[Bug 1908375] Re: ceph-volume lvm list calls blkid numerous times for differrent devices

2021-04-16 Thread Dariusz Gadomski
** Description changed: [Impact]  * Every ceph-volume list lvm call invokes blkid for numerous PARTUUIDs. For some setups with many slower IO devices this can make this call to run for minutes without any actual justification for that. In fact, the upstream ceph approach changed in

[Bug 1908375] Re: ceph-volume lvm list calls blkid numerous times for differrent devices

2021-04-15 Thread Dariusz Gadomski
** Description changed: [Impact] - * Every ceph-volume list lvm call invokes blkid for numerous PARTUUIDs. For some setups with many slower IO devices this can make this call to run for minutes without any actual justification for that. +  * Every ceph-volume list lvm call invokes blkid

[Bug 1923115] Re: Networkd vs udev nic renaming race condition

2021-04-09 Thread Dariusz Gadomski
** Description changed: [Impact] systemd-networkd renames nic just after udev renamed it e.g kernel: [ 2.827368] vmxnet3 :0b:00.0 ens192: renamed from eth0 kernel: [ 7.562729] vmxnet3 :0b:00.0 eth0: renamed from ens192 systemd-networkd[511]: ens192: Interface name

[Bug 1908375] Re: ceph-volume lvm list calls blkid numerous times for differrent devices

2021-04-02 Thread Dariusz Gadomski
ceph-volume.log from a node with 20 volumes. ** Attachment added: "charms-20-volumes-ceph-volume.log" https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1908375/+attachment/5483569/+files/charms-20-volumes-ceph-volume.log -- You received this bug notification because you are a member of

[Bug 1908375] Re: ceph-volume lvm list calls blkid numerous times for differrent devices

2021-04-02 Thread Dariusz Gadomski
I have successfully tested the patched version with a 3 ceph-osd nodes setup, each with 10 or 20 OSDs. This setup has been deployed with juju charms. No problems were observed nor differences compared to a vanilla version. Attaching ceph-volume.logs from an example node with 10 and 20 volumes.

[Bug 1915828] Re: pacemaker fails to release clustered filesystem dlm locks on failover

2021-03-17 Thread Dariusz Gadomski
# verification groovy $ apt-cache policy libcrmcommon34 | grep Installed Installed: 2.0.4-2ubuntu3.1 # dlm_stonith -t 5 -n 1089 dlm_stonith: utils.c:48: common: Assertion `"implicit callsite section is observable, otherwise target's and/or libqb's build is at fault, preventing reliable

[Bug 1915828] Re: pacemaker fails to release clustered filesystem dlm locks on failover

2021-03-17 Thread Dariusz Gadomski
# verification focal $ apt-cache policy libcrmcommon34 | grep Installed Installed: 2.0.3-3ubuntu4.1 # dlm_stonith -t 5 -n 1 dlm_stonith: utils.c:57: common: Assertion `"implicit callsite section is observable, otherwise target's and/or libqb's build is at fault, preventing reliable logging"

[Bug 1908375] Re: ceph-volume lvm list calls blkid numerous times for differrent devices

2021-03-16 Thread Dariusz Gadomski
I have also made an attempt to run tasks.ceph_deploy test suite with vstart as this seems to be the only one that makes use of `ceph-volume`, but I have failed due to Python2/Python3 syntax issues. I have set up venv with Python2 (since qa/tasks/vstart_runner.py is not Python3 compatible) with

[Bug 1908375] Re: ceph-volume lvm list calls blkid numerous times for differrent devices

2021-03-16 Thread Dariusz Gadomski
tox log for patched ceph-volume ** Attachment added: "ceph-volume-patched.tox.log" https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1908375/+attachment/5477101/+files/ceph-volume-patched.tox.log -- You received this bug notification because you are a member of Ubuntu Bugs, which is

[Bug 1908375] Re: ceph-volume lvm list calls blkid numerous times for differrent devices

2021-03-16 Thread Dariusz Gadomski
I have performed a basic set of sanity testing on the patched ceph- volume - no issues noticed nor difference in the output format. I have also run ceph-volume tests with tox (logs attached: ceph-volume- vanilla.tox.log - the unpatched version, ceph-volume-patched.tox.log - patched version). In

[Bug 1917288] Re: Missing to package ceph-kvstore-tool, ceph-monstore-tool, ceph-osdomap-tool in bionic-train UCA release

2021-03-11 Thread Dariusz Gadomski
** Changed in: ceph (Ubuntu) Importance: Undecided => Medium ** Changed in: ceph (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1917288 Title: Missing

[Bug 1915828] Re: pacemaker fails to release clustered filesystem dlm locks on failover

2021-03-08 Thread Dariusz Gadomski
** Description changed: [impact] programs using libqb logging exit due to failed assertion on qb log init [test case] test program: #include QB_LOG_INIT_DATA(test); int main(int argc, char* argv[]) {   return 0; } compile and run: $ gcc -flto

[Bug 1915828] Re: pacemaker fails to release clustered filesystem dlm locks on failover

2021-03-08 Thread Dariusz Gadomski
SRU proposal for groovy ** Patch added: "groovy.debdiff" https://bugs.launchpad.net/ubuntu/+source/pacemaker/+bug/1915828/+attachment/5474408/+files/groovy.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1915828] Re: pacemaker fails to release clustered filesystem dlm locks on failover

2021-03-08 Thread Dariusz Gadomski
SRU proposal for focal ** Patch removed: "focal.debdiff" https://bugs.launchpad.net/ubuntu/+source/pacemaker/+bug/1915828/+attachment/5473371/+files/focal.debdiff ** Patch added: "focal.debdiff"

[Bug 1915828] Re: pacemaker fails to release clustered filesystem dlm locks on failover

2021-03-05 Thread Dariusz Gadomski
** Changed in: pacemaker (Ubuntu Groovy) Assignee: (unassigned) => Dariusz Gadomski (dgadomski) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1915828 Title: pacemaker fails to rele

[Bug 1915828] Re: pacemaker fails to release clustered filesystem dlm locks on failover

2021-03-05 Thread Dariusz Gadomski
** Patch added: "focal.debdiff" https://bugs.launchpad.net/ubuntu/+source/pacemaker/+bug/1915828/+attachment/5473371/+files/focal.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1915828

[Bug 1915828] Re: pacemaker fails to release clustered filesystem dlm locks on failover

2021-03-05 Thread Dariusz Gadomski
Initial Focal SRU proposal. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1915828 Title: pacemaker fails to release clustered filesystem dlm locks on failover To manage notifications about this

[Bug 1915828] Re: pacemaker fails to release clustered filesystem dlm locks on failover

2021-03-04 Thread Dariusz Gadomski
The symbols defined with CRM_TRACE_INIT_DATA doesn't seem to be used anywhere inside pacemaker and it's less than likely those are used anywhere outside of it. The definitions seem to be strictly logging related without any other functionality declared. -- You received this bug notification

[Bug 1915828] Re: pacemaker fails to release clustered filesystem dlm locks on failover

2021-03-04 Thread Dariusz Gadomski
The list of symbols missing seem to be consistent with the onces defined with the CRM_TRACE_INIT_DATA macro: lib/lrmd/lrmd_client.c 46:CRM_TRACE_INIT_DATA(lrmd); lib/pacemaker/pcmk_trans_unpack.c 20:CRM_TRACE_INIT_DATA(transitioner); lib/fencing/st_client.c 37:CRM_TRACE_INIT_DATA(stonith);

[Bug 1915828] Re: pacemaker fails to release clustered filesystem dlm locks on failover

2021-03-04 Thread Dariusz Gadomski
Adding -DQB_KILL_ATTRIBUTE_SECTION to CFLAGS seems to result in some symbols disappearing during the build: https://paste.ubuntu.com/p/hmBpMXGjqy/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1915828] Re: pacemaker fails to release clustered filesystem dlm locks on failover

2021-03-04 Thread Dariusz Gadomski
I have checked it again on Groovy and looks like change from https://github.com/ClusterLabs/libqb/pull/322 did not make it to Groovy version of libqb. Also in a test the behavior was identical to Focal, so I have targetted the bug to the series. -- You received this bug notification because you

[Bug 1915828] Re: pacemaker fails to release clustered filesystem dlm locks on failover

2021-03-04 Thread Dariusz Gadomski
** Also affects: pacemaker (Ubuntu Groovy) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1915828 Title: pacemaker fails to release clustered filesystem

[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553

2021-03-03 Thread Dariusz Gadomski
I have just repeated the testing procedure for golang-1.14 on Focal, Groovy and Hirsute. The test results look correct and consistent with what is expected according to the test case. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553

2021-03-03 Thread Dariusz Gadomski
Thank you Avital. I have just tested golang-1.10 for Xenial and Bionic and the behavior is exactly as expected for a fixed version. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title:

[Bug 1917288] Re: Missing to package ceph-kvstore-tool, ceph-monstore-tool, ceph-osdomap-tool in bionic-train UCA release

2021-03-03 Thread Dariusz Gadomski
I have prepared and tested a build targetting this (available in ppa:dgadomski/ceph-lp1917288). During the tests I was mainly focusing on the following upgrade paths to make sure everything works as expected: 1. stein -> train - no issues, but old ceph-test was left installed leaving garbage

[Bug 1917288] Re: Missing to package ceph-kvstore-tool, ceph-monstore-tool, ceph-osdomap-tool in bionic-train UCA release

2021-03-03 Thread Dariusz Gadomski
** Changed in: ceph (Ubuntu) Assignee: (unassigned) => Dariusz Gadomski (dgadomski) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1917288 Title: Missing to package ceph-kvstore-tool, c

[Bug 1915828] Re: pacemaker fails to release clustered filesystem dlm locks on failover

2021-02-23 Thread Dariusz Gadomski
** Changed in: pacemaker (Ubuntu) Assignee: (unassigned) => Dariusz Gadomski (dgadomski) ** Changed in: pacemaker (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553

2021-02-17 Thread Dariusz Gadomski
Bionic patch with corrected versioning (and matryoshka_test.go fixed) ** Patch added: "bionic_golang-1.10.debdiff" https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+attachment/5464431/+files/bionic_golang-1.10.debdiff -- You received this bug notification because you are a

[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553

2021-02-17 Thread Dariusz Gadomski
Xenial patch (with matryoshka_test.go fixed). ** Patch added: "xenial_golang-1.10.debdiff" https://bugs.launchpad.net/ubuntu/+source/golang-1.14/+bug/1914372/+attachment/5464430/+files/xenial_golang-1.10.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553

2021-02-17 Thread Dariusz Gadomski
Thanks for looking at it. I've checked matryoshka_test.go and looks like it was expecting the old default Content-Type: text/html, while after applying the patch the new default is text/plain. I've updated the debdiffs and will upload them shortly (for x and b). ** Patch removed:

[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553

2021-02-03 Thread Dariusz Gadomski
** Description changed: [Impact] - Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html +  Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. [Test Case] - Described as POC

[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553

2021-02-03 Thread Dariusz Gadomski
Patch proposal for golang-1.10 on Xenial. ** Patch added: "xenial_golang-1.10.debdiff" https://bugs.launchpad.net/ubuntu/+source/golang-1.10/+bug/1914372/+attachment/5459328/+files/xenial_golang-1.10.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553

2021-02-03 Thread Dariusz Gadomski
Patch proposal for golang-1.10 on Bionic. ** Patch added: "bionic_golang-1.10.debdiff" https://bugs.launchpad.net/ubuntu/+source/golang-1.10/+bug/1914372/+attachment/5459326/+files/bionic_golang-1.10.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553

2021-02-03 Thread Dariusz Gadomski
Patch proposal for golang-1.14 on Focal. ** Patch added: "focal_golang-1.14.debdiff" https://bugs.launchpad.net/ubuntu/+source/golang-1.10/+bug/1914372/+attachment/5459325/+files/focal_golang-1.14.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which

[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553

2021-02-03 Thread Dariusz Gadomski
Patch proposal for golang-1.14 on Groovy. ** Patch added: "groovy_golang-1.14.debdiff" https://bugs.launchpad.net/ubuntu/+source/golang-1.10/+bug/1914372/+attachment/5459324/+files/groovy_golang-1.14.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553

2021-02-03 Thread Dariusz Gadomski
Patch proposal for golang-1.14 on Groovy. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914372 Title: Ubuntu packages affected by CVE-2020-24553 To manage notifications about this bug go to:

[Bug 1914372] Re: Ubuntu packages affected by CVE-2020-24553

2021-02-03 Thread Dariusz Gadomski
Patch proposal for golang-1.14 for Hirsute ** Patch added: "hirsute_golang-1.14.debdiff" https://bugs.launchpad.net/ubuntu/+source/golang-1.10/+bug/1914372/+attachment/5459322/+files/hirsute_golang-1.14.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 1914372] [NEW] Ubuntu packages affected by CVE-2020-24553

2021-02-03 Thread Dariusz Gadomski
*** This bug is a security vulnerability *** Public security bug reported: [Impact] Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. [Test Case] Described as POC at

[Bug 1908375] Re: ceph-volume lvm list calls blkid numerous times for differrent devices

2021-01-13 Thread Dariusz Gadomski
SRU proposal available as this branch: https://code.launchpad.net/~dgadomski/ubuntu/+source/ceph/+git/ceph/+ref/lp1908375 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1908375 Title: ceph-volume

[Bug 1908219] Re: [drm:qxl_enc_commit [qxl]] *ERROR* head number too large or missing monitors config:

2021-01-13 Thread Dariusz Gadomski
I have tested this in a VM with kernel 4.15.0-131.135 installed and I can confirm the issue is gone. ** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1908219] Re: [drm:qxl_enc_commit [qxl]] *ERROR* head number too large or missing monitors config:

2020-12-16 Thread Dariusz Gadomski
Patches posted to the kernel-team list: https://lists.ubuntu.com/archives/kernel-team/2020-December/115620.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1908219 Title: [drm:qxl_enc_commit

[Bug 1908375] Re: ceph-volume lvm list calls blkid numerous times for differrent devices

2020-12-16 Thread Dariusz Gadomski
New => Fix Released ** Changed in: ceph (Ubuntu Bionic) Status: New => In Progress ** Changed in: ceph (Ubuntu Bionic) Importance: Undecided => Medium ** Changed in: ceph (Ubuntu Bionic) Assignee: (unassigned) => Dariusz Gadomski (dgadomski) ** Changed in: ceph (Ubuntu)

[Bug 1908375] [NEW] ceph-volume lvm list calls blkid numerous times for differrent devices

2020-12-16 Thread Dariusz Gadomski
) Importance: Undecided Status: Fix Released ** Affects: ceph (Ubuntu Bionic) Importance: Medium Assignee: Dariusz Gadomski (dgadomski) Status: In Progress ** Tags: sts -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed

[Bug 1908219] Re: [drm:qxl_enc_commit [qxl]] *ERROR* head number too large or missing monitors config:

2020-12-15 Thread Dariusz Gadomski
** Changed in: linux (Ubuntu Bionic) Assignee: (unassigned) => Dariusz Gadomski (dgadomski) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1908219 Title: [drm:qxl_enc_commit [qxl]] *ERROR* h

[Bug 1908219] [NEW] [drm:qxl_enc_commit [qxl]] *ERROR* head number too large or missing monitors config:

2020-12-15 Thread Dariusz Gadomski
Public bug reported: [Impact] * Ubuntu 18.04 used as a guest in KVM with Spice/QXL in use may lead to a DRM error displayed during xorg launch: [drm:qxl_enc_commit [qxl]] *ERROR* head number too large or missing monitors config: (ptrval), 0 [Fix] *

[Bug 1881976] Re: apport-gtk and apport-kde install xiterm+thai as dependency (x-terminal-emulator)

2020-08-12 Thread Dariusz Gadomski
I can verify that version 2.20.11-0ubuntu27.8 for focal fixes the issue. Running on server install: sudo apt install apport-gtk apt offers gnome-terminal as dependency. sudo apt install apport-kde pulls in konsole as dependency. ** Tags removed: verification-needed verification-needed-focal

[Bug 1881976] Re: apport-gtk and apport-kde install xiterm+thai as dependency (x-terminal-emulator)

2020-08-11 Thread Dariusz Gadomski
** Changed in: apport (Ubuntu Focal) Status: Fix Committed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1881976 Title: apport-gtk and apport-kde install xiterm+thai as

[Bug 1881976] Re: apport-gtk and apport-kde install xiterm+thai as dependency (x-terminal-emulator)

2020-08-10 Thread Dariusz Gadomski
The fix has been superseded by a security update. In the meantime a concurrent update of pycodestyle broke the apport build. I have backported fixes to the build issue from Groovy and uploaded the patch yesterday. Once the update is reviewed it should be available via the -proposed pocket. --

[Bug 1889556] Re: grub-install failure does not fail package upgrade (and does not roll back to matching modules)

2020-07-31 Thread Dariusz Gadomski
I have run some additional tests on bionic and focal desktop VMs with lvm (and lvm+luks) - no boot issues were observed with the -proposed builds. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1889556] Re: grub-install failure does not fail package upgrade (and does not roll back to matching modules)

2020-07-31 Thread Dariusz Gadomski
xenial verification: Tested with 1.66.27+2.02_beta2-36ubuntu3.27 from -proposed. Boots successfully in BIOS mode. Timestamps updated in EFI mode. ** Tags removed: verification-needed-xenial ** Tags added: verification-done-xenial ** Tags removed: verification-needed ** Tags added:

[Bug 1889556] Re: grub-install failure does not fail package upgrade (and does not roll back to matching modules)

2020-07-31 Thread Dariusz Gadomski
I have also attempted to verify xenial (using version 1.66.27+2.02_beta2-36ubuntu3.27), however grub-efi- amd64-signed_1.66.27+2.02_beta2-36ubuntu3.27 still seems to be unavailable in -proposed (http://archive.ubuntu.com). I have manually downloaded it and tested from here [1], however I'll

[Bug 1889556] Re: grub-install failure does not fail package upgrade (and does not roll back to matching modules)

2020-07-31 Thread Dariusz Gadomski
focal verification: Tested with version 1.142.4+2.04-1ubuntu26.2 from -proposed using the above test case. Boots successfully in BIOS mode. Timestamps updated in EFI mode. ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification

[Bug 1889556] Re: grub-install failure does not fail package upgrade (and does not roll back to matching modules)

2020-07-31 Thread Dariusz Gadomski
bionic-verification: Tested with version 1.93.19+2.02-2ubuntu8.17 from -proposed using the test case in the description. Boots successfully in BIOS mode. Timestamps were updated in EFI mode. ** Tags removed: sts verification-needed-bionic ** Tags added: verification-done-bionic -- You

[Bug 1884265] Re: [fips] ntpq segfaults when attempting to use MD5 from FIPS-openssl library.

2020-07-29 Thread Dariusz Gadomski
I have verified it for Bionic using ntp 1:4.2.8p10+dfsg-5ubuntu7.2. No segfault observed: sudo ntpq -p remote refid st t when poll reach delay offset jitter == 0.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000

[Bug 1884265] Re: [fips] ntpq segfaults when attempting to use MD5 from FIPS-openssl library.

2020-07-29 Thread Dariusz Gadomski
I have verified it for Bionic using ntp 1:4.2.8p10+dfsg-5ubuntu7.2. No segfault observed: sudo ntpq -p remote refid st t when poll reach delay offset jitter == 0.ubuntu.pool.n .POOL. 16

[Bug 1885562] Re: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

2020-07-27 Thread Dariusz Gadomski
** Tags added: sts-sponsor-dgadomski -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1885562 Title: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode To manage notifications about this bug

[Bug 1881976] Re: apport-gtk and apport-kde install xiterm+thai as dependency (x-terminal-emulator)

2020-07-27 Thread Dariusz Gadomski
** Tags added: sts-sponsor-dgadomski -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1881976 Title: apport-gtk and apport-kde install xiterm+thai as dependency (x -terminal-emulator) To manage

[Bug 1861177] Re: seccomp_rule_add is very slow

2020-07-27 Thread Dariusz Gadomski
Marking Eoan as Won't fix due to EOL. ** Changed in: libseccomp (Ubuntu Eoan) Status: Fix Committed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861177 Title:

[Bug 1881976] Re: apport-gtk and apport-kde install xiterm+thai as dependency (x-terminal-emulator)

2020-07-23 Thread Dariusz Gadomski
SRU proposal for focal. ** Patch added: "focal.debdiff" https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1881976/+attachment/5395298/+files/focal.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1881976] Re: apport-gtk and apport-kde install xiterm+thai as dependency (x-terminal-emulator)

2020-07-23 Thread Dariusz Gadomski
SRU proposal for groovy ** Patch removed: "groovy.debdiff" https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1881976/+attachment/5395109/+files/groovy.debdiff ** Patch removed: "focal.debdiff"

[Bug 1881976] Re: xiterm+thai installed by default in Ubuntu 20.04 (Australian Locale)

2020-07-23 Thread Dariusz Gadomski
New => In Progress ** Changed in: apport (Ubuntu) Importance: Undecided => Medium ** Changed in: apport (Ubuntu Focal) Importance: Undecided => Medium ** Changed in: apport (Ubuntu) Assignee: (unassigned) => Dariusz Gadomski (dgadomski) ** Changed in: apport (Ubuntu Focal

[Bug 1881976] Re: xiterm+thai installed by default in Ubuntu 20.04 (Australian Locale)

2020-07-23 Thread Dariusz Gadomski
** Changed in: xiterm+thai (Ubuntu Focal) Importance: Undecided => Medium ** Changed in: xiterm+thai (Ubuntu) Importance: Undecided => Medium ** Changed in: xiterm+thai (Ubuntu) Assignee: (unassigned) => Dariusz Gadomski (dgadomski) ** Changed in: xiterm+thai (Ubu

[Bug 1885562] Re: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

2020-07-23 Thread Dariusz Gadomski
I tested libnss3 2:3.49.1-1ubuntu1.3 on focal, however this was not done in FIPS-mode (as there are no FIPS packages for focal available). I did not find a way to trigger the signature verification outside FIPS mode, but in normal usecase (FIPS disabled) everything works as expected, no

[Bug 1885562] Re: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

2020-07-23 Thread Dariusz Gadomski
Tested with 2:3.35-2ubuntu2.10 on 18.04: sudo chronyd -d 2020-07-23T08:40:19Z chronyd version 3.2 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SECHASH +SIGND +ASYNCDNS +IPV6 -DEBUG) 2020-07-23T08:40:19Z Frequency -1.068 +/- 0.045 ppm read from /var/lib/chrony/chrony.drift (no

[Bug 1885562] Re: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

2020-07-23 Thread Dariusz Gadomski
** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1885562 Title: [fips] freebl_fipsSoftwareIntegrityTest fails in

[Bug 1881976] Re: xiterm+thai installed by default in Ubuntu 20.04 (Australian Locale)

2020-07-23 Thread Dariusz Gadomski
SRU proposal for groovy. ** Description changed: + [Impact] + + * When installing apport-gtk (or apport-kde) on a non-GUI installation (cloud image, server image) as a dependency providing x-terminal-emulator xiterm+thai package is pulled in, which is not appropriate for most locales. + My

[Bug 1881976] Re: xiterm+thai installed by default in Ubuntu 20.04 (Australian Locale)

2020-07-23 Thread Dariusz Gadomski
SRU proposal for focal ** Patch added: "focal.debdiff" https://bugs.launchpad.net/ubuntu/+source/xiterm+thai/+bug/1881976/+attachment/5395110/+files/focal.debdiff ** Description changed: [Impact] - * When installing apport-gtk (or apport-kde) on a non-GUI installation (cloud image,

[Bug 1884265] Re: [fips] ntpq segfaults when attempting to use MD5 from FIPS-openssl library.

2020-07-22 Thread Dariusz Gadomski
** Also affects: ntp (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1884265 Title: [fips] ntpq segfaults when attempting to use MD5 from

[Bug 1885562] Re: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

2020-07-17 Thread Dariusz Gadomski
** Description changed: + [Impact] + + * Prevents using some parts of nss in FIPS mode - e.g. + libfreeblpriv3.so (failed asserts). The library during initialization + tries to verify it's own binaries against signatures in chk files + shipped along with it (created at build time). They are

[Bug 1885562] Re: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

2020-07-15 Thread Dariusz Gadomski
As discussed with Richard outside LP: we agreed that adding symlinks is an acceptable solution to this problem. Debdiffs linked. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1885562 Title: [fips]

[Bug 1885562] Re: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

2020-07-15 Thread Dariusz Gadomski
** Changed in: nss (Ubuntu) Assignee: Richard Maciel Costa (richardmaciel) => Dariusz Gadomski (dgadomski) ** Changed in: nss (Ubuntu Bionic) Assignee: Richard Maciel Costa (richardmaciel) => Dariusz Gadomski (dgadomski) -- You received this bug notification because you are a

[Bug 1884265] Re: [fips] Not fully initialized digest segfaulting some client applications

2020-07-10 Thread Dariusz Gadomski
Oh, I have found it: ppa:j-latten/joydevppa Works perfectly. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1884265 Title: [fips] Not fully initialized digest segfaulting some client

[Bug 1884265] Re: [fips] Not fully initialized digest segfaulting some client applications

2020-07-10 Thread Dariusz Gadomski
Sure. Sounds good. Do you have it available in a ppa anywhere to give it a try? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1884265 Title: [fips] Not fully initialized digest segfaulting some

[Bug 1885562] Re: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

2020-07-08 Thread Dariusz Gadomski
@richardmaciel please let me know if I can help you with anything with regard to this bug. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1885562 Title: [fips] freebl_fipsSoftwareIntegrityTest fails

[Bug 1884265] Re: [fips] Not fully initialized digest segfaulting some client applications

2020-07-08 Thread Dariusz Gadomski
@j-latten: please let me know if I can provide any help with this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1884265 Title: [fips] Not fully initialized digest segfaulting some client

[Bug 1885562] Re: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

2020-07-01 Thread Dariusz Gadomski
The patches I've uploaded implement the Solution B from the description. It actually applies only to Bionic, but I believe it's worth having it in Focal if it gets FIPS certification and for Groovy - to keep it for the future releases. -- You received this bug notification because you are a

[Bug 1885562] Re: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

2020-07-01 Thread Dariusz Gadomski
Bionic debdiff reupload ** Patch added: "bionic.debdiff" https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1885562/+attachment/5388756/+files/bionic.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1885562] Re: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

2020-07-01 Thread Dariusz Gadomski
groovy fix ** Patch added: "groovy.debdiff" https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1885562/+attachment/5388751/+files/groovy.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1885562] Re: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

2020-07-01 Thread Dariusz Gadomski
SRU proposal for Focal May be useful if it gets FIPS-certified. ** Patch added: "focal.debdiff" https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1885562/+attachment/5388752/+files/focal.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is

[Bug 1885562] Re: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

2020-07-01 Thread Dariusz Gadomski
Focal debdiff reupload ** Patch added: "focal.debdiff" https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1885562/+attachment/5388755/+files/focal.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1885562] Re: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

2020-07-01 Thread Dariusz Gadomski
Groovy debdiff re-upload ** Patch added: "groovy.debdiff" https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1885562/+attachment/5388754/+files/groovy.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1885562] Re: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

2020-07-01 Thread Dariusz Gadomski
SRU proposal for bionic ** Patch removed: "focal.debdiff" https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1885562/+attachment/5388752/+files/focal.debdiff ** Patch removed: "groovy.debdiff"

[Bug 1885562] Re: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

2020-07-01 Thread Dariusz Gadomski
** Description changed: In FIPS mode there are some additional checks performed. They lead to verifying binaries signatures. Those signatures are shipped in the libnss3 package as *.chk files installed in /usr/lib/$(DEB_HOST_MULTIARCH)/nss. Along with those files are the libraries

[Bug 1885562] Re: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

2020-06-30 Thread Dariusz Gadomski
I have briefly analyzed nss code - it uses the nspr library for, inter alia, file access abstraction. From what I saw in the docs it does not offer any form of symlink resolution, so it may be nontrivial to safely implement it in nss code. -- You received this bug notification because you are a

[Bug 1885562] Re: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

2020-06-29 Thread Dariusz Gadomski
** Description changed: - When in FIPS mode there some additional checks performed. + In FIPS mode there are some additional checks performed. They lead to verifying binaries signatures. Those signatures are shipped in the libnss3 package as *.chk files installed in

[Bug 1885562] Re: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

2020-06-29 Thread Dariusz Gadomski
** Summary changed: - freebl_fipsSoftwareIntegrityTest fails in FIPS mode + [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode ** Tags added: sts -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1885562] [NEW] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

2020-06-29 Thread Dariusz Gadomski
*** This bug is a security vulnerability *** Public security bug reported: When in FIPS mode there some additional checks performed. They lead to verifying binaries signatures. Those signatures are shipped in the libnss3 package as *.chk files installed in /usr/lib/$(DEB_HOST_MULTIARCH)/nss.

[Bug 1884265] Re: [fips] Not fully initialized digest segfaulting some client applications

2020-06-24 Thread Dariusz Gadomski
** Description changed: In FIPS mode on Bionic MD5 is semi-disabled causing some applications to segfault. Test case: sudo apt install ntp ntpq -p Segmentation fault (core dumped) What happens there is ntpq wants to iterate all available digests (list_digest_names in

[Bug 1884265] Re: [fips] Not fully initialized digest segfaulting some client applications

2020-06-19 Thread Dariusz Gadomski
Changelog in bug #1553309 mentions "- debian/patches/openssl-1.0.2g- fips-md5-allow.patch: [PATCH 3/6] Allow md5 in fips mode." I am however unaware of the context of this change (e.g. MD5 is not included here: [1]) [1]

[Bug 1884265] Re: [fips] Not fully initialized digest segfaulting some client applications

2020-06-19 Thread Dariusz Gadomski
** Changed in: openssl (Ubuntu Bionic) Importance: Undecided => Medium ** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1884265 Title:

[Bug 1884265] [NEW] [fips] Not fully initialized digest segfaulting some client applications

2020-06-19 Thread Dariusz Gadomski
*** This bug is a security vulnerability *** Public security bug reported: In FIPS mode on Bionic MD5 is semi-disabled causing some applications to segfault. Test case: sudo apt install ntp ntpq -p Segmentation fault (core dumped) What happens there is ntpq wants to iterate all available

[Bug 1884265] Re: [fips] Not fully initialized digest segfaulting some client applications

2020-06-19 Thread Dariusz Gadomski
FTR: EVP_add_digest(EVP_md5()); is not present in the Xenial build, hence there's no crash there. ** Tags added: sts -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1884265 Title: [fips] Not fully

[Bug 1878155] Re: Thunderbird fails to connect to server in FIPS mode

2020-05-15 Thread Dariusz Gadomski
With latest builds from ppa:ubuntu-mozilla-security/ppa: Xenial - 1:68.8.0+build2-0ubuntu0.16.04.2 Bionic - 1:68.8.0+build2-0ubuntu0.18.04.2 this issue is gone. Thank you! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1871214] Re: [SRU] nfsd doesn't start if exports depend on mount

2020-05-14 Thread Dariusz Gadomski
Debian merge request of the fix: https://salsa.debian.org/kernel-team /nfs-utils/-/merge_requests/2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1871214 Title: [SRU] nfsd doesn't start if exports

[Bug 1871214] Re: [SRU] nfsd doesn't start if exports depend on mount

2020-05-13 Thread Dariusz Gadomski
Rodrigo, I have tried to make it work using --with-systemd flag passed in d/rules, but every time I make a fix something else backfires. I doubt it has ever been used before. As a sidenote: we are lagging a lot behind upstream (they're at 2.4.4 already, we're at 1.3.4 and so is Debian). But we

[Bug 1878155] Re: Thunderbird fails to connect to server in FIPS mode

2020-05-12 Thread Dariusz Gadomski
Sure, thanks Olivier. Can you give me an estimate on when this can be fixed for Xenial and Bionic? For users using FIPS mode currently Thunderbird is currently unusable. ** Changed in: thunderbird (Ubuntu Xenial) Assignee: Dariusz Gadomski (dgadomski) => (unassigned) ** Chan

[Bug 1878155] Re: Thunderbird fails to connect to server in FIPS mode

2020-05-12 Thread Dariusz Gadomski
Groovy fix. ** Patch added: "groovy.debdiff" https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1878155/+attachment/5370320/+files/groovy.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1878155] Re: Thunderbird fails to connect to server in FIPS mode

2020-05-12 Thread Dariusz Gadomski
importance for Xenial and Bionic marked as high as this prevents Thunderbird from being used in FIPS mode on those releases. ** Changed in: thunderbird (Ubuntu Groovy) Assignee: (unassigned) => Dariusz Gadomski (dgadomski) ** Changed in: thunderbird (Ubuntu Focal) Assignee: (unassig

[Bug 1878155] Re: Thunderbird fails to connect to server in FIPS mode

2020-05-12 Thread Dariusz Gadomski
It is already included upstream starting from release 75.0b1. ** Also affects: thunderbird (Ubuntu Groovy) Importance: Undecided Status: New ** Also affects: thunderbird (Ubuntu Eoan) Importance: Undecided Status: New ** Also affects: thunderbird (Ubuntu Focal)

[Bug 1878155] [NEW] Thunderbird fails to connect to server in FIPS mode

2020-05-12 Thread Dariusz Gadomski
Public bug reported: [Impact] * Thunderbird may become useless after booting into FIPS mode - it refuses to connect to server displaying the following message: Unexpected response from the server This document cannot be displayed unless you install the Personal Security Manager (PSM).

  1   2   3   4   5   6   7   8   >