[Touch-packages] [Bug 2078851] Re: saslauthd wrong permission of /var/spool/postfix/var/run/saslauthd
My takeaway from the above is that the daemon service itself still runs as root, just the group name changes, so for the specific scenario raised in question #2 it looks like the daemon's read access to root only files like shadow would be unaffected. Similarly, the issue I raised in "Where Problems May Occur" due to root ownership of files in /var/run/saslauthd would not be exhibited by read (or write) errors by the daemon itself. Indeed, it appears the contents of /var/run/saslauthd are cleared when the daemon stops, or is restarted, so if there *was* an issue with files in the run directory it should present immediately at service stop/start/restart: $ sudo systemctl stop saslauthd $ sudo ls /var/run/saslauthd/ -l ls: cannot access '/var/run/saslauthd/': No such file or directory $ sudo systemctl start saslauthd $ sudo ls /var/run/saslauthd/ -l total 968 -rw--- 1 root sasl 0 Oct 3 16:38 cache.flock -rw--- 1 root sasl 986112 Oct 3 16:38 cache.mmap srwxrwxrwx 1 root sasl 0 Oct 3 16:38 mux -rw--- 1 root sasl 0 Oct 3 16:38 mux.accept -rw--- 1 root sasl 6 Oct 3 16:38 saslauthd.pid $ sudo systemctl restart saslauthd $ sudo ls /var/run/saslauthd/ -l total 968 -rw--- 1 root sasl 0 Oct 3 16:38 cache.flock -rw--- 1 root sasl 986112 Oct 3 16:38 cache.mmap srwxrwxrwx 1 root sasl 0 Oct 3 16:38 mux -rw--- 1 root sasl 0 Oct 3 16:38 mux.accept -rw--- 1 root sasl 6 Oct 3 16:38 saslauthd.pid $ sleep 60 $ sudo systemctl restart saslauthd $ sudo ls /var/run/saslauthd/ -l total 968 -rw--- 1 root sasl 0 Oct 3 16:39 cache.flock -rw--- 1 root sasl 986112 Oct 3 16:39 cache.mmap srwxrwxrwx 1 root sasl 0 Oct 3 16:39 mux -rw--- 1 root sasl 0 Oct 3 16:39 mux.accept -rw--- 1 root sasl 6 Oct 3 16:39 saslauthd.pid $ sleep 120 $ sudo ls /var/run/saslauthd/ -l total 968 -rw--- 1 root sasl 0 Oct 3 16:39 cache.flock -rw--- 1 root sasl 986112 Oct 3 16:39 cache.mmap srwxrwxrwx 1 root sasl 0 Oct 3 16:39 mux -rw--- 1 root sasl 0 Oct 3 16:39 mux.accept -rw--- 1 root sasl 6 Oct 3 16:39 saslauthd.pid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/2078851 Title: saslauthd wrong permission of /var/spool/postfix/var/run/saslauthd Status in cyrus-sasl2 package in Ubuntu: Fix Released Status in cyrus-sasl2 source package in Noble: Incomplete Status in cyrus-sasl2 source package in Oracular: Fix Released Bug description: [Impact] Incorrect ownership of files in saslauthd's run directory can result in service issues (e.g. failure to authenticate, failure to restart, etc.) [Workaround] # systemctl edit saslauthd.service Then, put the following lines inside the file: [Service] Group=sasl Save the file, and restart the service. You should now see the right permissions/owner/group under /run/saslauthd. [Test Case] $ sudo apt-get install postfix sasl2-bin $ sudo systemctl enable saslauthd $ ls -ld /run/saslauthd/ drwx--x--- 2 root sasl 40 Sep 24 23:07 /run/saslauthd/ $ sudo systemctl start saslauthd $ ls -ld /run/saslauthd/ drwxr-xr-x 2 root root 140 Sep 24 23:09 /run/saslauthd [Where Problems Could Occur] Since the fix is only in packaging and deals only with permissions, regressions would be expected to be limited to permission issues relating to packaging files (configuration, daemons, logs, etc.) Notably, the fix corrects permissions on the *directory* itself, but not on its contents. Since the problem is that root ownership of the directory prevents non-root users from adding non-root owned files there, it is unlikely this situation would crop up in practice, and if it did should be reviewed and analyzed by the user. (We would not want to auto-fix unknown root-owned file permissions to non-root.) [Original Report] Folder group permission of /var/spool/postfix/var/run/saslauthd gets reset to "root" (should be "sasl") every time saslauthd gets restarted. This worked fine before upgrading from 22.04 to 24.04 My automated workaround currently is this crontab (root) entry: */1 * * * * /usr/bin/chgrp sasl /var/spool/postfix/var/run/saslauthd 2>&1 ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: postfix 3.8.6-1build2 ProcVersionSignature: Ubuntu 6.8.0-41.41-generic 6.8.12 Uname: Linux 6.8.0-41-generic x86_64 NonfreeKernelModules: zfs ApportVersion: 2.28.1-0ubuntu3.1 Architecture: amd64 CasperMD5CheckResult: unknown Date: Tue Sep 3 19:52:59 2024 SourcePackage: postfix UpgradeStatus: Upgraded to noble on 2024-08-31 (3 days ago) mtime.conffile..etc.init.d.apport: 2024-07-22T16:59:07 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/2078851/+subscriptions -- Mailing list: https://
[Touch-packages] [Bug 2078851] Re: saslauthd wrong permission of /var/spool/postfix/var/run/saslauthd
A. sasl2 not installed: $ apt-cache policy sasl2-bin sasl2-bin: Installed: (none) Candidate: 2.1.28+dfsg1-5ubuntu3.2~oracular1 Version table: 2.1.28+dfsg1-5ubuntu3.2~oracular1 500 500 https://ppa.launchpadcontent.net/bryce/cyrus-sasl2-sru-lp2078851/ubuntu noble/main amd64 Packages 2.1.28+dfsg1-5ubuntu3.1 500 500 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages 2.1.28+dfsg1-5ubuntu3 500 500 http://archive.ubuntu.com/ubuntu noble/main amd64 Packages $ ls -ld /run/saslauthd ls: cannot access '/run/saslauthd': No such file or directory $ ps aux | grep sasl2 | grep -v grep $ B. Installing from noble-updates $ apt-cache policy sasl2-bin | grep Installed: Installed: 2.1.28+dfsg1-5ubuntu3.1 $ ls -ld /run/saslauthd drwx--x--- 2 root sasl 40 Oct 3 16:14 /run/saslauthd/ $ ps aux | grep sasl2 | grep -v grep $ sudo systemctl enable saslauthd Synchronizing state of saslauthd.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable saslauthd Created symlink /etc/systemd/system/multi-user.target.wants/saslauthd.service → /usr/lib/systemd/system/saslauthd.service. $ ls -ld /run/saslauthd drwx--x--- 2 root sasl 40 Oct 3 16:14 /run/saslauthd/ $ sudo ls /var/run/saslauthd/ -l total 0 $ ls -l /usr/lib/systemd/system/saslauthd.service -rw-r--r-- 1 root root 326 Apr 5 19:59 /usr/lib/systemd/system/saslauthd.service $ sudo systemctl status saslauthd ○ saslauthd.service - SASL Authentication Daemon Loaded: loaded (/usr/lib/systemd/system/saslauthd.service; enabled; preset: enabled) Active: inactive (dead) Docs: man:saslauthd(8) Sep 24 23:35:06 cyrus-sasl2-sru-lp2078851-noble systemd[1]: saslauthd.service: Deactivated successfully. Sep 24 23:35:06 cyrus-sasl2-sru-lp2078851-noble systemd[1]: Stopped saslauthd.service - SASL Authentication Daemon. Sep 24 23:35:06 cyrus-sasl2-sru-lp2078851-noble systemd[1]: Starting saslauthd.service - SASL Authentication Daemon... Sep 24 23:35:06 cyrus-sasl2-sru-lp2078851-noble saslauthd[9743]: : master pid is: 9743 Sep 24 23:35:06 cyrus-sasl2-sru-lp2078851-noble saslauthd[9743]: : listening on socket: /var/run/saslauthd/mux Sep 24 23:35:06 cyrus-sasl2-sru-lp2078851-noble systemd[1]: Started saslauthd.service - SASL Authentication Daemon. Oct 03 16:11:13 cyrus-sasl2-sru-lp2078851-noble systemd[1]: Stopping saslauthd.service - SASL Authentication Daemon... Oct 03 16:11:13 cyrus-sasl2-sru-lp2078851-noble saslauthd[9743]: : master exited: 9743 Oct 03 16:11:13 cyrus-sasl2-sru-lp2078851-noble systemd[1]: saslauthd.service: Deactivated successfully. Oct 03 16:11:13 cyrus-sasl2-sru-lp2078851-noble systemd[1]: Stopped saslauthd.service - SASL Authentication Daemon. $ sudo systemctl start saslauthd $ ps aux | grep sasl | grep -v grep root 34437 0.0 0.0 19732 1104 ?Ss 16:19 0:00 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5 root 34438 0.0 0.0 19732 1104 ?S16:19 0:00 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5 root 34439 0.0 0.0 19732 1104 ?S16:19 0:00 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5 root 34440 0.0 0.0 19732 1104 ?S16:19 0:00 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5 root 34441 0.0 0.0 19732 1104 ?S16:19 0:00 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5 $ sudo systemctl status saslauthd ● saslauthd.service - SASL Authentication Daemon Loaded: loaded (/usr/lib/systemd/system/saslauthd.service; enabled; preset: enabled) Active: active (running) since Thu 2024-10-03 16:19:49 UTC; 1min 15s ago Docs: man:saslauthd(8) Process: 34436 ExecStart=/usr/sbin/saslauthd -a $MECHANISMS $MECH_OPTIONS $OPTIONS -n $THREADS (code=exited, status=0/SUCCESS) Main PID: 34437 (saslauthd) Tasks: 5 (limit: 76969) Memory: 2.9M () CPU: 8ms CGroup: /system.slice/saslauthd.service ├─34437 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5 ├─34438 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5 ├─34439 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5 ├─34440 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5 └─34441 /usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5 Oct 03 16:19:49 cyrus-sasl2-sru-lp2078851-noble systemd[1]: Starting saslauthd.service - SASL Authentication Daemon... Oct 03 16:19:49 cyrus-sasl2-sru-lp2078851-noble saslauthd[34437]: : master pid is: 34437 Oct 03 16:19:49 cyrus-sasl2-sru-lp2078851-noble saslauthd[34437]: : listening on socket: /var/run/saslauthd/mux Oct 03 16:19:49 cyrus-sasl2-sru-lp2078851-noble systemd[1]
[Touch-packages] [Bug 2078851] Re: saslauthd wrong permission of /var/spool/postfix/var/run/saslauthd
> 1. Is this bug that saslauthd doesn't work in Noble at all because the permissions are wrong? Or only in certain circumstances, and in which case, which ones? The reporter did not indicate what their specific failure mode was, but some examples of where this has been a problem in the past have related to authentication or service restart. > 2. Is it possible that somebody is successfully using saslauthd running as root, and changing the group of the service to sasl would break them? For example, what if they have saslauthd configured to read something else that is only readable by root? What about shadow? I mentioned in the "Where Problems Might Occur" section that if files are created in the /run directory with root permissions, that could potentially cause issues. Similarly, I suppose if they had a configuration that was making use of the service root permissions, I suppose that could potentially be an issue as well. Do you feel either of those would be disqualifying for SRU? > 3. Seems like this could do with verifying that saslauthd is working > end-to-end in at least one scenario. See: "The Test Plan verifies a technical > change but not the user story" as well as "Test Plan only covers the fix, and > not general use of the package to make sure that it still works after the > update" from > https://canonical-sru-docs.readthedocs-hosted.com/en/latest/howto/common-issues/#test-plan > 4. Can we add a dep8 test for saslauthd to both do the verification and also > prevent regressions in the future? As Andreas mentions, there is a saslauthd DEP8 test. This issue crops up only after the service is restarted, and while the test cause does do a service restart, the subsequent checks may not be thorough enough to trigger the bug. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/2078851 Title: saslauthd wrong permission of /var/spool/postfix/var/run/saslauthd Status in cyrus-sasl2 package in Ubuntu: Fix Released Status in cyrus-sasl2 source package in Noble: Incomplete Status in cyrus-sasl2 source package in Oracular: Fix Released Bug description: [Impact] Incorrect ownership of files in saslauthd's run directory can result in service issues (e.g. failure to authenticate, failure to restart, etc.) [Workaround] # systemctl edit saslauthd.service Then, put the following lines inside the file: [Service] Group=sasl Save the file, and restart the service. You should now see the right permissions/owner/group under /run/saslauthd. [Test Case] $ sudo apt-get install postfix sasl2-bin $ sudo systemctl enable saslauthd $ ls -ld /run/saslauthd/ drwx--x--- 2 root sasl 40 Sep 24 23:07 /run/saslauthd/ $ sudo systemctl start saslauthd $ ls -ld /run/saslauthd/ drwxr-xr-x 2 root root 140 Sep 24 23:09 /run/saslauthd [Where Problems Could Occur] Since the fix is only in packaging and deals only with permissions, regressions would be expected to be limited to permission issues relating to packaging files (configuration, daemons, logs, etc.) Notably, the fix corrects permissions on the *directory* itself, but not on its contents. Since the problem is that root ownership of the directory prevents non-root users from adding non-root owned files there, it is unlikely this situation would crop up in practice, and if it did should be reviewed and analyzed by the user. (We would not want to auto-fix unknown root-owned file permissions to non-root.) [Original Report] Folder group permission of /var/spool/postfix/var/run/saslauthd gets reset to "root" (should be "sasl") every time saslauthd gets restarted. This worked fine before upgrading from 22.04 to 24.04 My automated workaround currently is this crontab (root) entry: */1 * * * * /usr/bin/chgrp sasl /var/spool/postfix/var/run/saslauthd 2>&1 ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: postfix 3.8.6-1build2 ProcVersionSignature: Ubuntu 6.8.0-41.41-generic 6.8.12 Uname: Linux 6.8.0-41-generic x86_64 NonfreeKernelModules: zfs ApportVersion: 2.28.1-0ubuntu3.1 Architecture: amd64 CasperMD5CheckResult: unknown Date: Tue Sep 3 19:52:59 2024 SourcePackage: postfix UpgradeStatus: Upgraded to noble on 2024-08-31 (3 days ago) mtime.conffile..etc.init.d.apport: 2024-07-22T16:59:07 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/2078851/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2078851] Re: saslauthd wrong permission of /var/spool/postfix/var/run/saslauthd
** Changed in: cyrus-sasl2 (Ubuntu Noble) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/2078851 Title: saslauthd wrong permission of /var/spool/postfix/var/run/saslauthd Status in cyrus-sasl2 package in Ubuntu: Fix Released Status in cyrus-sasl2 source package in Noble: Fix Committed Status in cyrus-sasl2 source package in Oracular: Fix Released Bug description: [Impact] Incorrect ownership of files in saslauthd's run directory can result in service issues (e.g. failure to authenticate, failure to restart, etc.) [Workaround] # systemctl edit saslauthd.service Then, put the following lines inside the file: [Service] Group=sasl Save the file, and restart the service. You should now see the right permissions/owner/group under /run/saslauthd. [Test Case] $ sudo apt-get install postfix sasl2-bin $ sudo systemctl enable saslauthd $ ls -ld /run/saslauthd/ drwx--x--- 2 root sasl 40 Sep 24 23:07 /run/saslauthd/ $ sudo systemctl start saslauthd $ ls -ld /run/saslauthd/ drwxr-xr-x 2 root root 140 Sep 24 23:09 /run/saslauthd [Where Problems Could Occur] Since the fix is only in packaging and deals only with permissions, regressions would be expected to be limited to permission issues relating to packaging files (configuration, daemons, logs, etc.) Notably, the fix corrects permissions on the *directory* itself, but not on its contents. Since the problem is that root ownership of the directory prevents non-root users from adding non-root owned files there, it is unlikely this situation would crop up in practice, and if it did should be reviewed and analyzed by the user. (We would not want to auto-fix unknown root-owned file permissions to non-root.) [Original Report] Folder group permission of /var/spool/postfix/var/run/saslauthd gets reset to "root" (should be "sasl") every time saslauthd gets restarted. This worked fine before upgrading from 22.04 to 24.04 My automated workaround currently is this crontab (root) entry: */1 * * * * /usr/bin/chgrp sasl /var/spool/postfix/var/run/saslauthd 2>&1 ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: postfix 3.8.6-1build2 ProcVersionSignature: Ubuntu 6.8.0-41.41-generic 6.8.12 Uname: Linux 6.8.0-41-generic x86_64 NonfreeKernelModules: zfs ApportVersion: 2.28.1-0ubuntu3.1 Architecture: amd64 CasperMD5CheckResult: unknown Date: Tue Sep 3 19:52:59 2024 SourcePackage: postfix UpgradeStatus: Upgraded to noble on 2024-08-31 (3 days ago) mtime.conffile..etc.init.d.apport: 2024-07-22T16:59:07 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/2078851/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2078851] Re: saslauthd wrong permission of /var/spool/postfix/var/run/saslauthd
** Changed in: cyrus-sasl2 (Ubuntu Noble) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/2078851 Title: saslauthd wrong permission of /var/spool/postfix/var/run/saslauthd Status in cyrus-sasl2 package in Ubuntu: Fix Released Status in cyrus-sasl2 source package in Noble: In Progress Status in cyrus-sasl2 source package in Oracular: Fix Released Bug description: [Impact] Incorrect ownership of files in saslauthd's run directory can result in service issues (e.g. failure to authenticate, failure to restart, etc.) [Workaround] # systemctl edit saslauthd.service Then, put the following lines inside the file: [Service] Group=sasl Save the file, and restart the service. You should now see the right permissions/owner/group under /run/saslauthd. [Test Case] $ sudo apt-get install postfix sasl2-bin $ sudo systemctl enable saslauthd $ ls -ld /run/saslauthd/ drwx--x--- 2 root sasl 40 Sep 24 23:07 /run/saslauthd/ $ sudo systemctl start saslauthd $ ls -ld /run/saslauthd/ drwxr-xr-x 2 root root 140 Sep 24 23:09 /run/saslauthd [Where Problems Could Occur] Since the fix is only in packaging and deals only with permissions, regressions would be expected to be limited to permission issues relating to packaging files (configuration, daemons, logs, etc.) Notably, the fix corrects permissions on the *directory* itself, but not on its contents. Since the problem is that root ownership of the directory prevents non-root users from adding non-root owned files there, it is unlikely this situation would crop up in practice, and if it did should be reviewed and analyzed by the user. (We would not want to auto-fix unknown root-owned file permissions to non-root.) [Original Report] Folder group permission of /var/spool/postfix/var/run/saslauthd gets reset to "root" (should be "sasl") every time saslauthd gets restarted. This worked fine before upgrading from 22.04 to 24.04 My automated workaround currently is this crontab (root) entry: */1 * * * * /usr/bin/chgrp sasl /var/spool/postfix/var/run/saslauthd 2>&1 ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: postfix 3.8.6-1build2 ProcVersionSignature: Ubuntu 6.8.0-41.41-generic 6.8.12 Uname: Linux 6.8.0-41-generic x86_64 NonfreeKernelModules: zfs ApportVersion: 2.28.1-0ubuntu3.1 Architecture: amd64 CasperMD5CheckResult: unknown Date: Tue Sep 3 19:52:59 2024 SourcePackage: postfix UpgradeStatus: Upgraded to noble on 2024-08-31 (3 days ago) mtime.conffile..etc.init.d.apport: 2024-07-22T16:59:07 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/2078851/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2078851] Re: saslauthd wrong permission of /var/spool/postfix/var/run/saslauthd
A PPA with the fix for noble is here: https://launchpad.net/~bryce/+archive/ubuntu/cyrus-sasl2-sru-lp2078851 $ sudo add-apt-repository ppa:bryce/cyrus-sasl2-sru-lp2078851 ... $ apt-cache policy sasl2-bin sasl2-bin: Installed: 2.1.28+dfsg1-5ubuntu3.1 Candidate: 2.1.28+dfsg1-5ubuntu3.2~oracular1 Version table: 2.1.28+dfsg1-5ubuntu3.2~oracular1 500 500 https://ppa.launchpadcontent.net/bryce/cyrus-sasl2-sru-lp2078851/ubuntu noble/main amd64 Packages *** 2.1.28+dfsg1-5ubuntu3.1 500 500 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages 100 /var/lib/dpkg/status 2.1.28+dfsg1-5ubuntu3 500 500 http://archive.ubuntu.com/ubuntu noble/main amd64 Packages $ sudo apt-get upgrade ... $ ls -ld /run/saslauthd/ drwxr-xr-x 2 root sasl 140 Sep 24 23:35 /run/saslauthd// $ sudo systemctl start saslauthd $ ls -ld /run/saslauthd/ drwxr-xr-x 2 root sasl 140 Sep 24 23:35 /run/saslauthd// -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/2078851 Title: saslauthd wrong permission of /var/spool/postfix/var/run/saslauthd Status in cyrus-sasl2 package in Ubuntu: Fix Released Status in cyrus-sasl2 source package in Noble: Triaged Status in cyrus-sasl2 source package in Oracular: Fix Released Bug description: [Impact] Incorrect ownership of files in saslauthd's run directory can result in service issues (e.g. failure to authenticate, failure to restart, etc.) [Workaround] # systemctl edit saslauthd.service Then, put the following lines inside the file: [Service] Group=sasl Save the file, and restart the service. You should now see the right permissions/owner/group under /run/saslauthd. [Test Case] $ sudo apt-get install postfix sasl2-bin $ sudo systemctl enable saslauthd $ ls -ld /run/saslauthd/ drwx--x--- 2 root sasl 40 Sep 24 23:07 /run/saslauthd/ $ sudo systemctl start saslauthd drwxr-xr-x 2 root root 140 Sep 24 23:09 /run/saslauthd [Where Problems Could Occur] Since the fix is only in packaging and deals only with permissions, regressions would be expected to be limited to permission issues relating to packaging files (configuration, daemons, logs, etc.) Notably, the fix corrects permissions on the *directory* itself, but not on its contents. Since the problem is that root ownership of the directory prevents non-root users from adding non-root owned files there, it is unlikely this situation would crop up in practice, and if it did should be reviewed and analyzed by the user. (We would not want to auto-fix unknown root-owned file permissions to non-root.) [Original Report] Folder group permission of /var/spool/postfix/var/run/saslauthd gets reset to "root" (should be "sasl") every time saslauthd gets restarted. This worked fine before upgrading from 22.04 to 24.04 My automated workaround currently is this crontab (root) entry: */1 * * * * /usr/bin/chgrp sasl /var/spool/postfix/var/run/saslauthd 2>&1 ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: postfix 3.8.6-1build2 ProcVersionSignature: Ubuntu 6.8.0-41.41-generic 6.8.12 Uname: Linux 6.8.0-41-generic x86_64 NonfreeKernelModules: zfs ApportVersion: 2.28.1-0ubuntu3.1 Architecture: amd64 CasperMD5CheckResult: unknown Date: Tue Sep 3 19:52:59 2024 SourcePackage: postfix UpgradeStatus: Upgraded to noble on 2024-08-31 (3 days ago) mtime.conffile..etc.init.d.apport: 2024-07-22T16:59:07 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/2078851/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2078851] Re: saslauthd wrong permission of /var/spool/postfix/var/run/saslauthd
** Description changed: - Folder group permission of /var/spool/postfix/var/run/saslauthd gets - reset to "root" (should be "sasl") every time saslauthd gets restarted. + [Impact] + Incorrect ownership of files in saslauthd's run directory can result in service issues (e.g. failure to authenticate, failure to restart, etc.) + + [Workaround] + # systemctl edit saslauthd.service + + Then, put the following lines inside the file: + + [Service] + Group=sasl + + Save the file, and restart the service. You should now see the right + permissions/owner/group under /run/saslauthd. + + + [Test Case] + $ sudo apt-get install postfix sasl2-bin + $ sudo systemctl enable saslauthd + $ ls -ld /run/saslauthd/ + drwx--x--- 2 root sasl 40 Sep 24 23:07 /run/saslauthd/ + + $ sudo systemctl start saslauthd + drwxr-xr-x 2 root root 140 Sep 24 23:09 /run/saslauthd + + + [Where Problems Could Occur] + Since the fix is only in packaging and deals only with permissions, regressions would be expected to be limited to permission issues relating to packaging files (configuration, daemons, logs, etc.) + + Notably, the fix corrects permissions on the *directory* itself, but not + on its contents. Since the problem is that root ownership of the + directory prevents non-root users from adding non-root owned files + there, it is unlikely this situation would crop up in practice, and if + it did should be reviewed and analyzed by the user. (We would not want + to auto-fix unknown root-owned file permissions to non-root.) + + + [Original Report] + Folder group permission of /var/spool/postfix/var/run/saslauthd gets reset to "root" (should be "sasl") every time saslauthd gets restarted. This worked fine before upgrading from 22.04 to 24.04 My automated workaround currently is this crontab (root) entry: */1 * * * * /usr/bin/chgrp sasl /var/spool/postfix/var/run/saslauthd 2>&1 ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: postfix 3.8.6-1build2 ProcVersionSignature: Ubuntu 6.8.0-41.41-generic 6.8.12 Uname: Linux 6.8.0-41-generic x86_64 NonfreeKernelModules: zfs ApportVersion: 2.28.1-0ubuntu3.1 Architecture: amd64 CasperMD5CheckResult: unknown Date: Tue Sep 3 19:52:59 2024 SourcePackage: postfix UpgradeStatus: Upgraded to noble on 2024-08-31 (3 days ago) mtime.conffile..etc.init.d.apport: 2024-07-22T16:59:07 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/2078851 Title: saslauthd wrong permission of /var/spool/postfix/var/run/saslauthd Status in cyrus-sasl2 package in Ubuntu: Fix Released Status in cyrus-sasl2 source package in Noble: Triaged Status in cyrus-sasl2 source package in Oracular: Fix Released Bug description: [Impact] Incorrect ownership of files in saslauthd's run directory can result in service issues (e.g. failure to authenticate, failure to restart, etc.) [Workaround] # systemctl edit saslauthd.service Then, put the following lines inside the file: [Service] Group=sasl Save the file, and restart the service. You should now see the right permissions/owner/group under /run/saslauthd. [Test Case] $ sudo apt-get install postfix sasl2-bin $ sudo systemctl enable saslauthd $ ls -ld /run/saslauthd/ drwx--x--- 2 root sasl 40 Sep 24 23:07 /run/saslauthd/ $ sudo systemctl start saslauthd drwxr-xr-x 2 root root 140 Sep 24 23:09 /run/saslauthd [Where Problems Could Occur] Since the fix is only in packaging and deals only with permissions, regressions would be expected to be limited to permission issues relating to packaging files (configuration, daemons, logs, etc.) Notably, the fix corrects permissions on the *directory* itself, but not on its contents. Since the problem is that root ownership of the directory prevents non-root users from adding non-root owned files there, it is unlikely this situation would crop up in practice, and if it did should be reviewed and analyzed by the user. (We would not want to auto-fix unknown root-owned file permissions to non-root.) [Original Report] Folder group permission of /var/spool/postfix/var/run/saslauthd gets reset to "root" (should be "sasl") every time saslauthd gets restarted. This worked fine before upgrading from 22.04 to 24.04 My automated workaround currently is this crontab (root) entry: */1 * * * * /usr/bin/chgrp sasl /var/spool/postfix/var/run/saslauthd 2>&1 ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: postfix 3.8.6-1build2 ProcVersionSignature: Ubuntu 6.8.0-41.41-generic 6.8.12 Uname: Linux 6.8.0-41-generic x86_64 NonfreeKernelModules: zfs ApportVersion: 2.28.1-0ubuntu3.1 Architecture: amd64 CasperMD5CheckResult: unknown Date: Tue Sep 3 19:52:59 2024 SourcePackage: postfix UpgradeStatus: Upgraded to noble on 2024-08-31 (3 days ago) mtime.conf
[Touch-packages] [Bug 2078851] Re: saslauthd wrong permission of /var/spool/postfix/var/run/saslauthd
** Changed in: cyrus-sasl2 (Ubuntu Noble) Assignee: (unassigned) => Bryce Harrington (bryce) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/2078851 Title: saslauthd wrong permission of /var/spool/postfix/var/run/saslauthd Status in cyrus-sasl2 package in Ubuntu: Fix Released Status in cyrus-sasl2 source package in Noble: Triaged Status in cyrus-sasl2 source package in Oracular: Fix Released Bug description: Folder group permission of /var/spool/postfix/var/run/saslauthd gets reset to "root" (should be "sasl") every time saslauthd gets restarted. This worked fine before upgrading from 22.04 to 24.04 My automated workaround currently is this crontab (root) entry: */1 * * * * /usr/bin/chgrp sasl /var/spool/postfix/var/run/saslauthd 2>&1 ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: postfix 3.8.6-1build2 ProcVersionSignature: Ubuntu 6.8.0-41.41-generic 6.8.12 Uname: Linux 6.8.0-41-generic x86_64 NonfreeKernelModules: zfs ApportVersion: 2.28.1-0ubuntu3.1 Architecture: amd64 CasperMD5CheckResult: unknown Date: Tue Sep 3 19:52:59 2024 SourcePackage: postfix UpgradeStatus: Upgraded to noble on 2024-08-31 (3 days ago) mtime.conffile..etc.init.d.apport: 2024-07-22T16:59:07 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/2078851/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2073316] Re: Backport of openldap for Jammy
** Changed in: openldap (Ubuntu) Status: New => Invalid ** Changed in: openldap (Ubuntu Jammy) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2073316 Title: Backport of openldap for Jammy Status in openldap package in Ubuntu: Invalid Status in openldap source package in Jammy: Invalid Bug description: Backport openldap to focal, jammy and noble once the update for oracular has been completed. [Impact] TBD [Major Changes] TBD [Test Plan] TBD [Regression Potential] Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations, such as in relation to the versions of dependencies available and other packaging-specific matters. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2073316/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2073316] Re: Backport of openldap for Jammy
** Changed in: openldap (Ubuntu) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2073316 Title: Backport of openldap for Jammy Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: New Bug description: Backport openldap to focal, jammy and noble once the update for oracular has been completed. [Impact] TBD [Major Changes] TBD [Test Plan] TBD [Regression Potential] Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations, such as in relation to the versions of dependencies available and other packaging-specific matters. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2073316/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2059859] Re: pam_env(sshd:session): deprecated reading of user environment enabled
** Tags removed: server-todo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2059859 Title: pam_env(sshd:session): deprecated reading of user environment enabled Status in gdm3 package in Ubuntu: New Status in openssh package in Ubuntu: Fix Released Status in pam package in Ubuntu: Fix Released Status in openssh package in Debian: New Bug description: Ubuntu 24.04 / openssh-server/noble-updates 1:9.6p1-3ubuntu3 sshd complains about "deprecated reading of user environment". This should have been solved upstream, as far as I understand: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018106 Enclosed /etc/pam.d/sshd file is amended according to the debian bug report. ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: openssh-server 1:9.6p1-3ubuntu3 ProcVersionSignature: Ubuntu 6.8.0-11.11-generic 6.8.0-rc4 Uname: Linux 6.8.0-11-generic x86_64 ApportVersion: 2.28.0-0ubuntu1 Architecture: amd64 CasperMD5CheckResult: unknown Date: Sun Mar 31 11:56:25 2024 ProcEnviron: LANG=de_DE.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR= SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.init.d.apport: [modified] mtime.conffile..etc.init.d.apport: 2024-02-22T15:20:00 mtime.conffile..etc.pam.d.sshd: 2024-03-31T11:56:12.949543 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/2059859/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2075331] Re: FTBFS with gcc-14
*** This bug is a duplicate of bug 2075332 *** https://bugs.launchpad.net/bugs/2075332 ** This bug has been marked a duplicate of bug 2075332 FTBFS with gcc-14 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/2075331 Title: FTBFS with gcc-14 Status in cyrus-sasl2 package in Ubuntu: New Bug description: https://launchpadlibrarian.net/741628620/buildlog_ubuntu-oracular- amd64.cyrus-sasl2_2.1.28+dfsg1-6_BUILDING.txt.gz In file included from ../../include/hmac-md5.h:7, from ../../include/saslplug.h:11, from ../../lib/common.c:60: /usr/include/openssl/md5.h:49:27: note: declared here 49 | OSSL_DEPRECATEDIN_3_0 int MD5_Init(MD5_CTX *c); | ^~~~ ../../lib/common.c:2034:19: error: assignment to ‘void (*)(MD5_CTX *)’ {aka ‘void (*)(struct MD5state_st *)’} from incompatible pointer type ‘int (*)(MD5_CTX *)’ {aka ‘int (*)(struct MD5state_st *)’} [-Wincompatible-pointer-types] 2034 | utils->MD5Init = &MD5_Init; | ^ ../../lib/common.c:2035:3: warning: ‘MD5_Update’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] 2035 | utils->MD5Update= &MD5_Update; | ^ /usr/include/openssl/md5.h:50:27: note: declared here 50 | OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len); | ^~ ../../lib/common.c:2035:19: error: assignment to ‘void (*)(MD5_CTX *, const unsigned char *, unsigned int)’ {aka ‘void (*)(struct MD5state_st *, const unsigned char *, unsigned int)’} from incompatible pointer type ‘int (*)(MD5_CTX *, const void *, size_t)’ {aka ‘int (*)(struct MD5state_st *, const void *, long unsigned int)’} [-Wincompatible-pointer-types] 2035 | utils->MD5Update= &MD5_Update; | ^ ../../lib/common.c:2036:3: warning: ‘MD5_Final’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] 2036 | utils->MD5Final = &MD5_Final; | ^ /usr/include/openssl/md5.h:51:27: note: declared here 51 | OSSL_DEPRECATEDIN_3_0 int MD5_Final(unsigned char *md, MD5_CTX *c); | ^ ../../lib/common.c:2036:19: error: assignment to ‘void (*)(unsigned char *, MD5_CTX *)’ {aka ‘void (*)(unsigned char *, struct MD5state_st *)’} from incompatible pointer type ‘int (*)(unsigned char *, MD5_CTX *)’ {aka ‘int (*)(unsigned char *, struct MD5state_st *)’} [-Wincompatible-pointer-types] 2036 | utils->MD5Final = &MD5_Final; | ^ ../../lib/common.c: In function ‘_sasl_find_verifyfile_callback’: ../../lib/common.c:2165:5: warning: cast between incompatible function types from ‘int (*)(void *, char *, int)’ to ‘int (*)(void)’ [-Wcast-function-type] 2165 | (sasl_callback_ft)&_sasl_verifyfile, | ^ make[5]: *** [Makefile:608: common.lo] Error 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/2075331/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2075330] Re: FTBFS with gcc-14
*** This bug is a duplicate of bug 2075332 *** https://bugs.launchpad.net/bugs/2075332 ** This bug has been marked a duplicate of bug 2075332 FTBFS with gcc-14 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/2075330 Title: FTBFS with gcc-14 Status in cyrus-sasl2 package in Ubuntu: New Bug description: https://launchpadlibrarian.net/741628620/buildlog_ubuntu-oracular- amd64.cyrus-sasl2_2.1.28+dfsg1-6_BUILDING.txt.gz In file included from ../../include/hmac-md5.h:7, from ../../include/saslplug.h:11, from ../../lib/common.c:60: /usr/include/openssl/md5.h:49:27: note: declared here 49 | OSSL_DEPRECATEDIN_3_0 int MD5_Init(MD5_CTX *c); | ^~~~ ../../lib/common.c:2034:19: error: assignment to ‘void (*)(MD5_CTX *)’ {aka ‘void (*)(struct MD5state_st *)’} from incompatible pointer type ‘int (*)(MD5_CTX *)’ {aka ‘int (*)(struct MD5state_st *)’} [-Wincompatible-pointer-types] 2034 | utils->MD5Init = &MD5_Init; | ^ ../../lib/common.c:2035:3: warning: ‘MD5_Update’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] 2035 | utils->MD5Update= &MD5_Update; | ^ /usr/include/openssl/md5.h:50:27: note: declared here 50 | OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len); | ^~ ../../lib/common.c:2035:19: error: assignment to ‘void (*)(MD5_CTX *, const unsigned char *, unsigned int)’ {aka ‘void (*)(struct MD5state_st *, const unsigned char *, unsigned int)’} from incompatible pointer type ‘int (*)(MD5_CTX *, const void *, size_t)’ {aka ‘int (*)(struct MD5state_st *, const void *, long unsigned int)’} [-Wincompatible-pointer-types] 2035 | utils->MD5Update= &MD5_Update; | ^ ../../lib/common.c:2036:3: warning: ‘MD5_Final’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] 2036 | utils->MD5Final = &MD5_Final; | ^ /usr/include/openssl/md5.h:51:27: note: declared here 51 | OSSL_DEPRECATEDIN_3_0 int MD5_Final(unsigned char *md, MD5_CTX *c); | ^ ../../lib/common.c:2036:19: error: assignment to ‘void (*)(unsigned char *, MD5_CTX *)’ {aka ‘void (*)(unsigned char *, struct MD5state_st *)’} from incompatible pointer type ‘int (*)(unsigned char *, MD5_CTX *)’ {aka ‘int (*)(unsigned char *, struct MD5state_st *)’} [-Wincompatible-pointer-types] 2036 | utils->MD5Final = &MD5_Final; | ^ ../../lib/common.c: In function ‘_sasl_find_verifyfile_callback’: ../../lib/common.c:2165:5: warning: cast between incompatible function types from ‘int (*)(void *, char *, int)’ to ‘int (*)(void)’ [-Wcast-function-type] 2165 | (sasl_callback_ft)&_sasl_verifyfile, | ^ make[5]: *** [Makefile:608: common.lo] Error 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/2075330/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2075332] Re: FTBFS with gcc-14
** Tags added: update-excuse -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/2075332 Title: FTBFS with gcc-14 Status in cyrus-sasl2 package in Ubuntu: New Status in cyrus-sasl2 package in Debian: New Bug description: https://launchpadlibrarian.net/741628620/buildlog_ubuntu-oracular- amd64.cyrus-sasl2_2.1.28+dfsg1-6_BUILDING.txt.gz In file included from ../../include/hmac-md5.h:7, from ../../include/saslplug.h:11, from ../../lib/common.c:60: /usr/include/openssl/md5.h:49:27: note: declared here 49 | OSSL_DEPRECATEDIN_3_0 int MD5_Init(MD5_CTX *c); | ^~~~ ../../lib/common.c:2034:19: error: assignment to ‘void (*)(MD5_CTX *)’ {aka ‘void (*)(struct MD5state_st *)’} from incompatible pointer type ‘int (*)(MD5_CTX *)’ {aka ‘int (*)(struct MD5state_st *)’} [-Wincompatible-pointer-types] 2034 | utils->MD5Init = &MD5_Init; | ^ ../../lib/common.c:2035:3: warning: ‘MD5_Update’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] 2035 | utils->MD5Update= &MD5_Update; | ^ /usr/include/openssl/md5.h:50:27: note: declared here 50 | OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len); | ^~ ../../lib/common.c:2035:19: error: assignment to ‘void (*)(MD5_CTX *, const unsigned char *, unsigned int)’ {aka ‘void (*)(struct MD5state_st *, const unsigned char *, unsigned int)’} from incompatible pointer type ‘int (*)(MD5_CTX *, const void *, size_t)’ {aka ‘int (*)(struct MD5state_st *, const void *, long unsigned int)’} [-Wincompatible-pointer-types] 2035 | utils->MD5Update= &MD5_Update; | ^ ../../lib/common.c:2036:3: warning: ‘MD5_Final’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations] 2036 | utils->MD5Final = &MD5_Final; | ^ /usr/include/openssl/md5.h:51:27: note: declared here 51 | OSSL_DEPRECATEDIN_3_0 int MD5_Final(unsigned char *md, MD5_CTX *c); | ^ ../../lib/common.c:2036:19: error: assignment to ‘void (*)(unsigned char *, MD5_CTX *)’ {aka ‘void (*)(unsigned char *, struct MD5state_st *)’} from incompatible pointer type ‘int (*)(unsigned char *, MD5_CTX *)’ {aka ‘int (*)(unsigned char *, struct MD5state_st *)’} [-Wincompatible-pointer-types] 2036 | utils->MD5Final = &MD5_Final; | ^ ../../lib/common.c: In function ‘_sasl_find_verifyfile_callback’: ../../lib/common.c:2165:5: warning: cast between incompatible function types from ‘int (*)(void *, char *, int)’ to ‘int (*)(void)’ [-Wcast-function-type] 2165 | (sasl_callback_ft)&_sasl_verifyfile, | ^ make[5]: *** [Makefile:608: common.lo] Error 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/2075332/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2064435] Re: Merge openssh from Debian unstable for oracular
** Changed in: openssh (Ubuntu) Milestone: None => ubuntu-24.10-beta -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2064435 Title: Merge openssh from Debian unstable for oracular Status in openssh package in Ubuntu: New Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1:9.7p1-4 Ubuntu: 1:9.6p1-3ubuntu13 NOT SERVER TEAM has maintained this package's merge in the past. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### openssh (1:9.7p1-4) unstable; urgency=medium * Rework systemd readiness notification and socket activation patches to not link against libsystemd (the former via an upstream patch). * Force -fzero-call-used-regs=used not to be used on ppc64el (it's unsupported, but configure fails to detect this). -- Colin Watson Wed, 03 Apr 2024 12:06:08 +0100 openssh (1:9.7p1-3) unstable; urgency=medium * Fix gssapi-keyex declaration further (thanks, Andreas Hasenack; LP: #2053146). * Extend -fzero-call-used-regs check to catch m68k gcc bug (closes: #1067243). * debian/tests/regress: Set a different IP address for UNKNOWN. * Re-enable ssh-askpass-gnome on all architectures. * regress: Redirect conch stdin from /dev/zero (re-enables conch interop tests). * Drop 'Work around RSA SHA-2 signature issues in conch' patch (no longer needed now that Twisted is fixed). -- Colin Watson Sun, 31 Mar 2024 11:55:38 +0100 openssh (1:9.7p1-2) unstable; urgency=medium [ Simon McVittie ] * d/control, d/rules: Disable ssh-askpass-gnome on 32-bit, except i386 (closes: #1066847). -- Colin Watson Thu, 14 Mar 2024 11:45:12 + openssh (1:9.7p1-1) unstable; urgency=medium * Add the isolation-container restriction to the 'regress' autopkgtest. Our setup code wants to ensure that the haveged service is running, and furthermore at least the agent-subprocess test assumes that there's an init to reap zombie processes and doesn't work in (e.g.) autopkgtest-virt-unshare. * New upstream release (https://www.openssh.com/releasenotes.html#9.7p1): - ssh(1), sshd(8): add a 'global' ChannelTimeout type that watches all open channels and will close all open channels if there is no traffic on any of them for the specified interval. This is in addition to the existing per-channel timeouts added recently. This supports situations like having both session and x11 forwarding channels open where one may be idle for an extended period but the other is actively used. The global timeout could close both channels when both have been idle for too long (closes: #165185). - All: make DSA key support compile-time optional, defaulting to on. - sshd(8): don't append an unnecessary space to the end of subsystem arguments (bz3667) - ssh(1): fix the multiplexing 'channel proxy' mode, broken when keystroke timing obfuscation was added. (GHPR#463) - ssh(1), sshd(8): fix spurious configuration parsing errors when options that accept array arguments are overridden (bz3657). - ssh-agent(1): fix potential spin in signal handler (bz3670) - Many fixes to manual pages and other documentation. - Greatly improve interop testing against PuTTY. * Skip utimensat test on ZFS, since it seems to leave the atime set to 0. * Allow passing extra options to debian/tests/regress, for debugging. * Fix gssapi-keyex declaration, broken when rebasing onto 8.9p1 (LP: #2053146). -- Colin Watson Thu, 14 Mar 2024 10:47:58 + openssh (1:9.6p1-5) unstable; urgency=medium * Restore systemd template unit for per-connection sshd instances, although without any corresponding .socket unit for now; this is mainly for use with the forthcoming systemd-ssh-generator (closes: #1061516). It's now called sshd@.service, since unlike the main service there's no need to be concerned about compatibility with the slightly confusing 'ssh' service name that Debian has traditionally used. -- Colin Watson Wed, 06 Mar 2024 09:45:56 + openssh (1:9.6p1-4) unstable; urgency=medium * Add sshd_config checksums for 1:9.2p1-1 to ucf reference file, and add a test to ensure it doesn't get out of date again. * Drop manual adjustment of OpenSSL dependencies; OpenSSH relaxed its checks for OpenSSL >= 3 in 9.4p1. * Build-depend on pkgconf rather than pkg-config. * Adjust debian/c
[Touch-packages] [Bug 2064411] Re: Merge krb5 from Debian unstable for oracular
** Changed in: krb5 (Ubuntu) Milestone: None => ubuntu-24.10-beta -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/2064411 Title: Merge krb5 from Debian unstable for oracular Status in krb5 package in Ubuntu: Incomplete Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1.20.1-6 Ubuntu: 1.20.1-6ubuntu2 There is nothing yet to merge for krb5 currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### krb5 (1.20.1-6) unstable; urgency=medium * Fix up libverto1*->libverto1*t64, Closes: #1065702 -- Sam Hartman Sun, 10 Mar 2024 19:36:33 -0600 krb5 (1.20.1-5.1) unstable; urgency=medium * Non-maintainer upload. * Rename libraries for 64-bit time_t transition. Closes: #1064164 -- Lukas Märdian Wed, 28 Feb 2024 15:25:37 + krb5 (1.20.1-5) unstable; urgency=medium [ Helmut Grohne ] * Annotate test dependencies . (Closes: #1054461) [ Sam Hartman ] * Fix keyutils to be linux-any -- Helmut Grohne Tue, 24 Oct 2023 07:17:27 +0200 krb5 (1.20.1-4) unstable; urgency=low [ Steve Langasek ] * libkrb5support0: require strict binary dependency to deal with glibc 2.38, Closes: #1043184 [Jelmer Vernooij] * krb5-user: Use alternatives for kinit, klist, kswitch, ksu, kpasswd, kdestroy, kadmin and ktutil. This allows installation together with heimdal-clients. Closes: #213316, #751203 [ Sam Hartman ] * Enable build-time tests, Thanks Andreas Hasenack, Closes: #1017763 * Work around doxygen change that breaks doc build, Thanks Greg Hudson, Closes: #1051523 -- Sam Hartman Mon, 11 Sep 2023 11:06:57 -0600 krb5 (1.20.1-3) unstable; urgency=high * Fixes CVE-2023-36054: a remote authenticated attacker can cause kadmind to free an uninitialized pointer. Upstream believes remote code execusion is unlikely, Closes: #1043431 -- Sam Hartman Mon, 14 Aug 2023 14:06:53 -0600 krb5 (1.20.1-2) unstable; urgency=medium * Tighten dependencies on libkrb5support0. This means that the entire upgrade from bullseye to bookworm needs to be lockstep, but it appears that's what is required, Closes: #1036055 -- Sam Hartman Mon, 15 May 2023 17:44:41 -0600 krb5 (1.20.1-1) unstable; urgency=high [ Bastian Germann ] * Sync debian/copyright with NOTICE from upstream [ Debian Janitor ] * Trim trailing whitespace. * Strip unusual field spacing from debian/control. * Use secure URI in Homepage field. * Merge upstream signing key files. * Update renamed lintian tag names in lintian overrides. * Update standards version to 4.6.1, no changes needed. * Remove field Section on binary package krb5-gss-samples that duplicates source. * Fix field name cases in debian/control (VCS-Browser => Vcs-Browser, VCS-Git => Vcs-Git). [ Sam Hartman ] * New upstream release - Integer overflows in PAC parsing; potentially critical for 32-bit KDCs or when cross-realm acts maliciously; DOS in other conditions; CVE-2022-42898, Closes: #1024267 * Tighten version dependencies around crypto library, Closes: 1020424 * krb5-user reccomends rather than Depends on krb5-config. This avoids a hard dependency on bind9-host, but also supports cases where krb5-config is externally managed, Closes: #1005821 -- Sam Hartman Thu, 17 Nov 2022 10:34:28 -0700 krb5 (1.20-1) unstable; urgency=medium * New Upstream Version * Do not specify master key type to avoid weak crypto, Closes: #1009927 -- Sam Hartman Fri, 22 Jul 2022 16:32:38 -0600 krb5 (1.20~beta1-1) experimental; urgency=medium * New Upstream version -- Sam Hartman Thu, 07 Apr 2022 11:57:27 -0600 krb5 (1.19.2-2) unstable; urgency=medium ### Old Ubuntu Delta ### krb5 (1.20.1-6ubuntu2) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek Sun, 31 Mar 2024 07:42:10 + krb5 (1.20.1-6ubuntu1) noble; urgency=medium * Fix tests with Python 3.12. -- Matthias Klose Sun, 24 Mar 2024 12:51:41 +0100 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/2064411/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.laun
[Touch-packages] [Bug 2064420] Re: Merge libseccomp from Debian unstable for oracular
** Changed in: libseccomp (Ubuntu) Milestone: None => ubuntu-24.10-beta -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/2064420 Title: Merge libseccomp from Debian unstable for oracular Status in libseccomp package in Ubuntu: Incomplete Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 2.5.5-1 Ubuntu: 2.5.5-1ubuntu3 NOT SERVER TEAM has maintained this package's merge in the past. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38 ### Old Ubuntu Delta ### libseccomp (2.5.5-1ubuntu3) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek Sun, 31 Mar 2024 07:58:07 + libseccomp (2.5.5-1ubuntu2) noble; urgency=medium * No-change rebuild to build with python3.12 only. -- Matthias Klose Sat, 16 Mar 2024 23:14:35 +0100 libseccomp (2.5.5-1ubuntu1) noble; urgency=medium * Merge from Debian unstable; remaining changes: - Add autopkgtests * Added changes: - d/t/test-filter: generate syscalls list from src/syscalls.csv rather than shipping a static list to ensure all get tested via autopkgtests * Dropped changes: - d/t/data/all-5.16-rc1.filter: remove static syscall list -- Alex Murray Fri, 02 Feb 2024 13:30:43 +1030 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/2064420/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2064408] Re: Merge init-system-helpers from Debian unstable for oracular
** Changed in: init-system-helpers (Ubuntu) Milestone: None => ubuntu-24.10-beta -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to init-system-helpers in Ubuntu. https://bugs.launchpad.net/bugs/2064408 Title: Merge init-system-helpers from Debian unstable for oracular Status in init-system-helpers package in Ubuntu: Incomplete Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1.66 Ubuntu: 1.66ubuntu1 foundations team has maintained this package's merge in the past. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### init-system-helpers (1.66) unstable; urgency=medium [ Samuel Thibault ] * Add hurd-amd64 case. [ Gioele Barabucci ] * d/init.lintian-overrides: Silence warning about 'Important' field `Important: yes` instructs APT to warn the user before removing this package. [ Johannes Schauer Marin Rodrigues ] * script/update-rc.d: DPKG_ROOT support for sysvinit [ Ansgar ] * Add 'Protected: yes' to package 'init' The 'Protected' field does the same as 'Important' already did in apt, but is also understood by dpkg (since dpkg 1.20.1). [ Luca Boccassi ] * Bump Standards-Version to 4.6.2, no changes * Override Lintian warning for Protected: yes * deb-systemd-invoke: support reload/reexec. This is useful for the --user case, to provide a shortcut that loops over all active user sessions over D-Bus. * deb-systemd-invoke: support --no-dbus for reload/reexec. Provide common implementation for SIGHUP/SIGRTMIN+25 to reload/reexec the system or user instances. -- Luca Boccassi Sun, 26 Nov 2023 20:42:28 + init-system-helpers (1.65.2) unstable; urgency=low * Undo yet another hostile and baseless NMU. -- Luca Boccassi Sun, 18 Sep 2022 02:53:19 +0100 init-system-helpers (1.65.1) unstable; urgency=low * Undo hostile NMU. -- Luca Boccassi Sun, 18 Sep 2022 01:53:32 +0100 init-system-helpers (1.65) unstable; urgency=low * Upload to unstable. -- Luca Boccassi Sat, 17 Sep 2022 21:11:07 +0100 init-system-helpers (1.65~exp2) experimental; urgency=medium * fakechroot tests: skip on architectures where it is not available -- Luca Boccassi Thu, 15 Sep 2022 21:14:08 +0100 init-system-helpers (1.65~exp1) experimental; urgency=medium [ Luca Boccassi ] * Drop outdated conflict with file-rc * Add myself to Uploaders * d/rules: use execute_after instead of override * Add a dependency on usrmerge | usr-is-merged to complete the transition. As per ctte decision and discussion at: https://lists.debian.org/debian-ctte/2022/07/msg00019.html https://lists.debian.org/debian-ctte/2022/07/msg00061.html https://lists.debian.org/debian-ctte/2022/08/msg6.html [ Victor Westerhuis ] * Make deb-systemd-helper work on template units with DefaultInstance. DefaultInstance only influences the meaning of WantedBy/RequiredBy. Alias and Also are not impacted. This patch does not enable changing template instantiations, so `deb-systemd-helper enable getty@tty2.service` will still fail. * Fix tests depending on ordering of lines in state file. The previous commit changes the order in which lines are written to the state file. Because correctness does not depend on the order in which the state file is written, ignore the order in the test. -- Luca Boccassi Sat, 10 Sep 2022 13:27:16 +0100 init-system-helpers (1.64) unstable; urgency=medium * Team upload. * d-s-h: break infinite recursion on symlinks. (Closes: #1014119) * Bump Standards-Version to 4.6.1, no changes * Update date ranges in d/copyright -- Luca Boccassi Mon, 04 Jul 2022 11:19:08 +0100 init-system-helpers (1.63) unstable; urgency=medium [ Debian Janitor ] * Remove constraints unnecessary since buster * init-system-helpers: Drop versioned constraint on perl-base in Depends. * init: Drop versioned constraint on init-system-helpers in Depends. [ Johannes Schauer Marin Rodrigues ] * t/helpers.pm: use installed version of deb-systemd-helper if TEST_INSTALLED is set * add DPKG_ROOT support (Closes: #983421) ### Old Ubuntu Delta ### init-system-helpers (1.66ubuntu1) noble; urgency=medium * Merge from Debian unstable. Remaining changes: - Drop dependency on usrmerge. -- Steve Langasek Tue, 05 Dec 2023 23:50:15 -0800 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/init-system-helpers/
[Touch-packages] [Bug 2040403] Re: Merge net-tools from Debian unstable for noble
** Changed in: net-tools (Ubuntu) Status: Incomplete => Won't Fix ** Changed in: net-tools (Ubuntu) Milestone: None => ubuntu-24.04-feature-freeze -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to net-tools in Ubuntu. https://bugs.launchpad.net/bugs/2040403 Title: Merge net-tools from Debian unstable for noble Status in net-tools package in Ubuntu: Won't Fix Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 2.10-0.1 Ubuntu: 2.10-0.1ubuntu3 There is nothing yet to merge for net-tools currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### net-tools (2.10-0.1) unstable; urgency=medium * Non-maintainer upload. * Update Martina's name and email address. * Drop DECnet support (Closes: #1024730) * Revert 'Fix d/watch to point to upstream git repository' * New upstream version 2.10 (Closes: #1000281) -- Bastian Germann Fri, 25 Nov 2022 15:15:20 +0100 net-tools (1.60+git20181103.0eebece-1) unstable; urgency=medium * New upstream version 1.60+git20181103.0eebece - Fix nstrcmp() to prevent ifconfig from showing duplicate interfaces. (Closes: #812886) * Fix d/watch to point to upstream git repository * Add patch to fix decoding of MII vendor ids. (Closes: #549397) - Thanks, Ben Hutchings, for the patch. * Add patch to fix Japanese translation which uses a wrong Kanji character. (Closes: #621752) - Thanks, Takeshi Hamasaki, for the patch. * Add patch to fix wrong indentation of 'collisions' in the Japanese translation. (Closes: #653117) - Thanks, NODA, Kai, for the patch. * Fix Uploaders' field. - Add myself as an uploader. - Fix Tina's details. -- Utkarsh Gupta Fri, 02 Oct 2020 15:01:04 +0530 net-tools (1.60+git20180626.aebd88e-1) unstable; urgency=medium * New upstream snapshot * Refresh patches. * Fix typos in German manpages. Thanks to Prof. Dr. Steffen Wendzel and Dr. Tobias Quathamer for the patch. Closes: #900962. -- Martina Ferrari Mon, 24 Sep 2018 19:08:57 + net-tools (1.60+git20161116.90da8a0-4) unstable; urgency=medium * Update maintainer email address. Closes: #899617. * Update Standards-Version with no changes. -- Martina Ferrari Mon, 24 Sep 2018 17:16:31 + net-tools (1.60+git20161116.90da8a0-3) unstable; urgency=medium * debian/control: Update Vcs-* and Standards-Version. * debian/control: remove references to ancient package ja-trans. * debian/gbp.conf: Update repo layout. -- Martina Ferrari Tue, 31 Jul 2018 19:09:00 + net-tools (1.60+git20161116.90da8a0-2) unstable; urgency=medium * Fix typo in French manpage. Thanks to Michel Grigaut for the patch. * Add manpage for iptunnel, thanks to Sergio Durigan Junior. Closes: #88910 * Rename patches so CME does not choke on them. * Automated cme fixes; packaging improvements. * Remove unused and ancient patch. -- Martina Ferrari Sun, 11 Feb 2018 17:29:24 + net-tools (1.60+git20161116.90da8a0-1) unstable; urgency=medium * New upstream snapshot. * Re-synced translations.patch. * Acknowledge NMUs. Thanks a lot to Andrey Rahmatullin for the fixes and uploads. Closes: 846509. * Fix FTCBFS, thanks to Helmut Grohne for the patch. Closes: #811561. + Really assign CC for cross compilation. + Use triplet prefixed pkg-config. * Add debian/NEWS warning about changing output in net-tools commands. Closing bugs that reported problems in 3rd-party scripts arising from these changes. Closes: #845153, #843892, #820212. * Update Standards-Version, with no changes. -- Martina Ferrari Mon, 26 Dec 2016 05:58:42 + net-tools (1.60+git20150829.73cef8a-2.2) unstable; urgency=medium * Non-maintainer upload. * Apply an additional fix for the previous FTBFS for some architectures. -- Andrey Rahmatullin Thu, 01 Dec 2016 22:49:27 +0500 net-tools (1.60+git20150829.73cef8a-2.1) unstable; urgency=medium * Non-maintainer upload. * Fix FTBFS by applying the upstream patch (Closes: #844073). -- Andrey Rahmatullin Sun, 20 Nov 2016 15:23:12 +0500 net-tools (1.60+git20150829.73cef8a-2) unstable; urgency=medium [ Laurent Bigonville ] * Enable SELinux support. Closes: #666204. ### Old Ubuntu Delta ### net-tools (2.10-0.1ubuntu3) lunar; urgency=medium * Further fixes for mismerge. -- Steve Langasek Tue, 13 Dec 2022 13:49:51 -0800 net-tools (2.10-0.1ubuntu2) lunar; urgency=medium * Fix mismerge of Ubuntu units patch. -- Steve
[Touch-packages] [Bug 2064457] [NEW] Merge rsync from Debian unstable for oracular
Public bug reported: Upstream: tbd Debian: 3.3.0-1 Ubuntu: 3.2.7-1ubuntu1 Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### rsync (3.3.0-1) unstable; urgency=medium [ Aquila Macedo Costa ] * d/control: Bump Standards-Version to 4.6.2 [ Samuel Henrique ] * New upstream version 3.3.0 (closes: #1068630) * Bump Standards-Version to 4.7.0 * Update patches * d/patches: Drop merged patches * d/control: Drop dependency on lsb-base * d/rsync.lintian-overrides: Update overrides -- Samuel Henrique Fri, 12 Apr 2024 00:28:29 +0100 rsync (3.2.7-1) unstable; urgency=medium [ Juri Grabowski ] * New upstream version 3.2.7 * Remove patches included in new release [ Helmut Grohne ] * Fix FTCBFS: Use native instances for python build depends (closes: #1022988). [ Samuel Henrique ] * d/rsync.lintian-overrides: Update findings as per lintian changes * d/patches: Add two upstream patches to fix issues post 3.2.7 release: - trust_the_sender_on_a_local_transfer.patch - avoid_quoting_of_tilde_when_its_a_destination_arg.patch -- Samuel Henrique Sun, 18 Dec 2022 14:10:54 + rsync (3.2.6-4) unstable; urgency=medium * Upload to unstable - d/patches: ~ fix_files_from.patch: Upstream patch to address the files-from issue. ~ fix_relative.patch: Upstream patch to fix exclusion of /. with --relative. ~ fix_remote_filter_rules_validation.patch: Upstream patch to fix bug with validating remote filter rules. (closes: #1018296, #1019561) -- Samuel Henrique Wed, 21 Sep 2022 18:58:57 +0100 rsync (3.2.6-3) experimental; urgency=medium * d/patches: - fix_files_from.patch: Upstream patch to address the files-from issue, likely to also be related to #1019561 and #1018296 - fix_relative.patch: Upstream patch to fix exclusion of /. with --relative -- Samuel Henrique Wed, 14 Sep 2022 19:25:19 +0100 rsync (3.2.6-2) experimental; urgency=medium * d/p/fix_remote_filter_rules_validation.patch: New upstream patch to try to fix #1019561 and #1018296 -- Samuel Henrique Tue, 13 Sep 2022 20:55:01 +0100 rsync (3.2.6-1) unstable; urgency=medium * New upstream version 3.2.6 - Added a safety check that prevents the sender from removing destination files when a local copy using --remove-source-files has some files that are shared between the sending & receiving hierarchies, including the case where the source dir & destination dir are identical (closes: #1016102) * Bump Standards-Version to 4.6.1 -- Samuel Henrique Sat, 10 Sep 2022 20:03:51 +0100 rsync (3.2.5-1) unstable; urgency=medium * New upstream version 3.2.5 - Added some file-list safety checking that helps to ensure that a rogue sending rsync can't add unrequested top-level names and/or include recursive names that should have been excluded by the sender. These extra safety checks only require the receiver rsync to be updated. When dealing with an untrusted sending host, it is safest to copy into a dedicated destination directory for the remote content (i.e. don't copy into a destination directory that contains files that aren't from the remote host unless you trust the remote host) (closes: #1016543, CVE-2022-29154). - The build date that goes into the manpages is now based on the developer's release date, not on the build's local-timezone interpretation of the date (closes: #1009981) -- Samuel Henrique Tue, 16 Aug 2022 11:03:48 +0100 rsync (3.2.4-1) unstable; urgency=medium [ Samuel Henrique ] * New upstream version 3.2.4 - Work around a glibc bug where lchmod() breaks in a chroot w/o /proc mounted (closes: #995046). - rsync.1: remove prepended backticks which broke --stop-after and --stop-at formatting (closes: #1007990). ### Old Ubuntu Delta ### rsync (3.2.7-1ubuntu1) noble; urgency=medium * add d/p/fix_crashes_with_fortified_strlcpy.patch (LP: #2060967) - Fixes a buffer overflow when using -F flag. -- Mitchell Dzurick Fri, 12 Apr 2024 10:09:41 -0700 rsync (3.2.7-1build3) noble; urgency=high * No change rebuild against libssl3t64. -- Julian Andres Klode Mon, 08 Apr 2024 16:49:18 +0200 rsync (3.2.7-1build2) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek Sun, 31 Mar 2024 17:10:35 + rsync (3.2.7-1build1) noble; urgency=medium * No-change rebuild against libssl3t64 -- Steve Langasek Mon, 04 Mar 2024 21:12:
[Touch-packages] [Bug 2064431] [NEW] Merge net-tools from Debian unstable for oracular
Public bug reported: A merge of net-tools appears to be available presently. Upstream: tbd Debian: 2.10-1.1 Ubuntu: 2.10-0.1ubuntu4 If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### net-tools (2.10-1.1) unstable; urgency=medium * Non-maintainer upload. * Release to unstable. (Closes: #1059409) -- Chris Hofstaedtler Mon, 22 Apr 2024 01:55:29 +0200 net-tools (2.10-1) experimental; urgency=medium * Move to /usr-merge (DEP17). -- Utkarsh Gupta Thu, 23 Nov 2023 14:41:07 + net-tools (2.10-0.1) unstable; urgency=medium * Non-maintainer upload. * Update Martina's name and email address. * Drop DECnet support (Closes: #1024730) * Revert 'Fix d/watch to point to upstream git repository' * New upstream version 2.10 (Closes: #1000281) -- Bastian Germann Fri, 25 Nov 2022 15:15:20 +0100 net-tools (1.60+git20181103.0eebece-1) unstable; urgency=medium * New upstream version 1.60+git20181103.0eebece - Fix nstrcmp() to prevent ifconfig from showing duplicate interfaces. (Closes: #812886) * Fix d/watch to point to upstream git repository * Add patch to fix decoding of MII vendor ids. (Closes: #549397) - Thanks, Ben Hutchings, for the patch. * Add patch to fix Japanese translation which uses a wrong Kanji character. (Closes: #621752) - Thanks, Takeshi Hamasaki, for the patch. * Add patch to fix wrong indentation of 'collisions' in the Japanese translation. (Closes: #653117) - Thanks, NODA, Kai, for the patch. * Fix Uploaders' field. - Add myself as an uploader. - Fix Tina's details. -- Utkarsh Gupta Fri, 02 Oct 2020 15:01:04 +0530 net-tools (1.60+git20180626.aebd88e-1) unstable; urgency=medium * New upstream snapshot * Refresh patches. * Fix typos in German manpages. Thanks to Prof. Dr. Steffen Wendzel and Dr. Tobias Quathamer for the patch. Closes: #900962. -- Martina Ferrari Mon, 24 Sep 2018 19:08:57 + net-tools (1.60+git20161116.90da8a0-4) unstable; urgency=medium * Update maintainer email address. Closes: #899617. * Update Standards-Version with no changes. -- Martina Ferrari Mon, 24 Sep 2018 17:16:31 + net-tools (1.60+git20161116.90da8a0-3) unstable; urgency=medium * debian/control: Update Vcs-* and Standards-Version. * debian/control: remove references to ancient package ja-trans. * debian/gbp.conf: Update repo layout. -- Martina Ferrari Tue, 31 Jul 2018 19:09:00 + net-tools (1.60+git20161116.90da8a0-2) unstable; urgency=medium * Fix typo in French manpage. Thanks to Michel Grigaut for the patch. * Add manpage for iptunnel, thanks to Sergio Durigan Junior. Closes: #88910 * Rename patches so CME does not choke on them. * Automated cme fixes; packaging improvements. * Remove unused and ancient patch. -- Martina Ferrari Sun, 11 Feb 2018 17:29:24 + net-tools (1.60+git20161116.90da8a0-1) unstable; urgency=medium * New upstream snapshot. * Re-synced translations.patch. * Acknowledge NMUs. Thanks a lot to Andrey Rahmatullin for the fixes and uploads. Closes: 846509. * Fix FTCBFS, thanks to Helmut Grohne for the patch. Closes: #811561. + Really assign CC for cross compilation. + Use triplet prefixed pkg-config. * Add debian/NEWS warning about changing output in net-tools commands. Closing bugs that reported problems in 3rd-party scripts arising from these changes. Closes: #845153, #843892, #820212. * Update Standards-Version, with no changes. -- Martina Ferrari Mon, 26 Dec 2016 05:58:42 + net-tools (1.60+git20150829.73cef8a-2.2) unstable; urgency=medium * Non-maintainer upload. * Apply an additional fix for the previous FTBFS for some architectures. -- Andrey Rahmatullin Thu, 01 Dec 2016 22:49:27 +0500 ### Old Ubuntu Delta ### net-tools (2.10-0.1ubuntu4) noble; urgency=high * No change rebuild for 64-bit time_t and frame pointers. -- Julian Andres Klode Mon, 08 Apr 2024 18:14:15 +0200 net-tools (2.10-0.1ubuntu3) lunar; urgency=medium * Further fixes for mismerge. -- Steve Langasek Tue, 13 Dec 2022 13:49:51 -0800 net-tools (2.10-0.1ubuntu2) lunar; urgency=medium * Fix mismerge of Ubuntu units patch. -- Steve Langasek Tue, 13 Dec 2022 13:40:24 -0800 net-tools (2.10-0.1ubuntu1) lunar; urgency=low * Merge from Debian unstable. Remaining changes: - Ubuntu_unit_conversion.patch: + Ubuntu Policy: output using standard SI unit multiples: KB (10^3), MB (10^6), GB (10^9), TB (10^12) and PB (10^15). Includes manpage update to remove comment about IEC units. - Add new DEP8 tests for hostname and ifconfig. -- Steve Langasek Tue, 13 Dec 2022 13:27:00 -0800 ** Affects: n
[Touch-packages] [Bug 2064435] [NEW] Merge openssh from Debian unstable for oracular
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 1:9.7p1-4 Ubuntu: 1:9.6p1-3ubuntu13 NOT SERVER TEAM has maintained this package's merge in the past. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### openssh (1:9.7p1-4) unstable; urgency=medium * Rework systemd readiness notification and socket activation patches to not link against libsystemd (the former via an upstream patch). * Force -fzero-call-used-regs=used not to be used on ppc64el (it's unsupported, but configure fails to detect this). -- Colin Watson Wed, 03 Apr 2024 12:06:08 +0100 openssh (1:9.7p1-3) unstable; urgency=medium * Fix gssapi-keyex declaration further (thanks, Andreas Hasenack; LP: #2053146). * Extend -fzero-call-used-regs check to catch m68k gcc bug (closes: #1067243). * debian/tests/regress: Set a different IP address for UNKNOWN. * Re-enable ssh-askpass-gnome on all architectures. * regress: Redirect conch stdin from /dev/zero (re-enables conch interop tests). * Drop 'Work around RSA SHA-2 signature issues in conch' patch (no longer needed now that Twisted is fixed). -- Colin Watson Sun, 31 Mar 2024 11:55:38 +0100 openssh (1:9.7p1-2) unstable; urgency=medium [ Simon McVittie ] * d/control, d/rules: Disable ssh-askpass-gnome on 32-bit, except i386 (closes: #1066847). -- Colin Watson Thu, 14 Mar 2024 11:45:12 + openssh (1:9.7p1-1) unstable; urgency=medium * Add the isolation-container restriction to the 'regress' autopkgtest. Our setup code wants to ensure that the haveged service is running, and furthermore at least the agent-subprocess test assumes that there's an init to reap zombie processes and doesn't work in (e.g.) autopkgtest-virt-unshare. * New upstream release (https://www.openssh.com/releasenotes.html#9.7p1): - ssh(1), sshd(8): add a 'global' ChannelTimeout type that watches all open channels and will close all open channels if there is no traffic on any of them for the specified interval. This is in addition to the existing per-channel timeouts added recently. This supports situations like having both session and x11 forwarding channels open where one may be idle for an extended period but the other is actively used. The global timeout could close both channels when both have been idle for too long (closes: #165185). - All: make DSA key support compile-time optional, defaulting to on. - sshd(8): don't append an unnecessary space to the end of subsystem arguments (bz3667) - ssh(1): fix the multiplexing 'channel proxy' mode, broken when keystroke timing obfuscation was added. (GHPR#463) - ssh(1), sshd(8): fix spurious configuration parsing errors when options that accept array arguments are overridden (bz3657). - ssh-agent(1): fix potential spin in signal handler (bz3670) - Many fixes to manual pages and other documentation. - Greatly improve interop testing against PuTTY. * Skip utimensat test on ZFS, since it seems to leave the atime set to 0. * Allow passing extra options to debian/tests/regress, for debugging. * Fix gssapi-keyex declaration, broken when rebasing onto 8.9p1 (LP: #2053146). -- Colin Watson Thu, 14 Mar 2024 10:47:58 + openssh (1:9.6p1-5) unstable; urgency=medium * Restore systemd template unit for per-connection sshd instances, although without any corresponding .socket unit for now; this is mainly for use with the forthcoming systemd-ssh-generator (closes: #1061516). It's now called sshd@.service, since unlike the main service there's no need to be concerned about compatibility with the slightly confusing 'ssh' service name that Debian has traditionally used. -- Colin Watson Wed, 06 Mar 2024 09:45:56 + openssh (1:9.6p1-4) unstable; urgency=medium * Add sshd_config checksums for 1:9.2p1-1 to ucf reference file, and add a test to ensure it doesn't get out of date again. * Drop manual adjustment of OpenSSL dependencies; OpenSSH relaxed its checks for OpenSSL >= 3 in 9.4p1. * Build-depend on pkgconf rather than pkg-config. * Adjust debian/copyright to handle the 'placed in the public domain' status of rijndael.* more explicitly. -- Colin Watson Mon, 26 Feb 2024 12:26:57 + openssh (1:9.6p1-3) unstable; urgency=medium * Allow passing extra ssh-agent arguments via '/usr/lib/openssh/agent-launch start', making it possible to override things like identity lifetime using a systemd drop-in unit (closes: #1059639). * Don't try to start rescue-ssh.target in postinst (LP: #2047082). -- Colin Watson Wed, 17 Jan 2024 22:50:07 +
[Touch-packages] [Bug 2064434] [NEW] Merge openldap from Debian unstable for oracular
Public bug reported: Upstream: tbd Debian: 2.5.17+dfsg-12.6.7+dfsg-1~exp1 Ubuntu: 2.6.7+dfsg-1~exp1ubuntu8 Debian new has 2.6.7+dfsg-1~exp1, which may be available for merge soon. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### openldap (2.5.17+dfsg-1) unstable; urgency=medium * New upstream release. - fixed slapo-dynlist so it can't be global (ITS#10091) (Closes: #1040382) * debian/copyright: Exclude doc/guide/admin/guide.html from the upstream source, because the tool required to build it from source is not packaged in Debian. Fixes a Lintian error (source-is-missing). * Update Swedish debconf translation. (Closes: #1056955) Thanks to Martin Bagge and Anders Jonsson. * debian/salsa-ci.yml: Enable Salsa CI pipeline. -- Ryan Tandy Fri, 26 Apr 2024 16:09:29 -0700 openldap (2.5.16+dfsg-2) unstable; urgency=medium * debian/patches/64-bit-time-t-compat: handle sizeof(time_t) > sizeof(long) in format strings. -- Steve Langasek Tue, 12 Mar 2024 06:26:07 + openldap (2.5.16+dfsg-1) unstable; urgency=medium [ Ryan Tandy ] * New upstream release. - fixed possible null pointer dereferences if strdup fails (ITS#9904) (Closes: #1036995, CVE-2023-2953) - fixed unaligned accesses in LMDB on sparc64 (ITS#9916) (Closes: #1020319) * Update Turkish debconf translation. (Closes: #1029758) Thanks to Atila KOÇ. * Add Romanian debconf translation. (Closes: #1033177) Thanks to Remus-Gabriel Chelu. * Create an autopkgtest covering basic TLS functionality. Thanks to John Scott. * Drop transitional package slapd-smbk5pwd. (Closes: #1032742) * Drop dbgsym migration for slapd-dbg. * Build and install the ppm module in slapd-contrib. (Closes: #1039740) * Fix implicit declaration of kadm5_s_init_with_password_ctx. (Closes: #1065633) [ Sergio Durigan Junior ] * d/control: Bump Standards-Version to 4.6.2; no changes needed. * d/control: Bump debhelper-compat to 13. * d/control: Drop lsb-base from slapd's Depends. * Enable SASL/GSSAPI tests. Thanks to Andreas Hasenack -- Ryan Tandy Fri, 08 Mar 2024 21:46:26 -0800 openldap (2.5.13+dfsg-5) unstable; urgency=medium * Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path. (Closes: #1030814) * Disable flaky test test069-delta-multiprovider-starttls. -- Ryan Tandy Tue, 07 Feb 2023 17:56:12 -0800 openldap (2.5.13+dfsg-4) unstable; urgency=medium [ Andreas Hasenack ] * d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817) * d/t/sha2-contrib: add test for sha2 module -- Ryan Tandy Mon, 06 Feb 2023 19:21:05 -0800 openldap (2.5.13+dfsg-3) unstable; urgency=medium [ Ryan Tandy ] * Disable flaky test test063-delta-multiprovider. Mitigates #1010608. [ Gioele Barabucci ] * slapd.scripts-common: Avoid double-UTF8-encoding org name (Closes: #1016185) * d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style` * d/slapd.postinst: Remove test for ancient version * slapd.scripts-common: Remove unused `normalize_ldif` * d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics` -- Ryan Tandy Fri, 13 Jan 2023 16:29:59 -0800 openldap (2.5.13+dfsg-2) unstable; urgency=medium * d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the autopkgtest failure due to heimdal setting mode 700 on this directory. (Closes: #1020442) * d/source/lintian-overrides: Add wildcards to make overrides compatible with both older and newer versions of lintian. * d/slapd-contrib.lintian-overrides: Remove unused custom-library-search-path override now that krb5-config no longer sets -rpath. -- Ryan Tandy Sat, 24 Sep 2022 12:40:21 -0700 openldap (2.5.13+dfsg-1) unstable; urgency=medium * d/rules: Remove get-orig-source, now unnecessary. * Check PGP signature when running uscan. * d/watch: Modernize watch file; use repacksuffix. * d/copyright: Update according to DEP-5. * d/control: Add myself to Uploaders. * New upstream release. ### Old Ubuntu Delta ### openldap (2.6.7+dfsg-1~exp1ubuntu8) noble; urgency=medium * Fix implicit declaration of kadm5_s_init_with_password_ctx. (Closes: #1065633) -- Matthias Klose Wed, 03 Apr 2024 20:47:41 +0200 openldap (2.6.7+dfsg-1~exp1ubuntu7) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek Sun, 31 Mar 2024 06:41:33 + openldap (2.6.7+dfsg-1~exp1ubuntu6) noble; urgency=medium * Revert change to ignore test failures. * debian/patches/64-bit-time-t-compat.patch: handle sizeof(time_t) > sizeof(long) in format strings. -- Steve Langasek Tue, 12 Mar 2024 07:32:43 + o
[Touch-packages] [Bug 2064407] [NEW] Merge heimdal from Debian unstable for oracular
Public bug reported: Upstream: tbd Debian: 7.8.git20221117.28daf24+dfsg-5 Ubuntu: 7.8.git20221117.28daf24+dfsg-5ubuntu3 Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### heimdal (7.8.git20221117.28daf24+dfsg-5) unstable; urgency=medium * Apply NMU patches. Closes: #1065373. -- Brian May Sat, 09 Mar 2024 11:01:27 +1100 heimdal (7.8.git20221117.28daf24+dfsg-4.2) unstable; urgency=medium [ Matthias Klose ] * Filter-out -Werror=implicit-function-declaration, unconditionally set by abi=time64. -- Steve Langasek Fri, 08 Mar 2024 08:21:09 + heimdal (7.8.git20221117.28daf24+dfsg-4.1) unstable; urgency=medium * Non-maintainer upload. * Rename libraries for 64-bit time_t transition. Closes: #1064097 -- Lukas Märdian Wed, 28 Feb 2024 08:36:52 + heimdal (7.8.git20221117.28daf24+dfsg-4) unstable; urgency=medium * Always build the rk_strlcat and rk_strlcpy symbols even if included in glibc. Closes: #1055316. -- Brian May Wed, 03 Jan 2024 11:43:58 +1100 heimdal (7.8.git20221117.28daf24+dfsg-3) unstable; urgency=medium * Fix random 'Ticket expired' and 'Clock skew too great' errors by setting kdc_offset correctly. Closes: #1039992. -- Brian May Tue, 04 Jul 2023 10:09:56 +1000 heimdal (7.8.git20221117.28daf24+dfsg-2) unstable; urgency=medium * Fix incorrect license of Debian files. * Fix deprecated dependancies. * gsskrb5: fix accidental logic inversions (CVE-2022-45142) (Closes: #1030849) - change applied from NMU version 7.8.git20221117.28daf24+dfsg-1.1 * Add ro.po file. Closes: #1031897. -- Brian May Sat, 25 Feb 2023 09:32:57 +1100 heimdal (7.8.git20221117.28daf24+dfsg-1) unstable; urgency=medium * New upstream release. -- Brian May Sat, 10 Dec 2022 16:29:20 +1100 heimdal (7.8.git20221115.a6cf945+dfsg-3) unstable; urgency=medium * Source-only upload to enable migration to testingi (2nd attempt). -- Brian May Sun, 04 Dec 2022 09:56:06 +1100 heimdal (7.8.git20221115.a6cf945+dfsg-2) unstable; urgency=medium * Source-only upload to enable migration to testing. -- Brian May Sun, 04 Dec 2022 09:09:44 +1100 heimdal (7.8.git20221115.a6cf945+dfsg-1) unstable; urgency=medium * New upstream version. * Numerous security fixes (Closes: #1024187). * asn1: Invalid free in ASN.1 codec (CVE-2022-44640) * krb5: PAC parse integer overflows (CVE-2022-42898) * gsskrb5: Use constant-time memcmp() for arcfour unwrap (CVE-2022-3437) * gsskrb5: Use constant-time memcmp() in unwrap_des3() (CVE-2022-3437) * gsskrb5: Don't pass NULL pointers to memcpy() in DES unwrap (CVE-2022-3437) * gsskrb5: Avoid undefined behaviour in _gssapi_verify_pad() (CVE-2022-3437) * gsskrb5: Check the result of _gsskrb5_get_mech() (CVE-2022-3437) * gsskrb5: Check buffer length against overflow for DES{,3} unwrap (CVE-2022-3437) * gsskrb5: Check for overflow in _gsskrb5_get_mech() (CVE-2022-3437) * gsskrb5: Pass correct length to _gssapi_verify_pad() (CVE-2022-3437) * libhx509: Fix denial of service vulnerability (CVE-2022-41916) * spnego: send_reject when no mech selected (CVE-2021-44758) * Fix regression in _krb5_get_int64 on 32 bit systems. https://github.com/heimdal/heimdal/pull/1025 * Increment soname for libroken. * Increment soname for libhcrypto. * Remove legacy shared library version requirements. * Add symbols to libkadm5srv8. -- Brian May Sun, 27 Nov 2022 10:44:26 +1100 heimdal (7.7.0+dfsg-6) unstable; urgency=medium * Retry deleting dangling windc.so again. Closes: #857215. * Create /var/lib/heimdal-kdc/m-key not /var/lib/heimdal-kdc/heimdal.mkey. Closes: #964008. * Disable use of -rpath in krb5-config.heimdal. Closes: #868840. -- Brian May Mon, 05 Sep 2022 08:35:33 +1000 ### Old Ubuntu Delta ### heimdal (7.8.git20221117.28daf24+dfsg-5ubuntu3) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek Sun, 31 Mar 2024 18:24:27 + heimdal (7.8.git20221117.28daf24+dfsg-5ubuntu2) noble; urgency=medium * No-change rebuild against libcom-err2 -- Steve Langasek Tue, 12 Mar 2024 20:32:53 + heimdal (7.8.git20221117.28daf24+dfsg-5ubuntu1) noble; urgency=low * Merge from Debian unstable. Remaining changes: - d/rules: Disable lto, to regain dep on roken, otherwise dependencies on amd64 are different than i386 resulting in different files on amd64 and i386. -- Gianfranco Costamagna Sun, 10 Mar 2024 01:31:18 +0100 ** Affects: heimdal (Ubuntu) Importance: Undecided
[Touch-packages] [Bug 2064408] [NEW] Merge init-system-helpers from Debian unstable for oracular
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 1.66 Ubuntu: 1.66ubuntu1 foundations team has maintained this package's merge in the past. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### init-system-helpers (1.66) unstable; urgency=medium [ Samuel Thibault ] * Add hurd-amd64 case. [ Gioele Barabucci ] * d/init.lintian-overrides: Silence warning about 'Important' field `Important: yes` instructs APT to warn the user before removing this package. [ Johannes Schauer Marin Rodrigues ] * script/update-rc.d: DPKG_ROOT support for sysvinit [ Ansgar ] * Add 'Protected: yes' to package 'init' The 'Protected' field does the same as 'Important' already did in apt, but is also understood by dpkg (since dpkg 1.20.1). [ Luca Boccassi ] * Bump Standards-Version to 4.6.2, no changes * Override Lintian warning for Protected: yes * deb-systemd-invoke: support reload/reexec. This is useful for the --user case, to provide a shortcut that loops over all active user sessions over D-Bus. * deb-systemd-invoke: support --no-dbus for reload/reexec. Provide common implementation for SIGHUP/SIGRTMIN+25 to reload/reexec the system or user instances. -- Luca Boccassi Sun, 26 Nov 2023 20:42:28 + init-system-helpers (1.65.2) unstable; urgency=low * Undo yet another hostile and baseless NMU. -- Luca Boccassi Sun, 18 Sep 2022 02:53:19 +0100 init-system-helpers (1.65.1) unstable; urgency=low * Undo hostile NMU. -- Luca Boccassi Sun, 18 Sep 2022 01:53:32 +0100 init-system-helpers (1.65) unstable; urgency=low * Upload to unstable. -- Luca Boccassi Sat, 17 Sep 2022 21:11:07 +0100 init-system-helpers (1.65~exp2) experimental; urgency=medium * fakechroot tests: skip on architectures where it is not available -- Luca Boccassi Thu, 15 Sep 2022 21:14:08 +0100 init-system-helpers (1.65~exp1) experimental; urgency=medium [ Luca Boccassi ] * Drop outdated conflict with file-rc * Add myself to Uploaders * d/rules: use execute_after instead of override * Add a dependency on usrmerge | usr-is-merged to complete the transition. As per ctte decision and discussion at: https://lists.debian.org/debian-ctte/2022/07/msg00019.html https://lists.debian.org/debian-ctte/2022/07/msg00061.html https://lists.debian.org/debian-ctte/2022/08/msg6.html [ Victor Westerhuis ] * Make deb-systemd-helper work on template units with DefaultInstance. DefaultInstance only influences the meaning of WantedBy/RequiredBy. Alias and Also are not impacted. This patch does not enable changing template instantiations, so `deb-systemd-helper enable getty@tty2.service` will still fail. * Fix tests depending on ordering of lines in state file. The previous commit changes the order in which lines are written to the state file. Because correctness does not depend on the order in which the state file is written, ignore the order in the test. -- Luca Boccassi Sat, 10 Sep 2022 13:27:16 +0100 init-system-helpers (1.64) unstable; urgency=medium * Team upload. * d-s-h: break infinite recursion on symlinks. (Closes: #1014119) * Bump Standards-Version to 4.6.1, no changes * Update date ranges in d/copyright -- Luca Boccassi Mon, 04 Jul 2022 11:19:08 +0100 init-system-helpers (1.63) unstable; urgency=medium [ Debian Janitor ] * Remove constraints unnecessary since buster * init-system-helpers: Drop versioned constraint on perl-base in Depends. * init: Drop versioned constraint on init-system-helpers in Depends. [ Johannes Schauer Marin Rodrigues ] * t/helpers.pm: use installed version of deb-systemd-helper if TEST_INSTALLED is set * add DPKG_ROOT support (Closes: #983421) ### Old Ubuntu Delta ### init-system-helpers (1.66ubuntu1) noble; urgency=medium * Merge from Debian unstable. Remaining changes: - Drop dependency on usrmerge. -- Steve Langasek Tue, 05 Dec 2023 23:50:15 -0800 ** Affects: init-system-helpers (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in: init-system-helpers (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to init-system-helpers in Ubuntu. https://bugs.launchpad.net/bugs/2064408 Title: Merge init-system-helpers from Debian unstable for oracular Status in init-system-helpers package in Ubuntu: Incomplete Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1.66 Ubuntu: 1.66ubuntu1 foundations team has maintained this packa
[Touch-packages] [Bug 2064399] [NEW] Merge cyrus-sasl2 from Debian unstable for oracular
Public bug reported: Upstream: tbd Debian: 2.1.28+dfsg1-6 Ubuntu: 2.1.28+dfsg1-5ubuntu3 Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### cyrus-sasl2 (2.1.28+dfsg1-6) unstable; urgency=medium * Team upload * Patch: Prevent six import (Closes: #1067425) -- Bastian Germann Thu, 21 Mar 2024 19:19:46 + cyrus-sasl2 (2.1.28+dfsg1-5) unstable; urgency=medium * Team upload * Fix implicit function declaration (Closes: #1066214) * Prevent linking via intersphinx (Closes: #1065436) * Extend the time_t format specifiers to long long (Closes: #1066811) -- Bastian Germann Wed, 20 Mar 2024 19:03:11 + cyrus-sasl2 (2.1.28+dfsg1-4) unstable; urgency=medium * Team upload * Clean docsrc/exts/themes (Closes: #1045111) * Drop gen-auth and saslfinger * Remove Uploaders who contributed more than a decade ago * Remove myself from Uploaders -- Bastian Germann Sat, 11 Nov 2023 22:17:13 +0100 cyrus-sasl2 (2.1.28+dfsg1-3) unstable; urgency=medium * Let libsasl2-dev depend on libssl-dev (Closes: #1042937) -- Bastian Germann Fri, 04 Aug 2023 00:35:18 +0200 cyrus-sasl2 (2.1.28+dfsg1-2) unstable; urgency=medium * Eliminate RSA-MD from binaries (Closes: #748061) -- Bastian Germann Tue, 01 Aug 2023 16:16:30 +0200 cyrus-sasl2 (2.1.28+dfsg1-1) unstable; urgency=medium * Exclude crypto-compat * New upstream version 2.1.28+dfsg1 * Get rid of BSD-4-clause-KTH * Use SPDX name for the primary license * Add Turkish translation (Closes: #1036910) [ Andreas Hasenack ] * d/t/saslauthd: fix test flakiness (Closes: #1036893) -- Bastian Germann Mon, 05 Jun 2023 23:24:14 +0200 cyrus-sasl2 (2.1.28+dfsg-11) unstable; urgency=medium [ Debian Janitor ] * Apply multi-arch hints. + cyrus-sasl2-doc: Add Multi-Arch: foreign. [ Bastian Germann ] * Add Romanian translation (Closes: #1031499) * Fix lintian depends-on-obsolete-package (lsb-base) * Add saslauthd.service (Closes: #981438) * Remove dh_installinit params * Install saslauthd.service similar to saslauthd.init * Drop old NEWS * Fix systemd-service-file-missing-documentation-key -- Bastian Germann Wed, 01 Mar 2023 00:52:04 +0100 cyrus-sasl2 (2.1.28+dfsg-10) unstable; urgency=medium [ Helmut Grohne ] * Explicitly B-D on libcrypt-dev (Closes: #1024644) -- Bastian Germann Tue, 22 Nov 2022 17:48:33 +0100 cyrus-sasl2 (2.1.28+dfsg-9) unstable; urgency=medium * d/watch: Scan GitHub release API [ Helmut Grohne ] * Depend on ABI-less libc-dev rather than libc6-dev (Closes: #1023838) -- Bastian Germann Fri, 11 Nov 2022 12:27:36 +0100 cyrus-sasl2 (2.1.28+dfsg-8) unstable; urgency=medium [ Andreas Hasenack ] * Add SASL channel binding support for GSSAPI and GSS-SPNEGO (LP: #1912256): - d/p/0034-channel-binding-gssapi-gss-spnego.patch: add SASL channel binding support for GSSAPI and GSS-SPNEGO - d/p/0035-Add-support-for-setting-max-ssf-0-to-GSS-SPNEGO-1.patch: allow setting maxssf to 0 when using GSS-SPNEGO inside SSL/TLS - d/p/0035-Add-support-for-setting-max-ssf-0-to-GSS-SPNEGO-2.patch: be more conformant to RFC4752 -- Bastian Germann Mon, 05 Sep 2022 14:30:39 +0200 cyrus-sasl2 (2.1.28+dfsg-7) unstable; urgency=medium * d/tests: Relicense to GPL-3 ### Old Ubuntu Delta ### cyrus-sasl2 (2.1.28+dfsg1-5ubuntu3) noble; urgency=medium * No-change rebuild for time_t transition. -- Sergio Durigan Junior Fri, 05 Apr 2024 15:59:59 -0400 cyrus-sasl2 (2.1.28+dfsg1-5ubuntu2) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek Sun, 31 Mar 2024 07:31:27 + cyrus-sasl2 (2.1.28+dfsg1-5ubuntu1) noble; urgency=medium * Add Depends: python3-six -- Jeremy Bícha Thu, 21 Mar 2024 09:33:35 -0400 ** Affects: cyrus-sasl2 (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-version ** Changed in: cyrus-sasl2 (Ubuntu) Milestone: None => ubuntu-24.07 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/2064399 Title: Merge cyrus-sasl2 from Debian unstable for oracular Status in cyrus-sasl2 package in Ubuntu: New Bug description: Upstream: tbd Debian: 2.1.28+dfsg1-6 Ubuntu: 2.1.28+dfsg1-5ubuntu3 Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. If it turn
[Touch-packages] [Bug 2064411] [NEW] Merge krb5 from Debian unstable for oracular
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 1.20.1-6 Ubuntu: 1.20.1-6ubuntu2 There is nothing yet to merge for krb5 currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### krb5 (1.20.1-6) unstable; urgency=medium * Fix up libverto1*->libverto1*t64, Closes: #1065702 -- Sam Hartman Sun, 10 Mar 2024 19:36:33 -0600 krb5 (1.20.1-5.1) unstable; urgency=medium * Non-maintainer upload. * Rename libraries for 64-bit time_t transition. Closes: #1064164 -- Lukas Märdian Wed, 28 Feb 2024 15:25:37 + krb5 (1.20.1-5) unstable; urgency=medium [ Helmut Grohne ] * Annotate test dependencies . (Closes: #1054461) [ Sam Hartman ] * Fix keyutils to be linux-any -- Helmut Grohne Tue, 24 Oct 2023 07:17:27 +0200 krb5 (1.20.1-4) unstable; urgency=low [ Steve Langasek ] * libkrb5support0: require strict binary dependency to deal with glibc 2.38, Closes: #1043184 [Jelmer Vernooij] * krb5-user: Use alternatives for kinit, klist, kswitch, ksu, kpasswd, kdestroy, kadmin and ktutil. This allows installation together with heimdal-clients. Closes: #213316, #751203 [ Sam Hartman ] * Enable build-time tests, Thanks Andreas Hasenack, Closes: #1017763 * Work around doxygen change that breaks doc build, Thanks Greg Hudson, Closes: #1051523 -- Sam Hartman Mon, 11 Sep 2023 11:06:57 -0600 krb5 (1.20.1-3) unstable; urgency=high * Fixes CVE-2023-36054: a remote authenticated attacker can cause kadmind to free an uninitialized pointer. Upstream believes remote code execusion is unlikely, Closes: #1043431 -- Sam Hartman Mon, 14 Aug 2023 14:06:53 -0600 krb5 (1.20.1-2) unstable; urgency=medium * Tighten dependencies on libkrb5support0. This means that the entire upgrade from bullseye to bookworm needs to be lockstep, but it appears that's what is required, Closes: #1036055 -- Sam Hartman Mon, 15 May 2023 17:44:41 -0600 krb5 (1.20.1-1) unstable; urgency=high [ Bastian Germann ] * Sync debian/copyright with NOTICE from upstream [ Debian Janitor ] * Trim trailing whitespace. * Strip unusual field spacing from debian/control. * Use secure URI in Homepage field. * Merge upstream signing key files. * Update renamed lintian tag names in lintian overrides. * Update standards version to 4.6.1, no changes needed. * Remove field Section on binary package krb5-gss-samples that duplicates source. * Fix field name cases in debian/control (VCS-Browser => Vcs-Browser, VCS-Git => Vcs-Git). [ Sam Hartman ] * New upstream release - Integer overflows in PAC parsing; potentially critical for 32-bit KDCs or when cross-realm acts maliciously; DOS in other conditions; CVE-2022-42898, Closes: #1024267 * Tighten version dependencies around crypto library, Closes: 1020424 * krb5-user reccomends rather than Depends on krb5-config. This avoids a hard dependency on bind9-host, but also supports cases where krb5-config is externally managed, Closes: #1005821 -- Sam Hartman Thu, 17 Nov 2022 10:34:28 -0700 krb5 (1.20-1) unstable; urgency=medium * New Upstream Version * Do not specify master key type to avoid weak crypto, Closes: #1009927 -- Sam Hartman Fri, 22 Jul 2022 16:32:38 -0600 krb5 (1.20~beta1-1) experimental; urgency=medium * New Upstream version -- Sam Hartman Thu, 07 Apr 2022 11:57:27 -0600 krb5 (1.19.2-2) unstable; urgency=medium ### Old Ubuntu Delta ### krb5 (1.20.1-6ubuntu2) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek Sun, 31 Mar 2024 07:42:10 + krb5 (1.20.1-6ubuntu1) noble; urgency=medium * Fix tests with Python 3.12. -- Matthias Klose Sun, 24 Mar 2024 12:51:41 +0100 ** Affects: krb5 (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in: krb5 (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/2064411 Title: Merge krb5 from Debian unstable for oracular Status in krb5 package in Ubuntu: Incomplete Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1.20.1-6 Ubuntu: 1.20.1-6ubuntu2 There is nothing yet to merge for krb5 currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the ta
[Touch-packages] [Bug 2064420] [NEW] Merge libseccomp from Debian unstable for oracular
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 2.5.5-1 Ubuntu: 2.5.5-1ubuntu3 NOT SERVER TEAM has maintained this package's merge in the past. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38 ### Old Ubuntu Delta ### libseccomp (2.5.5-1ubuntu3) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek Sun, 31 Mar 2024 07:58:07 + libseccomp (2.5.5-1ubuntu2) noble; urgency=medium * No-change rebuild to build with python3.12 only. -- Matthias Klose Sat, 16 Mar 2024 23:14:35 +0100 libseccomp (2.5.5-1ubuntu1) noble; urgency=medium * Merge from Debian unstable; remaining changes: - Add autopkgtests * Added changes: - d/t/test-filter: generate syscalls list from src/syscalls.csv rather than shipping a static list to ensure all get tested via autopkgtests * Dropped changes: - d/t/data/all-5.16-rc1.filter: remove static syscall list -- Alex Murray Fri, 02 Feb 2024 13:30:43 +1030 ** Affects: libseccomp (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in: libseccomp (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/2064420 Title: Merge libseccomp from Debian unstable for oracular Status in libseccomp package in Ubuntu: Incomplete Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 2.5.5-1 Ubuntu: 2.5.5-1ubuntu3 NOT SERVER TEAM has maintained this package's merge in the past. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38 ### Old Ubuntu Delta ### libseccomp (2.5.5-1ubuntu3) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek Sun, 31 Mar 2024 07:58:07 + libseccomp (2.5.5-1ubuntu2) noble; urgency=medium * No-change rebuild to build with python3.12 only. -- Matthias Klose Sat, 16 Mar 2024 23:14:35 +0100 libseccomp (2.5.5-1ubuntu1) noble; urgency=medium * Merge from Debian unstable; remaining changes: - Add autopkgtests * Added changes: - d/t/test-filter: generate syscalls list from src/syscalls.csv rather than shipping a static list to ensure all get tested via autopkgtests * Dropped changes: - d/t/data/all-5.16-rc1.filter: remove static syscall list -- Alex Murray Fri, 02 Feb 2024 13:30:43 +1030 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/2064420/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2064391] [NEW] Merge bridge-utils from Debian unstable for oracular
Public bug reported: A merge of bridge-utils appears to be available presently. Upstream: tbd Debian: 1.7.1-2 Ubuntu: 1.7.1-1ubuntu2 If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### bridge-utils (1.7.1-2) unstable; urgency=low [ Debian Janitor ] * Trim trailing whitespace. * Update standards version to 4.6.2, no changes needed. [ Chris Hofstaedtler ] * Install files into /usr instead of /. (Closes: #1059394) -- Santiago García Mantiñán Fri, 01 Mar 2024 23:09:33 +0100 bridge-utils (1.7.1-1) unstable; urgency=low * New upstream version. Only some fixes for compilation warnings and the man page. * Update standards version to 4.6.1, no changes needed. * Set debhelper-compat version in Build-Depends. * Trim trailing whitespace. -- Santiago García Mantiñán Wed, 25 Jan 2023 22:11:52 +0100 bridge-utils (1.7-2) unstable; urgency=medium * Add BRIDGE_DISABLE_LINKLOCAL_IPV6_ALSO_PHYS to /etc/default/bridge-utils to stop disabling IPv6 on physical interfaces of vlan ports if set to no. Closes: #989162. * Update interfaces man page, IPv6 works with STP on after DAD was fixed. Closes: #980507. * Treat vlan ports the same as ifupdown, avoid octal vlans. Closes: #995627. * Update NEWS file to fix us blaming the kernel for the MAC address selection that is really overridden by systemd. -- Santiago García Mantiñán Mon, 03 Oct 2022 23:11:46 +0200 bridge-utils (1.7-1) unstable; urgency=medium * New upstream version. Only messages related changes and compilation fixes. * Remove preserve_gcc_flags patch (in upstream now). * Bump standards, no change needed. * Clarify portprio and fix example. * Update upstream url. * Fix NEWS versioning of last entry :-? -- Santiago Garcia Mantinan Wed, 24 Feb 2021 12:34:03 +0100 bridge-utils (1.6-6) unstable; urgency=medium * Fix IPv6 address getting assigned on hotplug devices. Closes: #980752. * Fix waiting so that DAD works again. Closes: #982943. * Move mac setting before brctl addif to ensure mac setting. Closes: #980856. * Update documentation and add examples. Closes: #765098. * Update manpages. Closes: #981253. * Add a note on MTU settings. Closes: #292088. * Hook also on down to recreate the bridge so that multiple stanzas work Ok on ifdown. Closes: #319832. -- Santiago Garcia Mantinan Tue, 16 Feb 2021 13:29:04 +0100 bridge-utils (1.6-5) unstable; urgency=low * Overload bridge_hw to allow do specify an interface as well as the MAC address. Closes: #966244. * Change man page for bridge-utils-interfaces and news fileto document this overloading. -- Santiago Garcia Mantinan Fri, 22 Jan 2021 11:08:47 +0100 bridge-utils (1.6-4) unstable; urgency=low * Add en* to the device regex so that all catches them. Closes: #966319. * Document MAC address changes on news. Closes: #980505. -- Santiago Garcia Mantinan Thu, 21 Jan 2021 10:51:31 +0100 bridge-utils (1.6-3) unstable; urgency=medium * Support VLAN aware setups where we need vlan filtering. Thanks Benedikt Spranger for the patch. Closes: #950879. * Clarify on manual page that stp will get IPv6 lost. Closes: #736336. * Add a 1 second sleep if hw address needs to be changed. Closes: #945466. -- Santiago Garcia Mantinan Thu, 30 Apr 2020 10:06:38 +0200 bridge-utils (1.6-2) unstable; urgency=medium * Bump Standards-Version. * Preserve gcc flags set when building the lib. -- Santiago Garcia Mantinan Mon, 28 Jan 2019 00:25:14 +0100 bridge-utils (1.6-1) unstable; urgency=low * New upstream version. * Change default back to not hotplug. Closes: #892277. * Allow mtu to be set on the bridge by propagating it to the bridged interfaces. Closes: #661711. * Remove kernel headers from the package. ### Old Ubuntu Delta ### bridge-utils (1.7.1-1ubuntu2) noble; urgency=high * No change rebuild for 64-bit time_t and frame pointers. -- Julian Andres Klode Mon, 08 Apr 2024 17:54:51 +0200 bridge-utils (1.7.1-1ubuntu1) lunar; urgency=medium * Merge from Debian unstable, remaining changes: - Don't call ifup from bridge-network-interface, instead just call brctl and let udev/upstart bring the interface up. - debian/ifupdown.sh: Handle bridge params which use port and value - debian/bridge-utils-interface.5: + Update unsettable gcint value for newer kernels * Dropped changes, no longer applicable: - debian/bridge-utils-interface.5: + Update max, default value for path cost -- Graham Inggs Thu, 23 Feb 2023 15:07:42 + ** Affects: bridge-utils (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-ve
[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.
** Tags removed: server-todo ** Tags removed: regression-update -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2055776 Title: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Status in dnsmasq package in Ubuntu: Invalid Bug description: phenomenon: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Cause: This is because the following dnsmasq update operation performed by apt's automatic update causes an error. It worked properly with dnsmasq 2.80, but does not work properly with 2.90. $ cat /var/log/apt/history.log (snip) Start-Date: 2024-02-27 06:17:31 Commandline: /usr/bin/unattended-upgrade Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1) End-Date: 2024-02-27 06:17:44 (snip) $ Cause details: As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below is an example. $ cat default.conf ##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE ##OVERWRITTEN AND LOST. Changes to this configuration should be made using: ##virsh net-edit default ## or other application using the libvirt API. ## ## dnsmasq conf file created by libvirt strict-order user=libvirt-dnsmasq pid-file=/run/libvirt/network/default.pid except-interface=lo bind-dynamic interface=virbr0 dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0 dhcp-no-override dhcp-authoritative dhcp-lease-max=253 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts $ When starting the network with KVM (virsh net-start), dnsmasq started from KVM executes the make_sock function twice as shown below. $ cat network.c (snip) 1087 static struct listener *create_listeners(union mysockaddr *addr, int do_ 1087 tftp, int dienow) 1088 { 1089 struct listener *l = NULL; 1090 int fd = -1, tcpfd = -1, tftpfd = -1; 1091 1092 (void)do_tftp; 1093 1094 if (daemon->port != 0) 1095 { 1096 fd = make_sock(addr, SOCK_DGRAM, dienow); 1097 tcpfd = make_sock(addr, SOCK_STREAM, dienow); 1098 } (snip) The following code causes an issue with the update made in dnsmasq 2.90. $ cat network.c (snip) 895 static int make_sock(union mysockaddr *addr, int type, int dienow) 896 { (snip) 934 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) 935 { 936 if (dienow) 937 die(s, daemon->addrbuff, EC_BADNET); 938 else 939 my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno))939 ; 940 } (snip) function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24, and then make_sock in network.c:1097 tries to bind to the same address. However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so dnsmasq does not cause a startup error. As a result, virsh net-start fails. As a temporary workaround, it will work if you try not to die. $ diff -u network_c_back network.c --- network_c_back 2024-02-29 15:36:05.156467935 + +++ network.c 2024-02-29 15:36:38.733324350 + @@ -934,7 +934,8 @@ if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) { if (dienow) - die(s, daemon->addrbuff, EC_BADNET); + my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); + //die(s, daemon->addrbuff, EC_BADNET); else my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); } $ If bind-dynamic is set, it should be modified so that it works even if errno==98. For reference, in the case of dnsmasq 2.80, the code is as follows, so no error occurs. network.c 699 static int make_sock(union mysockaddr *addr, int type, int dienow) 700 { 701 int family = addr->sa.sa_family; 702 int fd, rc, opt = 1; (snip) 715 err: 716 errsave = errno; 717 port = prettyprint_addr(addr, daemon->addrbuff); 718 if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND)) 719 sprintf(daemon->addrbuff, "port %d", port); 720 s = _("failed to create listening socket for %s: %s"); 721 722 if (fd != -1) 723 close (fd); 724 725 errno = errsave; 726 727 if (dienow) 728 { 729 /* failure to bind addresses given by --listen-address at this 729 point 730 is OK if we're doing bind-dynamic */ 731 if (!option_bool(OPT_CLEVERBIND)) 732
[Touch-packages] [Bug 1965328] Re: transient scope could not be started error in bionic lxd container
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1965328 Title: transient scope could not be started error in bionic lxd container Status in snapd: New Status in systemd package in Ubuntu: Invalid Status in systemd source package in Bionic: New Bug description: On my impish development host machine I tend to use lxd containers to support snap building and other tasks targeting different releases. Today I came to use a bionic container as per usual and found that I could not invoke any snap applications. I installed hello-world as the most simple test of running a snap app: ``` ubuntu@b:~$ hello-world internal error, please report: running "hello-world" failed: transient scope could not be started, job /org/freedesktop/systemd1/job/44 finished with result failed ``` I made sure the container had up to date packages in it (apt & snaps) and rebooted it. But the problem persisted. I then created a second container and installed hello-world in it and again the problem was reproducible. At the time of producing the following attachments I had not attempted to reboot the host. To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1965328/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.
** Changed in: dnsmasq (Ubuntu) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) ** Tags removed: server-triage-discuss ** Tags added: server-todo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2055776 Title: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Status in dnsmasq package in Ubuntu: Confirmed Bug description: phenomenon: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Cause: This is because the following dnsmasq update operation performed by apt's automatic update causes an error. It worked properly with dnsmasq 2.80, but does not work properly with 2.90. $ cat /var/log/apt/history.log (snip) Start-Date: 2024-02-27 06:17:31 Commandline: /usr/bin/unattended-upgrade Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1) End-Date: 2024-02-27 06:17:44 (snip) $ Cause details: As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below is an example. $ cat default.conf ##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE ##OVERWRITTEN AND LOST. Changes to this configuration should be made using: ##virsh net-edit default ## or other application using the libvirt API. ## ## dnsmasq conf file created by libvirt strict-order user=libvirt-dnsmasq pid-file=/run/libvirt/network/default.pid except-interface=lo bind-dynamic interface=virbr0 dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0 dhcp-no-override dhcp-authoritative dhcp-lease-max=253 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts $ When starting the network with KVM (virsh net-start), dnsmasq started from KVM executes the make_sock function twice as shown below. $ cat network.c (snip) 1087 static struct listener *create_listeners(union mysockaddr *addr, int do_ 1087 tftp, int dienow) 1088 { 1089 struct listener *l = NULL; 1090 int fd = -1, tcpfd = -1, tftpfd = -1; 1091 1092 (void)do_tftp; 1093 1094 if (daemon->port != 0) 1095 { 1096 fd = make_sock(addr, SOCK_DGRAM, dienow); 1097 tcpfd = make_sock(addr, SOCK_STREAM, dienow); 1098 } (snip) The following code causes an issue with the update made in dnsmasq 2.90. $ cat network.c (snip) 895 static int make_sock(union mysockaddr *addr, int type, int dienow) 896 { (snip) 934 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) 935 { 936 if (dienow) 937 die(s, daemon->addrbuff, EC_BADNET); 938 else 939 my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno))939 ; 940 } (snip) function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24, and then make_sock in network.c:1097 tries to bind to the same address. However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so dnsmasq does not cause a startup error. As a result, virsh net-start fails. As a temporary workaround, it will work if you try not to die. $ diff -u network_c_back network.c --- network_c_back 2024-02-29 15:36:05.156467935 + +++ network.c 2024-02-29 15:36:38.733324350 + @@ -934,7 +934,8 @@ if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) { if (dienow) - die(s, daemon->addrbuff, EC_BADNET); + my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); + //die(s, daemon->addrbuff, EC_BADNET); else my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); } $ If bind-dynamic is set, it should be modified so that it works even if errno==98. For reference, in the case of dnsmasq 2.80, the code is as follows, so no error occurs. network.c 699 static int make_sock(union mysockaddr *addr, int type, int dienow) 700 { 701 int family = addr->sa.sa_family; 702 int fd, rc, opt = 1; (snip) 715 err: 716 errsave = errno; 717 port = prettyprint_addr(addr, daemon->addrbuff); 718 if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND)) 719 sprintf(daemon->addrbuff, "port %d", port); 720 s = _("failed to create listening socket for %s: %s"); 721 722 if (fd != -1) 723 close (fd); 724 725 errno = errsave; 726 727 if (dienow) 728 { 729 /* failure to bind addresses given by --listen-address at this 729 point 730
[Touch-packages] [Bug 2053146] Re: openssh 8.9p1 for Jammy auth2-gss patch for gssapi-keyex method is slightly wrong
** Changed in: openssh (Ubuntu) Assignee: (unassigned) => Andreas Hasenack (ahasenack) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2053146 Title: openssh 8.9p1 for Jammy auth2-gss patch for gssapi-keyex method is slightly wrong Status in openssh package in Ubuntu: Incomplete Bug description: The Authmethod struct now have 4 entries but the initialization of the method_gsskeyex in the debian/patches/gssapi.patch only have 3 entries. The struct was changed in upstream commit dbb339f015c33d63484261d140c84ad875a9e548 as === @@ -104,7 +104,8 @@ struct Authctxt { struct Authmethod { char*name; - int (*userauth)(struct ssh *); + char*synonym; + int (*userauth)(struct ssh *, const char *); int *enabled; }; === The incorrect code does === +Authmethod method_gsskeyex = { + "gssapi-keyex", + userauth_gsskeyex, + &options.gss_authentication +}; === but should have a NULL between the "gssapi-keyex" string and userauth_gsskeyex This is now (change from Focal) causing gssapi-keyex to be disabled. === lsb_release -rd Description: Ubuntu 22.04.3 LTS Release: 22.04 === apt-cache policy openssh-server openssh-server: Installed: 1:8.9p1-3ubuntu0.6 Candidate: 1:8.9p1-3ubuntu0.6 Version table: *** 1:8.9p1-3ubuntu0.6 500 500 http://faiserver.hpc2n.umu.se/mirrors/ubuntu/ubuntu jammy-updates/main amd64 Packages 500 http://faiserver.hpc2n.umu.se/mirrors/ubuntu/ubuntu jammy-security/main amd64 Packages 100 /var/lib/dpkg/status 1:8.9p1-3 500 500 http://faiserver.hpc2n.umu.se/mirrors/ubuntu/ubuntu jammy/main amd64 Packages === To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2053146/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2040389] Re: Sync libmnl from Debian unstable for noble
** Changed in: libmnl (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libmnl in Ubuntu. https://bugs.launchpad.net/bugs/2040389 Title: Sync libmnl from Debian unstable for noble Status in libmnl package in Ubuntu: Fix Released Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1.0.5.2 Ubuntu: 1.0.4-3ubuntu1 There is nothing yet to merge for libmnl currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libmnl (1.0.4-3ubuntu1) kinetic; urgency=medium * Static build does not work for libmnl (-lmnl) (LP: #1971523) -- Michal Maloszewski Thu, 21 Jul 2022 14:02:16 +0200 libmnl (1.0.4-3build2) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 +0100 libmnl (1.0.4-3build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmnl/+bug/2040389/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2045570] Re: dnsmasq crash when no servers in resolv.conf
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2045570 Title: dnsmasq crash when no servers in resolv.conf Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: Fix Committed Bug description: [ Impact ] dnsmasq "keeps an eye" on /etc/resolv.conf, and reloads it whenever the file is updated. When that happens and for some reason there were no "nameserver" declarations in the updated file, dnsmasq can crash. Here is a log of a reproducer: $ dig +short @127.0.0.1 ubuntu.com ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached We can see the startup, then when resolv.conf is read again and no nameservers were found, and the crash: Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: started, version 2.86 cachesize 150 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: DNS service limited to local subnets Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify dumpfile Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: reading /etc/resolv.conf Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: using nameserver 10.0.100.1#53 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: read /etc/hosts - 7 addresses Jan 03 13:57:13 j-dnsmasq-2045570 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Jan 03 13:58:01 j-dnsmasq-2045570 dnsmasq[1507]: no servers found in /etc/resolv.conf, will retry Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. dnsmasq has provisions for this situation, we can see that in the 13:58:01 message where it says it will retry, but due to this bug, it crashes instead. The problem was introduced[1] in version 2.86, and fixed in 2.87, so only jammy is affected. 1. https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=d290630d31f4517ab26392d00753d1397f9a4114;hp=d2ad5dc073aaacaf22b117f16106282a73586803 The commit message says: """ This problem was introduced in 2.86. """ And indeed, I wasn't able to crash 2.80 shipped in focal. [ Test Plan ] It might take a few tries to reproduce the bug, but here is the general outline. Also keep in mind that it's important to use a DNS name that isn't cached already by a previous query. # Create a jammy lxd container lxc launch ubuntu-daily:jammy j-dnsmasq-2045570 # Enter the container lxc shell j-dnsmasq-2045570 # From now on, all commands should be executed in the container. # Install dnsmasq, and disable systemd-resolved apt update && apt install -y dnsmasq # Disable systemd-resolved, and start dnsmasq systemctl disable --now systemd-resolved systemctl enable --now dnsmasq # In one terminal inside the container, watch the dnsmasq logs: journalctl -u dnsmasq.service -f # In another terminal, remove /etc/resolv.conf and create a new one, empty rm /etc/resolv.conf echo "nameserver 1.1.1.1" > /etc/resolv.conf # restart dnsmasq systemctl restart dnsmasq.service # Perform a dns query dig @127.0.0.1 +short linux.com # Comment the namserver directive in resolv.conf echo "#nameserver 1.1.1.1" > /etc/resolv.conf # Observe in the dnsmasq logs that it notices the change with a message like: Jan 03 14:14:51 j-dnsmasq-2045570 dnsmasq[2274]: no servers found in /etc/resolv.conf, will retry # Perform a *different* DNS query dig @127.0.0.1 +short ubuntu.com # Observe in the dnsmasq logs that it crashes. Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. If it doesn't crash right away, repeat these steps a few times, but using a different domain name each time: - add "nameserver 127.0.0.1" to /etc/resolv.conf - observe that dnsmasq notices the change to the file - perform a query for some random domain using "dig @127.0.0.1 +short " - remove "nameserver" from /etc/resolv.conf, observe that dnsmasq noticed the change - perform a query for another random domain The fixed version from proposed will not crash. That last query with no "nameserver" lines in resolv.conf won't work, but it won't crash the server. [ Where problems could occur ] This is doing some pointer/memory manipulation that could introduce memory leaks or other crashes. In fact, t
[Touch-packages] [Bug 2042587] Re: jammy's version breaks existing dhcp scripts with relay
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2042587 Title: jammy's version breaks existing dhcp scripts with relay Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: Fix Committed Bug description: [ Impact ] When upgrading from focal to jammy, existing dnsmasq dhcp-scripts stopped working in an environment where a DHCP relay is in use. Instead of the expected client IP address, the script gets the _relay_ IP address as an argument. This was fixed in 2.87, therefore making only jammy carry an affected package. [ Test Plan ] To easily test this on a single machine, a test script is being provided to setup networking and dnsmasq configuration. # Launch a jammy VM lxc launch ubuntu-daily:jammy j-dnsmasq-2042587 --vm # open a root shell in that VM. All subsequent commands must be executed as root in that VM lxc shell j-dnsmasq-2042587 # download test script wget https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2042587/+attachment/5738174/+files/setup- and-server.sh # make it executable chmod +x setup-and-server.sh # install dnsmasq. Ignore the postinst error (because systemd-resolved is also running and there is a port conflict) apt update && apt install dnsmasq -y # run the setup script. It will configure things and start dnsmasq ready to be tested ./setup-and-server.sh # in another root session inside the vm (so run "lxc shell j-dnsmasq-2042587" in another terminal), run the proposed commands from the setup script (and press ctrl-c after the result is shown): No DHCP relay: ip netns exec client dhclient -d -v p2 The setup script should log an IP that is not a relay. For example: dnsmasq-dhcp: DHCPDISCOVER(p1) aa:a0:9d:00:5b:d6 dnsmasq-dhcp: DHCPOFFER(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 dnsmasq-dhcp: DHCPACK(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 j-dnsmasq-2042587 ### IP = 192.168.47.150 ### With DHCP relay set to 192.168.47.9, IP should NOT be that address: ip netns exec client dhclient -d -v p2 -g 192.168.47.9 With the affected dnsmasq package, we will see an error: dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 dnsmasq-dhcp: DHCPACK(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 j-dnsmasq-2042587 ### IP = 192.168.47.9 TEST FAILED ### The error is that the obtained IP is that of the dhcp relay (provided via the -g option). With the fixed dnsmasq package, "TEST FAILED" must not appear, and the IP should not be that of the provided dhcp relay. [ Where problems could occur ] If the fix is incorrect, it would mean the dhcp-script would get an incorrect IP again, or perhaps we could have crashes in dnsmasq when dealing with buffers and pointers if the dhcp-script option is in use. This fix was committed upstream a few months after the bug was introduced, so it took a while to be noticed. [ Other Info ] Not at this time. [ Original description ] When upgrading from focal to jammy, existing dnsmasq dhcp-scripts stopped working in an environment where a DHCP relay is in use. Instead of the expected client IP address, the script gets the _relay_ IP address as an argument. From dnsmasq documentation for --dhcp- script: > The arguments to the process are "add", "old" or "del", the MAC address of the host (or DUID for IPv6) , the IP address, and the hostname, if known. I believe the change has been inadverently made in upstream commit 527c3c7d0d3bb4bf5fad699f10cf0d1a45a54692 (https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blobdiff;f=src/helper.c;h=02340a01c00031db0cc682c8a4a279cfc1db574e;hp=d81de9622e6d484a264496b2cd3638b4e15e9677;hb=527c3c7d0d3bb4bf5fad699f10cf0d1a45a54692;hpb=fcb4dcaf7cc8a86ac2533b933161b6455f75bf8f) as the commit message only speaks about inet_ntoa replacement and not the behavioral change it also introduces (previously the relay address was only set to the environment variable, now it effectively overrides the prevoiusly set client's IP address). dnsmasq 2.86-1.1ubuntu0.3 / Ubuntu 22.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2042587/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2040389] Re: Sync libmnl from Debian unstable for noble
Sync has made it to -proposed libmnl | 1.0.4-3build2 | jammy | source libmnl | 1.0.4-3ubuntu1 | lunar | source libmnl | 1.0.4-3ubuntu1 | mantic | source libmnl | 1.0.4-3ubuntu1 | noble | source libmnl | 1.0.5-2| noble-proposed | source ** Changed in: libmnl (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libmnl in Ubuntu. https://bugs.launchpad.net/bugs/2040389 Title: Sync libmnl from Debian unstable for noble Status in libmnl package in Ubuntu: Fix Committed Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1.0.5.2 Ubuntu: 1.0.4-3ubuntu1 There is nothing yet to merge for libmnl currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libmnl (1.0.4-3ubuntu1) kinetic; urgency=medium * Static build does not work for libmnl (-lmnl) (LP: #1971523) -- Michal Maloszewski Thu, 21 Jul 2022 14:02:16 +0200 libmnl (1.0.4-3build2) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 +0100 libmnl (1.0.4-3build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmnl/+bug/2040389/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2040389] Re: Merge libmnl from Debian unstable for noble
libmnl | 1.0.5-2| sid libmnl | 1.0.4-3ubuntu1 | noble Reopening since a new version is available in Debian ** Changed in: libmnl (Ubuntu) Status: Expired => New ** Description changed: Scheduled-For: Backlog Upstream: tbd - Debian: 1.0.4-3 + Debian: 1.0.5.2 Ubuntu: 1.0.4-3ubuntu1 - There is nothing yet to merge for libmnl currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. - ### Old Ubuntu Delta ### libmnl (1.0.4-3ubuntu1) kinetic; urgency=medium - * Static build does not work for libmnl (-lmnl) (LP: #1971523) + * Static build does not work for libmnl (-lmnl) (LP: #1971523) - -- Michal Maloszewski Thu, 21 Jul + -- Michal Maloszewski Thu, 21 Jul 2022 14:02:16 +0200 libmnl (1.0.4-3build2) jammy; urgency=high - * No change rebuild for ppc64el baseline bump. + * No change rebuild for ppc64el baseline bump. - -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 + -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 +0100 libmnl (1.0.4-3build1) impish; urgency=medium - * No-change rebuild to build packages with zstd compression. + * No-change rebuild to build packages with zstd compression. - -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 + -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 ** Changed in: libmnl (Ubuntu) Milestone: None => ubuntu-24.01 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libmnl in Ubuntu. https://bugs.launchpad.net/bugs/2040389 Title: Merge libmnl from Debian unstable for noble Status in libmnl package in Ubuntu: New Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1.0.5.2 Ubuntu: 1.0.4-3ubuntu1 There is nothing yet to merge for libmnl currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libmnl (1.0.4-3ubuntu1) kinetic; urgency=medium * Static build does not work for libmnl (-lmnl) (LP: #1971523) -- Michal Maloszewski Thu, 21 Jul 2022 14:02:16 +0200 libmnl (1.0.4-3build2) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 +0100 libmnl (1.0.4-3build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmnl/+bug/2040389/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2040385] Re: Merge init-system-helpers from Debian unstable for noble
[Foundations appears to handle this package, and no merge is available yet anyway] ** Changed in: init-system-helpers (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to init-system-helpers in Ubuntu. https://bugs.launchpad.net/bugs/2040385 Title: Merge init-system-helpers from Debian unstable for noble Status in init-system-helpers package in Ubuntu: Invalid Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1.65.2 Ubuntu: 1.65.2ubuntu1 If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### init-system-helpers (1.65.2) unstable; urgency=low * Undo yet another hostile and baseless NMU. -- Luca Boccassi Sun, 18 Sep 2022 02:53:19 +0100 init-system-helpers (1.65.1) unstable; urgency=low * Undo hostile NMU. -- Luca Boccassi Sun, 18 Sep 2022 01:53:32 +0100 init-system-helpers (1.65) unstable; urgency=low * Upload to unstable. -- Luca Boccassi Sat, 17 Sep 2022 21:11:07 +0100 init-system-helpers (1.65~exp2) experimental; urgency=medium * fakechroot tests: skip on architectures where it is not available -- Luca Boccassi Thu, 15 Sep 2022 21:14:08 +0100 init-system-helpers (1.65~exp1) experimental; urgency=medium [ Luca Boccassi ] * Drop outdated conflict with file-rc * Add myself to Uploaders * d/rules: use execute_after instead of override * Add a dependency on usrmerge | usr-is-merged to complete the transition. As per ctte decision and discussion at: https://lists.debian.org/debian-ctte/2022/07/msg00019.html https://lists.debian.org/debian-ctte/2022/07/msg00061.html https://lists.debian.org/debian-ctte/2022/08/msg6.html [ Victor Westerhuis ] * Make deb-systemd-helper work on template units with DefaultInstance. DefaultInstance only influences the meaning of WantedBy/RequiredBy. Alias and Also are not impacted. This patch does not enable changing template instantiations, so `deb-systemd-helper enable getty@tty2.service` will still fail. * Fix tests depending on ordering of lines in state file. The previous commit changes the order in which lines are written to the state file. Because correctness does not depend on the order in which the state file is written, ignore the order in the test. -- Luca Boccassi Sat, 10 Sep 2022 13:27:16 +0100 init-system-helpers (1.64) unstable; urgency=medium * Team upload. * d-s-h: break infinite recursion on symlinks. (Closes: #1014119) * Bump Standards-Version to 4.6.1, no changes * Update date ranges in d/copyright -- Luca Boccassi Mon, 04 Jul 2022 11:19:08 +0100 init-system-helpers (1.63) unstable; urgency=medium [ Debian Janitor ] * Remove constraints unnecessary since buster * init-system-helpers: Drop versioned constraint on perl-base in Depends. * init: Drop versioned constraint on init-system-helpers in Depends. [ Johannes Schauer Marin Rodrigues ] * t/helpers.pm: use installed version of deb-systemd-helper if TEST_INSTALLED is set * add DPKG_ROOT support (Closes: #983421) [ Niels Thykier ] * Add additional error checking on write operations. The `close()` call can fail on both read and write - while the read is usually relatively benign, for the write counter part can include 'fun' errors. Most of these would most likely be persistent issues, but it makes sense to detect errors as early possible. [ Ville Skyttä ] * service: use `grep -F` instead of `egrep` `egrep` and `fgrep` have been deprecated in GNU grep since 2007, and in current post 3.7 Git they have been made to emit obsolescence warnings. The occurrence in `service` uses a non-regex argument, so switch to `grep -F` instead of `-E`. -- Michael Biebl Mon, 23 May 2022 22:48:30 +0200 init-system-helpers (1.62) unstable; urgency=medium * Team upload. [ Johannes Schauer Marin Rodrigues ] * use fakechroot instead of unsharing the mount namespace and mounting tmpfs [ Luca Boccassi ] * deb-systemd-invoke: systemctl --machine @ is now available in v249.10. Adjust the version check accordingly * Skip build-time tests if DEB_BUILD_OPTIONS=nocheck is set * Fix typos found by Lintian * Set Rules-Requires-Root: no ### Old Ubuntu Delta ### init-system-helpers (1.65.2ubuntu1) mantic; urgency=medium * Drop dependency on usrmerge; this transition is long completed in Ubuntu. LP: #2027712. -- Steve Langasek Mon, 17 Jul 2023 08:32:00 -0700 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/init-system-helpers/+bug/2040385/+subscriptions -- M
[Touch-packages] [Bug 2039873] Re: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic
[Unsubscribing sponsors pending resolution of Robie's request] -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/2039873 Title: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic Status in lxc package in Ubuntu: Confirmed Bug description: [ Impact ] LXC 5.0.0 was built with LXC_DEVEL=1 set for Jammy. But for release build we should have LXC_DEVEL=0. LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h and then can be (and actually it is) used by other projects to detect if liblxc-dev is a development build or stable. Having LXC_DEVEL=1 makes problems for the users who want to build projects those are depend on liblxc from source (for example, LXD, go-lxc: https://github.com/canonical/lxd/pull/12420). Q: Why it was not a problem for so long? A: Because LXC API was stable for a long time, but recently we have extended liblxc API (https://github.com/lxc/lxc/pull/4260) and dependant package go-lxc was updated too (https://github.com/lxc/go-lxc/pull/166). This change was developed properly to be backward compatible with the old versions of liblxc. But, there is a problem. If LXC_DEVEL=1 then the macro check VERSION_AT_LEAST (https://github.com/lxc/go-lxc/blob/ccae595aa49e779f7ecc9250329967aa546acd31/lxc-binding.h#L7) is disabled. That's why we should *not* have LXC_DEVEL=1 for *any* release build of LXC. [ Test Plan ] Install liblxc-dev package and check /usr/include/lxc/version.h file LXC_DEVEL should be 0 [ Where problems could occur ] Theoretically, build of a software which depends on liblxc-dev may start to fail if it assumes that LXC_DEVEL is 1. [ Other Info ] - To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2025339] Re: FDE image fails to run e2fsck
** Also affects: e2fsprogs (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031622 Importance: Unknown Status: Unknown ** Changed in: e2fsprogs (Ubuntu Lunar) Status: Confirmed => In Progress ** Changed in: e2fsprogs (Ubuntu Lunar) Assignee: (unassigned) => Paul Mars (upils) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to e2fsprogs in Ubuntu. https://bugs.launchpad.net/bugs/2025339 Title: FDE image fails to run e2fsck Status in e2fsprogs package in Ubuntu: Fix Released Status in e2fsprogs source package in Jammy: Confirmed Status in e2fsprogs source package in Lunar: In Progress Status in e2fsprogs package in Debian: Unknown Bug description: After installation of the FDE image, the system fails to boot due to e2fsck failing with: Jun 21 12:48:19 ubuntu systemd-fsck[268]: /dev/vda2 has unsupported feature(s): FEATURE_C12 this means that Jammy fsck fails against mantic created ext4 which is not great Seems this is orphan_file feature / orphan_present Also need to check if grub2 supports this as it is RO_INCOMPAT feature. [Impact] See LP: #2028564. Generating a filesystem on lunar with e2fsprogs will use the orphan_file feature. This will prevent a jammy (or older) based OS from modifying this filesystem (in particular resize it at first boot). [ Test Plan ] On lunar, generate a filesystem and check the orphan_file feature is enabled: $ dd if=/dev/zero of=test.img bs=100M count=1 $ mkfs.ext4 test.img $ # Then check the orphan_file feature is enabled $ dumpe2fs test.img | grep orphan Move this .img file to a jammy based machine, and try using resize2fs on it: $ resize2fs -d -f -M test.img resize2fs 1.46.5 (30-Dec-2021) resize2fs: Filesystem has unsupported feature(s) (test.img) [Where problems could occur] Some users on Lunar may currently rely on this feature to be enabled by default. This can still be enabled explicitly when calling mkfs.ext4 but the default behavior will be changed. The orphan_file feature aims at improving performances when dealing with deleted files or directories. So if we disable this by default, I think it should only impact performances of generated filesystems and probably not break anything else. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/e2fsprogs/+bug/2025339/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2025339] Re: FDE image fails to run e2fsck
** Merge proposal linked: https://code.launchpad.net/~upils/ubuntu/+source/e2fsprogs/+git/e2fsprogs/+merge/454796 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to e2fsprogs in Ubuntu. https://bugs.launchpad.net/bugs/2025339 Title: FDE image fails to run e2fsck Status in e2fsprogs package in Ubuntu: Fix Released Status in e2fsprogs source package in Jammy: Confirmed Status in e2fsprogs source package in Lunar: Confirmed Bug description: After installation of the FDE image, the system fails to boot due to e2fsck failing with: Jun 21 12:48:19 ubuntu systemd-fsck[268]: /dev/vda2 has unsupported feature(s): FEATURE_C12 this means that Jammy fsck fails against mantic created ext4 which is not great Seems this is orphan_file feature / orphan_present Also need to check if grub2 supports this as it is RO_INCOMPAT feature. [Impact] See LP: #2028564. Generating a filesystem on lunar with e2fsprogs will use the orphan_file feature. This will prevent a jammy (or older) based OS from modifying this filesystem (in particular resize it at first boot). [ Test Plan ] On lunar, generate a filesystem and check the orphan_file feature is enabled: $ dd if=/dev/zero of=test.img bs=100M count=1 $ mkfs.ext4 test.img $ # Then check the orphan_file feature is enabled $ dumpe2fs test.img | grep orphan Move this .img file to a jammy based machine, and try using resize2fs on it: $ resize2fs -d -f -M test.img resize2fs 1.46.5 (30-Dec-2021) resize2fs: Filesystem has unsupported feature(s) (test.img) [Where problems could occur] Some users on Lunar may currently rely on this feature to be enabled by default. This can still be enabled explicitly when calling mkfs.ext4 but the default behavior will be changed. The orphan_file feature aims at improving performances when dealing with deleted files or directories. So if we disable this by default, I think it should only impact performances of generated filesystems and probably not break anything else. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/e2fsprogs/+bug/2025339/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2018091] Re: Merge net-tools from Debian unstable for mantic
*** This bug is a duplicate of bug 2040403 *** https://bugs.launchpad.net/bugs/2040403 ** This bug has been marked a duplicate of bug 2040403 Merge net-tools from Debian unstable for noble -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to net-tools in Ubuntu. https://bugs.launchpad.net/bugs/2018091 Title: Merge net-tools from Debian unstable for mantic Status in net-tools package in Ubuntu: Incomplete Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 2.10-0.1 Ubuntu: 2.10-0.1ubuntu3 There is nothing yet to merge for net-tools currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### net-tools (2.10-0.1) unstable; urgency=medium * Non-maintainer upload. * Update Martina's name and email address. * Drop DECnet support (Closes: #1024730) * Revert 'Fix d/watch to point to upstream git repository' * New upstream version 2.10 (Closes: #1000281) -- Bastian Germann Fri, 25 Nov 2022 15:15:20 +0100 net-tools (1.60+git20181103.0eebece-1) unstable; urgency=medium * New upstream version 1.60+git20181103.0eebece - Fix nstrcmp() to prevent ifconfig from showing duplicate interfaces. (Closes: #812886) * Fix d/watch to point to upstream git repository * Add patch to fix decoding of MII vendor ids. (Closes: #549397) - Thanks, Ben Hutchings, for the patch. * Add patch to fix Japanese translation which uses a wrong Kanji character. (Closes: #621752) - Thanks, Takeshi Hamasaki, for the patch. * Add patch to fix wrong indentation of 'collisions' in the Japanese translation. (Closes: #653117) - Thanks, NODA, Kai, for the patch. * Fix Uploaders' field. - Add myself as an uploader. - Fix Tina's details. -- Utkarsh Gupta Fri, 02 Oct 2020 15:01:04 +0530 net-tools (1.60+git20180626.aebd88e-1) unstable; urgency=medium * New upstream snapshot * Refresh patches. * Fix typos in German manpages. Thanks to Prof. Dr. Steffen Wendzel and Dr. Tobias Quathamer for the patch. Closes: #900962. -- Martina Ferrari Mon, 24 Sep 2018 19:08:57 + net-tools (1.60+git20161116.90da8a0-4) unstable; urgency=medium * Update maintainer email address. Closes: #899617. * Update Standards-Version with no changes. -- Martina Ferrari Mon, 24 Sep 2018 17:16:31 + net-tools (1.60+git20161116.90da8a0-3) unstable; urgency=medium * debian/control: Update Vcs-* and Standards-Version. * debian/control: remove references to ancient package ja-trans. * debian/gbp.conf: Update repo layout. -- Martina Ferrari Tue, 31 Jul 2018 19:09:00 + net-tools (1.60+git20161116.90da8a0-2) unstable; urgency=medium * Fix typo in French manpage. Thanks to Michel Grigaut for the patch. * Add manpage for iptunnel, thanks to Sergio Durigan Junior. Closes: #88910 * Rename patches so CME does not choke on them. * Automated cme fixes; packaging improvements. * Remove unused and ancient patch. -- Martina Ferrari Sun, 11 Feb 2018 17:29:24 + net-tools (1.60+git20161116.90da8a0-1) unstable; urgency=medium * New upstream snapshot. * Re-synced translations.patch. * Acknowledge NMUs. Thanks a lot to Andrey Rahmatullin for the fixes and uploads. Closes: 846509. * Fix FTCBFS, thanks to Helmut Grohne for the patch. Closes: #811561. + Really assign CC for cross compilation. + Use triplet prefixed pkg-config. * Add debian/NEWS warning about changing output in net-tools commands. Closing bugs that reported problems in 3rd-party scripts arising from these changes. Closes: #845153, #843892, #820212. * Update Standards-Version, with no changes. -- Martina Ferrari Mon, 26 Dec 2016 05:58:42 + net-tools (1.60+git20150829.73cef8a-2.2) unstable; urgency=medium * Non-maintainer upload. * Apply an additional fix for the previous FTBFS for some architectures. -- Andrey Rahmatullin Thu, 01 Dec 2016 22:49:27 +0500 net-tools (1.60+git20150829.73cef8a-2.1) unstable; urgency=medium * Non-maintainer upload. * Fix FTBFS by applying the upstream patch (Closes: #844073). -- Andrey Rahmatullin Sun, 20 Nov 2016 15:23:12 +0500 net-tools (1.60+git20150829.73cef8a-2) unstable; urgency=medium [ Laurent Bigonville ] * Enable SELinux support. Closes: #666204. ### Old Ubuntu Delta ### net-tools (2.10-0.1ubuntu3) lunar; urgency=medium * Further fixes for mismerge. -- Steve Langasek Tue, 13 Dec 2022 13:49:51 -0800 net-tools (2.10-0.1ubuntu2) lunar; urgency=medium * Fix mism
[Touch-packages] [Bug 2040465] [NEW] MRE updates of openldap for noble
Public bug reported: Backport openldap as MRE to noble once the update for noble has been completed. [Impact] TBD [Major Changes] TBD [Test Plan] TBD [Regression Potential] Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations, such as in relation to the versions of dependencies available and other packaging-specific matters. ** Affects: openldap (Ubuntu) Importance: Undecided Status: New ** Affects: openldap (Ubuntu Noble) Importance: Undecided Status: New ** Tags: needs-mre-backport ** Changed in: openldap (Ubuntu) Milestone: None => ubuntu-24.02 ** Also affects: openldap (Ubuntu Noble) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2040465 Title: MRE updates of openldap for noble Status in openldap package in Ubuntu: New Status in openldap source package in Noble: New Bug description: Backport openldap as MRE to noble once the update for noble has been completed. [Impact] TBD [Major Changes] TBD [Test Plan] TBD [Regression Potential] Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations, such as in relation to the versions of dependencies available and other packaging-specific matters. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2040465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2018094] Re: Merge openssh from Debian unstable for mantic
** Changed in: openssh (Ubuntu) Milestone: None => mantic-updates -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2018094 Title: Merge openssh from Debian unstable for mantic Status in openssh package in Ubuntu: Fix Released Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1:9.2p1-2 Ubuntu: 1:9.0p1-1ubuntu8 The foundations team has maintained this package in the past and may be handling this merge. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### openssh (1:9.2p1-2) unstable; urgency=medium * Fix mistakenly-unreleased entry for 1:9.2p1-1 in debian/NEWS. -- Colin Watson Wed, 08 Feb 2023 10:43:07 + openssh (1:9.2p1-1) unstable; urgency=medium * Set 'UsePAM yes' when running regression tests, to match our default sshd configuration. * Ignore Lintian error about depending on lsb-base for now, to avoid problems with partial upgrades on non-default init systems. * New upstream release (https://www.openssh.com/releasenotes.html#9.2p1): - [SECURITY] sshd(8): fix a pre-authentication double-free memory fault introduced in OpenSSH 9.1. This is not believed to be exploitable, and it occurs in the unprivileged pre-auth process that is subject to chroot(2) and is further sandboxed on most major platforms. - [SECURITY] ssh(8): in OpenSSH releases after 8.7, the PermitRemoteOpen option would ignore its first argument unless it was one of the special keywords 'any' or 'none', causing the permission list to fail open if only one permission was specified. - [SECURITY] ssh(1): if the CanonicalizeHostname and CanonicalizePermittedCNAMEs options were enabled, and the system/libc resolver did not check that names in DNS responses were valid, then use of these options could allow an attacker with control of DNS to include invalid characters (possibly including wildcards) in names added to known_hosts files when they were updated. These names would still have to match the CanonicalizePermittedCNAMEs allow-list, so practical exploitation appears unlikely. - ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that controls whether the client-side ~C escape sequence that provides a command-line is available. Among other things, the ~C command-line could be used to add additional port-forwards at runtime. This option defaults to 'no', disabling the ~C command-line that was previously enabled by default. - sshd(8): add support for channel inactivity timeouts via a new sshd_config(5) ChannelTimeout directive. This allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. - sshd(8): add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for a length of time. This complements the ChannelTimeout option above. - sshd(8): add a -V (version) option to sshd like the ssh client has. - ssh(1): add a 'Host' line to the output of ssh -G showing the original hostname argument. bz3343 - scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol parameters: the copy buffer length and the number of in-flight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) only. This makes them available in both SFTP protocol clients using the same option character sequence. - ssh-keyscan(1): allow scanning of complete CIDR address ranges, e.g. 'ssh-keyscan 192.168.0.0/24'. If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. - ssh(1): support dynamic remote port forwarding in escape command-line's -R processing. - ssh(1): when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set. - ssh(1): avoid printf('%s', NULL) if using UserKnownHostsFile=none and a hostkey in one of the system known hosts file changes. - scp(1): switch scp from using pipes to a socket-pair for communication with its ssh sub-processes, matching how sftp(1) operates. - sshd(8): clear signal mask early in main(); sshd may have been started with one or more signals m
[Touch-packages] [Bug 2040391] [NEW] Merge libseccomp from Debian unstable for noble
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 2.5.4-1 Ubuntu: 2.5.4-1ubuntu3 The NOT SERVER TEAM team has maintained this package in the past and may be handling this merge. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libseccomp (2.5.4-1ubuntu3) lunar; urgency=medium * Rebuild to drop Python 3.10 extension -- Jeremy Bicha Tue, 28 Feb 2023 17:23:34 -0500 libseccomp (2.5.4-1ubuntu2) lunar; urgency=medium * No-change rebuild with Python 3.11 as supported -- Graham Inggs Wed, 02 Nov 2022 10:24:36 + libseccomp (2.5.4-1ubuntu1) kinetic; urgency=medium * Merge from Debian unstable; remaining changes: - Add autopkgtests -- Alex Murray Tue, 03 May 2022 11:43:10 +0930 ** Affects: libseccomp (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in: libseccomp (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/2040391 Title: Merge libseccomp from Debian unstable for noble Status in libseccomp package in Ubuntu: Incomplete Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 2.5.4-1 Ubuntu: 2.5.4-1ubuntu3 The NOT SERVER TEAM team has maintained this package in the past and may be handling this merge. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libseccomp (2.5.4-1ubuntu3) lunar; urgency=medium * Rebuild to drop Python 3.10 extension -- Jeremy Bicha Tue, 28 Feb 2023 17:23:34 -0500 libseccomp (2.5.4-1ubuntu2) lunar; urgency=medium * No-change rebuild with Python 3.11 as supported -- Graham Inggs Wed, 02 Nov 2022 10:24:36 + libseccomp (2.5.4-1ubuntu1) kinetic; urgency=medium * Merge from Debian unstable; remaining changes: - Add autopkgtests -- Alex Murray Tue, 03 May 2022 11:43:10 +0930 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/2040391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2040403] [NEW] Merge net-tools from Debian unstable for noble
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 2.10-0.1 Ubuntu: 2.10-0.1ubuntu3 There is nothing yet to merge for net-tools currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### net-tools (2.10-0.1) unstable; urgency=medium * Non-maintainer upload. * Update Martina's name and email address. * Drop DECnet support (Closes: #1024730) * Revert 'Fix d/watch to point to upstream git repository' * New upstream version 2.10 (Closes: #1000281) -- Bastian Germann Fri, 25 Nov 2022 15:15:20 +0100 net-tools (1.60+git20181103.0eebece-1) unstable; urgency=medium * New upstream version 1.60+git20181103.0eebece - Fix nstrcmp() to prevent ifconfig from showing duplicate interfaces. (Closes: #812886) * Fix d/watch to point to upstream git repository * Add patch to fix decoding of MII vendor ids. (Closes: #549397) - Thanks, Ben Hutchings, for the patch. * Add patch to fix Japanese translation which uses a wrong Kanji character. (Closes: #621752) - Thanks, Takeshi Hamasaki, for the patch. * Add patch to fix wrong indentation of 'collisions' in the Japanese translation. (Closes: #653117) - Thanks, NODA, Kai, for the patch. * Fix Uploaders' field. - Add myself as an uploader. - Fix Tina's details. -- Utkarsh Gupta Fri, 02 Oct 2020 15:01:04 +0530 net-tools (1.60+git20180626.aebd88e-1) unstable; urgency=medium * New upstream snapshot * Refresh patches. * Fix typos in German manpages. Thanks to Prof. Dr. Steffen Wendzel and Dr. Tobias Quathamer for the patch. Closes: #900962. -- Martina Ferrari Mon, 24 Sep 2018 19:08:57 + net-tools (1.60+git20161116.90da8a0-4) unstable; urgency=medium * Update maintainer email address. Closes: #899617. * Update Standards-Version with no changes. -- Martina Ferrari Mon, 24 Sep 2018 17:16:31 + net-tools (1.60+git20161116.90da8a0-3) unstable; urgency=medium * debian/control: Update Vcs-* and Standards-Version. * debian/control: remove references to ancient package ja-trans. * debian/gbp.conf: Update repo layout. -- Martina Ferrari Tue, 31 Jul 2018 19:09:00 + net-tools (1.60+git20161116.90da8a0-2) unstable; urgency=medium * Fix typo in French manpage. Thanks to Michel Grigaut for the patch. * Add manpage for iptunnel, thanks to Sergio Durigan Junior. Closes: #88910 * Rename patches so CME does not choke on them. * Automated cme fixes; packaging improvements. * Remove unused and ancient patch. -- Martina Ferrari Sun, 11 Feb 2018 17:29:24 + net-tools (1.60+git20161116.90da8a0-1) unstable; urgency=medium * New upstream snapshot. * Re-synced translations.patch. * Acknowledge NMUs. Thanks a lot to Andrey Rahmatullin for the fixes and uploads. Closes: 846509. * Fix FTCBFS, thanks to Helmut Grohne for the patch. Closes: #811561. + Really assign CC for cross compilation. + Use triplet prefixed pkg-config. * Add debian/NEWS warning about changing output in net-tools commands. Closing bugs that reported problems in 3rd-party scripts arising from these changes. Closes: #845153, #843892, #820212. * Update Standards-Version, with no changes. -- Martina Ferrari Mon, 26 Dec 2016 05:58:42 + net-tools (1.60+git20150829.73cef8a-2.2) unstable; urgency=medium * Non-maintainer upload. * Apply an additional fix for the previous FTBFS for some architectures. -- Andrey Rahmatullin Thu, 01 Dec 2016 22:49:27 +0500 net-tools (1.60+git20150829.73cef8a-2.1) unstable; urgency=medium * Non-maintainer upload. * Fix FTBFS by applying the upstream patch (Closes: #844073). -- Andrey Rahmatullin Sun, 20 Nov 2016 15:23:12 +0500 net-tools (1.60+git20150829.73cef8a-2) unstable; urgency=medium [ Laurent Bigonville ] * Enable SELinux support. Closes: #666204. ### Old Ubuntu Delta ### net-tools (2.10-0.1ubuntu3) lunar; urgency=medium * Further fixes for mismerge. -- Steve Langasek Tue, 13 Dec 2022 13:49:51 -0800 net-tools (2.10-0.1ubuntu2) lunar; urgency=medium * Fix mismerge of Ubuntu units patch. -- Steve Langasek Tue, 13 Dec 2022 13:40:24 -0800 net-tools (2.10-0.1ubuntu1) lunar; urgency=low * Merge from Debian unstable. Remaining changes: - Ubuntu_unit_conversion.patch: + Ubuntu Policy: output using standard SI unit multiples: KB (10^3), MB (10^6), GB (10^9), TB (10^12) and PB (10^15). Includes manpage update to remove comment about IEC units. - Add new DEP8 tests for hostname and ifconfig. -- Steve Langasek Tue, 13 Dec 2022 13:27:00 -0800 ** Affects: net-tools (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in: ne
[Touch-packages] [Bug 2040405] [NEW] Merge openldap from Debian unstable for noble
Public bug reported: Upstream: tbd Debian: 2.5.13+dfsg-52.6.6+dfsg-1~exp2 Ubuntu: 2.6.6+dfsg-1~exp1ubuntu1 Debian new has 2.6.6+dfsg-1~exp2, which may be available for merge soon. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### openldap (2.5.13+dfsg-5) unstable; urgency=medium * Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path. (Closes: #1030814) * Disable flaky test test069-delta-multiprovider-starttls. -- Ryan Tandy Tue, 07 Feb 2023 17:56:12 -0800 openldap (2.5.13+dfsg-4) unstable; urgency=medium [ Andreas Hasenack ] * d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817) * d/t/sha2-contrib: add test for sha2 module -- Ryan Tandy Mon, 06 Feb 2023 19:21:05 -0800 openldap (2.5.13+dfsg-3) unstable; urgency=medium [ Ryan Tandy ] * Disable flaky test test063-delta-multiprovider. Mitigates #1010608. [ Gioele Barabucci ] * slapd.scripts-common: Avoid double-UTF8-encoding org name (Closes: #1016185) * d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style` * d/slapd.postinst: Remove test for ancient version * slapd.scripts-common: Remove unused `normalize_ldif` * d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics` -- Ryan Tandy Fri, 13 Jan 2023 16:29:59 -0800 openldap (2.5.13+dfsg-2) unstable; urgency=medium * d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the autopkgtest failure due to heimdal setting mode 700 on this directory. (Closes: #1020442) * d/source/lintian-overrides: Add wildcards to make overrides compatible with both older and newer versions of lintian. * d/slapd-contrib.lintian-overrides: Remove unused custom-library-search-path override now that krb5-config no longer sets -rpath. -- Ryan Tandy Sat, 24 Sep 2022 12:40:21 -0700 openldap (2.5.13+dfsg-1) unstable; urgency=medium * d/rules: Remove get-orig-source, now unnecessary. * Check PGP signature when running uscan. * d/watch: Modernize watch file; use repacksuffix. * d/copyright: Update according to DEP-5. * d/control: Add myself to Uploaders. * New upstream release. -- Sergio Durigan Junior Sun, 18 Sep 2022 18:29:46 -0400 openldap (2.5.12+dfsg-2) unstable; urgency=medium * Stop slapd explicitly in prerm as a workaround for #1006147, which caused dpkg-reconfigure to not restart the service, so the new configuration was not applied. See also #994204. (Closes: #1010971) -- Ryan Tandy Mon, 23 May 2022 10:14:53 -0700 openldap (2.5.12+dfsg-1) unstable; urgency=medium * New upstream release. - Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155) * Update debconf translations: - German, thanks to Helge Kreutzmann. (Closes: #1007728) - Spanish, thanks to Camaleón. (Closes: #1008529) - Dutch, thanks to Frans Spiesschaert. (Closes: #1010034) -- Ryan Tandy Wed, 04 May 2022 18:00:16 -0700 openldap (2.5.11+dfsg-1) unstable; urgency=medium * Upload to unstable. -- Ryan Tandy Fri, 11 Mar 2022 19:38:02 -0800 openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Add openssl to Build-Depends to enable more checks in test067-tls. * Update slapd-contrib's custom-library-search-path override to work with current Lintian. -- Ryan Tandy Sun, 23 Jan 2022 17:16:05 -0800 openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Update slapd-contrib's custom-library-search-path override to work with Lintian 2.108.0. -- Ryan Tandy Wed, 13 Oct 2021 18:42:55 -0700 openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not ### Old Ubuntu Delta ### openldap (2.6.6+dfsg-1~exp1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2028721). Remaining changes: - Enable AppArmor support: + d/apparmor-profile: add AppArmor profile + d/rules: use dh_apparmor + d/control: Build-Depends on dh-apparmor + d/slapd.README.Debian: add note about AppArmor - Enable ufw support: + d/control: suggest ufw. + d/rules: install ufw profile. + d/slapd.ufw.profile: add ufw profile. - d/{rules,slapd.py}: Add apport hook. - d/rules: better regexp to match the Maintainer tag in d/control, needed in the Ubuntu case because of XSBC-Original-Maintainer (Closes #960448, LP #1875697) - d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in the smbk5pwd DEP8 test (LP #2004560) [ Partially incorporated by Debian. ] -- Sergio Durigan Junior Wed, 02 Aug 2023 19:53:17 -0400 ** Affects: openldap (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-version ** Changed in: ope
[Touch-packages] [Bug 2040406] [NEW] Merge openssh from Debian unstable for noble
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 1:9.4p1-1 Ubuntu: 1:9.3p1-1ubuntu3 The NOT SERVER TEAM team has maintained this package in the past and may be handling this merge. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### openssh (1:9.4p1-1) unstable; urgency=medium * New upstream release (https://www.openssh.com/releasenotes.html#9.4p1): - ssh-agent(1): PKCS#11 modules must now be specified by their full paths. Previously dlopen(3) could search for them in system library directories. - ssh(1): allow forwarding Unix Domain sockets via ssh -W. - ssh(1): add support for configuration tags to ssh(1). This adds a ssh_config(5) 'Tag' directive and corresponding 'Match tag' predicate that may be used to select blocks of configuration similar to the pf.conf(5) keywords of the same name. - ssh(1): add a 'match localnetwork' predicate. This allows matching on the addresses of available network interfaces and may be used to vary the effective client configuration based on network location. - ssh(1), sshd(8), ssh-keygen(1): infrastructure support for KRL extensions. This defines wire formats for optional KRL extensions and implements parsing of the new submessages. No actual extensions are supported at this point. - sshd(8): AuthorizedPrincipalsCommand and AuthorizedKeysCommand now accept two additional %-expansion sequences: %D which expands to the routing domain of the connected session and %C which expands to the addresses and port numbers for the source and destination of the connection. - ssh-keygen(1): increase the default work factor (rounds) for the bcrypt KDF used to derive symmetric encryption keys for passphrase protected key files by 50%. - ssh-agent(1): improve isolation between loaded PKCS#11 modules by running separate ssh-pkcs11-helpers for each loaded provider. - ssh(1): make -f (fork after authentication) work correctly with multiplexed connections, including ControlPersist (closes: #348741). - ssh(1): make ConnectTimeout apply to multiplexing sockets and not just to network connections. - ssh-agent(1), ssh(1): improve defences against invalid PKCS#11 modules being loaded by checking that the requested module contains the required symbol before loading it. - sshd(8): fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand appears before it in sshd_config. Since OpenSSH 8.7 the AuthorizedPrincipalsCommand directive was incorrectly ignored in this situation. - sshd(8), ssh(1), ssh-keygen(1): remove vestigial support for KRL signatures. When the KRL format was originally defined, it included support for signing of KRL objects. However, the code to sign KRLs and verify KRL signatues was never completed in OpenSSH. This release removes the partially-implemented code to verify KRLs. All OpenSSH tools now ignore KRL_SECTION_SIGNATURE sections in KRL files. - All: fix a number of memory leaks and unreachable/harmless integer overflows. - ssh-agent(1), ssh(1): don't truncate strings logged from PKCS#11 modules. - sshd(8), ssh(1): better validate CASignatureAlgorithms in ssh_config and sshd_config. Previously this directive would accept certificate algorithm names, but these were unusable in practice as OpenSSH does not support CA chains. - ssh(1): make `ssh -Q CASignatureAlgorithms` only list signature algorithms that are valid for CA signing. Previous behaviour was to list all signing algorithms, including certificate algorithms. - ssh-keyscan(1): gracefully handle systems where rlimits or the maximum number of open files is larger than INT_MAX. - ssh-keygen(1): fix 'no comment' not showing on when running `ssh-keygen -l` on multiple keys where one has a comment and other following keys do not. bz3580 - scp(1), sftp(1): adjust ftruncate() logic to handle servers that reorder requests. Previously, if the server reordered requests then the resultant file would be erroneously truncated. - ssh(1): don't incorrectly disable hostname canonicalization when CanonicalizeHostname=yes and ProxyJump was explicitly set to 'none'. - scp(1): when copying local->remote, check that the source file exists before opening an SFTP connection to the server (closes: #59255). - sshd(8): provide a replacement for the SELinux matchpathcon() function, which is deprecated. - All: relax libcrypto version checks for OpenSSL >=3 (closes: #1035623). Beyond OpenSSL 3.0, the ABI compatibility guarantees are wider (only the library major must match instead of major and minor in earlier versions)
[Touch-packages] [Bug 2040369] [NEW] Merge bridge-utils from Debian unstable for noble
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 1.7.1-1 Ubuntu: 1.7.1-1ubuntu1 There is nothing yet to merge for bridge-utils currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### bridge-utils (1.7.1-1) unstable; urgency=low * New upstream version. Only some fixes for compilation warnings and the man page. * Update standards version to 4.6.1, no changes needed. * Set debhelper-compat version in Build-Depends. * Trim trailing whitespace. -- Santiago García Mantiñán Wed, 25 Jan 2023 22:11:52 +0100 bridge-utils (1.7-2) unstable; urgency=medium * Add BRIDGE_DISABLE_LINKLOCAL_IPV6_ALSO_PHYS to /etc/default/bridge-utils to stop disabling IPv6 on physical interfaces of vlan ports if set to no. Closes: #989162. * Update interfaces man page, IPv6 works with STP on after DAD was fixed. Closes: #980507. * Treat vlan ports the same as ifupdown, avoid octal vlans. Closes: #995627. * Update NEWS file to fix us blaming the kernel for the MAC address selection that is really overridden by systemd. -- Santiago García Mantiñán Mon, 03 Oct 2022 23:11:46 +0200 bridge-utils (1.7-1) unstable; urgency=medium * New upstream version. Only messages related changes and compilation fixes. * Remove preserve_gcc_flags patch (in upstream now). * Bump standards, no change needed. * Clarify portprio and fix example. * Update upstream url. * Fix NEWS versioning of last entry :-? -- Santiago Garcia Mantinan Wed, 24 Feb 2021 12:34:03 +0100 bridge-utils (1.6-6) unstable; urgency=medium * Fix IPv6 address getting assigned on hotplug devices. Closes: #980752. * Fix waiting so that DAD works again. Closes: #982943. * Move mac setting before brctl addif to ensure mac setting. Closes: #980856. * Update documentation and add examples. Closes: #765098. * Update manpages. Closes: #981253. * Add a note on MTU settings. Closes: #292088. * Hook also on down to recreate the bridge so that multiple stanzas work Ok on ifdown. Closes: #319832. -- Santiago Garcia Mantinan Tue, 16 Feb 2021 13:29:04 +0100 bridge-utils (1.6-5) unstable; urgency=low * Overload bridge_hw to allow do specify an interface as well as the MAC address. Closes: #966244. * Change man page for bridge-utils-interfaces and news fileto document this overloading. -- Santiago Garcia Mantinan Fri, 22 Jan 2021 11:08:47 +0100 bridge-utils (1.6-4) unstable; urgency=low * Add en* to the device regex so that all catches them. Closes: #966319. * Document MAC address changes on news. Closes: #980505. -- Santiago Garcia Mantinan Thu, 21 Jan 2021 10:51:31 +0100 bridge-utils (1.6-3) unstable; urgency=medium * Support VLAN aware setups where we need vlan filtering. Thanks Benedikt Spranger for the patch. Closes: #950879. * Clarify on manual page that stp will get IPv6 lost. Closes: #736336. * Add a 1 second sleep if hw address needs to be changed. Closes: #945466. -- Santiago Garcia Mantinan Thu, 30 Apr 2020 10:06:38 +0200 bridge-utils (1.6-2) unstable; urgency=medium * Bump Standards-Version. * Preserve gcc flags set when building the lib. -- Santiago Garcia Mantinan Mon, 28 Jan 2019 00:25:14 +0100 bridge-utils (1.6-1) unstable; urgency=low * New upstream version. * Change default back to not hotplug. Closes: #892277. * Allow mtu to be set on the bridge by propagating it to the bridged interfaces. Closes: #661711. * Remove kernel headers from the package. -- Santiago Garcia Mantinan Tue, 15 Jan 2019 13:18:33 +0100 bridge-utils (1.5-16) unstable; urgency=medium * Don't set dev globally at bridge-utils.sh. Closes: #873086. -- Santiago Garcia Mantinan Sun, 08 Apr 2018 23:06:30 +0200 bridge-utils (1.5-15) unstable; urgency=medium ### Old Ubuntu Delta ### bridge-utils (1.7.1-1ubuntu1) lunar; urgency=medium * Merge from Debian unstable, remaining changes: - Don't call ifup from bridge-network-interface, instead just call brctl and let udev/upstart bring the interface up. - debian/ifupdown.sh: Handle bridge params which use port and value - debian/bridge-utils-interface.5: + Update unsettable gcint value for newer kernels * Dropped changes, no longer applicable: - debian/bridge-utils-interface.5: + Update max, default value for path cost -- Graham Inggs Thu, 23 Feb 2023 15:07:42 + ** Affects: bridge-utils (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in: bridge-utils (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscrib
[Touch-packages] [Bug 2040384] [NEW] Merge heimdal from Debian unstable for noble
Public bug reported: Upstream: tbd Debian: 7.8.git20221117.28daf24+dfsg-3 Ubuntu: 7.8.git20221117.28daf24+dfsg-3ubuntu1 Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### heimdal (7.8.git20221117.28daf24+dfsg-3) unstable; urgency=medium * Fix random 'Ticket expired' and 'Clock skew too great' errors by setting kdc_offset correctly. Closes: #1039992. -- Brian May Tue, 04 Jul 2023 10:09:56 +1000 heimdal (7.8.git20221117.28daf24+dfsg-2) unstable; urgency=medium * Fix incorrect license of Debian files. * Fix deprecated dependancies. * gsskrb5: fix accidental logic inversions (CVE-2022-45142) (Closes: #1030849) - change applied from NMU version 7.8.git20221117.28daf24+dfsg-1.1 * Add ro.po file. Closes: #1031897. -- Brian May Sat, 25 Feb 2023 09:32:57 +1100 heimdal (7.8.git20221117.28daf24+dfsg-1) unstable; urgency=medium * New upstream release. -- Brian May Sat, 10 Dec 2022 16:29:20 +1100 heimdal (7.8.git20221115.a6cf945+dfsg-3) unstable; urgency=medium * Source-only upload to enable migration to testingi (2nd attempt). -- Brian May Sun, 04 Dec 2022 09:56:06 +1100 heimdal (7.8.git20221115.a6cf945+dfsg-2) unstable; urgency=medium * Source-only upload to enable migration to testing. -- Brian May Sun, 04 Dec 2022 09:09:44 +1100 heimdal (7.8.git20221115.a6cf945+dfsg-1) unstable; urgency=medium * New upstream version. * Numerous security fixes (Closes: #1024187). * asn1: Invalid free in ASN.1 codec (CVE-2022-44640) * krb5: PAC parse integer overflows (CVE-2022-42898) * gsskrb5: Use constant-time memcmp() for arcfour unwrap (CVE-2022-3437) * gsskrb5: Use constant-time memcmp() in unwrap_des3() (CVE-2022-3437) * gsskrb5: Don't pass NULL pointers to memcpy() in DES unwrap (CVE-2022-3437) * gsskrb5: Avoid undefined behaviour in _gssapi_verify_pad() (CVE-2022-3437) * gsskrb5: Check the result of _gsskrb5_get_mech() (CVE-2022-3437) * gsskrb5: Check buffer length against overflow for DES{,3} unwrap (CVE-2022-3437) * gsskrb5: Check for overflow in _gsskrb5_get_mech() (CVE-2022-3437) * gsskrb5: Pass correct length to _gssapi_verify_pad() (CVE-2022-3437) * libhx509: Fix denial of service vulnerability (CVE-2022-41916) * spnego: send_reject when no mech selected (CVE-2021-44758) * Fix regression in _krb5_get_int64 on 32 bit systems. https://github.com/heimdal/heimdal/pull/1025 * Increment soname for libroken. * Increment soname for libhcrypto. * Remove legacy shared library version requirements. * Add symbols to libkadm5srv8. -- Brian May Sun, 27 Nov 2022 10:44:26 +1100 heimdal (7.7.0+dfsg-6) unstable; urgency=medium * Retry deleting dangling windc.so again. Closes: #857215. * Create /var/lib/heimdal-kdc/m-key not /var/lib/heimdal-kdc/heimdal.mkey. Closes: #964008. * Disable use of -rpath in krb5-config.heimdal. Closes: #868840. -- Brian May Mon, 05 Sep 2022 08:35:33 +1000 heimdal (7.7.0+dfsg-5) unstable; urgency=medium * Fix missing closefrom symbol. Closes: #1016884, #1017244. * Fix spelling of dependency in changelog. * Fix override_dh_fixperms typo, use 700 for /var/lib/heimdal-kdc/ * Remove default --parallel from dh call. * Remove unused debian/upstream/signing-key.asc key. * Fix Multi-Arch headers. heimdal-multidev is not co-installable, so heimdal-dev cannot be co-installable either. -- Brian May Fri, 02 Sep 2022 07:59:59 +1000 heimdal (7.7.0+dfsg-4) unstable; urgency=medium * Delete dependency on install-info. Closes: #1013735. * Non-maintainer upload. * Reduce Build-Depends: (Closes: #980531) + Drop unused libhesiod-dev. + Drop unused libperl4-corelibs-perl as cf/make-proto.pl no longer uses it. + Drop unused libx11-dev, libxau-dev, libxt-dev, ss-dev, and x11proto-core-dev. + Clean generated C tables to actually rebuild them using python3. -- Brian May Mon, 27 Jun 2022 10:36:10 +1000 heimdal (7.7.0+dfsg-3) unstable; urgency=high ### Old Ubuntu Delta ### heimdal (7.8.git20221117.28daf24+dfsg-3ubuntu1) mantic; urgency=medium * Merge from Debian unstable. Remaining changes: - d/rules: Disable lto, to regain dep on roken, otherwise dependencies on amd64 are different than i386 resulting in different files on amd64 and i386. -- Steve Langasek Tue, 18 Jul 2023 09:23:55 -0700 ** Affects: heimdal (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-version ** Changed in: heimdal (Ubuntu) Milestone: None => ubuntu-24.01 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to heimdal in Ubuntu.
[Touch-packages] [Bug 2040386] [NEW] Merge krb5 from Debian unstable for noble
Public bug reported: Upstream: tbd Debian: 1.20.1-5 Ubuntu: 1.20.1-3ubuntu1 Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### krb5 (1.20.1-5) unstable; urgency=medium [ Helmut Grohne ] * Annotate test dependencies . (Closes: #1054461) [ Sam Hartman ] * Fix keyutils to be linux-any -- Helmut Grohne Tue, 24 Oct 2023 07:17:27 +0200 krb5 (1.20.1-4) unstable; urgency=low [ Steve Langasek ] * libkrb5support0: require strict binary dependency to deal with glibc 2.38, Closes: #1043184 [Jelmer Vernooij] * krb5-user: Use alternatives for kinit, klist, kswitch, ksu, kpasswd, kdestroy, kadmin and ktutil. This allows installation together with heimdal-clients. Closes: #213316, #751203 [ Sam Hartman ] * Enable build-time tests, Thanks Andreas Hasenack, Closes: #1017763 * Work around doxygen change that breaks doc build, Thanks Greg Hudson, Closes: #1051523 -- Sam Hartman Mon, 11 Sep 2023 11:06:57 -0600 krb5 (1.20.1-3) unstable; urgency=high * Fixes CVE-2023-36054: a remote authenticated attacker can cause kadmind to free an uninitialized pointer. Upstream believes remote code execusion is unlikely, Closes: #1043431 -- Sam Hartman Mon, 14 Aug 2023 14:06:53 -0600 krb5 (1.20.1-2) unstable; urgency=medium * Tighten dependencies on libkrb5support0. This means that the entire upgrade from bullseye to bookworm needs to be lockstep, but it appears that's what is required, Closes: #1036055 -- Sam Hartman Mon, 15 May 2023 17:44:41 -0600 krb5 (1.20.1-1) unstable; urgency=high [ Bastian Germann ] * Sync debian/copyright with NOTICE from upstream [ Debian Janitor ] * Trim trailing whitespace. * Strip unusual field spacing from debian/control. * Use secure URI in Homepage field. * Merge upstream signing key files. * Update renamed lintian tag names in lintian overrides. * Update standards version to 4.6.1, no changes needed. * Remove field Section on binary package krb5-gss-samples that duplicates source. * Fix field name cases in debian/control (VCS-Browser => Vcs-Browser, VCS-Git => Vcs-Git). [ Sam Hartman ] * New upstream release - Integer overflows in PAC parsing; potentially critical for 32-bit KDCs or when cross-realm acts maliciously; DOS in other conditions; CVE-2022-42898, Closes: #1024267 * Tighten version dependencies around crypto library, Closes: 1020424 * krb5-user reccomends rather than Depends on krb5-config. This avoids a hard dependency on bind9-host, but also supports cases where krb5-config is externally managed, Closes: #1005821 -- Sam Hartman Thu, 17 Nov 2022 10:34:28 -0700 krb5 (1.20-1) unstable; urgency=medium * New Upstream Version * Do not specify master key type to avoid weak crypto, Closes: #1009927 -- Sam Hartman Fri, 22 Jul 2022 16:32:38 -0600 krb5 (1.20~beta1-1) experimental; urgency=medium * New Upstream version -- Sam Hartman Thu, 07 Apr 2022 11:57:27 -0600 krb5 (1.19.2-2) unstable; urgency=medium * Standards version 4.6.0; no change * kpropd: run after network.target, Closes: #948820 * krb5-kdc: Remove /var from PidFile, Closes: #982009 -- Sam Hartman Mon, 21 Feb 2022 13:05:20 -0700 krb5 (1.19.2-1) experimental; urgency=medium * New Upstream version * Include patch to work with OpenSSL 3.0, Closes: #995152 * Depend on tex-gyre, Closes: #997407 ### Old Ubuntu Delta ### krb5 (1.20.1-3ubuntu1) mantic; urgency=medium * Make krb5int_strl(cat|copy) optional symbols, since they are not needed when built against glibc 2.38. Closes: #1043184. * Declare Breaks: against older packages using these symbols. * Make dependencies on libkrb5support0 strict to avoid future symbol skew. -- Steve Langasek Thu, 24 Aug 2023 18:07:33 + ** Affects: krb5 (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-version ** Changed in: krb5 (Ubuntu) Milestone: None => ubuntu-24.01 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/2040386 Title: Merge krb5 from Debian unstable for noble Status in krb5 package in Ubuntu: New Bug description: Upstream: tbd Debian: 1.20.1-5 Ubuntu: 1.20.1-3ubuntu1 Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New
[Touch-packages] [Bug 2040385] [NEW] Merge init-system-helpers from Debian unstable for noble
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 1.65.2 Ubuntu: 1.65.2ubuntu1 If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### init-system-helpers (1.65.2) unstable; urgency=low * Undo yet another hostile and baseless NMU. -- Luca Boccassi Sun, 18 Sep 2022 02:53:19 +0100 init-system-helpers (1.65.1) unstable; urgency=low * Undo hostile NMU. -- Luca Boccassi Sun, 18 Sep 2022 01:53:32 +0100 init-system-helpers (1.65) unstable; urgency=low * Upload to unstable. -- Luca Boccassi Sat, 17 Sep 2022 21:11:07 +0100 init-system-helpers (1.65~exp2) experimental; urgency=medium * fakechroot tests: skip on architectures where it is not available -- Luca Boccassi Thu, 15 Sep 2022 21:14:08 +0100 init-system-helpers (1.65~exp1) experimental; urgency=medium [ Luca Boccassi ] * Drop outdated conflict with file-rc * Add myself to Uploaders * d/rules: use execute_after instead of override * Add a dependency on usrmerge | usr-is-merged to complete the transition. As per ctte decision and discussion at: https://lists.debian.org/debian-ctte/2022/07/msg00019.html https://lists.debian.org/debian-ctte/2022/07/msg00061.html https://lists.debian.org/debian-ctte/2022/08/msg6.html [ Victor Westerhuis ] * Make deb-systemd-helper work on template units with DefaultInstance. DefaultInstance only influences the meaning of WantedBy/RequiredBy. Alias and Also are not impacted. This patch does not enable changing template instantiations, so `deb-systemd-helper enable getty@tty2.service` will still fail. * Fix tests depending on ordering of lines in state file. The previous commit changes the order in which lines are written to the state file. Because correctness does not depend on the order in which the state file is written, ignore the order in the test. -- Luca Boccassi Sat, 10 Sep 2022 13:27:16 +0100 init-system-helpers (1.64) unstable; urgency=medium * Team upload. * d-s-h: break infinite recursion on symlinks. (Closes: #1014119) * Bump Standards-Version to 4.6.1, no changes * Update date ranges in d/copyright -- Luca Boccassi Mon, 04 Jul 2022 11:19:08 +0100 init-system-helpers (1.63) unstable; urgency=medium [ Debian Janitor ] * Remove constraints unnecessary since buster * init-system-helpers: Drop versioned constraint on perl-base in Depends. * init: Drop versioned constraint on init-system-helpers in Depends. [ Johannes Schauer Marin Rodrigues ] * t/helpers.pm: use installed version of deb-systemd-helper if TEST_INSTALLED is set * add DPKG_ROOT support (Closes: #983421) [ Niels Thykier ] * Add additional error checking on write operations. The `close()` call can fail on both read and write - while the read is usually relatively benign, for the write counter part can include 'fun' errors. Most of these would most likely be persistent issues, but it makes sense to detect errors as early possible. [ Ville Skyttä ] * service: use `grep -F` instead of `egrep` `egrep` and `fgrep` have been deprecated in GNU grep since 2007, and in current post 3.7 Git they have been made to emit obsolescence warnings. The occurrence in `service` uses a non-regex argument, so switch to `grep -F` instead of `-E`. -- Michael Biebl Mon, 23 May 2022 22:48:30 +0200 init-system-helpers (1.62) unstable; urgency=medium * Team upload. [ Johannes Schauer Marin Rodrigues ] * use fakechroot instead of unsharing the mount namespace and mounting tmpfs [ Luca Boccassi ] * deb-systemd-invoke: systemctl --machine @ is now available in v249.10. Adjust the version check accordingly * Skip build-time tests if DEB_BUILD_OPTIONS=nocheck is set * Fix typos found by Lintian * Set Rules-Requires-Root: no ### Old Ubuntu Delta ### init-system-helpers (1.65.2ubuntu1) mantic; urgency=medium * Drop dependency on usrmerge; this transition is long completed in Ubuntu. LP: #2027712. -- Steve Langasek Mon, 17 Jul 2023 08:32:00 -0700 ** Affects: init-system-helpers (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-version -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to init-system-helpers in Ubuntu. https://bugs.launchpad.net/bugs/2040385 Title: Merge init-system-helpers from Debian unstable for noble Status in init-system-helpers package in Ubuntu: New Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1.65.2 Ubuntu: 1.65.2ubuntu1 If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### init-system-helpers (1.65.2) unst
[Touch-packages] [Bug 2040389] [NEW] Merge libmnl from Debian unstable for noble
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 1.0.4-3 Ubuntu: 1.0.4-3ubuntu1 There is nothing yet to merge for libmnl currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libmnl (1.0.4-3ubuntu1) kinetic; urgency=medium * Static build does not work for libmnl (-lmnl) (LP: #1971523) -- Michal Maloszewski Thu, 21 Jul 2022 14:02:16 +0200 libmnl (1.0.4-3build2) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 +0100 libmnl (1.0.4-3build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 ** Affects: libmnl (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in: libmnl (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libmnl in Ubuntu. https://bugs.launchpad.net/bugs/2040389 Title: Merge libmnl from Debian unstable for noble Status in libmnl package in Ubuntu: Incomplete Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1.0.4-3 Ubuntu: 1.0.4-3ubuntu1 There is nothing yet to merge for libmnl currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libmnl (1.0.4-3ubuntu1) kinetic; urgency=medium * Static build does not work for libmnl (-lmnl) (LP: #1971523) -- Michal Maloszewski Thu, 21 Jul 2022 14:02:16 +0200 libmnl (1.0.4-3build2) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 +0100 libmnl (1.0.4-3build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmnl/+bug/2040389/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 160631] Re: scp does not validate existance of file before connecting to remote host
Reported to be fixed in 1:9.4p1-1 - scp(1): when copying local->remote, check that the source file exists before opening an SFTP connection to the server (closes: #59255). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/160631 Title: scp does not validate existance of file before connecting to remote host Status in openssh package in Ubuntu: Triaged Status in openssh package in Debian: Fix Released Bug description: Binary package hint: openssh-client This is a minor issue, but if you attempt to copy a non-existent file to an existing host, scp fails to detect this basic issue until *after* you have been prompted for the remote systems password. Steps to recreate: 1. scp this_file_does_not_exist localhost:/tmp 2. enter your password for localhost 3. observe the error: > scp this_file_does_not_exist localhost:/tmp user@localhost's password: this_file_does_not_exist: No such file or directory > This is with feisty (openssh-client version 4.3p2-8ubuntu1). Thanks for reading! LAST VERSION TESTED: openssh-client 1:5.5p1-4ubuntu4 (Maverick) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/160631/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2028419] [NEW] MRE updates of openldap for focal, jammy and lunar
Public bug reported: Backport openldap as MRE to focal, jammy and lunar once the update for mantic has been completed. [Impact] TBD [Major Changes] TBD [Test Plan] TBD [Regression Potential] Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations, such as in relation to the versions of dependencies available and other packaging-specific matters. ** Affects: openldap (Ubuntu) Importance: Undecided Status: New ** Affects: openldap (Ubuntu Focal) Importance: Undecided Status: New ** Affects: openldap (Ubuntu Jammy) Importance: Undecided Status: New ** Affects: openldap (Ubuntu Lunar) Importance: Undecided Status: New ** Tags: needs-mre-backport ** Changed in: openldap (Ubuntu) Milestone: None => ubuntu-23.08 ** Also affects: openldap (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: openldap (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: openldap (Ubuntu Lunar) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2028419 Title: MRE updates of openldap for focal, jammy and lunar Status in openldap package in Ubuntu: New Status in openldap source package in Focal: New Status in openldap source package in Jammy: New Status in openldap source package in Lunar: New Bug description: Backport openldap as MRE to focal, jammy and lunar once the update for mantic has been completed. [Impact] TBD [Major Changes] TBD [Test Plan] TBD [Regression Potential] Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations, such as in relation to the versions of dependencies available and other packaging-specific matters. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2028419/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2009544] Re: OpenSSL 3 performance regression
Upstream has an umbrella bug that covers this and other associated performance related problems: https://github.com/openssl/openssl/issues/17627 ** Bug watch added: github.com/openssl/openssl/issues #17627 https://github.com/openssl/openssl/issues/17627 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2009544 Title: OpenSSL 3 performance regression Status in openssl package in Ubuntu: New Bug description: Hello, it sounds like there's some significant performance regressions in OpenSSL 3: https://github.com/openssl/openssl/issues/20286#issuecomment-1438826816 Some we might be able to address with: https://github.com/openssl/openssl/pull/18151 Some of the performance differences may be subject to ongoing work. Thanks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2009544/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2018060] Re: Merge bridge-utils from Debian unstable for mantic
** Changed in: bridge-utils (Ubuntu) Status: Expired => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bridge-utils in Ubuntu. https://bugs.launchpad.net/bugs/2018060 Title: Merge bridge-utils from Debian unstable for mantic Status in bridge-utils package in Ubuntu: Incomplete Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1.7.1-1 Ubuntu: 1.7.1-1ubuntu1 There is nothing yet to merge for bridge-utils currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### bridge-utils (1.7.1-1) unstable; urgency=low * New upstream version. Only some fixes for compilation warnings and the man page. * Update standards version to 4.6.1, no changes needed. * Set debhelper-compat version in Build-Depends. * Trim trailing whitespace. -- Santiago García Mantiñán Wed, 25 Jan 2023 22:11:52 +0100 bridge-utils (1.7-2) unstable; urgency=medium * Add BRIDGE_DISABLE_LINKLOCAL_IPV6_ALSO_PHYS to /etc/default/bridge-utils to stop disabling IPv6 on physical interfaces of vlan ports if set to no. Closes: #989162. * Update interfaces man page, IPv6 works with STP on after DAD was fixed. Closes: #980507. * Treat vlan ports the same as ifupdown, avoid octal vlans. Closes: #995627. * Update NEWS file to fix us blaming the kernel for the MAC address selection that is really overridden by systemd. -- Santiago García Mantiñán Mon, 03 Oct 2022 23:11:46 +0200 bridge-utils (1.7-1) unstable; urgency=medium * New upstream version. Only messages related changes and compilation fixes. * Remove preserve_gcc_flags patch (in upstream now). * Bump standards, no change needed. * Clarify portprio and fix example. * Update upstream url. * Fix NEWS versioning of last entry :-? -- Santiago Garcia Mantinan Wed, 24 Feb 2021 12:34:03 +0100 bridge-utils (1.6-6) unstable; urgency=medium * Fix IPv6 address getting assigned on hotplug devices. Closes: #980752. * Fix waiting so that DAD works again. Closes: #982943. * Move mac setting before brctl addif to ensure mac setting. Closes: #980856. * Update documentation and add examples. Closes: #765098. * Update manpages. Closes: #981253. * Add a note on MTU settings. Closes: #292088. * Hook also on down to recreate the bridge so that multiple stanzas work Ok on ifdown. Closes: #319832. -- Santiago Garcia Mantinan Tue, 16 Feb 2021 13:29:04 +0100 bridge-utils (1.6-5) unstable; urgency=low * Overload bridge_hw to allow do specify an interface as well as the MAC address. Closes: #966244. * Change man page for bridge-utils-interfaces and news fileto document this overloading. -- Santiago Garcia Mantinan Fri, 22 Jan 2021 11:08:47 +0100 bridge-utils (1.6-4) unstable; urgency=low * Add en* to the device regex so that all catches them. Closes: #966319. * Document MAC address changes on news. Closes: #980505. -- Santiago Garcia Mantinan Thu, 21 Jan 2021 10:51:31 +0100 bridge-utils (1.6-3) unstable; urgency=medium * Support VLAN aware setups where we need vlan filtering. Thanks Benedikt Spranger for the patch. Closes: #950879. * Clarify on manual page that stp will get IPv6 lost. Closes: #736336. * Add a 1 second sleep if hw address needs to be changed. Closes: #945466. -- Santiago Garcia Mantinan Thu, 30 Apr 2020 10:06:38 +0200 bridge-utils (1.6-2) unstable; urgency=medium * Bump Standards-Version. * Preserve gcc flags set when building the lib. -- Santiago Garcia Mantinan Mon, 28 Jan 2019 00:25:14 +0100 bridge-utils (1.6-1) unstable; urgency=low * New upstream version. * Change default back to not hotplug. Closes: #892277. * Allow mtu to be set on the bridge by propagating it to the bridged interfaces. Closes: #661711. * Remove kernel headers from the package. -- Santiago Garcia Mantinan Tue, 15 Jan 2019 13:18:33 +0100 bridge-utils (1.5-16) unstable; urgency=medium * Don't set dev globally at bridge-utils.sh. Closes: #873086. -- Santiago Garcia Mantinan Sun, 08 Apr 2018 23:06:30 +0200 bridge-utils (1.5-15) unstable; urgency=medium ### Old Ubuntu Delta ### bridge-utils (1.7.1-1ubuntu1) lunar; urgency=medium * Merge from Debian unstable, remaining changes: - Don't call ifup from bridge-network-interface, instead just call brctl and let udev/upstart bring the interface up. - debian/ifupdown.sh: Handle bridge params which use port and value - debian/bridge-utils-inte
[Touch-packages] [Bug 2018081] Re: Merge libseccomp from Debian unstable for mantic
** Changed in: libseccomp (Ubuntu) Status: Expired => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/2018081 Title: Merge libseccomp from Debian unstable for mantic Status in libseccomp package in Ubuntu: Incomplete Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 2.5.4-1 Ubuntu: 2.5.4-1ubuntu3 The NOT SERVER TEAM team has maintained this package in the past and may be handling this merge. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libseccomp (2.5.4-1ubuntu3) lunar; urgency=medium * Rebuild to drop Python 3.10 extension -- Jeremy Bicha Tue, 28 Feb 2023 17:23:34 -0500 libseccomp (2.5.4-1ubuntu2) lunar; urgency=medium * No-change rebuild with Python 3.11 as supported -- Graham Inggs Wed, 02 Nov 2022 10:24:36 + libseccomp (2.5.4-1ubuntu1) kinetic; urgency=medium * Merge from Debian unstable; remaining changes: - Add autopkgtests -- Alex Murray Tue, 03 May 2022 11:43:10 +0930 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/2018081/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2018079] Re: Merge libmnl from Debian unstable for mantic
** Changed in: libmnl (Ubuntu) Status: Expired => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libmnl in Ubuntu. https://bugs.launchpad.net/bugs/2018079 Title: Merge libmnl from Debian unstable for mantic Status in libmnl package in Ubuntu: Incomplete Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1.0.4-3 Ubuntu: 1.0.4-3ubuntu1 There is nothing yet to merge for libmnl currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libmnl (1.0.4-3ubuntu1) kinetic; urgency=medium * Static build does not work for libmnl (-lmnl) (LP: #1971523) -- Michal Maloszewski Thu, 21 Jul 2022 14:02:16 +0200 libmnl (1.0.4-3build2) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 +0100 libmnl (1.0.4-3build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmnl/+bug/2018079/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2022927] Re: Busybox mount fails to mount Snaps
Hi Isaac, I'm at end of my shift so don't have time for a full review, just a few notes before I hand-off to the next patch pilot: - In your changelog entry, please reference this bug report, i.e.: - I'd recommend making your PPA version be "1:1.35.0-4ubuntu2~ppa5" - Name your patch "mount-ignore-x-options" as "mount-ignore-x- options.patch" - I'd strongly recommend including DEP3 headers on your patch. See https://dep-team.pages.debian.net/deps/dep3/. If you refer to the busybox patch static-sh-alias.patch you can see a good example of this. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to busybox in Ubuntu. https://bugs.launchpad.net/bugs/2022927 Title: Busybox mount fails to mount Snaps Status in busybox package in Ubuntu: New Bug description: Snapd tries to mount squashfs Snaps with non-standard mount flags like "x-gdu.hide" and "x-gvfs-hide", both of which are used to indicate to userspace programs that a given mount should not be shown in a list of mounted partitions/filesystems. Busybox does not support these flags, and so fails with "Invalid argument". $ sudo busybox mount -t tmpfs -o x-gdu-hide test /tmp/test mount: mounting test on /tmp/test failed: Invalid argument These flags can likely be be safely ignored, as they don't actually affect the functionality of the mount. This goes for all mount options starting with "x-", as these generally denote non-standard mount option "extensions". I've created a patch against Busybox which adds an optional configuration item to ignore all mount options beginning with "x-". An additional verbose option has also been added to enable the ability to report that the mount flags have been ignored, rather than silently ignoring them. This is a requirement for a customer project, where we are limited to using Busybox (due to coreutils' GPL-3.0 licence) but would also require using Snaps like checkbox for testing and verification. This was posted on the Busybox mailing list a few months ago (http://lists.busybox.net/pipermail/busybox/2023-March/090202.html) but patch acceptance there seems to take quite a long time, and we need this for the customer. A PPA containing the patched Busybox version is available on the project's Launchpad team: https://launchpad.net/~nemos- team/+archive/ubuntu/ppa To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/2022927/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2020464] Re: Please merge lvm 2.03.16-2 from Debian unstable
Hi Dave, Thanks for including the packaging branch in addition to the ppa and debdiff, that definitely helps with the review! Btw, since you use packaging branches, you can file 'Merge Proposal' requests that are helpful for structuring reviews. When creating an MP for a merge against debian unstable, you can set the MP target to 'debian/sid' (instead of the default 'ubuntu/devel') and it'll generate a useful diff. I went ahead and created one off your branch; if nothing else it helps my own review process since it's what I'm accustomed to: https://code.launchpad.net/~waveform/ubuntu/+source/lvm2/+git/lvm2/+merge/444199 I'll provide review feedback there. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lvm2 in Ubuntu. https://bugs.launchpad.net/bugs/2020464 Title: Please merge lvm 2.03.16-2 from Debian unstable Status in lvm2 package in Ubuntu: New Bug description: Please merge lvm2 2.03.16-2 from Debian unstable. Updated changelog and diff against Debian unstable to be attached below. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/2020464/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2018094] Re: Merge openssh from Debian unstable for mantic
** Description changed: Scheduled-For: Backlog Upstream: tbd - Debian: 1:9.2p1-2 + Debian: 1:9.2p1-2 Ubuntu: 1:9.0p1-1ubuntu8 - - The NOT SERVER TEAM team has maintained this package in the past and may be handling this merge. + The foundations team has maintained this package in the past and may be + handling this merge. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. - ### New Debian Changes ### openssh (1:9.2p1-2) unstable; urgency=medium - * Fix mistakenly-unreleased entry for 1:9.2p1-1 in debian/NEWS. - - -- Colin Watson Wed, 08 Feb 2023 10:43:07 + + * Fix mistakenly-unreleased entry for 1:9.2p1-1 in debian/NEWS. + + -- Colin Watson Wed, 08 Feb 2023 10:43:07 + openssh (1:9.2p1-1) unstable; urgency=medium - * Set 'UsePAM yes' when running regression tests, to match our default - sshd configuration. - * Ignore Lintian error about depending on lsb-base for now, to avoid - problems with partial upgrades on non-default init systems. - * New upstream release (https://www.openssh.com/releasenotes.html#9.2p1): - - [SECURITY] sshd(8): fix a pre-authentication double-free memory fault - introduced in OpenSSH 9.1. This is not believed to be exploitable, and - it occurs in the unprivileged pre-auth process that is subject to - chroot(2) and is further sandboxed on most major platforms. - - [SECURITY] ssh(8): in OpenSSH releases after 8.7, the PermitRemoteOpen - option would ignore its first argument unless it was one of the - special keywords 'any' or 'none', causing the permission list to fail - open if only one permission was specified. - - [SECURITY] ssh(1): if the CanonicalizeHostname and - CanonicalizePermittedCNAMEs options were enabled, and the system/libc - resolver did not check that names in DNS responses were valid, then - use of these options could allow an attacker with control of DNS to - include invalid characters (possibly including wildcards) in names - added to known_hosts files when they were updated. These names would - still have to match the CanonicalizePermittedCNAMEs allow-list, so - practical exploitation appears unlikely. - - ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that - controls whether the client-side ~C escape sequence that provides a - command-line is available. Among other things, the ~C command-line - could be used to add additional port-forwards at runtime. This option - defaults to 'no', disabling the ~C command-line that was previously - enabled by default. - - sshd(8): add support for channel inactivity timeouts via a new - sshd_config(5) ChannelTimeout directive. This allows channels that - have not seen traffic in a configurable interval to be automatically - closed. Different timeouts may be applied to session, X11, agent and - TCP forwarding channels. - - sshd(8): add a sshd_config UnusedConnectionTimeout option to terminate - client connections that have no open channels for a length of time. - This complements the ChannelTimeout option above. - - sshd(8): add a -V (version) option to sshd like the ssh client has. - - ssh(1): add a 'Host' line to the output of ssh -G showing the original - hostname argument. bz3343 - - scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to allow - control over some SFTP protocol parameters: the copy buffer length and - the number of in-flight requests, both of which are used during - upload/download. Previously these could be controlled in sftp(1) only. - This makes them available in both SFTP protocol clients using the same - option character sequence. - - ssh-keyscan(1): allow scanning of complete CIDR address ranges, e.g. - 'ssh-keyscan 192.168.0.0/24'. If a CIDR range is passed, then it will - be expanded to all possible addresses in the range including the - all-0s and all-1s addresses. - - ssh(1): support dynamic remote port forwarding in escape - command-line's -R processing. - - ssh(1): when restoring non-blocking mode to stdio fds, restore exactly - the flags that ssh started with and don't just clobber them with zero, - as this could also remove the append flag from the set. - - ssh(1): avoid printf('%s', NULL) if using UserKnownHostsFile=none and - a hostkey in one of the system known hosts file changes. - - scp(1): switch scp from using pipes to a socket-pair for communication - with its ssh sub-processes, matching how sftp(1) operates. - - sshd(8): clear signal mask early in main(); sshd may have been started - with one or more signals masked (sigprocmask(2) is not cleared on - fork/exec) and this could interfer
[Touch-packages] [Bug 1971932] Re: error in rsync protocol data stream
** No longer affects: rsync (Ubuntu Jammy) ** No longer affects: rsync (Ubuntu Kinetic) ** No longer affects: rsync (Ubuntu Lunar) ** Changed in: rsync (Ubuntu Bionic) Status: New => Confirmed ** Changed in: rsync (Ubuntu Focal) Status: New => Confirmed ** Changed in: rsync (Ubuntu Focal) Importance: Undecided => Low ** Changed in: rsync (Ubuntu Bionic) Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/1971932 Title: error in rsync protocol data stream Status in rsync package in Ubuntu: Confirmed Status in rsync source package in Bionic: Confirmed Status in rsync source package in Focal: Confirmed Bug description: When synchronizing to other systems, rsync exits with "error in rsync protocol data stream (code 12)". The problem occurs since ubuntu 22.04 LTS with two different destination systems not running ubuntu but plain debian. The error did not occur under 20.04 LTS. Synchronisation runs fine for most other files, but always stops at the same (relative large) file. The file itself has also been changed on a test basis to make sure the file is not the problem itself. Log snippet: ... chunk[46131] len=46120 offset=2127561720 sum1=2f48caf4 chunk[46132] len=46120 offset=2127607840 sum1=5dfcb4ee chunk[46133] len=46120 offset=2127653960 sum1=d1037d81 chunk[46134] len=8870 offset=2127700080 sum1=6deedc97 send_files mapped /path/backup/subdir/.thunderbird/profile/ImapMail/imap.domain.com/INBOX of size 2135722584 calling match_sums /path/backup/subdir/.thunderbird/profile/ImapMail/imap.domain.com/INBOX built hash table hash search b=46120 len=2135722584 sum=1e1722dc k=46120 hash search s->blength=46120 len=2135722584 count=46135 potential match at 0 i=0 sum=1e1722dc match at 0 last_match=0 j=0 len=46120 n=0 potential match at 46120 i=1 sum=c482d6b6 match at 46120 last_match=46120 j=1 len=46120 n=0 potential match at 92240 i=2 sum=b21c7e11 match at 92240 last_match=92240 j=2 len=46120 n=0 potential match at 138360 i=3 sum=d066473a match at 138360 last_match=138360 j=3 len=46120 n=0 potential match at 184480 i=4 sum=a32a2984 match at 184480 last_match=184480 j=4 len=46120 n=0 potential match at 230600 i=5 sum=39cc049f match at 230600 last_match=230600 j=5 len=46120 n=0 potential match at 276720 i=6 sum=ad3de98a match at 276720 last_match=276720 j=6 len=46120 n=0 potential match at 322840 i=7 sum=83e16fa9 match at 322840 last_match=322840 j=7 len=46120 n=0 deflate on token returned 0 (8512 bytes left) rsync error: error in rsync protocol data stream (code 12) at token.c(476) [sender=3.2.3] [sender] _exit_cleanup(code=12, file=token.c, line=476): entered [sender] _exit_cleanup(code=12, file=token.c, line=476): about to call exit(12) Sender system: (rsync 3.2.3-8ubuntu3) - rsync version 3.2.3 protocol version 31 Copyright (C) 1996-2020 by Andrew Tridgell, Wayne Davison, and others. Web site: https://rsync.samba.org/ Capabilities: 64-bit files, 64-bit inums, 64-bit timestamps, 64-bit long ints, socketpairs, hardlinks, hardlink-specials, symlinks, IPv6, atimes, batchfiles, inplace, append, ACLs, xattrs, optional protect-args, iconv, symtimes, prealloc, stop-at, no crtimes Optimizations: SIMD, no asm, openssl-crypto Checksum list: xxh128 xxh3 xxh64 (xxhash) md5 md4 none Compress list: zstd lz4 zlibx zlib none rsync comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the GNU General Public Licence for details. Recipient systems: (rsync 3.1.3-6) -- rsync version 3.1.3 protocol version 31 Copyright (C) 1996-2018 by Andrew Tridgell, Wayne Davison, and others. Web site: http://rsync.samba.org/ Capabilities: 64-bit files, 64-bit inums, 64-bit timestamps, 64-bit long ints, socketpairs, hardlinks, symlinks, IPv6, batchfiles, inplace, append, ACLs, xattrs, iconv, symtimes, prealloc rsync comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the GNU General Public Licence for details. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1971932/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993409] Re: Merge libmnl from Debian unstable for l-series
*** This bug is a duplicate of bug 2018079 *** https://bugs.launchpad.net/bugs/2018079 ** This bug has been marked a duplicate of bug 2018079 Merge libmnl from Debian unstable for mantic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libmnl in Ubuntu. https://bugs.launchpad.net/bugs/1993409 Title: Merge libmnl from Debian unstable for l-series Status in libmnl package in Ubuntu: Incomplete Bug description: Scheduled-For: ubuntu-22.12 Upstream: tbd Debian: 1.0.4-3 Ubuntu: 1.0.4-3ubuntu1 ### Old Ubuntu Delta ### libmnl (1.0.4-3ubuntu1) kinetic; urgency=medium * Static build does not work for libmnl (-lmnl) (LP: #1971523) -- Michal Maloszewski Thu, 21 Jul 2022 14:02:16 +0200 libmnl (1.0.4-3build2) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 +0100 libmnl (1.0.4-3build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmnl/+bug/1993409/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2018079] [NEW] Merge libmnl from Debian unstable for mantic
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 1.0.4-3 Ubuntu: 1.0.4-3ubuntu1 There is nothing yet to merge for libmnl currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libmnl (1.0.4-3ubuntu1) kinetic; urgency=medium * Static build does not work for libmnl (-lmnl) (LP: #1971523) -- Michal Maloszewski Thu, 21 Jul 2022 14:02:16 +0200 libmnl (1.0.4-3build2) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 +0100 libmnl (1.0.4-3build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 ** Affects: libmnl (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in: libmnl (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libmnl in Ubuntu. https://bugs.launchpad.net/bugs/2018079 Title: Merge libmnl from Debian unstable for mantic Status in libmnl package in Ubuntu: Incomplete Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1.0.4-3 Ubuntu: 1.0.4-3ubuntu1 There is nothing yet to merge for libmnl currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libmnl (1.0.4-3ubuntu1) kinetic; urgency=medium * Static build does not work for libmnl (-lmnl) (LP: #1971523) -- Michal Maloszewski Thu, 21 Jul 2022 14:02:16 +0200 libmnl (1.0.4-3build2) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 +0100 libmnl (1.0.4-3build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmnl/+bug/2018079/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2018081] [NEW] Merge libseccomp from Debian unstable for mantic
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 2.5.4-1 Ubuntu: 2.5.4-1ubuntu3 The NOT SERVER TEAM team has maintained this package in the past and may be handling this merge. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libseccomp (2.5.4-1ubuntu3) lunar; urgency=medium * Rebuild to drop Python 3.10 extension -- Jeremy Bicha Tue, 28 Feb 2023 17:23:34 -0500 libseccomp (2.5.4-1ubuntu2) lunar; urgency=medium * No-change rebuild with Python 3.11 as supported -- Graham Inggs Wed, 02 Nov 2022 10:24:36 + libseccomp (2.5.4-1ubuntu1) kinetic; urgency=medium * Merge from Debian unstable; remaining changes: - Add autopkgtests -- Alex Murray Tue, 03 May 2022 11:43:10 +0930 ** Affects: libseccomp (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in: libseccomp (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/2018081 Title: Merge libseccomp from Debian unstable for mantic Status in libseccomp package in Ubuntu: Incomplete Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 2.5.4-1 Ubuntu: 2.5.4-1ubuntu3 The NOT SERVER TEAM team has maintained this package in the past and may be handling this merge. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libseccomp (2.5.4-1ubuntu3) lunar; urgency=medium * Rebuild to drop Python 3.10 extension -- Jeremy Bicha Tue, 28 Feb 2023 17:23:34 -0500 libseccomp (2.5.4-1ubuntu2) lunar; urgency=medium * No-change rebuild with Python 3.11 as supported -- Graham Inggs Wed, 02 Nov 2022 10:24:36 + libseccomp (2.5.4-1ubuntu1) kinetic; urgency=medium * Merge from Debian unstable; remaining changes: - Add autopkgtests -- Alex Murray Tue, 03 May 2022 11:43:10 +0930 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/2018081/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2018091] [NEW] Merge net-tools from Debian unstable for mantic
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 2.10-0.1 Ubuntu: 2.10-0.1ubuntu3 There is nothing yet to merge for net-tools currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### net-tools (2.10-0.1) unstable; urgency=medium * Non-maintainer upload. * Update Martina's name and email address. * Drop DECnet support (Closes: #1024730) * Revert 'Fix d/watch to point to upstream git repository' * New upstream version 2.10 (Closes: #1000281) -- Bastian Germann Fri, 25 Nov 2022 15:15:20 +0100 net-tools (1.60+git20181103.0eebece-1) unstable; urgency=medium * New upstream version 1.60+git20181103.0eebece - Fix nstrcmp() to prevent ifconfig from showing duplicate interfaces. (Closes: #812886) * Fix d/watch to point to upstream git repository * Add patch to fix decoding of MII vendor ids. (Closes: #549397) - Thanks, Ben Hutchings, for the patch. * Add patch to fix Japanese translation which uses a wrong Kanji character. (Closes: #621752) - Thanks, Takeshi Hamasaki, for the patch. * Add patch to fix wrong indentation of 'collisions' in the Japanese translation. (Closes: #653117) - Thanks, NODA, Kai, for the patch. * Fix Uploaders' field. - Add myself as an uploader. - Fix Tina's details. -- Utkarsh Gupta Fri, 02 Oct 2020 15:01:04 +0530 net-tools (1.60+git20180626.aebd88e-1) unstable; urgency=medium * New upstream snapshot * Refresh patches. * Fix typos in German manpages. Thanks to Prof. Dr. Steffen Wendzel and Dr. Tobias Quathamer for the patch. Closes: #900962. -- Martina Ferrari Mon, 24 Sep 2018 19:08:57 + net-tools (1.60+git20161116.90da8a0-4) unstable; urgency=medium * Update maintainer email address. Closes: #899617. * Update Standards-Version with no changes. -- Martina Ferrari Mon, 24 Sep 2018 17:16:31 + net-tools (1.60+git20161116.90da8a0-3) unstable; urgency=medium * debian/control: Update Vcs-* and Standards-Version. * debian/control: remove references to ancient package ja-trans. * debian/gbp.conf: Update repo layout. -- Martina Ferrari Tue, 31 Jul 2018 19:09:00 + net-tools (1.60+git20161116.90da8a0-2) unstable; urgency=medium * Fix typo in French manpage. Thanks to Michel Grigaut for the patch. * Add manpage for iptunnel, thanks to Sergio Durigan Junior. Closes: #88910 * Rename patches so CME does not choke on them. * Automated cme fixes; packaging improvements. * Remove unused and ancient patch. -- Martina Ferrari Sun, 11 Feb 2018 17:29:24 + net-tools (1.60+git20161116.90da8a0-1) unstable; urgency=medium * New upstream snapshot. * Re-synced translations.patch. * Acknowledge NMUs. Thanks a lot to Andrey Rahmatullin for the fixes and uploads. Closes: 846509. * Fix FTCBFS, thanks to Helmut Grohne for the patch. Closes: #811561. + Really assign CC for cross compilation. + Use triplet prefixed pkg-config. * Add debian/NEWS warning about changing output in net-tools commands. Closing bugs that reported problems in 3rd-party scripts arising from these changes. Closes: #845153, #843892, #820212. * Update Standards-Version, with no changes. -- Martina Ferrari Mon, 26 Dec 2016 05:58:42 + net-tools (1.60+git20150829.73cef8a-2.2) unstable; urgency=medium * Non-maintainer upload. * Apply an additional fix for the previous FTBFS for some architectures. -- Andrey Rahmatullin Thu, 01 Dec 2016 22:49:27 +0500 net-tools (1.60+git20150829.73cef8a-2.1) unstable; urgency=medium * Non-maintainer upload. * Fix FTBFS by applying the upstream patch (Closes: #844073). -- Andrey Rahmatullin Sun, 20 Nov 2016 15:23:12 +0500 net-tools (1.60+git20150829.73cef8a-2) unstable; urgency=medium [ Laurent Bigonville ] * Enable SELinux support. Closes: #666204. ### Old Ubuntu Delta ### net-tools (2.10-0.1ubuntu3) lunar; urgency=medium * Further fixes for mismerge. -- Steve Langasek Tue, 13 Dec 2022 13:49:51 -0800 net-tools (2.10-0.1ubuntu2) lunar; urgency=medium * Fix mismerge of Ubuntu units patch. -- Steve Langasek Tue, 13 Dec 2022 13:40:24 -0800 net-tools (2.10-0.1ubuntu1) lunar; urgency=low * Merge from Debian unstable. Remaining changes: - Ubuntu_unit_conversion.patch: + Ubuntu Policy: output using standard SI unit multiples: KB (10^3), MB (10^6), GB (10^9), TB (10^12) and PB (10^15). Includes manpage update to remove comment about IEC units. - Add new DEP8 tests for hostname and ifconfig. -- Steve Langasek Tue, 13 Dec 2022 13:27:00 -0800 ** Affects: net-tools (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in: ne
[Touch-packages] [Bug 2018093] [NEW] Merge openldap from Debian unstable for mantic
Public bug reported: Upstream: tbd Debian: 2.5.13+dfsg-52.6.4+dfsg-1~exp1 Ubuntu: 2.6.3+dfsg-1~exp1ubuntu2 Debian new has 2.6.4+dfsg-1~exp1, which may be available for merge soon. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### openldap (2.5.13+dfsg-5) unstable; urgency=medium * Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path. (Closes: #1030814) * Disable flaky test test069-delta-multiprovider-starttls. -- Ryan Tandy Tue, 07 Feb 2023 17:56:12 -0800 openldap (2.5.13+dfsg-4) unstable; urgency=medium [ Andreas Hasenack ] * d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817) * d/t/sha2-contrib: add test for sha2 module -- Ryan Tandy Mon, 06 Feb 2023 19:21:05 -0800 openldap (2.5.13+dfsg-3) unstable; urgency=medium [ Ryan Tandy ] * Disable flaky test test063-delta-multiprovider. Mitigates #1010608. [ Gioele Barabucci ] * slapd.scripts-common: Avoid double-UTF8-encoding org name (Closes: #1016185) * d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style` * d/slapd.postinst: Remove test for ancient version * slapd.scripts-common: Remove unused `normalize_ldif` * d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics` -- Ryan Tandy Fri, 13 Jan 2023 16:29:59 -0800 openldap (2.5.13+dfsg-2) unstable; urgency=medium * d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the autopkgtest failure due to heimdal setting mode 700 on this directory. (Closes: #1020442) * d/source/lintian-overrides: Add wildcards to make overrides compatible with both older and newer versions of lintian. * d/slapd-contrib.lintian-overrides: Remove unused custom-library-search-path override now that krb5-config no longer sets -rpath. -- Ryan Tandy Sat, 24 Sep 2022 12:40:21 -0700 openldap (2.5.13+dfsg-1) unstable; urgency=medium * d/rules: Remove get-orig-source, now unnecessary. * Check PGP signature when running uscan. * d/watch: Modernize watch file; use repacksuffix. * d/copyright: Update according to DEP-5. * d/control: Add myself to Uploaders. * New upstream release. -- Sergio Durigan Junior Sun, 18 Sep 2022 18:29:46 -0400 openldap (2.5.12+dfsg-2) unstable; urgency=medium * Stop slapd explicitly in prerm as a workaround for #1006147, which caused dpkg-reconfigure to not restart the service, so the new configuration was not applied. See also #994204. (Closes: #1010971) -- Ryan Tandy Mon, 23 May 2022 10:14:53 -0700 openldap (2.5.12+dfsg-1) unstable; urgency=medium * New upstream release. - Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155) * Update debconf translations: - German, thanks to Helge Kreutzmann. (Closes: #1007728) - Spanish, thanks to Camaleón. (Closes: #1008529) - Dutch, thanks to Frans Spiesschaert. (Closes: #1010034) -- Ryan Tandy Wed, 04 May 2022 18:00:16 -0700 openldap (2.5.11+dfsg-1) unstable; urgency=medium * Upload to unstable. -- Ryan Tandy Fri, 11 Mar 2022 19:38:02 -0800 openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Add openssl to Build-Depends to enable more checks in test067-tls. * Update slapd-contrib's custom-library-search-path override to work with current Lintian. -- Ryan Tandy Sun, 23 Jan 2022 17:16:05 -0800 openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Update slapd-contrib's custom-library-search-path override to work with Lintian 2.108.0. -- Ryan Tandy Wed, 13 Oct 2021 18:42:55 -0700 openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not ### Old Ubuntu Delta ### openldap (2.6.3+dfsg-1~exp1ubuntu2) lunar; urgency=medium * Build the passwd/sha2 contrib module with -fno-strict-aliasing to avoid computing an incorrect SHA256 hash with some versions of the compiler (LP: #2000817): - d/t/{control,sha2-contrib}: test to verify the SHA256 hash produced by passwd/sha2 - d/rules: set -fno-strict-aliasing only when building the passwd/sha2 contrib module * d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in the smbk5pwd DEP8 test (LP: #2004560) -- Andreas Hasenack Fri, 03 Feb 2023 09:33:14 -0300 openldap (2.6.3+dfsg-1~exp1ubuntu1) lunar; urgency=medium * Merge with Debian unstable (LP: #1993426). Remaining changes: - Enable AppArmor support: + d/apparmor-profile: add AppArmor profile + d/rules: use dh_apparmor + d/control: Build-Depends on dh-apparmor + d/slapd.README.Debian: add note about AppArmor - Enable ufw support: + d/control: suggest ufw. + d/rules: install ufw profile. + d/slapd.ufw.profile: add ufw profil
[Touch-packages] [Bug 2018094] [NEW] Merge openssh from Debian unstable for mantic
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 1:9.2p1-2 Ubuntu: 1:9.0p1-1ubuntu8 The NOT SERVER TEAM team has maintained this package in the past and may be handling this merge. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### openssh (1:9.2p1-2) unstable; urgency=medium * Fix mistakenly-unreleased entry for 1:9.2p1-1 in debian/NEWS. -- Colin Watson Wed, 08 Feb 2023 10:43:07 + openssh (1:9.2p1-1) unstable; urgency=medium * Set 'UsePAM yes' when running regression tests, to match our default sshd configuration. * Ignore Lintian error about depending on lsb-base for now, to avoid problems with partial upgrades on non-default init systems. * New upstream release (https://www.openssh.com/releasenotes.html#9.2p1): - [SECURITY] sshd(8): fix a pre-authentication double-free memory fault introduced in OpenSSH 9.1. This is not believed to be exploitable, and it occurs in the unprivileged pre-auth process that is subject to chroot(2) and is further sandboxed on most major platforms. - [SECURITY] ssh(8): in OpenSSH releases after 8.7, the PermitRemoteOpen option would ignore its first argument unless it was one of the special keywords 'any' or 'none', causing the permission list to fail open if only one permission was specified. - [SECURITY] ssh(1): if the CanonicalizeHostname and CanonicalizePermittedCNAMEs options were enabled, and the system/libc resolver did not check that names in DNS responses were valid, then use of these options could allow an attacker with control of DNS to include invalid characters (possibly including wildcards) in names added to known_hosts files when they were updated. These names would still have to match the CanonicalizePermittedCNAMEs allow-list, so practical exploitation appears unlikely. - ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that controls whether the client-side ~C escape sequence that provides a command-line is available. Among other things, the ~C command-line could be used to add additional port-forwards at runtime. This option defaults to 'no', disabling the ~C command-line that was previously enabled by default. - sshd(8): add support for channel inactivity timeouts via a new sshd_config(5) ChannelTimeout directive. This allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. - sshd(8): add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for a length of time. This complements the ChannelTimeout option above. - sshd(8): add a -V (version) option to sshd like the ssh client has. - ssh(1): add a 'Host' line to the output of ssh -G showing the original hostname argument. bz3343 - scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol parameters: the copy buffer length and the number of in-flight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) only. This makes them available in both SFTP protocol clients using the same option character sequence. - ssh-keyscan(1): allow scanning of complete CIDR address ranges, e.g. 'ssh-keyscan 192.168.0.0/24'. If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. - ssh(1): support dynamic remote port forwarding in escape command-line's -R processing. - ssh(1): when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set. - ssh(1): avoid printf('%s', NULL) if using UserKnownHostsFile=none and a hostkey in one of the system known hosts file changes. - scp(1): switch scp from using pipes to a socket-pair for communication with its ssh sub-processes, matching how sftp(1) operates. - sshd(8): clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. - ssh(1): warn if no host keys for hostbased auth can be loaded. - sshd(8): Add server debugging for hostbased auth that is queued and sent to the client after successful authentication, but also logge
[Touch-packages] [Bug 2018060] [NEW] Merge bridge-utils from Debian unstable for mantic
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 1.7.1-1 Ubuntu: 1.7.1-1ubuntu1 There is nothing yet to merge for bridge-utils currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### bridge-utils (1.7.1-1) unstable; urgency=low * New upstream version. Only some fixes for compilation warnings and the man page. * Update standards version to 4.6.1, no changes needed. * Set debhelper-compat version in Build-Depends. * Trim trailing whitespace. -- Santiago García Mantiñán Wed, 25 Jan 2023 22:11:52 +0100 bridge-utils (1.7-2) unstable; urgency=medium * Add BRIDGE_DISABLE_LINKLOCAL_IPV6_ALSO_PHYS to /etc/default/bridge-utils to stop disabling IPv6 on physical interfaces of vlan ports if set to no. Closes: #989162. * Update interfaces man page, IPv6 works with STP on after DAD was fixed. Closes: #980507. * Treat vlan ports the same as ifupdown, avoid octal vlans. Closes: #995627. * Update NEWS file to fix us blaming the kernel for the MAC address selection that is really overridden by systemd. -- Santiago García Mantiñán Mon, 03 Oct 2022 23:11:46 +0200 bridge-utils (1.7-1) unstable; urgency=medium * New upstream version. Only messages related changes and compilation fixes. * Remove preserve_gcc_flags patch (in upstream now). * Bump standards, no change needed. * Clarify portprio and fix example. * Update upstream url. * Fix NEWS versioning of last entry :-? -- Santiago Garcia Mantinan Wed, 24 Feb 2021 12:34:03 +0100 bridge-utils (1.6-6) unstable; urgency=medium * Fix IPv6 address getting assigned on hotplug devices. Closes: #980752. * Fix waiting so that DAD works again. Closes: #982943. * Move mac setting before brctl addif to ensure mac setting. Closes: #980856. * Update documentation and add examples. Closes: #765098. * Update manpages. Closes: #981253. * Add a note on MTU settings. Closes: #292088. * Hook also on down to recreate the bridge so that multiple stanzas work Ok on ifdown. Closes: #319832. -- Santiago Garcia Mantinan Tue, 16 Feb 2021 13:29:04 +0100 bridge-utils (1.6-5) unstable; urgency=low * Overload bridge_hw to allow do specify an interface as well as the MAC address. Closes: #966244. * Change man page for bridge-utils-interfaces and news fileto document this overloading. -- Santiago Garcia Mantinan Fri, 22 Jan 2021 11:08:47 +0100 bridge-utils (1.6-4) unstable; urgency=low * Add en* to the device regex so that all catches them. Closes: #966319. * Document MAC address changes on news. Closes: #980505. -- Santiago Garcia Mantinan Thu, 21 Jan 2021 10:51:31 +0100 bridge-utils (1.6-3) unstable; urgency=medium * Support VLAN aware setups where we need vlan filtering. Thanks Benedikt Spranger for the patch. Closes: #950879. * Clarify on manual page that stp will get IPv6 lost. Closes: #736336. * Add a 1 second sleep if hw address needs to be changed. Closes: #945466. -- Santiago Garcia Mantinan Thu, 30 Apr 2020 10:06:38 +0200 bridge-utils (1.6-2) unstable; urgency=medium * Bump Standards-Version. * Preserve gcc flags set when building the lib. -- Santiago Garcia Mantinan Mon, 28 Jan 2019 00:25:14 +0100 bridge-utils (1.6-1) unstable; urgency=low * New upstream version. * Change default back to not hotplug. Closes: #892277. * Allow mtu to be set on the bridge by propagating it to the bridged interfaces. Closes: #661711. * Remove kernel headers from the package. -- Santiago Garcia Mantinan Tue, 15 Jan 2019 13:18:33 +0100 bridge-utils (1.5-16) unstable; urgency=medium * Don't set dev globally at bridge-utils.sh. Closes: #873086. -- Santiago Garcia Mantinan Sun, 08 Apr 2018 23:06:30 +0200 bridge-utils (1.5-15) unstable; urgency=medium ### Old Ubuntu Delta ### bridge-utils (1.7.1-1ubuntu1) lunar; urgency=medium * Merge from Debian unstable, remaining changes: - Don't call ifup from bridge-network-interface, instead just call brctl and let udev/upstart bring the interface up. - debian/ifupdown.sh: Handle bridge params which use port and value - debian/bridge-utils-interface.5: + Update unsettable gcint value for newer kernels * Dropped changes, no longer applicable: - debian/bridge-utils-interface.5: + Update max, default value for path cost -- Graham Inggs Thu, 23 Feb 2023 15:07:42 + ** Affects: bridge-utils (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in: bridge-utils (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscrib
[Touch-packages] [Bug 2018074] [NEW] Merge heimdal from Debian unstable for mantic
Public bug reported: Upstream: tbd Debian: 7.8.git20221117.28daf24+dfsg-2 Ubuntu: 7.8.git20221117.28daf24+dfsg-1ubuntu1 Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### heimdal (7.8.git20221117.28daf24+dfsg-2) unstable; urgency=medium * Fix incorrect license of Debian files. * Fix deprecated dependancies. * gsskrb5: fix accidental logic inversions (CVE-2022-45142) (Closes: #1030849) - change applied from NMU version 7.8.git20221117.28daf24+dfsg-1.1 * Add ro.po file. Closes: #1031897. -- Brian May Sat, 25 Feb 2023 09:32:57 +1100 heimdal (7.8.git20221117.28daf24+dfsg-1) unstable; urgency=medium * New upstream release. -- Brian May Sat, 10 Dec 2022 16:29:20 +1100 heimdal (7.8.git20221115.a6cf945+dfsg-3) unstable; urgency=medium * Source-only upload to enable migration to testingi (2nd attempt). -- Brian May Sun, 04 Dec 2022 09:56:06 +1100 heimdal (7.8.git20221115.a6cf945+dfsg-2) unstable; urgency=medium * Source-only upload to enable migration to testing. -- Brian May Sun, 04 Dec 2022 09:09:44 +1100 heimdal (7.8.git20221115.a6cf945+dfsg-1) unstable; urgency=medium * New upstream version. * Numerous security fixes (Closes: #1024187). * asn1: Invalid free in ASN.1 codec (CVE-2022-44640) * krb5: PAC parse integer overflows (CVE-2022-42898) * gsskrb5: Use constant-time memcmp() for arcfour unwrap (CVE-2022-3437) * gsskrb5: Use constant-time memcmp() in unwrap_des3() (CVE-2022-3437) * gsskrb5: Don't pass NULL pointers to memcpy() in DES unwrap (CVE-2022-3437) * gsskrb5: Avoid undefined behaviour in _gssapi_verify_pad() (CVE-2022-3437) * gsskrb5: Check the result of _gsskrb5_get_mech() (CVE-2022-3437) * gsskrb5: Check buffer length against overflow for DES{,3} unwrap (CVE-2022-3437) * gsskrb5: Check for overflow in _gsskrb5_get_mech() (CVE-2022-3437) * gsskrb5: Pass correct length to _gssapi_verify_pad() (CVE-2022-3437) * libhx509: Fix denial of service vulnerability (CVE-2022-41916) * spnego: send_reject when no mech selected (CVE-2021-44758) * Fix regression in _krb5_get_int64 on 32 bit systems. https://github.com/heimdal/heimdal/pull/1025 * Increment soname for libroken. * Increment soname for libhcrypto. * Remove legacy shared library version requirements. * Add symbols to libkadm5srv8. -- Brian May Sun, 27 Nov 2022 10:44:26 +1100 heimdal (7.7.0+dfsg-6) unstable; urgency=medium * Retry deleting dangling windc.so again. Closes: #857215. * Create /var/lib/heimdal-kdc/m-key not /var/lib/heimdal-kdc/heimdal.mkey. Closes: #964008. * Disable use of -rpath in krb5-config.heimdal. Closes: #868840. -- Brian May Mon, 05 Sep 2022 08:35:33 +1000 heimdal (7.7.0+dfsg-5) unstable; urgency=medium * Fix missing closefrom symbol. Closes: #1016884, #1017244. * Fix spelling of dependency in changelog. * Fix override_dh_fixperms typo, use 700 for /var/lib/heimdal-kdc/ * Remove default --parallel from dh call. * Remove unused debian/upstream/signing-key.asc key. * Fix Multi-Arch headers. heimdal-multidev is not co-installable, so heimdal-dev cannot be co-installable either. -- Brian May Fri, 02 Sep 2022 07:59:59 +1000 heimdal (7.7.0+dfsg-4) unstable; urgency=medium * Delete dependency on install-info. Closes: #1013735. * Non-maintainer upload. * Reduce Build-Depends: (Closes: #980531) + Drop unused libhesiod-dev. + Drop unused libperl4-corelibs-perl as cf/make-proto.pl no longer uses it. + Drop unused libx11-dev, libxau-dev, libxt-dev, ss-dev, and x11proto-core-dev. + Clean generated C tables to actually rebuild them using python3. -- Brian May Mon, 27 Jun 2022 10:36:10 +1000 heimdal (7.7.0+dfsg-3) unstable; urgency=high * Fix CVE-2021-3671: A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ. Closes: #996586. * Fix autoconf 2.7 issues. -- Brian May Wed, 17 Nov 2021 12:12:45 +1100 ### Old Ubuntu Delta ### heimdal (7.8.git20221117.28daf24+dfsg-1ubuntu1) lunar; urgency=low * Merge from Debian unstable. Remaining changes: - d/rules: Disable lto, to regain dep on roken, otherwise dependencies on amd64 are different than i386 resulting in different files on amd64 and i386. (LP #1934936) -- Steve Langasek Tue, 24 Jan 2023 19:14:54 -0800 ** Affects: heimdal (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-version ** Changed in: heimdal (Ubuntu) Milestone: None => ubuntu-23.07 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to heimdal in Ub
[Touch-packages] [Bug 2015562] Re: Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream)
Thanks for reporting the bug with steps to reproduce, and identifying a possible patch from upstream. On a cursory glance, the upstream commit is longer than we usually want for SRU purposes, so I'm not sure it's going to qualify for SRU as is. The patch includes some refactoring changes but I'm not sure if untangling those would necessarily shorten the patch much. But should be straightforward to at least add the patched package to a PPA for you to check, and we can decide from there. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2015562 Title: Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream) Status in dnsmasq package in Ubuntu: New Bug description: Hi folks, I've been using dnsmasq for my home DNS needs, which includes returning null entries for certain domain queries. The specific case in which I found this segfault was returning null records for Netflix (to ensure Netflix does not try to use my IPv6 tunnel to egress traffic through). I've been using very simple configuration snippet to achieve this, this is attached as netflix-nov6.conf (the full file contains more entries). Ever since I've upgraded from Ubuntu 20.04 to 22.04, dnsmasq kept segfaulting at random occasions. I also attempted do an apt update&&upgrade, but there are no newer versions of this package available. Further research into this issue showed that a surefire way to trigger this segfault was to go to a website blocked via this method (for testing purposes, a dig query works quite well). The segfault can be reproduced reliably, and always occurs after one or a few queries towards the "blocked" domain entries. I found a commit in the upstream dnsmasq git repo which seems to fix this issue, the fix made it into 2.87: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=de372d6914ae20a1f9997815f258efbf3b14c39b Would it be possible to backport this into the version used in the current LTS Ubuntu release? Thanks! -- $ lsb_release -d Description: Ubuntu 22.04.2 LTS $ apt-cache policy dnsmasq dnsmasq: Installed: 2.86-1.1ubuntu0.2 Candidate: 2.86-1.1ubuntu0.2 Version table: *** 2.86-1.1ubuntu0.2 500 500 http://de.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages 100 /var/lib/dpkg/status 2.86-1.1ubuntu0.1 500 500 http://de.archive.ubuntu.com/ubuntu jammy-security/universe amd64 Packages 2.86-1.1 500 500 http://de.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages -- Excerpt from the dnsmasq logs, with debugging enabled, after I loaded fast.com: Apr 07 13:47:41 budgie systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Apr 07 13:47:42 budgie dnsmasq[109976]: query[type=65] fast.dradis.netflix.com from 192.168.10.82 Apr 07 13:47:42 budgie dnsmasq[109976]: config error is REFUSED (EDE: network error) Apr 07 13:47:43 budgie dnsmasq[109976]: query[type=65] ichnaea-web.netflix.com from 192.168.10.82 Apr 07 13:47:43 budgie systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Apr 07 13:47:43 budgie systemd[1]: dnsmasq.service: Failed with result 'core-dump'. Core dump is also attached. Reproduction steps: - 1. Install dnsmasq on Ubuntu 22.04 (or any Ubuntu release using dnsmasq 2.86) - 1.5. Configure one or multiple DNS servers for dnsmasq - 2. Copy netflix-nov6.conf into /etc/dnsmasq.d/ - 3. Restart/reload dnsmasq - 3.5 Verify that dnsmasq resolves domains correctly: root@budgie:~# dig +short -tA ubuntu.com @127.0.0.1 185.125.190.21 185.125.190.20 185.125.190.29 root@budgie:~# dig +short -t ubuntu.com @127.0.0.1 2620:2d:4000:1::28 2620:2d:4000:1::26 2620:2d:4000:1::27 - 4. Perform a type65 / HTTPS recordtype query for netflix.com towards the dnsmasq server once or twice: root@budgie:~# dig +short -tTYPE65 netflix.com @127.0.0.1 root@budgie:~# dig +short -tTYPE65 netflix.com @127.0.0.1 ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached - 5. Check logs to verify segfault: Apr 07 14:03:28 budgie systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Apr 07 14:03:32 budgie dnsmasq[111585]: query[type=65] netflix.com from 127.0.0.1 Apr 07 14:03:32 budgie dnsmasq[111585]: config error is REFUSED (EDE: network error) Apr 07 14:03:33 budgie dnsmasq[111585]: query[type=65] netflix.com from 127.0.0.1 Apr 07 14:03:33 budgie systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Apr 07 14:03:33 budgie systemd[1]: dnsmasq.service: Failed with result 'core-dump'. -- n
[Touch-packages] [Bug 2015562] Re: Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream)
** Tags added: server-todo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2015562 Title: Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream) Status in dnsmasq package in Ubuntu: New Bug description: Hi folks, I've been using dnsmasq for my home DNS needs, which includes returning null entries for certain domain queries. The specific case in which I found this segfault was returning null records for Netflix (to ensure Netflix does not try to use my IPv6 tunnel to egress traffic through). I've been using very simple configuration snippet to achieve this, this is attached as netflix-nov6.conf (the full file contains more entries). Ever since I've upgraded from Ubuntu 20.04 to 22.04, dnsmasq kept segfaulting at random occasions. I also attempted do an apt update&&upgrade, but there are no newer versions of this package available. Further research into this issue showed that a surefire way to trigger this segfault was to go to a website blocked via this method (for testing purposes, a dig query works quite well). The segfault can be reproduced reliably, and always occurs after one or a few queries towards the "blocked" domain entries. I found a commit in the upstream dnsmasq git repo which seems to fix this issue, the fix made it into 2.87: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=de372d6914ae20a1f9997815f258efbf3b14c39b Would it be possible to backport this into the version used in the current LTS Ubuntu release? Thanks! -- $ lsb_release -d Description: Ubuntu 22.04.2 LTS $ apt-cache policy dnsmasq dnsmasq: Installed: 2.86-1.1ubuntu0.2 Candidate: 2.86-1.1ubuntu0.2 Version table: *** 2.86-1.1ubuntu0.2 500 500 http://de.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages 100 /var/lib/dpkg/status 2.86-1.1ubuntu0.1 500 500 http://de.archive.ubuntu.com/ubuntu jammy-security/universe amd64 Packages 2.86-1.1 500 500 http://de.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages -- Excerpt from the dnsmasq logs, with debugging enabled, after I loaded fast.com: Apr 07 13:47:41 budgie systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Apr 07 13:47:42 budgie dnsmasq[109976]: query[type=65] fast.dradis.netflix.com from 192.168.10.82 Apr 07 13:47:42 budgie dnsmasq[109976]: config error is REFUSED (EDE: network error) Apr 07 13:47:43 budgie dnsmasq[109976]: query[type=65] ichnaea-web.netflix.com from 192.168.10.82 Apr 07 13:47:43 budgie systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Apr 07 13:47:43 budgie systemd[1]: dnsmasq.service: Failed with result 'core-dump'. Core dump is also attached. Reproduction steps: - 1. Install dnsmasq on Ubuntu 22.04 (or any Ubuntu release using dnsmasq 2.86) - 1.5. Configure one or multiple DNS servers for dnsmasq - 2. Copy netflix-nov6.conf into /etc/dnsmasq.d/ - 3. Restart/reload dnsmasq - 3.5 Verify that dnsmasq resolves domains correctly: root@budgie:~# dig +short -tA ubuntu.com @127.0.0.1 185.125.190.21 185.125.190.20 185.125.190.29 root@budgie:~# dig +short -t ubuntu.com @127.0.0.1 2620:2d:4000:1::28 2620:2d:4000:1::26 2620:2d:4000:1::27 - 4. Perform a type65 / HTTPS recordtype query for netflix.com towards the dnsmasq server once or twice: root@budgie:~# dig +short -tTYPE65 netflix.com @127.0.0.1 root@budgie:~# dig +short -tTYPE65 netflix.com @127.0.0.1 ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached - 5. Check logs to verify segfault: Apr 07 14:03:28 budgie systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Apr 07 14:03:32 budgie dnsmasq[111585]: query[type=65] netflix.com from 127.0.0.1 Apr 07 14:03:32 budgie dnsmasq[111585]: config error is REFUSED (EDE: network error) Apr 07 14:03:33 budgie dnsmasq[111585]: query[type=65] netflix.com from 127.0.0.1 Apr 07 14:03:33 budgie systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Apr 07 14:03:33 budgie systemd[1]: dnsmasq.service: Failed with result 'core-dump'. -- netflix-nov6.conf: # Null response on these domains server=/netflix.com/# address=/netflix.com/:: server=/netflix.net/# address=/netflix.net/:: server=/nflxext.com/# address=/nflxext.com/:: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2015562/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launc
[Touch-packages] [Bug 2015562] Re: Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream)
** Patch added: "Proposed commit from upstream suggested as possible fix" https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2015562/+attachment/5664796/+files/fix_segfault_combining_hash_server_with_address.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2015562 Title: Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream) Status in dnsmasq package in Ubuntu: New Bug description: Hi folks, I've been using dnsmasq for my home DNS needs, which includes returning null entries for certain domain queries. The specific case in which I found this segfault was returning null records for Netflix (to ensure Netflix does not try to use my IPv6 tunnel to egress traffic through). I've been using very simple configuration snippet to achieve this, this is attached as netflix-nov6.conf (the full file contains more entries). Ever since I've upgraded from Ubuntu 20.04 to 22.04, dnsmasq kept segfaulting at random occasions. I also attempted do an apt update&&upgrade, but there are no newer versions of this package available. Further research into this issue showed that a surefire way to trigger this segfault was to go to a website blocked via this method (for testing purposes, a dig query works quite well). The segfault can be reproduced reliably, and always occurs after one or a few queries towards the "blocked" domain entries. I found a commit in the upstream dnsmasq git repo which seems to fix this issue, the fix made it into 2.87: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=de372d6914ae20a1f9997815f258efbf3b14c39b Would it be possible to backport this into the version used in the current LTS Ubuntu release? Thanks! -- $ lsb_release -d Description: Ubuntu 22.04.2 LTS $ apt-cache policy dnsmasq dnsmasq: Installed: 2.86-1.1ubuntu0.2 Candidate: 2.86-1.1ubuntu0.2 Version table: *** 2.86-1.1ubuntu0.2 500 500 http://de.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages 100 /var/lib/dpkg/status 2.86-1.1ubuntu0.1 500 500 http://de.archive.ubuntu.com/ubuntu jammy-security/universe amd64 Packages 2.86-1.1 500 500 http://de.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages -- Excerpt from the dnsmasq logs, with debugging enabled, after I loaded fast.com: Apr 07 13:47:41 budgie systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Apr 07 13:47:42 budgie dnsmasq[109976]: query[type=65] fast.dradis.netflix.com from 192.168.10.82 Apr 07 13:47:42 budgie dnsmasq[109976]: config error is REFUSED (EDE: network error) Apr 07 13:47:43 budgie dnsmasq[109976]: query[type=65] ichnaea-web.netflix.com from 192.168.10.82 Apr 07 13:47:43 budgie systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Apr 07 13:47:43 budgie systemd[1]: dnsmasq.service: Failed with result 'core-dump'. Core dump is also attached. Reproduction steps: - 1. Install dnsmasq on Ubuntu 22.04 (or any Ubuntu release using dnsmasq 2.86) - 1.5. Configure one or multiple DNS servers for dnsmasq - 2. Copy netflix-nov6.conf into /etc/dnsmasq.d/ - 3. Restart/reload dnsmasq - 3.5 Verify that dnsmasq resolves domains correctly: root@budgie:~# dig +short -tA ubuntu.com @127.0.0.1 185.125.190.21 185.125.190.20 185.125.190.29 root@budgie:~# dig +short -t ubuntu.com @127.0.0.1 2620:2d:4000:1::28 2620:2d:4000:1::26 2620:2d:4000:1::27 - 4. Perform a type65 / HTTPS recordtype query for netflix.com towards the dnsmasq server once or twice: root@budgie:~# dig +short -tTYPE65 netflix.com @127.0.0.1 root@budgie:~# dig +short -tTYPE65 netflix.com @127.0.0.1 ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached - 5. Check logs to verify segfault: Apr 07 14:03:28 budgie systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Apr 07 14:03:32 budgie dnsmasq[111585]: query[type=65] netflix.com from 127.0.0.1 Apr 07 14:03:32 budgie dnsmasq[111585]: config error is REFUSED (EDE: network error) Apr 07 14:03:33 budgie dnsmasq[111585]: query[type=65] netflix.com from 127.0.0.1 Apr 07 14:03:33 budgie systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Apr 07 14:03:33 budgie systemd[1]: dnsmasq.service: Failed with result 'core-dump'. -- netflix-nov6.conf: # Null response on these domains server=/netflix.com/# address=/netflix.com/:: server=/netflix.net/# address=/netflix.net/:: server=/nflxext.com/# address=/nflxext.com/:: To manage notifications about this bug go to: https://bugs.laun
[Touch-packages] [Bug 1971932] Re: error in rsync protocol data stream
** Also affects: rsync (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: rsync (Ubuntu Lunar) Importance: Low Status: Confirmed ** Also affects: rsync (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: rsync (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: rsync (Ubuntu Kinetic) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/1971932 Title: error in rsync protocol data stream Status in rsync package in Ubuntu: Confirmed Status in rsync source package in Bionic: New Status in rsync source package in Focal: New Status in rsync source package in Jammy: New Status in rsync source package in Kinetic: New Status in rsync source package in Lunar: Confirmed Bug description: When synchronizing to other systems, rsync exits with "error in rsync protocol data stream (code 12)". The problem occurs since ubuntu 22.04 LTS with two different destination systems not running ubuntu but plain debian. The error did not occur under 20.04 LTS. Synchronisation runs fine for most other files, but always stops at the same (relative large) file. The file itself has also been changed on a test basis to make sure the file is not the problem itself. Log snippet: ... chunk[46131] len=46120 offset=2127561720 sum1=2f48caf4 chunk[46132] len=46120 offset=2127607840 sum1=5dfcb4ee chunk[46133] len=46120 offset=2127653960 sum1=d1037d81 chunk[46134] len=8870 offset=2127700080 sum1=6deedc97 send_files mapped /path/backup/subdir/.thunderbird/profile/ImapMail/imap.domain.com/INBOX of size 2135722584 calling match_sums /path/backup/subdir/.thunderbird/profile/ImapMail/imap.domain.com/INBOX built hash table hash search b=46120 len=2135722584 sum=1e1722dc k=46120 hash search s->blength=46120 len=2135722584 count=46135 potential match at 0 i=0 sum=1e1722dc match at 0 last_match=0 j=0 len=46120 n=0 potential match at 46120 i=1 sum=c482d6b6 match at 46120 last_match=46120 j=1 len=46120 n=0 potential match at 92240 i=2 sum=b21c7e11 match at 92240 last_match=92240 j=2 len=46120 n=0 potential match at 138360 i=3 sum=d066473a match at 138360 last_match=138360 j=3 len=46120 n=0 potential match at 184480 i=4 sum=a32a2984 match at 184480 last_match=184480 j=4 len=46120 n=0 potential match at 230600 i=5 sum=39cc049f match at 230600 last_match=230600 j=5 len=46120 n=0 potential match at 276720 i=6 sum=ad3de98a match at 276720 last_match=276720 j=6 len=46120 n=0 potential match at 322840 i=7 sum=83e16fa9 match at 322840 last_match=322840 j=7 len=46120 n=0 deflate on token returned 0 (8512 bytes left) rsync error: error in rsync protocol data stream (code 12) at token.c(476) [sender=3.2.3] [sender] _exit_cleanup(code=12, file=token.c, line=476): entered [sender] _exit_cleanup(code=12, file=token.c, line=476): about to call exit(12) Sender system: (rsync 3.2.3-8ubuntu3) - rsync version 3.2.3 protocol version 31 Copyright (C) 1996-2020 by Andrew Tridgell, Wayne Davison, and others. Web site: https://rsync.samba.org/ Capabilities: 64-bit files, 64-bit inums, 64-bit timestamps, 64-bit long ints, socketpairs, hardlinks, hardlink-specials, symlinks, IPv6, atimes, batchfiles, inplace, append, ACLs, xattrs, optional protect-args, iconv, symtimes, prealloc, stop-at, no crtimes Optimizations: SIMD, no asm, openssl-crypto Checksum list: xxh128 xxh3 xxh64 (xxhash) md5 md4 none Compress list: zstd lz4 zlibx zlib none rsync comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the GNU General Public Licence for details. Recipient systems: (rsync 3.1.3-6) -- rsync version 3.1.3 protocol version 31 Copyright (C) 1996-2018 by Andrew Tridgell, Wayne Davison, and others. Web site: http://rsync.samba.org/ Capabilities: 64-bit files, 64-bit inums, 64-bit timestamps, 64-bit long ints, socketpairs, hardlinks, symlinks, IPv6, batchfiles, inplace, append, ACLs, xattrs, iconv, symtimes, prealloc rsync comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the GNU General Public Licence for details. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1971932/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007837] Re: Regression in stderr handling in 3.2.3 breaks BackupPc on 22.04; fix available in 3.2.4
** Summary changed: - 22.04: Backport request from 3.2.4 for fix of 3.2.3 regression + Regression in stderr handling in 3.2.3 breaks BackupPc on 22.04; fix available in 3.2.4 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/2007837 Title: Regression in stderr handling in 3.2.3 breaks BackupPc on 22.04; fix available in 3.2.4 Status in rsync package in Ubuntu: Fix Released Status in rsync source package in Jammy: Triaged Status in rsync package in Debian: Unknown Bug description: rsync 3.2.3 (packaged in Ubuntu 22.04) changes stderr handling, leading another bug in libfile-rsyncp-perl (in Ubuntu 18.04 and 20.04) to surface [1]. It practically makes using BackupPC 3 impossible with clients using rsync 3.2.3, as is packaged for 22.04. The fact that BackupPC on 20.04 can't be used to back up machines with 22.04 is rather surprising and has bitten other users [2]. It's unclear whether the bug will be fixed in 18.04's and 20.04's libfile-rsyncp-perl package (for status, see [3]). Because of this, the rsync maintainer has included a patch in 3.2.4 that fixes this regression [4] (even though not strictly an rsync bug). As a result, rsync 3.2.3 is the only affected version, which happens to be the one packaged in 22.04. This report is to request backporting that fix [4] to Ubuntu 22.04, so that things don't silently break in scenarios where the backup server is left at 20.04, and some backup clients happen to upgrade to 22.04. I'm not sure what the criteria for security releases are, but as the issue causes backup denial of service and has easy mitigation, I think it would make sense to put it through the security channel. [1]: https://github.com/WayneD/rsync/issues/95#issuecomment-699185358 [2]: https://www.mail-archive.com/backuppc-users@lists.sourceforge.net/msg32673.html [3]: https://bugs.launchpad.net/ubuntu/+source/libfile-rsyncp-perl/+bug/2007833 [4]: https://github.com/WayneD/rsync/commit/4adfdaaf12db26c348b4d6150119b377f9b622c8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2007837/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007837] Re: 22.04: Backport request from 3.2.4 for fix of 3.2.3 regression
Thanks for the links Peter. Looking at the upstream patch, it looks straightforward enough, but can you also provide more detailed steps to reproduce this issue? I gather this would involve setting up a 20.04 host and 22.04 clients, running Backuppc on the latter to pull data from the former. If you can provide a reproducer that'd help accelerate progress towards getting a fix prepared for backporting. Thanks ahead of time. ** Changed in: rsync (Ubuntu Jammy) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/2007837 Title: 22.04: Backport request from 3.2.4 for fix of 3.2.3 regression Status in rsync package in Ubuntu: New Status in rsync source package in Jammy: Incomplete Status in rsync package in Debian: Unknown Bug description: rsync 3.2.3 (packaged in Ubuntu 22.04) changes stderr handling, leading another bug in libfile-rsyncp-perl (in Ubuntu 18.04 and 20.04) to surface [1]. It practically makes using BackupPC 3 impossible with clients using rsync 3.2.3, as is packaged for 22.04. The fact that BackupPC on 20.04 can't be used to back up machines with 22.04 is rather surprising and has bitten other users [2]. It's unclear whether the bug will be fixed in 18.04's and 20.04's libfile-rsyncp-perl package (for status, see [3]). Because of this, the rsync maintainer has included a patch in 3.2.4 that fixes this regression [4] (even though not strictly an rsync bug). As a result, rsync 3.2.3 is the only affected version, which happens to be the one packaged in 22.04. This report is to request backporting that fix [4] to Ubuntu 22.04, so that things don't silently break in scenarios where the backup server is left at 20.04, and some backup clients happen to upgrade to 22.04. I'm not sure what the criteria for security releases are, but as the issue causes backup denial of service and has easy mitigation, I think it would make sense to put it through the security channel. [1]: https://github.com/WayneD/rsync/issues/95#issuecomment-699185358 [2]: https://www.mail-archive.com/backuppc-users@lists.sourceforge.net/msg32673.html [3]: https://bugs.launchpad.net/ubuntu/+source/libfile-rsyncp-perl/+bug/2007833 [4]: https://github.com/WayneD/rsync/commit/4adfdaaf12db26c348b4d6150119b377f9b622c8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2007837/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007837] Re: 22.04: Backport request from 3.2.4 for fix of 3.2.3 regression
** Also affects: rsync (Ubuntu Jammy) Importance: Undecided Status: New ** Bug watch added: Debian Bug tracker #969463 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969463 ** Also affects: rsync (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969463 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/2007837 Title: 22.04: Backport request from 3.2.4 for fix of 3.2.3 regression Status in rsync package in Ubuntu: New Status in rsync source package in Jammy: New Status in rsync package in Debian: Unknown Bug description: rsync 3.2.3 (packaged in Ubuntu 22.04) changes stderr handling, leading another bug in libfile-rsyncp-perl (in Ubuntu 18.04 and 20.04) to surface [1]. It practically makes using BackupPC 3 impossible with clients using rsync 3.2.3, as is packaged for 22.04. The fact that BackupPC on 20.04 can't be used to back up machines with 22.04 is rather surprising and has bitten other users [2]. It's unclear whether the bug will be fixed in 18.04's and 20.04's libfile-rsyncp-perl package (for status, see [3]). Because of this, the rsync maintainer has included a patch in 3.2.4 that fixes this regression [4] (even though not strictly an rsync bug). As a result, rsync 3.2.3 is the only affected version, which happens to be the one packaged in 22.04. This report is to request backporting that fix [4] to Ubuntu 22.04, so that things don't silently break in scenarios where the backup server is left at 20.04, and some backup clients happen to upgrade to 22.04. I'm not sure what the criteria for security releases are, but as the issue causes backup denial of service and has easy mitigation, I think it would make sense to put it through the security channel. [1]: https://github.com/WayneD/rsync/issues/95#issuecomment-699185358 [2]: https://www.mail-archive.com/backuppc-users@lists.sourceforge.net/msg32673.html [3]: https://bugs.launchpad.net/ubuntu/+source/libfile-rsyncp-perl/+bug/2007833 [4]: https://github.com/WayneD/rsync/commit/4adfdaaf12db26c348b4d6150119b377f9b622c8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2007837/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1960736] Re: Libnss3 doesn't log SEC_ERROR_UNKNOWN_PKCS11_ERROR properly ( NSS error code: -8018 )
Hi Bartłomiej, NSS is in the regular mozilla bugzilla at https://bugzilla.mozilla.org/home. You can file or search for bugs related to NSS by specifying "NSS" as the Product, e.g.: https://bugzilla.mozilla.org/buglist.cgi?resolution=---&query_format=advanced&product=NSS&order=Importance&classification=Client%20Software&classification=Developer%20Infrastructure&classification=Components&classification=Server%20Software&classification=Other -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1960736 Title: Libnss3 doesn't log SEC_ERROR_UNKNOWN_PKCS11_ERROR properly ( NSS error code: -8018 ) Status in nss package in Ubuntu: New Bug description: I've got the issue with Google Chrome not recognizing any of SSL/TSL certificates as trusted. When I look into certificate checksums it's renders all bytes of it as NULL bytes. I'm aware Google Chrome is proprietary but it depends on ubuntu provided libnss3-package. And libnss provides very nigmatic error code -8018: `/opt/google/chrome$ google-chrome [23391:23426:0213/133531.202486:ERROR:nss_util.cc(286)] After loading Root Certs, loaded==false: NSS error code: -8018 [23434:23434:0213/133531.266711:ERROR:sandbox_linux.cc(377)] InitializeSandbox() called with multiple threads in process gpu-process. [23391:23427:0213/133531.313065:ERROR:cert_verify_proc_builtin.cc(681)] CertVerifyProcBuiltin for accounts.google.com failed: - Certificate i=3 (CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE) - ERROR: No matching issuer found ' When trying to enter this particular error code into search engine nothing is found. So my suggestion with this bug is to make it more transparent by providing information to what happened - it seems other bug codes has better error messages. To get SEC_ERROR_UNKNOWN_PKCS11_ERROR string I was force to download source code and manually calculate offsets. Another issue is if failing to initialize PKCS11 token should make whole SSL/TLS crypto invalid ? I'm not sure if this is libnss or Google Chrome issue but it behaves differently in Chromium browser with same libnss so I assume either of two is doing better - it's worth to review this from security perspective. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: libnss3 2:3.35-2ubuntu2.13 Uname: Linux 5.10.0-051000rc6-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.27 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Sun Feb 13 13:33:51 2022 Dependencies: gcc-8-base 8.4.0-1ubuntu1~18.04 libc6 2.27-3ubuntu1.5 [origin: LP-PPA-ubuntu-security-proposed] libgcc1 1:8.4.0-1ubuntu1~18.04 libnspr4 2:4.18-1ubuntu1 libsqlite3-0 3.22.0-1ubuntu0.4 InstallationDate: Installed on 2015-05-08 (2473 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=pl_PL.UTF-8 SHELL=/bin/bash SourcePackage: nss UpgradeStatus: Upgraded to bionic on 2018-08-26 (1266 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1960736/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1971323] Re: Merge six from Debian unstable for kinetic
** Changed in: six (Ubuntu) Milestone: later => ubuntu-22.11 ** Changed in: six (Ubuntu) Milestone: ubuntu-22.11 => kinetic-updates -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to six in Ubuntu. https://bugs.launchpad.net/bugs/1971323 Title: Merge six from Debian unstable for kinetic Status in six package in Ubuntu: Fix Released Bug description: Upstream: tbd Debian: 1.16.0-3 Ubuntu: 1.16.0-3ubuntu1 Debian typically updates six every 2 months on average, but it was last updated 21.12 and looks overdue. Check back in on this monthly. ### New Debian Changes ### six (1.16.0-3) unstable; urgency=medium [ Debian Janitor ] * Bump debhelper from old 12 to 13. * Update standards version to 4.5.1, no changes needed. [ Colin Watson ] * Link directly to upstream in Homepage and debian/copyright. -- Colin Watson Sun, 26 Dec 2021 02:24:26 + six (1.16.0-2) unstable; urgency=medium * Team upload. [ Andreas Beckmann ] * python-six/python3-six: Copy Breaks: python (<< 2.7.18), python-minimal (<< 2.7.18), libpython-stdlib (<< 2.7.18), python-iso8601 (<< 0.1.12-2~), python-pbr (<< 5.4.5) from python2.7 to ensure removal of the unversioned python packages (and some persisting obsolete Python 2 module packages) on upgrades from buster. In some upgrade scenarios (mostly involving openstack packages) these Breaks in python2.7 were ineffective because the unversioned python packages got higher scores than python2.7. python-six/python3-six are usually very high scoring Python module packages in these cases, making them ideal candidates for such copies of the Breaks. (Closes: #991433) -- Stefano Rivera Tue, 27 Jul 2021 11:44:18 -0400 six (1.16.0-1) unstable; urgency=medium * New upstream release. -- Colin Watson Sun, 09 May 2021 11:40:54 +0100 six (1.15.0-2) unstable; urgency=medium [ Ondřej Nový ] * d/control: Update Maintainer field with new Debian Python Team contact address. * d/control: Update Vcs-* fields with new Debian Python Team Salsa layout. [ Colin Watson ] * Remove Barry Warsaw from Uploaders, with thanks for their previous contributions (closes: #970181). -- Colin Watson Tue, 10 Nov 2020 00:16:45 + six (1.15.0-1) unstable; urgency=medium [ Debian Janitor ] * Update standards version to 4.5.0, no changes needed. [ Colin Watson ] * New upstream release. -- Colin Watson Sun, 24 May 2020 10:23:22 +0100 six (1.14.0-3) unstable; urgency=medium * Dont run unittests for python2 binary, to reduce pytest rdeps -- Sandro Tosi Mon, 13 Apr 2020 20:16:04 -0400 six (1.14.0-2) unstable; urgency=medium * Build-depend on python2 rather than python. -- Colin Watson Tue, 21 Jan 2020 09:44:26 + six (1.14.0-1) unstable; urgency=medium [ Debian Janitor ] * Remove unnecessary team-upload line in changelog. * Set upstream metadata fields: Bug-Database, Repository. * Set upstream metadata fields: Bug-Submit, Repository-Browse. [ Colin Watson ] * New upstream release. -- Colin Watson Mon, 20 Jan 2020 21:39:42 + six (1.13.0-1) unstable; urgency=medium [ Emmanuel Arias ] * New upstream version 1.13.0 * d/control: Bump Standard-Version to 4.4.1 * d/control: Bump debhelper-compat to 12 (from 9) [ Colin Watson ] * Replace manually-written basic autopkgtests with 'Testsuite: autopkgtest-pkg-python'. * Remove build-dependencies on python-py and python3-py, no longer used upstream. * Fix HTML paths in doc-base control file. -- Colin Watson Tue, 12 Nov 2019 08:10:54 + six (1.12.0-2) unstable; urgency=medium ### Old Ubuntu Delta ### six (1.16.0-3ubuntu1) jammy; urgency=medium * Drop Breaks on python to allow python-is-python2 to remain when upgrading from Focal (LP: #1958720) -- Robie Basak Wed, 13 Apr 2022 21:08:40 +0100 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/six/+bug/1971323/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993387] Re: Merge bridge-utils from Debian unstable for lunar
A new Debian version for bridge-utils is available. There is also a new upstream release but it's not yet packaged by Debian. bridge-utils (1.7-2) unstable; urgency=medium * Add BRIDGE_DISABLE_LINKLOCAL_IPV6_ALSO_PHYS to /etc/default/bridge-utils to stop disabling IPv6 on physical interfaces of vlan ports if set to no. Closes: #989162. * Update interfaces man page, IPv6 works with STP on after DAD was fixed. Closes: #980507. * Treat vlan ports the same as ifupdown, avoid octal vlans. Closes: #995627. * Update NEWS file to fix us blaming the kernel for the MAC address selection that is really overridden by systemd. -- Santiago García Mantiñán Mon, 03 Oct 2022 23:11:46 +0200 There is an upstream 1.7.1 release, with just a couple cleanups: From https://kernel.googlesource.com/pub/scm/network/bridge/bridge-utils/+log/refs/tags/v1.7.1: 75d949b Chnage version to 1.7 by Stephen Hemminger · 1 year, 11 months ago v1.7.1 a1f2022 fix string overflow warnings by Stephen Hemminger · 1 year, 11 months ago 4691bf3 brctl: fix spelling on man page by Stephen Hemminger · 2 years ago ab8a2cc README: mark bridge-utils as deprecated by Stephen Hemminger · 2 years, 7 months ago v1.7 ** Changed in: bridge-utils (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bridge-utils in Ubuntu. https://bugs.launchpad.net/bugs/1993387 Title: Merge bridge-utils from Debian unstable for lunar Status in bridge-utils package in Ubuntu: New Bug description: Scheduled-For: ubuntu-22.12 Upstream: 1.7.1 Debian: 1.7-2 Ubuntu: 1.7-1ubuntu3 ### New Debian Changes ### bridge-utils (1.7-2) unstable; urgency=medium * Add BRIDGE_DISABLE_LINKLOCAL_IPV6_ALSO_PHYS to /etc/default/bridge-utils to stop disabling IPv6 on physical interfaces of vlan ports if set to no. Closes: #989162. * Update interfaces man page, IPv6 works with STP on after DAD was fixed. Closes: #980507. * Treat vlan ports the same as ifupdown, avoid octal vlans. Closes: #995627. * Update NEWS file to fix us blaming the kernel for the MAC address selection that is really overridden by systemd. -- Santiago García Mantiñán Mon, 03 Oct 2022 23:11:46 +0200 ### Old Ubuntu Delta ### bridge-utils (1.7-1ubuntu3) jammy; urgency=medium * No-change rebuild for ppc64el baseline bump. -- Łukasz 'sil2100' Zemczak Wed, 23 Mar 2022 10:44:35 +0100 bridge-utils (1.7-1ubuntu2) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:09:41 +0200 bridge-utils (1.7-1ubuntu1) impish; urgency=low * Merge from Debian unstable. Remaining changes: - Don't call ifup from bridge-network-interface, instead just call brctl and let udev/upstart bring the interface up. - debian/ifupdown.sh: Handle bridge params which use port and value - debian/bridge-utils-interface.5: + Update max, default value for path cost + Update unsettable gcint value for newer kernels -- Steve Langasek Wed, 17 Mar 2021 12:32:22 -0700 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bridge-utils/+bug/1993387/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993387] Re: Merge bridge-utils from Debian unstable for lunar
** Description changed: Scheduled-For: ubuntu-22.12 - Upstream: tbd - Debian: 1.7-1 + Upstream: 1.7.1 + Debian: 1.7-2 Ubuntu: 1.7-1ubuntu3 - - ### New Debian Changes ### - bridge-utils (1.7-1) unstable; urgency=medium + bridge-utils (1.7-2) unstable; urgency=medium - * New upstream version. - Only messages related changes and compilation fixes. - * Remove preserve_gcc_flags patch (in upstream now). - * Bump standards, no change needed. - * Clarify portprio and fix example. - * Update upstream url. - * Fix NEWS versioning of last entry :-? + * Add BRIDGE_DISABLE_LINKLOCAL_IPV6_ALSO_PHYS to /etc/default/bridge-utils + to stop disabling IPv6 on physical interfaces of vlan ports if set to no. + Closes: #989162. + * Update interfaces man page, IPv6 works with STP on after DAD was fixed. + Closes: #980507. + * Treat vlan ports the same as ifupdown, avoid octal vlans. Closes: #995627. + * Update NEWS file to fix us blaming the kernel for the MAC address + selection that is really overridden by systemd. - -- Santiago Garcia Mantinan Wed, 24 Feb 2021 - 12:34:03 +0100 - - bridge-utils (1.6-6) unstable; urgency=medium - - * Fix IPv6 address getting assigned on hotplug devices. - Closes: #980752. - * Fix waiting so that DAD works again. Closes: #982943. - * Move mac setting before brctl addif to ensure mac setting. - Closes: #980856. - * Update documentation and add examples. Closes: #765098. - * Update manpages. Closes: #981253. - * Add a note on MTU settings. Closes: #292088. - * Hook also on down to recreate the bridge so that multiple - stanzas work Ok on ifdown. Closes: #319832. - - -- Santiago Garcia Mantinan Tue, 16 Feb 2021 - 13:29:04 +0100 - - bridge-utils (1.6-5) unstable; urgency=low - - * Overload bridge_hw to allow do specify an interface as well as the - MAC address. Closes: #966244. - * Change man page for bridge-utils-interfaces and news fileto document - this overloading. - - -- Santiago Garcia Mantinan Fri, 22 Jan 2021 - 11:08:47 +0100 - - bridge-utils (1.6-4) unstable; urgency=low - - * Add en* to the device regex so that all catches them. Closes: #966319. - * Document MAC address changes on news. Closes: #980505. - - -- Santiago Garcia Mantinan Thu, 21 Jan 2021 - 10:51:31 +0100 - - bridge-utils (1.6-3) unstable; urgency=medium - - * Support VLAN aware setups where we need vlan filtering. - Thanks Benedikt Spranger for the patch. Closes: #950879. - * Clarify on manual page that stp will get IPv6 lost. Closes: #736336. - * Add a 1 second sleep if hw address needs to be changed. Closes: #945466. - - -- Santiago Garcia Mantinan Thu, 30 Apr 2020 - 10:06:38 +0200 - - bridge-utils (1.6-2) unstable; urgency=medium - - * Bump Standards-Version. - * Preserve gcc flags set when building the lib. - - -- Santiago Garcia Mantinan Mon, 28 Jan 2019 - 00:25:14 +0100 - - bridge-utils (1.6-1) unstable; urgency=low - - * New upstream version. - * Change default back to not hotplug. Closes: #892277. - * Allow mtu to be set on the bridge by propagating it to the bridged - interfaces. Closes: #661711. - * Remove kernel headers from the package. - - -- Santiago Garcia Mantinan Tue, 15 Jan 2019 - 13:18:33 +0100 - - bridge-utils (1.5-16) unstable; urgency=medium - - * Don't set dev globally at bridge-utils.sh. Closes: #873086. - - -- Santiago Garcia Mantinan Sun, 08 Apr 2018 - 23:06:30 +0200 - - bridge-utils (1.5-15) unstable; urgency=medium - - * Fix substrings on interfaces. Closes: #873087. - * Make it lintian clean sticking to 1.0 source format for now. - No time to properly comment all the patches right now. - - -- Santiago Garcia Mantinan Fri, 02 Mar 2018 - 22:08:20 +0100 - - bridge-utils (1.5-14) unstable; urgency=low - - * Fix a problem with some vlan interfaces not being created. - - -- Santiago Garcia Mantinan Mon, 26 Jun 2017 - 17:48:37 +0200 - - bridge-utils (1.5-13) unstable; urgency=low - - * Fix a hardcoded interface name on bridge-utils.sh. Closes: #854841. - - -- Santiago Garcia Mantinan Sat, 11 Feb 2017 - 00:16:45 +0100 - - bridge-utils (1.5-12) unstable; urgency=medium - - * Add vlan support so that old setups using vlans as ports don't - break. - - -- Santiago Garcia Mantinan Sun, 22 Jan 2017 - 00:23:50 +0100 + -- Santiago García Mantiñán Mon, 03 Oct 2022 + 23:11:46 +0200 ### Old Ubuntu Delta ### bridge-utils (1.7-1ubuntu3) jammy; urgency=medium - * No-change rebuild for ppc64el baseline bump. + * No-change rebuild for ppc64el baseline bump. - -- Łukasz 'sil2100' Zemczak Wed, 23 Mar + -- Łukasz 'sil2100' Zemczak Wed, 23 Mar 2022 10:44:35 +0100 bridge-utils (1.7-1ubuntu2) impish; urgency=medium - * No-change rebuild to build packages with zstd compression. + * No-change rebuild to build packages with zstd compression. - -- Matthias Klo
[Touch-packages] [Bug 2003833] [NEW] colord migration blocked by impossible depends on argyll
Public bug reported: colord recently re-enabled argyll support. Unfortunately since argyll is in universe and colord is in main, this is causing an 'impossible depends' migration error for colord. colord-sensor-argyll/amd64 in main cannot depend on argyll in universe Impossible Depends: colord -> argyll/2.3.1+repack-1ubuntu1/amd64 colord (1.4.6-2) unstable; urgency=medium * debian/control: - Build-Depend on polkitd. Fixes FTBFS (Closes: #1022355) - Bump Standards-Version to 4.6.1 (no changes needed) * debian/rules: * debian/control: * debian/not-installed: - Re-enable Argyll support. Argyll no longer appears in danger of being removed from the archive. * debian/copyright: - Fix misspelling of Richard Hughes' name - Drop no-longer-necessary Files: stanzas - Include full license details of data/profiles -- Christopher James Halse Rogers Tue, 01 Nov 2022 11:02:35 +0100 There is a MIR for argyll (LP: #821883) which could be a solution for this issue. ** Affects: colord (Ubuntu) Importance: Undecided Status: New ** Tags: update-excuses -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to colord in Ubuntu. https://bugs.launchpad.net/bugs/2003833 Title: colord migration blocked by impossible depends on argyll Status in colord package in Ubuntu: New Bug description: colord recently re-enabled argyll support. Unfortunately since argyll is in universe and colord is in main, this is causing an 'impossible depends' migration error for colord. colord-sensor-argyll/amd64 in main cannot depend on argyll in universe Impossible Depends: colord -> argyll/2.3.1+repack-1ubuntu1/amd64 colord (1.4.6-2) unstable; urgency=medium * debian/control: - Build-Depend on polkitd. Fixes FTBFS (Closes: #1022355) - Bump Standards-Version to 4.6.1 (no changes needed) * debian/rules: * debian/control: * debian/not-installed: - Re-enable Argyll support. Argyll no longer appears in danger of being removed from the archive. * debian/copyright: - Fix misspelling of Richard Hughes' name - Drop no-longer-necessary Files: stanzas - Include full license details of data/profiles -- Christopher James Halse Rogers Tue, 01 Nov 2022 11:02:35 +0100 There is a MIR for argyll (LP: #821883) which could be a solution for this issue. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/colord/+bug/2003833/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 821883] Re: [MIR] argyll
colord recently re-enabled argyll support. Unfortunately since argyll is in universe and colord is in main, this is causing an 'impossible depends' migration error for colord. colord-sensor-argyll/amd64 in main cannot depend on argyll in universe Impossible Depends: colord -> argyll/2.3.1+repack-1ubuntu1/amd64 colord (1.4.6-2) unstable; urgency=medium * debian/control: - Build-Depend on polkitd. Fixes FTBFS (Closes: #1022355) - Bump Standards-Version to 4.6.1 (no changes needed) * debian/rules: * debian/control: * debian/not-installed: - Re-enable Argyll support. Argyll no longer appears in danger of being removed from the archive. * debian/copyright: - Fix misspelling of Richard Hughes' name - Drop no-longer-necessary Files: stanzas - Include full license details of data/profiles -- Christopher James Halse Rogers Tue, 01 Nov 2022 11:02:35 +0100 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to colord in Ubuntu. https://bugs.launchpad.net/bugs/821883 Title: [MIR] argyll Status in argyll package in Ubuntu: Incomplete Status in colord package in Ubuntu: New Bug description: Note this MIR is for both argyll and libicc2 (both packages are currently in Universe). With the most recent argyll package the binary packages of argyll and libicc2 are now all produced by the argyll source package. We followed Debian to unsplit here as the upstream source for both is argyll. The libicc2 source package in Universe can get dropped. Availability: Currently available in Universe, building on all currently supported architectures, see https://launchpad.net/ubuntu/+source/argyll Rationale: In Oneiric we want to introduce ICC-based color management on the operating system level, using the same architecture as Fedora does. argyll (support for color calibration) and libicc2 (ICC handling library) are part of this architecture. Therefore we need them in Main. This MIR is a work item of the following Blueprint: https://blueprints.launchpad.net/ubuntu/+spec/desktop-o-icc-color- management According to the Blueprint additional demand on CD space for the whole introduction of color management is around 300K only. Security: No security vulnerabilities known at CVE and Secunia for the current version (1.3.3), vulnerabilities of older versions are all fixed, no SUID components, no daemons. Quality assurance: Installs without debconf questions. The package is maintained upstream as new releases occur regularly and they get packaged for Debian by Roland Mas (see debian/changelog). UI standards: The package are a library and command line utilities. The complete upstream documentation is available in /usr/share/doc/argyll/. Each command shows a help page by calling it without parameters. Dependencies: Depends only on standard libraries for X and images. They are all in Main. Maintenance: See "Quality assurance". To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/argyll/+bug/821883/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 821883] Re: [MIR] argyll
** Also affects: colord (Ubuntu) Importance: Undecided Status: New ** Tags added: update-excuse -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to colord in Ubuntu. https://bugs.launchpad.net/bugs/821883 Title: [MIR] argyll Status in argyll package in Ubuntu: Incomplete Status in colord package in Ubuntu: New Bug description: Note this MIR is for both argyll and libicc2 (both packages are currently in Universe). With the most recent argyll package the binary packages of argyll and libicc2 are now all produced by the argyll source package. We followed Debian to unsplit here as the upstream source for both is argyll. The libicc2 source package in Universe can get dropped. Availability: Currently available in Universe, building on all currently supported architectures, see https://launchpad.net/ubuntu/+source/argyll Rationale: In Oneiric we want to introduce ICC-based color management on the operating system level, using the same architecture as Fedora does. argyll (support for color calibration) and libicc2 (ICC handling library) are part of this architecture. Therefore we need them in Main. This MIR is a work item of the following Blueprint: https://blueprints.launchpad.net/ubuntu/+spec/desktop-o-icc-color- management According to the Blueprint additional demand on CD space for the whole introduction of color management is around 300K only. Security: No security vulnerabilities known at CVE and Secunia for the current version (1.3.3), vulnerabilities of older versions are all fixed, no SUID components, no daemons. Quality assurance: Installs without debconf questions. The package is maintained upstream as new releases occur regularly and they get packaged for Debian by Roland Mas (see debian/changelog). UI standards: The package are a library and command line utilities. The complete upstream documentation is available in /usr/share/doc/argyll/. Each command shows a help page by calling it without parameters. Dependencies: Depends only on standard libraries for X and images. They are all in Main. Maintenance: See "Quality assurance". To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/argyll/+bug/821883/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1398805] Re: redshift fails to start geoclue provider after resuming network connection / hangs for 25s
This link suggests redshift may now require installing geoclue-2: https://askubuntu.com/questions/752406/is-it-possible-to-workaround-the-redshift-geoclue-bug?rq=1 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to geoclue in Ubuntu. https://bugs.launchpad.net/bugs/1398805 Title: redshift fails to start geoclue provider after resuming network connection / hangs for 25s Status in geoclue package in Ubuntu: Confirmed Status in redshift package in Ubuntu: Confirmed Bug description: `redshift -l geoclue -p` hangs after resuming network operation. This happens after resuming from hibernation, but can be reproduced by disabling and re-enabling the network via network-manager. strace shows: sendmsg(3, {msg_name(0)=NULL, msg_iov(2)=[{"l\1\1\1\214\0\0\0\2\0\0\0\177\0\0\0\1\1o\0\25\0\0\0/org/freedesktop/DBus\0\0\0\6\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\2\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\3\1s\0\10\0\0\0AddMatch\0\0\0\0\0\0\0\0\10\1g\0\1s\0\0", 144}, {"\207\0\0\0type='signal',sender='org.freedesktop.Geoclue.Master',path='/org/freedesktop/Geoclue/Master',interface='org.freedesktop.Geoclue.Master'\0", 140}], msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL) = 284 sendmsg(3, {msg_name(0)=NULL, msg_iov(2)=[{"l\1\1\1\256\0\0\0\3\0\0\0\177\0\0\0\1\1o\0\25\0\0\0/org/freedesktop/DBus\0\0\0\6\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\2\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\3\1s\0\10\0\0\0AddMatch\0\0\0\0\0\0\0\0\10\1g\0\1s\0\0", 144}, {"\251\0\0\0type='signal',sender='org.freedesktop.DBus',path='/org/freedesktop/DBus',interface='org.freedesktop.DBus',member='NameOwnerChanged',arg0='org.freedesktop.Geoclue.Master'\0", 174}], msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL) = 318 sendmsg(3, {msg_name(0)=NULL, msg_iov(2)=[{"l\1\0\1#\0\0\0\4\0\0\0\177\0\0\0\1\1o\0\25\0\0\0/org/freedesktop/DBus\0\0\0\6\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\2\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\3\1s\0\f\0\0\0GetNameOwner\0\0\0\0\10\1g\0\1s\0\0", 144}, {"\36\0\0\0org.freedesktop.Geoclue.Master\0", 35}], msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL) = 179 sendmsg(3, {msg_name(0)=NULL, msg_iov(2)=[{"l\1\0\1\0\0\0\0\5\0\0\0\207\0\0\0\1\1o\0\37\0\0\0/org/freedesktop/Geoclue/Master\0\6\1s\0\36\0\0\0org.freedesktop.Geoclue.Master\0\0\2\1s\0\36\0\0\0org.freedesktop.Geoclue.Master\0\0\3\1s\0\6\0\0\0Create\0\0", 152}, {"", 0}], msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL) = 152 poll([{fd=3, events=POLLIN}], 1, 25000) = 1 ([{fd=3, revents=POLLIN}]) recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"l\2\1\1\n\0\0\0\3\0\0\0=\0\0\0\6\1s\0\6\0\0\0:1.411\0\0\5\1u\0\4\0\0\0\10\1g\0\1s\0\0\7\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\5\0\0\0:1.43\0", 2048}], msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_CMSG_CLOEXEC) = 90 write(4, "\1\0\0\0\0\0\0\0", 8) = 8 recvmsg(3, 0x7fffcd24f170, MSG_CMSG_CLOEXEC) = -1 EAGAIN (Resource temporarily unavailable) poll([{fd=3, events=POLLIN}], 1, 25000 # Here it hangs ) = 0 (Timeout) open("/usr/lib/x86_64-linux-gnu/charset.alias", O_RDONLY) = -1 ENOENT (No such file or directory) fstat(2, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 56), ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3d2998c000 write(2, "Unable to obtain master client: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.\n", 243Unable to obtain master client: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. ) = 243 open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 5 fstat(5, {st_mode=S_IFREG|0644, st_size=2570, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3d2998b000 read(5, "# Locale name alias data base.\n# Copyright (C) 1996-2001,2003,2007 Free Software Foundation, Inc.\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2, or (at your option)\n# any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.\n\n# The format of this fil
[Touch-packages] [Bug 2000817] Re: Wrong SHA256-value computed on kinetic
** Tags added: server-next -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2000817 Title: Wrong SHA256-value computed on kinetic Status in openldap package in Ubuntu: Triaged Bug description: The OpenLDAP-contrib module sha2 (located in contrib/slapd- modules/passwd/sha2/) computes a wrong SHA256/SSHA256-hash on Ubuntu kinetic. This breaks our current password-authentication in ldap. The problematic computation: $ slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2 {SHA256}WIrrpN3OjEVOUf6yrH1j+o+ODuUuNBo979Od4UXnu54= The (correct) reference-value on the same system (or older ubuntu Versions): $ echo -n "secret" | openssl dgst -sha256 -binary | openssl enc -base64 K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= We nailed the problem down to a bug in the gcc-optimizer for strict-aliasing. so most probably the gcc-version on kinetic (v12.2.0) is the reason. The workaround is to compile the sha2-Module with the flag "-fno-strict-aliasing". Then the correct value is computed. An example taken from a git-compiled version of OpenLDAP 2.5.13: $ ./servers/slapd/slappasswd -T passwd -s secret -h '{SHA256}' -o module-load=pw-sha2 -o module-path=contrib/slapd-modules/passwd/sha2/.libs {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= Ubuntu: Description:Ubuntu 22.10 Release:22.10 OpenLDAP-Package: 2.5.13+dfsg-1ubuntu1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2000817/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2000817] Re: Wrong SHA256-value computed on kinetic
lunar, kinetic, and jammy all return the first result, while focal provides the second: triage-lunar+23.04: ~$ slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2 {SHA256}WIrrpN3OjEVOUf6yrH1j+o+ODuUuNBo979Od4UXnu54= triage-lunar+23.04: ~$ slapd -VV @(#) $OpenLDAP: slapd 2.6.3+dfsg-1~exp1ubuntu1 (Nov 18 2022 21:07:45) $ triage-kinetic+22.10: ~$ slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2 {SHA256}WIrrpN3OjEVOUf6yrH1j+o+ODuUuNBo979Od4UXnu54= triage-kinetic+22.10: ~$ slapd -VV @(#) $OpenLDAP: slapd 2.5.13+dfsg-1ubuntu1 (Sep 20 2022 19:30:47) $ triage-jammy+22.04: ~$ slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2 {SHA256}WIrrpN3OjEVOUf6yrH1j+o+ODuUuNBo979Od4UXnu54= triage-jammy+22.04: ~$ slapd -VV @(#) $OpenLDAP: slapd 2.5.13+dfsg-0ubuntu0.22.04.1 (Aug 5 2022 14:51:52) $ triage-focal+20.04: ~$ slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2 {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= triage-focal+20.04: ~$ slapd -VV @(#) $OpenLDAP: slapd (Ubuntu) (May 12 2022 13:11:05) $ triage-focal+20.04: ~$ apt-cache policy slapd slapd: Installed: 2.4.49+dfsg-2ubuntu1.9 On all releases, the openssl dgst call produces the same result, K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= Here's two other references mentioning the same problem, and same suggested workaround: * https://www.mail-archive.com/search?l=openldap-techni...@openldap.org&q=subject:%22%22&o=newest&f=1 * https://stackoverflow.com/questions/74928752/slappasswd-generating-a-strange-password-hash-sha256-only I don't know whether there might be side effects from adding "-fno- strict-aliasing". However, the patch's compilation modifications looks like it'll affect the performance of only just the sha2 module, so for SRU policy this seems a narrow enough fix. Since this is described in the first link as a contrib module, that may explain why this issue hasn't come to light earlier. ** Changed in: openldap (Ubuntu) Status: Confirmed => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2000817 Title: Wrong SHA256-value computed on kinetic Status in openldap package in Ubuntu: Triaged Bug description: The OpenLDAP-contrib module sha2 (located in contrib/slapd- modules/passwd/sha2/) computes a wrong SHA256/SSHA256-hash on Ubuntu kinetic. This breaks our current password-authentication in ldap. The problematic computation: $ slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2 {SHA256}WIrrpN3OjEVOUf6yrH1j+o+ODuUuNBo979Od4UXnu54= The (correct) reference-value on the same system (or older ubuntu Versions): $ echo -n "secret" | openssl dgst -sha256 -binary | openssl enc -base64 K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= We nailed the problem down to a bug in the gcc-optimizer for strict-aliasing. so most probably the gcc-version on kinetic (v12.2.0) is the reason. The workaround is to compile the sha2-Module with the flag "-fno-strict-aliasing". Then the correct value is computed. An example taken from a git-compiled version of OpenLDAP 2.5.13: $ ./servers/slapd/slappasswd -T passwd -s secret -h '{SHA256}' -o module-load=pw-sha2 -o module-path=contrib/slapd-modules/passwd/sha2/.libs {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= Ubuntu: Description:Ubuntu 22.10 Release:22.10 OpenLDAP-Package: 2.5.13+dfsg-1ubuntu1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2000817/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993411] Re: Merge libseccomp from Debian unstable for l-series
** Changed in: libseccomp (Ubuntu) Status: Expired => New ** Changed in: libseccomp (Ubuntu) Status: New => Incomplete ** Summary changed: - Merge libseccomp from Debian unstable for l-series + Merge libseccomp from Debian unstable for lunar -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1993411 Title: Merge libseccomp from Debian unstable for lunar Status in libseccomp package in Ubuntu: Incomplete Bug description: Scheduled-For: ubuntu-later Upstream: tbd Debian: 2.5.4-1 Ubuntu: 2.5.4-1ubuntu1 ### Old Ubuntu Delta ### libseccomp (2.5.4-1ubuntu1) kinetic; urgency=medium * Merge from Debian unstable; remaining changes: - Add autopkgtests -- Alex Murray Tue, 03 May 2022 11:43:10 +0930 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1993411/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993387] Re: Merge bridge-utils from Debian unstable for l-series
** Changed in: bridge-utils (Ubuntu) Status: Expired => New ** Changed in: bridge-utils (Ubuntu) Status: New => Incomplete ** Summary changed: - Merge bridge-utils from Debian unstable for l-series + Merge bridge-utils from Debian unstable for lunar -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bridge-utils in Ubuntu. https://bugs.launchpad.net/bugs/1993387 Title: Merge bridge-utils from Debian unstable for lunar Status in bridge-utils package in Ubuntu: Incomplete Bug description: Scheduled-For: ubuntu-22.12 Upstream: tbd Debian: 1.7-1 Ubuntu: 1.7-1ubuntu3 ### New Debian Changes ### bridge-utils (1.7-1) unstable; urgency=medium * New upstream version. Only messages related changes and compilation fixes. * Remove preserve_gcc_flags patch (in upstream now). * Bump standards, no change needed. * Clarify portprio and fix example. * Update upstream url. * Fix NEWS versioning of last entry :-? -- Santiago Garcia Mantinan Wed, 24 Feb 2021 12:34:03 +0100 bridge-utils (1.6-6) unstable; urgency=medium * Fix IPv6 address getting assigned on hotplug devices. Closes: #980752. * Fix waiting so that DAD works again. Closes: #982943. * Move mac setting before brctl addif to ensure mac setting. Closes: #980856. * Update documentation and add examples. Closes: #765098. * Update manpages. Closes: #981253. * Add a note on MTU settings. Closes: #292088. * Hook also on down to recreate the bridge so that multiple stanzas work Ok on ifdown. Closes: #319832. -- Santiago Garcia Mantinan Tue, 16 Feb 2021 13:29:04 +0100 bridge-utils (1.6-5) unstable; urgency=low * Overload bridge_hw to allow do specify an interface as well as the MAC address. Closes: #966244. * Change man page for bridge-utils-interfaces and news fileto document this overloading. -- Santiago Garcia Mantinan Fri, 22 Jan 2021 11:08:47 +0100 bridge-utils (1.6-4) unstable; urgency=low * Add en* to the device regex so that all catches them. Closes: #966319. * Document MAC address changes on news. Closes: #980505. -- Santiago Garcia Mantinan Thu, 21 Jan 2021 10:51:31 +0100 bridge-utils (1.6-3) unstable; urgency=medium * Support VLAN aware setups where we need vlan filtering. Thanks Benedikt Spranger for the patch. Closes: #950879. * Clarify on manual page that stp will get IPv6 lost. Closes: #736336. * Add a 1 second sleep if hw address needs to be changed. Closes: #945466. -- Santiago Garcia Mantinan Thu, 30 Apr 2020 10:06:38 +0200 bridge-utils (1.6-2) unstable; urgency=medium * Bump Standards-Version. * Preserve gcc flags set when building the lib. -- Santiago Garcia Mantinan Mon, 28 Jan 2019 00:25:14 +0100 bridge-utils (1.6-1) unstable; urgency=low * New upstream version. * Change default back to not hotplug. Closes: #892277. * Allow mtu to be set on the bridge by propagating it to the bridged interfaces. Closes: #661711. * Remove kernel headers from the package. -- Santiago Garcia Mantinan Tue, 15 Jan 2019 13:18:33 +0100 bridge-utils (1.5-16) unstable; urgency=medium * Don't set dev globally at bridge-utils.sh. Closes: #873086. -- Santiago Garcia Mantinan Sun, 08 Apr 2018 23:06:30 +0200 bridge-utils (1.5-15) unstable; urgency=medium * Fix substrings on interfaces. Closes: #873087. * Make it lintian clean sticking to 1.0 source format for now. No time to properly comment all the patches right now. -- Santiago Garcia Mantinan Fri, 02 Mar 2018 22:08:20 +0100 bridge-utils (1.5-14) unstable; urgency=low * Fix a problem with some vlan interfaces not being created. -- Santiago Garcia Mantinan Mon, 26 Jun 2017 17:48:37 +0200 bridge-utils (1.5-13) unstable; urgency=low * Fix a hardcoded interface name on bridge-utils.sh. Closes: #854841. -- Santiago Garcia Mantinan Sat, 11 Feb 2017 00:16:45 +0100 bridge-utils (1.5-12) unstable; urgency=medium * Add vlan support so that old setups using vlans as ports don't break. -- Santiago Garcia Mantinan Sun, 22 Jan 2017 00:23:50 +0100 ### Old Ubuntu Delta ### bridge-utils (1.7-1ubuntu3) jammy; urgency=medium * No-change rebuild for ppc64el baseline bump. -- Łukasz 'sil2100' Zemczak Wed, 23 Mar 2022 10:44:35 +0100 bridge-utils (1.7-1ubuntu2) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:09:41 +0200 bridge-utils (1.7-1ubuntu1) impish; urgency=low * Merge from Debian unstable. Remaining changes: - Don't call ifup from bridge-network-interface, instead just call brctl and let udev/upstart bring the interface up. - debian/ifupdown.sh: Handle bridge params which use
[Touch-packages] [Bug 1986521] Re: ssh client spins if output fd closed
I've verified the test case as written. I reproduced the issue, enabled the -proposed package and did apt-get full-upgrade to pull in the new openssh from -proposed. The CPU usage dropped from 100% to <1% as soon as the operation concluded. ** Tags removed: verification-needed verification-needed-jammy ** Tags added: verification-done verification-done-jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1986521 Title: ssh client spins if output fd closed Status in portable OpenSSH: Unknown Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Jammy: Fix Committed Bug description: [Impact] In certain edge cases where the terminal goes away while an ssh process is running, ssh can be left consuming 100% CPU. This increases processing costs for cloud users and wastes energy. While this is an uncommon error, googling indicates many people have run into it in several different ways. It seems important to get this fixed in stable releases. This is a regression in jammy presumably due to change from select() to poll() (see OpennSSH 8.9 Release Announcement [1] ), fixed by upstream commit d6556de1db0822c76ba2745cf5c097d9472adf7c "upstream: fix poll() spin when a channel's output fd closes..." [2]. 1: https://lwn.net/Articles/885886/ 2. https://github.com/openssh/openssh-portable/commit/d6556de1db0822c76ba2745cf5c097d9472adf7c [Test Case] $ lxc launch ubuntu-daily:jammy ssh-cpu $ lxc shell ssh-cpu # passwd -d root # ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa # cat << EOF >>/etc/ssh/ssh_config StrictHostKeyChecking accept-new EOF # sed -ri 's/^PasswordAuthentication/#PasswordAuthentication/' /etc/ssh/sshd_config # cat << EOF >>/etc/ssh/sshd_config PermitRootLogin yes PubkeyAuthentication yes PermitEmptyPasswords yes PasswordAuthentication yes ChallengeResponseAuthentication no UsePAM no EOF # systemctl restart sshd # ssh localhost 2> >({exec 1>&2}) You can shell into the container from a second terminal and use "htop" to verify that ssh is using 100% of one of the CPU cores: $ lxc shell ssh-cpu # htop This should show one CPU pegged at 100% due to the 'ssh localhost' process Next, return to the first terminal, exit out of the sub-ssh session and install the fix: # logout # add-apt-repository -yus ppa:bryce/openssh-sru-lp1986521 # apt-get full-upgrade -y Now repeat the test in the first terminal window, while viewing htop in the second terminal: # ssh localhost 2> >({exec 1>&2}) [Where Problems Could Occur] While the patch in question is well tested upstream, it has a relatively high line count and as such is difficult to assure correctness by visual code checking. However, it's not clear that the line count could be significantly reduced without risking loss of correctness. Thus this relies more on testing to assure robustness, than on code review. The code involves polling behavior, so issues to watch for would more likely involve process handling, i.e. problems with socket polling. Beyond that, the usual generic issues to watch for - build issues, dependency issues during build or on upgrade, and service restarting. [Original Report] The OpenSSH package 8.9p1 as shipped with U22.04 (8.9p1-3) suffers from the bug described at https://bugzilla.mindrot.org/show_bug.cgi?id=3411 and https://bugzilla.mindrot.org/show_bug.cgi?id=3405 A command such as "xterm -e 'ssh -f remote.host sleep 60'" will pop up an xterm, ask for whatever authentication is needed, close the xterm, and leave the ssh client spinning consuming CPU time for 60 seconds before it exits. It should leave the ssh client idle for 60 seconds. Many uses of ssh to launch graphical applications will be caught by this bug. This is fixed in OpenSSH 9.0p1 as the first bugfix listed in its release notes at https://www.openssh.com/txt/release-9.0 To manage notifications about this bug go to: https://bugs.launchpad.net/openssh/+bug/1986521/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993396] Re: Sync dnsmasq from Debian unstable for lunar
$ rmad dnsmasq dnsmasq | 2.86-1.1ubuntu2 | kinetic dnsmasq | 2.88-1 | lunar dnsmasq| 2.85-1 | stable dnsmasq| 2.88-1 | testing dnsmasq| 2.88-1 | unstable ** Changed in: dnsmasq (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1993396 Title: Sync dnsmasq from Debian unstable for lunar Status in dnsmasq package in Ubuntu: Fix Released Bug description: Scheduled-For: ubuntu-23.01 Upstream: tbd Debian: 2.87-1.1 Ubuntu: 2.86-1.1ubuntu2 ### New Debian Changes ### dnsmasq (2.87-1.1) unstable; urgency=medium * Non-maintainer upload. * No source change upload to rebuild with debhelper 13.10. -- Michael Biebl Sat, 15 Oct 2022 12:01:25 +0200 dnsmasq (2.87-1) unstable; urgency=low * New upstream. (closes: #1001209, #1003156) * Include new NFTset support in the build. * Fix crash on netboot with DNS server disabled. (closes: #996332) * Fix rare lockup in DNSSEC. (closes: #1001576) * Close old bug. (closes: #902963) -- Simon Kelley Wed, 25 Sep 2022 23:11:25 + dnsmasq (2.86-1.1) unstable; urgency=medium * Non-maintainer upload. * Fix --address=/#/.. which was lost in 2.86. (closes: #995655) -- Michael Biebl Wed, 10 Nov 2021 22:05:45 +0100 dnsmasq (2.86-1) unstable; urgency=low * Fix debian/changelog format error. (closes: #986626) -- Simon Kelley Thu, 08 Apr 2021 22:39:00 +0100 dnsmasq (2.85-1) unstable; urgency=low * New upstream. * Includes fix to CVE-2021-3448. * Fix manpage typos. (closes: #986150) -- Simon Kelley Sat, 03 Apr 2021 22:17:23 +0100 dnsmasq (2.84-1.2) unstable; urgency=medium * Non-maintainer upload. * Bump old-version in dpkg-maintscript-helper dir_to_symlink calls to also clean up after upgrades to an earlier version in testing. -- Andreas Beckmann Thu, 01 Apr 2021 16:01:51 +0200 dnsmasq (2.84-1.1) unstable; urgency=medium * Non-maintainer upload. * Fix symlink to directory conversion for /usr/share/doc/dnsmasq. This is achieved by directly calling dpkg-maintscript-helper in the preinst, postinst, and postrm scripts, since the package does not use debhelper. (Closes: #985282) -- Sébastien Villemot Sun, 28 Mar 2021 10:55:07 +0200 dnsmasq (2.84-1) unstable; urgency=low * New upstream. -- Simon Kelley Sun, 24 Jan 2021 22:02:01 + dnsmasq (2.83-1) unstable; urgency=high * New upstream. * Includes fixes to CVE-2020-25681 - CVE-2020-25687 inclusive. -- Simon Kelley Fri, 15 Jan 2021 22:22:41 + dnsmasq (2.82-1) unstable; urgency=low * New upstream. -- Simon Kelley Fri, 26 Jun 2020 22:22:41 + dnsmasq (2.81-4) unstable; urgency=low * Remove runit support when building for Ubuntu. (closes: #960401) -- Simon Kelley Fri, 26 Jun 2020 21:52:44 + dnsmasq (2.81-3) unstable; urgency=low * Fixes to control file for bug 958100 -- Simon Kelley Sun, 19 Apr 2020 21:44:12 + dnsmasq (2.81-2) unstable; urgency=low * Fix FTBFS on kFreeBSD. (closes: #958100) -- Simon Kelley Sat, 18 Apr 2020 18:34:15 + dnsmasq (2.81-1) unstable; urgency=low * New upstream. * Fix nodocs/nodoc confusion in rules. (closes: #922758) * Add Vcs-* fields to control. (closes: #922422) * Add systemd support for multiple daemon instances. (closes: #914305) * Add note explaining that ENABLED is SYSV-init only. (closes: #914755) ### Old Ubuntu Delta ### dnsmasq (2.86-1.1ubuntu2) kinetic; urgency=medium * src/forward.c: Do not refuse retries from client DNS queries. Behaviour to stop infinite loops when all servers return REFUSED was wrongly activated on client retries, resulting in incorrect REFUSED replies to client retries. The code added here is a cherry pick released in upstream version 2.87, originating at https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2561f9fe0eb9c0be (LP: #1981794) -- Lena Voytek Fri, 30 Sep 2022 08:42:39 -0700 dnsmasq (2.86-1.1ubuntu1) kinetic; urgency=medium * SECURITY UPDATE: Heap use after free - 03345ecefeb0d82e3c3a4c28f27c3554f0611b39: Fix write-after-free error in DHCPv6 code in src/rfc3315.c. - CVE-2022-0934 -- Leonidas Da Silva Barbosa Wed, 13 Jul 2022 12:10:53 -0300 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1993396/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHe
[Touch-packages] [Bug 1993420] Re: Merge net-tools from Debian unstable for lunar
** Summary changed: - Merge net-tools from Debian unstable for l-series + Merge net-tools from Debian unstable for lunar -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to net-tools in Ubuntu. https://bugs.launchpad.net/bugs/1993420 Title: Merge net-tools from Debian unstable for lunar Status in net-tools package in Ubuntu: New Bug description: Scheduled-For: ubuntu-23.01 Upstream: tbd Debian: 2.10-0.1 Ubuntu: 1.60+git20181103.0eebece-1ubuntu5 ### New Debian Changes ### net-tools (1.60+git20181103.0eebece-1) unstable; urgency=medium * New upstream version 1.60+git20181103.0eebece - Fix nstrcmp() to prevent ifconfig from showing duplicate interfaces. (Closes: #812886) * Fix d/watch to point to upstream git repository * Add patch to fix decoding of MII vendor ids. (Closes: #549397) - Thanks, Ben Hutchings, for the patch. * Add patch to fix Japanese translation which uses a wrong Kanji character. (Closes: #621752) - Thanks, Takeshi Hamasaki, for the patch. * Add patch to fix wrong indentation of 'collisions' in the Japanese translation. (Closes: #653117) - Thanks, NODA, Kai, for the patch. * Fix Uploaders' field. - Add myself as an uploader. - Fix Tina's details. -- Utkarsh Gupta Fri, 02 Oct 2020 15:01:04 +0530 net-tools (1.60+git20180626.aebd88e-1) unstable; urgency=medium * New upstream snapshot * Refresh patches. * Fix typos in German manpages. Thanks to Prof. Dr. Steffen Wendzel and Dr. Tobias Quathamer for the patch. Closes: #900962. -- Martín Ferrari Mon, 24 Sep 2018 19:08:57 + net-tools (1.60+git20161116.90da8a0-4) unstable; urgency=medium * Update maintainer email address. Closes: #899617. * Update Standards-Version with no changes. -- Martín Ferrari Mon, 24 Sep 2018 17:16:31 + net-tools (1.60+git20161116.90da8a0-3) unstable; urgency=medium * debian/control: Update Vcs-* and Standards-Version. * debian/control: remove references to ancient package ja-trans. * debian/gbp.conf: Update repo layout. -- Martín Ferrari Tue, 31 Jul 2018 19:09:00 + net-tools (1.60+git20161116.90da8a0-2) unstable; urgency=medium * Fix typo in French manpage. Thanks to Michel Grigaut for the patch. * Add manpage for iptunnel, thanks to Sergio Durigan Junior. Closes: #88910 * Rename patches so CME does not choke on them. * Automated cme fixes; packaging improvements. * Remove unused and ancient patch. -- Martín Ferrari Sun, 11 Feb 2018 17:29:24 + net-tools (1.60+git20161116.90da8a0-1) unstable; urgency=medium * New upstream snapshot. * Re-synced translations.patch. * Acknowledge NMUs. Thanks a lot to Andrey Rahmatullin for the fixes and uploads. Closes: 846509. * Fix FTCBFS, thanks to Helmut Grohne for the patch. Closes: #811561. + Really assign CC for cross compilation. + Use triplet prefixed pkg-config. * Add debian/NEWS warning about changing output in net-tools commands. Closing bugs that reported problems in 3rd-party scripts arising from these changes. Closes: #845153, #843892, #820212. * Update Standards-Version, with no changes. -- Martín Ferrari Mon, 26 Dec 2016 05:58:42 + net-tools (1.60+git20150829.73cef8a-2.2) unstable; urgency=medium * Non-maintainer upload. * Apply an additional fix for the previous FTBFS for some architectures. -- Andrey Rahmatullin Thu, 01 Dec 2016 22:49:27 +0500 net-tools (1.60+git20150829.73cef8a-2.1) unstable; urgency=medium * Non-maintainer upload. * Fix FTBFS by applying the upstream patch (Closes: #844073). -- Andrey Rahmatullin Sun, 20 Nov 2016 15:23:12 +0500 net-tools (1.60+git20150829.73cef8a-2) unstable; urgency=medium [ Laurent Bigonville ] * Enable SELinux support. Closes: #666204. [ Martín Ferrari ] * Mark the package 'Multi-Arch: foreign', thanks to Frédéric Brière . Closes: #752584. * Fix bug in Portuguese man page, thanks to julianofisc...@gmail.com. Closes: #805377. -- Martín Ferrari Thu, 19 Nov 2015 14:48:47 + net-tools (1.60+git20150829.73cef8a-1) unstable; urgency=medium ### Old Ubuntu Delta ### net-tools (1.60+git20181103.0eebece-1ubuntu5) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 17:20:48 +0100 net-tools (1.60+git20181103.0eebece-1ubuntu4) jammy; urgency=low * Add new DEP8 tests for hostname and ifconfig (LP: #1679346): - d/t/control: add hostname-set-get and ifconfig-lo-info - d/t/hostname-set-get: new test - d/t/ifconfig-lo-info: new test -- Lena Voytek Fri, 22 Oct 2021 07:49:06 -0700 net-tools (1.60+git20181103.0eebece-1ubuntu3) impish; urgency=medium * No-change rebuild to buil
[Touch-packages] [Bug 1993420] Re: Merge net-tools from Debian unstable for l-series
$ rmad net-tools net-tools | 1.60+git20181103.0eebece-1ubuntu5 | kinetic net-tools | 1.60+git20181103.0eebece-1ubuntu5 | lunar net-tools | 1.60+git20181103.0eebece-1 | stable net-tools | 2.10-0.1 | testing net-tools | 2.10-0.1 | unstable net-tools | 2.10-0.1 | unstable-debug A new major upstream release is available in Debian now. ** Description changed: Scheduled-For: ubuntu-22.11 Upstream: tbd - Debian: 1.60+git20181103.0eebece-1 + Debian: 2.10-0.1 Ubuntu: 1.60+git20181103.0eebece-1ubuntu5 - - ### New Debian Changes ### net-tools (1.60+git20181103.0eebece-1) unstable; urgency=medium - * New upstream version 1.60+git20181103.0eebece - - Fix nstrcmp() to prevent ifconfig from showing - duplicate interfaces. (Closes: #812886) - * Fix d/watch to point to upstream git repository - * Add patch to fix decoding of MII vendor ids. (Closes: #549397) - - Thanks, Ben Hutchings, for the patch. - * Add patch to fix Japanese translation which uses a wrong - Kanji character. (Closes: #621752) - - Thanks, Takeshi Hamasaki, for the patch. - * Add patch to fix wrong indentation of 'collisions' in the - Japanese translation. (Closes: #653117) - - Thanks, NODA, Kai, for the patch. - * Fix Uploaders' field. - - Add myself as an uploader. - - Fix Tina's details. + * New upstream version 1.60+git20181103.0eebece + - Fix nstrcmp() to prevent ifconfig from showing + duplicate interfaces. (Closes: #812886) + * Fix d/watch to point to upstream git repository + * Add patch to fix decoding of MII vendor ids. (Closes: #549397) + - Thanks, Ben Hutchings, for the patch. + * Add patch to fix Japanese translation which uses a wrong + Kanji character. (Closes: #621752) + - Thanks, Takeshi Hamasaki, for the patch. + * Add patch to fix wrong indentation of 'collisions' in the + Japanese translation. (Closes: #653117) + - Thanks, NODA, Kai, for the patch. + * Fix Uploaders' field. + - Add myself as an uploader. + - Fix Tina's details. - -- Utkarsh Gupta Fri, 02 Oct 2020 15:01:04 +0530 + -- Utkarsh Gupta Fri, 02 Oct 2020 15:01:04 +0530 net-tools (1.60+git20180626.aebd88e-1) unstable; urgency=medium - * New upstream snapshot - * Refresh patches. - * Fix typos in German manpages. Thanks to Prof. Dr. Steffen Wendzel and - Dr. Tobias Quathamer for the patch. Closes: #900962. + * New upstream snapshot + * Refresh patches. + * Fix typos in German manpages. Thanks to Prof. Dr. Steffen Wendzel and + Dr. Tobias Quathamer for the patch. Closes: #900962. - -- Martín Ferrari Mon, 24 Sep 2018 19:08:57 + + -- Martín Ferrari Mon, 24 Sep 2018 19:08:57 + net-tools (1.60+git20161116.90da8a0-4) unstable; urgency=medium - * Update maintainer email address. Closes: #899617. - * Update Standards-Version with no changes. + * Update maintainer email address. Closes: #899617. + * Update Standards-Version with no changes. - -- Martín Ferrari Mon, 24 Sep 2018 17:16:31 + + -- Martín Ferrari Mon, 24 Sep 2018 17:16:31 + net-tools (1.60+git20161116.90da8a0-3) unstable; urgency=medium - * debian/control: Update Vcs-* and Standards-Version. - * debian/control: remove references to ancient package ja-trans. - * debian/gbp.conf: Update repo layout. + * debian/control: Update Vcs-* and Standards-Version. + * debian/control: remove references to ancient package ja-trans. + * debian/gbp.conf: Update repo layout. - -- Martín Ferrari Tue, 31 Jul 2018 19:09:00 + + -- Martín Ferrari Tue, 31 Jul 2018 19:09:00 + net-tools (1.60+git20161116.90da8a0-2) unstable; urgency=medium - * Fix typo in French manpage. Thanks to Michel Grigaut for the patch. - * Add manpage for iptunnel, thanks to Sergio Durigan Junior. - Closes: #88910 - * Rename patches so CME does not choke on them. - * Automated cme fixes; packaging improvements. - * Remove unused and ancient patch. + * Fix typo in French manpage. Thanks to Michel Grigaut for the patch. + * Add manpage for iptunnel, thanks to Sergio Durigan Junior. + Closes: #88910 + * Rename patches so CME does not choke on them. + * Automated cme fixes; packaging improvements. + * Remove unused and ancient patch. - -- Martín Ferrari Sun, 11 Feb 2018 17:29:24 + + -- Martín Ferrari Sun, 11 Feb 2018 17:29:24 + net-tools (1.60+git20161116.90da8a0-1) unstable; urgency=medium - * New upstream snapshot. - * Re-synced translations.patch. - * Acknowledge NMUs. Thanks a lot to Andrey Rahmatullin for the - fixes and uploads. Closes: 846509. - * Fix FTCBFS, thanks to Helmut Grohne for the patch. Closes: #811561. - + Really assign CC for cross compilation. - + Use triplet prefixed pkg-config. - * Add debian/NEWS warning about changing output in net
[Touch-packages] [Bug 1993426] Re: Merge openldap from Debian unstable for lunar
[This has been uploaded to -proposed, and will be in transition for a bit] ** Summary changed: - Merge openldap from Debian unstable for l-series + Merge openldap from Debian unstable for lunar ** Changed in: openldap (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1993426 Title: Merge openldap from Debian unstable for lunar Status in openldap package in Ubuntu: Fix Committed Bug description: Scheduled-For: ubuntu-22.12 Upstream: tbd Debian: 2.5.13+dfsg-22.6.3+dfsg-1~exp1 Ubuntu: 2.5.13+dfsg-1ubuntu1 Debian new has 2.6.3+dfsg-1~exp1 ### New Debian Changes ### openldap (2.5.13+dfsg-2) unstable; urgency=medium * d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the autopkgtest failure due to heimdal setting mode 700 on this directory. (Closes: #1020442) * d/source/lintian-overrides: Add wildcards to make overrides compatible with both older and newer versions of lintian. * d/slapd-contrib.lintian-overrides: Remove unused custom-library-search-path override now that krb5-config no longer sets -rpath. -- Ryan Tandy Sat, 24 Sep 2022 12:40:21 -0700 openldap (2.5.13+dfsg-1) unstable; urgency=medium * d/rules: Remove get-orig-source, now unnecessary. * Check PGP signature when running uscan. * d/watch: Modernize watch file; use repacksuffix. * d/copyright: Update according to DEP-5. * d/control: Add myself to Uploaders. * New upstream release. -- Sergio Durigan Junior Sun, 18 Sep 2022 18:29:46 -0400 openldap (2.5.12+dfsg-2) unstable; urgency=medium * Stop slapd explicitly in prerm as a workaround for #1006147, which caused dpkg-reconfigure to not restart the service, so the new configuration was not applied. See also #994204. (Closes: #1010971) -- Ryan Tandy Mon, 23 May 2022 10:14:53 -0700 openldap (2.5.12+dfsg-1) unstable; urgency=medium * New upstream release. - Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155) * Update debconf translations: - German, thanks to Helge Kreutzmann. (Closes: #1007728) - Spanish, thanks to Camaleón. (Closes: #1008529) - Dutch, thanks to Frans Spiesschaert. (Closes: #1010034) -- Ryan Tandy Wed, 04 May 2022 18:00:16 -0700 openldap (2.5.11+dfsg-1) unstable; urgency=medium * Upload to unstable. -- Ryan Tandy Fri, 11 Mar 2022 19:38:02 -0800 openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Add openssl to Build-Depends to enable more checks in test067-tls. * Update slapd-contrib's custom-library-search-path override to work with current Lintian. -- Ryan Tandy Sun, 23 Jan 2022 17:16:05 -0800 openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Update slapd-contrib's custom-library-search-path override to work with Lintian 2.108.0. -- Ryan Tandy Wed, 13 Oct 2021 18:42:55 -0700 openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not yet compatible with autoconf 2.71. (Closes: #993032) * Stop disabling automake in debian/rules now that upstream removed the AM_INIT_AUTOMAKE invocation. * Drop custom config.{guess,sub} handling. dh_update_autotools_config does the right thing for us. * Update Standards-Version to 4.6.0; no changes required. * debian/not-installed: Add the ldapvc.1 man page. -- Ryan Tandy Mon, 30 Aug 2021 18:54:25 -0700 openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium [ Ryan Tandy ] * New upstream release. * Export the cn=config database to LDIF format before upgrading from 2.4. * slapd.README.Debian: - Remove text about the dropped evolution-ntlm patch. - Add guidance for recovering from upgrade failures. * Remove the debconf warning and README text about the unsafe ACL configured by default in versions before jessie. * Remove upgrade code for adding the pwdMaxRecordedFailure attribute to the ppolicy schema. It's obsolete since the schema has been internalized. [ Sergio Durigan Junior ] * Implement the 'escape hatch' mechanism. - d/po/*.po: Update PO files given the new template note. - d/po/templates.pot: Update file. - d/slapd.templates: Add note warning user about a postinst failure, its possible cause and what to do. - d/slapd.postinst: Make certain upgrade functions return failure ### Old Ubuntu Delta ### openldap (2.5.13+dfsg-1ubuntu1) kinetic; urgency=medium * Merge with Debian unstable (LP: #1983618). Remaining changes: - Enable AppArmor support: + d/apparmor-profile: add Ap
[Touch-packages] [Bug 1988730] Re: package libsasl2-modules provides only unsafe SASL bind mechanims
** Also affects: cyrus-sasl2 (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977360 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1988730 Title: package libsasl2-modules provides only unsafe SASL bind mechanims Status in cyrus-sasl2 package in Ubuntu: Fix Released Status in cyrus-sasl2 source package in Jammy: In Progress Status in cyrus-sasl2 package in Debian: Unknown Bug description: [ Impact ] The SASL SCRAM mechanism is incorrectly part of the libsasl2-modules- gssapi-mit package. It has nothing to do with MIT or GSSAPI, and should be in libsasl2-modules. Normally this would just be an annoyance, but it just so happens that this also prevents to have the SCRAM mechanism coexist with the GSSAPI Heimdal one, because libsasl2-modules-gssapi-{mit,heimdal} conflict with each other. This change is moving a file from one package to another, so appropriate breaks/replaces changes have to be made. This move follows case #10 from the package transition table[1]. [ Test Plan ] This test plan revolves around dependency checking and upgrades, to make sure we don't: - have conflicting files which would break an upgrade - have no loss of functionality after an upgrade (since a plugin moved between packages) a) SCRAM remains installed # Install the package that provides SCRAM in jammy $ sudo apt install libsasl2-modules-gssapi-mit # Confirm mechanism is there and belongs to libsasl2-modules-gssapi- mit: $ ll /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2 lrwxrwxrwx 1 root root 18 Aug 16 20:08 /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2 -> libscram.so.2.0.25 $ dpkg -S /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2 libsasl2-modules-gssapi-mit:amd64: /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2 # list installed sasl2 packages: $ dpkg -l | grep -E "^ii.*sasl2" | awk '{print $2,$3}' libsasl2-2:amd64 2.1.27+dfsg2-3ubuntu1 libsasl2-modules:amd64 2.1.27+dfsg2-3ubuntu1 libsasl2-modules-db:amd64 2.1.27+dfsg2-3ubuntu1 libsasl2-modules-gssapi-mit:amd64 2.1.27+dfsg2-3ubuntu1 # dist-upgrade or install the new sasl2 packages from proposed # Confirm the same packages are installed as before the upgrade, just at their newer versions: libsasl2-2:amd64 2.1.27+dfsg2-3ubuntu1.1 libsasl2-modules:amd64 2.1.27+dfsg2-3ubuntu1.1 libsasl2-modules-db:amd64 2.1.27+dfsg2-3ubuntu1.1 libsasl2-modules-gssapi-mit:amd64 2.1.27+dfsg2-3ubuntu1.1 # Confirm the scram mechanism is still there, as before: $ ll /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2 lrwxrwxrwx 1 root root 18 Aug 16 20:08 /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2 -> libscram.so.2.0.25 # But now it belongs to the libsasl2-modules package: $ dpkg -S /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2 libsasl2-modules:amd64: /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2 b) Following (a), perform a release-upgrade to kinetic, and confirm that the same sasl2 packages remain installed, but now at the kinetic version: $ dpkg -l | grep -E "^ii.*sasl2" | awk '{print $2,$3}' libsasl2-2:amd64 2.1.28+dfsg-6ubuntu2 libsasl2-modules:amd64 2.1.28+dfsg-6ubuntu2 libsasl2-modules-db:amd64 2.1.28+dfsg-6ubuntu2 libsasl2-modules-gssapi-mit:amd64 2.1.28+dfsg-6ubuntu2 And that the scram mechanism is there, and still belongs to the libsasl2-modules package: $ ll /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2 lrwxrwxrwx 1 root root 18 Aug 16 20:08 /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2 -> libscram.so.2.0.25 $ dpkg -S /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2 libsasl2-modules:amd64: /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2 c) A jammy system WITHOUT the SCRAM mechanism available (i.e., libsasl2-modules-gssapi-mit is NOT installed), will get SCRAM available after the upgrade, but without installing any new package. # Start with these sasl2 packages installed on jammy: libsasl2-2:amd64 2.1.27+dfsg2-3ubuntu1 libsasl2-modules:amd64 2.1.27+dfsg2-3ubuntu1 libsasl2-modules-db:amd64 2.1.27+dfsg2-3ubuntu1 # Confirm SCRAM is not installed: $ ll /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2 ls: cannot access '/usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2': No such file or directory # Upgrade to the packages in proposed # Confirm no new sasl2 packages were installed: $ dpkg -l | grep -E "^ii.*sasl2" | awk '{print $2,$3}' libsasl2-2:amd64 2.1.27+dfsg2-3ubuntu1.1 libsasl2-modules:amd64 2.1.27+dfsg2-3ubuntu1.1 libsasl2-modules-db:amd64 2.1.27+dfsg2-3ubuntu1.1 # Verify that SCRAM is now available, and part of the libsasl2-modules package: $ ll /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2 lrwxrwxrwx 1 root root 18 Aug 16 20:08 /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2 -> libscram.so.2.0.25 $ dpkg -S /usr/lib/x86_64-linux-g
[Touch-packages] [Bug 1986521] Re: ssh client spins if output fd closed
** Changed in: openssh (Ubuntu Jammy) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1986521 Title: ssh client spins if output fd closed Status in portable OpenSSH: Unknown Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Jammy: In Progress Bug description: [Impact] In certain edge cases where the terminal goes away while an ssh process is running, ssh can be left consuming 100% CPU. This increases processing costs for cloud users and wastes energy. While this is an uncommon error, googling indicates many people have run into it in several different ways. It seems important to get this fixed in stable releases. This is a regression in jammy presumably due to change from select() to poll() (see OpennSSH 8.9 Release Announcement [1] ), fixed by upstream commit d6556de1db0822c76ba2745cf5c097d9472adf7c "upstream: fix poll() spin when a channel's output fd closes..." [2]. 1: https://lwn.net/Articles/885886/ 2. https://github.com/openssh/openssh-portable/commit/d6556de1db0822c76ba2745cf5c097d9472adf7c [Test Case] $ lxc launch ubuntu-daily:jammy ssh-cpu $ lxc shell ssh-cpu # passwd -d root # ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa # cat << EOF >>/etc/ssh/ssh_config StrictHostKeyChecking accept-new EOF # sed -ri 's/^PasswordAuthentication/#PasswordAuthentication/' /etc/ssh/sshd_config # cat << EOF >>/etc/ssh/sshd_config PermitRootLogin yes PubkeyAuthentication yes PermitEmptyPasswords yes PasswordAuthentication yes ChallengeResponseAuthentication no UsePAM no EOF # systemctl restart sshd # ssh localhost 2> >({exec 1>&2}) You can shell into the container from a second terminal and use "htop" to verify that ssh is using 100% of one of the CPU cores: $ lxc shell ssh-cpu # htop This should show one CPU pegged at 100% due to the 'ssh localhost' process Next, return to the first terminal, exit out of the sub-ssh session and install the fix: # logout # add-apt-repository -yus ppa:bryce/openssh-sru-lp1986521 # apt-get full-upgrade -y Now repeat the test in the first terminal window, while viewing htop in the second terminal: # ssh localhost 2> >({exec 1>&2}) [Where Problems Could Occur] While the patch in question is well tested upstream, it has a relatively high line count and as such is difficult to assure correctness by visual code checking. However, it's not clear that the line count could be significantly reduced without risking loss of correctness. Thus this relies more on testing to assure robustness, than on code review. The code involves polling behavior, so issues to watch for would more likely involve process handling, i.e. problems with socket polling. Beyond that, the usual generic issues to watch for - build issues, dependency issues during build or on upgrade, and service restarting. [Original Report] The OpenSSH package 8.9p1 as shipped with U22.04 (8.9p1-3) suffers from the bug described at https://bugzilla.mindrot.org/show_bug.cgi?id=3411 and https://bugzilla.mindrot.org/show_bug.cgi?id=3405 A command such as "xterm -e 'ssh -f remote.host sleep 60'" will pop up an xterm, ask for whatever authentication is needed, close the xterm, and leave the ssh client spinning consuming CPU time for 60 seconds before it exits. It should leave the ssh client idle for 60 seconds. Many uses of ssh to launch graphical applications will be caught by this bug. This is fixed in OpenSSH 9.0p1 as the first bugfix listed in its release notes at https://www.openssh.com/txt/release-9.0 To manage notifications about this bug go to: https://bugs.launchpad.net/openssh/+bug/1986521/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1986521] Re: ssh client spins if output fd closed
** Description changed: [Impact] - In certain edge cases where the terminal goes away while an ssh process is running, ssh can be left consuming 100% CPU. This increases processing costs for cloud users and wastes energy. + In certain edge cases where the terminal goes away while an ssh process is running, ssh can be left consuming 100% CPU. This increases processing costs for cloud users and wastes energy. While this is an uncommon error, googling indicates many people have run into it in several different ways. It seems important to get this fixed in stable releases. This is a regression in jammy presumably due to change from select() to poll() (see OpennSSH 8.9 Release Announcement [1] ), fixed by upstream commit d6556de1db0822c76ba2745cf5c097d9472adf7c "upstream: fix poll() spin when a channel's output fd closes..." [2]. 1: https://lwn.net/Articles/885886/ 2. https://github.com/openssh/openssh-portable/commit/d6556de1db0822c76ba2745cf5c097d9472adf7c [Test Case] $ lxc launch ubuntu-daily:jammy ssh-cpu $ lxc shell ssh-cpu # passwd -d root # ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa # cat << EOF >>/etc/ssh/ssh_config StrictHostKeyChecking accept-new EOF # sed -ri 's/^PasswordAuthentication/#PasswordAuthentication/' /etc/ssh/sshd_config # cat << EOF >>/etc/ssh/sshd_config PermitRootLogin yes PubkeyAuthentication yes PermitEmptyPasswords yes PasswordAuthentication yes ChallengeResponseAuthentication no UsePAM no EOF # systemctl restart sshd # ssh localhost 2> >({exec 1>&2}) You can shell into the container from a second terminal and use "htop" to verify that ssh is using 100% of one of the CPU cores: $ lxc shell ssh-cpu # htop This should show one CPU pegged at 100% due to the 'ssh localhost' process Next, return to the first terminal, exit out of the sub-ssh session and install the fix: # logout # add-apt-repository -yus ppa:bryce/openssh-sru-lp1986521 # apt-get full-upgrade -y Now repeat the test in the first terminal window, while viewing htop in the second terminal: # ssh localhost 2> >({exec 1>&2}) [Where Problems Could Occur] While the patch in question is well tested upstream, it has a relatively high line count and as such is difficult to assure correctness by visual code checking. However, it's not clear that the line count could be significantly reduced without risking loss of correctness. Thus this relies more on testing to assure robustness, than on code review. The code involves polling behavior, so issues to watch for would more likely involve process handling, i.e. problems with socket polling. Beyond that, the usual generic issues to watch for - build issues, dependency issues during build or on upgrade, and service restarting. - [Original Report] The OpenSSH package 8.9p1 as shipped with U22.04 (8.9p1-3) suffers from the bug described at https://bugzilla.mindrot.org/show_bug.cgi?id=3411 and https://bugzilla.mindrot.org/show_bug.cgi?id=3405 A command such as "xterm -e 'ssh -f remote.host sleep 60'" will pop up an xterm, ask for whatever authentication is needed, close the xterm, and leave the ssh client spinning consuming CPU time for 60 seconds before it exits. It should leave the ssh client idle for 60 seconds. Many uses of ssh to launch graphical applications will be caught by this bug. This is fixed in OpenSSH 9.0p1 as the first bugfix listed in its release notes at https://www.openssh.com/txt/release-9.0 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1986521 Title: ssh client spins if output fd closed Status in portable OpenSSH: Unknown Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Jammy: Triaged Bug description: [Impact] In certain edge cases where the terminal goes away while an ssh process is running, ssh can be left consuming 100% CPU. This increases processing costs for cloud users and wastes energy. While this is an uncommon error, googling indicates many people have run into it in several different ways. It seems important to get this fixed in stable releases. This is a regression in jammy presumably due to change from select() to poll() (see OpennSSH 8.9 Release Announcement [1] ), fixed by upstream commit d6556de1db0822c76ba2745cf5c097d9472adf7c "upstream: fix poll() spin when a channel's output fd closes..." [2]. 1: https://lwn.net/Articles/885886/ 2. https://github.com/openssh/openssh-portable/commit/d6556de1db0822c76ba2745cf5c097d9472adf7c [Test Case] $ lxc launch ubuntu-daily:jammy ssh-cpu $ lxc shell ssh-cpu # passwd -d root # ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa # cat << EOF >>/etc/ssh/ssh_config StrictHostKeyChecking accept-new EOF # se
[Touch-packages] [Bug 1986521] Re: ssh client spins if output fd closed
** Description changed: + [Impact] + In certain edge cases where the terminal goes away while an ssh process is running, ssh can be left consuming 100% CPU. This increases processing costs for cloud users and wastes energy. + + This is a regression in jammy presumably due to change from select() to + poll() (see OpennSSH 8.9 Release Announcement [1] ), fixed by upstream + commit d6556de1db0822c76ba2745cf5c097d9472adf7c "upstream: fix poll() + spin when a channel's output fd closes..." [2]. + + 1: https://lwn.net/Articles/885886/ + 2. https://github.com/openssh/openssh-portable/commit/d6556de1db0822c76ba2745cf5c097d9472adf7c + [Test Case] $ lxc launch ubuntu-daily:jammy ssh-cpu $ lxc shell ssh-cpu # passwd -d root # ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa # cat << EOF >>/etc/ssh/ssh_config StrictHostKeyChecking accept-new EOF # sed -ri 's/^PasswordAuthentication/#PasswordAuthentication/' /etc/ssh/sshd_config # cat << EOF >>/etc/ssh/sshd_config PermitRootLogin yes PubkeyAuthentication yes PermitEmptyPasswords yes PasswordAuthentication yes ChallengeResponseAuthentication no UsePAM no EOF # systemctl restart sshd # ssh localhost 2> >({exec 1>&2}) - You can shell into the container from a second terminal and use "htop" to verify that ssh is using 100% of one of the CPU cores: $ lxc shell ssh-cpu # htop This should show one CPU pegged at 100% due to the 'ssh localhost' process Next, return to the first terminal, exit out of the sub-ssh session and install the fix: # logout # add-apt-repository -yus ppa:bryce/openssh-sru-lp1986521 # apt-get full-upgrade -y Now repeat the test in the first terminal window, while viewing htop in the second terminal: # ssh localhost 2> >({exec 1>&2}) + [Where Problems Could Occur] + + While the patch in question is well tested upstream, it has a relatively + high line count and as such is difficult to assure correctness by visual + code checking. However, it's not clear that the line count could be + significantly reduced without risking loss of correctness. Thus this + relies more on testing to assure robustness, than on code review. + + The code involves polling behavior, so issues to watch for would more + likely involve process handling, i.e. problems with socket polling. + + Beyond that, the usual generic issues to watch for - build issues, + dependency issues during build or on upgrade, and service restarting. + + [Original Report] The OpenSSH package 8.9p1 as shipped with U22.04 (8.9p1-3) suffers from the bug described at https://bugzilla.mindrot.org/show_bug.cgi?id=3411 and https://bugzilla.mindrot.org/show_bug.cgi?id=3405 A command such as "xterm -e 'ssh -f remote.host sleep 60'" will pop up an xterm, ask for whatever authentication is needed, close the xterm, and leave the ssh client spinning consuming CPU time for 60 seconds before it exits. It should leave the ssh client idle for 60 seconds. Many uses of ssh to launch graphical applications will be caught by this bug. This is fixed in OpenSSH 9.0p1 as the first bugfix listed in its release notes at https://www.openssh.com/txt/release-9.0 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1986521 Title: ssh client spins if output fd closed Status in portable OpenSSH: Unknown Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Jammy: Triaged Bug description: [Impact] In certain edge cases where the terminal goes away while an ssh process is running, ssh can be left consuming 100% CPU. This increases processing costs for cloud users and wastes energy. While this is an uncommon error, googling indicates many people have run into it in several different ways. It seems important to get this fixed in stable releases. This is a regression in jammy presumably due to change from select() to poll() (see OpennSSH 8.9 Release Announcement [1] ), fixed by upstream commit d6556de1db0822c76ba2745cf5c097d9472adf7c "upstream: fix poll() spin when a channel's output fd closes..." [2]. 1: https://lwn.net/Articles/885886/ 2. https://github.com/openssh/openssh-portable/commit/d6556de1db0822c76ba2745cf5c097d9472adf7c [Test Case] $ lxc launch ubuntu-daily:jammy ssh-cpu $ lxc shell ssh-cpu # passwd -d root # ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa # cat << EOF >>/etc/ssh/ssh_config StrictHostKeyChecking accept-new EOF # sed -ri 's/^PasswordAuthentication/#PasswordAuthentication/' /etc/ssh/sshd_config # cat << EOF >>/etc/ssh/sshd_config PermitRootLogin yes PubkeyAuthentication yes PermitEmptyPasswords yes PasswordAuthentication yes ChallengeResponseAuthentication no UsePAM no EOF # systemctl restart sshd # ssh localhost 2> >({exec 1>&2}) You can shel