[Touch-packages] [Bug 1921518] Re: OpenSSL "double free" error
following my request, OpenSSL just integrated a fix to avoid loading an engine twice even if the configuration is parsed more than once: https://github.com/openssl/openssl/commit/9b06ebb1edfddffea083ba36090af7eb7cad207b Integrating this patch in the existing OpenSSL 1.1.1 package (or at least packaging the relevant OpenSSL 1.1.1 version that will include it) will ensure that no additional project will crash if it uses an engine (such as PKA) and the configuration is parsed twice. In the long term, this aims to be a robust solution to this double-load issue, so that instead of playing whack-a-mole on all 3rd party projects that might load the config twice, the issue will be resolved at OpenSSL itself. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wget in Ubuntu. https://bugs.launchpad.net/bugs/1921518 Title: OpenSSL "double free" error Status in wget package in Ubuntu: Fix Released Status in wget source package in Focal: Fix Committed Bug description: [Impact] openssl config file is being loaded twice, causing engines to be loaded twice if specified therein, causing double free errors and other strange behavior. [Test plan] Run the command of the package being tested in gdb -ex "break CONF_modules_load_file" -ex "run" --args and make sure it only breaks one. Regression test: In default Ubuntu configuration, either no openssl configuration is provided, or it contains no settings that affect wget. This code path changes how/when openssl configuration is loaded and used by openssl. One should verify that: 1) wget continues to work without openssl.cnf 2) wget continues to work with stock ubuntu unmodified openssl.cnf 3) wget continue to honor and use custom TLS settings that one may have specified in openssl.cnf (for example custom engine) [Where problems could occur] wget: This is an upstream change that changes initialization and is in use in later releases. Since it mostly removes an unneeded call to the load file function, a regression could be a config file being ignored, but it seems unlikely given the use in later releases [Original bug report] "double free" error is seen when using curl utility. Error is from libcrypto.so which is part of the OpenSSL package. This happens only when OpenSSL is configured to use a dynamic engine. OpenSSL version is 1.1.1f The issue is not encountered if http://www.openssl.org/source/openssl-1.1.1f.tar.gz is used instead. OpenSSL can be configured to use a dynamic engine by editing the default openssl config file which is located at '/etc/ssl/openssl.cnf' on Ubuntu systems. On Bluefield systems, config diff to enable PKA dynamic engine, is as below: +openssl_conf = conf_section + # Extra OBJECT IDENTIFIER info: #oid_file = $ENV::HOME/.oid oid_section= new_oids +[ conf_section ] +engines = engine_section + +[ engine_section ] +bf = bf_section + +[ bf_section ] +engine_id=pka +dynamic_path=/usr/lib/aarch64-linux-gnu/engines-1.1/pka.so +init=0 + engine_id above refers to dynamic engine name/identifier. dynamic_path points to the .so file for the dynamic engine. # curl -O https://tpo.pe/pathogen.vim double free or corruption (out) Aborted (core dumped) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1921518/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1951279] Re: OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds
I am encountering the same issue. IMHO there needs to be a newer OpenSSL release for 20.04 LTS included in the repos. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1951279 Title: OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds Status in openssl package in Ubuntu: Incomplete Bug description: Description --- It seems that current Ubuntu 20.04 (Focal) distribution for Arm64/Aarch64 raise a segmentation fault when certain validates some certificates. This issue affects only to Arm64/Aarch64 all the tools statically or dynamically linked with this version of the library are affected (Libcurl4, Curl, Wget, OpenJDK, Curl-PHP, etc). Environment and platform Linux 5.4.0-89-generic #100-Ubuntu SMP Fri Sep 24 14:29:20 UTC 2021 aarch64 aarch64 aarch64 GNU/Linux Steps to reproduce -- 1. Run: curl -v https://graph.facebook.com/v12.0/act_111/ or wget https://graph.facebook.com/v12.0/act_111/ Result received --- Segmentation fault (core dumped) Notes - This bug was found by the Curl users: See: https://github.com/curl/curl/issues/8024 I believe that this bug is related to https://ubuntu.com/security/CVE-2020-1967 that maybe used as a vector point for code injection. Actually there isn't any replacement for OpenSSL 1.1.1f for Focal (Arm64), so it makes difficult to use Ubuntu 20.04 in a production environment. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1951279/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871959] Re: Xorg crashed with SIGABRT in _iris_batch_flush from iris_fence_flush()
Bug 1918855 is fixed in focal and up, so if you still have crashes then that was not your bug/fix. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mesa in Ubuntu. https://bugs.launchpad.net/bugs/1871959 Title: Xorg crashed with SIGABRT in _iris_batch_flush from iris_fence_flush() Status in Mesa: Unknown Status in mesa package in Ubuntu: Confirmed Bug description: https://errors.ubuntu.com/problem/23a23997d8d3287584722beeaee600306df3a1bf https://errors.ubuntu.com/problem/d9ee437c6ea3330d18aecaa0d3e07f71ca0c8d1a https://errors.ubuntu.com/problem/a960bab710b867c695551df03b8207cdc0da9a6f --- nothing particular done to trigger this, just opening the lid apparently crashed the x server (ubuntu 20.04); then after reboot apport prompted me to report a crash ProblemType: Crash DistroRelease: Ubuntu 20.04 Package: xserver-xorg-core 2:1.20.7-2ubuntu2 ProcVersionSignature: Ubuntu 5.4.0-12.15-generic 5.4.8 Uname: Linux 5.4.0-12-generic x86_64 ApportVersion: 2.20.11-0ubuntu25 Architecture: amd64 CompositorRunning: None CurrentDesktop: GNOME-Greeter:GNOME Date: Fri Apr 10 00:50:52 2020 DistUpgraded: 2019-12-20 18:35:39,979 DEBUG Running PostInstallScript: './xorg_fix_proprietary.py' DistributionChannelDescriptor: # This is the distribution channel descriptor for the OEM CDs # For more information see http://wiki.ubuntu.com/DistributionChannelDescriptor canonical-oem-somerville-bionic-amd64-20180608-47+north-bay-14-15-15p+X56 DistroCodename: focal DistroVariant: ubuntu ExecutablePath: /usr/lib/xorg/Xorg ExtraDebuggingInterest: Yes GraphicsCard: Intel Corporation UHD Graphics 620 (Whiskey Lake) [8086:3ea0] (rev 02) (prog-if 00 [VGA controller]) Subsystem: Dell UHD Graphics 620 (Whiskey Lake) [1028:08b9] InstallationDate: Installed on 2019-11-27 (134 days ago) InstallationMedia: Ubuntu 18.04 "Bionic" - Build amd64 LIVE Binary 20180608-09:38 Lsusb: Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 002: ID 0bda:5532 Realtek Semiconductor Corp. Integrated_Webcam_HD Bus 001 Device 003: ID 8087:0029 Intel Corp. Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub MachineType: Dell Inc. Latitude 5500 ProcCmdline: /usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/120/gdm/Xauthority -background none -noreset -keeptty -verbose 3 ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-12-generic root=UUID=559b7a9d-8198-424b-8812-ea72c10f013e ro mem_sleep_default=deep quiet splash vt.handoff=7 Signal: 6 SourcePackage: xorg-server StacktraceTop: __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 __GI_abort () at abort.c:79 ?? () from /usr/lib/x86_64-linux-gnu/dri/iris_dri.so ?? () from /usr/lib/x86_64-linux-gnu/dri/iris_dri.so ?? () from /usr/lib/x86_64-linux-gnu/dri/iris_dri.so Title: Xorg crashed with SIGABRT in __GI_raise() UpgradeStatus: Upgraded to focal on 2019-12-20 (111 days ago) UserGroups: dmi.bios.date: 08/21/2019 dmi.bios.vendor: Dell Inc. dmi.bios.version: 1.5.1 dmi.board.name: 0M14W7 dmi.board.vendor: Dell Inc. dmi.board.version: A01 dmi.chassis.type: 10 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvr1.5.1:bd08/21/2019:svnDellInc.:pnLatitude5500:pvr:rvnDellInc.:rn0M14W7:rvrA01:cvnDellInc.:ct10:cvr: dmi.product.family: Latitude dmi.product.name: Latitude 5500 dmi.product.sku: 08B9 dmi.sys.vendor: Dell Inc. separator: version.compiz: compiz N/A version.libdrm2: libdrm2 2.4.100-4 version.libgl1-mesa-dri: libgl1-mesa-dri 20.0.4-1ubuntu1 version.libgl1-mesa-glx: libgl1-mesa-glx 20.0.4-1ubuntu1 version.xserver-xorg-core: xserver-xorg-core 2:1.20.7-2ubuntu2 version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-1 version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.917+git20190815-1 version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.16-1 To manage notifications about this bug go to: https://bugs.launchpad.net/mesa/+bug/1871959/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1951943] [NEW] Engine crashes when loading the configuration more than once
Public bug reported: [Impact] * Engine crashes when loading the configuration more than once * Upstream started to avoid loading engines twice by using dynamic ids to track the loaded engines correctly * OpenSSL 3 merge https://github.com/openssl/openssl/pull/17073 (bugfix & testcase) * OpenSSL 1.1.1 backports: https://github.com/openssl/openssl/commit/9b06ebb1edfddffea083ba36090af7eb7cad207b (bugfix) https://github.com/openssl/openssl/pull/17083 (test case) [Test Plan] * https://github.com/openssl/openssl/issues/17023 lists multiple ways how one can trigger the issue at hand, but also test case implements this issue too by explicitly attempting to load an engine multiple times and checking that it is operational. [Where problems could occur] * Separately we have started to fix userspace packages that needlessly load configuration files multiple times, which used to trigger this issue. The codepaths changed are with engine use, how they are loaded/unloaded/used. It is possible that this fix will make some engines to start working and be used resulting in new behaviour. But also exposing bugs in the engines that previously were installed & configured but not actually used. [Other Info] * Previous bug reports about this issues are: https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1921518 https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1940528 ** Affects: openssl (Ubuntu) Importance: Undecided Status: New ** Affects: openssl (Ubuntu Bionic) Importance: Undecided Status: New ** Affects: openssl (Ubuntu Focal) Importance: Undecided Status: New ** Affects: openssl (Ubuntu Hirsute) Importance: Undecided Status: New ** Affects: openssl (Ubuntu Impish) Importance: Undecided Status: New ** Affects: openssl (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: openssl (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: openssl (Ubuntu Impish) Importance: Undecided Status: New ** Also affects: openssl (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: openssl (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: openssl (Ubuntu Hirsute) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1951943 Title: Engine crashes when loading the configuration more than once Status in openssl package in Ubuntu: New Status in openssl source package in Bionic: New Status in openssl source package in Focal: New Status in openssl source package in Hirsute: New Status in openssl source package in Impish: New Status in openssl source package in Jammy: New Bug description: [Impact] * Engine crashes when loading the configuration more than once * Upstream started to avoid loading engines twice by using dynamic ids to track the loaded engines correctly * OpenSSL 3 merge https://github.com/openssl/openssl/pull/17073 (bugfix & testcase) * OpenSSL 1.1.1 backports: https://github.com/openssl/openssl/commit/9b06ebb1edfddffea083ba36090af7eb7cad207b (bugfix) https://github.com/openssl/openssl/pull/17083 (test case) [Test Plan] * https://github.com/openssl/openssl/issues/17023 lists multiple ways how one can trigger the issue at hand, but also test case implements this issue too by explicitly attempting to load an engine multiple times and checking that it is operational. [Where problems could occur] * Separately we have started to fix userspace packages that needlessly load configuration files multiple times, which used to trigger this issue. The codepaths changed are with engine use, how they are loaded/unloaded/used. It is possible that this fix will make some engines to start working and be used resulting in new behaviour. But also exposing bugs in the engines that previously were installed & configured but not actually used. [Other Info] * Previous bug reports about this issues are: https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1921518 https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1940528 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1951943/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1921518] Re: OpenSSL "double free" error
Thank you for working with OpenSSL upstream, explaining the issue at hand, for everyone to eventually understand what is going on, and finally coming up with a solution on the OpenSSL side of the APIs that is accepted by upstream into development v3 branch and stable 1.1.1 branch. I have started paperwork to pick up these changes at https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1951943 As far as I can tell it would be desirable to ship in 5 current Ubuntu stable series, hence using a new bug to track landing those updates. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wget in Ubuntu. https://bugs.launchpad.net/bugs/1921518 Title: OpenSSL "double free" error Status in wget package in Ubuntu: Fix Released Status in wget source package in Focal: Fix Committed Bug description: [Impact] openssl config file is being loaded twice, causing engines to be loaded twice if specified therein, causing double free errors and other strange behavior. [Test plan] Run the command of the package being tested in gdb -ex "break CONF_modules_load_file" -ex "run" --args and make sure it only breaks one. Regression test: In default Ubuntu configuration, either no openssl configuration is provided, or it contains no settings that affect wget. This code path changes how/when openssl configuration is loaded and used by openssl. One should verify that: 1) wget continues to work without openssl.cnf 2) wget continues to work with stock ubuntu unmodified openssl.cnf 3) wget continue to honor and use custom TLS settings that one may have specified in openssl.cnf (for example custom engine) [Where problems could occur] wget: This is an upstream change that changes initialization and is in use in later releases. Since it mostly removes an unneeded call to the load file function, a regression could be a config file being ignored, but it seems unlikely given the use in later releases [Original bug report] "double free" error is seen when using curl utility. Error is from libcrypto.so which is part of the OpenSSL package. This happens only when OpenSSL is configured to use a dynamic engine. OpenSSL version is 1.1.1f The issue is not encountered if http://www.openssl.org/source/openssl-1.1.1f.tar.gz is used instead. OpenSSL can be configured to use a dynamic engine by editing the default openssl config file which is located at '/etc/ssl/openssl.cnf' on Ubuntu systems. On Bluefield systems, config diff to enable PKA dynamic engine, is as below: +openssl_conf = conf_section + # Extra OBJECT IDENTIFIER info: #oid_file = $ENV::HOME/.oid oid_section= new_oids +[ conf_section ] +engines = engine_section + +[ engine_section ] +bf = bf_section + +[ bf_section ] +engine_id=pka +dynamic_path=/usr/lib/aarch64-linux-gnu/engines-1.1/pka.so +init=0 + engine_id above refers to dynamic engine name/identifier. dynamic_path points to the .so file for the dynamic engine. # curl -O https://tpo.pe/pathogen.vim double free or corruption (out) Aborted (core dumped) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1921518/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1921518] Re: OpenSSL "double free" error
for 1.20.3-1ubuntu2 in focal: I have verified the configuration file is only loaded once, and 1) and 2) but 3) I did not manage to do. I tried this before the SRU with like setting min TLS to 1.3 and check it's respected, but that did nothing, and I don't have a custom engine handy that I could check is working wrt wget. Maybe someone else can verify that or point me at a guide. The "The fix was verified for wget and curl." statement is unfortunately not sufficient, it does not mention the version tested nor the testing procedure. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wget in Ubuntu. https://bugs.launchpad.net/bugs/1921518 Title: OpenSSL "double free" error Status in wget package in Ubuntu: Fix Released Status in wget source package in Focal: Fix Committed Bug description: [Impact] openssl config file is being loaded twice, causing engines to be loaded twice if specified therein, causing double free errors and other strange behavior. [Test plan] Run the command of the package being tested in gdb -ex "break CONF_modules_load_file" -ex "run" --args and make sure it only breaks one. Regression test: In default Ubuntu configuration, either no openssl configuration is provided, or it contains no settings that affect wget. This code path changes how/when openssl configuration is loaded and used by openssl. One should verify that: 1) wget continues to work without openssl.cnf 2) wget continues to work with stock ubuntu unmodified openssl.cnf 3) wget continue to honor and use custom TLS settings that one may have specified in openssl.cnf (for example custom engine) [Where problems could occur] wget: This is an upstream change that changes initialization and is in use in later releases. Since it mostly removes an unneeded call to the load file function, a regression could be a config file being ignored, but it seems unlikely given the use in later releases [Original bug report] "double free" error is seen when using curl utility. Error is from libcrypto.so which is part of the OpenSSL package. This happens only when OpenSSL is configured to use a dynamic engine. OpenSSL version is 1.1.1f The issue is not encountered if http://www.openssl.org/source/openssl-1.1.1f.tar.gz is used instead. OpenSSL can be configured to use a dynamic engine by editing the default openssl config file which is located at '/etc/ssl/openssl.cnf' on Ubuntu systems. On Bluefield systems, config diff to enable PKA dynamic engine, is as below: +openssl_conf = conf_section + # Extra OBJECT IDENTIFIER info: #oid_file = $ENV::HOME/.oid oid_section= new_oids +[ conf_section ] +engines = engine_section + +[ engine_section ] +bf = bf_section + +[ bf_section ] +engine_id=pka +dynamic_path=/usr/lib/aarch64-linux-gnu/engines-1.1/pka.so +init=0 + engine_id above refers to dynamic engine name/identifier. dynamic_path points to the .so file for the dynamic engine. # curl -O https://tpo.pe/pathogen.vim double free or corruption (out) Aborted (core dumped) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1921518/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1921518] Re: OpenSSL "double free" error
The wget package that was tested and approved on our setup (using PKA 1.3 engine) is the one you declared above - 1.20.3-1ubuntu2. The tests were basic functionality tests for wget, including debugging to verify that the engine is loaded exactly once. Same for curl (exactly the same procedure). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wget in Ubuntu. https://bugs.launchpad.net/bugs/1921518 Title: OpenSSL "double free" error Status in wget package in Ubuntu: Fix Released Status in wget source package in Focal: Fix Committed Bug description: [Impact] openssl config file is being loaded twice, causing engines to be loaded twice if specified therein, causing double free errors and other strange behavior. [Test plan] Run the command of the package being tested in gdb -ex "break CONF_modules_load_file" -ex "run" --args and make sure it only breaks one. Regression test: In default Ubuntu configuration, either no openssl configuration is provided, or it contains no settings that affect wget. This code path changes how/when openssl configuration is loaded and used by openssl. One should verify that: 1) wget continues to work without openssl.cnf 2) wget continues to work with stock ubuntu unmodified openssl.cnf 3) wget continue to honor and use custom TLS settings that one may have specified in openssl.cnf (for example custom engine) [Where problems could occur] wget: This is an upstream change that changes initialization and is in use in later releases. Since it mostly removes an unneeded call to the load file function, a regression could be a config file being ignored, but it seems unlikely given the use in later releases [Original bug report] "double free" error is seen when using curl utility. Error is from libcrypto.so which is part of the OpenSSL package. This happens only when OpenSSL is configured to use a dynamic engine. OpenSSL version is 1.1.1f The issue is not encountered if http://www.openssl.org/source/openssl-1.1.1f.tar.gz is used instead. OpenSSL can be configured to use a dynamic engine by editing the default openssl config file which is located at '/etc/ssl/openssl.cnf' on Ubuntu systems. On Bluefield systems, config diff to enable PKA dynamic engine, is as below: +openssl_conf = conf_section + # Extra OBJECT IDENTIFIER info: #oid_file = $ENV::HOME/.oid oid_section= new_oids +[ conf_section ] +engines = engine_section + +[ engine_section ] +bf = bf_section + +[ bf_section ] +engine_id=pka +dynamic_path=/usr/lib/aarch64-linux-gnu/engines-1.1/pka.so +init=0 + engine_id above refers to dynamic engine name/identifier. dynamic_path points to the .so file for the dynamic engine. # curl -O https://tpo.pe/pathogen.vim double free or corruption (out) Aborted (core dumped) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1921518/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1951303] Re: package systemd 245.4-4ubuntu3.13 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting configuration
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1951303 Title: package systemd 245.4-4ubuntu3.13 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting configuration Status in systemd package in Ubuntu: New Bug description: I don't know ProblemType: Package DistroRelease: Ubuntu 20.04 Package: systemd 245.4-4ubuntu3.13 ProcVersionSignature: Ubuntu 5.11.0-38.42~20.04.1-generic 5.11.22 Uname: Linux 5.11.0-38-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.18 AptOrdering: libsystemd0:amd64: Install libsystemd0:amd64: Configure systemd-timesyncd:amd64: Configure systemd:amd64: Configure NULL: ConfigurePending Architecture: amd64 CasperMD5CheckResult: skip Date: Thu Nov 18 00:09:29 2021 ErrorMessage: package is in a very bad inconsistent state; you should reinstall it before attempting configuration InstallationDate: Installed on 2021-11-01 (16 days ago) InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) Lsusb: Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 002 Device 002: ID 80ee:0021 VirtualBox USB Tablet Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Lsusb-t: /: Bus 02.Port 1: Dev 1, Class=root_hub, Driver=ohci-pci/12p, 12M |__ Port 1: Dev 2, If 0, Class=Human Interface Device, Driver=usbhid, 12M /: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/12p, 480M MachineType: innotek GmbH VirtualBox ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.11.0-38-generic root=UUID=5afca73e-6839-4538-b36d-630cbde5f567 ro quiet splash Python3Details: /usr/bin/python3.8, Python 3.8.10, python3-minimal, 3.8.2-0ubuntu2 PythonDetails: N/A RelatedPackageVersions: dpkg 1.19.7ubuntu3 apt 2.0.6 SourcePackage: systemd SystemdDelta: [EXTENDED] /usr/lib/systemd/system/open-vm-tools.service → /usr/lib/systemd/system/open-vm-tools.service.d/desktop.conf [EXTENDED] /usr/lib/systemd/system/rc-local.service → /usr/lib/systemd/system/rc-local.service.d/debian.conf [EXTENDED] /usr/lib/systemd/system/user@.service → /usr/lib/systemd/system/user@.service.d/timeout.conf 3 overridden configuration files found. Title: package systemd 245.4-4ubuntu3.13 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting configuration UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 12/01/2006 dmi.bios.vendor: innotek GmbH dmi.bios.version: VirtualBox dmi.board.name: VirtualBox dmi.board.vendor: Oracle Corporation dmi.board.version: 1.2 dmi.chassis.type: 1 dmi.chassis.vendor: Oracle Corporation dmi.modalias: dmi:bvninnotekGmbH:bvrVirtualBox:bd12/01/2006:svninnotekGmbH:pnVirtualBox:pvr1.2:sku:rvnOracleCorporation:rnVirtualBox:rvr1.2:cvnOracleCorporation:ct1:cvr: dmi.product.family: Virtual Machine dmi.product.name: VirtualBox dmi.product.version: 1.2 dmi.sys.vendor: innotek GmbH To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1951303/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1950521] Re: testresources does not support python 3.10
Marking python-gear as invalid in favor of https://bugs.launchpad.net/ubuntu/+source/python-gear/+bug/1951952 ** Changed in: python-gear (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python-testtools in Ubuntu. https://bugs.launchpad.net/bugs/1950521 Title: testresources does not support python 3.10 Status in python-gear package in Ubuntu: Invalid Status in python-launchpadlib package in Ubuntu: Fix Released Status in python-testtools package in Ubuntu: Invalid Status in testresources package in Ubuntu: Fix Released Bug description: testresources does not support Python 3.10. The package cannot be loaded due to an incompatibility in the package's __init__.py file, as shown in [1], which is a fix proposed upstream. [1] https://github.com/testing-cabal/testresources/pull/14 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-gear/+bug/1950521/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1892798] Re: systemd package missing resolvconf(8) compatibility symlink, and a Provides: resolvconf
> Our kernel ships wireguard modules by default anyway, and one can configure wireguard via networkd and soon via netplan. Which is our default tooling to interact with the wireguard kernel module. How should we generate the wireguard keys without `wg`? openssl? It's a significant deviation from upstream and what you will find documented out there, and puts the burden on us to make sure the keys were correctly generated, with the correct entropy source, number of rounds (if applicable), etc. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1892798 Title: systemd package missing resolvconf(8) compatibility symlink, and a Provides: resolvconf Status in systemd package in Ubuntu: Won't Fix Status in wireguard package in Ubuntu: Confirmed Status in systemd package in Debian: Incomplete Bug description: By default Ubuntu now uses systemd to manage the nameservers in resolv.conf, so resolvconf and openresolv seem to be redundant. However, it appears that systemd's resolvectl is compatable with resolvconf style commands if symlinked as resolvconf. I'm not really sure how deb packaging works, but if it possible to check for the resolvconf command, and if not found just symlink /usr/bin/resolvectl to /usr/sbin/resolvconf then wg-quick will work without additional packages. See https://manpages.ubuntu.com/manpages/focal/man1/resolvectl.1#compatibility%20with%20resolvconf(8) for more info. Apologies if there is a better place to direct this info. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1892798/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1950193]
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Tags added: community-security ** Information type changed from Private Security to Public Security ** Changed in: qtsvg-opensource-src (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtsvg-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1950193 Title: libqt5svg5 affected by CVE-2021-38593 Status in qtsvg-opensource-src package in Ubuntu: Confirmed Bug description: libqt5svg5 5.12.8-0ubuntu1 in Ubuntu 20.04 is affected by CVE-2021-38593: https://nvd.nist.gov/vuln/detail/CVE-2021-38593 Trying to open the attached svg file will block one core at 100% and occupy much memory. Depending on the configuration, it might even run out of memory and crash. This is fixed upstream by: https://codereview.qt-project.org/c/qt/qtbase/+/377942 The original issue is public since July 29th. If I'm allowed to upload further files, I'll send a simple test program. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libqt5svg5 5.12.8-0ubuntu1 ProcVersionSignature: Ubuntu 5.14.0-1005.5-oem 5.14.9 Uname: Linux 5.14.0-1005-oem x86_64 ApportVersion: 2.20.11-0ubuntu27.21 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: GNOME Date: Mon Nov 8 20:24:34 2021 InstallationDate: Installed on 2012-07-06 (3411 days ago) InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425) ProcEnviron: PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=de_DE.UTF-8 SHELL=/bin/bash SourcePackage: qtsvg-opensource-src UpgradeStatus: Upgraded to focal on 2020-10-03 (400 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtsvg-opensource-src/+bug/1950193/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1950090] Re: package lvm2 2.03.07-1ubuntu1 failed to install/upgrade: installed lvm2 package post-installation script subprocess returned error exit status 1
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lvm2 in Ubuntu. https://bugs.launchpad.net/bugs/1950090 Title: package lvm2 2.03.07-1ubuntu1 failed to install/upgrade: installed lvm2 package post-installation script subprocess returned error exit status 1 Status in lvm2 package in Ubuntu: New Bug description: I always get this error when updating packages ProblemType: Package DistroRelease: Ubuntu 20.04 Package: lvm2 2.03.07-1ubuntu1 ProcVersionSignature: Ubuntu 5.4.0-89.100-generic 5.4.143 Uname: Linux 5.4.0-89-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.21 Architecture: amd64 CasperMD5CheckResult: skip Date: Sun Nov 7 09:41:32 2021 ErrorMessage: installed lvm2 package post-installation script subprocess returned error exit status 1 InstallationDate: Installed on 2017-12-18 (1420 days ago) InstallationMedia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64 (20170801) Python3Details: /usr/bin/python3.8, Python 3.8.10, python3-minimal, 3.8.2-0ubuntu2 PythonDetails: /usr/bin/python2.7, Python 2.7.18, python-is-python2, 2.7.17-4 RelatedPackageVersions: dpkg 1.19.7ubuntu3 apt 2.0.6 SourcePackage: lvm2 Title: package lvm2 2.03.07-1ubuntu1 failed to install/upgrade: installed lvm2 package post-installation script subprocess returned error exit status 1 UpgradeStatus: Upgraded to focal on 2021-04-03 (218 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1950090/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1892798] Re: systemd package missing resolvconf(8) compatibility symlink, and a Provides: resolvconf
@ahasenack I feel a bit lost here. This bug report is about how one should or shouldn't propagate DNS servers after establishing a wireguard based connection. This has nothing to do w.r.t. creating keys. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1892798 Title: systemd package missing resolvconf(8) compatibility symlink, and a Provides: resolvconf Status in systemd package in Ubuntu: Won't Fix Status in wireguard package in Ubuntu: Confirmed Status in systemd package in Debian: Incomplete Bug description: By default Ubuntu now uses systemd to manage the nameservers in resolv.conf, so resolvconf and openresolv seem to be redundant. However, it appears that systemd's resolvectl is compatable with resolvconf style commands if symlinked as resolvconf. I'm not really sure how deb packaging works, but if it possible to check for the resolvconf command, and if not found just symlink /usr/bin/resolvectl to /usr/sbin/resolvconf then wg-quick will work without additional packages. See https://manpages.ubuntu.com/manpages/focal/man1/resolvectl.1#compatibility%20with%20resolvconf(8) for more info. Apologies if there is a better place to direct this info. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1892798/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1948533] Re: any dns defined in network-manager doesnt go in openvpn tunnel (leaks on gnome/mate/xubuntu only in 21.10)
If you look into the openvpn configuration file that Network Manager creates for your connection in /etc/NetworkManager/system-connections, could you please paste the [ipv4] and [ipv6] sections? ** No longer affects: ubuntu ** Changed in: network-manager (Ubuntu) Status: New => Incomplete ** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1948533 Title: any dns defined in network-manager doesnt go in openvpn tunnel (leaks on gnome/mate/xubuntu only in 21.10) Status in network-manager package in Ubuntu: Incomplete Bug description: in all linux including ubuntu up to version 21.04, when dns is set to not automatic in network manager and one dns is set manually (exemple 1.1.1.1) when openvpn is used the dns is going through the vpn tunnel. On ubuntu 21.10 (I tested ubuntu, ubuntu mate and xubuntu)I can affirm the dns in this case is not going trough the vpn.it is leaking.I have used ubuntu for years this is first time this problem occurs (21.10).(and it s not just a question of packages because on my arch linux installs I never had such problem, so it must be a config problem. (when using packages stubby or dnscrypt-proxy (to encrypt dns queries) and dns 127.0.0.1 is set in network-manager the dns does goes trough the vpn (but stubby service needs to be sometimes reloded, it is less reliable that it used to be with previous versions of ubuntu) (I cannot speculate where the bug is from (network-manager, systemd resolved etc) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1948533/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1945978] Re: [BOHL-WXX9, Realtek ALC256, Speaker, Internal] Underruns, dropouts or crackling sound
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1945978 Title: [BOHL-WXX9, Realtek ALC256, Speaker, Internal] Underruns, dropouts or crackling sound Status in alsa-driver package in Ubuntu: New Bug description: Occasionally there will be noise, similar to current sound. If the sound source is turned off immediately after the noise is generated, the system will delay about one to two seconds to turn off the sound ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: alsa-base 1.0.25+dfsg-0ubuntu5 ProcVersionSignature: Ubuntu 5.11.0-37.41~20.04.2-generic 5.11.22 Uname: Linux 5.11.0-37-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.20 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: pydmy7 1030 F pulseaudio /dev/snd/pcmC1D0p: pydmy7 1030 F...m pulseaudio /dev/snd/controlC0: pydmy7 1030 F pulseaudio CasperMD5CheckResult: skip CurrentDesktop: ubuntu:GNOME Date: Mon Oct 4 19:34:39 2021 InstallationDate: Installed on 2021-09-09 (24 days ago) InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaPlaybackTest: ALSA playback test through plughw:Generic_1 successful Symptom_Card: Family 17h (Models 10h-1fh) HD Audio Controller - HD-Audio Generic Symptom_Jack: Speaker, Internal Symptom_PulseAudioLog: 10月 04 15:55:31 wy dbus-daemon[822]: [system] Activating via systemd: service name='org.freedesktop.RealtimeKit1' unit='rtkit-daemon.service' requested by ':1.27' (uid=1000 pid=1030 comm="/usr/bin/pulseaudio --daemonize=no --log-target=jo" label="unconfined") Symptom_PulsePlaybackTest: PulseAudio playback test successful Symptom_Type: Underruns, dropouts, or "crackling" sound Title: [BOHL-WXX9, Realtek ALC256, Speaker, Internal] Underruns, dropouts or crackling sound UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 07/20/2020 dmi.bios.release: 1.5 dmi.bios.vendor: HUAWEI dmi.bios.version: 1.05 dmi.board.asset.tag: Type2 - Board Asset Tag dmi.board.name: BOHL-WXX9-PCB dmi.board.vendor: HUAWEI dmi.board.version: M1120 dmi.chassis.asset.tag: Chassis Asset Tag dmi.chassis.type: 10 dmi.chassis.vendor: HUAWEI dmi.chassis.version: M1120 dmi.ec.firmware.release: 1.5 dmi.modalias: dmi:bvnHUAWEI:bvr1.05:bd07/20/2020:br1.5:efr1.5:svnHUAWEI:pnBOHL-WXX9:pvrM1120:skuC233:rvnHUAWEI:rnBOHL-WXX9-PCB:rvrM1120:cvnHUAWEI:ct10:cvrM1120: dmi.product.family: MateBook D dmi.product.name: BOHL-WXX9 dmi.product.sku: C233 dmi.product.version: M1120 dmi.sys.vendor: HUAWEI To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1945978/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1944788] Re: URI defined for connectivity check is relative to search domain
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1944788 Title: URI defined for connectivity check is relative to search domain Status in network-manager package in Ubuntu: New Bug description: The connectivity check URI as defined in /usr/lib/NetworkManager/conf.d/20-connectivity-ubuntu.conf is not an absolute FQDN (doesn't end in a dot). As such, resolving connectivity- check.ubuntu.com generates queries for connectivity- check.ubuntu.com.localdomain (assuming a common default search domain of "localdomain") in addition to the expected connectivity- check.ubuntu.com . Or, if your ISP provided search domain is myisp.net, then connectivity-check.ubuntu.com.myisp.net is also queried. To reduce unintended traffic, may I suggest a trailing dot to ensure the host portion of the URI is a FQDN? Ex: uri=http://connectivity-check.ubuntu.com./ # lsb_release -rd Description: Ubuntu 20.04.3 LTS Release: 20.04 # apt-cache policy network-manager-config-connectivity-ubuntu network-manager-config-connectivity-ubuntu: Installed: 1.22.10-1ubuntu2.2 Candidate: 1.22.10-1ubuntu2.2 Version table: *** 1.22.10-1ubuntu2.2 500 500 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages 500 http://us.archive.ubuntu.com/ubuntu focal-updates/main i386 Packages 100 /var/lib/dpkg/status 1.22.10-1ubuntu1 500 500 http://us.archive.ubuntu.com/ubuntu focal/main amd64 Packages 500 http://us.archive.ubuntu.com/ubuntu focal/main i386 Packages # What I expected to happen: Sep 23 18:48:45 dnsmasq[415]: query[] connectivity-check.ubuntu.com from 192.168.0.111 Sep 23 18:48:45 dnsmasq[415]: query[] connectivity-check.ubuntu.com from 192.168.0.111 Sep 23 18:50:55 dnsmasq[415]: query[A] connectivity-check.ubuntu.com from 192.168.0.111 (requests resulting in NXDOMAIN or NODATA-IPv6 are made twice) # What happened instead: Sep 23 17:02:49 dnsmasq[415]: query[] connectivity-check.ubuntu.com from 192.168.0.111 Sep 23 17:02:49 dnsmasq[415]: query[] connectivity-check.ubuntu.com from 192.168.0.111 Sep 23 17:02:49 dnsmasq[415]: query[] connectivity-check.ubuntu.com.localdomain from 192.168.0.111 Sep 23 17:02:49 dnsmasq[415]: query[] connectivity-check.ubuntu.com.localdomain from 192.168.0.111 Sep 23 17:04:42 dnsmasq[415]: query[A] connectivity-check.ubuntu.com from 192.168.0.111 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1944788/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1892798] Re: systemd package missing resolvconf(8) compatibility symlink, and a Provides: resolvconf
I think he meant to post this on https://bugs.launchpad.net/ubuntu/+source/wireguard/+bug/1950317 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1892798 Title: systemd package missing resolvconf(8) compatibility symlink, and a Provides: resolvconf Status in systemd package in Ubuntu: Won't Fix Status in wireguard package in Ubuntu: Confirmed Status in systemd package in Debian: Incomplete Bug description: By default Ubuntu now uses systemd to manage the nameservers in resolv.conf, so resolvconf and openresolv seem to be redundant. However, it appears that systemd's resolvectl is compatable with resolvconf style commands if symlinked as resolvconf. I'm not really sure how deb packaging works, but if it possible to check for the resolvconf command, and if not found just symlink /usr/bin/resolvectl to /usr/sbin/resolvconf then wg-quick will work without additional packages. See https://manpages.ubuntu.com/manpages/focal/man1/resolvectl.1#compatibility%20with%20resolvconf(8) for more info. Apologies if there is a better place to direct this info. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1892798/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1892798] Re: systemd package missing resolvconf(8) compatibility symlink, and a Provides: resolvconf
On Tue, Nov 23, 2021 at 1:40 PM Jason A. Donenfeld <1892...@bugs.launchpad.net> wrote: > > I think he meant to post this on > https://bugs.launchpad.net/ubuntu/+source/wireguard/+bug/1950317 > That makes a lot more sense. Commented my opinion there about the need for key generation tooling. Regards, Dimitri. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1892798 Title: systemd package missing resolvconf(8) compatibility symlink, and a Provides: resolvconf Status in systemd package in Ubuntu: Won't Fix Status in wireguard package in Ubuntu: Confirmed Status in systemd package in Debian: Incomplete Bug description: By default Ubuntu now uses systemd to manage the nameservers in resolv.conf, so resolvconf and openresolv seem to be redundant. However, it appears that systemd's resolvectl is compatable with resolvconf style commands if symlinked as resolvconf. I'm not really sure how deb packaging works, but if it possible to check for the resolvconf command, and if not found just symlink /usr/bin/resolvectl to /usr/sbin/resolvconf then wg-quick will work without additional packages. See https://manpages.ubuntu.com/manpages/focal/man1/resolvectl.1#compatibility%20with%20resolvconf(8) for more info. Apologies if there is a better place to direct this info. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1892798/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1950794] Re: DHCPv4 (IAID+DUID) networking broken in LXC containers
> Reverting this upstream commit seems to fix the problem: > https://github.com/systemd/systemd/commit/0299deab53d2a087727a5d04c1500c322c48b63e lxd and systemd have what I can only describe euphemistically as a horrible relationship. Instead of carrying another patch on systemd to get it working in lxd, could you try to work this out correctly, either by convincing upstream systemd to change or convincing lxd to change? Long term, it does Ubuntu no favors by hacking up systemd because lxd doesn't conform to the systemd container interface. https://systemd.io/CONTAINER_INTERFACE/ -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1950794 Title: DHCPv4 (IAID+DUID) networking broken in LXC containers Status in lxd package in Ubuntu: New Status in systemd package in Ubuntu: Fix Committed Bug description: DHCPv4 networking does not work in the default IAID+DUID (ClientIdentifier=duid) mode in LXC containers, using systemd-networkd v249.5-2ubuntu1. Static configuration and DHCPv6 work without problem. Reproducer: $ lxc launch ubuntu-daily:jammy jj $ lxc exec jj bash # add-apt-repository ppa:ci-train-ppa-service/4704 # apt install systemd # install systemd 249.5-2ubuntu1 # cat /etc/systemd/network/00-test.network [Match] Name=eth0 [Network] DHCP=ipv4 # systemctl restart systemd-networkd.service # networkctl IDX LINK TYPE OPERATIONAL SETUP [...] 611 eth0 ethercarrier failed A workaround is to avoid IAID+DUID mode via: [DHCPv4] #ClientIdentifier=mac ClientIdentifier=duid-only Interesting logs: Nov 12 14:10:48 jj systemd-networkd[174]: eth0: Requested to activate link Nov 12 14:10:48 jj systemd-networkd[174]: eth0: DHCPv4 client: Failed to set IAID: Device or resource busy Nov 12 14:10:48 jj systemd-networkd[174]: eth0: DHCP4 CLIENT: Failed to set IAID+DUID: Device or resource busy Nov 12 14:10:48 jj systemd-networkd[174]: Failed to check link is initialized: Device or resource busy Nov 12 14:10:48 jj systemd-networkd[174]: eth0: Failed To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1950794/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1921518] Re: OpenSSL "double free" error
Marking as verification-done, I'm happy with the described test procedure to fulfill 3) (arguably all of it :D) ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wget in Ubuntu. https://bugs.launchpad.net/bugs/1921518 Title: OpenSSL "double free" error Status in wget package in Ubuntu: Fix Released Status in wget source package in Focal: Fix Committed Bug description: [Impact] openssl config file is being loaded twice, causing engines to be loaded twice if specified therein, causing double free errors and other strange behavior. [Test plan] Run the command of the package being tested in gdb -ex "break CONF_modules_load_file" -ex "run" --args and make sure it only breaks one. Regression test: In default Ubuntu configuration, either no openssl configuration is provided, or it contains no settings that affect wget. This code path changes how/when openssl configuration is loaded and used by openssl. One should verify that: 1) wget continues to work without openssl.cnf 2) wget continues to work with stock ubuntu unmodified openssl.cnf 3) wget continue to honor and use custom TLS settings that one may have specified in openssl.cnf (for example custom engine) [Where problems could occur] wget: This is an upstream change that changes initialization and is in use in later releases. Since it mostly removes an unneeded call to the load file function, a regression could be a config file being ignored, but it seems unlikely given the use in later releases [Original bug report] "double free" error is seen when using curl utility. Error is from libcrypto.so which is part of the OpenSSL package. This happens only when OpenSSL is configured to use a dynamic engine. OpenSSL version is 1.1.1f The issue is not encountered if http://www.openssl.org/source/openssl-1.1.1f.tar.gz is used instead. OpenSSL can be configured to use a dynamic engine by editing the default openssl config file which is located at '/etc/ssl/openssl.cnf' on Ubuntu systems. On Bluefield systems, config diff to enable PKA dynamic engine, is as below: +openssl_conf = conf_section + # Extra OBJECT IDENTIFIER info: #oid_file = $ENV::HOME/.oid oid_section= new_oids +[ conf_section ] +engines = engine_section + +[ engine_section ] +bf = bf_section + +[ bf_section ] +engine_id=pka +dynamic_path=/usr/lib/aarch64-linux-gnu/engines-1.1/pka.so +init=0 + engine_id above refers to dynamic engine name/identifier. dynamic_path points to the .so file for the dynamic engine. # curl -O https://tpo.pe/pathogen.vim double free or corruption (out) Aborted (core dumped) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1921518/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1948357] Re: sshd have no USER_LOGOUT audit event
As per [1], the difference reported in the bug is seen due to a pair of patches carried by Fedora/RH. This seems to be a feature (not a fix), therefore, I am not sure if this would be suitable for an SRU. The patch proposed in [1] seems to be under review for a long time (and parts of the patch have landed upstream over the years). The last upstream comment [2] (from Jan. 2020) states that the patch is obsolete. Moreover, the Red Hat bug mentioned in their spec file which points to the bug where the patch was likely discussed and proposed is private [3]. Therefore, I wonder if we want to introduce this feature in 22.04 (LTS) or wait for further upstream feedback in [1]. Since the next steps are not clear, I am removing the server- next/server-todo tags from the bug. [1] https://bugzilla.mindrot.org/show_bug.cgi?id=1402 [2] https://bugzilla.mindrot.org/show_bug.cgi?id=1402#c81 [3] https://src.fedoraproject.org/rpms/openssh/blob/c5e4c28ae15caed8a03d682c1adf2fa619968222/f/openssh.spec#_84 ** Bug watch added: OpenSSH Portable Bugzilla #1402 https://bugzilla.mindrot.org/show_bug.cgi?id=1402 ** Tags removed: server-next server-todo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1948357 Title: sshd have no USER_LOGOUT audit event Status in openssh package in Ubuntu: Triaged Bug description: ubuntu 18.04 lizj@FNSTPC:~$ sudo aureport -e -i --summary | grep USER 43241 USER_END 16946 USER_START 16718 USER_ACCT 658 USER_AUTH 543 USER_CMD 255 USER_LOGIN 9 USER_ROLE_CHANGE 5 USER_ERR 2 USER_CHAUTHTOK 1 ADD_USER lizj@FNSTPC:~/.local/bin$ dpkg -l | grep openssh ii openssh-client1:7.6p1-4ubuntu0.5 amd64secure shell (SSH) client, for secure access to remote machines ii openssh-server1:7.6p1-4ubuntu0.5 amd64secure shell (SSH) server, for secure access from remote machines ii openssh-sftp-server 1:7.6p1-4ubuntu0.5 amd64secure shell (SSH) sftp server module, for SFTP access from remote machines lizj@FNSTPC:~/.local/bin$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 18.04.6 LTS Release: 18.04 Codename: bionic while in my fedora 33 host, it includes USER_LOGOUT as below fedora 33 [root@iaas-rpma linux]# aureport -e -i --summary | grep USER 7356 CRYPTO_KEY_USER 2103 USER_START 1649 USER_END 1268 USER_ACCT 1108 USER_ROLE_CHANGE 1029 USER_AUTH 895 USER_LOGIN 789 USER_LOGOUT 60 USER_CMD 14 USER_ERR 3 USER_MGMT 3 USER_CHAUTHTOK 1 ADD_USER [root@iaas-rpma ~]# rpm -qa | grep openssh openssh-8.4p1-1.1.fc33.x86_64 openssh-clients-8.4p1-1.1.fc33.x86_64 openssh-server-8.4p1-1.1.fc33.x86_64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1948357/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1949603] Re: iptables-save -c shows incorrect counters with iptables-nft
** Changed in: iptables (Ubuntu Jammy)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1949603
Title:
iptables-save -c shows incorrect counters with iptables-nft
Status in iptables package in Ubuntu:
Fix Committed
Status in iptables source package in Impish:
New
Status in iptables source package in Jammy:
Fix Committed
Bug description:
[Impact]
Starting with Impish I noticed that the kernel selftest xfrm_policy.sh
is always failing. Initially I thought it was a kernel issue, but
debugging further I found that the reason is that with Impish we're
using iptables-nft by default instead of iptables-legacy.
This test (./tools/testing/selftests/net/xfrm_policy.sh in the kernel
source directory) is creating a bunch of network namespaces and
checking the iptables counters for the defined policies, in particular
this is the interesting part:
check_ipt_policy_count()
{
ns=$1
ip netns exec $ns iptables-save -c |grep policy | ( read c rest
ip netns exec $ns iptables -Z
if [ x"$c" = x'[0:0]' ]; then
exit 0
elif [ x"$c" = x ]; then
echo "ERROR: No counters"
ret=1
exit 111
else
exit 1
fi
)
}
If I use iptables-nft the counters are never [0:0] as they should be,
so the test is failing. With iptables-legacy they are [0:0] and the
test is passing.
[Test case]
tools/testing/selftests/net/xfrm_policy.sh from the Linux kernel
source code.
[Fix]
Apply iptables upstream commit:
5f1fcace ("iptables-nft: fix -Z option")
In this way also with iptables-nft the counters are reported
correctly.
[Regression potential]
We may require other upstream commits now that the -Z option is
working properly with iptables-nft.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1949603/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1920794] Re: tc tool does not accept ipset match
This is caused be mismatch between Kernel and iproute2 version. The kernel v5 offers ipset v7 which causes iproute to not be built with ematch ipset functionality. This has been fixed in iproute upstream in - its a one line fix - Pulling this into iproute2 and rebuilding (After committing it) works. https://github.com/shemminger/iproute2/commit/650591a7a70cd79d826fcdc579a20c168c987cf2 commit 650591a7a70cd79d826fcdc579a20c168c987cf2 Author: Tony Ambardar Date: Tue Jul 7 00:58:33 2020 -0700 configure: support ipset version 7 with kernel version 5 The configure script checks for ipset v6 availability but doesn't test for v7, which is backward compatible and used on kernel v5.x systems. Update the script to test for both ipset versions. Without this change, the tc ematch function em_ipset will be disabled. Signed-off-by: Tony Ambardar Signed-off-by: Stephen Hemminger ** Changed in: iproute2 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iproute2 in Ubuntu. https://bugs.launchpad.net/bugs/1920794 Title: tc tool does not accept ipset match Status in iproute2 package in Ubuntu: Confirmed Bug description: Steps to reproduce: tc qdisc add dev eth0 root handle 1: htb tc class add dev eth0 parent 1: classid 1:1 htb rate 1024Kbit ipset create mytest hash:net tc filter add dev eth0 protocol ip parent 1:0 prio 1 basic match 'ipset(mytest src)' classid 1:1 Last command fails with the message: Unknown ematch "ipset" Illegal "ematch" It works well with 18.04. On 20.04 machine it also works fine inside Ubuntu 18.04 LXD container. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: iproute2 5.5.0-1ubuntu1 ProcVersionSignature: Ubuntu 5.4.0-51.56-generic 5.4.65 Uname: Linux 5.4.0-51-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu27.9 Architecture: amd64 CasperMD5CheckResult: skip Date: Mon Mar 22 16:18:17 2021 SourcePackage: iproute2 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1920794/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1951943] Re: Engine crashes when loading the configuration more than once
** Description changed: [Impact] - * Engine crashes when loading the configuration more than once + * Engine crashes when loading the configuration more than once - * Upstream started to avoid loading engines twice by using dynamic ids + * Upstream started to avoid loading engines twice by using dynamic ids to track the loaded engines correctly - * OpenSSL 3 merge https://github.com/openssl/openssl/pull/17073 (bugfix + * OpenSSL 3 merge https://github.com/openssl/openssl/pull/17073 (bugfix & testcase) - * OpenSSL 1.1.1 backports: + * OpenSSL 1.1.1 backports: https://github.com/openssl/openssl/commit/9b06ebb1edfddffea083ba36090af7eb7cad207b (bugfix) - https://github.com/openssl/openssl/pull/17083 (test case) + https://github.com/openssl/openssl/commit/6d022b04748c2a89b7f032a41965df19c584e0cf (test case) [Test Plan] - * https://github.com/openssl/openssl/issues/17023 lists multiple ways + * https://github.com/openssl/openssl/issues/17023 lists multiple ways how one can trigger the issue at hand, but also test case implements this issue too by explicitly attempting to load an engine multiple times and checking that it is operational. [Where problems could occur] - * Separately we have started to fix userspace packages that needlessly + * Separately we have started to fix userspace packages that needlessly load configuration files multiple times, which used to trigger this issue. The codepaths changed are with engine use, how they are loaded/unloaded/used. It is possible that this fix will make some engines to start working and be used resulting in new behaviour. But also exposing bugs in the engines that previously were installed & configured but not actually used. [Other Info] - - * Previous bug reports about this issues are: + + * Previous bug reports about this issues are: https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1921518 https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1940528 ** Description changed: [Impact] * Engine crashes when loading the configuration more than once * Upstream started to avoid loading engines twice by using dynamic ids to track the loaded engines correctly - * OpenSSL 3 merge https://github.com/openssl/openssl/pull/17073 (bugfix - & testcase) + * OpenSSL 3 + https://github.com/openssl/openssl/commit/81c11349c2a0e945aa3dfc6bd81c957363dd2011 (bugfix) + https://github.com/openssl/openssl/commit/38e2957249c90317a26a080c7e7eb186dd5b6598 (test case) * OpenSSL 1.1.1 backports: https://github.com/openssl/openssl/commit/9b06ebb1edfddffea083ba36090af7eb7cad207b (bugfix) - https://github.com/openssl/openssl/commit/6d022b04748c2a89b7f032a41965df19c584e0cf (test case) + https://github.com/openssl/openssl/pull/17083 (test case) [Test Plan] * https://github.com/openssl/openssl/issues/17023 lists multiple ways how one can trigger the issue at hand, but also test case implements this issue too by explicitly attempting to load an engine multiple times and checking that it is operational. [Where problems could occur] * Separately we have started to fix userspace packages that needlessly load configuration files multiple times, which used to trigger this issue. The codepaths changed are with engine use, how they are loaded/unloaded/used. It is possible that this fix will make some engines to start working and be used resulting in new behaviour. But also exposing bugs in the engines that previously were installed & configured but not actually used. [Other Info] * Previous bug reports about this issues are: https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1921518 https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1940528 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1951943 Title: Engine crashes when loading the configuration more than once Status in openssl package in Ubuntu: New Status in openssl source package in Bionic: New Status in openssl source package in Focal: New Status in openssl source package in Hirsute: New Status in openssl source package in Impish: New Status in openssl source package in Jammy: New Bug description: [Impact] * Engine crashes when loading the configuration more than once * Upstream started to avoid loading engines twice by using dynamic ids to track the loaded engines correctly * OpenSSL 3 https://github.com/openssl/openssl/commit/81c11349c2a0e945aa3dfc6bd81c957363dd2011 (bugfix) https://github.com/openssl/openssl/commit/38e2957249c90317a26a080c7e7eb186dd5b6598 (test case) * OpenSSL 1.1.1 backports: https://github.com/openssl/openssl/commit/9b06ebb1edfddffea083ba36090af7eb7cad207b (bugfix) https://github.com/openssl/openssl/pull/17083 (test case) [Test Plan] * https://github.com/openssl/openssl/issues
[Touch-packages] [Bug 1915238] Re: warning: /var/spool/postfix/etc/ssl/certs/ca-certificates.crt and /etc/ssl/certs/ca-certificates.crt differ
I'm open to putting a fix in Debian. I haven't come up with a solution that I'm happy with and don't currently have a lot of time to work on this. I think Paride Legovini's "wall-of-text" post is on the right track, but I would really prefer to avoid asking a question about this. Anything in configure-instance.sh needs to be init system agnostic. I don't mind a systemd specific solution since that's our default init, but not in configure-instance.sh (no idea if there is one, but that's a boundary condition to a proper fix in my view). If someone comes up with a patch, I can test it and will be glad to land it in Debian if suitable and functional. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1915238 Title: warning: /var/spool/postfix/etc/ssl/certs/ca-certificates.crt and /etc/ssl/certs/ca-certificates.crt differ Status in ca-certificates package in Ubuntu: New Status in postfix package in Ubuntu: Triaged Status in postfix package in Debian: New Bug description: Postfix package doesn't utilize update-ca-certificate's hooks mechanism. By simply copying certs from /etc/ssl/certs/ca- certificates.crt to /var/spool/postfix/etc/ssl/certs/ca- certificates.crt, this warning and potential security issues could be avoided. Something like this would be a start: $ cat /etc/ca-certificates/update.d/postfix #!/bin/bash if [ -e /var/spool/postfix/etc/ssl/certs/ca-certificates.crt ]; then echo "Updating postfix chrooted certs" cp /etc/ssl/certs/ca-certificates.crt /var/spool/postfix/etc/ssl/certs/ca-certificates.crt systemctl reload postfix fi To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1915238/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
** Merge proposal linked: https://code.launchpad.net/~fheimes/ubuntu/+source/qtwebkit-opensource-src/+git/qtwebkit-opensource-src/+merge/412305 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: Confirmed Status in qtwebkit-opensource-src package in Ubuntu: Confirmed Bug description: == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes the property offset as pointer size (hence 64 bit) value: 2141: instructions[i + 6].u.pointer = reinterpret_cast(op.operand); while the same slot is accessed later by the jitted code as 32 bit integer: macro getProperty(slow) loadisFromInstruction(6, t1) This fails on big endian targets since the integer access takes the higher part of the 64 bit value. Changing: macro getProperty(slow) loadisFromInstruction(6, t1) to macro getProperty(slow) loadpFromInstruction(6, t1) in llint/LowLevelInterpreter64.asm fixes the problem for me. I could not reproduce the problem on Ubuntu 20.10. In upstream webkit the problem got fixed as a side effect of a larger change but in the end quite similar to the change I'm proposing. The value resides somewhere else now but it is accessed as 64 bit value in getProperty: macro getProperty() loadp OpGetFromScope::Metadata::m_operand[t5], t1 If you have the jsc binary from the webkit package available the problem can be reproduced with just 'jsc -e "i=Math.min"' == Comment: #2 - Andreas Krebbel - 2021-11-15 09:49:55 == To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1951470/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
qtwebkit debdiff (jammy) ** Patch added: "qtwebkit debdiff (jammy)" https://bugs.launchpad.net/ubuntu/+source/qtwebkit-opensource-src/+bug/1951470/+attachment/5542873/+files/debdiff-qtwebkit-lp1951470-jammy.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: Confirmed Status in qtwebkit-opensource-src package in Ubuntu: Confirmed Bug description: == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes the property offset as pointer size (hence 64 bit) value: 2141: instructions[i + 6].u.pointer = reinterpret_cast(op.operand); while the same slot is accessed later by the jitted code as 32 bit integer: macro getProperty(slow) loadisFromInstruction(6, t1) This fails on big endian targets since the integer access takes the higher part of the 64 bit value. Changing: macro getProperty(slow) loadisFromInstruction(6, t1) to macro getProperty(slow) loadpFromInstruction(6, t1) in llint/LowLevelInterpreter64.asm fixes the problem for me. I could not reproduce the problem on Ubuntu 20.10. In upstream webkit the problem got fixed as a side effect of a larger change but in the end quite similar to the change I'm proposing. The value resides somewhere else now but it is accessed as 64 bit value in getProperty: macro getProperty() loadp OpGetFromScope::Metadata::m_operand[t5], t1 If you have the jsc binary from the webkit package available the problem can be reproduced with just 'jsc -e "i=Math.min"' == Comment: #2 - Andreas Krebbel - 2021-11-15 09:49:55 == To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1951470/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1949603] Re: iptables-save -c shows incorrect counters with iptables-nft
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: iptables (Ubuntu Impish)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1949603
Title:
iptables-save -c shows incorrect counters with iptables-nft
Status in iptables package in Ubuntu:
Fix Committed
Status in iptables source package in Impish:
Confirmed
Status in iptables source package in Jammy:
Fix Committed
Bug description:
[Impact]
Starting with Impish I noticed that the kernel selftest xfrm_policy.sh
is always failing. Initially I thought it was a kernel issue, but
debugging further I found that the reason is that with Impish we're
using iptables-nft by default instead of iptables-legacy.
This test (./tools/testing/selftests/net/xfrm_policy.sh in the kernel
source directory) is creating a bunch of network namespaces and
checking the iptables counters for the defined policies, in particular
this is the interesting part:
check_ipt_policy_count()
{
ns=$1
ip netns exec $ns iptables-save -c |grep policy | ( read c rest
ip netns exec $ns iptables -Z
if [ x"$c" = x'[0:0]' ]; then
exit 0
elif [ x"$c" = x ]; then
echo "ERROR: No counters"
ret=1
exit 111
else
exit 1
fi
)
}
If I use iptables-nft the counters are never [0:0] as they should be,
so the test is failing. With iptables-legacy they are [0:0] and the
test is passing.
[Test case]
tools/testing/selftests/net/xfrm_policy.sh from the Linux kernel
source code.
[Fix]
Apply iptables upstream commit:
5f1fcace ("iptables-nft: fix -Z option")
In this way also with iptables-nft the counters are reported
correctly.
[Regression potential]
We may require other upstream commits now that the -Z option is
working properly with iptables-nft.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1949603/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
The attachment "qtwebkit debdiff (jammy)" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: Confirmed Status in qtwebkit-opensource-src package in Ubuntu: Confirmed Bug description: == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes the property offset as pointer size (hence 64 bit) value: 2141: instructions[i + 6].u.pointer = reinterpret_cast(op.operand); while the same slot is accessed later by the jitted code as 32 bit integer: macro getProperty(slow) loadisFromInstruction(6, t1) This fails on big endian targets since the integer access takes the higher part of the 64 bit value. Changing: macro getProperty(slow) loadisFromInstruction(6, t1) to macro getProperty(slow) loadpFromInstruction(6, t1) in llint/LowLevelInterpreter64.asm fixes the problem for me. I could not reproduce the problem on Ubuntu 20.10. In upstream webkit the problem got fixed as a side effect of a larger change but in the end quite similar to the change I'm proposing. The value resides somewhere else now but it is accessed as 64 bit value in getProperty: macro getProperty() loadp OpGetFromScope::Metadata::m_operand[t5], t1 If you have the jsc binary from the webkit package available the problem can be reproduced with just 'jsc -e "i=Math.min"' == Comment: #2 - Andreas Krebbel - 2021-11-15 09:49:55 == To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1951470/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871959] Re: Xorg crashed with SIGABRT in _iris_batch_flush from iris_fence_flush()
Comment #30 was only a question, not a statement :) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mesa in Ubuntu. https://bugs.launchpad.net/bugs/1871959 Title: Xorg crashed with SIGABRT in _iris_batch_flush from iris_fence_flush() Status in Mesa: Unknown Status in mesa package in Ubuntu: Confirmed Bug description: https://errors.ubuntu.com/problem/23a23997d8d3287584722beeaee600306df3a1bf https://errors.ubuntu.com/problem/d9ee437c6ea3330d18aecaa0d3e07f71ca0c8d1a https://errors.ubuntu.com/problem/a960bab710b867c695551df03b8207cdc0da9a6f --- nothing particular done to trigger this, just opening the lid apparently crashed the x server (ubuntu 20.04); then after reboot apport prompted me to report a crash ProblemType: Crash DistroRelease: Ubuntu 20.04 Package: xserver-xorg-core 2:1.20.7-2ubuntu2 ProcVersionSignature: Ubuntu 5.4.0-12.15-generic 5.4.8 Uname: Linux 5.4.0-12-generic x86_64 ApportVersion: 2.20.11-0ubuntu25 Architecture: amd64 CompositorRunning: None CurrentDesktop: GNOME-Greeter:GNOME Date: Fri Apr 10 00:50:52 2020 DistUpgraded: 2019-12-20 18:35:39,979 DEBUG Running PostInstallScript: './xorg_fix_proprietary.py' DistributionChannelDescriptor: # This is the distribution channel descriptor for the OEM CDs # For more information see http://wiki.ubuntu.com/DistributionChannelDescriptor canonical-oem-somerville-bionic-amd64-20180608-47+north-bay-14-15-15p+X56 DistroCodename: focal DistroVariant: ubuntu ExecutablePath: /usr/lib/xorg/Xorg ExtraDebuggingInterest: Yes GraphicsCard: Intel Corporation UHD Graphics 620 (Whiskey Lake) [8086:3ea0] (rev 02) (prog-if 00 [VGA controller]) Subsystem: Dell UHD Graphics 620 (Whiskey Lake) [1028:08b9] InstallationDate: Installed on 2019-11-27 (134 days ago) InstallationMedia: Ubuntu 18.04 "Bionic" - Build amd64 LIVE Binary 20180608-09:38 Lsusb: Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 002: ID 0bda:5532 Realtek Semiconductor Corp. Integrated_Webcam_HD Bus 001 Device 003: ID 8087:0029 Intel Corp. Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub MachineType: Dell Inc. Latitude 5500 ProcCmdline: /usr/lib/xorg/Xorg vt1 -displayfd 3 -auth /run/user/120/gdm/Xauthority -background none -noreset -keeptty -verbose 3 ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-12-generic root=UUID=559b7a9d-8198-424b-8812-ea72c10f013e ro mem_sleep_default=deep quiet splash vt.handoff=7 Signal: 6 SourcePackage: xorg-server StacktraceTop: __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 __GI_abort () at abort.c:79 ?? () from /usr/lib/x86_64-linux-gnu/dri/iris_dri.so ?? () from /usr/lib/x86_64-linux-gnu/dri/iris_dri.so ?? () from /usr/lib/x86_64-linux-gnu/dri/iris_dri.so Title: Xorg crashed with SIGABRT in __GI_raise() UpgradeStatus: Upgraded to focal on 2019-12-20 (111 days ago) UserGroups: dmi.bios.date: 08/21/2019 dmi.bios.vendor: Dell Inc. dmi.bios.version: 1.5.1 dmi.board.name: 0M14W7 dmi.board.vendor: Dell Inc. dmi.board.version: A01 dmi.chassis.type: 10 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvr1.5.1:bd08/21/2019:svnDellInc.:pnLatitude5500:pvr:rvnDellInc.:rn0M14W7:rvrA01:cvnDellInc.:ct10:cvr: dmi.product.family: Latitude dmi.product.name: Latitude 5500 dmi.product.sku: 08B9 dmi.sys.vendor: Dell Inc. separator: version.compiz: compiz N/A version.libdrm2: libdrm2 2.4.100-4 version.libgl1-mesa-dri: libgl1-mesa-dri 20.0.4-1ubuntu1 version.libgl1-mesa-glx: libgl1-mesa-glx 20.0.4-1ubuntu1 version.xserver-xorg-core: xserver-xorg-core 2:1.20.7-2ubuntu2 version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-1 version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.917+git20190815-1 version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.16-1 To manage notifications about this bug go to: https://bugs.launchpad.net/mesa/+bug/1871959/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1949553] Re: Backport packages for 20.04.4 HWE stack
Hello Timo, or anyone else affected, Accepted xorg-server into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/xorg- server/2:1.20.13-1ubuntu1~20.04.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-focal. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: xorg-server (Ubuntu Focal) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libdrm in Ubuntu. https://bugs.launchpad.net/bugs/1949553 Title: Backport packages for 20.04.4 HWE stack Status in libdrm package in Ubuntu: Invalid Status in mesa package in Ubuntu: Invalid Status in xorg-server package in Ubuntu: Invalid Status in libdrm source package in Focal: In Progress Status in mesa source package in Focal: In Progress Status in xorg-server source package in Focal: Fix Committed Bug description: [Impact] These are needed for 20.04.4 images. [Test case] Boot a daily image, see that it still has the necessary stack installed and working. [What could go wrong] libdrm: adds some new api, no changes to old stuff llvm-13: a new package, no regression potential on it's own mesa: a new major release, but we'll pull the final stable release of 21.2.x series, so there shouldn't be any regressions left at that point xserver: a new point-release, 1.20.x series is in deep maintenance mode, so there should be little chance of breakage To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libdrm/+bug/1949553/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1949553] Re: Backport packages for 20.04.4 HWE stack
@Timo: I notice the libdrm backport drops the valgrind integration. I know it's disabled in (at least) impish, but is there any particular reason for it to be disabled in the focal backport? It seems pretty unlikely that anyone would notice, but the diff required to keep the valgrind annotations enabled also looks small, so maybe we should? ** Changed in: libdrm (Ubuntu Focal) Status: In Progress => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mesa in Ubuntu. https://bugs.launchpad.net/bugs/1949553 Title: Backport packages for 20.04.4 HWE stack Status in libdrm package in Ubuntu: Invalid Status in mesa package in Ubuntu: Invalid Status in xorg-server package in Ubuntu: Invalid Status in libdrm source package in Focal: Incomplete Status in mesa source package in Focal: In Progress Status in xorg-server source package in Focal: Fix Committed Bug description: [Impact] These are needed for 20.04.4 images. [Test case] Boot a daily image, see that it still has the necessary stack installed and working. [What could go wrong] libdrm: adds some new api, no changes to old stuff llvm-13: a new package, no regression potential on it's own mesa: a new major release, but we'll pull the final stable release of 21.2.x series, so there shouldn't be any regressions left at that point xserver: a new point-release, 1.20.x series is in deep maintenance mode, so there should be little chance of breakage To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libdrm/+bug/1949553/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1951667] Re: [SRU] pulseaudio: restore hdmi audio be active output after resume
** Tags added: originate-from-1933628 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1951667 Title: [SRU] pulseaudio: restore hdmi audio be active output after resume Status in HWE Next: New Status in OEM Priority Project: New Status in pulseaudio package in Ubuntu: In Progress Status in pulseaudio source package in Focal: In Progress Status in pulseaudio source package in Hirsute: In Progress Status in pulseaudio source package in Impish: In Progress Status in pulseaudio source package in Jammy: In Progress Bug description: [Impact] On the machines with legacy HDA audio driver, when users plug a hdmi/dp monitor, the active output device is still speaker, need users to manually select the hdmi, then the hdmi audio will be the users' preference, once it is plugged, it should become the active output automatically. But with the current PA, after reboot and suspend/resume, the hdmi can't change to be active output automatically anymore. [Fix] Backport an upstream fix, this will fix the issue of "preferred ports being cleaned by a mistake" [Test] On a machine with legacy HDA audio driver, install the patched pulseaudio, then run 'rm ~/.config/pulse/*; reboot', plug a hdmi monitor, select the hdmi audio to be active, with the hdmi monitor plugged and reboot, suspend and resume, check what is the active output, it is still the hdmi audio. [Where problems could occur] This patch is in the card-restore.c, if it could introduce regression, it will be on the default active input/output devices, for example, users select a input or output device to be active, after reboot, if those devices are available, they should be active, but they could be replaced by other devices if a regression is introduced. But this possibility is very low since we tested the patch on a couple of desktop and laptop machines. To manage notifications about this bug go to: https://bugs.launchpad.net/hwe-next/+bug/1951667/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
