[Bug 1941904] Re: Check if letsencrypt clients support configuring shorter chains

2021-09-16 Thread Dimitri John Ledkov
** Tags added: letsencryptexpiry -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941904 Title: Check if letsencrypt clients support configuring shorter chains To manage notifications about this bug

[Bug 1928648] Re: expiring trust anchor compatibility issue

2021-09-15 Thread Dimitri John Ledkov
bionic autopkgtests are all clean -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928648 Title: expiring trust anchor compatibility issue To manage notifications about this bug go to:

[Bug 1928648] Re: expiring trust anchor compatibility issue

2021-09-15 Thread Dimitri John Ledkov
In xenial systemd autopkgtest only fails with boot-smoke FAIL: expected: '' actual: ' 1 graphical.target start waiting 92 rng-tools.servicestart running 101 systemd-update-utmp-runlevel.service start waiting 2 multi-user.targetstart

[Bug 1928648] Re: expiring trust anchor compatibility issue

2021-09-15 Thread Dimitri John Ledkov
On xenial lxc autopkgtest fails with "ERROR: Unable to fetch GPG key from keyserver." due to using keyserver that is no longer available on the internet. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1928648] Re: expiring trust anchor compatibility issue

2021-09-15 Thread Dimitri John Ledkov
# dpkg-query -W gnutls-bin libgnutls30 gnutls-bin 3.5.18-1ubuntu1.4 libgnutls30:amd64 3.5.18-1ubuntu1.4 # gnutls-cli --x509cafile=ca.pem expired-root-ca-test.germancoding.com Processed 2 CA certificate(s). Resolving 'expired-root-ca-test.germancoding.com:443'... Connecting to

[Bug 1928648] Re: expiring trust anchor compatibility issue

2021-09-15 Thread Dimitri John Ledkov
# gnutls-cli --x509cafile=ca.pem expired-root-ca-test.germancoding.com Processed 2 CA certificate(s). Resolving 'expired-root-ca-test.germancoding.com'... Connecting to '2a01:4f8:151:506c::2:443'... ... - Status: The certificate is NOT trusted. The certificate chain uses expired certificate. ***

[Bug 1940528] Re: curl 7.68 does not init OpenSSL correctly

2021-09-14 Thread Dimitri John Ledkov
** Changed in: curl (Ubuntu Focal) Assignee: (unassigned) => Dimitri John Ledkov (xnox) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940528 Title: curl 7.68 does not init OpenSSL correc

[Bug 1940656] Re: Potential use after free bugs in 1.1.1

2021-09-14 Thread Dimitri John Ledkov
** Changed in: openssl (Ubuntu Focal) Status: Incomplete => In Progress ** Changed in: openssl (Ubuntu Focal) Assignee: (unassigned) => Robie Basak (racb) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1940656] Re: Potential use after free bugs in 1.1.1

2021-09-14 Thread Dimitri John Ledkov
I would agree that any hypothetical use-after-free / double-free errors are usually also security vulnerabilities. But these ones were discovered with static analysis and/or affecting engine use, in error conditions only. Thus connectivity must already be failing / denied, before one can trip

[Bug 1921518] Re: OpenSSL "double free" error

2021-09-14 Thread Dimitri John Ledkov
No I'm not able to reproduce the issues anymore. Hence I need detailed logs from you. Including tracebacks with debug symbols installed, and strace too. Because I have never seen "bus error" on my side. -- You received this bug notification because you are a member of Ubuntu Bugs, which is

[Bug 1943530] Re: link libkrb5 with openssl

2021-09-14 Thread Dimitri John Ledkov
krb5 (1.13~alpha1+dfsg-1) experimental; urgency=low [ Benjamin Kaduk ] * New upstream prerelease: - Add support for accessing KDCs via an https proxy using the MS-KKDCP protocol, using a plugin provided by the new krb5-k5tls package, which uses openssl for the TLS

[Bug 1943530] Re: link libkrb5 with openssl

2021-09-14 Thread Dimitri John Ledkov
** Tags added: rls-ii-incoming rls-jj-incoming -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1943530 Title: link libkrb5 with openssl To manage notifications about this bug go to:

[Bug 1942806] Re: Unmatched enable poweroff, LEDs, mmap PCI

2021-09-06 Thread Dimitri John Ledkov
** Description changed: [Impact]  * Unable to use gpio-poweroff driver to poweroff via u-boot/opensbi/kernel  * Unable to use LED colors  * Unable to mmap PCI resources  * Cherrypick dtb changes from meta-sifive 2021.08 release

[Bug 1942806] Re: Unmatched enable poweroff, LEDs, mmap PCI

2021-09-06 Thread Dimitri John Ledkov
** Description changed: [Impact] - * Unable to use gpio-poweroff driver to poweroff via u-boot/opensbi/kernel - * Unable to use LED colors - * Unable to mmap PCI resources +  * Unable to use gpio-poweroff driver to poweroff via u-boot/opensbi/kernel +  * Unable to use LED colors +  *

[Bug 1942806] [NEW] Unmatched enable poweroff, LEDs, mmap PCI

2021-09-06 Thread Dimitri John Ledkov
extensions, which is a step backwards. OpenSBI v0.1 will not be available in the future. ** Affects: linux-riscv (Ubuntu) Importance: Undecided Assignee: Dimitri John Ledkov (xnox) Status: In Progress ** Changed in: linux-riscv (Ubuntu) Assignee: (unassigned) => Dimitri J

[Bug 1939287] Re: dbgsym package is missing for ubuntu focal hwe kernel 5.11

2021-09-06 Thread Dimitri John Ledkov
The security PPA where 5.11.0-27 was built has "build dbgsyms" checked but not "publish dbgsyms" this seems odd, cause i would think it is useful to have access to published security ppa dbgsymbols. Removing debug symbols is not nice. However, surely we can make disk space savings the other way.

[Bug 1939287] Re: dbgsym package is missing for ubuntu focal hwe kernel 5.11

2021-09-06 Thread Dimitri John Ledkov
** Changed in: linux-hwe-5.11 (Ubuntu Focal) Assignee: (unassigned) => Dimitri John Ledkov (xnox) ** Changed in: linux-hwe-5.11 (Ubuntu) Assignee: (unassigned) => Dimitri John Ledkov (xnox) -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 1938748] Re: test_320_config_arm_pan from ubuntu_qrt_kernel_security failed on F-oracle-5.4 / H-oracle-5.11 ARM64

2021-09-03 Thread Dimitri John Ledkov
Imho we must enabled it, especially for Oracle, since compute nodes may be shared between multiple tenants. It would be also interesting to check if the hardware used with this kernel does not have errata / issues discussed in https://www.spinics.net/lists/arm-kernel/msg788470.html i.e. that it

[Bug 1940514] Re: It will prompt "Failed to unmount /oldroot" when shutdown or reboot

2021-09-02 Thread Dimitri John Ledkov
With "splash" in cmdline, on shutdown, desktop images start plymouth with graphical splash on a shutdown TTY such that one should be seeing animation (and any graphical or text messages should be hidden from the user). One should be able to use alt-ctrl-arrowkeys to switch back to tty1 to still

[Bug 1928679] Re: Support importing mokx keys into revocation list from the mok table

2021-09-01 Thread Dimitri John Ledkov
# grep CODENAME /etc/os-release VERSION_CODENAME=focal UBUNTU_CODENAME=focal # uname -r 5.11.0-34-generic dmesg: [0.797134] blacklist: Loading compiled-in revocation X.509 certificates [0.797696] Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing:

[Bug 1932029] Re: Support builtin revoked certificates

2021-09-01 Thread Dimitri John Ledkov
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1928679/comments/7 ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1928679] Re: Support importing mokx keys into revocation list from the mok table

2021-09-01 Thread Dimitri John Ledkov
# uname -r 5.11.0-34-generic # sudo keyctl list %:.platform 3 keys in keyring: 149920180: ---lswrv 0 0 asymmetric: Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53 434591909: ---lswrv 0 0 asymmetric: Canonical Ltd. Master Certificate Authority:

[Bug 1932029] Re: Support builtin revoked certificates

2021-09-01 Thread Dimitri John Ledkov
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1928679/comments/6 ** Tags removed: verification-needed-hirsute ** Tags added: verification-done-hirsute -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1942319] [NEW] When booting with UEFI, mokvar table and %:.platform keyring must be available

2021-09-01 Thread Dimitri John Ledkov
Public bug reported: When booting with UEFI, mokvar table and %:.platform keyring must be available ** Affects: linux-kvm (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1928679] Re: Support importing mokx keys into revocation list from the mok table

2021-09-01 Thread Dimitri John Ledkov
Disabled initrd less boot, and installing linux-generic kernel from proposed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928679 Title: Support importing mokx keys into revocation list from the

[Bug 1928679] Re: Support importing mokx keys into revocation list from the mok table

2021-09-01 Thread Dimitri John Ledkov
Verifying using hirsute: # uname -r 5.11.0-1014-kvm # grep CODENAME /etc/os-release VERSION_CODENAME=hirsute UBUNTU_CODENAME=hirsute # keyctl list %:.blacklist Can't find 'keyring:.blacklist' Upgraded kernel: # uname -r 5.11.0-1015-kvm # keyctl list %:.blacklist 1 key in keyring: 330780907:

[Bug 1928648] Re: expiring trust anchor compatibility issue

2021-08-31 Thread Dimitri John Ledkov
** Description changed: [Impact]  * gnutls28 fails to talk to letsencrypt website past September 2021, despite trusting the letsencrypt root certificate. [Test Plan]  * Import staging cert equivalent to ISRG Root X1

[Bug 1836144] Re: report build full log if failing under autopkgtest

2021-08-31 Thread Dimitri John Ledkov
for failed results, in artifacts, all make.logs are stored and available for download and inspection. ** Changed in: dkms (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1921518] Re: OpenSSL "double free" error

2021-08-27 Thread Dimitri John Ledkov
@Vladimir This is an improvement. Previously we were getting: double free or corruption (out) But now it is: Bus error So some progress has been made. Can you please install debug symbols, and generate a complete traceback with debug symbols? or a core dump with debug symbols? (libcurl4-dbgsym

[Bug 1941622] Re: Bump unmatched CPU clock rate to 1.5GHz

2021-08-27 Thread Dimitri John Ledkov
** Changed in: u-boot (Ubuntu) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941622 Title: Bump unmatched CPU clock rate to 1.5GHz To manage notifications about

[Bug 1928989] Re: expiring trust anchor compatibility issue

2021-08-27 Thread Dimitri John Ledkov
Attempted trusty backport, but failing at making it pass all the existing unit tests. Asking for help. At the moment it seems to me that trusty will remain unfixed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1941904] [NEW] Check if letsencrypt clients support configuring shorter chains

2021-08-27 Thread Dimitri John Ledkov
Public bug reported: See https://community.letsencrypt.org/t/openssl-client-compatibility- changes-for-let-s-encrypt-certificates/143816 Check if letsencrypt clients support configuring shorter chains ** Affects: python-certbot (Ubuntu) Importance: Undecided Status: New **

[Bug 1928648] Re: expiring trust anchor compatibility issue

2021-08-27 Thread Dimitri John Ledkov
** Changed in: gnutls28 (Ubuntu Xenial) Assignee: (unassigned) => Dimitri John Ledkov (xnox) ** Changed in: gnutls28 (Ubuntu Xenial) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1928648] Re: expiring trust anchor compatibility issue

2021-08-27 Thread Dimitri John Ledkov
** Patch added: "bionic_gnutls28_content.diff" https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1928648/+attachment/5521238/+files/bionic_gnutls28_content.diff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1940635] Re: systemd-networkd failing to acquire a DHCP6 lease from dnsmasq on armhf

2021-08-26 Thread Dimitri John Ledkov
We must build armhf glibc which is y2038 safe, like our v5.1+ kernels are (bionic-hwe and up). Thus yes, glibc should assume TIME64 SYSCALLS, on armhf. Also, maybe our farm can move to focal and focal kernel; or like at least to bionic-hwe kernel. -- You received this bug notification because

[Bug 1912811] Re: Update dwarves-dfsg in focal to version 1.21 from hirsute

2021-08-26 Thread Dimitri John Ledkov
libbpf is meant to work with the bpf that kernel provides. In focal, newer versions of bpf toolchain are provided, because llvm is regularly backported. In focal, libbpf used to be vendored inside dwarves-dfsg and it is desired as a new package to i.e. build linux bpf tools, and because focal

[Bug 1936237] Re: use the upstream version for the kernel packaging

2021-08-26 Thread Dimitri John Ledkov
** Changed in: linux (Ubuntu) Status: Incomplete => Triaged ** Tags added: apport-collected -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1936237 Title: use the upstream version for the

[Bug 1921518] Re: OpenSSL "double free" error

2021-08-26 Thread Dimitri John Ledkov
Vladimir, I did this in the same location as before - https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4654 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921518 Title: OpenSSL "double

[Bug 1939379] Re: ARM kernel builds fail with GCC 11

2021-08-26 Thread Dimitri John Ledkov
@juerg From your autopkgtest result: Building module: cleaning build area... make -j4 KERNELRELEASE=5.13.0-1006-raspi -C /lib/modules/5.13.0-1006-raspi/build M=/var/lib/dkms/adv-17v35x/5.0.6.0-1/build cleaning build area... DKMS: build completed. Building module: cleaning build area...

[Bug 1921518] Re: OpenSSL "double free" error

2021-08-25 Thread Dimitri John Ledkov
1.1.1f-1ubuntu2.8 is security-only update to address CVE-2021-3711 & CVE-2021-3712 The fixes from this bug report have been rebased on top of the security- only update in the PPA provided earlier. It has been carrying 1.1.1f-1ubuntu2.9 since yesterday. ** CVE added:

[Bug 1928648] Re: expiring trust anchor compatibility issue

2021-08-25 Thread Dimitri John Ledkov
** Description changed: [Impact]  * gnutls28 fails to talk to letsencrypt website past September 2021, despite trusting the letsencrypt root certificate. [Test Plan]  * Import staging cert equivalent to ISRG Root X1

[Bug 1928648] Re: expiring trust anchor compatibility issue

2021-08-25 Thread Dimitri John Ledkov
** Changed in: gnutls28 (Ubuntu Bionic) Status: New => In Progress ** Changed in: gnutls28 (Ubuntu Precise) Status: New => Won't Fix ** Changed in: gnutls28 (Ubuntu Bionic) Assignee: (unassigned) => Dimitri John Ledkov (xnox) -- You received this bug notification be

[Bug 1941622] Re: Bump unmatched CPU clock rate to 1.5GHz

2021-08-25 Thread Dimitri John Ledkov
** No longer affects: linux-riscv (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941622 Title: Bump unmatched CPU clock rate to 1.5GHz To manage notifications about this bug go to:

[Bug 1941622] [NEW] Bump unmatched CPU clock rate to 1.5GHz

2021-08-25 Thread Dimitri John Ledkov
Public bug reported: [Impact] Bump unmatched CPU clock rate to 1.5GHz Multiple users report that running unmatched at 1.5GHz is stable, and gives one performance. Lets bump clock speed to 1.5GHz in u-boot and kernel. [Test Plan] * System with these patches boots, operates normally without

[Bug 1941610] Re: RM old binaries for superseded abi 1016 in focal-proposed

2021-08-25 Thread Dimitri John Ledkov
** Changed in: linux-restricted-modules-gcp-5.11 (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941610 Title: RM old binaries for superseded abi 1016

[Bug 1941612] Re: RM old binaries for superseded abi 1015 in focal-proposed

2021-08-25 Thread Dimitri John Ledkov
** Changed in: linux-restricted-modules-oracle-5.11 (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941612 Title: RM old binaries for superseded abi

[Bug 1941608] Re: RM old binaries for superseded abi 1015 in focal-proposed

2021-08-25 Thread Dimitri John Ledkov
** Changed in: linux-restricted-modules-aws-5.11 (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941608 Title: RM old binaries for superseded abi 1015

[Bug 1941612] [NEW] RM old binaries for superseded abi 1015 in focal-proposed

2021-08-25 Thread Dimitri John Ledkov
Public bug reported: oracle 5.11.0-1015 kernel is no longer published in focal. but nvidia modules for it remain in focal-proposed, preventing lrm- oracle-5.11 from migrating. please remove the following binaries: old binaries left on amd64 linux-modules-nvidia-390-5.11.0-1015-oracle

[Bug 1941610] [NEW] RM old binaries for superseded abi 1016 in focal-proposed

2021-08-25 Thread Dimitri John Ledkov
Public bug reported: gcp 5.11.0-1016 kernel is no longer published in focal. but nvidia modules for it remain in focal-proposed, preventing lrm- gcp-5.11 from migrating. please remove the following binaries: old binaries left on amd64: linux-modules-nvidia-390-5.11.0-1016-gcp

[Bug 1941608] [NEW] RM old binaries for superseded abi 1015 in focal-proposed

2021-08-25 Thread Dimitri John Ledkov
Public bug reported: aws 5.11.0-1015 kernel is no longer published in focal. but nvidia modules for it remain in focal-proposed, preventing lrm- aws-5.11 from migrating. please remove the following binaries: old binaries left on amd64: linux-modules-nvidia-390-5.11.0-1015-aws

[Bug 1939544] Re: Merge the 1.1.1k version from Debian

2021-08-25 Thread Dimitri John Ledkov
Please merge 1.1.1l with the CVE fixes -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1939544 Title: Merge the 1.1.1k version from Debian To manage notifications about this bug go to:

[Bug 1921518] Re: OpenSSL "double free" error

2021-08-24 Thread Dimitri John Ledkov
The updated openssl package does not change any behaviour w.r.t. config or engine use. It only has three patches applied to prevent potential use-after-free errors. It also relies on installing the new PKA engine with patches from github. Has the new PKA engine been recompiled and installed

[Bug 1940972] Re: v5.13 kernel ftrace selftest fails on riscv64 unmatched

2021-08-24 Thread Dimitri John Ledkov
[10052.121189] rcu: INFO: rcu_sched self-detected stall on CPU [10052.126125] rcu: 1-: (14995 ticks this GP) idle=a3a/1/0x4002 softirq=116019/116019 fqs=7426 [10080.057250] watchdog: BUG: soft lockup - CPU#1 stuck for 82s! [ftracetest:30662] [10124.057368] watchdog: BUG:

[Bug 1940972] Re: v5.13 kernel ftrace selftest fails on riscv64 unmatched

2021-08-24 Thread Dimitri John Ledkov
** Description changed: $ sudo make -C tools/testing/selftests TARGETS=ftrace run_tests ... # [32] ftrace - Max stack tracer [FAIL] ... + Testing using 5.13.0-1002.2 - Testing using 5.13.0-1002.2 + the full ftrace suite takes just over 2 hours on unmatched. -- You received

[Bug 1940972] [NEW] v5.13 kernel ftrace selftest fails on riscv64 unmatched

2021-08-24 Thread Dimitri John Ledkov
Public bug reported: $ sudo make -C tools/testing/selftests TARGETS=ftrace run_tests ... # [32] ftrace - Max stack tracer[FAIL] ... Testing using 5.13.0-1002.2 the full ftrace suite takes just over 2 hours on unmatched. ** Affects: ubuntu-kernel-tests Importance: Undecided

[Bug 1921518] Re: OpenSSL "double free" error

2021-08-23 Thread Dimitri John Ledkov
@vladimir sokolovsky Note, that the proposed PPA is built for all architectures, and all configurations of the packages in questions as used in Ubuntu. Meaning, they are all compiled in multiple configurations, which are mutually incompatible. To ensure one installs the upgraded packages suitable

[Bug 1832356] Re: Upgrade OpenSSH to 7.9p1-10 or better in stable series

2021-08-23 Thread Dimitri John Ledkov
** Changed in: openssh (Ubuntu Bionic) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1832356 Title: Upgrade OpenSSH to 7.9p1-10 or better in stable series To

[Bug 1940711] Re: sign-efi-sig-list uses PKCS7 for variable updates

2021-08-23 Thread Dimitri John Ledkov
** Tags added: rls-ff-incoming -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940711 Title: sign-efi-sig-list uses PKCS7 for variable updates To manage notifications about this bug go to:

[Bug 1940296] Re: SIGSEGV instead of EINVAL with invalid timer id in timer_delete() glibc 2.33

2021-08-23 Thread Dimitri John Ledkov
/* Check whether timer is valid; global mutex must be held. */ static inline int timer_valid (struct timer_node *timer) { return timer && timer->inuse == TIMER_INUSE; } if some memory, casted to a timer_node struct, happens to have inuse field match the value of TIMER_INUSE the validation

[Bug 1940296] Re: SIGSEGV instead of EINVAL with invalid timer id in timer_delete() glibc 2.33

2021-08-23 Thread Dimitri John Ledkov
** Also affects: glibc via https://sourceware.org/bugzilla/show_bug.cgi?id=28257 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940296 Title:

[Bug 1921518] Re: OpenSSL "double free" error

2021-08-20 Thread Dimitri John Ledkov
New curl & openssl will take some time to appear in focal-updates, as focal-updates are frozen for 20.04.3 release on 26th of August at the moment. See https://discourse.ubuntu.com/t/focal-fossa-20-04-3-lts-point- release-status-tracking/22948 -- You received this bug notification because you

[Bug 1921518] Re: OpenSSL "double free" error

2021-08-20 Thread Dimitri John Ledkov
Whilst I have identified broken/racy/incomplete behaviours in both curl and openssl in ubuntu focal 20.04 and created SRUs for them in the above mentioned bug reports; these do not fix crashes of the old PKA 1.0.0 engine. Also PKA 1.0.0 does not appear to be compatible with 20.04 userspace

[Bug 1921518] Re: OpenSSL "double free" error

2021-08-20 Thread Dimitri John Ledkov
Openssl bug report https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1940656 ** Changed in: openssl (Ubuntu) Status: New => Incomplete ** Changed in: openssl (Ubuntu Focal) Status: New => Incomplete ** Changed in: openssl (Ubuntu Focal) Importance: Critical => Undecided

[Bug 1940656] Re: Potential use after free bugs in 1.1.1

2021-08-20 Thread Dimitri John Ledkov
** Patch added: "lp-1940656-3-engine-fix-double-free-on-error-path.patch" https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1940656/+attachment/5519403/+files/lp-1940656-3-engine-fix-double-free-on-error-path.patch -- You received this bug notification because you are a member of Ubuntu

[Bug 1940656] Re: Potential use after free bugs in 1.1.1

2021-08-20 Thread Dimitri John Ledkov
** Patch added: "lp-1940656-1-srp-fix-double-free.patch" https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1940656/+attachment/5519401/+files/lp-1940656-1-srp-fix-double-free.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to

[Bug 1940656] Re: Potential use after free bugs in 1.1.1

2021-08-20 Thread Dimitri John Ledkov
** Patch added: "lp-1940656-4-Prevent-use-after-free-of-global_engine_lock.patch" https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1940656/+attachment/5519404/+files/lp-1940656-4-Prevent-use-after-free-of-global_engine_lock.patch -- You received this bug notification because you are a

[Bug 1940656] Re: Potential use after free bugs in 1.1.1

2021-08-20 Thread Dimitri John Ledkov
** Patch added: "lp-1940656-2-ts-fix-double-free-on-error-path.patch" https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1940656/+attachment/5519402/+files/lp-1940656-2-ts-fix-double-free-on-error-path.patch -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 1940656] [NEW] Potential use after free bugs in 1.1.1

2021-08-20 Thread Dimitri John Ledkov
Public bug reported: [Impact]  * There have been multiple use-after-free bugs fixed in OpenSSL 1.1.1 stable branches which have not yet been applied in Focal. They are difficult to reproduce, often require an engine to be used, and somehow fail, as these use-after-free bugs are all in error

[Bug 1940528] Re: curl 7.68 does not init OpenSSL correctly

2021-08-19 Thread Dimitri John Ledkov
Building test package in https://launchpad.net/~ci-train-ppa- service/+archive/ubuntu/4654 But also uploaded it into focal unapproved, which is currently soft frozen. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1921518] Re: OpenSSL "double free" error

2021-08-19 Thread Dimitri John Ledkov
Curl bug report https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1940528 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921518 Title: OpenSSL "double free" error To manage notifications about

[Bug 1940528] Re: curl 7.68 does not init OpenSSL correctly

2021-08-19 Thread Dimitri John Ledkov
** Patch added: "lp1940528-openssl-use-OPENSSL_init_ssl-with-1.1.0.patch" https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1940528/+attachment/5519059/+files/lp1940528-openssl-use-OPENSSL_init_ssl-with-1.1.0.patch -- You received this bug notification because you are a member of Ubuntu

[Bug 1940528] [NEW] curl 7.68 does not init OpenSSL correctly

2021-08-19 Thread Dimitri John Ledkov
Public bug reported: [Impact] * curl 7.68 does not correctly use OpenSSL 1.1.0+ api to init OpenSSL global state prior to executing any OpenSSL APIs. This may lead to duplicate engine initiation, which upon engine unload may cause use- after-free or double-free of any methods that engine

[Bug 1921518] Re: OpenSSL "double free" error

2021-08-19 Thread Dimitri John Ledkov
Found curl missuse of openssl api; Found missing use-after-free fixes in openssl; in addition to the pka engine fixes that are possible. Imho all three should be fixed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1921518] Re: OpenSSL "double free" error

2021-08-19 Thread Dimitri John Ledkov
Cannot reproduce the issue when using `openssl s_client -connect` or when using `wget` so it is specific to curl + openssl + engine at the moment. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921518

[Bug 1921518] Re: OpenSSL "double free" error

2021-08-18 Thread Dimitri John Ledkov
It appears that engine is destroyed multiple times. Please see https://github.com/Mellanox/pka/pull/37 which can help to guard against that. Meanwhile I'm continuing to research as to why engine is destroyed multiple times. -- You received this bug notification because you are a member of

[Bug 1921518] Re: OpenSSL "double free" error

2021-08-18 Thread Dimitri John Ledkov
** Changed in: openssl (Ubuntu) Importance: Undecided => Critical ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1921518 Title:

[Bug 1940426] Re: Disable ftrace of sbi functions

2021-08-18 Thread Dimitri John Ledkov
** Also affects: linux-riscv-5.11 (Ubuntu) Importance: Undecided Status: New ** No longer affects: linux-riscv-5.11 (Ubuntu Hirsute) ** Changed in: linux-riscv-5.11 (Ubuntu) Status: New => Invalid ** Changed in: linux-riscv-5.11 (Ubuntu Focal) Status: New => Confirmed

[Bug 1934548] Re: RISC-V: Illegal instruction

2021-08-18 Thread Dimitri John Ledkov
** Also affects: linux-riscv (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: linux-riscv-5.11 (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: linux-riscv (Ubuntu Focal) Status: New => Won't Fix ** Changed in: linux-riscv-5.11 (Ubuntu

[Bug 1940426] [NEW] Disable ftrace of sbi functions

2021-08-18 Thread Dimitri John Ledkov
Public bug reported: [Impact] * A kernel build can fail to boot with Oops and illegal instruction as seen at https://bugs.launchpad.net/ubuntu/+source/linux- riscv-5.11/+bug/1934548 on Unmatched board. * One cannot frace functions, used in frace setup. On RISC-V these are sbi calls to

[Bug 1928989] Re: expiring trust anchor compatibility issue

2021-08-18 Thread Dimitri John Ledkov
psqlodbc confuses me, as if clusters fail to create. Seems unrelated to openssl changes. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928989 Title: expiring trust anchor compatibility issue To

[Bug 1912811] Re: Update dwarves-dfsg in focal to version 1.21 from hirsute

2021-08-18 Thread Dimitri John Ledkov
groovy is EOL hence marking groovy task wont-fix. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912811 Title: Update dwarves-dfsg in focal to version 1.21 from hirsute To manage notifications

[Bug 1912811] Re: Update dwarves-dfsg in focal to version 1.21 from hirsute

2021-08-18 Thread Dimitri John Ledkov
backports is no good, as it needs to be kernel's build-dep. and most kernels are built in -security only pocket. also, nothing else really uses these, apart from kernel. And kernels have stop using these, because they are too old in focal. ** Changed in: dwarves-dfsg (Ubuntu Focal)

[Bug 1935082] Re: [MIR] egl-wayland

2021-08-18 Thread Dimitri John Ledkov
kernel-packages is now subscribed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1935082 Title: [MIR] egl-wayland To manage notifications about this bug go to:

[Bug 1938588] Re: Ubuntu Server 18.04.5 install fails: TSC_DEADLINE disabled due to errata

2021-08-17 Thread Dimitri John Ledkov
inclusion of the package on the iso is one thing; it is a different thing to build the boot initrd with microcode included. I do not believe that d-i base installation media ever create d-i initrd with microcode included. Thus even if package is included on the ISO it will not be present in the

[Bug 1939937] Re: ath10k: "add target IRAM recovery feature support" breaks QCA9984 Firmware load capability

2021-08-17 Thread Dimitri John Ledkov
** Changed in: linux (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1939937 Title: ath10k: "add target IRAM recovery feature support" breaks QCA9984 Firmware

[Bug 1939937] Re: ath10k: "add target IRAM recovery feature support" breaks QCA9984 Firmware load capability

2021-08-17 Thread Dimitri John Ledkov
** Tags added: hirsute impish patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1939937 Title: ath10k: "add target IRAM recovery feature support" breaks QCA9984 Firmware load capability To

[Bug 1940080] [NEW] ubuntu-kernel-selftests.ftrace fails on riscv64

2021-08-16 Thread Dimitri John Ledkov
Public bug reported: 08/12 22:10:03 DEBUG| utils:0153| [stdout] # === Ftrace unit tests === 08/12 22:10:07 DEBUG| utils:0153| [stdout] # [1] Basic trace file check [PASS] 08/12 22:10:45 DEBUG| utils:0153| [stdout] # [2] Basic test for tracers [PASS] 08/12 22:10:51 DEBUG|

[Bug 1939887] Re: ubuntu_kernel_selftests.net times out on riscv64 unmatched hirsute & focal mailing multi_check_sendfile tests terminated by timeout in multiple tls 12 13 configurations

2021-08-16 Thread Dimitri John Ledkov
*** This bug is a duplicate of bug 1900644 *** https://bugs.launchpad.net/bugs/1900644 ** Summary changed: - ubuntu_kernel_selftests.net times out on riscv64 unmatched hirsute & focal + ubuntu_kernel_selftests.net times out on riscv64 unmatched hirsute & focal mailing multi_check_sendfile

[Bug 1939887] Re: ubuntu_kernel_selftests.net times out on riscv64 unmatched hirsute & focal

2021-08-16 Thread Dimitri John Ledkov
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1939887 Title: ubuntu_kernel_selftests.net times out on riscv64 unmatched hirsute & focal To manage notifications about this bug go to:

[Bug 1905728] Re: log_check / tainted_check failed in ubuntu_boot because of warnings (Found insecure W+X mapping at address) found on F/G/H-riscv

2021-08-16 Thread Dimitri John Ledkov
v5.13 in impish-proposed has this fixed on riscv. it will not be backported to earlier series, hence marking hirsute as wontfix. ** Changed in: linux (Ubuntu Impish) Status: Confirmed => Fix Committed ** Changed in: linux (Ubuntu Hirsute) Status: New => Won't Fix ** Changed in:

[Bug 1939887] Re: selftests net times out

2021-08-16 Thread Dimitri John Ledkov
** Also affects: ubuntu-kernel-tests Importance: Undecided Status: New ** Tags added: focal riscv64 ** Summary changed: - selftests net times out + ubuntu_kernel_selftests.net times out on riscv64 unmatched hirsute & focal -- You received this bug notification because you are a

[Bug 1935082] Re: [MIR] egl-wayland

2021-08-13 Thread Dimitri John Ledkov
Symbols tracking has been added in https://launchpad.net/ubuntu/+source/egl-wayland/1:1.1.7-2 which is not migrating as it is stuck behind glibc ADT test is hard to provide => functional one needs nvidia graphics cards that are not present in ADT; and compile test is equally hard given that it is

[Bug 1934548] Re: RISC-V: Illegal instruction

2021-08-13 Thread Dimitri John Ledkov
Focal ubuntu@ubuntu:~$ dmesg | grep gcc [0.00] Linux version 5.11.0-1017-generic (buildd@riscv64-qemu-lcy01-062) (gcc-10 (Ubuntu 10.3.0-1ubuntu1~20.04) 10.3.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #18~20.04.1-Ubuntu SMP Thu Aug 12 00:38:00 UTC 2021 (Ubuntu

[Bug 1939887] [NEW] selftests net times out

2021-08-13 Thread Dimitri John Ledkov
Public bug reported: 872621:59:37 INFO | Timer expired (1800 sec.), nuking pid 10418 872721:59:38 INFO | ERROR ubuntu_kernel_selftests.netubuntu_kernel_selftests.net timestamp=1628805578localtime=Aug 12 21:59:38

[Bug 1934548] Re: RISC-V: Illegal instruction

2021-08-13 Thread Dimitri John Ledkov
Hirsute: $ uname -a Linux ubuntu 5.11.0-1017-generic #18-Ubuntu SMP Wed Aug 11 18:02:14 UTC 2021 riscv64 riscv64 riscv64 GNU/Linux $ systemctl is-system-running running $ sudo dmesg | grep gcc [0.00] Linux version 5.11.0-1017-generic (buildd@riscv64-qemu-lcy01-065) (gcc (Ubuntu

[Bug 1928989] Re: expiring trust anchor compatibility issue

2021-08-12 Thread Dimitri John Ledkov
Download of canonical.com with faketime 2021-10-01 also works. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928989 Title: expiring trust anchor compatibility issue To manage notifications about

[Bug 1928989] Re: expiring trust anchor compatibility issue

2021-08-12 Thread Dimitri John Ledkov
ruby2.3 is not a regression on all other arches, not sure why s390x is the only "working" arch with failing test. retried psqlodbc -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928989 Title:

[Bug 1928989] Re: expiring trust anchor compatibility issue

2021-08-12 Thread Dimitri John Ledkov
Reproduced the bug with: # dpkg-query -W libssl1.0.0 openssl libssl1.0.0:amd64 1.0.2g-1ubuntu4.19 openssl 1.0.2g-1ubuntu4.19 # openssl s_client -connect expired-root-ca-test.germancoding.com:443 -servername expired-root-ca-test.germancoding.com -verify 1 -verifyCAfile ca.pem verify depth

[Bug 1928989] Re: expiring trust anchor compatibility issue

2021-08-12 Thread Dimitri John Ledkov
python3.5 ADT regression is in xenial-updates regression, because the test certificates it uses have expired. ** Tags removed: verification-needed verification-needed-xenial ** Tags added: verification-done verification-done-xenial -- You received this bug notification because you are a member

[Bug 1934548] Re: RISC-V: Illegal instruction

2021-08-11 Thread Dimitri John Ledkov
** Changed in: linux-riscv (Ubuntu) Status: In Progress => Fix Committed ** Changed in: linux-riscv-5.11 (Ubuntu) Status: In Progress => Fix Committed ** Also affects: linux-riscv (Ubuntu Hirsute) Importance: Undecided Status: New ** Also affects: linux-riscv-5.11

  1   2   3   4   5   6   7   8   9   10   >