively developed upstream https://github.com/SELinuxProject/selinux.
  Packages actively maintained in Debian.

  Security Checks
  ===
  41 CVEs found in http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=selinux, but 
they seem to relate to actual SELinux functionality, not issues in libselinux.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libselinux/+bug/1892455/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1516300] Re: dash command variable assignments remain in the shell after command execution completed

2020-08-18 Thread Seth Arnold
I gave this a test with Ubuntu 14.04, 16.04, 18.04, 20.04, LTS releases,
and Debian 10 and Debian 11, in lxd.

Ubuntus before 20.04 all showed the described behaviour.

Ubuntu 20.04 LTS worked the same as both Debian releases.

The versions of dash in each release make this make some sense:

$ for h in u14 u16 u18 u20 d10 d11 ; do echo $h ; lxc exec $h -- dpkg -l dash  
| awk '/^ii/ {print $2, $3;}' ; done
u14
dash 0.5.7-4ubuntu1
u16
dash 0.5.8-2.1ubuntu2
u18
dash 0.5.8-2.10
u20
dash 0.5.10.2-6
d10
dash 0.5.10.2-5
d11
dash 0.5.10.2-7


What's even more surprising to me is that the functionality of passing a 
variable in to the function doesn't even work in dash. Compare the bash with 
the dash:

u20-bash$ foo () { printenv | grep SHELL; }
u20-bash$ echo $SHELL
/bin/bash
u20-bash$ foo
u20-bash$ SHELL=foo foo
SHELL=foo
u20-bash$ echo $SHELL
/bin/bash

u20-dash$ foo () { printenv | grep SHELL; }
u20-dash$ foo
u20-dash$ SHELL=foo foo
u20-dash$ echo $SHELL

u20-dash$


I'm surprised at such a fundamental difference in behaviour between the two, 
but it's now been five years with no other reports, so perhaps no one depends 
upon the behaviour and changes which shell they use to execute scripts.

It might be best to just leave it alone.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dash in Ubuntu.
https://bugs.launchpad.net/bugs/1516300

Title:
  dash command variable assignments remain in the shell after command
  execution completed

Status in dash package in Ubuntu:
  Confirmed

Bug description:
  If a shell function is invoked with variable assignments preceding it,
  the assignments remain in the shell after the command execution
  completed. This is unexpected behavior and might be a potential
  security issue, since it allows to modify the user environment in a
  subtle unexpected way. For example, consider the following commands
  that shouldn't change the SHELL value outside function foo, yet it
  does in Ubuntu 14.04

  echo $SHELL # check our default shell, gives /bin/bash

  foo () { printenv | grep SHELL; } # no side effects, can be anything
  SHELL=/bin/sh foo

  echo $SHELL # now gives /bin/sh, but expected to give /bin/bash as
  before

  I checked bash and zsh, none of them have this problem. sh in freebsd
  and debian handle this case correctly. So far, it seems the issue is
  limited to Ubuntu dash.

  lsb_release -rd
  Description:  Ubuntu 14.04.3 LTS
  Release:  14.04

  apt-cache policy dash
  dash:
Installed: 0.5.7-4ubuntu1
Candidate: 0.5.7-4ubuntu1
Version table:
   *** 0.5.7-4ubuntu1 0
  500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
  100 /var/lib/dpkg/status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dash/+bug/1516300/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1516300] Re: dash command variable assignments remain in the shell after command execution completed

2020-08-18 Thread Seth Arnold
** Changed in: dash (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dash in Ubuntu.
https://bugs.launchpad.net/bugs/1516300

Title:
  dash command variable assignments remain in the shell after command
  execution completed

Status in dash package in Ubuntu:
  Confirmed

Bug description:
  If a shell function is invoked with variable assignments preceding it,
  the assignments remain in the shell after the command execution
  completed. This is unexpected behavior and might be a potential
  security issue, since it allows to modify the user environment in a
  subtle unexpected way. For example, consider the following commands
  that shouldn't change the SHELL value outside function foo, yet it
  does in Ubuntu 14.04

  echo $SHELL # check our default shell, gives /bin/bash

  foo () { printenv | grep SHELL; } # no side effects, can be anything
  SHELL=/bin/sh foo

  echo $SHELL # now gives /bin/sh, but expected to give /bin/bash as
  before

  I checked bash and zsh, none of them have this problem. sh in freebsd
  and debian handle this case correctly. So far, it seems the issue is
  limited to Ubuntu dash.

  lsb_release -rd
  Description:  Ubuntu 14.04.3 LTS
  Release:  14.04

  apt-cache policy dash
  dash:
Installed: 0.5.7-4ubuntu1
Candidate: 0.5.7-4ubuntu1
Version table:
   *** 0.5.7-4ubuntu1 0
  500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
  100 /var/lib/dpkg/status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dash/+bug/1516300/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1889322] Re: nvidia gforce

2020-08-14 Thread Seth Arnold
Hello snapd folks, this package logged over a thousand DENIED messages
in about ten minutes. This can't be good for system responsiveness,
battery life, drive health, filesystem free space, etc.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1889322

Title:
  nvidia gforce

Status in snapd package in Ubuntu:
  New
Status in xorg package in Ubuntu:
  New

Bug description:
  fonctionne  a ne pas se connecter pour mise a jour

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: xorg 1:7.7+19ubuntu14
  ProcVersionSignature: Ubuntu 5.4.0-42.46-generic 5.4.44
  Uname: Linux 5.4.0-42-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  .proc.driver.nvidia.gpus..01.00.0: Error: [Errno 21] est un dossier: 
'/proc/driver/nvidia/gpus/:01:00.0'
  .proc.driver.nvidia.registry: Binary: ""
  .proc.driver.nvidia.suspend: suspend hibernate resume
  .proc.driver.nvidia.suspend_depth: default modeset uvm
  .proc.driver.nvidia.version:
   NVRM version: NVIDIA UNIX x86_64 Kernel Module  440.100  Fri May 29 08:45:51 
UTC 2020
   GCC version:
  ApportVersion: 2.20.11-0ubuntu27.4
  Architecture: amd64
  CasperMD5CheckResult: skip
  CompositorRunning: None
  Date: Tue Jul 28 19:52:30 2020
  DistUpgraded: Fresh install
  DistroCodename: focal
  DistroVariant: ubuntu
  GraphicsCard:
   NVIDIA Corporation GK208B [GeForce GT 710] [10de:128b] (rev a1) (prog-if 00 
[VGA controller])
 Subsystem: ZOTAC International (MCO) Ltd. GK208B [GeForce GT 710] 
[19da:7326]
  InstallationDate: Installed on 2020-07-25 (3 days ago)
  InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
  MachineType: ASUS All Series
  ProcEnviron:
   LANGUAGE=fr_CA:fr
   PATH=(custom, no user)
   LANG=fr_CA.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-42-generic 
root=UUID=08d4bac1-d829-450c-ae55-3b06a793cd85 ro quiet splash vt.handoff=7
  SourcePackage: xorg
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 03/23/2018
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: 3602
  dmi.board.asset.tag: To be filled by O.E.M.
  dmi.board.name: B85M-G R2.0
  dmi.board.vendor: ASUSTeK COMPUTER INC.
  dmi.board.version: Rev X.0x
  dmi.chassis.asset.tag: Asset-1234567890
  dmi.chassis.type: 3
  dmi.chassis.vendor: Chassis Manufacture
  dmi.chassis.version: Chassis Version
  dmi.modalias: 
dmi:bvnAmericanMegatrendsInc.:bvr3602:bd03/23/2018:svnASUS:pnAllSeries:pvrSystemVersion:rvnASUSTeKCOMPUTERINC.:rnB85M-GR2.0:rvrRevX.0x:cvnChassisManufacture:ct3:cvrChassisVersion:
  dmi.product.family: ASUS MB
  dmi.product.name: All Series
  dmi.product.sku: All
  dmi.product.version: System Version
  dmi.sys.vendor: ASUS
  version.compiz: compiz N/A
  version.libdrm2: libdrm2 2.4.101-2
  version.libgl1-mesa-dri: libgl1-mesa-dri 20.0.8-0ubuntu1~20.04.1
  version.libgl1-mesa-glx: libgl1-mesa-glx N/A
  version.nvidia-graphics-drivers: nvidia-graphics-drivers-* N/A
  version.xserver-xorg-core: xserver-xorg-core 2:1.20.8-2ubuntu2.2
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
  version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-1
  version.xserver-xorg-video-intel: xserver-xorg-video-intel 
2:2.99.917+git20200226-1
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.16-1
  xserver.bootTime: Tue Jul 28 18:36:06 2020
  xserver.configfile: default
  xserver.devices:
   inputPower Button KEYBOARD, id 6
   inputPower Button KEYBOARD, id 7
   inputUSB Optical MouseMOUSE, id 8
   inputEee PC WMI hotkeys   KEYBOARD, id 9
   inputAT Translated Set 2 keyboard KEYBOARD, id 10
  xserver.errors:
   
  xserver.logfile: /var/log/Xorg.0.log
  xserver.outputs:
   
  xserver.version: 2:1.20.8-2ubuntu2.2

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1889322/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1889322] Re: nvidia gforce

2020-08-14 Thread Seth Arnold
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

** Also affects: snapd (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1889322

Title:
  nvidia gforce

Status in snapd package in Ubuntu:
  New
Status in xorg package in Ubuntu:
  New

Bug description:
  fonctionne  a ne pas se connecter pour mise a jour

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: xorg 1:7.7+19ubuntu14
  ProcVersionSignature: Ubuntu 5.4.0-42.46-generic 5.4.44
  Uname: Linux 5.4.0-42-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  .proc.driver.nvidia.gpus..01.00.0: Error: [Errno 21] est un dossier: 
'/proc/driver/nvidia/gpus/:01:00.0'
  .proc.driver.nvidia.registry: Binary: ""
  .proc.driver.nvidia.suspend: suspend hibernate resume
  .proc.driver.nvidia.suspend_depth: default modeset uvm
  .proc.driver.nvidia.version:
   NVRM version: NVIDIA UNIX x86_64 Kernel Module  440.100  Fri May 29 08:45:51 
UTC 2020
   GCC version:
  ApportVersion: 2.20.11-0ubuntu27.4
  Architecture: amd64
  CasperMD5CheckResult: skip
  CompositorRunning: None
  Date: Tue Jul 28 19:52:30 2020
  DistUpgraded: Fresh install
  DistroCodename: focal
  DistroVariant: ubuntu
  GraphicsCard:
   NVIDIA Corporation GK208B [GeForce GT 710] [10de:128b] (rev a1) (prog-if 00 
[VGA controller])
 Subsystem: ZOTAC International (MCO) Ltd. GK208B [GeForce GT 710] 
[19da:7326]
  InstallationDate: Installed on 2020-07-25 (3 days ago)
  InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
  MachineType: ASUS All Series
  ProcEnviron:
   LANGUAGE=fr_CA:fr
   PATH=(custom, no user)
   LANG=fr_CA.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-42-generic 
root=UUID=08d4bac1-d829-450c-ae55-3b06a793cd85 ro quiet splash vt.handoff=7
  SourcePackage: xorg
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 03/23/2018
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: 3602
  dmi.board.asset.tag: To be filled by O.E.M.
  dmi.board.name: B85M-G R2.0
  dmi.board.vendor: ASUSTeK COMPUTER INC.
  dmi.board.version: Rev X.0x
  dmi.chassis.asset.tag: Asset-1234567890
  dmi.chassis.type: 3
  dmi.chassis.vendor: Chassis Manufacture
  dmi.chassis.version: Chassis Version
  dmi.modalias: 
dmi:bvnAmericanMegatrendsInc.:bvr3602:bd03/23/2018:svnASUS:pnAllSeries:pvrSystemVersion:rvnASUSTeKCOMPUTERINC.:rnB85M-GR2.0:rvrRevX.0x:cvnChassisManufacture:ct3:cvrChassisVersion:
  dmi.product.family: ASUS MB
  dmi.product.name: All Series
  dmi.product.sku: All
  dmi.product.version: System Version
  dmi.sys.vendor: ASUS
  version.compiz: compiz N/A
  version.libdrm2: libdrm2 2.4.101-2
  version.libgl1-mesa-dri: libgl1-mesa-dri 20.0.8-0ubuntu1~20.04.1
  version.libgl1-mesa-glx: libgl1-mesa-glx N/A
  version.nvidia-graphics-drivers: nvidia-graphics-drivers-* N/A
  version.xserver-xorg-core: xserver-xorg-core 2:1.20.8-2ubuntu2.2
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
  version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-1
  version.xserver-xorg-video-intel: xserver-xorg-video-intel 
2:2.99.917+git20200226-1
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.16-1
  xserver.bootTime: Tue Jul 28 18:36:06 2020
  xserver.configfile: default
  xserver.devices:
   inputPower Button KEYBOARD, id 6
   inputPower Button KEYBOARD, id 7
   inputUSB Optical MouseMOUSE, id 8
   inputEee PC WMI hotkeys   KEYBOARD, id 9
   inputAT Translated Set 2 keyboard KEYBOARD, id 10
  xserver.errors:
   
  xserver.logfile: /var/log/Xorg.0.log
  xserver.outputs:
   
  xserver.version: 2:1.20.8-2ubuntu2.2

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1889322/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1889927] Re: [HP EliteBook 840 G3, Conexant CX20724, Speaker, Internal] No sound at all , no sound from internal speaker but using a headset there is

2020-08-14 Thread Seth Arnold
** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to alsa-driver in Ubuntu.
https://bugs.launchpad.net/bugs/1889927

Title:
  [HP EliteBook 840 G3, Conexant CX20724, Speaker, Internal] No sound at
  all , no sound from internal speaker but using a headset there is

Status in alsa-driver package in Ubuntu:
  New

Bug description:
  Fresh installation
  No sound
  There is sound via the headset

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: alsa-base 1.0.25+dfsg-0ubuntu5
  ProcVersionSignature: Ubuntu 5.4.0-42.46~18.04.1-generic 5.4.44
  Uname: Linux 5.4.0-42-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.15
  Architecture: amd64
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC0:  lamis  8934 F pulseaudio
   /dev/snd/pcmC0D0c:   lamis  8934 F...m pulseaudio
   /dev/snd/pcmC0D0p:   lamis  8934 F...m pulseaudio
  CurrentDesktop: ubuntu:GNOME
  Date: Fri Jul 31 21:04:09 2020
  InstallationDate: Installed on 2020-07-26 (5 days ago)
  InstallationMedia: Ubuntu 18.04.3 LTS "Bionic Beaver" - Release amd64 
(20190805)
  PackageArchitecture: all
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=fr_FR.UTF-8
   SHELL=/bin/bash
  SourcePackage: alsa-driver
  Symptom: audio
  Symptom_AlsaPlaybackTest: ALSA playback test through plughw:PCH failed
  Symptom_Card: Audio interne - HDA Intel PCH
  Symptom_DevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC0:  gdm1144 F pulseaudio
lamis  8934 F pulseaudio
   /dev/snd/pcmC0D0c:   lamis  8934 F...m pulseaudio
   /dev/snd/pcmC0D0p:   lamis  8934 F...m pulseaudio
  Symptom_Jack: Speaker, Internal
  Symptom_Type: No sound at all
  Title: [HP EliteBook 840 G3, Conexant CX20724, Speaker, Internal] No sound at 
all
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 07/05/2016
  dmi.bios.vendor: HP
  dmi.bios.version: N75 Ver. 01.09
  dmi.board.name: 8079
  dmi.board.vendor: HP
  dmi.board.version: KBC Version 85.6A
  dmi.chassis.type: 10
  dmi.chassis.vendor: HP
  dmi.modalias: 
dmi:bvnHP:bvrN75Ver.01.09:bd07/05/2016:svnHP:pnHPEliteBook840G3:pvr:rvnHP:rn8079:rvrKBCVersion85.6A:cvnHP:ct10:cvr:
  dmi.product.family: 103C_5336AN G=N L=BUS B=HP S=ELI
  dmi.product.name: HP EliteBook 840 G3
  dmi.product.sku: L3C65AV
  dmi.sys.vendor: HP
  mtime.conffile..etc.modprobe.d.alsa-base.conf: 2020-07-31T20:55:08.699674

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1889927/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1890012] Re: Could not install 'systemd-shim'

2020-08-14 Thread Seth Arnold
Hello Andreas, this bug is filed against xorg, but the text description
looks like systemd-shim was involved.

Should this be an xorg bug or a systemd-shim bug? Or something else?

Thanks

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1890012

Title:
  Could not install 'systemd-shim'

Status in xorg package in Ubuntu:
  New

Bug description:
  The upgrade will continue but the 'systemd-shim' package may not be in
  a working state. Please consider submitting a bug report about it.

  installed systemd-shim package post-removal script subprocess returned
  error exit status 2

  
  Could not install the upgrades

  
  The upgrade has aborted. Your system could be in an unusable state. A 
recovery will run now (dpkg --configure -a).

  
  Upgrade complete

  
  The upgrade has completed but there were errors during the upgrade process.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: xorg 1:7.7+19ubuntu7.1
  ProcVersionSignature: Ubuntu 4.15.0-112.113-generic 4.15.18
  Uname: Linux 4.15.0-112-generic x86_64
  .tmp.unity_support_test.0:
   
  ApportVersion: 2.20.9-0ubuntu7.15
  Architecture: amd64
  CompizPlugins: No value set for 
`/apps/compiz-1/general/screen0/options/active_plugins'
  CompositorRunning: None
  Date: Sun Aug  2 01:05:32 2020
  DistUpgraded: Fresh install
  DistroCodename: bionic
  DistroVariant: ubuntu
  ExtraDebuggingInterest: Yes, including running git bisection searches
  GraphicsCard:
   Advanced Micro Devices, Inc. [AMD/ATI] RS780L [Radeon 3000] [1002:9616] 
(prog-if 00 [VGA controller])
 Subsystem: Gigabyte Technology Co., Ltd RS780L [Radeon 3000] [1458:d000]
  InstallationDate: Installed on 2020-07-17 (15 days ago)
  InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Release amd64 
(20131016.1)
  MachineType: Gigabyte Technology Co., Ltd. GA-78LMT-USB3 R2
  ProcEnviron:
   PATH=(custom, no user)
   LANG=de_DE.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-112-generic 
root=UUID=744ad588-c7b1-4684-b3e5-fc7ffaef78ea ro access=v1 quiet splash
  SourcePackage: xorg
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 11/08/2017
  dmi.bios.vendor: Award Software International, Inc.
  dmi.bios.version: F1
  dmi.board.name: GA-78LMT-USB3 R2
  dmi.board.vendor: Gigabyte Technology Co., Ltd.
  dmi.board.version: sex
  dmi.chassis.type: 3
  dmi.chassis.vendor: Gigabyte Technology Co., Ltd.
  dmi.modalias: 
dmi:bvnAwardSoftwareInternational,Inc.:bvrF1:bd11/08/2017:svnGigabyteTechnologyCo.,Ltd.:pnGA-78LMT-USB3R2:pvr:rvnGigabyteTechnologyCo.,Ltd.:rnGA-78LMT-USB3R2:rvrsex:cvnGigabyteTechnologyCo.,Ltd.:ct3:cvr:
  dmi.product.name: GA-78LMT-USB3 R2
  dmi.sys.vendor: Gigabyte Technology Co., Ltd.
  version.compiz: compiz 1:0.9.13.1+18.04.20180302-0ubuntu1
  version.libdrm2: libdrm2 2.4.101-2~18.04.1
  version.libgl1-mesa-dri: libgl1-mesa-dri 20.0.8-0ubuntu1~18.04.1
  version.libgl1-mesa-glx: libgl1-mesa-glx 20.0.8-0ubuntu1~18.04.1
  version.xserver-xorg-core: xserver-xorg-core 2:1.19.6-1ubuntu4.4
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.10.5-1ubuntu1
  version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:18.0.1-1
  version.xserver-xorg-video-intel: xserver-xorg-video-intel 
2:2.99.917+git20171229-1
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.15-2
  xserver.bootTime: Sat Jul 18 01:11:31 2020
  xserver.configfile: default
  xserver.devices:
   inputPower Button KEYBOARD, id 6
   inputPower Button KEYBOARD, id 7
   input  USB Keyboard   KEYBOARD, id 8
   input  USB Keyboard   KEYBOARD, id 9
   inputCypress Sem PS2/USB Browser Combo Mouse MOUSE, id 10
  xserver.errors:
   
  xserver.logfile: /var/log/Xorg.0.log
  xserver.version: 2:1.18.4-0ubuntu0.8
  xserver.video_driver: radeon

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1890012/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1890930] Re: Xorg freeze

2020-08-14 Thread Seth Arnold
** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1890930

Title:
  Xorg freeze

Status in xorg package in Ubuntu:
  New

Bug description:
  Ubuntu freeze randomly 
  My laptop is AMD ryzen 5 2500U 
  GPU TADEON VEGA GRAPHIC

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: xorg 1:7.7+19ubuntu14
  ProcVersionSignature: Ubuntu 5.4.0-42.46-generic 5.4.44
  Uname: Linux 5.4.0-42-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.6
  Architecture: amd64
  BootLog: Error: [Errno 13] Permission denied: '/var/log/boot.log'
  CasperMD5CheckResult: skip
  CompositorRunning: None
  CurrentDesktop: ubuntu:GNOME
  Date: Sun Aug  9 13:37:02 2020
  DistUpgraded: Fresh install
  DistroCodename: focal
  DistroVariant: ubuntu
  ExtraDebuggingInterest: I just need to know a workaround
  GpuHangFrequency: Several times a day
  GpuHangReproducibility: Seems to happen randomly
  GpuHangStarted: Since before I upgraded
  GraphicsCard:
   Advanced Micro Devices, Inc. [AMD/ATI] Raven Ridge [Radeon Vega Series / 
Radeon Vega Mobile Series] [1002:15dd] (rev c4) (prog-if 00 [VGA controller])
 Subsystem: Hewlett-Packard Company Raven Ridge [Radeon Vega Series / 
Radeon Vega Mobile Series] [103c:84ae]
  InstallationDate: Installed on 2020-04-25 (105 days ago)
  InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
  MachineType: HP HP Laptop 15-db0xxx
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-42-generic 
root=UUID=8fad8780-5a61-47b5-8c26-63fbc3a59d18 ro quiet splash vt.handoff=7
  SourcePackage: xorg
  Symptom: display
  Title: Xorg freeze
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 05/31/2018
  dmi.bios.vendor: Insyde
  dmi.bios.version: F.10
  dmi.board.asset.tag: Type2 - Board Asset Tag
  dmi.board.name: 84AE
  dmi.board.vendor: HP
  dmi.board.version: 86.20
  dmi.chassis.asset.tag: Chassis Asset Tag
  dmi.chassis.type: 10
  dmi.chassis.vendor: HP
  dmi.chassis.version: Chassis Version
  dmi.modalias: 
dmi:bvnInsyde:bvrF.10:bd05/31/2018:svnHP:pnHPLaptop15-db0xxx:pvrType1ProductConfigId:rvnHP:rn84AE:rvr86.20:cvnHP:ct10:cvrChassisVersion:
  dmi.product.family: 103C_5335KV HP Notebook
  dmi.product.name: HP Laptop 15-db0xxx
  dmi.product.sku: 4PC77PA#AKL
  dmi.product.version: Type1ProductConfigId
  dmi.sys.vendor: HP
  version.compiz: compiz N/A
  version.libdrm2: libdrm2 2.4.101-2
  version.libgl1-mesa-dri: libgl1-mesa-dri 20.0.8-0ubuntu1~20.04.1
  version.libgl1-mesa-glx: libgl1-mesa-glx N/A
  version.xserver-xorg-core: xserver-xorg-core 2:1.20.8-2ubuntu2.2
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
  version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-1
  version.xserver-xorg-video-intel: xserver-xorg-video-intel 
2:2.99.917+git20200226-1
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.16-1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1890930/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1888101] Re: 'unsupported protocol' error when using PyMySQL

2020-08-12 Thread Seth Arnold
** Changed in: openssl (Ubuntu)
   Status: Incomplete => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1888101

Title:
  'unsupported protocol' error when using PyMySQL

Status in openssl package in Ubuntu:
  Confirmed

Bug description:
  1)
  Description:  Ubuntu 20.04 LTS
  Release:  20.04

  2)
  openssl:
Installiert:   1.1.1f-1ubuntu2
Installationskandidat: 1.1.1f-1ubuntu2
Versionstabelle:
   *** 1.1.1f-1ubuntu2 500
  500 http://de.archive.ubuntu.com/ubuntu focal/main amd64 Packages
  100 /var/lib/dpkg/status

  3) + 4)
  I am trying to connect to my MariaDB with python package "PyMySQL" and SSL 
enabled. On my old installation (Kubuntu 19.10) this worked. With the new 
installation (also new PC: Xubuntu 20.04) I get this error message:

  ssl.SSLError: [SSL: UNSUPPORTED_PROTOCOL] unsupported protocol
  (_ssl.c:1108)

  Here are my installation details:
  Old installation: python 3.7.5, pymysql 0.9.3, ssl.OPENSSL_VERSION = 1.1.1c 
28 May 2019
  New installation: python 3.8.2, pymysql 0.9.3, ssl.OPENSSL_VERSION = 1.1.1f 
31 Mar 2020

  When I use python with a different SSL version...:
  this works: python 3.7.5, ssl.OPENSSL_VERSION = OpenSSL 1.1.0m-dev xx XXX 
  this works: python 3.7.5, ssl.OPENSSL_VERSION = OpenSSL 1.1.1h-dev xx XXX 
  this works: python 3.8.2, ssl.OPENSSL_VERSION = OpenSSL 1.1.1h-dev xx XXX 

  
  It seems, like the one specific version of openSSL (1.1.1f 31 Mar 2020) does 
not work together with PyMySQL.

  Some more details I have posted here:
  
https://stackoverflow.com/questions/62964998/unsupported-protocol-error-when-using-pymysql

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: openssl 1.1.1f-1ubuntu2
  ProcVersionSignature: Ubuntu 5.4.0-40.44-generic 5.4.44
  Uname: Linux 5.4.0-40-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.4
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: XFCE
  Date: Sat Jul 18 15:42:27 2020
  InstallationDate: Installed on 2020-07-13 (4 days ago)
  InstallationMedia: Xubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
  SourcePackage: openssl
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1888101/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1888101] Re: 'unsupported protocol' error when using PyMySQL

2020-08-11 Thread Seth Arnold
Hello Leon, Tiago, can you describe how to reproduce this problem from a
bare Ubuntu installation?

Thanks

** Changed in: openssl (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1888101

Title:
  'unsupported protocol' error when using PyMySQL

Status in openssl package in Ubuntu:
  Incomplete

Bug description:
  1)
  Description:  Ubuntu 20.04 LTS
  Release:  20.04

  2)
  openssl:
Installiert:   1.1.1f-1ubuntu2
Installationskandidat: 1.1.1f-1ubuntu2
Versionstabelle:
   *** 1.1.1f-1ubuntu2 500
  500 http://de.archive.ubuntu.com/ubuntu focal/main amd64 Packages
  100 /var/lib/dpkg/status

  3) + 4)
  I am trying to connect to my MariaDB with python package "PyMySQL" and SSL 
enabled. On my old installation (Kubuntu 19.10) this worked. With the new 
installation (also new PC: Xubuntu 20.04) I get this error message:

  ssl.SSLError: [SSL: UNSUPPORTED_PROTOCOL] unsupported protocol
  (_ssl.c:1108)

  Here are my installation details:
  Old installation: python 3.7.5, pymysql 0.9.3, ssl.OPENSSL_VERSION = 1.1.1c 
28 May 2019
  New installation: python 3.8.2, pymysql 0.9.3, ssl.OPENSSL_VERSION = 1.1.1f 
31 Mar 2020

  When I use python with a different SSL version...:
  this works: python 3.7.5, ssl.OPENSSL_VERSION = OpenSSL 1.1.0m-dev xx XXX 
  this works: python 3.7.5, ssl.OPENSSL_VERSION = OpenSSL 1.1.1h-dev xx XXX 
  this works: python 3.8.2, ssl.OPENSSL_VERSION = OpenSSL 1.1.1h-dev xx XXX 

  
  It seems, like the one specific version of openSSL (1.1.1f 31 Mar 2020) does 
not work together with PyMySQL.

  Some more details I have posted here:
  
https://stackoverflow.com/questions/62964998/unsupported-protocol-error-when-using-pymysql

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: openssl 1.1.1f-1ubuntu2
  ProcVersionSignature: Ubuntu 5.4.0-40.44-generic 5.4.44
  Uname: Linux 5.4.0-40-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.4
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: XFCE
  Date: Sat Jul 18 15:42:27 2020
  InstallationDate: Installed on 2020-07-13 (4 days ago)
  InstallationMedia: Xubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
  SourcePackage: openssl
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1888101/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1891012] Re: A

2020-08-10 Thread Seth Arnold
** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1891012

Title:
  A

Status in xorg package in Ubuntu:
  New

Bug description:
  I do not known

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: xorg 1:7.7+13ubuntu3.1
  ProcVersionSignature: Ubuntu 4.15.0-112.113~16.04.1-generic 4.15.18
  Uname: Linux 4.15.0-112-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.20.1-0ubuntu2.24
  Architecture: amd64
  CompizPlugins: No value set for 
`/apps/compiz-1/general/screen0/options/active_plugins'
  CompositorRunning: None
  Date: Mon Aug 10 13:03:04 2020
  DistUpgraded: Fresh install
  DistroCodename: xenial
  DistroVariant: ubuntu
  DkmsStatus:
   bcmwl, 6.30.223.271+bdcom, 4.15.0-107-generic, x86_64: installed
   bcmwl, 6.30.223.271+bdcom, 4.15.0-112-generic, x86_64: installed
  GraphicsCard:
   Advanced Micro Devices, Inc. [AMD/ATI] Mullins [Radeon R2 Graphics] 
[1002:9853] (prog-if 00 [VGA controller])
 Subsystem: Toshiba America Info Systems Mullins [Radeon R2 Graphics] 
[1179:f925]
  InstallationDate: Installed on 2018-11-18 (630 days ago)
  InstallationMedia: Ubuntu-GNOME 16.04.5 LTS "Xenial Xerus" - Release amd64 
(20180731)
  MachineType: TOSHIBA SATELLITE L50D-B
  ProcEnviron:
   PATH=(custom, no user)
   LANG=lt_LT.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-112-generic 
root=UUID=63e18c0c-ead4-41cd-b119-4c22ad077711 ro quiet splash
  SourcePackage: xorg
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 12/11/2014
  dmi.bios.vendor: Insyde Corp.
  dmi.bios.version: 1.60
  dmi.board.asset.tag: Base Board Asset Tag
  dmi.board.name: Larne
  dmi.board.vendor: AMD
  dmi.board.version: Base Board Version
  dmi.chassis.asset.tag: No Asset Tag
  dmi.chassis.type: 10
  dmi.chassis.vendor: OEM Chassis Manufacturer
  dmi.chassis.version: OEM Chassis Version
  dmi.modalias: 
dmi:bvnInsydeCorp.:bvr1.60:bd12/11/2014:svnTOSHIBA:pnSATELLITEL50D-B:pvrPSKULE-04F002EN:rvnAMD:rnLarne:rvrBaseBoardVersion:cvnOEMChassisManufacturer:ct10:cvrOEMChassisVersion:
  dmi.product.family: Mullins
  dmi.product.name: SATELLITE L50D-B
  dmi.product.version: PSKULE-04F002EN
  dmi.sys.vendor: TOSHIBA
  version.compiz: compiz N/A
  version.ia32-libs: ia32-libs N/A
  version.libdrm2: libdrm2 2.4.91-2~16.04.1
  version.libgl1-mesa-dri: libgl1-mesa-dri 18.0.5-0ubuntu0~16.04.1
  version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A
  version.libgl1-mesa-glx: libgl1-mesa-glx 18.0.5-0ubuntu0~16.04.1
  version.xserver-xorg-core: xserver-xorg-core N/A
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
  version.xserver-xorg-video-ati: xserver-xorg-video-ati N/A
  version.xserver-xorg-video-intel: xserver-xorg-video-intel N/A
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau N/A

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1891012/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1890642] Re: package network-manager 1.22.10-1ubuntu2.1 failed to install/upgrade: não pode copiar dados extráidos para './usr/lib/x86_64-linux-gnu/NetworkManager/1.22.10/libnm-d

2020-08-10 Thread Seth Arnold
Thank you for taking the time to report this bug and helping to make
Ubuntu better.  Reviewing your dmesg attachment to this bug report it
seems that there may be a problem with your hardware.  I'd recommend
performing a back up and then investigating the situation.  Measures you
might take include checking cable connections and using software tools
to investigate the health of your hardware.  In the event that is is not
in fact an error with your hardware please set the bug's status back to
New.  Thanks and good luck!

** Changed in: network-manager (Ubuntu)
   Status: New => Invalid

** Changed in: network-manager (Ubuntu)
   Importance: Undecided => Low

** Tags added: hardware-error

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1890642

Title:
  package network-manager 1.22.10-1ubuntu2.1 failed to install/upgrade:
  não pode copiar dados extráidos para './usr/lib/x86_64-linux-
  gnu/NetworkManager/1.22.10/libnm-device-plugin-team.so' para
  '/usr/lib/x86_64-linux-gnu/NetworkManager/1.22.10/libnm-device-plugin-
  team.so.dpkg-new': fim de ficheiro ou stream inesperado

Status in network-manager package in Ubuntu:
  Invalid

Bug description:
  na instalação do suporte para 32 bits o erro apareceu sobre pacotes de
  dados quebrados.

  ProblemType: Package
  DistroRelease: Ubuntu 20.04
  Package: network-manager 1.22.10-1ubuntu2.1
  ProcVersionSignature: Ubuntu 5.4.0-42.46-generic 5.4.44
  Uname: Linux 5.4.0-42-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.6
  AptOrdering:
   network-manager:amd64: Install
   gnome-settings-daemon:amd64: Install
   NULL: ConfigurePending
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Thu Aug  6 14:07:28 2020
  ErrorMessage: não pode copiar dados extráidos para 
'./usr/lib/x86_64-linux-gnu/NetworkManager/1.22.10/libnm-device-plugin-team.so' 
para 
'/usr/lib/x86_64-linux-gnu/NetworkManager/1.22.10/libnm-device-plugin-team.so.dpkg-new':
 fim de ficheiro ou stream inesperado
  InstallationDate: Installed on 2020-08-05 (0 days ago)
  InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
  IpRoute:
   default via 192.168.0.1 dev wlp3s0 proto dhcp metric 600 
   169.254.0.0/16 dev wlp3s0 scope link metric 1000 
   192.168.0.0/24 dev wlp3s0 proto kernel scope link src 192.168.0.107 metric 
600
  NetworkManager.state:
   [main]
   NetworkingEnabled=true
   WirelessEnabled=true
   WWANEnabled=true
  Python3Details: /usr/bin/python3.8, Python 3.8.2, python3-minimal, 
3.8.2-0ubuntu2
  PythonDetails: N/A
  RelatedPackageVersions:
   dpkg 1.19.7ubuntu3
   apt  2.0.2ubuntu0.1
  SourcePackage: network-manager
  Title: package network-manager 1.22.10-1ubuntu2.1 failed to install/upgrade: 
não pode copiar dados extráidos para 
'./usr/lib/x86_64-linux-gnu/NetworkManager/1.22.10/libnm-device-plugin-team.so' 
para 
'/usr/lib/x86_64-linux-gnu/NetworkManager/1.22.10/libnm-device-plugin-team.so.dpkg-new':
 fim de ficheiro ou stream inesperado
  UpgradeStatus: No upgrade log present (probably fresh install)
  nmcli-nm:
   RUNNING  VERSION  STATE  STARTUP  CONNECTIVITY  NETWORKING  WIFI-HW  
WIFI WWAN-HW  WWAN
   running  1.22.10  connected  started  full  enabled enabled  
enabled  enabled  enabled

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1890642/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1890618] Re: Pantalla difusa o erronea

2020-08-10 Thread Seth Arnold
** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1890618

Title:
  Pantalla difusa o erronea

Status in xorg package in Ubuntu:
  New

Bug description:
  Es para una pc de uso en el hogar como respaldo a mis hijas que se encuentran 
estudiando.
  Se a intentando cambiando las resoluciones y continua igual.
  Pero si ingresamos con Gnome por la segunda opcion y al interior de esta 
ingresamos por la segunda opcion el trabaja muy bien no se distorsiona y mucho 
menos se bloquea o como podre hacer para que esta configuracion sea siempre la 
predeterminada.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: xorg 1:7.7+19ubuntu14
  ProcVersionSignature: Ubuntu 5.4.0-42.46-generic 5.4.44
  Uname: Linux 5.4.0-42-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.6
  Architecture: amd64
  BootLog: Error: [Errno 13] Permiso denegado: '/var/log/boot.log'
  CasperMD5CheckResult: skip
  CompositorRunning: None
  CurrentDesktop: ubuntu:GNOME
  Date: Thu Aug  6 09:32:29 2020
  DistUpgraded: Fresh install
  DistroCodename: focal
  DistroVariant: ubuntu
  GraphicsCard:
   NVIDIA Corporation C61 [GeForce 6100 nForce 405] [10de:03d1] (rev a2) 
(prog-if 00 [VGA controller])
 Subsystem: Micro-Star International Co., Ltd. [MSI] C61 [GeForce 6100 
nForce 405] [1462:7309]
  InstallationDate: Installed on 2020-04-22 (105 days ago)
  InstallationMedia: Ubuntu 18.04.4 LTS "Bionic Beaver" - Release amd64 
(20200203.1)
  Lsusb:
   Bus 001 Device 004: ID 04a9:1746 Canon, Inc. PIXMA MP280
   Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
   Bus 002 Device 003: ID 062a:4c01 MosArt Semiconductor Corp. 2.4G INPUT DEVICE
   Bus 002 Device 002: ID 05ab:1001 In-System Design BAYI Printer Class Support
   Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
  MachineType: MSI MS-7309
  ProcEnviron:
   LANGUAGE=es_CO:es
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=es_CO.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-42-generic 
root=UUID=08709502-5c82-4ec8-82cd-d1d16c89ffc6 ro recovery nomodeset
  SourcePackage: xorg
  Symptom: display
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/31/2007
  dmi.bios.vendor: MS-7309
  dmi.bios.version: V1.9
  dmi.board.asset.tag: To Be Filled By O.E.M.
  dmi.board.name: MS-7309
  dmi.board.vendor: MSI
  dmi.board.version: 1.0
  dmi.chassis.asset.tag: To Be Filled By O.E.M.
  dmi.chassis.type: 3
  dmi.chassis.vendor: To Be Filled By O.E.M.
  dmi.chassis.version: To Be Filled By O.E.M.
  dmi.modalias: 
dmi:bvnMS-7309:bvrV1.9:bd08/31/2007:svnMSI:pnMS-7309:pvr1.0:rvnMSI:rnMS-7309:rvr1.0:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.:
  dmi.product.family: To Be Filled By O.E.M.
  dmi.product.name: MS-7309
  dmi.product.sku: To Be Filled By O.E.M.
  dmi.product.version: 1.0
  dmi.sys.vendor: MSI
  version.compiz: compiz N/A
  version.libdrm2: libdrm2 2.4.101-2
  version.libgl1-mesa-dri: libgl1-mesa-dri 20.0.8-0ubuntu1~20.04.1
  version.libgl1-mesa-glx: libgl1-mesa-glx 20.0.8-0ubuntu1~20.04.1
  version.xserver-xorg-core: xserver-xorg-core 2:1.20.8-2ubuntu2.2
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
  version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-1
  version.xserver-xorg-video-intel: xserver-xorg-video-intel 
2:2.99.917+git20200226-1
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.16-1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1890618/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1890358] Re: package gir1.2-rsvg-2.0:amd64 2.48.7-1ubuntu0.20.04.1 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempt

2020-08-10 Thread Seth Arnold
** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to librsvg in Ubuntu.
https://bugs.launchpad.net/bugs/1890358

Title:
  package gir1.2-rsvg-2.0:amd64 2.48.7-1ubuntu0.20.04.1 failed to
  install/upgrade: package is in a very bad inconsistent state; you
  should  reinstall it before attempting configuration

Status in librsvg package in Ubuntu:
  New

Bug description:
  i dont know much about it

  ProblemType: Package
  DistroRelease: Ubuntu 20.04
  Package: gir1.2-rsvg-2.0:amd64 2.48.7-1ubuntu0.20.04.1
  ProcVersionSignature: Ubuntu 5.4.0-42.46-generic 5.4.44
  Uname: Linux 5.4.0-42-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.4
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Tue Aug  4 21:27:36 2020
  DuplicateSignature:
   package:gir1.2-rsvg-2.0:amd64:2.48.7-1ubuntu0.20.04.1
   Setting up libopenal-data (1:1.19.1-1) ...
   dpkg: error processing package gir1.2-rsvg-2.0:amd64 (--configure):
package is in a very bad inconsistent state; you should
  ErrorMessage: package is in a very bad inconsistent state; you should  
reinstall it before attempting configuration
  InstallationDate: Installed on 2020-07-27 (8 days ago)
  InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
  Python3Details: /usr/bin/python3.8, Python 3.8.2, python3-minimal, 
3.8.2-0ubuntu2
  PythonDetails: N/A
  RelatedPackageVersions:
   dpkg 1.19.7ubuntu3
   apt  2.0.2ubuntu0.1
  SourcePackage: librsvg
  Title: package gir1.2-rsvg-2.0:amd64 2.48.7-1ubuntu0.20.04.1 failed to 
install/upgrade: package is in a very bad inconsistent state; you should  
reinstall it before attempting configuration
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/librsvg/+bug/1890358/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1890286] Re: ansi escape sequence injection in add-apt-repository

2020-08-04 Thread Seth Arnold
Thanks Jason, please use CVE-2020-15709 for this issue.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-15709

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to software-properties in
Ubuntu.
https://bugs.launchpad.net/bugs/1890286

Title:
  ansi escape sequence injection in add-apt-repository

Status in software-properties package in Ubuntu:
  New

Bug description:
  This was reported to oss-security and to secur...@ubuntu.com, but I
  figure I should make a real bug report, as otherwise it'll probably be
  missed. Original post from https://www.openwall.com/lists/oss-
  security/2020/08/03/1 follows below.

  --

  Hi,

  I've found a rather low grade concern: I'm able to inject ANSI escape
  sequences into PPA descriptions on Launchpad, and then have them
  rendered by add-apt-repository *before* the user consents to actually
  adding that repository. There might be some sort of trust barrier
  issue with that. This could be used to clear the screen and imitate a
  fresh bash prompt, upload files, dump the current screen to a file, or
  other classic shenanigans, well chronicled in the archives of oss-sec.

  PoC time -- I'm using this "feature" for good at the moment to
  announce the deprecation in bold text of a PPA that I maintain:
  https://data.zx2c4.com/add-apt-repository-ansi-injection.png

  The proper fix to this is likely to do sanitization on the
  add-apt-repository side.

  Regards,
  Jason

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1890286/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1888442] Re: upgrade did not go well

2020-07-22 Thread Seth Arnold
These cryptsetup warnings and errors are indeed due to my zfs use, I see
them several times a month for the life of the machine, roughly the last
ten months. Don't let the 'error' there scare you, as it did me. I don't
understand them, but they also don't appear to have any consequences.

The problem is visible well before the cryptsetup is run:

Fetched 110 MB in 15s (7,164 kB/s)
Extracting templates from packages: 100%
Preconfiguring packages ...
(Reading database ... 214052 files and directories currently installed.)
Preparing to unpack .../base-files_11ubuntu5.1_amd64.deb ...
Warning: Stopping motd-news.service, but it can still be activated by:
  motd-news.timer
Unpacking base-files (11ubuntu5.1) over (11ubuntu5) ...
Failed to reload daemon: Connection timed out
Failed to reload daemon: Connection timed out
Setting up base-files (11ubuntu5.1) ...

It's entirely possible systemctl daemon-reload commands were failing
because I undocked my laptop. (The dmesg buffer did have some ugly stuff
in it.) But I've heard more than one person complain about apt upgrades
including systemd packages leading to system instability, and that feels
more like what I saw.

Thanks

** Package changed: zfs-linux (Ubuntu) => systemd (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1888442

Title:
  upgrade did not go well

Status in systemd package in Ubuntu:
  New

Bug description:
  Hello, I had some problems during my most recent apt upgrade. A
  confounding factor to these problems was removing my laptop from its
  docking station a few minutes earlier.

  $ sudo apt upgrade
  Reading package lists... Done
  Building dependency tree   
  Reading state information... Done
  Calculating upgrade... Done
  The following NEW packages will be installed:
linux-headers-5.4.0-42 linux-headers-5.4.0-42-generic 
linux-image-5.4.0-42-generic
linux-modules-5.4.0-42-generic linux-modules-extra-5.4.0-42-generic 
python3-click python3-colorama
  The following packages will be upgraded:
base-files libnss-mymachines libnss-systemd libpam-systemd 
libpulse-mainloop-glib0 libpulse0 libpulsedsp
libseccomp2 libsystemd0 libudev1 libvirt-clients libvirt-daemon 
libvirt-daemon-driver-qemu
libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-zfs 
libvirt-daemon-system
libvirt-daemon-system-systemd libvirt0 linux-firmware linux-generic 
linux-headers-generic linux-image-generic
pulseaudio pulseaudio-utils python3-distupgrade sudo systemd 
systemd-container systemd-journal-remote
systemd-sysv systemd-timesyncd ubuntu-drivers-common 
ubuntu-release-upgrader-core udev
  34 upgraded, 7 newly installed, 0 to remove and 0 not upgraded.
  Need to get 110 MB/184 MB of archives.
  After this operation, 360 MB of additional disk space will be used.
  Do you want to continue? [Y/n] 
  Get:1 http://wopr.domain/ubuntu focal-proposed/main amd64 base-files amd64 
11ubuntu5.1 [60.1 kB]
  Get:2 http://wopr.domain/ubuntu focal-proposed/main amd64 libnss-systemd 
amd64 245.4-4ubuntu3.2 [95.6 kB]
  Get:3 http://wopr.domain/ubuntu focal-proposed/universe amd64 
systemd-journal-remote amd64 245.4-4ubuntu3.2 [61.9 kB]
  Get:4 http://wopr.domain/ubuntu focal-proposed/main amd64 udev amd64 
245.4-4ubuntu3.2 [1,363 kB]
  Get:5 http://wopr.domain/ubuntu focal-proposed/main amd64 libudev1 amd64 
245.4-4ubuntu3.2 [78.9 kB]
  Get:6 http://wopr.domain/ubuntu focal-proposed/main amd64 
libvirt-daemon-system amd64 6.0.0-0ubuntu8.2 [67.5 kB]
  Get:7 http://wopr.domain/ubuntu focal-proposed/main amd64 libvirt-clients 
amd64 6.0.0-0ubuntu8.2 [343 kB]
  Get:8 http://wopr.domain/ubuntu focal-proposed/main amd64 
libvirt-daemon-driver-qemu amd64 6.0.0-0ubuntu8.2 [605 kB]
  Get:9 http://wopr.domain/ubuntu focal-proposed/universe amd64 
libvirt-daemon-driver-storage-zfs amd64 6.0.0-0ubuntu8.2 [21.4 kB]
  Get:10 http://wopr.domain/ubuntu focal-proposed/main amd64 
libvirt-daemon-driver-storage-rbd amd64 6.0.0-0ubuntu8.2 [28.3 kB]
  Get:11 http://wopr.domain/ubuntu focal-proposed/main amd64 libvirt0 amd64 
6.0.0-0ubuntu8.2 [1,444 kB]
  Get:12 http://wopr.domain/ubuntu focal-proposed/main amd64 libvirt-daemon 
amd64 6.0.0-0ubuntu8.2 [404 kB]
  Get:13 http://wopr.domain/ubuntu focal-proposed/main amd64 libnss-mymachines 
amd64 245.4-4ubuntu3.2 [131 kB]
  Get:14 http://wopr.domain/ubuntu focal-proposed/main amd64 libseccomp2 amd64 
2.4.3-1ubuntu3.20.04.3 [42.4 kB]
  Get:15 http://wopr.domain/ubuntu focal-proposed/main amd64 systemd-container 
amd64 245.4-4ubuntu3.2 [317 kB]
  Get:16 http://wopr.domain/ubuntu focal-proposed/main amd64 
libvirt-daemon-system-systemd amd64 6.0.0-0ubuntu8.2 [12.3 kB]
  Get:17 http://wopr.domain/ubuntu focal-proposed/main amd64 systemd-sysv amd64 
245.4-4ubuntu3.2 [10.3 kB]
  Get:18 http://wopr.domain/ubuntu focal-proposed/main amd64 systemd-timesyncd 
amd64 245.4-4ubuntu3.2 [28.0 kB]
  

[Touch-packages] [Bug 1888442] [NEW] upgrade did not go well

2020-07-21 Thread Seth Arnold
Public bug reported:

Hello, I had some problems during my most recent apt upgrade. A
confounding factor to these problems was removing my laptop from its
docking station a few minutes earlier.

$ sudo apt upgrade
Reading package lists... Done
Building dependency tree   
Reading state information... Done
Calculating upgrade... Done
The following NEW packages will be installed:
  linux-headers-5.4.0-42 linux-headers-5.4.0-42-generic 
linux-image-5.4.0-42-generic
  linux-modules-5.4.0-42-generic linux-modules-extra-5.4.0-42-generic 
python3-click python3-colorama
The following packages will be upgraded:
  base-files libnss-mymachines libnss-systemd libpam-systemd 
libpulse-mainloop-glib0 libpulse0 libpulsedsp
  libseccomp2 libsystemd0 libudev1 libvirt-clients libvirt-daemon 
libvirt-daemon-driver-qemu
  libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-zfs 
libvirt-daemon-system
  libvirt-daemon-system-systemd libvirt0 linux-firmware linux-generic 
linux-headers-generic linux-image-generic
  pulseaudio pulseaudio-utils python3-distupgrade sudo systemd 
systemd-container systemd-journal-remote
  systemd-sysv systemd-timesyncd ubuntu-drivers-common 
ubuntu-release-upgrader-core udev
34 upgraded, 7 newly installed, 0 to remove and 0 not upgraded.
Need to get 110 MB/184 MB of archives.
After this operation, 360 MB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://wopr.domain/ubuntu focal-proposed/main amd64 base-files amd64 
11ubuntu5.1 [60.1 kB]
Get:2 http://wopr.domain/ubuntu focal-proposed/main amd64 libnss-systemd amd64 
245.4-4ubuntu3.2 [95.6 kB]
Get:3 http://wopr.domain/ubuntu focal-proposed/universe amd64 
systemd-journal-remote amd64 245.4-4ubuntu3.2 [61.9 kB]
Get:4 http://wopr.domain/ubuntu focal-proposed/main amd64 udev amd64 
245.4-4ubuntu3.2 [1,363 kB]
Get:5 http://wopr.domain/ubuntu focal-proposed/main amd64 libudev1 amd64 
245.4-4ubuntu3.2 [78.9 kB]
Get:6 http://wopr.domain/ubuntu focal-proposed/main amd64 libvirt-daemon-system 
amd64 6.0.0-0ubuntu8.2 [67.5 kB]
Get:7 http://wopr.domain/ubuntu focal-proposed/main amd64 libvirt-clients amd64 
6.0.0-0ubuntu8.2 [343 kB]
Get:8 http://wopr.domain/ubuntu focal-proposed/main amd64 
libvirt-daemon-driver-qemu amd64 6.0.0-0ubuntu8.2 [605 kB]
Get:9 http://wopr.domain/ubuntu focal-proposed/universe amd64 
libvirt-daemon-driver-storage-zfs amd64 6.0.0-0ubuntu8.2 [21.4 kB]
Get:10 http://wopr.domain/ubuntu focal-proposed/main amd64 
libvirt-daemon-driver-storage-rbd amd64 6.0.0-0ubuntu8.2 [28.3 kB]
Get:11 http://wopr.domain/ubuntu focal-proposed/main amd64 libvirt0 amd64 
6.0.0-0ubuntu8.2 [1,444 kB]
Get:12 http://wopr.domain/ubuntu focal-proposed/main amd64 libvirt-daemon amd64 
6.0.0-0ubuntu8.2 [404 kB]
Get:13 http://wopr.domain/ubuntu focal-proposed/main amd64 libnss-mymachines 
amd64 245.4-4ubuntu3.2 [131 kB]
Get:14 http://wopr.domain/ubuntu focal-proposed/main amd64 libseccomp2 amd64 
2.4.3-1ubuntu3.20.04.3 [42.4 kB]
Get:15 http://wopr.domain/ubuntu focal-proposed/main amd64 systemd-container 
amd64 245.4-4ubuntu3.2 [317 kB]
Get:16 http://wopr.domain/ubuntu focal-proposed/main amd64 
libvirt-daemon-system-systemd amd64 6.0.0-0ubuntu8.2 [12.3 kB]
Get:17 http://wopr.domain/ubuntu focal-proposed/main amd64 systemd-sysv amd64 
245.4-4ubuntu3.2 [10.3 kB]
Get:18 http://wopr.domain/ubuntu focal-proposed/main amd64 systemd-timesyncd 
amd64 245.4-4ubuntu3.2 [28.0 kB]
Get:19 http://wopr.domain/ubuntu focal-proposed/main amd64 libpam-systemd amd64 
245.4-4ubuntu3.2 [186 kB]
Get:20 http://wopr.domain/ubuntu focal-proposed/main amd64 systemd amd64 
245.4-4ubuntu3.2 [3,796 kB]
Get:21 http://wopr.domain/ubuntu focal-proposed/main amd64 libsystemd0 amd64 
245.4-4ubuntu3.2 [271 kB]
Get:22 http://wopr.domain/ubuntu focal-proposed/main amd64 
libpulse-mainloop-glib0 amd64 1:13.99.1-1ubuntu3.5 [11.7 kB]
Get:23 http://wopr.domain/ubuntu focal-proposed/main amd64 libpulsedsp amd64 
1:13.99.1-1ubuntu3.5 [21.7 kB]
Get:24 http://wopr.domain/ubuntu focal-proposed/main amd64 pulseaudio-utils 
amd64 1:13.99.1-1ubuntu3.5 [55.0 kB]
Get:25 http://wopr.domain/ubuntu focal-proposed/main amd64 pulseaudio amd64 
1:13.99.1-1ubuntu3.5 [815 kB]
Get:26 http://wopr.domain/ubuntu focal-proposed/main amd64 libpulse0 amd64 
1:13.99.1-1ubuntu3.5 [263 kB]
Get:27 http://wopr.domain/ubuntu focal/main amd64 python3-colorama all 
0.4.3-1build1 [23.9 kB]
Get:28 http://wopr.domain/ubuntu focal/main amd64 python3-click all 7.0-3 [64.8 
kB]
Get:29 http://wopr.domain/ubuntu focal-proposed/main amd64 
ubuntu-drivers-common amd64 1:0.8.4~0.20.04.1 [45.2 kB]
Get:30 http://wopr.domain/ubuntu focal-proposed/main amd64 sudo amd64 
1.8.31-1ubuntu1.1 [513 kB]
Get:31 http://wopr.domain/ubuntu focal-proposed/main amd64 
ubuntu-release-upgrader-core all 1:20.04.23 [23.6 kB]
Get:32 http://wopr.domain/ubuntu focal-proposed/main amd64 python3-distupgrade 
all 1:20.04.23 [103 kB]
Get:33 http://wopr.domain/ubuntu focal-proposed/main amd64 linux-firmware all 
1.187.2 [98.8 MB]

[Touch-packages] [Bug 1887542] Re: apparmor 2.13.3-7ubuntu6 ADT test failure with linux-5.8 5.8.0-6.7

2020-07-15 Thread Seth Arnold
This was also reported in another autopkgtest run
https://bugs.launchpad.net/bugs/1887577

I took a look at the debdiff for the version mentioned in that bug and
couldn't for the life of me figure out how that could have been related.
I'm completely in the dark on this one :(

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1887542

Title:
  apparmor 2.13.3-7ubuntu6 ADT test failure with linux-5.8 5.8.0-6.7

Status in apparmor package in Ubuntu:
  New

Bug description:
  Testing failed on:
  amd64: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-groovy-canonical-kernel-team-bootstrap/groovy/amd64/a/apparmor/20200714_133743_4383d@/log.gz
  arm64: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-groovy-canonical-kernel-team-bootstrap/groovy/arm64/a/apparmor/20200714_14_bc148@/log.gz
  armhf: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-groovy-canonical-kernel-team-bootstrap/groovy/armhf/a/apparmor/20200714_141429_e2c2b@/log.gz
  ppc64el: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-groovy-canonical-kernel-team-bootstrap/groovy/ppc64el/a/apparmor/20200714_121607_23fa9@/log.gz
  s390x: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-groovy-canonical-kernel-team-bootstrap/groovy/s390x/a/apparmor/20200714_120404_d5ecf@/log.gz

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1887542/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1877023] Re: Unhandled exception in check_ignored()

2020-07-13 Thread Seth Arnold
Hello, please use CVE-2020-15701 for this issue. Thanks

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-15701

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1877023

Title:
  Unhandled exception in check_ignored()

Status in Apport:
  New
Status in apport package in Ubuntu:
  Confirmed

Bug description:
  Hi,

  I have found a security issue on apport 2.20.11 and earlier.

  ## Vulnerability 
  apport 2.20.11 and earlier have an unhandled exception vulnerability during 
parsing apport-ignore.xml.
  An attacker can cause a denial of service (i.e., application crash) via a 
crafted apport-ignore.xml file.

  ## Description
  Reports can be suppressed by blacklisting in apport-ignore.xml.

  This is an example of apport-ignore.xml

  
  
    
    
    
  

  Unfortunately, it may cause an unhandled exception when 'mtime'
  attribute is specified as a string value, not a number like this.

  
  
    
  

  It may disrupt apport service and allow an attacker to potentially
  enable a denial of service via local access.

  The flaw lies in improper exception handling of 'mtime' attribute in
  apport-ignore.xml (see
  
https://git.launchpad.net/ubuntu/+source/apport/tree/apport/report.py?h=applied/ubuntu/devel#n1104).

  ## Log
  Here is /var/log/apport.log when the above exception occurs.

  ERROR: apport (pid 25904) Tue May  5 18:38:21 2020: Unhandled exception:
  Traceback (most recent call last):
    File "/usr/share/apport/apport", line 629, in 
  if info.check_ignored():
    File "/usr/lib/python3/dist-packages/apport/report.py", line 1082, in 
check_ignored
  if float(ignore.getAttribute('mtime')) >= cur_mtime:
  ValueError: could not convert string to float: 'string'

  Sincerely,

To manage notifications about this bug go to:
https://bugs.launchpad.net/apport/+bug/1877023/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1887016] Re: Openssh default config has two PasswordAuthentication params

2020-07-09 Thread Seth Arnold
Hello Rulon, can you please double-check where your openssh-server
package came from? I don't have this "PasswordAuthentication yes" in any
of my 20.04 systems, and a very quick look at the current package
doesn't show this:

$ apt-get download openssh-server
Get:1 http://wopr.domain/ubuntu focal-updates/main amd64 openssh-server amd64 
1:8.2p1-4ubuntu0.1 [377 kB]
Fetched 377 kB in 0s (1,097 kB/s)  
$ mkdir openssh-server
$ cd openssh-server
$ ar x ../openssh-server_1%3a8.2p1-4ubuntu0.1_amd64.deb 
$ tar xf control.tar.xz 
$ tar xf data.tar.xz 
$ grep -r "PasswordAuthentication yes"
usr/share/openssh/sshd_config:#PasswordAuthentication yes

Of the versions of openssh that are on my local archive mirror, none of
the sshd_config files had this line uncommented:

$ rg "PasswordAuthentication yes" -g '**/sshd_config'
openssh_5.9p1-5ubuntu1.10/sshd_config
64:#PasswordAuthentication yes

openssh_7.2p2-4ubuntu2.9/sshd_config
72:#PasswordAuthentication yes

openssh_7.2p2-4ubuntu2.10/sshd_config
72:#PasswordAuthentication yes

openssh_6.6p1-2ubuntu1/sshd_config
73:#PasswordAuthentication yes

openssh_5.9p1-5ubuntu1/sshd_config
64:#PasswordAuthentication yes

openssh_8.0p1-4/sshd_config
56:#PasswordAuthentication yes

openssh_8.0p1-6ubuntu0.1/sshd_config
56:#PasswordAuthentication yes

openssh_6.6p1-2ubuntu2.13/sshd_config
73:#PasswordAuthentication yes

openssh_7.7p1-4ubuntu0.3/sshd_config
56:#PasswordAuthentication yes

openssh_7.7p1-4/sshd_config
56:#PasswordAuthentication yes

openssh_8.2p1-4ubuntu0.1/sshd_config
58:#PasswordAuthentication yes

openssh_7.6p1-4ubuntu0.3/sshd_config
56:#PasswordAuthentication yes

openssh_7.6p1-4/sshd_config
56:#PasswordAuthentication yes

openssh_7.2p2-4ubuntu2.8/sshd_config
72:#PasswordAuthentication yes

openssh_8.3p1-1/sshd_config
58:#PasswordAuthentication yes

openssh_8.1p1-5/sshd_config
56:#PasswordAuthentication yes

openssh_7.6p1-4ubuntu0.4/sshd_config
56:#PasswordAuthentication yes

openssh_7.9p1-10/sshd_config
56:#PasswordAuthentication yes

openssh_7.2p2-4/sshd_config
72:#PasswordAuthentication yes

openssh_8.0p1-4build1/sshd_config
56:#PasswordAuthentication yes

openssh_8.0p1-6build1/sshd_config
56:#PasswordAuthentication yes

openssh_8.2p1-4ubuntu1/sshd_config
58:#PasswordAuthentication yes

openssh_8.1p1-1/sshd_config
56:#PasswordAuthentication yes

openssh_8.2p1-4/sshd_config
58:#PasswordAuthentication yes


How was this system installed? Was it customized by an ISP or cloud provider? 
Were any programs installed outside of the Ubuntu Archive that might have such 
a configuration change as part of an install script?

Thanks

** Changed in: openssh (Ubuntu)
   Status: New => Incomplete

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1887016

Title:
  Openssh default config has two PasswordAuthentication params

Status in openssh package in Ubuntu:
  Incomplete

Bug description:
  In Ubuntu server 20.04 the /etc/ssh/sshd_config file has an additional
  `PasswordAuthentication yes` string in the end.

  It can lead to security problems, because there's already one string
  `# PasswordAuthentication yes` in the beginning of the file. It is
  supposed to be uncommented if it's needed to change the default value.

  But if the user uncomments this string and set in to "no", it will be
  overriden by the last line of config.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1887016/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1881982] Re: DoS vulnerability: cause resource exhaustion

2020-07-09 Thread Seth Arnold
Please use CVE-2020-11937 for this issue. Thanks.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-11937

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad.net/bugs/1881982

Title:
  DoS vulnerability: cause resource exhaustion

Status in whoopsie package in Ubuntu:
  Confirmed
Status in whoopsie source package in Xenial:
  Confirmed
Status in whoopsie source package in Bionic:
  Confirmed
Status in whoopsie source package in Eoan:
  Confirmed
Status in whoopsie source package in Focal:
  Confirmed
Status in whoopsie source package in Groovy:
  Confirmed

Bug description:
  Hi,

  I have found a security issue on whoopsie 0.2.69 and earlier.

  # Vulnerability description
  The parse_report() function in whoopsie.c allows attackers to cause a denial 
of service (memory leak) via a crafted file. 
  Exploitation of this issue causes excessive memory consumption which results 
in the Linux kernel triggering OOM killer on arbitrary process.
  This results in the process being terminated by the OOM killer.

  
  # Details 
  We have found a memory leak vulnerability during the parsing the crash file, 
when a collision occurs on GHashTable through g_hash_table_insert().
  According to [1], if the key already exists in the GHashTable, its current 
value is replaced with the new value.
  If 'key_destory_func' and 'value_destroy_func' are supplied when creating the 
table, the old value and the passed key are freed using that function.
  Unfortunately, whoopsie does not handle the old value and the passed key when 
collision happens.
  If a crash file contains same repetitive key-value pairs, it leads to memory 
leak as much as the amount of repetition and results in denial-of-service.

  [1] https://developer.gnome.org/glib/stable/glib-Hash-Tables.html#g
  -hash-table-insert

  
  # PoC (*Please check the below PoC: whoopsie_killer.py)
  1) Generates a certain malformed crash file that contains same repetitive 
key-value pairs.
  2) Trigger the whoopsie to read the generated crash file.
  3) After then, the whoopsie process has been killed.

  
  # Mitigation (*Please check the below patch: g_hash_table_memory_leak.patch)
  We should use g_hash_table_new_full() with ‘key_destroy_func’ and 
‘value_destroy_func’ functions instead of g_hash_table_new().
  Otherwise, before g_hash_table_insert(), we should check the collision via 
g_hash_table_lookup_extended() and obtain pointer to the old value and remove 
it.

  Sincerely,

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1881982/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861082] Re: [SRU] ubuntu-bug doesn't know how to file bugs against snaps

2020-07-02 Thread Seth Arnold
The first package I wanted to try was matterhorn -- I had some trouble
with it earlier today and this was an excellent opportunity to report
the bug 'formally', beyond just a pastebin on irc:

$ ubuntu-bug matterhorn

*** Collecting problem information

The collected information can be sent to the developers to improve the
application. This might take a few minutes.
.dpkg-query: no packages found matching matterhorn
.

***

The problem cannot be reported:

matterhorn is provided by a snap published by popey. No contact address
has been provided; visit the forum at https://forum.snapcraft.io/ for
help.

Press any key to continue...  
No pending crash reports. Try --help for more information.


I'm not sure if this is success or failure -- if the developer didn't put 
anything in, then apport can't really do anything about that, but letting 
developers upload without saying how to file bugs sounds unfortunate too. (But 
that's probably best handled elsewhere.)

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1861082

Title:
  [SRU] ubuntu-bug doesn't know how to file bugs against snaps

Status in Snapcraft:
  New
Status in snapd:
  Triaged
Status in Snap Store Server:
  New
Status in apport package in Ubuntu:
  Fix Released
Status in apport source package in Focal:
  Fix Committed

Bug description:
  [Impact]
  Users of Ubuntu 20.04 are not able to easily report bugs against applications 
provided as a snap.

  [Test Case]
  Install subiquity snap:
  # sudo snap install subiquity --classic
  subiquity 20.06.1 aus Canonical✓ installiert
  # snap list | grep subiquity
  subiquity   20.06.1  1938  latest/stable  canonical*  classic

  ubuntu-bug subiquity results in message:
  # LANGUAGE="en_US" apport-cli subiquity

  *** Collecting problem information

  The collected information can be sent to the developers to improve the
  application. This might take a few minutes.
  ...dpkg-query: no packages found matching subiquity

  *** You are about to report a bug against the deb package, but you
  also a have snap published by canonical installed. You can contact
  them via https://bugs.launchpad.net/subiquity for help. Do you want to
  continue with the bug report against the deb?

  What would you like to do? Your options are:
    Y: Yes
    N: No
    C: Cancel

  === New/Expected Result ===
  ubuntu-bug  should ask the user if he/she wants to 
report the bug against the snap or deb package, if both are installed. If the 
snap is chosen, the "Snap" and "SnapSource" fields should be part of the report:

  # LANGUAGE="en_US" apport-cli subiquity

  *** Collecting problem information

  The collected information can be sent to the developers to improve the
  application. This might take a few minutes.
  ...dpkg-query: no packages found matching subiquity

  *** You have two versions of this application installed, which one do
  you want to report a bug against?

  Choices:
    1: subiquity 20.06.1 (stable) snap
    2: subiquity (1938) deb package
    C: Cancel
  Please choose (1/2/C): 1
  .

  *** Send problem report to the developers?

  After the problem report has been sent, please fill out the form in the
  automatically opened web browser.

  What would you like to do? Your options are:
    S: Send report (46.1 KB)
    V: View report
    K: Keep report file for sending later or copying to somewhere else
    I: Cancel and ignore future crashes of this program version
    C: Cancel
  Please choose (S/V/K/I/C): V

  Make sure the following two fields are part of the generated report:
  == Snap =
  subiquity 20.06.1 (stable)

  == SnapSource =
  subiquity

  [Regression Potential]
  Small; the change adds a new add_snap_info() method to report.py and is 
triggered in the ui.py logic only in cases which would have otherwise lead to 
an error message. Furthermore, the change has been uploaded to Groovy some 
while ago where it is being used and tested.

  [Original Bug Report]
  Hello, I had problems with subiquity in the focal live server install image. 
I tried to use 'ubuntu-bug subiquity' to report the bug, but ubuntu-bug 
apparently cannot file bug reports against snaps.

  This is frustrating that users need to know which portions of Ubuntu
  are delivered via debs, which portions are delivered by snaps, and try
  to find a way to report bugs correctly.

  ubuntu-bug should know how to report bugs for Canonical software.

  Thanks

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapcraft/+bug/1861082/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1883723] Re: Some official repositories changed compression method from gzip to lz4 leading to checksum errors during apt-get update

2020-06-16 Thread Seth Arnold
** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1883723

Title:
  Some official repositories changed compression method from gzip to lz4
  leading to checksum errors during apt-get update

Status in apt package in Ubuntu:
  New

Bug description:
  This includes bionic-security repositories:

  Reading package lists... Done
  E: Failed to fetch 
store:/var/lib/apt/lists/partial/pl.archive.ubuntu.com_ubuntu_dists_bionic-security_Contents-i386.gz
  Hash Sum mismatch
     Hashes of expected file:
  - Filesize:821731759 [weak]
  - SHA256:03b7fe601ba17908a5bfc628c8eb8309cd682f88ea5c2ed8139a4d46bb02df09
  - SHA1:5b0ca78303b67f3e1e78c828ac10474f4acf8c10 [weak]
  - MD5Sum:fa890ae0f75a803fa744ce126739bfa6 [weak]
     Hashes of received file:
  - SHA256:9cd965c8d4f68b92cfc20484aabf19899b53718f810dc316f7983c4b194108dd
  - SHA1:7c27b4efd7c3ca176b3e7ed85dec5d865a8928b8 [weak]
  - MD5Sum:c1a1a8baef4d45ce444962b981a

  Failed files:
  nusch@xps13:/etc/apt$ sudo ls -l /var/lib/apt/lists/partial/ | grep FAILED
  lrwxrwxrwx 1 root root   87 cze 16 16:52 
pl.archive.ubuntu.com_ubuntu_dists_bionic-proposed_Contents-i386.gz.FAILED -> 
/var/lib/apt/lists/pl.archive.ubuntu.com_ubuntu_dists_bionic-proposed_Contents-i386.lz4
  lrwxrwxrwx 1 root root   87 cze 16 16:52 
pl.archive.ubuntu.com_ubuntu_dists_bionic-security_Contents-i386.gz.FAILED -> 
/var/lib/apt/lists/pl.archive.ubuntu.com_ubuntu_dists_bionic-security_Contents-i386.lz4

  Not sure from where this issue comes - manual browsing of repository
  discovers only .gz file while downloaded copy have lz4 extension.
  After manual downloading .gz one and uncompromising diff command
  confirms both produce the same file.  Apt-get clean and deleting cache
  doesn't help.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: apt 1.6.12ubuntu0.1
  ProcVersionSignature: Ubuntu 4.15.0-107.108-generic 4.15.18
  Uname: Linux 4.15.0-107-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.20.9-0ubuntu7.15
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Jun 16 16:49:31 2020
  InstallationDate: Installed on 2015-05-08 (1866 days ago)
  InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=pl_PL.UTF-8
   SHELL=/bin/bash
  SourcePackage: apt
  UpgradeStatus: Upgraded to bionic on 2018-08-26 (659 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1883723/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1883317] Re: package ca-certificates 20190110ubuntu1.1 failed to install/upgrade: installed ca-certificates package post-installation script subprocess returned error exit status

2020-06-12 Thread Seth Arnold
** Also affects: debconf (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to debconf in Ubuntu.
https://bugs.launchpad.net/bugs/1883317

Title:
  package ca-certificates 20190110ubuntu1.1 failed to install/upgrade:
  installed ca-certificates package post-installation script subprocess
  returned error exit status 128

Status in ca-certificates package in Ubuntu:
  New
Status in debconf package in Ubuntu:
  New

Bug description:
  the above error appears just after the pc turns on

  ProblemType: Package
  DistroRelease: Ubuntu 20.04
  Package: ca-certificates 20190110ubuntu1.1
  ProcVersionSignature: Ubuntu 5.4.0-37.41-generic 5.4.41
  Uname: Linux 5.4.0-37-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.2
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Sat Jun 13 00:57:04 2020
  ErrorMessage: installed ca-certificates package post-installation script 
subprocess returned error exit status 128
  InstallationDate: Installed on 2020-06-12 (0 days ago)
  InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
  PackageArchitecture: all
  Python3Details: /usr/bin/python3.8, Python 3.8.2, python3-minimal, 
3.8.2-0ubuntu2
  PythonDetails: N/A
  RelatedPackageVersions:
   dpkg 1.19.7ubuntu3
   apt  2.0.2ubuntu0.1
  SourcePackage: ca-certificates
  Title: package ca-certificates 20190110ubuntu1.1 failed to install/upgrade: 
installed ca-certificates package post-installation script subprocess returned 
error exit status 128
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1883317/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1882098] Re: Packagekit lets user install untrusted local packages in Bionic and Focal

2020-06-12 Thread Seth Arnold
Hello Sami, Esko,

I'm not very familiar with the packagekit or policykit frameworks, so
please forgive me if I'm far off course here with these thoughts:

- Is the [tld.univ.packagekit-deny] rule necessary? I'd hope that this
permission wouldn't be granted to anyone but admins.

- Are there other rules in other files that might have granted this
permission?

- Does it matter if the test users are in no groups? just their own
username-group? adm? sudo?

- Does polkit or packagekit have a way to see which rules allow or deny
any given request?

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to packagekit in Ubuntu.
https://bugs.launchpad.net/bugs/1882098

Title:
  Packagekit lets user install untrusted local packages in Bionic and
  Focal

Status in packagekit package in Ubuntu:
  New

Bug description:
  We have packagekit configured to allow users to install trusted
  packages from preconfigured repositories, but disallowed them to
  install any untrusted packages.

  The policykit configuration we use is following:

  [tld.univ.packagekit]
  Identity=unix-group:adm;
  
Action=org.freedesktop.packagekit.package-install;org.freedesktop.packagekit.package-reinstall;org.freedesktop.packagekit.package-remove;org.freedesktop.packagekit.system-sources-refresh;org.freedesktop.packagekit.system-update;org.freedesktop.packagekit.repair-system;
  ResultAny=auth_self
  ResultActive=auth_self
  ResultInactive=auth_self

  [tld.univ.packagekit-deny]
  Identity=unix-user:*;
  Action=org.freedesktop.packagekit.package-install-untrusted;
  ResultAny=no

  We would expect this to prevent users from installing local packages
  downloaded from random repositories, however this does not seem to be
  the case.

  pkcon install-local random_package.deb will happily prompt for the
  user to authenticate and will install the package, while pkcon
  --allow-untrusted install-local random_package.deb will prompt for
  root password, which the user does not have.

  Our initial toughts was that the issue would be in packagekitd, but
  after further investigations it looks like the issue could be in aptcc
  backend.

  We are more than happy to provide you with further details, but the
  above should be enough to reproduce the issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1882098] Re: Packagekit lets user install untrusted local packages in Bionic and Focal

2020-06-12 Thread Seth Arnold
** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to packagekit in Ubuntu.
https://bugs.launchpad.net/bugs/1882098

Title:
  Packagekit lets user install untrusted local packages in Bionic and
  Focal

Status in packagekit package in Ubuntu:
  New

Bug description:
  We have packagekit configured to allow users to install trusted
  packages from preconfigured repositories, but disallowed them to
  install any untrusted packages.

  The policykit configuration we use is following:

  [tld.univ.packagekit]
  Identity=unix-group:adm;
  
Action=org.freedesktop.packagekit.package-install;org.freedesktop.packagekit.package-reinstall;org.freedesktop.packagekit.package-remove;org.freedesktop.packagekit.system-sources-refresh;org.freedesktop.packagekit.system-update;org.freedesktop.packagekit.repair-system;
  ResultAny=auth_self
  ResultActive=auth_self
  ResultInactive=auth_self

  [tld.univ.packagekit-deny]
  Identity=unix-user:*;
  Action=org.freedesktop.packagekit.package-install-untrusted;
  ResultAny=no

  We would expect this to prevent users from installing local packages
  downloaded from random repositories, however this does not seem to be
  the case.

  pkcon install-local random_package.deb will happily prompt for the
  user to authenticate and will install the package, while pkcon
  --allow-untrusted install-local random_package.deb will prompt for
  root password, which the user does not have.

  Our initial toughts was that the issue would be in packagekitd, but
  after further investigations it looks like the issue could be in aptcc
  backend.

  We are more than happy to provide you with further details, but the
  above should be enough to reproduce the issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1883235] Re: freez when using

2020-06-12 Thread Seth Arnold
** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1883235

Title:
  freez when using

Status in xorg package in Ubuntu:
  New

Bug description:
  when i am using my computer for long time then there is a problem many
  time like when i am open activities then again back to home screen
  then start  hanging problem ,but mouser pointer work but when i am
  going to open an application it gives the option but its shows in
  activities ,i can not open it.then i was turned off my computer.now i
  dont have  that video,but when problems occurs again, i will show in
  it video .

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: xorg 1:7.7+19ubuntu7.1
  ProcVersionSignature: Ubuntu 5.3.0-53.47~18.04.1-generic 5.3.18
  Uname: Linux 5.3.0-53-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.15
  Architecture: amd64
  CompositorRunning: None
  CurrentDesktop: ubuntu:GNOME
  Date: Fri Jun 12 15:51:11 2020
  DistUpgraded: Fresh install
  DistroCodename: bionic
  DistroVariant: ubuntu
  ExtraDebuggingInterest: No
  GraphicsCard:
   Advanced Micro Devices, Inc. [AMD/ATI] Raven Ridge [Radeon Vega Series / 
Radeon Vega Mobile Series] [1002:15dd] (rev c8) (prog-if 00 [VGA controller])
 Subsystem: Gigabyte Technology Co., Ltd Radeon RX Vega 11 [1458:d000]
  MachineType: Gigabyte Technology Co., Ltd. A320M-S2H
  ProcEnviron:
   LANGUAGE=en_IN:en
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_IN
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.3.0-53-generic 
root=UUID=38903ee5-fb7c-4faa-ac0c-0a499b16e531 ro quiet splash nomodeset 
vt.handoff=1
  SourcePackage: xorg
  Symptom: display
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/08/2018
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: F23
  dmi.board.asset.tag: Default string
  dmi.board.name: A320M-S2H-CF
  dmi.board.vendor: Gigabyte Technology Co., Ltd.
  dmi.board.version: x.x
  dmi.chassis.asset.tag: Default string
  dmi.chassis.type: 3
  dmi.chassis.vendor: Default string
  dmi.chassis.version: Default string
  dmi.modalias: 
dmi:bvnAmericanMegatrendsInc.:bvrF23:bd08/08/2018:svnGigabyteTechnologyCo.,Ltd.:pnA320M-S2H:pvrDefaultstring:rvnGigabyteTechnologyCo.,Ltd.:rnA320M-S2H-CF:rvrx.x:cvnDefaultstring:ct3:cvrDefaultstring:
  dmi.product.family: Default string
  dmi.product.name: A320M-S2H
  dmi.product.sku: Default string
  dmi.product.version: Default string
  dmi.sys.vendor: Gigabyte Technology Co., Ltd.
  version.compiz: compiz N/A
  version.libdrm2: libdrm2 2.4.99-1ubuntu1~18.04.2
  version.libgl1-mesa-dri: libgl1-mesa-dri 19.2.8-0ubuntu0~18.04.3
  version.libgl1-mesa-glx: libgl1-mesa-glx 19.2.8-0ubuntu0~18.04.3
  version.xserver-xorg-core: xserver-xorg-core N/A
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
  version.xserver-xorg-video-ati: xserver-xorg-video-ati N/A
  version.xserver-xorg-video-intel: xserver-xorg-video-intel N/A
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau N/A

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1883235/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1883128] Re: package ca-certificates 20190110ubuntu1.1 failed to install/upgrade: installed ca-certificates package post-installation script subprocess returned error exit status

2020-06-11 Thread Seth Arnold
Hello, it appears the openssl package has been replaced; I suggest
filing a bug following the instructions here:

BUGS: This PPA now has a issue tracker:
https://deb.sury.org/#bug-reporting

Thanks

** Changed in: ca-certificates (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ca-certificates in Ubuntu.
https://bugs.launchpad.net/bugs/1883128

Title:
  package ca-certificates 20190110ubuntu1.1 failed to install/upgrade:
  installed ca-certificates package post-installation script subprocess
  returned error exit status 1

Status in ca-certificates package in Ubuntu:
  Invalid

Bug description:
  I just got this message.  Not sure what it means.

  ProblemType: Package
  DistroRelease: Ubuntu 20.04
  Package: ca-certificates 20190110ubuntu1.1
  Uname: Linux 5.6.0-15.2-liquorix-amd64 x86_64
  ApportVersion: 2.20.11-0ubuntu27.2
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Thu Jun 11 09:46:52 2020
  ErrorMessage: installed ca-certificates package post-installation script 
subprocess returned error exit status 1
  InstallationDate: Installed on 2020-05-29 (13 days ago)
  InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
  PackageArchitecture: all
  Python3Details: /usr/bin/python3.8, Python 3.8.2, python3-minimal, 
3.8.2-0ubuntu2
  PythonDetails: N/A
  RelatedPackageVersions:
   dpkg 1.19.7ubuntu3
   apt  2.0.2ubuntu0.1
  SourcePackage: ca-certificates
  Title: package ca-certificates 20190110ubuntu1.1 failed to install/upgrade: 
installed ca-certificates package post-installation script subprocess returned 
error exit status 1
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1883128/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1883146] Re: package sudo 1.8.31-1ubuntu1 failed to install/upgrade: installed sudo package pre-removal script subprocess returned error exit status 1

2020-06-11 Thread Seth Arnold
Hello, it looks like something is trying to remove sudo. This would be
bad.

I suggest running this:

sudo apt update
sudo apt install sudo
sudo apt install -f

hopefully this will get you back to a working system. If not, I suggest
asking for help on #ubuntu on irc.freenode.net or https://askubuntu.com/

Thanks

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1883146

Title:
  package sudo 1.8.31-1ubuntu1 failed to install/upgrade: installed sudo
  package pre-removal script subprocess returned error exit status 1

Status in sudo package in Ubuntu:
  New

Bug description:
  i need to uninstall wine software

  ProblemType: Package
  DistroRelease: Ubuntu 20.04
  Package: sudo 1.8.31-1ubuntu1
  ProcVersionSignature: Ubuntu 5.4.0-26.30-generic 5.4.30
  Uname: Linux 5.4.0-26-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Thu Jun 11 21:43:29 2020
  ErrorMessage: installed sudo package pre-removal script subprocess returned 
error exit status 1
  InstallationDate: Installed on 2020-06-08 (3 days ago)
  InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
  Python3Details: /usr/bin/python3.8, Python 3.8.2, python3-minimal, 
3.8.2-0ubuntu2
  PythonDetails: N/A
  RelatedPackageVersions:
   dpkg 1.19.7ubuntu3
   apt  2.0.2
  SourcePackage: sudo
  Title: package sudo 1.8.31-1ubuntu1 failed to install/upgrade: installed sudo 
package pre-removal script subprocess returned error exit status 1
  UpgradeStatus: No upgrade log present (probably fresh install)
  VisudoCheck:
   /etc/sudoers: parsed OK
   /etc/sudoers.d/README: parsed OK

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1883146/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1882897] Re: Suddent log off/abort in middle of session

2020-06-10 Thread Seth Arnold
** Information type changed from Public Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1882897

Title:
  Suddent log off/abort in middle of session

Status in xorg package in Ubuntu:
  New

Bug description:
  This problem starts recently while I was watching some video files on
  videos. After that whenever I click on any video file it just forces
  me to log off the system and crash the work environment.

  Then after uninstalling the Videos software it was working fine. But
  now recently I installed qgis software. Again this log off problem
  starts. Whenever I try to add some plugins to qgis my system crashes
  and forces me to log off from the current session.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: xserver-xorg (not installed)
  ProcVersionSignature: Ubuntu 5.3.0-53.47~18.04.1-generic 5.3.18
  Uname: Linux 5.3.0-53-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.15
  Architecture: amd64
  BootLog: Error: [Errno 13] Permission denied: '/var/log/boot.log'
  CompositorRunning: None
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Jun 10 12:53:21 2020
  DistUpgraded: Fresh install
  DistroCodename: bionic
  DistroVariant: ubuntu
  ExtraDebuggingInterest: Yes, if not too technical
  GraphicsCard:
   NVIDIA Corporation GP107GL [Quadro P400] [10de:1cb3] (rev a1) (prog-if 00 
[VGA controller])
     Subsystem: Dell GP107GL [Quadro P400] [1028:11be]
  InstallationDate: Installed on 2019-08-31 (283 days ago)
  InstallationMedia: Ubuntu 18.04.2 LTS "Bionic Beaver" - Release amd64 
(20190210)
  Lsusb:
   Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
   Bus 001 Device 003: ID 413c:301a Dell Computer Corp.
   Bus 001 Device 002: ID 413c:2107 Dell Computer Corp.
   Bus 001 Device 004: ID 0781:5567 SanDisk Corp. Cruzer Blade
   Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
  MachineType: Dell Inc. Precision 3630 Tower
  ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.3.0-53-generic 
root=UUID=46512e15-013e-4c05-8e5a-6b0ccc6f6d7a ro quiet splash vt.handoff=1
  SourcePackage: xorg
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 02/05/2020
  dmi.bios.vendor: Dell Inc.
  dmi.bios.version: 2.5.0
  dmi.board.name: 0NNNCT
  dmi.board.vendor: Dell Inc.
  dmi.board.version: A01
  dmi.chassis.type: 3
  dmi.chassis.vendor: Dell Inc.
  dmi.modalias: 
dmi:bvnDellInc.:bvr2.5.0:bd02/05/2020:svnDellInc.:pnPrecision3630Tower:pvr:rvnDellInc.:rn0NNNCT:rvrA01:cvnDellInc.:ct3:cvr:
  dmi.product.family: Precision
  dmi.product.name: Precision 3630 Tower
  dmi.product.sku: 0871
  dmi.sys.vendor: Dell Inc.
  version.compiz: compiz N/A
  version.libdrm2: libdrm2 2.4.99-1ubuntu1~18.04.2
  version.libgl1-mesa-dri: libgl1-mesa-dri 19.2.8-0ubuntu0~18.04.3
  version.libgl1-mesa-glx: libgl1-mesa-glx 19.2.8-0ubuntu0~18.04.3
  version.xserver-xorg-core: xserver-xorg-core N/A
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
  version.xserver-xorg-video-ati: xserver-xorg-video-ati N/A
  version.xserver-xorg-video-intel: xserver-xorg-video-intel N/A
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau N/A

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1882897/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1870058] Re: Collect deleted users

2020-06-10 Thread Seth Arnold
Thanks Didier, that's perfect. :)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1870058

Title:
  Collect deleted users

Status in shadow package in Ubuntu:
  Fix Released
Status in zsys package in Ubuntu:
  Fix Released
Status in shadow source package in Focal:
  New
Status in zsys source package in Focal:
  New

Bug description:
  [Impact]
   * Deleting users were preserving corresponding ZFS user datasets, without 
marking them for cleanup.
   * This is covered by dedicated use cases.

  [Test Case]
   1. Ensure you have a foo user:
   2. Run userdel --remove foo
   3. Check that rpool/USERDATA/foo_ has its content removed and is not 
mounted
   4. zfs get com.ubuntu.zsys:bootfs-dataset rpool/USERDATA/foo_ is not 
associated with current system dataset
  ---
  Other use case:
   1.Ensure you have a foo user:
   2. Run userdel foo
   3. Check that rpool/USERDATA/foo_ still has its content, but is not 
mounted.
   4. zfs get com.ubuntu.zsys:bootfs-dataset rpool/USERDATA/foo_ is not 
associated with current system dataset
  ---
  On a non ZFS installation :
   1. Ensure you have a foo user:
   2. Run userdel --remove foo
   3. The user is deleted, no error occured.
  ---
  On a non ZFS installation with ZSys installed :
   1. Ensure you have a foo user:
   2. Run userdel --remove foo
   3. The user is deleted, no error occured.

  [Regression Potential]
   * A new hidden command is added, triggered by userdel.
   * Tests are covering this new command and GRPC request.
   * The methodology is similar to useradd and usermod. The dependency between 
shadow and zsys is weak on purpose:
   - the ZSys hidden command is available and is a no-op if not called
   - if calling the command failed on userdel, nothing is done on ZSys side, 
but the code path is similar to ZSys not being installed or running on a non 
ZFS system.

  

  Ideally, we would untag them as part of GC so that we can clean them
  up later. However, those can be linked to states on other pools with
  same pool name than targetted one, and it will be hard to match them.

  Give a command for users to see them in status and then manually
  remove suspicious datasets ?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1870058/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


Re: [Touch-packages] [Bug 1870058] Re: Collect deleted users

2020-06-09 Thread Seth Arnold
On Tue, Jun 09, 2020 at 09:04:00AM -, Didier Roche wrote:
> + Other use case:
> + On a non ZFS installation :
> + On a non ZFS installation with ZSys installed :

Can I suggest a ZFS installation that doesn't have zsys installed, as
well? There's at least a dozen of us that used the guide from the ZFS On
Linux wiki on running Ubuntu on ZFS on LUKS, and may not have zsys
installed (I'm a bit afraid of trying it myself, perhaps assumptions it
makes aren't assumptions I made.)

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1870058

Title:
  Collect deleted users

Status in shadow package in Ubuntu:
  Fix Released
Status in zsys package in Ubuntu:
  Fix Released
Status in shadow source package in Focal:
  New
Status in zsys source package in Focal:
  New

Bug description:
  [Impact]
   * Deleting users were preserving corresponding ZFS user datasets, without 
marking them for cleanup.
   * This is covered by dedicated use cases.

  [Test Case]
   1. Ensure you have a foo user:
   2. Run userdel --remove foo
   3. Check that rpool/USERDATA/foo_ has its content removed and is not 
mounted
   4. zfs get com.ubuntu.zsys:bootfs-dataset rpool/USERDATA/foo_ is not 
associated with current system dataset
  ---
  Other use case:
   1.Ensure you have a foo user:
   2. Run userdel foo
   3. Check that rpool/USERDATA/foo_ still has its content, but is not 
mounted.
   4. zfs get com.ubuntu.zsys:bootfs-dataset rpool/USERDATA/foo_ is not 
associated with current system dataset
  ---
  On a non ZFS installation :
   1. Ensure you have a foo user:
   2. Run userdel --remove foo
   3. The user is deleted, no error occured.
  ---
  On a non ZFS installation with ZSys installed :
   1. Ensure you have a foo user:
   2. Run userdel --remove foo
   3. The user is deleted, no error occured.

  [Regression Potential]
   * A new hidden command is added, triggered by userdel.
   * Tests are covering this new command and GRPC request.
   * The methodology is similar to useradd and usermod. The dependency between 
shadow and zsys is weak on purpose:
   - the ZSys hidden command is available and is a no-op if not called
   - if calling the command failed on userdel, nothing is done on ZSys side, 
but the code path is similar to ZSys not being installed or running on a non 
ZFS system.

  

  Ideally, we would untag them as part of GC so that we can clean them
  up later. However, those can be linked to states on other pools with
  same pool name than targetted one, and it will be hard to match them.

  Give a command for users to see them in status and then manually
  remove suspicious datasets ?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1870058/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1882635] Re: hangs problem

2020-06-09 Thread Seth Arnold
** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1882635

Title:
  hangs problem

Status in xorg package in Ubuntu:
  New

Bug description:
  many time a day when i am using pc ,system is getting hanged

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: xorg 1:7.7+19ubuntu7.1
  ProcVersionSignature: Ubuntu 5.3.0-53.47~18.04.1-generic 5.3.18
  Uname: Linux 5.3.0-53-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.15
  Architecture: amd64
  CompositorRunning: None
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Jun  9 10:59:48 2020
  DistUpgraded: Fresh install
  DistroCodename: bionic
  DistroVariant: ubuntu
  ExtraDebuggingInterest: No
  GraphicsCard:
   Advanced Micro Devices, Inc. [AMD/ATI] Raven Ridge [Radeon Vega Series / 
Radeon Vega Mobile Series] [1002:15dd] (rev c8) (prog-if 00 [VGA controller])
 Subsystem: Gigabyte Technology Co., Ltd Radeon RX Vega 11 [1458:d000]
  MachineType: Gigabyte Technology Co., Ltd. A320M-S2H
  ProcEnviron:
   LANGUAGE=en_IN:en
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_IN
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.3.0-53-generic 
root=UUID=38903ee5-fb7c-4faa-ac0c-0a499b16e531 ro quiet splash nomodeset 
vt.handoff=1
  SourcePackage: xorg
  Symptom: display
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/08/2018
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: F23
  dmi.board.asset.tag: Default string
  dmi.board.name: A320M-S2H-CF
  dmi.board.vendor: Gigabyte Technology Co., Ltd.
  dmi.board.version: x.x
  dmi.chassis.asset.tag: Default string
  dmi.chassis.type: 3
  dmi.chassis.vendor: Default string
  dmi.chassis.version: Default string
  dmi.modalias: 
dmi:bvnAmericanMegatrendsInc.:bvrF23:bd08/08/2018:svnGigabyteTechnologyCo.,Ltd.:pnA320M-S2H:pvrDefaultstring:rvnGigabyteTechnologyCo.,Ltd.:rnA320M-S2H-CF:rvrx.x:cvnDefaultstring:ct3:cvrDefaultstring:
  dmi.product.family: Default string
  dmi.product.name: A320M-S2H
  dmi.product.sku: Default string
  dmi.product.version: Default string
  dmi.sys.vendor: Gigabyte Technology Co., Ltd.
  version.compiz: compiz N/A
  version.libdrm2: libdrm2 2.4.99-1ubuntu1~18.04.2
  version.libgl1-mesa-dri: libgl1-mesa-dri 19.2.8-0ubuntu0~18.04.3
  version.libgl1-mesa-glx: libgl1-mesa-glx 19.2.8-0ubuntu0~18.04.3
  version.xserver-xorg-core: xserver-xorg-core N/A
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
  version.xserver-xorg-video-ati: xserver-xorg-video-ati N/A
  version.xserver-xorg-video-intel: xserver-xorg-video-intel N/A
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau N/A

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1882635/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1882632] Re: hangiing problem

2020-06-09 Thread Seth Arnold
** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1882632

Title:
  hangiing problem

Status in xorg package in Ubuntu:
  New

Bug description:
  many time in a day system getting hangs, please solve it quickly

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: xorg 1:7.7+19ubuntu7.1
  ProcVersionSignature: Ubuntu 5.3.0-53.47~18.04.1-generic 5.3.18
  Uname: Linux 5.3.0-53-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.15
  Architecture: amd64
  CompositorRunning: None
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Jun  9 10:54:26 2020
  DistUpgraded: Fresh install
  DistroCodename: bionic
  DistroVariant: ubuntu
  ExtraDebuggingInterest: No
  GraphicsCard:
   Advanced Micro Devices, Inc. [AMD/ATI] Raven Ridge [Radeon Vega Series / 
Radeon Vega Mobile Series] [1002:15dd] (rev c8) (prog-if 00 [VGA controller])
 Subsystem: Gigabyte Technology Co., Ltd Radeon RX Vega 11 [1458:d000]
  MachineType: Gigabyte Technology Co., Ltd. A320M-S2H
  ProcEnviron:
   LANGUAGE=en_IN:en
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_IN
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.3.0-53-generic 
root=UUID=38903ee5-fb7c-4faa-ac0c-0a499b16e531 ro quiet splash nomodeset 
vt.handoff=1
  SourcePackage: xorg
  Symptom: display
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/08/2018
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: F23
  dmi.board.asset.tag: Default string
  dmi.board.name: A320M-S2H-CF
  dmi.board.vendor: Gigabyte Technology Co., Ltd.
  dmi.board.version: x.x
  dmi.chassis.asset.tag: Default string
  dmi.chassis.type: 3
  dmi.chassis.vendor: Default string
  dmi.chassis.version: Default string
  dmi.modalias: 
dmi:bvnAmericanMegatrendsInc.:bvrF23:bd08/08/2018:svnGigabyteTechnologyCo.,Ltd.:pnA320M-S2H:pvrDefaultstring:rvnGigabyteTechnologyCo.,Ltd.:rnA320M-S2H-CF:rvrx.x:cvnDefaultstring:ct3:cvrDefaultstring:
  dmi.product.family: Default string
  dmi.product.name: A320M-S2H
  dmi.product.sku: Default string
  dmi.product.version: Default string
  dmi.sys.vendor: Gigabyte Technology Co., Ltd.
  version.compiz: compiz N/A
  version.libdrm2: libdrm2 2.4.99-1ubuntu1~18.04.2
  version.libgl1-mesa-dri: libgl1-mesa-dri 19.2.8-0ubuntu0~18.04.3
  version.libgl1-mesa-glx: libgl1-mesa-glx 19.2.8-0ubuntu0~18.04.3
  version.xserver-xorg-core: xserver-xorg-core N/A
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
  version.xserver-xorg-video-ati: xserver-xorg-video-ati N/A
  version.xserver-xorg-video-intel: xserver-xorg-video-intel N/A
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau N/A

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1882632/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1882627] Re: ASc

2020-06-09 Thread Seth Arnold
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1882627

Title:
  ASc

Status in xorg package in Ubuntu:
  New

Bug description:
  CVdSCACC

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: xorg 1:7.7+19ubuntu7.1
  ProcVersionSignature: Ubuntu 4.15.0-97.98-generic 4.15.18
  Uname: Linux 4.15.0-97-generic i686
  .tmp.unity_support_test.0:
   
  ApportVersion: 2.20.9-0ubuntu7.14
  Architecture: i386
  CompizPlugins: No value set for 
`/apps/compiz-1/general/screen0/options/active_plugins'
  CompositorRunning: None
  Date: Mon Jun  8 22:07:25 2020
  DistUpgraded: Fresh install
  DistroCodename: bionic
  DistroVariant: ubuntu
  ExtraDebuggingInterest: Yes, if not too technical
  GraphicsCard:
   Intel Corporation Mobile 945GM/GMS, 943/940GML Express Integrated Graphics 
Controller [8086:27a2] (rev 03) (prog-if 00 [VGA controller])
 Subsystem: Sony Corporation Mobile 945GM/GMS, 943/940GML Express 
Integrated Graphics Controller [104d:81ef]
 Subsystem: Sony Corporation Mobile 945GM/GMS/GME, 943/940GML Express 
Integrated Graphics Controller [104d:81ef]
  InstallationDate: Installed on 2020-01-16 (144 days ago)
  InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Release i386 (20131016.1)
  MachineType: Sony Corporation VGN-FE650G
  PccardctlIdent:
   Socket 0:
 no product info available
  PccardctlStatus:
   Socket 0:
 no card
  ProcEnviron:
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.15.0-97-generic 
root=/dev/mapper/ubuntu--vg-root ro drm.debug=0xe plymouth:debug nopat 
vesafb.invalid=1
  Renderer: Software
  SourcePackage: xorg
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 05/11/2006
  dmi.bios.vendor: Phoenix Technologies LTD
  dmi.bios.version: R0130J3
  dmi.board.asset.tag: N/A
  dmi.board.name: VAIO
  dmi.board.vendor: Sony Corporation
  dmi.board.version: N/A
  dmi.chassis.asset.tag: 7N2L6f5be251d759fa8b
  dmi.chassis.type: 10
  dmi.chassis.vendor: Sony Corporation
  dmi.chassis.version: C3LMHN9T
  dmi.modalias: 
dmi:bvnPhoenixTechnologiesLTD:bvrR0130J3:bd05/11/2006:svnSonyCorporation:pnVGN-FE650G:pvrC3LMHN9T:rvnSonyCorporation:rnVAIO:rvrN/A:cvnSonyCorporation:ct10:cvrC3LMHN9T:
  dmi.product.family: N/A
  dmi.product.name: VGN-FE650G
  dmi.product.version: C3LMHN9T
  dmi.sys.vendor: Sony Corporation
  version.compiz: compiz 1:0.9.13.1+18.04.20180302-0ubuntu1
  version.libdrm2: libdrm2 2.4.99-1ubuntu1~18.04.2
  version.libgl1-mesa-dri: libgl1-mesa-dri 19.2.8-0ubuntu0~18.04.3
  version.libgl1-mesa-glx: libgl1-mesa-glx 19.2.8-0ubuntu0~18.04.3
  version.xserver-xorg-core: xserver-xorg-core 2:1.19.6-1ubuntu4.4
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.10.5-1ubuntu1
  version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:18.0.1-1
  version.xserver-xorg-video-intel: xserver-xorg-video-intel 
2:2.99.917+git20171229-1
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.15-2
  xserver.bootTime: Fri Jun  5 16:56:59 2020
  xserver.configfile: default
  xserver.logfile: /var/log/Xorg.0.log
  xserver.outputs:
   
  xserver.version: 2:1.19.6-1ubuntu4.4

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1882627/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1881859] Re: RaspberryPi and "openssl:Error: 'rehash' is an invalid command"

2020-06-03 Thread Seth Arnold
Hello Jeffrey, this is quite surprising; what's your PATH look like in
the shell where you performed this update? I'm curious if you may have a
locally-supplied openssl that is shadowing the system-provided openssl
binary.

Can you include the output from:

apt policy openssl
debsums -sa openssl

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ca-certificates in Ubuntu.
https://bugs.launchpad.net/bugs/1881859

Title:
  RaspberryPi and "openssl:Error: 'rehash' is an invalid command"

Status in ca-certificates package in Ubuntu:
  New

Bug description:
  Hi Everyone,

  I ran dist-upgrade today on my RPI-3. It resulted in:

  ```
  Calculating upgrade... Done
  The following packages will be upgraded:
    armbian-bionic-desktop armbian-config armbian-firmware ca-certificates
    chromium-browser chromium-chromedriver chromium-codecs-ffmpeg-extra
    python3-software-properties software-properties-common
  9 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  ```

  And:

  ```
  ...
  Setting up chromium-codecs-ffmpeg-extra (83.0.4103.61-0ubuntu0.18.04.1) ...
  Setting up python3-software-properties (0.96.24.32.13) ...
  Setting up ca-certificates (20190110~18.04.1) ...
  Updating certificates in /etc/ssl/certs...
  openssl:Error: 'rehash' is an invalid command.

  Standard commands
  asn1parse caciphers   cms
  crl   crl2pkcs7 dgst  dh
  dhparam   dsa   dsaparam  ec
  ...

  127 added, 8 removed; done.
  Setting up software-properties-common (0.96.24.32.13) ...
  Setting up chromium-browser (83.0.4103.61-0ubuntu0.18.04.1) ...
  ```

  Operating System:

  ```
  $ lsb_release -a
  No LSB modules are available.
  Distributor ID: Ubuntu
  Description:Ubuntu 18.04.4 LTS
  Release:18.04
  Codename:   bionic
  ```
  

  And finally:

  ```
  $ apt-cache show ca-certificates
  Package: ca-certificates
  Architecture: all
  Version: 20190110~18.04.1
  Multi-Arch: foreign
  Priority: important
  Section: misc
  Origin: Ubuntu
  Maintainer: Ubuntu Developers 
  Original-Maintainer: Michael Shuler 
  Bugs: https://bugs.launchpad.net/ubuntu/+filebug
  Installed-Size: 382
  Depends: openssl (>= 1.1.0), debconf (>= 0.5) | debconf-2.0
  Breaks: ca-certificates-java (<< 20121112+nmu1)
  Enhances: openssl
  Filename: pool/main/c/ca-certificates/ca-certificates_20190110~18.04.1_all.deb
  Size: 145500
  MD5sum: f0c73db6f5e857f13af04aaa736f87f0
  SHA1: 8a3d4583491b426691a986ef11b1c805c2d4cf54
  SHA256: fcfa84619207690491a3f9ab898de3fb2d46eeb7a73d525b91d05e7655815f5b
  Description: Common CA certificates
  Description-md5: e867d2a359bea1800b5bff209fc65bd1
  Task: minimal
  Supported: 5y

  Package: ca-certificates
  Architecture: all
  Version: 20180409
  Multi-Arch: foreign
  Priority: important
  Section: misc
  Origin: Ubuntu
  Maintainer: Ubuntu Developers 
  Original-Maintainer: Michael Shuler 
  Bugs: https://bugs.launchpad.net/ubuntu/+filebug
  Installed-Size: 392
  Depends: openssl (>= 1.1.0), debconf (>= 0.5) | debconf-2.0
  Breaks: ca-certificates-java (<< 20121112+nmu1)
  Enhances: openssl
  Filename: pool/main/c/ca-certificates/ca-certificates_20180409_all.deb
  Size: 150932
  MD5sum: eae40792673dcb994af86284d0a01f36
  SHA1: 8ac5ac1506810b0483f0b80b0652071348459fc4
  SHA256: 195ffe05ae7d060146f890b1db225f5e8c3a8c505ffbea1fba30a520a1cd58d8
  Description: Common CA certificates
  Description-md5: e867d2a359bea1800b5bff209fc65bd1
  Task: minimal
  Supported: 5y

  
  $ apt-cache show openssl
  Package: openssl
  Architecture: armhf
  Version: 1.1.1-1ubuntu2.1~18.04.6
  Multi-Arch: foreign
  Priority: important
  Section: utils
  Origin: Ubuntu
  Maintainer: Ubuntu Developers 
  Original-Maintainer: Debian OpenSSL Team 

  Bugs: https://bugs.launchpad.net/ubuntu/+filebug
  Installed-Size: 986
  Depends: libc6 (>= 2.15), libssl1.1 (>= 1.1.1)
  Suggests: ca-certificates
  Filename: pool/main/o/openssl/openssl_1.1.1-1ubuntu2.1~18.04.6_armhf.deb
  Size: 589160
  MD5sum: 37a31fce651134a5b057c9f6f356aaf2
  SHA1: 476816221f03bae71ecd760e1e4e6d155f85e7c1
  SHA256: 2787b66aba181e230f36ce49600b3a7d9dea7695aa332da0496a5e1a62281d39
  Homepage: https://www.openssl.org/
  Description: Secure Sockets Layer toolkit - cryptographic utility
  Description-md5: 9b6de2bb6e1d9016aeb0f00bcf6617bd
  Task: minimal
  Supported: 5y

  Package: openssl
  Architecture: armhf
  Version: 1.1.0g-2ubuntu4
  Multi-Arch: foreign
  Priority: important
  Section: utils
  Origin: Ubuntu
  Maintainer: Ubuntu Developers 
  Original-Maintainer: Debian OpenSSL Team 

  Bugs: https://bugs.launchpad.net/ubuntu/+filebug
  Installed-Size: 883
  Depends: libc6 (>= 2.15), libssl1.1 (>= 1.1.0)
  Suggests: ca-certificates
  Filename: pool/main/o/openssl/openssl_1.1.0g-2ubuntu4_armhf.deb
  Size: 509616
  MD5sum: 

[Touch-packages] [Bug 1854314] Re: Legacy directory /var/run in /lib/systemd/system/dbus.socket

2020-05-28 Thread Seth Arnold
** Changed in: dbus (Ubuntu)
   Status: Fix Released => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dbus in Ubuntu.
https://bugs.launchpad.net/bugs/1854314

Title:
  Legacy directory /var/run in /lib/systemd/system/dbus.socket

Status in D-Bus:
  New
Status in dbus package in Ubuntu:
  Fix Committed
Status in dbus package in Debian:
  Fix Released

Bug description:
  dbus/focal-proposed,now 1.12.16-2ubuntu1 amd64

  Re(o)curring after each new upgrade of dbus, for quite some time and
  still...

  $ dmesg|grep accordingly
  systemd[1]: /lib/systemd/system/dbus.socket:5: ListenStream= references a 
path below legacy directory /var/run/, updating /var/run/dbus/system_bus_socket 
→ /run/dbus/system_bus_socket; please update the unit file accordingly.

  Originally:
  $cat /lib/systemd/system/dbus.socket
  [Unit]
  Description=D-Bus System Message Bus Socket

  [Socket]
  ListenStream=/var/run/dbus/system_bus_socket

  After change:
  $cat /lib/systemd/system/dbus.socket
  [Unit]
  Description=D-Bus System Message Bus Socket

  [Socket]
  ListenStream=/run/dbus/system_bus_socket

To manage notifications about this bug go to:
https://bugs.launchpad.net/dbus/+bug/1854314/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1804847] Re: systemd=229-4ubuntu21.8 use of fchownat failes on some systems (openvz)

2020-05-27 Thread Seth Arnold
Richard, I suggest going to https://askubuntu.com/ or #ubuntu on
irc.freenode.net for interactive help.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1804847

Title:
  systemd=229-4ubuntu21.8 use of fchownat failes on some systems
  (openvz)

Status in systemd package in Ubuntu:
  Fix Released

Bug description:
  The following description is taken from:

  https://answers.launchpad.net/ubuntu/+source/systemd/+question/676237

  Hello everyone,
  I'm running 16.04 LTS on a virtual server which, I think, uses OpenVz. After 
a recent reboot I found most of my services to be in a failed state. The reason 
for that, I guess, are these log entries:

  Nov 17 04:47:42 h2118376 systemd-tmpfiles[165]: fchownat() of 
/run/elasticsearch failed: Invalid argument
  Nov 17 04:47:42 h2118376 systemd-tmpfiles[165]: fchownat() of /run/kopano 
failed: Invalid argument
  Nov 17 04:47:42 h2118376 systemd-tmpfiles[165]: fchownat() of /run/kopano 
failed: Invalid argument
  Nov 17 04:47:42 h2118376 systemd-tmpfiles[165]: fchownat() of /run/php 
failed: Invalid argument
  Nov 17 04:47:42 h2118376 systemd-tmpfiles[165]: fchownat() of /run/postgresql 
failed: Invalid argument
  Nov 17 04:47:42 h2118376 systemd-tmpfiles[165]: fchownat() of /run/redis 
failed: Invalid argument
  Nov 17 04:47:42 h2118376 systemd-tmpfiles[165]: fchownat() of /run/screen 
failed: Invalid argument
  Nov 17 04:47:42 h2118376 systemd-tmpfiles[165]: fchownat() of /run/utmp 
failed: Invalid argument
  Nov 17 04:47:42 h2118376 systemd-tmpfiles[165]: fchownat() of 
/run/systemd/netif failed: Invalid argument
  Nov 17 04:47:42 h2118376 systemd-tmpfiles[165]: fchownat() of 
/run/systemd/netif/links failed: Invalid argument
  Nov 17 04:47:42 h2118376 systemd-tmpfiles[165]: fchownat() of 
/run/systemd/netif/leases failed: Invalid argument
  Nov 17 04:47:42 h2118376 systemd-tmpfiles[165]: fchownat() of 
/run/log/journal failed: Invalid argument
  Nov 17 04:47:42 h2118376 systemd-tmpfiles[165]: fchownat() of 
/run/log/journal/bbad3a438f4b4fb49e5d0700bd5981e8 failed: Invalid argument
  Nov 17 04:47:42 h2118376 systemd-tmpfiles[165]: fchownat() of 
/run/log/journal/bbad3a438f4b4fb49e5d0700bd5981e8/system.journal failed: 
Invalid argument

  To verify I tried this:

  /usr/lib/tmpfiles.d# SYSTEMD_LOG_LEVEL=debug systemd-tmpfiles --create 
elasticsearch.conf
  Reading config file "elasticsearch.conf".
  Running create action for entry d /var/run/elasticsearch
  Found existing directory "/var/run/elasticsearch".
  "/run/elasticsearch" has right mode 40755
  chown "/run/elasticsearch" to 120.128
  fchownat() of /run/elasticsearch failed: Invalid argument

  I can manually chown the directories, e.g. "chown
  elasticsearch:elasticsearch /var/run/elasticsearch" and restart the
  service successfully.  My suspicion is, this is related to an upgrade
  of systemd to 229-4ubuntu21.8.

  At this point I don't know what to do.

  I'm also confused about the version I have installed, which I thought is 
systemd-229. Howver, I looked at 
https://github.com/systemd/systemd/blob/v229/src/tmpfiles/tmpfiles.c and found 
that fchownat() is only used from version 238+:
  Tag v237 (and earlier, including 229):
  /.../
  if (chown(fn,
    i->uid_set ? i->uid : UID_INVALID,
    i->gid_set ? i->gid : GID_INVALID) < 0)
  return log_error_errno(errno, "chown(%s) 
failed: %m", path);
  }
  /.../

  Tag v238

  /.../
  if (fchownat(fd,
   "",
   i->uid_set ? i->uid : UID_INVALID,
   i->gid_set ? i->gid : GID_INVALID,
   AT_EMPTY_PATH) < 0)
  return log_error_errno(errno, "fchownat() of %s failed: %m", path);
  /.../

  Any help fixing this problem would be highly appreciated.
  Many thanks,
  Rafael

  === Notes ===
  fchownat() was added to Linux in kernel 2.6.16;
  library support was added to glibc in version 2.4.
  checkinf if it is blocked/filtered/sandboxed, rarther than unavailable.
  glibc in bionic requires minimum linux 3.2.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1804847/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1877183] Re: segfault in mysql_server_end() from libmysqlclient.so.21

2020-05-27 Thread Seth Arnold
This may be the same issue as
https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/1877504

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to qtbase-opensource-src in
Ubuntu.
https://bugs.launchpad.net/bugs/1877183

Title:
  segfault in mysql_server_end() from libmysqlclient.so.21

Status in mysql-8.0 package in Ubuntu:
  Invalid
Status in qtbase-opensource-src package in Ubuntu:
  Invalid

Bug description:
  libmysqlclient.so.21 causes a segfault on shutdown.

  Test case attached ==> "Removed database" will not be reported.

  Backtrace:
  #0  0x714c330f in ?? () from 
/lib/x86_64-linux-gnu/libmysqlclient.so.21
  #1  0x714c8823 in ?? () from 
/lib/x86_64-linux-gnu/libmysqlclient.so.21
  #2  0x71466243 in mysql_server_end () from 
/lib/x86_64-linux-gnu/libmysqlclient.so.21
  #3  0x71b4d0ee in ?? () from 
/usr/lib/x86_64-linux-gnu/qt5/plugins/sqldrivers/libqsqlmysql.so
  #4  0x71b4d10d in ?? () from 
/usr/lib/x86_64-linux-gnu/qt5/plugins/sqldrivers/libqsqlmysql.so
  #5  0x778e55fb in ?? () from /lib/x86_64-linux-gnu/libQt5Sql.so.5
  #6  0x778e588e in QSqlDatabase::~QSqlDatabase() () from 
/lib/x86_64-linux-gnu/libQt5Sql.so.5
  #7  0x778e5d9c in ?? () from /lib/x86_64-linux-gnu/libQt5Sql.so.5
  #8  0x5579 in cause_segfault () at main.cpp:16
  #9  0x5729 in main (argc=1, argv=0x7fffeb18) at main.cpp:23

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: libqt5sql5-mysql 5.12.8+dfsg-0ubuntu1
  ProcVersionSignature: Ubuntu 5.4.0-29.33-generic 5.4.30
  Uname: Linux 5.4.0-29-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: XFCE
  Date: Wed May  6 21:40:58 2020
  InstallationDate: Installed on 2020-04-27 (9 days ago)
  InstallationMedia: Xubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
  SourcePackage: qtbase-opensource-src
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/1877183/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1880240] Re: Systemd xinetd generator forgets ip-binding

2020-05-26 Thread Seth Arnold
** Information type changed from Private Security to Public Security

** Package changed: systemd (Ubuntu) => uucp (Ubuntu)

** Summary changed:

- Systemd xinetd generator forgets ip-binding
+ systemd uucp.socket listens to all addresses

** Changed in: uucp (Ubuntu)
   Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1880240

Title:
  systemd uucp.socket listens to all addresses

Status in uucp package in Ubuntu:
  Invalid

Bug description:
  Systemd generator for converting xinetd services does not convert "bind =" to 
an equivalent.
  Maybe this should be "ListenStream="

  Instead service will be listen to any, that's insecure.

  245.4-4ubuntu3 on Ubuntu 20.04 64 bit.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/uucp/+bug/1880240/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


Re: [Touch-packages] [Bug 1880412] [NEW] CLI displays unknown extra IP Address

2020-05-26 Thread Seth Arnold
On Sun, May 24, 2020 at 03:06:48PM -, Nik DuVall wrote:
> While working to set up an additional IP Address on the server from
> VMWare, somehow the MOTD is coming up with an extra IP Address that
> doesn't exist on the interface (172.16.50.7).
> 
> MOTD + ifconfig output below demonstrating the bug :

Hello, please note that one of the reasons why ifconfig has been
deprecated since 1999 is that it does not know about multiple IP addresses
on a given interface. Compare with the ip addr output instead, which does
know how to manipulate multiple IP addresses on an interface.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1880412

Title:
  CLI displays unknown extra IP Address

Status in openssh package in Ubuntu:
  New

Bug description:
  While working to set up an additional IP Address on the server from
  VMWare, somehow the MOTD is coming up with an extra IP Address that
  doesn't exist on the interface (172.16.50.7).

  MOTD + ifconfig output below demonstrating the bug :

  user@localworkstation ~ % ssh server  
  Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-31-generic x86_64)

   * Documentation:  https://help.ubuntu.com
   * Management: https://landscape.canonical.com
   * Support:https://ubuntu.com/advantage

System information as of Sun 24 May 2020 02:56:13 PM UTC

System load: 0.0
Usage of /:  6.4% of 97.93GB
Memory usage:34%
Swap usage:  0%
Processes:   218
Users logged in: 0
IPv4 address for ens160: 172.16.30.15
IPv4 address for ens161: 172.16.40.53
IPv4 address for ens193: 172.16.100.53
IPv4 address for ens224: 172.16.10.53
IPv4 address for ens225: 172.16.50.6
IPv4 address for ens225: 172.16.50.7
IPv4 address for ens256: 172.16.20.53

  
  0 updates can be installed immediately.
  0 of these updates are security updates.

  Failed to connect to https://changelogs.ubuntu.com/meta-release-lts.
  Check your Internet connection or proxy settings

  
  Last login: Sun May 24 14:54:15 2020 from 172.16.10.46
  user@server:~$ ifconfig ens225
  ens225: flags=4163  mtu 1500
  inet 172.16.50.6  netmask 255.255.255.0  broadcast 172.16.50.255
  inet6 fe80::282c:c0bc:4862:d381  prefixlen 64  scopeid 0x20
  ether 00:0c:29:c9:36:42  txqueuelen 1000  (Ethernet)
  RX packets 1587  bytes 147366 (147.3 KB)
  RX errors 0  dropped 0  overruns 0  frame 0
  TX packets 49  bytes 4610 (4.6 KB)
  TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

  user@server:~$

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: openssh-server 1:8.2p1-4
  ProcVersionSignature: Ubuntu 5.4.0-31.35-generic 5.4.34
  Uname: Linux 5.4.0-31-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27
  Architecture: amd64
  CasperMD5CheckResult: pass
  Date: Sun May 24 14:58:54 2020
  InstallationDate: Installed on 2020-04-25 (28 days ago)
  InstallationMedia: Ubuntu-Server 20.04 LTS "Focal Fossa" - Release amd64 
(20200423)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SSHDConfig:
   Error: command ['pkexec', '/usr/sbin/sshd', '-T'] failed with exit code 127: 
polkit-agent-helper-1: error response to PolicyKit daemon: 
GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: No session for cookie
   Error executing command as another user: Not authorized
   
   This incident has been reported.
  SourcePackage: openssh
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1880412/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1880222] Re: ubuntu bionic-backports Hash Sum mismatch

2020-05-22 Thread Seth Arnold
Are you still having trouble with this file?

If you still have this file:
/var/lib/apt/lists/partial/us.archive.ubuntu.com_ubuntu_dists_bionic-backports_Contents-i386.gz
can you determine from looking at it if it looks remotely close to what was 
expected?

The usual cause of this problem is ISP-deployed transparent caches, it
might be worth looking into various websites for "am I behind a proxy?".
I've seen apt-cacher-ng cause this problem too, but that was seven years
ago.

The version of this file I retrieved a few minutes ago from all four
archive mirrors that I can reach were identical, and matched what the
Release file says they should match.

Thanks

** Information type changed from Private Security to Public Security

** Changed in: apt (Ubuntu)
   Status: New => Incomplete

** Changed in: update-manager (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1880222

Title:
  ubuntu bionic-backports Hash Sum mismatch

Status in apt package in Ubuntu:
  Incomplete
Status in update-manager package in Ubuntu:
  Incomplete

Bug description:
  # apt-get update
  (proceeded normally until...)
  Err:24 http://us.archive.ubuntu.com/ubuntu bionic-backports i386 Contents 
(deb)
Hash Sum mismatch
Hashes of expected file:
 - Filesize:724924 [weak]
 - SHA256:d59f30b35a9fd0f52922cbf3a4bf1f0713e816a209cca57bac1dbc56af3c9a77
 - SHA1:0d1e53232da2c41febc6cccecfc4000f930c3450 [weak]
 - MD5Sum:dfa1f7010a23b70c967aef7600ebd49f [weak]
Hashes of received file:
 - SHA256:1c97d900fc3b9168c38bf870b1dd7c71be88ff72e0751c1551b8129c8de98740
 - SHA1:a725025e50c3ebd60dd16058594340b4ca9c97e2 [weak]
 - MD5Sum:925bb2a78f81a2dc9b4269a6f5e9ece5 [weak]
 - Filesize:90948 [weak]
Release file created at: Fri, 22 May 2020 16:49:51 +
  Fetched 254 MB in 51s (5,014 kB/s)
  Reading package lists... Done
  E: Failed to fetch 
store:/var/lib/apt/lists/partial/us.archive.ubuntu.com_ubuntu_dists_bionic-backports_Contents-i386.gz
  Hash Sum mismatch
 Hashes of expected file:
  - Filesize:724924 [weak]
  - SHA256:d59f30b35a9fd0f52922cbf3a4bf1f0713e816a209cca57bac1dbc56af3c9a77
  - SHA1:0d1e53232da2c41febc6cccecfc4000f930c3450 [weak]
  - MD5Sum:dfa1f7010a23b70c967aef7600ebd49f [weak]
 Hashes of received file:
  - SHA256:1c97d900fc3b9168c38bf870b1dd7c71be88ff72e0751c1551b8129c8de98740
  - SHA1:a725025e50c3ebd60dd16058594340b4ca9c97e2 [weak]
  - MD5Sum:925bb2a78f81a2dc9b4269a6f5e9ece5 [weak]
  - Filesize:90948 [weak]
 Release file created at: Fri, 22 May 2020 16:49:51 +
  E: Some index files failed to download. They have been ignored, or old ones 
used instead.

  $ apt-get -v
  apt 1.6.12ubuntu0.1 (amd64)

  Also, Software Updater (version 1:18.04.11.12) after hitting "Install" gives 
pop-up:
  "Requires installation of untrusted packages
   This requires installing packages from unauthenticated sources."
  Only options: "Settings..." and "OK"
  And it is not OK; I have not configured any unauthenticated sources!

  This occurs when enabling updates from Ubuntu Base (but not Security
  updates).

  I expected to not get such errors and updating to occur normally.

  $ lsb_release -rd
  Description:  Ubuntu 18.04.4 LTS
  Release:  18.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1880222/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1860826] Re: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory

2020-05-19 Thread Seth Arnold
Joshua, it's not a typo, and not a missing dependency:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674857#25

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1860826

Title:
  pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or
  directory

Status in pam package in Ubuntu:
  Confirmed
Status in pam source package in Groovy:
  Confirmed
Status in pam package in Debian:
  New

Bug description:
  Hello, after upgrading to focal I found the following in my journalctl
  output:

  Jan 24 23:07:00 millbarge sudo[32120]: pam_unix(sudo:auth): Couldn't open 
/etc/securetty: No such file or directory
  Jan 24 23:07:01 millbarge sudo[32120]: pam_unix(sudo:auth): Couldn't open 
/etc/securetty: No such file or directory

  
  The login package stopped packaging this file:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731656
  and now forcibly removes the file:
  https://paste.ubuntu.com/p/myh9cGWrHD/

  However, the pam package's pam_unix.so module has not yet been adapted to 
ignore this file:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674857#25

  Thanks

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: libpam-modules 1.3.1-5ubuntu4
  ProcVersionSignature: Ubuntu 5.4.0-9.12-generic 5.4.3
  Uname: Linux 5.4.0-9-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.11-0ubuntu15
  Architecture: amd64
  Date: Fri Jan 24 23:35:33 2020
  ProcEnviron:
   TERM=rxvt-unicode-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: pam
  UpgradeStatus: Upgraded to focal on 2020-01-24 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1860826/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1878178] Re: EPSON WF 3520 driver problem - PpdFiles: Error

2020-05-12 Thread Seth Arnold
** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1878178

Title:
  EPSON WF 3520 driver problem - PpdFiles: Error

Status in cups package in Ubuntu:
  New

Bug description:
  After an upgrade from Ubuntu 18.04.2 to 19.10 my printer EPSON WF-3520
  won't work. It is recognized on the printer menu but after finding the
  proper driver from EPSON it gives en error in the process. There is a
  ppdfiles:error

  ProblemType: Bug
  DistroRelease: Ubuntu 19.10
  Package: cups 2.2.12-2ubuntu1.1
  ProcVersionSignature: Ubuntu 5.3.0-51.44-generic 5.3.18
  Uname: Linux 5.3.0-51-generic x86_64
  ApportVersion: 2.20.11-0ubuntu8.8
  Architecture: amd64
  CupsErrorLog:
   E [12/May/2020:10:44:55 +0300] [Client 16] Returning IPP 
server-error-not-accepting-jobs for Print-Job 
(ipp://localhost/printers/EPSON_WF_3520_Series) from localhost.
   E [12/May/2020:10:45:59 +0300] [Client 22] Returning IPP 
server-error-not-accepting-jobs for Print-Job 
(ipp://localhost/printers/EPSON_WF_3520_Series) from localhost.
   E [12/May/2020:11:23:51 +0300] [Client 16] Returning IPP 
server-error-not-accepting-jobs for Print-Job 
(ipp://localhost/printers/EPSON_WF_3520_Series) from localhost.
  CurrentDesktop: ubuntu:GNOME
  Date: Tue May 12 12:28:09 2020
  InstallationDate: Installed on 2019-12-21 (142 days ago)
  InstallationMedia: Ubuntu 18.04.2 LTS "Bionic Beaver" - Release amd64 
(20190210)
  Lpstat: device for EPSON_WF_3520_Series: ///dev/null
  MachineType: Dell Inc. Precision M4600
  Papersize: a4
  PpdFiles: Error: command ['fgrep', '-H', '*NickName', 
'/etc/cups/ppd/EPSON_WF_3520_Series.ppd'] failed with exit code 2: grep: 
/etc/cups/ppd/EPSON_WF_3520_Series.ppd: Permission denied
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.3.0-51-generic 
root=UUID=a5d00ddf-aa19-41bf-8139-ac7c317aa04c ro quiet splash vt.handoff=7
  SourcePackage: cups
  UpgradeStatus: Upgraded to eoan on 2020-05-04 (7 days ago)
  dmi.bios.date: 09/14/2018
  dmi.bios.vendor: Dell Inc.
  dmi.bios.version: A19
  dmi.board.name: 08V9YG
  dmi.board.vendor: Dell Inc.
  dmi.board.version: A00
  dmi.chassis.type: 9
  dmi.chassis.vendor: Dell Inc.
  dmi.modalias: 
dmi:bvnDellInc.:bvrA19:bd09/14/2018:svnDellInc.:pnPrecisionM4600:pvr01:rvnDellInc.:rn08V9YG:rvrA00:cvnDellInc.:ct9:cvr:
  dmi.product.name: Precision M4600
  dmi.product.version: 01
  dmi.sys.vendor: Dell Inc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1878178/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1877822] Re: xorg (Ubuntu) bug reporting guidelines:

2020-05-11 Thread Seth Arnold
*** This bug is a duplicate of bug 1877821 ***
https://bugs.launchpad.net/bugs/1877821

** Information type changed from Private Security to Public

** This bug has been marked a duplicate of bug 1877821
   xorg (Ubuntu) bug reporting guidelines:

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1877822

Title:
  xorg (Ubuntu) bug reporting guidelines:

Status in xorg package in Ubuntu:
  New

Bug description:
  Please report bugs against xorg with this command:

$ ubuntu-bug xorg

  For more tips on effective bug reporting against Ubuntu Xorg packages,
  please see http://wiki.ubuntu.com/X/Reporting and thanks ahead of
  time!

  Ubuntu bug reporting guidelines:
  Are you uncertain if your issue is really a bug? Then ask a support question 
about Ubuntu at http://answers.launchpad.net/ubuntu/ - these can be made into 
bugs later. Another support venue is http://askubuntu.com.

  If you are certain this is a bug please include the source package the
  bug is in. For help see https://wiki.ubuntu.com/Bugs/FindRightPackage.

  We also need:

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: xorg 1:7.7+19ubuntu14
  ProcVersionSignature: Ubuntu 5.4.0-29.33-generic 5.4.30
  Uname: Linux 5.4.0-29-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27
  Architecture: amd64
  BootLog: Error: [Errno 13] Permission denied: '/var/log/boot.log'
  CasperMD5CheckResult: skip
  CompositorRunning: None
  CurrentDesktop: ubuntu:GNOME
  Date: Sun May 10 06:15:27 2020
  DistUpgraded: Fresh install
  DistroCodename: focal
  DistroVariant: ubuntu
  DkmsStatus: virtualbox, 6.1.6, 5.4.0-29-generic, x86_64: installed
  ExtraDebuggingInterest: Yes, including running git bisection searches
  GraphicsCard:
   Intel Corporation UHD Graphics 620 (Whiskey Lake) [8086:3ea0] (rev 02) 
(prog-if 00 [VGA controller])
 Subsystem: Dell UHD Graphics 620 (Whiskey Lake) [1028:08b9]
  InstallationDate: Installed on 2020-05-05 (4 days ago)
  InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
  MachineType: Dell Inc. Latitude 5500
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-29-generic 
root=UUID=55faf464-9082-49b3-9a16-cab619ffa5a9 ro dis_ucode_ldr quiet splash 
nomodeset
  SourcePackage: xorg
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 12/26/2019
  dmi.bios.vendor: Dell Inc.
  dmi.bios.version: 1.6.5
  dmi.board.name: 0M14W7
  dmi.board.vendor: Dell Inc.
  dmi.board.version: A00
  dmi.chassis.type: 10
  dmi.chassis.vendor: Dell Inc.
  dmi.modalias: 
dmi:bvnDellInc.:bvr1.6.5:bd12/26/2019:svnDellInc.:pnLatitude5500:pvr:rvnDellInc.:rn0M14W7:rvrA00:cvnDellInc.:ct10:cvr:
  dmi.product.family: Latitude
  dmi.product.name: Latitude 5500
  dmi.product.sku: 08B9
  dmi.sys.vendor: Dell Inc.
  version.compiz: compiz N/A
  version.libdrm2: libdrm2 2.4.101+git2005070630.c997ba~oibaf~f
  version.libgl1-mesa-dri: libgl1-mesa-dri 20.2~git2005091930.e622e0~oibaf~f
  version.libgl1-mesa-glx: libgl1-mesa-glx N/A
  version.xserver-xorg-core: xserver-xorg-core 2:1.20.8-2ubuntu2
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
  version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-1
  version.xserver-xorg-video-intel: xserver-xorg-video-intel 
2:2.99.917+git20200226-1
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.16-1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1877822/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1877821] Re: xorg (Ubuntu) bug reporting guidelines:

2020-05-11 Thread Seth Arnold
** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1877821

Title:
  xorg (Ubuntu) bug reporting guidelines:

Status in xorg package in Ubuntu:
  New

Bug description:
  Please report bugs against xorg with this command:

$ ubuntu-bug xorg

  For more tips on effective bug reporting against Ubuntu Xorg packages,
  please see http://wiki.ubuntu.com/X/Reporting and thanks ahead of
  time!

  Ubuntu bug reporting guidelines:
  Are you uncertain if your issue is really a bug? Then ask a support question 
about Ubuntu at http://answers.launchpad.net/ubuntu/ - these can be made into 
bugs later. Another support venue is http://askubuntu.com.

  If you are certain this is a bug please include the source package the
  bug is in. For help see https://wiki.ubuntu.com/Bugs/FindRightPackage.

  We also need:

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: xorg 1:7.7+19ubuntu14
  ProcVersionSignature: Ubuntu 5.4.0-29.33-generic 5.4.30
  Uname: Linux 5.4.0-29-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27
  Architecture: amd64
  BootLog: Error: [Errno 13] Permission denied: '/var/log/boot.log'
  CasperMD5CheckResult: skip
  CompositorRunning: None
  CurrentDesktop: ubuntu:GNOME
  Date: Sun May 10 06:15:27 2020
  DistUpgraded: Fresh install
  DistroCodename: focal
  DistroVariant: ubuntu
  DkmsStatus: virtualbox, 6.1.6, 5.4.0-29-generic, x86_64: installed
  ExtraDebuggingInterest: Yes, including running git bisection searches
  GraphicsCard:
   Intel Corporation UHD Graphics 620 (Whiskey Lake) [8086:3ea0] (rev 02) 
(prog-if 00 [VGA controller])
 Subsystem: Dell UHD Graphics 620 (Whiskey Lake) [1028:08b9]
  InstallationDate: Installed on 2020-05-05 (4 days ago)
  InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
  MachineType: Dell Inc. Latitude 5500
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-29-generic 
root=UUID=55faf464-9082-49b3-9a16-cab619ffa5a9 ro dis_ucode_ldr quiet splash 
nomodeset
  SourcePackage: xorg
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 12/26/2019
  dmi.bios.vendor: Dell Inc.
  dmi.bios.version: 1.6.5
  dmi.board.name: 0M14W7
  dmi.board.vendor: Dell Inc.
  dmi.board.version: A00
  dmi.chassis.type: 10
  dmi.chassis.vendor: Dell Inc.
  dmi.modalias: 
dmi:bvnDellInc.:bvr1.6.5:bd12/26/2019:svnDellInc.:pnLatitude5500:pvr:rvnDellInc.:rn0M14W7:rvrA00:cvnDellInc.:ct10:cvr:
  dmi.product.family: Latitude
  dmi.product.name: Latitude 5500
  dmi.product.sku: 08B9
  dmi.sys.vendor: Dell Inc.
  version.compiz: compiz N/A
  version.libdrm2: libdrm2 2.4.101+git2005070630.c997ba~oibaf~f
  version.libgl1-mesa-dri: libgl1-mesa-dri 20.2~git2005091930.e622e0~oibaf~f
  version.libgl1-mesa-glx: libgl1-mesa-glx N/A
  version.xserver-xorg-core: xserver-xorg-core 2:1.20.8-2ubuntu2
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
  version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-1
  version.xserver-xorg-video-intel: xserver-xorg-video-intel 
2:2.99.917+git20200226-1
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.16-1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1877821/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1877746] Re: Lock screen not working

2020-05-11 Thread Seth Arnold
** Information type changed from Private Security to Public Security

** Package changed: xorg (Ubuntu) => gnome-shell (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1877746

Title:
  Lock screen not working

Status in gnome-shell package in Ubuntu:
  New

Bug description:
  The screen will not automatically lock on the specified timer.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: xorg 1:7.7+19ubuntu14
  ProcVersionSignature: Ubuntu 5.4.0-29.33-generic 5.4.30
  Uname: Linux 5.4.0-29-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset 
nvidia
  .proc.driver.nvidia.gpus..09.00.0: Error: [Errno 21] Is a directory: 
'/proc/driver/nvidia/gpus/:09:00.0'
  .proc.driver.nvidia.registry: Binary: ""
  .proc.driver.nvidia.suspend: suspend hibernate resume
  .proc.driver.nvidia.suspend_depth: default modeset uvm
  .proc.driver.nvidia.version:
   NVRM version: NVIDIA UNIX x86_64 Kernel Module  440.64  Fri Feb 21 01:17:26 
UTC 2020
   GCC version:  gcc version 9.3.0 (Ubuntu 9.3.0-10ubuntu2)
  ApportVersion: 2.20.11-0ubuntu27
  Architecture: amd64
  BootLog: Error: [Errno 13] Permission denied: '/var/log/boot.log'
  CasperMD5CheckResult: skip
  CompizPlugins: No value set for 
`/apps/compiz-1/general/screen0/options/active_plugins'
  CompositorRunning: None
  CurrentDesktop: ubuntu:GNOME
  Date: Sat May  9 08:54:58 2020
  DistUpgraded: 2020-04-27 21:42:55,589 DEBUG Running PostInstallScript: 
'./xorg_fix_proprietary.py'
  DistroCodename: focal
  DistroVariant: ubuntu
  DkmsStatus:
   nvidia, 440.64, 5.4.0-28-generic, x86_64: installed
   nvidia, 440.64, 5.4.0-29-generic, x86_64: installed
  ExtraDebuggingInterest: Yes
  GraphicsCard:
   NVIDIA Corporation TU116 [GeForce GTX 1660 Ti] [10de:2182] (rev a1) (prog-if 
00 [VGA controller])
 Subsystem: Gigabyte Technology Co., Ltd TU116 [GeForce GTX 1660 Ti] 
[1458:3fbe]
  InstallationDate: Installed on 2018-07-01 (678 days ago)
  InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
  MachineType: Gigabyte Technology Co., Ltd. X470 AORUS ULTRA GAMING
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-29-generic 
root=UUID=6998b6fb-9ba7-4ce9-a023-b36dab34d51a ro quiet splash vt.handoff=7
  SourcePackage: xorg
  Symptom: display
  UpgradeStatus: Upgraded to focal on 2020-04-28 (11 days ago)
  dmi.bios.date: 11/27/2019
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: F50
  dmi.board.asset.tag: Default string
  dmi.board.name: X470 AORUS ULTRA GAMING-CF
  dmi.board.vendor: Gigabyte Technology Co., Ltd.
  dmi.board.version: x.x
  dmi.chassis.asset.tag: Default string
  dmi.chassis.type: 3
  dmi.chassis.vendor: Default string
  dmi.chassis.version: Default string
  dmi.modalias: 
dmi:bvnAmericanMegatrendsInc.:bvrF50:bd11/27/2019:svnGigabyteTechnologyCo.,Ltd.:pnX470AORUSULTRAGAMING:pvrDefaultstring:rvnGigabyteTechnologyCo.,Ltd.:rnX470AORUSULTRAGAMING-CF:rvrx.x:cvnDefaultstring:ct3:cvrDefaultstring:
  dmi.product.family: Default string
  dmi.product.name: X470 AORUS ULTRA GAMING
  dmi.product.sku: Default string
  dmi.product.version: Default string
  dmi.sys.vendor: Gigabyte Technology Co., Ltd.
  version.compiz: compiz N/A
  version.libdrm2: libdrm2 2.4.101-2
  version.libgl1-mesa-dri: libgl1-mesa-dri 20.0.4-2ubuntu1
  version.libgl1-mesa-glx: libgl1-mesa-glx 20.0.4-2ubuntu1
  version.nvidia-graphics-drivers: nvidia-graphics-drivers-* N/A
  version.xserver-xorg-core: xserver-xorg-core 2:1.20.8-2ubuntu2
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
  version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-1
  version.xserver-xorg-video-intel: xserver-xorg-video-intel 
2:2.99.917+git20200226-1
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.16-1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1877746/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1818548] Re: namei -l incorrect error message

2020-05-06 Thread Seth Arnold
Yay, this appears to have been fixed in focal:

$ namei -l /etc/ssl/private/ssl-cert-snakeoil.key
f: /etc/ssl/private/ssl-cert-snakeoil.key
drwxr-xr-x root root /
drwxr-xr-x root root etc
drwxr-xr-x root root ssl
drwx--x--- root ssl-cert private
 ssl-cert-snakeoil.key - Permission denied

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1818548

Title:
  namei -l incorrect error message

Status in util-linux package in Ubuntu:
  New

Bug description:
  Hello, namei -l gives incorrect error messages if a directory is not
  readable:

  $ namei -l /etc/ssl/private/ssl-cert-snakeoil.key
  f: /etc/ssl/private/ssl-cert-snakeoil.key
  drwxr-xr-x root root /
  drwxr-xr-x root root etc
  drwxr-xr-x root root ssl
  drwx--x--- root ssl-cert private
   ssl-cert-snakeoil.key - No such file or directory
  $ cat /etc/ssl/private/ssl-cert-snakeoil.key
  cat: /etc/ssl/private/ssl-cert-snakeoil.key: Permission denied
  $ ls -l /etc/ssl/private/
  ls: cannot open directory '/etc/ssl/private/': Permission denied

  
  "No such file or directory" is a poor error message for this case. The 
correct error message (as shown by cat) is "Permission denied".

  Incorrect error messages make this tool much less useful.

  Thanks

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: util-linux 2.31.1-0.4ubuntu3.3
  ProcVersionSignature: Ubuntu 4.15.0-45.48-generic 4.15.18
  Uname: Linux 4.15.0-45-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.9-0ubuntu7.5
  Architecture: amd64
  Date: Mon Mar  4 09:00:12 2019
  InstallationDate: Installed on 2012-10-18 (2328 days ago)
  InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 
(20120823.1)
  ProcEnviron:
   TERM=rxvt-unicode-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: util-linux
  UpgradeStatus: Upgraded to bionic on 2018-05-02 (306 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1818548/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1876305] Re: Open Gl error

2020-05-01 Thread Seth Arnold
** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1876305

Title:
  Open Gl error

Status in xorg package in Ubuntu:
  New

Bug description:
  Not able to run Paraview it shows the OpenGl error.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: xorg 1:7.7+19ubuntu14
  ProcVersionSignature: Ubuntu 5.4.0-28.32-generic 5.4.30
  Uname: Linux 5.4.0-28-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27
  Architecture: amd64
  BootLog: Error: [Errno 13] Permission denied: '/var/log/boot.log'
  CasperMD5CheckResult: skip
  CompositorRunning: None
  CurrentDesktop: ubuntu:GNOME
  Date: Fri May  1 19:02:08 2020
  DistUpgraded: Fresh install
  DistroCodename: focal
  DistroVariant: ubuntu
  ExtraDebuggingInterest: Yes, if not too technical
  GraphicsCard:
   Intel Corporation Core Processor Integrated Graphics Controller [8086:0046] 
(rev 18) (prog-if 00 [VGA controller])
 Subsystem: Dell Core Processor Integrated Graphics Controller [1028:0441]
  InstallationDate: Installed on 2020-04-28 (2 days ago)
  InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
  MachineType: Dell Inc. Vostro 3500
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-28-generic 
root=UUID=1532e72e-3f77-4b25-b954-43bbc1c813d0 ro quiet splash vt.handoff=7
  SourcePackage: xorg
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 04/08/2014
  dmi.bios.vendor: Dell Inc.
  dmi.bios.version: A12
  dmi.board.name: 058DK5
  dmi.board.vendor: Dell Inc.
  dmi.board.version: A12
  dmi.chassis.type: 8
  dmi.chassis.vendor: Dell Inc.
  dmi.chassis.version: A12
  dmi.modalias: 
dmi:bvnDellInc.:bvrA12:bd04/08/2014:svnDellInc.:pnVostro3500:pvrA12:rvnDellInc.:rn058DK5:rvrA12:cvnDellInc.:ct8:cvrA12:
  dmi.product.name: Vostro 3500
  dmi.product.sku: To be filled by O.E.M.
  dmi.product.version: A12
  dmi.sys.vendor: Dell Inc.
  version.compiz: compiz N/A
  version.libdrm2: libdrm2 2.4.101+git2004301830.057275~oibaf~f
  version.libgl1-mesa-dri: libgl1-mesa-dri 20.2~git2005010730.60912f~oibaf~f
  version.libgl1-mesa-glx: libgl1-mesa-glx N/A
  version.xserver-xorg-core: xserver-xorg-core 2:1.20.8-2ubuntu2
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
  version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-1
  version.xserver-xorg-video-intel: xserver-xorg-video-intel 
2:2.99.917+git20200226-1
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.16-1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1876305/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1876335] Re: package lvm2 2.03.02-2ubuntu6 failed to install/upgrade: podproces zainstalowany pakiet lvm2 skrypt post-installation zwrócił kod błędu 1

2020-05-01 Thread Seth Arnold
** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lvm2 in Ubuntu.
https://bugs.launchpad.net/bugs/1876335

Title:
  package lvm2 2.03.02-2ubuntu6 failed to install/upgrade: podproces
  zainstalowany pakiet lvm2 skrypt post-installation zwrócił kod błędu 1

Status in lvm2 package in Ubuntu:
  New

Bug description:
  Nie mam pojęcia o co chodzi.

  ProblemType: Package
  DistroRelease: Ubuntu 19.10
  Package: lvm2 2.03.02-2ubuntu6
  ProcVersionSignature: Ubuntu 5.3.0-51.44-generic 5.3.18
  Uname: Linux 5.3.0-51-generic x86_64
  ApportVersion: 2.20.11-0ubuntu8.8
  AptOrdering:
   ovmf:amd64: Install
   NULL: ConfigurePending
  Architecture: amd64
  Date: Fri May  1 15:20:02 2020
  DpkgHistoryLog:
   Start-Date: 2020-05-01  15:19:54
   Commandline: /usr/bin/unattended-upgrade
   Upgrade: ovmf:amd64 (0~20190606.20d2e5a1-2ubuntu1, 
0~20190606.20d2e5a1-2ubuntu1.1)
  ErrorMessage: podproces zainstalowany pakiet lvm2 skrypt post-installation 
zwrócił kod błędu 1
  InstallationDate: Installed on 2020-04-16 (15 days ago)
  InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Release amd64 (20191017)
  Python3Details: /usr/bin/python3.7, Python 3.7.5, python3-minimal, 3.7.5-1
  PythonDetails: N/A
  RelatedPackageVersions:
   dpkg 1.19.7ubuntu2
   apt  1.9.4
  SourcePackage: lvm2
  Title: package lvm2 2.03.02-2ubuntu6 failed to install/upgrade: podproces 
zainstalowany pakiet lvm2 skrypt post-installation zwrócił kod błędu 1
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1876335/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

2020-05-01 Thread Seth Arnold
Check also `systemctl cat ssh.service` and `systemctl cat
secondssh.service` -- sshd also accepts parameters on the commandline,
perhaps the port is being specified outside of the configuration files.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in openssh package in Ubuntu:
  New

Bug description:
  On my Ubuntu Server 20.04 LTS with OpenSSH 1:8.2p1-4, I have TWO sshd
  deamons. One (on port 22) is for internal use, accepts passwords etc.
  The second (on port 7722) does not allow PAM use and no passwords,
  allows only one user(name) and uses an alternative autorized_keys file
  (that only root can edit).

  Any parameter FIRST encountered in sshd_config is the one that is
  accepted; others do not override (like in many other config files).
  There is one exception: 'Port', which is accumulative. To make life
  easier, I set the more restrictive parameters for port 7722 first and
  next include the system-default /etc/ssh/sshd_config.

  The /etc/ssh/sshd_config file(s) in Ubuntu Server 20.04 DO NOT specify
  'Port' anywhere - the default is 22. But: it is obviously still
  accumulative: Setting 'Port' to 7722 makes sshd listen on port 7722
  AND 22. This is unwanted.

  Proposed solution: Remove the accumulative behavior for 'Port' and
  REQUIRE the 'Port' parameter like before (and maybe have second and
  later parameters override the earlier ones, like 'everyone else').

  Regards,

  Adriaan

  PS Searching for solutions, I found that specifying 'ListenAddress
  0.0.0.0:7722' stops sshd from listening to port 22. This, however, is
  not documented in 'man 5 sshd_config' and may be an unreliable side-
  effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1876320/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1875034] Re: login screen will put a character in the password box when pressing key to reomve lock screen

2020-04-27 Thread Seth Arnold
** Package changed: shadow (Ubuntu) => gnome-shell (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/1875034

Title:
  login screen will put a character in the password box when pressing
  key to reomve lock screen

Status in gnome-shell package in Ubuntu:
  New

Bug description:
  When I press a key to dismiss the lock screen, the key I pressed gets
  into the password box

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: login 1:4.8.1-1ubuntu5
  ProcVersionSignature: Ubuntu 5.4.0-26.30-generic 5.4.30
  Uname: Linux 5.4.0-26-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Apr 25 10:39:40 2020
  InstallationDate: Installed on 2020-03-27 (28 days ago)
  InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Release amd64 (20191017)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: shadow
  UpgradeStatus: Upgraded to focal on 2020-04-25 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1875034/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


Re: [Touch-packages] [Bug 1873528] Re: sshd overrides from /etc/ssh/sshd_config.d/*conf apply in reverse lexographic order

2020-04-24 Thread Seth Arnold
On Fri, Apr 24, 2020 at 01:16:31PM -, Dimitri John Ledkov wrote:
> Include /run/ssh/sshd_config.d/*conf
> Include /etc/ssh/sshd_config.d/*conf
> Include /lib/ssh/sshd_config.d/*conf

> It would be nice if /etc/ssh only had the host keys, and no other
> default options.

This feels like it'd also need systemd-style config options to allow
admins to say they don't want specific packaged configs, too.

This mechanism could be ideal for eg ec2-instance-connect, except the
current implementation, via:
/lib/systemd/system/ssh.service.d/ec2-instance-connect.conf
can be ignored via a symlink to /dev/null in
/etc/systemd/system/ssh.service.d/ec2-instance-connect.conf

Changing to sshd config snippets in /lib/ssh/sshd_config.d/ would now
require uninstalling the package entirely, which might also require
uninstalling meta-packages.

A simple 'include' mechanism without allowances for nulling out unwanted
configs is useful but probably not alone sufficient.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1873528

Title:
  sshd overrides from /etc/ssh/sshd_config.d/*conf apply in reverse
  lexographic order

Status in openssh package in Ubuntu:
  Invalid

Bug description:
  I am looking at the addition of 'Include /etc/ssh/sshd_config.d/*conf'
  for use in Ubuntu cloud images.  I wanted to add a config file and see
  if I had done things correctly.  I assumed that the files were sourced
  lexographically (based on use of glob() in readconf.h) so that I could
  document how users could override our tuning.  But it appears from
  'sshd -T' output and observed behavior that the first file in
  /etc/sshd_config.d/ to define a parameter wins.  I see in 'sshd -ddd'
  output that they are parsed lexographically but it seems that their
  settings apply in reverse (or whichever comes first) if that makes
  sense.  I'd like to understand if this is correct behavior and get it
  documented.

  Steps to reproduce on focal with openssh-server 1:8.2p1-4:

  1. Create the following files in /etc/ssh/sshd_config.d/ with the content 
shown below:
  40-cloudimg-settings.conf:
ClientAliveInterval 110
PasswordAuthentication yes
PermitRootLogin no

  50-cloudimg-settings.conf:
ClientAliveInterval 120
PermitRootLogin yes

  60-cloudimg-settings.conf:
ClientAliveInterval 180

  2. Check what sshd thinks the values will be with 'sshd -T|grep -i 
clientaliveinterval' and 'sshd -T|grep permitrootlogin'
  clientaliveinterval 110
  permitrootlogin no

  (The tuning I cared about was ClientAliveInterval for my work but
  PermitRootLogin is easier to demonstrate)

  3. Run '/usr/sbin/sshd -ddd' to check debug output for config file parsing 
behavior:
  debug2: load_server_config: filename /etc/ssh/sshd_config
  debug2: load_server_config: done config len = 296
  debug2: parse_server_config_depth: config /etc/ssh/sshd_config len 296
  debug2: /etc/ssh/sshd_config line 13: new include 
/etc/ssh/sshd_config.d/*.conf
  debug2: /etc/ssh/sshd_config line 13: including 
/etc/ssh/sshd_config.d/40-cloudimg-settings.conf
  debug2: load_server_config: filename 
/etc/ssh/sshd_config.d/40-cloudimg-settings.conf
  debug2: load_server_config: done config len = 71
  debug2: parse_server_config_depth: config 
/etc/ssh/sshd_config.d/40-cloudimg-settings.conf len 71
  debug3: /etc/ssh/sshd_config.d/40-cloudimg-settings.conf:1 setting 
ClientAliveInterval 110
  debug3: /etc/ssh/sshd_config.d/40-cloudimg-settings.conf:2 setting 
PasswordAuthentication yes
  debug3: /etc/ssh/sshd_config.d/40-cloudimg-settings.conf:3 setting 
PermitRootLogin no
  debug2: /etc/ssh/sshd_config line 13: including 
/etc/ssh/sshd_config.d/50-cloudimg-settings.conf
  debug2: load_server_config: filename 
/etc/ssh/sshd_config.d/50-cloudimg-settings.conf
  debug2: load_server_config: done config len = 46
  debug2: parse_server_config_depth: config 
/etc/ssh/sshd_config.d/50-cloudimg-settings.conf len 46
  debug3: /etc/ssh/sshd_config.d/50-cloudimg-settings.conf:1 setting 
ClientAliveInterval 120
  debug3: /etc/ssh/sshd_config.d/50-cloudimg-settings.conf:2 setting 
PermitRootLogin yes
  debug2: /etc/ssh/sshd_config line 13: including 
/etc/ssh/sshd_config.d/60-cloudimg-settings.conf
  debug2: load_server_config: filename 
/etc/ssh/sshd_config.d/60-cloudimg-settings.conf
  debug2: load_server_config: done config len = 25
  debug2: parse_server_config_depth: config 
/etc/ssh/sshd_config.d/60-cloudimg-settings.conf len 25
  debug3: /etc/ssh/sshd_config.d/60-cloudimg-settings.conf:1 setting 
ClientAliveInterval 180

  4. Set a root password and unlock the account.

  5. Attempt to ssh as root to the instance with a password.

  Observation:
   * Root password login is denied if PermitRootLogin is 'no' in 40-foo.conf 
and 'yes' in 50-foo.conf
   * Root password login is allowed if PermitRootLogin is 'yes' in 40-foo.conf 
and 'no' in 

[Touch-packages] [Bug 1872560] Re: integer overflow in whoopsie 0.2.69

2020-04-23 Thread Seth Arnold
Use CVE-2020-12135.

Thanks

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-12135

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to whoopsie in Ubuntu.
https://bugs.launchpad.net/bugs/1872560

Title:
  integer overflow in whoopsie 0.2.69

Status in whoopsie package in Ubuntu:
  New

Bug description:
  Hi,

  I have found a security issue on whoopsie 0.2.69 and earlier.

  ## Vulnerability in whoopsie
  - whoopsie 0.2.69 and earlier have a heap-based buffer overflow 
vulnerability. 
  - An attacker can cause a denial of service (memory corruption and 
application crash) via a crafted .crash file.

  
  ## Basic
  When a program has been crashed, Linux system tries to create a '.crash' file 
on '/var/crash/' directory with python script located in 
'/usr/share/apport/apport'. 
  The file contains a series of system crash information including core dump, 
syslog, stack trace, memory map info, etc.
  After the creation of '.crash' file, whoopsie extracts the above information 
from the '.crash' file and encodes it into binary json (bson) format.
  Lastly, whoopsie forwards the data to a remotely connected Ubuntu Error 
Report system.

   
  ## Vulnerability
  Unfortunately, we have found a heap-based buffer overflow vulnerability 
during the encoding, when whoopsie attempts to bsonify with crafted crash file.
  The data in '.crash' file is stored in key-value form and the whoopsie 
separately measures the length of 'key' and 'value' to allocate memory region 
during the encoding. 
  A heap-based buffer overflow can occur when an integer overflow happens on a 
variable that contains length of 'key'. 
  FYI, a issue to that raised by 'value' is well covered by performing 
exception handling.

  
@[bson.c:663][https://git.launchpad.net/ubuntu/+source/whoopsie/tree/lib/bson/bson.c?h=applied/0.2.69#n663]

  const uint32_t len = strlen( name ) + 1;

  - Integer overflow occurs when length of ‘name’ exceeds INT32_MAX value. 
  - Here, ‘name’ indicates the ‘key’ data in ‘.crash’ file.

  
@[bson.c:627][https://git.launchpad.net/ubuntu/+source/whoopsie/tree/lib/bson/bson.c?h=applied/0.2.69#n627]

  b->data = bson_realloc( b->data, new_size );

  - Unexpected small memory region is allocated due to above integer
  overflow.

  
@[bson.c:680][https://git.launchpad.net/ubuntu/+source/whoopsie/tree/lib/bson/bson.c?h=applied/0.2.69#n680]

  bson_append( b, name, len );

  - Memory corruption happens when unexpected small memory region is
  allocated.

  
  ## Attack Scenario
  1) Create a fake.crash file
  - '.crash' file is composed of the following format: 'key : value'.
  - To cause the overflow attack, the size of 'key' should be in double amount 
of INT32_MAX.
  - The size of 'value' doesn’t matter, but not zero length.

  $ python -c "print('A' * 0x + ' : ' + 'B')" > /var/crash/fake.crash
  $ cat fake.crash
  AAA … AA : B

  
  2) Trigger the whoopsie to read the fake.crash file
  - Just create 'fake.upload' file by touch command.
  - Or launch apport-gtk gui or apport-bug cli application.

  3) Check out the result
  - After a while, the whoopsie has been killed by segmentation fault.

  Sincerely,

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1872560/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1873627] Re: auditd fails after moving /var it a new filesystem and turning /var/run into a symlink to /run

2020-04-20 Thread Seth Arnold
Running under strace may change the execution environment enough that
it's not reflective of the actual error, but it's still worth a shot --
can you pastebin the whole auditd strace logs? That openat() line is
actually a success -- the error we're looking for will come from the
audit_set_pid(3) function, which uses netlink, which is an incredibly
complicated protocol. The error may not look like an error in strace
output.

Is there any chance the kernel has logged whatever the failure was in
dmesg output?

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to audit in Ubuntu.
https://bugs.launchpad.net/bugs/1873627

Title:
  auditd fails after moving /var it a new filesystem and turning
  /var/run into a symlink to /run

Status in audit package in Ubuntu:
  New

Bug description:
  Auditd was working on my system (Ubuntu 18.04LTS, kernel
  4.15.0-1065-aws) until recently. But after splitting off /var into a
  new filesystem it fails to launch.

  running '/sbin/auditd -f' as root indicates a problem writing the pid file 
(no file exists even when it says one does) Post config load command output: 
  Started dispatcher: /sbin/audispd pid: 16927
  type=DAEMON_START msg=audit(1587280022.692:2019): op=start ver=2.8.2 
format=raw kernel=4.15.0-1065-aws auid=878601141 pid=16925 uid=0 ses=24 
subj=unconfined  res=success
  config_manager init complete
  Error setting audit daemon pid (File exists)
  type=DAEMON_ABORT msg=audit(1587280022.692:2020): op=set-pid auid=878601141 
pid=16925 uid=0 ses=24 subj=unconfined  res=failed
  Unable to set audit pid, exiting
  The audit daemon is exiting.
  Error setting audit daemon pid (Permission denied)

  /var/run is a symlink to /run
  /var/run permissions are 777 root:root
  /run permissions are 755f root:root
  no /run/auditd.pid and subsiquently no /var/run/auditd.pid exists (even 
though the error incorrectly reports otherwise.

  /var/log/audit/audit.log output
  type=DAEMON_START msg=audit(1587278222.942:5617): op=start ver=2.8.2 
format=raw kernel=4.15.0-1065-aws auid=4294967295 pid=7529 uid=0 ses=4294967295 
subj=unconf
  ined  res=success
  type=DAEMON_ABORT msg=audit(1587278222.943:5618): op=set-pid auid=4294967295 
pid=7529 uid=0 ses=4294967295 subj=unconfined  res=failed

  I have been pulling my hair out over this one. So I ran 'strace /sbin/auditd 
-f' and found the following line in the output.
  "openat(AT_FDCWD, "/var/run/auditd.pid", O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW, 
0644) = 4"
  I am grasping at straws, but suspect that the O_NOFOLLOW option is causing a 
failure in creating the pid file since /var/run is a symlink. I could be wrong 
but I can't find anything else to suspect. 

  Since it is best practice to split/var into a separate file system to
  prevent filling the root filesystem in case of an unexpected increase
  in log collection I suspect this is a bug. So either the system needs
  to be able to follow symlinks or an option such as pid_file=[filepath]
  needs to be available in /etc/audit/auditd.conf.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1873627/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


  1   2   3   4   5   6   7   8   9   10   >