from:"Marc"

@adampankow: the bug only applied to focal and jammy, which are marked
as "fix released", the "invalid" task is the development release noble,
which isn't affected by this bug. This looks a bit odd, but it's how
launchpad bugs work.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/2060906

Title:
  attempt to add opensc using modutil suddenly fails

Status in nss package in Ubuntu:
  Invalid
Status in nss source package in Focal:
  Fix Released
Status in nss source package in Jammy:
  Fix Released

Bug description:
  The following command to add the OpenSC PKCS11 module for use in, eg,
  Chrome fails:

  modutil -dbdir sql:$HOME/.pki/nssdb -add "OpenSC" -libfile
  /usr/lib/opensc-pkcs11.so

  This has worked for me several times in the past, but today Chrome
  stopped detecting my smart card and when I tried to re-initialize
  ~/.pki/nssdb and re-add OpenSC using the command above, I received the
  following error:

  ERROR: Failed to add module "OpenSC". Probable cause : "Unknown code
  ___P 3".

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2060906/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2060906] Re: attempt to add opensc using modutil suddenly fails

https://ubuntu.com/security/notices/USN-6727-2

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/2060906

Title:
  attempt to add opensc using modutil suddenly fails

Status in nss package in Ubuntu:
  Invalid
Status in nss source package in Focal:
  Fix Released
Status in nss source package in Jammy:
  Fix Released

Bug description:
  The following command to add the OpenSC PKCS11 module for use in, eg,
  Chrome fails:

  modutil -dbdir sql:$HOME/.pki/nssdb -add "OpenSC" -libfile
  /usr/lib/opensc-pkcs11.so

  This has worked for me several times in the past, but today Chrome
  stopped detecting my smart card and when I tried to re-initialize
  ~/.pki/nssdb and re-add OpenSC using the command above, I received the
  following error:

  ERROR: Failed to add module "OpenSC". Probable cause : "Unknown code
  ___P 3".

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2060906/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2060906] Re: attempt to add opensc using modutil suddenly fails

** Changed in: nss (Ubuntu)
   Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/2060906

Title:
  attempt to add opensc using modutil suddenly fails

Status in nss package in Ubuntu:
  Invalid
Status in nss source package in Focal:
  Fix Released
Status in nss source package in Jammy:
  Fix Released

Bug description:
  The following command to add the OpenSC PKCS11 module for use in, eg,
  Chrome fails:

  modutil -dbdir sql:$HOME/.pki/nssdb -add "OpenSC" -libfile
  /usr/lib/opensc-pkcs11.so

  This has worked for me several times in the past, but today Chrome
  stopped detecting my smart card and when I tried to re-initialize
  ~/.pki/nssdb and re-add OpenSC using the command above, I received the
  following error:

  ERROR: Failed to add module "OpenSC". Probable cause : "Unknown code
  ___P 3".

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2060906/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2060906] Re: attempt to add opensc using modutil suddenly fails

Thanks for testing, I'll publish the regression fix as soon as all archs
have finished building.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/2060906

Title:
  attempt to add opensc using modutil suddenly fails

Status in nss package in Ubuntu:
  Confirmed
Status in nss source package in Focal:
  In Progress
Status in nss source package in Jammy:
  In Progress

Bug description:
  The following command to add the OpenSC PKCS11 module for use in, eg,
  Chrome fails:

  modutil -dbdir sql:$HOME/.pki/nssdb -add "OpenSC" -libfile
  /usr/lib/opensc-pkcs11.so

  This has worked for me several times in the past, but today Chrome
  stopped detecting my smart card and when I tried to re-initialize
  ~/.pki/nssdb and re-add OpenSC using the command above, I received the
  following error:

  ERROR: Failed to add module "OpenSC". Probable cause : "Unknown code
  ___P 3".

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2060906/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2060906] Re: attempt to add opensc using modutil suddenly fails

I have uploaded packages that fix this issue for focal and jammy to the
security team PPA here:

https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages

Once they have finished building, please test them to make sure they fix
the issue for you, and I will publish them as a security regression fix
this afternoon.

Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/2060906

Title:
  attempt to add opensc using modutil suddenly fails

Status in nss package in Ubuntu:
  Confirmed
Status in nss source package in Focal:
  In Progress
Status in nss source package in Jammy:
  In Progress

Bug description:
  The following command to add the OpenSC PKCS11 module for use in, eg,
  Chrome fails:

  modutil -dbdir sql:$HOME/.pki/nssdb -add "OpenSC" -libfile
  /usr/lib/opensc-pkcs11.so

  This has worked for me several times in the past, but today Chrome
  stopped detecting my smart card and when I tried to re-initialize
  ~/.pki/nssdb and re-add OpenSC using the command above, I received the
  following error:

  ERROR: Failed to add module "OpenSC". Probable cause : "Unknown code
  ___P 3".

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2060906/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2060906] Re: attempt to add opensc using modutil suddenly fails

Thanks for reporting this issue, I am currently investigating and will
have an updated package for testing soon.

** Also affects: nss (Ubuntu Focal)
   Importance: Undecided
   Status: New

** Also affects: nss (Ubuntu Jammy)
   Importance: Undecided
   Status: New

** Changed in: nss (Ubuntu Focal)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: nss (Ubuntu Jammy)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: nss (Ubuntu Focal)
   Status: New => In Progress

** Changed in: nss (Ubuntu Jammy)
   Status: New => In Progress

** Changed in: nss (Ubuntu Focal)
   Importance: Undecided => Critical

** Changed in: nss (Ubuntu Jammy)
   Importance: Undecided => Critical

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/2060906

Title:
  attempt to add opensc using modutil suddenly fails

Status in nss package in Ubuntu:
  Confirmed
Status in nss source package in Focal:
  In Progress
Status in nss source package in Jammy:
  In Progress

Bug description:
  The following command to add the OpenSC PKCS11 module for use in, eg,
  Chrome fails:

  modutil -dbdir sql:$HOME/.pki/nssdb -add "OpenSC" -libfile
  /usr/lib/opensc-pkcs11.so

  
  This has worked for me several times in the past, but today Chrome stopped 
detecting my smart card and when I tried to re-initialize ~/.pki/nssdb and 
re-add OpenSC using the command above, I received the following error:

  ERROR: Failed to add module "OpenSC". Probabl cause : "Unknown code
  ___P 3".

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2060906/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2060968] Re: SafeNet Authentication Client eToken driver error

*** This bug is a duplicate of bug 2060906 ***
https://bugs.launchpad.net/bugs/2060906

This is the same core issue as bug #2060906, so marking as a duplicate,
please follow the progress in that bug. Thanks!

** This bug has been marked a duplicate of bug 2060906
   attempt to add opensc using modutil suddenly fails

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/2060968

Title:
  SafeNet Authentication Client eToken driver error

Status in nss package in Ubuntu:
  New

Bug description:
  SafeNet Authentication Client eToken driver (libeTPkcs11.so) throws
  error when I try to add him through libnss3-tool -add:

  modutil -dbdir:$HOME/.pki/nssdb -add "eToken" -libfile /usr/lib/libeTPkcs11.so
  ERROR: Failed to add module "eToken". Probabl cause : "Unknown code ___P 3"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2060968/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2060968] Re: SafeNet Authentication Client eToken driver error

** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/2060968

Title:
  SafeNet Authentication Client eToken driver error

Status in nss package in Ubuntu:
  New

Bug description:
  SafeNet Authentication Client eToken driver (libeTPkcs11.so) throws
  error when I try to add him through libnss3-tool -add:

  modutil -dbdir:$HOME/.pki/nssdb -add "eToken" -libfile /usr/lib/libeTPkcs11.so
  ERROR: Failed to add module "eToken". Probabl cause : "Unknown code ___P 3"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2060968/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2060906] Re: attempt to add opensc using modutil suddenly fails

** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/2060906

Title:
  attempt to add opensc using modutil suddenly fails

Status in nss package in Ubuntu:
  Confirmed

Bug description:
  The following command to add the OpenSC PKCS11 module for use in, eg,
  Chrome fails:

  modutil -dbdir sql:$HOME/.pki/nssdb -add "OpenSC" -libfile
  /usr/lib/opensc-pkcs11.so

  
  This has worked for me several times in the past, but today Chrome stopped 
detecting my smart card and when I tried to re-initialize ~/.pki/nssdb and 
re-add OpenSC using the command above, I received the following error:

  ERROR: Failed to add module "OpenSC". Probabl cause : "Unknown code
  ___P 3".

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2060906/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1597017] Re: mount rules grant excessive permissions

2024-03-29 Thread Marc Deslauriers

FYI This is now in the jammy and focal upload queues to go to -proposed.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1597017

Title:
  mount rules grant excessive permissions

Status in AppArmor:
  Fix Released
Status in apparmor package in Ubuntu:
  Fix Released
Status in apparmor source package in Focal:
  In Progress
Status in apparmor source package in Jammy:
  In Progress

Bug description:
  The rule
mount options=(rw,make-slave) -> **,

  ends up allowing
mount -t proc proc /mnt

  which it shouldn't as it should be restricted to commands with a make-
  slave flag

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1597017/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2058743] Re: systemd local DNS tests failing with timeout

2024-03-22 Thread Marc Deslauriers

It appears most of the systemd autopkgtest failures are because of this
flaky test:

https://autopkgtest.ubuntu.com/packages/systemd/jammy/amd64

The effort required to manually retrigger systemd autopkgtests because
of that flaky test is substantial. We should disable that particular
test unless someone manages to fix it properly.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/2058743

Title:
  systemd local DNS tests failing with timeout

Status in dnsmasq package in Ubuntu:
  New
Status in systemd package in Ubuntu:
  New

Bug description:
  Investigations done in 22.04/Jammy but may be affecting other series,
  too.

  The dnsmasq package recently was updated from 2.86-1.1ubuntu0.5 to
  2.90-0ubuntu0.22.04.1. This seems to have brought back the same issue
  reported in bug #1957086. Sounds like both have interaction issues.

  To reproduce:

  $ pull-lp-source systemd jammy
  # Install test deps
  $ sudo apt install systemd udev libpam-systemd libnss-systemd acl locales 
evemu-tools python3 pkg-config cryptsetup-bin systemd-sysv policykit-1 
dnsmasq-base
  $ cd systemd-249.11/test/
  $ sudo ./networkd-test.py

  ==
  ERROR: test_resolved_domain_restricted_dns (__main__.DnsmasqClientTest)
  resolved: domain-restricted DNS servers
  --
  Traceback (most recent call last):
File "/home/ubuntu/systemd-249.11/test/./networkd-test.py", line 678, in 
test_resolved_domain_restricted_dns
  out = subprocess.check_output(['resolvectl', 'query', 'math.lab'])
File "/usr/lib/python3.10/subprocess.py", line 421, in check_output
  return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
File "/usr/lib/python3.10/subprocess.py", line 526, in run
  raise CalledProcessError(retcode, process.args,
  subprocess.CalledProcessError: Command '['resolvectl', 'query', 'math.lab']' 
returned non-zero exit status 1.

  --
  Ran 35 tests in 252.167s

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2058743/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2058743] Re: systemd local DNS tests failing with timeout

2024-03-22 Thread Marc Deslauriers

The same issue was present with the old dnsmasq package...for example:

https://autopkgtest.ubuntu.com/results/autopkgtest-
jammy/jammy/amd64/s/systemd/20240224_133847_88f29@/log.gz

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/2058743

Title:
  systemd local DNS tests failing with timeout

Status in dnsmasq package in Ubuntu:
  New

Bug description:
  Investigations done in 22.04/Jammy but may be affecting other series,
  too.

  The dnsmasq package recently was updated from 2.86-1.1ubuntu0.5 to
  2.90-0ubuntu0.22.04.1. This seems to have brought back the same issue
  reported in bug #1957086. Sounds like both have interaction issues.

  To reproduce:

  $ pull-lp-source systemd jammy
  # Install test deps
  $ sudo apt install systemd udev libpam-systemd libnss-systemd acl locales 
evemu-tools python3 pkg-config cryptsetup-bin systemd-sysv policykit-1 
dnsmasq-base
  $ cd systemd-249.11/test/
  $ sudo ./networkd-test.py

  ==
  ERROR: test_resolved_domain_restricted_dns (__main__.DnsmasqClientTest)
  resolved: domain-restricted DNS servers
  --
  Traceback (most recent call last):
File "/home/ubuntu/systemd-249.11/test/./networkd-test.py", line 678, in 
test_resolved_domain_restricted_dns
  out = subprocess.check_output(['resolvectl', 'query', 'math.lab'])
File "/usr/lib/python3.10/subprocess.py", line 421, in check_output
  return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
File "/usr/lib/python3.10/subprocess.py", line 526, in run
  raise CalledProcessError(retcode, process.args,
  subprocess.CalledProcessError: Command '['resolvectl', 'query', 'math.lab']' 
returned non-zero exit status 1.

  --
  Ran 35 tests in 252.167s

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2058743/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2058053] Re: Change sudo compile options from --with-all-insults to --with-pc-insults

I've filed the upstream bug and have linked it here, please ignore my
comment #6.

** Bug watch added: bugzilla.sudo.ws/ #1068
   http://bugzilla.sudo.ws/show_bug.cgi?id=1068

** Also affects: sudo via
   http://bugzilla.sudo.ws/show_bug.cgi?id=1068
   Importance: Unknown
   Status: Unknown

** Also affects: sudo (Ubuntu Noble)
   Importance: Undecided
   Status: New

** Also affects: sudo (Ubuntu Jammy)
   Importance: Undecided
   Status: New

** Also affects: sudo (Ubuntu Mantic)
   Importance: Undecided
   Status: New

** Also affects: sudo (Ubuntu Focal)
   Importance: Undecided
   Status: New

** Changed in: sudo (Ubuntu Focal)
   Status: New => Confirmed

** Changed in: sudo (Ubuntu Jammy)
   Status: New => Confirmed

** Changed in: sudo (Ubuntu Mantic)
   Status: New => Confirmed

** Changed in: sudo (Ubuntu Noble)
   Status: New => Confirmed

** Changed in: sudo (Ubuntu Noble)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/2058053

Title:
  Change sudo compile options from --with-all-insults to --with-pc-
  insults

Status in sudo:
  Unknown
Status in sudo package in Ubuntu:
  Confirmed
Status in sudo source package in Focal:
  Confirmed
Status in sudo source package in Jammy:
  Confirmed
Status in sudo source package in Mantic:
  Confirmed
Status in sudo source package in Noble:
  Confirmed

Bug description:
  Tame as they might be, I'd like to continue using "Defaults insults" without 
any risk of upsetting anyone (and without having to maintain our own package 
version.)
  Would the safe insults version at compile time "--with-pc-insults" be a 
sensible default for all?

  Current as of Jammy, but looks like it's still the default compile option 
across the board
  Version: 1.9.9-1ubuntu2

  Current behaviour  : Enabling includes the "not PC" insults 
  Expected behaviour : Insults would default to "PC"

To manage notifications about this bug go to:
https://bugs.launchpad.net/sudo/+bug/2058053/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2058053] Re: Change sudo compile options from --with-all-insults to --with-pc-insults

I'll fix this issue in noble.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/2058053

Title:
  Change sudo compile options from --with-all-insults to --with-pc-
  insults

Status in sudo package in Ubuntu:
  New

Bug description:
  Tame as they might be, I'd like to continue using "Defaults insults" without 
any risk of upsetting anyone (and without having to maintain our own package 
version.)
  Would the safe insults version at compile time "--with-pc-insults" be a 
sensible default for all?

  Current as of Jammy, but looks like it's still the default compile option 
across the board
  Version: 1.9.9-1ubuntu2

  Current behaviour  : Enabling includes the "not PC" insults 
  Expected behaviour : Insults would default to "PC"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2058053/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2058053] Re: Change sudo compile options from --with-all-insults to --with-pc-insults

Could you please file a bug upstream about the missing change, and let
us know the bug number?

https://bugzilla.sudo.ws/index.cgi

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/2058053

Title:
  Change sudo compile options from --with-all-insults to --with-pc-
  insults

Status in sudo package in Ubuntu:
  New

Bug description:
  Tame as they might be, I'd like to continue using "Defaults insults" without 
any risk of upsetting anyone (and without having to maintain our own package 
version.)
  Would the safe insults version at compile time "--with-pc-insults" be a 
sensible default for all?

  Current as of Jammy, but looks like it's still the default compile option 
across the board
  Version: 1.9.9-1ubuntu2

  Current behaviour  : Enabling includes the "not PC" insults 
  Expected behaviour : Insults would default to "PC"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2058053/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2058053] Re: Change sudo compile options from --with-all-insults to --with-pc-insults

Actually, I think you're right, the brains one does seem to be included
because while that upstream patch does do the following to
plugins/sudoers/ins_classic.h, it didn't apply the same change to
plugins/sudoers/ins_csops.h:

-#ifdef PC_INSULTS
+#ifndef OFFENSIVE_INSULTS

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/2058053

Title:
  Change sudo compile options from --with-all-insults to --with-pc-
  insults

Status in sudo package in Ubuntu:
  New

Bug description:
  Tame as they might be, I'd like to continue using "Defaults insults" without 
any risk of upsetting anyone (and without having to maintain our own package 
version.)
  Would the safe insults version at compile time "--with-pc-insults" be a 
sensible default for all?

  Current as of Jammy, but looks like it's still the default compile option 
across the board
  Version: 1.9.9-1ubuntu2

  Current behaviour  : Enabling includes the "not PC" insults 
  Expected behaviour : Insults would default to "PC"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2058053/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2058053] Re: Change sudo compile options from --with-all-insults to --with-pc-insults

2024-03-15 Thread Marc Deslauriers

Great, I'll leave this bug open for now. Please let us know if there is
anything that is enabled that shouldn't be. Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/2058053

Title:
  Change sudo compile options from --with-all-insults to --with-pc-
  insults

Status in sudo package in Ubuntu:
  New

Bug description:
  Tame as they might be, I'd like to continue using "Defaults insults" without 
any risk of upsetting anyone (and without having to maintain our own package 
version.)
  Would the safe insults version at compile time "--with-pc-insults" be a 
sensible default for all?

  Current as of Jammy, but looks like it's still the default compile option 
across the board
  Version: 1.9.9-1ubuntu2

  Current behaviour  : Enabling includes the "not PC" insults 
  Expected behaviour : Insults would default to "PC"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2058053/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2058053] Re: Change sudo compile options from --with-all-insults to --with-pc-insults

2024-03-15 Thread Marc Deslauriers

I'm not sure I understand this bug, the --with-pc-insults option is
deprecated since 2017-09-18 as it is the default option.

The noble package doesn't use --enable-offensive-insults.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/2058053

Title:
  Change sudo compile options from --with-all-insults to --with-pc-
  insults

Status in sudo package in Ubuntu:
  New

Bug description:
  Tame as they might be, I'd like to continue using "Defaults insults" without 
any risk of upsetting anyone (and without having to maintain our own package 
version.)
  Would the safe insults version at compile time "--with-pc-insults" be a 
sensible default for all?

  Current as of Jammy, but looks like it's still the default compile option 
across the board
  Version: 1.9.9-1ubuntu2

  Current behaviour  : Enabling includes the "not PC" insults 
  Expected behaviour : Insults would default to "PC"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2058053/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.

2024-03-04 Thread Marc Deslauriers

I am marking this bug as "invalid" per your last comment. Thanks!

** Changed in: dnsmasq (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/2055776

Title:
  After updating ubuntu, the network to which the subnet address is
  assigned does not become active in KVM.

Status in dnsmasq package in Ubuntu:
  Invalid

Bug description:
  phenomenon:
After updating ubuntu, the network to which the subnet address is assigned 
does not become active in KVM.

  Cause:
This is because the following dnsmasq update operation performed by apt's 
automatic update causes an error. It worked properly with dnsmasq 2.80, but 
does not work properly with 2.90.

  $ cat /var/log/apt/history.log
  (snip)
  Start-Date: 2024-02-27  06:17:31
  Commandline: /usr/bin/unattended-upgrade
  Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1)
  End-Date: 2024-02-27  06:17:44
  (snip)
  $

  Cause details:
As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below 
is an example.

  $ cat default.conf 
  ##WARNING:  THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
  ##OVERWRITTEN AND LOST.  Changes to this configuration should be made using:
  ##virsh net-edit default
  ## or other application using the libvirt API.
  ##
  ## dnsmasq conf file created by libvirt
  strict-order
  user=libvirt-dnsmasq
  pid-file=/run/libvirt/network/default.pid
  except-interface=lo
  bind-dynamic
  interface=virbr0
  dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0
  dhcp-no-override
  dhcp-authoritative
  dhcp-lease-max=253
  dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile
  addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
  $ 

  
  When starting the network with KVM (virsh net-start), dnsmasq started from 
KVM executes the make_sock function twice as shown below.

 $ cat network.c
 (snip)
 1087 static struct listener *create_listeners(union mysockaddr *addr, int 
do_
 1087 tftp, int dienow)
 1088 {
 1089   struct listener *l = NULL;
 1090   int fd = -1, tcpfd = -1, tftpfd = -1;
 1091 
 1092   (void)do_tftp;
 1093 
 1094   if (daemon->port != 0)
 1095 {
 1096   fd = make_sock(addr, SOCK_DGRAM, dienow);
 1097   tcpfd = make_sock(addr, SOCK_STREAM, dienow);
 1098 }
 (snip)

  The following code causes an issue with the update made in dnsmasq
  2.90.

 $ cat network.c
 (snip)
  895 static int make_sock(union mysockaddr *addr, int type, int dienow)
  896 {
  (snip)
  934   if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL)
  935 {
  936   if (dienow)
  937 die(s, daemon->addrbuff, EC_BADNET);
  938   else
  939 my_syslog(LOG_WARNING, s, daemon->addrbuff, 
strerror(errno))939 ;
  940 }
  (snip)

  
  function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24, 
and then make_sock in network.c:1097 tries to bind to the same address. 
However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so 
dnsmasq does not cause a startup error. As a result, virsh net-start fails.

  As a temporary workaround, it will work if you try not to die.

  $ diff -u  network_c_back  network.c 
  --- network_c_back  2024-02-29 15:36:05.156467935 +
  +++ network.c 2024-02-29 15:36:38.733324350 +
  @@ -934,7 +934,8 @@
 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL)
{
  if (dienow)
  - die(s, daemon->addrbuff, EC_BADNET);
  + my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
  + //die(s, daemon->addrbuff, EC_BADNET);
  else
my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
}
  $ 

  If bind-dynamic is set, it should be modified so that it works even if
  errno==98.

  For reference, in the case of dnsmasq 2.80, the code is as follows, so
  no error occurs.

  network.c
  699 static int make_sock(union mysockaddr *addr, int type, int dienow)
  700 {
  701   int family = addr->sa.sa_family;
  702   int fd, rc, opt = 1;
  (snip)
  715 err:
  716   errsave = errno;
  717   port = prettyprint_addr(addr, daemon->addrbuff);
  718   if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND))
  719 sprintf(daemon->addrbuff, "port %d", port);
  720   s = _("failed to create listening socket for %s: %s");
  721   
  722   if (fd != -1)
  723 close (fd);
  724 
  725   errno = errsave;
  726 
  727   if (dienow)
  728 {
  729   /* failure to bind addresses given by --listen-address at 
this
  729  point
  730  is OK if we're doing bind-dynamic

[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.

2024-03-04 Thread Marc Deslauriers

By default bind will listen on all interfaces. I don't understand why
we're not seeing anything listening on 192.168.122.1 but you are still
getting the error message.

I suggest adding a listen-on directive to your
/etc/bind/named.conf.options file, restarting bind, and seeing if
libvirt will now successfully listen on virbr0.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/2055776

Title:
  After updating ubuntu, the network to which the subnet address is
  assigned does not become active in KVM.

Status in dnsmasq package in Ubuntu:
  New

Bug description:
  phenomenon:
After updating ubuntu, the network to which the subnet address is assigned 
does not become active in KVM.

  Cause:
This is because the following dnsmasq update operation performed by apt's 
automatic update causes an error. It worked properly with dnsmasq 2.80, but 
does not work properly with 2.90.

  $ cat /var/log/apt/history.log
  (snip)
  Start-Date: 2024-02-27  06:17:31
  Commandline: /usr/bin/unattended-upgrade
  Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1)
  End-Date: 2024-02-27  06:17:44
  (snip)
  $

  Cause details:
As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below 
is an example.

  $ cat default.conf 
  ##WARNING:  THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
  ##OVERWRITTEN AND LOST.  Changes to this configuration should be made using:
  ##virsh net-edit default
  ## or other application using the libvirt API.
  ##
  ## dnsmasq conf file created by libvirt
  strict-order
  user=libvirt-dnsmasq
  pid-file=/run/libvirt/network/default.pid
  except-interface=lo
  bind-dynamic
  interface=virbr0
  dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0
  dhcp-no-override
  dhcp-authoritative
  dhcp-lease-max=253
  dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile
  addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
  $ 

  
  When starting the network with KVM (virsh net-start), dnsmasq started from 
KVM executes the make_sock function twice as shown below.

 $ cat network.c
 (snip)
 1087 static struct listener *create_listeners(union mysockaddr *addr, int 
do_
 1087 tftp, int dienow)
 1088 {
 1089   struct listener *l = NULL;
 1090   int fd = -1, tcpfd = -1, tftpfd = -1;
 1091 
 1092   (void)do_tftp;
 1093 
 1094   if (daemon->port != 0)
 1095 {
 1096   fd = make_sock(addr, SOCK_DGRAM, dienow);
 1097   tcpfd = make_sock(addr, SOCK_STREAM, dienow);
 1098 }
 (snip)

  The following code causes an issue with the update made in dnsmasq
  2.90.

 $ cat network.c
 (snip)
  895 static int make_sock(union mysockaddr *addr, int type, int dienow)
  896 {
  (snip)
  934   if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL)
  935 {
  936   if (dienow)
  937 die(s, daemon->addrbuff, EC_BADNET);
  938   else
  939 my_syslog(LOG_WARNING, s, daemon->addrbuff, 
strerror(errno))939 ;
  940 }
  (snip)

  
  function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24, 
and then make_sock in network.c:1097 tries to bind to the same address. 
However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so 
dnsmasq does not cause a startup error. As a result, virsh net-start fails.

  As a temporary workaround, it will work if you try not to die.

  $ diff -u  network_c_back  network.c 
  --- network_c_back  2024-02-29 15:36:05.156467935 +
  +++ network.c 2024-02-29 15:36:38.733324350 +
  @@ -934,7 +934,8 @@
 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL)
{
  if (dienow)
  - die(s, daemon->addrbuff, EC_BADNET);
  + my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
  + //die(s, daemon->addrbuff, EC_BADNET);
  else
my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
}
  $ 

  If bind-dynamic is set, it should be modified so that it works even if
  errno==98.

  For reference, in the case of dnsmasq 2.80, the code is as follows, so
  no error occurs.

  network.c
  699 static int make_sock(union mysockaddr *addr, int type, int dienow)
  700 {
  701   int family = addr->sa.sa_family;
  702   int fd, rc, opt = 1;
  (snip)
  715 err:
  716   errsave = errno;
  717   port = prettyprint_addr(addr, daemon->addrbuff);
  718   if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND))
  719 sprintf(daemon->addrbuff, "port %d", port);
  720   s = _("failed to create listening socket for %s: %s");
  721   
  722   if (fd != -1)
  723 close (fd);
  724 
  725   errno = errsave;
  726 
  727

[Touch-packages] [Bug 2055455] Re: dnsmasq-base causes network device virbr0 to shut down

2024-03-03 Thread Marc Deslauriers

That is great news, I'm glad we've identified the root cause of the
problem and you have successfully resolved it.

I will mark this bug as invalid since, while the dnsmasq update did
change behaviour, the behaviour change revealed a configuration issue
rather than being an actual regression.

Thanks!

** Changed in: dnsmasq (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/2055455

Title:
  dnsmasq-base causes network device virbr0 to shut down

Status in dnsmasq package in Ubuntu:
  Invalid

Bug description:
  Installing dnsmasq-base v2.90-0ubuntu0.22.04.1 causes network device
  virbr0 to shut down during the boot-up process. Device virbr0 is
  installed by the libvirtd daemon. libvirtd gets an unexpected error
  when dnsmasq is called and then the address record for virbr0 is
  withdrawn.

  This problem goes away when reverting back to dnsmasq-base v2.86-1.1

  The attached text file provides relevant status reports which
  illustrate this problem. (status is shown for the system when using
  dnsmasq-base v2.90-0ubuntu0.22.04.1 when the problem occurs and then
  when the system operates correctly using dnsmasq-base v2.86-1.1)

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: dnsmasq-base 2.90-0ubuntu0.22.04.1
  ProcVersionSignature: Ubuntu 5.15.0-60.66-generic 5.15.78
  Uname: Linux 5.15.0-60-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Thu Feb 29 10:29:20 2024
  InstallationDate: Installed on 2018-10-08 (1970 days ago)
  InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 
(20180725)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: dnsmasq
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2055455/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2055455] Re: dnsmasq-base causes network device virbr0 to shut down

So, it looks like you are running bind on this machine, and bind is
listening on port 53 UDP:

udp0  0 192.168.122.1:530.0.0.0:*
1521/named

The old dnsmasq would ignore the error when it couldn't bind to a port,
but the new dnsmasq will fail if the port is already used, which makes
sense.

Perhaps you need to configure bind to not listen on the 192.168.122.1
interface...

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/2055455

Title:
  dnsmasq-base causes network device virbr0 to shut down

Status in dnsmasq package in Ubuntu:
  New

Bug description:
  Installing dnsmasq-base v2.90-0ubuntu0.22.04.1 causes network device
  virbr0 to shut down during the boot-up process. Device virbr0 is
  installed by the libvirtd daemon. libvirtd gets an unexpected error
  when dnsmasq is called and then the address record for virbr0 is
  withdrawn.

  This problem goes away when reverting back to dnsmasq-base v2.86-1.1

  The attached text file provides relevant status reports which
  illustrate this problem. (status is shown for the system when using
  dnsmasq-base v2.90-0ubuntu0.22.04.1 when the problem occurs and then
  when the system operates correctly using dnsmasq-base v2.86-1.1)

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: dnsmasq-base 2.90-0ubuntu0.22.04.1
  ProcVersionSignature: Ubuntu 5.15.0-60.66-generic 5.15.78
  Uname: Linux 5.15.0-60-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Thu Feb 29 10:29:20 2024
  InstallationDate: Installed on 2018-10-08 (1970 days ago)
  InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 
(20180725)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: dnsmasq
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2055455/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2055455] Re: dnsmasq-base causes network device virbr0 to shut down

What's the output of "sudo netstat --tcp --udp --listening --programs
--numeric"? Thanks!

** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/2055455

Title:
  dnsmasq-base causes network device virbr0 to shut down

Status in dnsmasq package in Ubuntu:
  New

Bug description:
  Installing dnsmasq-base v2.90-0ubuntu0.22.04.1 causes network device
  virbr0 to shut down during the boot-up process. Device virbr0 is
  installed by the libvirtd daemon. libvirtd gets an unexpected error
  when dnsmasq is called and then the address record for virbr0 is
  withdrawn.

  This problem goes away when reverting back to dnsmasq-base v2.86-1.1

  The attached text file provides relevant status reports which
  illustrate this problem. (status is shown for the system when using
  dnsmasq-base v2.90-0ubuntu0.22.04.1 when the problem occurs and then
  when the system operates correctly using dnsmasq-base v2.86-1.1)

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: dnsmasq-base 2.90-0ubuntu0.22.04.1
  ProcVersionSignature: Ubuntu 5.15.0-60.66-generic 5.15.78
  Uname: Linux 5.15.0-60-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Thu Feb 29 10:29:20 2024
  InstallationDate: Installed on 2018-10-08 (1970 days ago)
  InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 
(20180725)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: dnsmasq
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2055455/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.

** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/2055776

Title:
  After updating ubuntu, the network to which the subnet address is
  assigned does not become active in KVM.

Status in dnsmasq package in Ubuntu:
  New

Bug description:
  phenomenon:
After updating ubuntu, the network to which the subnet address is assigned 
does not become active in KVM.

  Cause:
This is because the following dnsmasq update operation performed by apt's 
automatic update causes an error. It worked properly with dnsmasq 2.80, but 
does not work properly with 2.90.

  $ cat /var/log/apt/history.log
  (snip)
  Start-Date: 2024-02-27  06:17:31
  Commandline: /usr/bin/unattended-upgrade
  Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1)
  End-Date: 2024-02-27  06:17:44
  (snip)
  $

  Cause details:
As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below 
is an example.

  $ cat default.conf 
  ##WARNING:  THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
  ##OVERWRITTEN AND LOST.  Changes to this configuration should be made using:
  ##virsh net-edit default
  ## or other application using the libvirt API.
  ##
  ## dnsmasq conf file created by libvirt
  strict-order
  user=libvirt-dnsmasq
  pid-file=/run/libvirt/network/default.pid
  except-interface=lo
  bind-dynamic
  interface=virbr0
  dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0
  dhcp-no-override
  dhcp-authoritative
  dhcp-lease-max=253
  dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile
  addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
  $ 

  
  When starting the network with KVM (virsh net-start), dnsmasq started from 
KVM executes the make_sock function twice as shown below.

 $ cat network.c
 (snip)
 1087 static struct listener *create_listeners(union mysockaddr *addr, int 
do_
 1087 tftp, int dienow)
 1088 {
 1089   struct listener *l = NULL;
 1090   int fd = -1, tcpfd = -1, tftpfd = -1;
 1091 
 1092   (void)do_tftp;
 1093 
 1094   if (daemon->port != 0)
 1095 {
 1096   fd = make_sock(addr, SOCK_DGRAM, dienow);
 1097   tcpfd = make_sock(addr, SOCK_STREAM, dienow);
 1098 }
 (snip)

  The following code causes an issue with the update made in dnsmasq
  2.90.

 $ cat network.c
 (snip)
  895 static int make_sock(union mysockaddr *addr, int type, int dienow)
  896 {
  (snip)
  934   if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL)
  935 {
  936   if (dienow)
  937 die(s, daemon->addrbuff, EC_BADNET);
  938   else
  939 my_syslog(LOG_WARNING, s, daemon->addrbuff, 
strerror(errno))939 ;
  940 }
  (snip)

  
  function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24, 
and then make_sock in network.c:1097 tries to bind to the same address. 
However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so 
dnsmasq does not cause a startup error. As a result, virsh net-start fails.

  As a temporary workaround, it will work if you try not to die.

  $ diff -u  network_c_back  network.c 
  --- network_c_back  2024-02-29 15:36:05.156467935 +
  +++ network.c 2024-02-29 15:36:38.733324350 +
  @@ -934,7 +934,8 @@
 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL)
{
  if (dienow)
  - die(s, daemon->addrbuff, EC_BADNET);
  + my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
  + //die(s, daemon->addrbuff, EC_BADNET);
  else
my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
}
  $ 

  If bind-dynamic is set, it should be modified so that it works even if
  errno==98.

  For reference, in the case of dnsmasq 2.80, the code is as follows, so
  no error occurs.

  network.c
  699 static int make_sock(union mysockaddr *addr, int type, int dienow)
  700 {
  701   int family = addr->sa.sa_family;
  702   int fd, rc, opt = 1;
  (snip)
  715 err:
  716   errsave = errno;
  717   port = prettyprint_addr(addr, daemon->addrbuff);
  718   if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND))
  719 sprintf(daemon->addrbuff, "port %d", port);
  720   s = _("failed to create listening socket for %s: %s");
  721   
  722   if (fd != -1)
  723 close (fd);
  724 
  725   errno = errsave;
  726 
  727   if (dienow)
  728 {
  729   /* failure to bind addresses given by --listen-address at 
this
  729  point
  730  is OK if we're doing bind-dynamic */
  731   if (!option_bool(OPT_CLEVERBIND))
  732

[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.

Do you know what else could be listening on that interface? What's the
output of "netstat --tcp --udp --listening --programs --numeric"?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/2055776

Title:
  After updating ubuntu, the network to which the subnet address is
  assigned does not become active in KVM.

Status in dnsmasq package in Ubuntu:
  New

Bug description:
  phenomenon:
After updating ubuntu, the network to which the subnet address is assigned 
does not become active in KVM.

  Cause:
This is because the following dnsmasq update operation performed by apt's 
automatic update causes an error. It worked properly with dnsmasq 2.80, but 
does not work properly with 2.90.

  $ cat /var/log/apt/history.log
  (snip)
  Start-Date: 2024-02-27  06:17:31
  Commandline: /usr/bin/unattended-upgrade
  Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1)
  End-Date: 2024-02-27  06:17:44
  (snip)
  $

  Cause details:
As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below 
is an example.

  $ cat default.conf 
  ##WARNING:  THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
  ##OVERWRITTEN AND LOST.  Changes to this configuration should be made using:
  ##virsh net-edit default
  ## or other application using the libvirt API.
  ##
  ## dnsmasq conf file created by libvirt
  strict-order
  user=libvirt-dnsmasq
  pid-file=/run/libvirt/network/default.pid
  except-interface=lo
  bind-dynamic
  interface=virbr0
  dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0
  dhcp-no-override
  dhcp-authoritative
  dhcp-lease-max=253
  dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile
  addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
  $ 

  
  When starting the network with KVM (virsh net-start), dnsmasq started from 
KVM executes the make_sock function twice as shown below.

 $ cat network.c
 (snip)
 1087 static struct listener *create_listeners(union mysockaddr *addr, int 
do_
 1087 tftp, int dienow)
 1088 {
 1089   struct listener *l = NULL;
 1090   int fd = -1, tcpfd = -1, tftpfd = -1;
 1091 
 1092   (void)do_tftp;
 1093 
 1094   if (daemon->port != 0)
 1095 {
 1096   fd = make_sock(addr, SOCK_DGRAM, dienow);
 1097   tcpfd = make_sock(addr, SOCK_STREAM, dienow);
 1098 }
 (snip)

  The following code causes an issue with the update made in dnsmasq
  2.90.

 $ cat network.c
 (snip)
  895 static int make_sock(union mysockaddr *addr, int type, int dienow)
  896 {
  (snip)
  934   if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL)
  935 {
  936   if (dienow)
  937 die(s, daemon->addrbuff, EC_BADNET);
  938   else
  939 my_syslog(LOG_WARNING, s, daemon->addrbuff, 
strerror(errno))939 ;
  940 }
  (snip)

  
  function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24, 
and then make_sock in network.c:1097 tries to bind to the same address. 
However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so 
dnsmasq does not cause a startup error. As a result, virsh net-start fails.

  As a temporary workaround, it will work if you try not to die.

  $ diff -u  network_c_back  network.c 
  --- network_c_back  2024-02-29 15:36:05.156467935 +
  +++ network.c 2024-02-29 15:36:38.733324350 +
  @@ -934,7 +934,8 @@
 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL)
{
  if (dienow)
  - die(s, daemon->addrbuff, EC_BADNET);
  + my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
  + //die(s, daemon->addrbuff, EC_BADNET);
  else
my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
}
  $ 

  If bind-dynamic is set, it should be modified so that it works even if
  errno==98.

  For reference, in the case of dnsmasq 2.80, the code is as follows, so
  no error occurs.

  network.c
  699 static int make_sock(union mysockaddr *addr, int type, int dienow)
  700 {
  701   int family = addr->sa.sa_family;
  702   int fd, rc, opt = 1;
  (snip)
  715 err:
  716   errsave = errno;
  717   port = prettyprint_addr(addr, daemon->addrbuff);
  718   if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND))
  719 sprintf(daemon->addrbuff, "port %d", port);
  720   s = _("failed to create listening socket for %s: %s");
  721   
  722   if (fd != -1)
  723 close (fd);
  724 
  725   errno = errsave;
  726 
  727   if (dienow)
  728 {
  729   /* failure to bind addresses given by --listen-address at 
this
  729  point
  730  is OK if we're doing

[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.

I will prepare updates for testing with the problematic commit reverted.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/2055776

Title:
  After updating ubuntu, the network to which the subnet address is
  assigned does not become active in KVM.

Status in dnsmasq package in Ubuntu:
  New

Bug description:
  phenomenon:
After updating ubuntu, the network to which the subnet address is assigned 
does not become active in KVM.

  Cause:
This is because the following dnsmasq update operation performed by apt's 
automatic update causes an error. It worked properly with dnsmasq 2.80, but 
does not work properly with 2.90.

  $ cat /var/log/apt/history.log
  (snip)
  Start-Date: 2024-02-27  06:17:31
  Commandline: /usr/bin/unattended-upgrade
  Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1)
  End-Date: 2024-02-27  06:17:44
  (snip)
  $

  Cause details:
As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below 
is an example.

  $ cat default.conf 
  ##WARNING:  THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
  ##OVERWRITTEN AND LOST.  Changes to this configuration should be made using:
  ##virsh net-edit default
  ## or other application using the libvirt API.
  ##
  ## dnsmasq conf file created by libvirt
  strict-order
  user=libvirt-dnsmasq
  pid-file=/run/libvirt/network/default.pid
  except-interface=lo
  bind-dynamic
  interface=virbr0
  dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0
  dhcp-no-override
  dhcp-authoritative
  dhcp-lease-max=253
  dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile
  addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
  $ 

  
  When starting the network with KVM (virsh net-start), dnsmasq started from 
KVM executes the make_sock function twice as shown below.

 $ cat network.c
 (snip)
 1087 static struct listener *create_listeners(union mysockaddr *addr, int 
do_
 1087 tftp, int dienow)
 1088 {
 1089   struct listener *l = NULL;
 1090   int fd = -1, tcpfd = -1, tftpfd = -1;
 1091 
 1092   (void)do_tftp;
 1093 
 1094   if (daemon->port != 0)
 1095 {
 1096   fd = make_sock(addr, SOCK_DGRAM, dienow);
 1097   tcpfd = make_sock(addr, SOCK_STREAM, dienow);
 1098 }
 (snip)

  The following code causes an issue with the update made in dnsmasq
  2.90.

 $ cat network.c
 (snip)
  895 static int make_sock(union mysockaddr *addr, int type, int dienow)
  896 {
  (snip)
  934   if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL)
  935 {
  936   if (dienow)
  937 die(s, daemon->addrbuff, EC_BADNET);
  938   else
  939 my_syslog(LOG_WARNING, s, daemon->addrbuff, 
strerror(errno))939 ;
  940 }
  (snip)

  
  function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24, 
and then make_sock in network.c:1097 tries to bind to the same address. 
However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so 
dnsmasq does not cause a startup error. As a result, virsh net-start fails.

  As a temporary workaround, it will work if you try not to die.

  $ diff -u  network_c_back  network.c 
  --- network_c_back  2024-02-29 15:36:05.156467935 +
  +++ network.c 2024-02-29 15:36:38.733324350 +
  @@ -934,7 +934,8 @@
 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL)
{
  if (dienow)
  - die(s, daemon->addrbuff, EC_BADNET);
  + my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
  + //die(s, daemon->addrbuff, EC_BADNET);
  else
my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
}
  $ 

  If bind-dynamic is set, it should be modified so that it works even if
  errno==98.

  For reference, in the case of dnsmasq 2.80, the code is as follows, so
  no error occurs.

  network.c
  699 static int make_sock(union mysockaddr *addr, int type, int dienow)
  700 {
  701   int family = addr->sa.sa_family;
  702   int fd, rc, opt = 1;
  (snip)
  715 err:
  716   errsave = errno;
  717   port = prettyprint_addr(addr, daemon->addrbuff);
  718   if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND))
  719 sprintf(daemon->addrbuff, "port %d", port);
  720   s = _("failed to create listening socket for %s: %s");
  721   
  722   if (fd != -1)
  723 close (fd);
  724 
  725   errno = errsave;
  726 
  727   if (dienow)
  728 {
  729   /* failure to bind addresses given by --listen-address at 
this
  729  point
  730  is OK if we're doing bind-dynamic */
  731   if (!option_bool(OPT_CLEVERBIND))

[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.

Out of curiosity, what is the contents of your /etc/dnsmasq.d directory?
Is there a symlink in there to /etc/dnsmasq.d-available/libvirt-daemon?
What is the contents of that file?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/2055776

Title:
  After updating ubuntu, the network to which the subnet address is
  assigned does not become active in KVM.

Status in dnsmasq package in Ubuntu:
  New

Bug description:
  phenomenon:
After updating ubuntu, the network to which the subnet address is assigned 
does not become active in KVM.

  Cause:
This is because the following dnsmasq update operation performed by apt's 
automatic update causes an error. It worked properly with dnsmasq 2.80, but 
does not work properly with 2.90.

  $ cat /var/log/apt/history.log
  (snip)
  Start-Date: 2024-02-27  06:17:31
  Commandline: /usr/bin/unattended-upgrade
  Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1)
  End-Date: 2024-02-27  06:17:44
  (snip)
  $

  Cause details:
As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below 
is an example.

  $ cat default.conf 
  ##WARNING:  THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
  ##OVERWRITTEN AND LOST.  Changes to this configuration should be made using:
  ##virsh net-edit default
  ## or other application using the libvirt API.
  ##
  ## dnsmasq conf file created by libvirt
  strict-order
  user=libvirt-dnsmasq
  pid-file=/run/libvirt/network/default.pid
  except-interface=lo
  bind-dynamic
  interface=virbr0
  dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0
  dhcp-no-override
  dhcp-authoritative
  dhcp-lease-max=253
  dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile
  addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
  $ 

  
  When starting the network with KVM (virsh net-start), dnsmasq started from 
KVM executes the make_sock function twice as shown below.

 $ cat network.c
 (snip)
 1087 static struct listener *create_listeners(union mysockaddr *addr, int 
do_
 1087 tftp, int dienow)
 1088 {
 1089   struct listener *l = NULL;
 1090   int fd = -1, tcpfd = -1, tftpfd = -1;
 1091 
 1092   (void)do_tftp;
 1093 
 1094   if (daemon->port != 0)
 1095 {
 1096   fd = make_sock(addr, SOCK_DGRAM, dienow);
 1097   tcpfd = make_sock(addr, SOCK_STREAM, dienow);
 1098 }
 (snip)

  The following code causes an issue with the update made in dnsmasq
  2.90.

 $ cat network.c
 (snip)
  895 static int make_sock(union mysockaddr *addr, int type, int dienow)
  896 {
  (snip)
  934   if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL)
  935 {
  936   if (dienow)
  937 die(s, daemon->addrbuff, EC_BADNET);
  938   else
  939 my_syslog(LOG_WARNING, s, daemon->addrbuff, 
strerror(errno))939 ;
  940 }
  (snip)

  
  function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24, 
and then make_sock in network.c:1097 tries to bind to the same address. 
However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so 
dnsmasq does not cause a startup error. As a result, virsh net-start fails.

  As a temporary workaround, it will work if you try not to die.

  $ diff -u  network_c_back  network.c 
  --- network_c_back  2024-02-29 15:36:05.156467935 +
  +++ network.c 2024-02-29 15:36:38.733324350 +
  @@ -934,7 +934,8 @@
 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL)
{
  if (dienow)
  - die(s, daemon->addrbuff, EC_BADNET);
  + my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
  + //die(s, daemon->addrbuff, EC_BADNET);
  else
my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
}
  $ 

  If bind-dynamic is set, it should be modified so that it works even if
  errno==98.

  For reference, in the case of dnsmasq 2.80, the code is as follows, so
  no error occurs.

  network.c
  699 static int make_sock(union mysockaddr *addr, int type, int dienow)
  700 {
  701   int family = addr->sa.sa_family;
  702   int fd, rc, opt = 1;
  (snip)
  715 err:
  716   errsave = errno;
  717   port = prettyprint_addr(addr, daemon->addrbuff);
  718   if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND))
  719 sprintf(daemon->addrbuff, "port %d", port);
  720   s = _("failed to create listening socket for %s: %s");
  721   
  722   if (fd != -1)
  723 close (fd);
  724 
  725   errno = errsave;
  726 
  727   if (dienow)
  728 {
  729   /* failure to bind addresses given by --listen-address at 
this
  729  point
  730

[Touch-packages] [Bug 2055455] Re: dnsmasq-base causes network device virbr0 to shut down

This may be caused by the same issue as bug 2055776. I am preparing
updated packages with the problematic commit reverted for testing.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/2055455

Title:
  dnsmasq-base causes network device virbr0 to shut down

Status in dnsmasq package in Ubuntu:
  New

Bug description:
  Installing dnsmasq-base v2.90-0ubuntu0.22.04.1 causes network device
  virbr0 to shut down during the boot-up process. Device virbr0 is
  installed by the libvirtd daemon. libvirtd gets an unexpected error
  when dnsmasq is called and then the address record for virbr0 is
  withdrawn.

  This problem goes away when reverting back to dnsmasq-base v2.86-1.1

  The attached text file provides relevant status reports which
  illustrate this problem. (status is shown for the system when using
  dnsmasq-base v2.90-0ubuntu0.22.04.1 when the problem occurs and then
  when the system operates correctly using dnsmasq-base v2.86-1.1)

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: dnsmasq-base 2.90-0ubuntu0.22.04.1
  ProcVersionSignature: Ubuntu 5.15.0-60.66-generic 5.15.78
  Uname: Linux 5.15.0-60-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Thu Feb 29 10:29:20 2024
  InstallationDate: Installed on 2018-10-08 (1970 days ago)
  InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 
(20180725)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: dnsmasq
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2055455/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.

Thanks for filing this bug, and the excellent analysis.

So it looks like the dnsmasq change was introduced here:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=744231d99505cdead314d13506b5ff8c44a13088

That was in response to this mailing list discussion:
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q4/017333.html

I think we need to report this issue upstream, perhaps we can revert
that commit in the meantime.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/2055776

Title:
  After updating ubuntu, the network to which the subnet address is
  assigned does not become active in KVM.

Status in dnsmasq package in Ubuntu:
  New

Bug description:
  phenomenon:
After updating ubuntu, the network to which the subnet address is assigned 
does not become active in KVM.

  Cause:
This is because the following dnsmasq update operation performed by apt's 
automatic update causes an error. It worked properly with dnsmasq 2.80, but 
does not work properly with 2.90.

  $ cat /var/log/apt/history.log
  (snip)
  Start-Date: 2024-02-27  06:17:31
  Commandline: /usr/bin/unattended-upgrade
  Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1)
  End-Date: 2024-02-27  06:17:44
  (snip)
  $

  Cause details:
As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below 
is an example.

  $ cat default.conf 
  ##WARNING:  THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
  ##OVERWRITTEN AND LOST.  Changes to this configuration should be made using:
  ##virsh net-edit default
  ## or other application using the libvirt API.
  ##
  ## dnsmasq conf file created by libvirt
  strict-order
  user=libvirt-dnsmasq
  pid-file=/run/libvirt/network/default.pid
  except-interface=lo
  bind-dynamic
  interface=virbr0
  dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0
  dhcp-no-override
  dhcp-authoritative
  dhcp-lease-max=253
  dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile
  addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
  $ 

  
  When starting the network with KVM (virsh net-start), dnsmasq started from 
KVM executes the make_sock function twice as shown below.

 $ cat network.c
 (snip)
 1087 static struct listener *create_listeners(union mysockaddr *addr, int 
do_
 1087 tftp, int dienow)
 1088 {
 1089   struct listener *l = NULL;
 1090   int fd = -1, tcpfd = -1, tftpfd = -1;
 1091 
 1092   (void)do_tftp;
 1093 
 1094   if (daemon->port != 0)
 1095 {
 1096   fd = make_sock(addr, SOCK_DGRAM, dienow);
 1097   tcpfd = make_sock(addr, SOCK_STREAM, dienow);
 1098 }
 (snip)

  The following code causes an issue with the update made in dnsmasq
  2.90.

 $ cat network.c
 (snip)
  895 static int make_sock(union mysockaddr *addr, int type, int dienow)
  896 {
  (snip)
  934   if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL)
  935 {
  936   if (dienow)
  937 die(s, daemon->addrbuff, EC_BADNET);
  938   else
  939 my_syslog(LOG_WARNING, s, daemon->addrbuff, 
strerror(errno))939 ;
  940 }
  (snip)

  
  function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24, 
and then make_sock in network.c:1097 tries to bind to the same address. 
However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so 
dnsmasq does not cause a startup error. As a result, virsh net-start fails.

  As a temporary workaround, it will work if you try not to die.

  $ diff -u  network_c_back  network.c 
  --- network_c_back  2024-02-29 15:36:05.156467935 +
  +++ network.c 2024-02-29 15:36:38.733324350 +
  @@ -934,7 +934,8 @@
 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL)
{
  if (dienow)
  - die(s, daemon->addrbuff, EC_BADNET);
  + my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
  + //die(s, daemon->addrbuff, EC_BADNET);
  else
my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
}
  $ 

  If bind-dynamic is set, it should be modified so that it works even if
  errno==98.

  For reference, in the case of dnsmasq 2.80, the code is as follows, so
  no error occurs.

  network.c
  699 static int make_sock(union mysockaddr *addr, int type, int dienow)
  700 {
  701   int family = addr->sa.sa_family;
  702   int fd, rc, opt = 1;
  (snip)
  715 err:
  716   errsave = errno;
  717   port = prettyprint_addr(addr, daemon->addrbuff);
  718   if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND))
  719 sprintf(daemon->addrbuff, "port %d", port);
  720   s = _("failed to create listening socket for %s: %s");
  721   
  722   if

[Touch-packages] [Bug 2055455] Re: dnsmasq-base causes network device virbr0 to shut down

2024-03-01 Thread Marc Deslauriers

Hi,

What the contents of the /etc/dnsmasq.d directory?
Is there a symlink to /etc/dnsmasq.d-available/libvirt-daemon ?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/2055455

Title:
  dnsmasq-base causes network device virbr0 to shut down

Status in dnsmasq package in Ubuntu:
  New

Bug description:
  Installing dnsmasq-base v2.90-0ubuntu0.22.04.1 causes network device
  virbr0 to shut down during the boot-up process. Device virbr0 is
  installed by the libvirtd daemon. libvirtd gets an unexpected error
  when dnsmasq is called and then the address record for virbr0 is
  withdrawn.

  This problem goes away when reverting back to dnsmasq-base v2.86-1.1

  The attached text file provides relevant status reports which
  illustrate this problem. (status is shown for the system when using
  dnsmasq-base v2.90-0ubuntu0.22.04.1 when the problem occurs and then
  when the system operates correctly using dnsmasq-base v2.86-1.1)

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: dnsmasq-base 2.90-0ubuntu0.22.04.1
  ProcVersionSignature: Ubuntu 5.15.0-60.66-generic 5.15.78
  Uname: Linux 5.15.0-60-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Thu Feb 29 10:29:20 2024
  InstallationDate: Installed on 2018-10-08 (1970 days ago)
  InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 
(20180725)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: dnsmasq
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2055455/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2052739] Re: tzdata 2024a release

2024-02-29 Thread Marc Deslauriers

+1 from security. Please remember to also release it to the -security
pocket on all releases in addition to just -updates.

Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to tzdata in Ubuntu.
https://bugs.launchpad.net/bugs/2052739

Title:
  tzdata 2024a release

Status in tzdata package in Ubuntu:
  Fix Released
Status in tzdata source package in Focal:
  Fix Released
Status in tzdata source package in Jammy:
  Fix Released
Status in tzdata source package in Mantic:
  Fix Released

Bug description:
  [ Impact ]

  The 2024a release contains the following changes:

  * Kazakhstan unifies on UTC+5 beginning 2024-03-01.
  * Palestine springs forward a week later after Ramadan.
  * zic no longer pretends to support indefinite-past DST.
  * localtime no longer mishandles Ciudad Juárez in 2422.

  [ Test Plan ]

  Test cases were added to the autopkgtest to cover the testing:

  * python: test_2024a
  * python-icu: test_2024a (only for focal and newer)

  So the test plan is to check that the autopkgtest succeeds.

  [ Other Info ]

  The autopkgtest for chrony is flaky on jammy and newer (see bug
  #2002910).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tzdata/+bug/2052739/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2016303] Re: Rebuild NSS with support for system-wide config file

2024-02-08 Thread Marc Deslauriers

The only curious thing with using "pkcs11.txt" is that is usually used
with the security databases. Per some of the manpages:

   In 2009, NSS introduced a new set of databases that are SQLite databases 
rather than BerkeleyDB. These new databases provide more accessibility and 
performance:
   •   cert9.db for certificates
   •   key4.db for keys
   •   pkcs11.txt, a listing of all of the PKCS #11 modules, contained in a 
new subdirectory in the security databases directory

Red Hat decided to use "nss.config" in Fedora for the system-wide policy
file, and the test at nss/tests/policy/policy.sh calls it "nss-policy".

Perhaps we should call it something different too? I don't really
understand the whole impact of this filename though, so my suggestion
may be unnecessary.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/2016303

Title:
  Rebuild NSS with support for system-wide config file

Status in nss package in Ubuntu:
  Confirmed

Bug description:
  NSS should be rebuilt with this patch:

  diff --git a/debian/libnss3.dirs b/debian/libnss3.dirs
  new file mode 100644
  index ..0f796964
  --- /dev/null
  +++ b/debian/libnss3.dirs
  @@ -0,0 +1 @@
  +etc/nss
  diff --git a/debian/rules b/debian/rules
  index 5ab1ced0..51bee160 100755
  --- a/debian/rules
  +++ b/debian/rules
  @@ -128,6 +128,8 @@ override_dh_auto_build:
  NSS_USE_SYSTEM_SQLITE=1 \
  NSS_ENABLE_ECC=1 \
  CHECKLOC= \
  +   POLICY_FILE=pkcs11.txt \
  +   POLICY_PATH=/etc/nss \
  $(TOOLCHAIN)

   override_dh_auto_clean:

  The directory could be another one, of course. This will allow us to
  create a system-wide /etc/nss/pkcs11.txt file which could load the NSS
  policy module.

  The upstream documentation is quite poor and outdated, unfortunately:
  
https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_config_options/
  
https://firefox-source-docs.mozilla.org/security/nss/legacy/pkcs11/module_specs/index.html

  The current source code is the best documentation, and has a ton of
  tests that show how to use the policy module:

  - allow/disallow options: 
https://git.launchpad.net/ubuntu/+source/nss/tree/nss/lib/pk11wrap/pk11pars.c#n144
  - versions and key sizes: 
https://git.launchpad.net/ubuntu/+source/nss/tree/nss/lib/pk11wrap/pk11pars.c#n437
  - other qualifiers for algorithms (which types of signatures): 
https://git.launchpad.net/ubuntu/+source/nss/tree/nss/lib/pk11wrap/pk11pars.c#n451
  - tons of policy tests: 
https://git.launchpad.net/ubuntu/+source/nss/tree/nss/tests/ssl/sslpolicy.txt 
and https://git.launchpad.net/ubuntu/+source/nss/tree/nss/tests/policy

  Here is a sample /etc/nss/pkcs11.txt which enables the policy module with 
certain values:
  library=
  name=Policy
  NSS=flags=policyOnly,moduleDB
  config="disallow=ALL 
allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:CURVE25519:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:aes128-gcm:aes128-cbc:SHA256:SHA384:SHA512:SHA224:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:ECDSA:RSA-PSS:RSA-PKCS:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=2048:DSA-MIN=2048:RSA-MIN=2048"

  The same config snippet can of course be used in ~/.pki/nssdb/pkcs11.txt or 
in any of the other many places we have a pkcs11.txt file on the system (hence 
the need for this build option: to have just one place):
  - firefox: ~/snap/firefox/common/.mozilla/firefox/pqx65eu1.default/pkcs11.txt
  - thunderbid: ~/.thunderbird/6mxs87xg.default-release/pkcs11.txt
  - chrome and system-provided libnss3: ~/.pki/nssdb/pkcs11.txt

  Note thunderbird ships its own libnss3 (zomg), and would not be
  affected by this build change (unless it's done in the thunderbird
  source package too).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2016303/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2016303] Re: Rebuild NSS with support for system-wide config file

2024-02-08 Thread Marc Deslauriers

This should get sent to debian too.

Quick question: is pkcs11.txt a default filename used anywhere else?
Where did the filename come from?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/2016303

Title:
  Rebuild NSS with support for system-wide config file

Status in nss package in Ubuntu:
  Confirmed

Bug description:
  NSS should be rebuilt with this patch:

  diff --git a/debian/libnss3.dirs b/debian/libnss3.dirs
  new file mode 100644
  index ..0f796964
  --- /dev/null
  +++ b/debian/libnss3.dirs
  @@ -0,0 +1 @@
  +etc/nss
  diff --git a/debian/rules b/debian/rules
  index 5ab1ced0..51bee160 100755
  --- a/debian/rules
  +++ b/debian/rules
  @@ -128,6 +128,8 @@ override_dh_auto_build:
  NSS_USE_SYSTEM_SQLITE=1 \
  NSS_ENABLE_ECC=1 \
  CHECKLOC= \
  +   POLICY_FILE=pkcs11.txt \
  +   POLICY_PATH=/etc/nss \
  $(TOOLCHAIN)

   override_dh_auto_clean:

  The directory could be another one, of course. This will allow us to
  create a system-wide /etc/nss/pkcs11.txt file which could load the NSS
  policy module.

  The upstream documentation is quite poor and outdated, unfortunately:
  
https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_config_options/
  
https://firefox-source-docs.mozilla.org/security/nss/legacy/pkcs11/module_specs/index.html

  The current source code is the best documentation, and has a ton of
  tests that show how to use the policy module:

  - allow/disallow options: 
https://git.launchpad.net/ubuntu/+source/nss/tree/nss/lib/pk11wrap/pk11pars.c#n144
  - versions and key sizes: 
https://git.launchpad.net/ubuntu/+source/nss/tree/nss/lib/pk11wrap/pk11pars.c#n437
  - other qualifiers for algorithms (which types of signatures): 
https://git.launchpad.net/ubuntu/+source/nss/tree/nss/lib/pk11wrap/pk11pars.c#n451
  - tons of policy tests: 
https://git.launchpad.net/ubuntu/+source/nss/tree/nss/tests/ssl/sslpolicy.txt 
and https://git.launchpad.net/ubuntu/+source/nss/tree/nss/tests/policy

  Here is a sample /etc/nss/pkcs11.txt which enables the policy module with 
certain values:
  library=
  name=Policy
  NSS=flags=policyOnly,moduleDB
  config="disallow=ALL 
allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:CURVE25519:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:aes128-gcm:aes128-cbc:SHA256:SHA384:SHA512:SHA224:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:ECDSA:RSA-PSS:RSA-PKCS:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=2048:DSA-MIN=2048:RSA-MIN=2048"

  The same config snippet can of course be used in ~/.pki/nssdb/pkcs11.txt or 
in any of the other many places we have a pkcs11.txt file on the system (hence 
the need for this build option: to have just one place):
  - firefox: ~/snap/firefox/common/.mozilla/firefox/pqx65eu1.default/pkcs11.txt
  - thunderbid: ~/.thunderbird/6mxs87xg.default-release/pkcs11.txt
  - chrome and system-provided libnss3: ~/.pki/nssdb/pkcs11.txt

  Note thunderbird ships its own libnss3 (zomg), and would not be
  affected by this build change (unless it's done in the thunderbird
  source package too).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2016303/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2016303] Re: Rebuild NSS with support for system-wide config file

2024-02-08 Thread Marc Deslauriers

ACK on the policy file location change.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/2016303

Title:
  Rebuild NSS with support for system-wide config file

Status in nss package in Ubuntu:
  Confirmed

Bug description:
  NSS should be rebuilt with this patch:

  diff --git a/debian/libnss3.dirs b/debian/libnss3.dirs
  new file mode 100644
  index ..0f796964
  --- /dev/null
  +++ b/debian/libnss3.dirs
  @@ -0,0 +1 @@
  +etc/nss
  diff --git a/debian/rules b/debian/rules
  index 5ab1ced0..51bee160 100755
  --- a/debian/rules
  +++ b/debian/rules
  @@ -128,6 +128,8 @@ override_dh_auto_build:
  NSS_USE_SYSTEM_SQLITE=1 \
  NSS_ENABLE_ECC=1 \
  CHECKLOC= \
  +   POLICY_FILE=pkcs11.txt \
  +   POLICY_PATH=/etc/nss \
  $(TOOLCHAIN)

   override_dh_auto_clean:

  The directory could be another one, of course. This will allow us to
  create a system-wide /etc/nss/pkcs11.txt file which could load the NSS
  policy module.

  The upstream documentation is quite poor and outdated, unfortunately:
  
https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_config_options/
  
https://firefox-source-docs.mozilla.org/security/nss/legacy/pkcs11/module_specs/index.html

  The current source code is the best documentation, and has a ton of
  tests that show how to use the policy module:

  - allow/disallow options: 
https://git.launchpad.net/ubuntu/+source/nss/tree/nss/lib/pk11wrap/pk11pars.c#n144
  - versions and key sizes: 
https://git.launchpad.net/ubuntu/+source/nss/tree/nss/lib/pk11wrap/pk11pars.c#n437
  - other qualifiers for algorithms (which types of signatures): 
https://git.launchpad.net/ubuntu/+source/nss/tree/nss/lib/pk11wrap/pk11pars.c#n451
  - tons of policy tests: 
https://git.launchpad.net/ubuntu/+source/nss/tree/nss/tests/ssl/sslpolicy.txt 
and https://git.launchpad.net/ubuntu/+source/nss/tree/nss/tests/policy

  Here is a sample /etc/nss/pkcs11.txt which enables the policy module with 
certain values:
  library=
  name=Policy
  NSS=flags=policyOnly,moduleDB
  config="disallow=ALL 
allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:CURVE25519:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:aes128-gcm:aes128-cbc:SHA256:SHA384:SHA512:SHA224:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:ECDSA:RSA-PSS:RSA-PKCS:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=2048:DSA-MIN=2048:RSA-MIN=2048"

  The same config snippet can of course be used in ~/.pki/nssdb/pkcs11.txt or 
in any of the other many places we have a pkcs11.txt file on the system (hence 
the need for this build option: to have just one place):
  - firefox: ~/snap/firefox/common/.mozilla/firefox/pqx65eu1.default/pkcs11.txt
  - thunderbid: ~/.thunderbird/6mxs87xg.default-release/pkcs11.txt
  - chrome and system-provided libnss3: ~/.pki/nssdb/pkcs11.txt

  Note thunderbird ships its own libnss3 (zomg), and would not be
  affected by this build change (unless it's done in the thunderbird
  source package too).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2016303/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2052328] Re: openssh-client encounters MAC algo issue with EL8

I am closing this bug since the issue appears to be in Oracle Linux and
is being tracked here:

https://github.com/oracle/oracle-linux/issues/125

Thanks!

** Bug watch added: github.com/oracle/oracle-linux/issues #125
   https://github.com/oracle/oracle-linux/issues/125

** Changed in: openssh (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2052328

Title:
  openssh-client encounters MAC algo issue with EL8

Status in openssh package in Ubuntu:
  Invalid

Bug description:
  Ubuntu 22.04 system connecting to an Oracle Linux v8 host.  The
  following error occurs regardless of the the MACs specified (or not)
  in sshd_config:

  Corrupted MAC on input.
  ssh_dispatch_run_fatal: Connection to XX.XX.XX.XX port 22: message 
authentication code incorrect

  Presumably, this may happen on any RHEL v8 variant. Note that
  connecting to Enterprise Linux v7 work as well as other Ubuntu hosts.
  Downgrading to previous version of openssh-client fixes issue.

  apt install openssh-client=1:8.9p1-3

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2052328/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2052328] Re: openssh-client encounters MAC algo issue with EL8

I believe this issue is caused by a bad backport in Oracle's
8.0p1-19.el8_9.2 package. I think their fix for CVE-2023-48795 isn't
properly adding kex-strict-s-...@openssh.com to their KEX. Downgrading
the Ubuntu package works around the problem as that prevents the client
from offering kex-strict-c-...@openssh.com.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-48795

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2052328

Title:
  openssh-client encounters MAC algo issue with EL8

Status in openssh package in Ubuntu:
  New

Bug description:
  Ubuntu 22.04 system connecting to an Oracle Linux v8 host.  The
  following error occurs regardless of the the MACs specified (or not)
  in sshd_config:

  Corrupted MAC on input.
  ssh_dispatch_run_fatal: Connection to XX.XX.XX.XX port 22: message 
authentication code incorrect

  Presumably, this may happen on any RHEL v8 variant. Note that
  connecting to Enterprise Linux v7 work as well as other Ubuntu hosts.
  Downgrading to previous version of openssh-client fixes issue.

  apt install openssh-client=1:8.9p1-3

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2052328/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2052328] Re: openssh-client encounters MAC algo issue with EL8

OK, I have managed to locate the Oracle binary packages for
8.0p1-19.el8_9.2 and can confirm the issue. This is curious as the same
packages from RockyLinux appear to work. I will attempt to investigate
the differences.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2052328

Title:
  openssh-client encounters MAC algo issue with EL8

Status in openssh package in Ubuntu:
  New

Bug description:
  Ubuntu 22.04 system connecting to an Oracle Linux v8 host.  The
  following error occurs regardless of the the MACs specified (or not)
  in sshd_config:

  Corrupted MAC on input.
  ssh_dispatch_run_fatal: Connection to XX.XX.XX.XX port 22: message 
authentication code incorrect

  Presumably, this may happen on any RHEL v8 variant. Note that
  connecting to Enterprise Linux v7 work as well as other Ubuntu hosts.
  Downgrading to previous version of openssh-client fixes issue.

  apt install openssh-client=1:8.9p1-3

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2052328/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2052328] Re: openssh-client encounters MAC algo issue with EL8

The Oracle Linux I'm running is the v8 developer preview, as that is the
only freely downloadable version.

I couldn't reproduce the issue with openssh-server-8.0p1-17.el8.x86_64.

Since I can't get newer packages from Oracle with this version, I
installed openssh, openssh-askpass, openssh-client and openssh-server
8.0p1-19.el8_9.2 from RockyLinux into the Oracle install, and I still
can't reproduce the issue.

Could someone perhaps email me the 4 Oracle binary rpms for the packages
listed above so I can try them?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2052328

Title:
  openssh-client encounters MAC algo issue with EL8

Status in openssh package in Ubuntu:
  New

Bug description:
  Ubuntu 22.04 system connecting to an Oracle Linux v8 host.  The
  following error occurs regardless of the the MACs specified (or not)
  in sshd_config:

  Corrupted MAC on input.
  ssh_dispatch_run_fatal: Connection to XX.XX.XX.XX port 22: message 
authentication code incorrect

  Presumably, this may happen on any RHEL v8 variant. Note that
  connecting to Enterprise Linux v7 work as well as other Ubuntu hosts.
  Downgrading to previous version of openssh-client fixes issue.

  apt install openssh-client=1:8.9p1-3

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2052328/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2052328] Re: openssh-client encounters MAC algo issue with EL8

2024-02-04 Thread Marc Deslauriers

Hi,

Thanks for reporting this issue. I can't seem to reproduce it though
with Oracle Linux v8 running openssh-server-8.0p1-17.el8.x86_64 and an
Ubuntu 22.04 client running 1:8.9p1-3ubuntu0.6.

Could you perhaps give me a bit more details on how I could reproduce
this?

Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2052328

Title:
  openssh-client encounters MAC algo issue with EL8

Status in openssh package in Ubuntu:
  New

Bug description:
  Ubuntu 22.04 system connecting to an Oracle Linux v8 host.  The
  following error occurs regardless of the the MACs specified (or not)
  in sshd_config:

  Corrupted MAC on input.
  ssh_dispatch_run_fatal: Connection to XX.XX.XX.XX port 22: message 
authentication code incorrect

  Presumably, this may happen on any RHEL v8 variant. Note that
  connecting to Enterprise Linux v7 work as well as other Ubuntu hosts.
  Downgrading to previous version of openssh-client fixes issue.

  apt install openssh-client=1:8.9p1-3

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2052328/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2046526] Re: pam_access Configuration Treats TTY Names as Hostnames

** Changed in: pam (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/2046526

Title:
  pam_access Configuration Treats TTY Names as Hostnames

Status in pam package in Ubuntu:
  Confirmed

Bug description:
  Comments in PAM service files at /etc/pam.d/* suggest a line to
  uncomment to configure complicated authorization rules using
  pam_access (which in turn is configured by /etc/security/access.conf):

  /etc/pam.d/sshd:

  # Uncomment and edit /etc/security/access.conf if you need to set complex
  # access limits that are hard to express in sshd_config.
  # account  required pam_access.so

  /etc/pam.d/login:

  # Uncomment and edit /etc/security/access.conf if you need to
  # set access limits.
  # (Replaces /etc/login.access file)
  # account  required   pam_access.so

  Comments in /etc/security/access.conf indicate the origin in this file
  can be a TTY or domain name:

  # The third field should be a list of one or more tty names (for
  # non-networked logins), host names, domain names (begin with "."),

  I wanted to configure a user on my server, 'localadmin', who can only
  log in on the console and not via any network service and tried to
  achieve this using pam_access as follows:

  I uncommented the default ‘account required pam_access.so’ lines in
  /etc/pam.d/sshd and /etc/pam.d/login.

  I add the following in /etc/security/access.conf intending to allow
  user 'localadmin' to only log in on the console:

  +:localadmin:tty1
  -:localadmin:ALL

  This seems to work. Login via SSH fails and succeeds on the console,
  as expected.

  However, /var/log/auth.log suspiciously indicates it is treating tty1
  as a hostname during the failed SSH attempt:

  Dec 15 01:28:12 server sshd[5868]: pam_access(sshd:account): cannot 
resolve hostname "tty1"
  Dec 15 01:28:12 server sshd[5868]: pam_access(sshd:account): access 
denied for user `localadmin' from `10.0.0.101'

  It is confirmed to be doing DNS lookups for 'tty1' in the search
  domain during the login attempt:

  admin@server:~$ resolvectl status eth0
  ...
 DNS Servers: 10.0.0.2
  DNS Domain: example.com
  admin@server:~$ sudo tcpdump -i eth0 -n port 53
  01:28:12.100348 IP 10.0.0.42.44968 > 10.0.0.2.53: 21558+ [1au] A? 
tty1.example.com. (45)
  01:28:12.100666 IP 10.0.0.42.44669 > 10.0.0.2.53: 40453+ [1au] ? 
tty1.example.com. (45)
  01:28:12.103027 IP 10.0.0.2.53 > 10.0.0.42.44968: 21558 NXDomain* 0/1/1 
(95)
  01:28:12.103027 IP 10.0.0.2.53 > 10.0.0.42.44669: 40453 NXDomain* 0/1/1 
(95)

  I configured my DNS service to resolve hostname 'tty1' to the IP
  address the SSH connection originates from:

  admin@server:~$ dig +short tty1.example.com
  10.0.0.101

  SSH access is then unexpectedly allowed:

  user@clienthost:~$ ip -4 a show dev eth0
  inet 10.0.0.101/24 ...
  user@clienthost:~$ ssh localadmin@10.0.0.42
  localadmin@10.0.0.42's password: 
  localadmin@server:~$ 

  I think the local origins should be completely separated from network
  origins in /etc/security/access.conf somehow (maybe with separate
  access.conf files used for local and network PAM services).

  Other requested bug report info:

  root@server:~# lsb_release -rd
  Description:Ubuntu 22.04.3 LTS
  Release:22.04
  root@server:~# apt-cache policy pam
  N: Unable to locate package pam
  root@server:~# apt-cache policy libpam-modules
  libpam-modules:
Installed: 1.4.0-11ubuntu2.3
Candidate: 1.4.0-11ubuntu2.3
Version table:
   *** 1.4.0-11ubuntu2.3 500
  500 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
  500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 
Packages
  100 /var/lib/dpkg/status
   1.4.0-11ubuntu2 500
  500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2046526/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2047595] Re: sound control panel security

** Package changed: ubuntu-meta (Ubuntu) => gnome-shell (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/2047595

Title:
  sound control panel security

Status in gnome-shell package in Ubuntu:
  New

Bug description:
  The controls in the upper right hand corner, which consist of WiFi Bar, Sound 
Bar, and Battery Bar icons are unlocked when the machine is locked. This will 
enable anyone, who has physical access to the machine to change, disable or 
rearrange any settings available in this interface; 
  1. WiFi-- add or remove access points, disconnect WiFi, change power modes, 
styles, keyboard, etc. Power Modes. 
  2. Sounds, disable or modify sounds, lighting settings 
  3. Change or modify battery schemes. Power off machines, or sleep / Hibernate 
machine, etc. 
   
  lsb_release -rd  Ubuntu 23.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/2047595/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2046633] Re: Don't include 'nmcli -f all con' output in bug report (for privacy)

** Information type changed from Public Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/2046633

Title:
  Don't include 'nmcli -f all con' output in bug report (for privacy)

Status in network-manager package in Ubuntu:
  New

Bug description:
  The apport bug reporting hooks for this package
  (/usr/share/apport/package/hooks/source_network-manager{,-applet}.py)
  include the output of `nmcli -f all con`.  This lists all wifi SSIDs
  that the user has ever connected to, and the date of last connection.
  I think this is a privacy problem, as it tends to reveal the user's
  recent whereabouts, and it's posted publicly on launchpad.  (Imagine
  for instance an entry for "LoveMotelGuestWifi" at a time when the user
  had said they were at the office...)

  It is disclosed to the user before the report is sent, but only if
  they think to expand that item in the "Send / Don't send" dialog
  (which is not descriptively labeled), and there is no way to opt out
  of it.  You can delete it manually from launchpad afterward, which is
  what I am going to do with this bug report, but I doubt most people
  would know to do that.

  This info should probably not be included at all, or if it is, it
  should be sanitized.  Also, it might be a good idea to purge launchpad
  of all such files.

  (Marking this as "security" in case you consider this kind of a
  privacy leak to be something the security team should handle.  If not,
  feel free to demote it to an ordinary bug.)

  ProblemType: Bug
  DistroRelease: Ubuntu 23.10
  Package: network-manager 1.44.2-1ubuntu1.2
  ProcVersionSignature: Ubuntu 6.5.0-14.14-generic 6.5.3
  Uname: Linux 6.5.0-14-generic x86_64
  ApportVersion: 2.27.0-0ubuntu5
  Architecture: amd64
  CasperMD5CheckResult: unknown
  Date: Sat Dec 16 14:38:45 2023
  IfupdownConfig:
   # interfaces(5) file used by ifup(8) and ifdown(8)
   auto lo
   iface lo inet loopback
  InstallationDate: Installed on 2019-06-03 (1657 days ago)
  InstallationMedia: Ubuntu 19.04 "Disco Dingo" - Release amd64 (20190416)
  IpRoute:
   default via 192.168.1.13 dev enxa0cec8c4f782 proto dhcp src 192.168.1.60 
metric 100 
   169.254.0.0/16 dev virbr0 scope link metric 1000 linkdown 
   172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
   192.168.1.0/24 dev enxa0cec8c4f782 proto kernel scope link src 192.168.1.60 
metric 100 
   192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 
linkdown
  ProcEnviron:
   LANG=en_US.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=xterm-256color
   XDG_RUNTIME_DIR=
  SourcePackage: network-manager
  UpgradeStatus: Upgraded to mantic on 2023-12-14 (3 days ago)
  modified.conffile..etc.default.apport:
   # set this to 0 to disable apport, or to 1 to enable it
   # you can temporarily override this with
   # sudo service apport start force_start=1
   enabled=0
  mtime.conffile..etc.default.apport: 2020-08-04T11:07:36.415303
  nmcli-nm:
   RUNNING  VERSION  STATE  STARTUP  CONNECTIVITY  NETWORKING  WIFI-HW  
WIFI WWAN-HW  WWAN
   running  1.44.2   connected  started  full  enabled enabled  
enabled  missing  enabled

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/2046633/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2047595] Re: sound control panel security

What desktop environment are you using?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/2047595

Title:
  sound control panel security

Status in gnome-shell package in Ubuntu:
  New

Bug description:
  The controls in the upper right hand corner, which consist of WiFi Bar, Sound 
Bar, and Battery Bar icons are unlocked when the machine is locked. This will 
enable anyone, who has physical access to the machine to change, disable or 
rearrange any settings available in this interface; 
  1. WiFi-- add or remove access points, disconnect WiFi, change power modes, 
styles, keyboard, etc. Power Modes. 
  2. Sounds, disable or modify sounds, lighting settings 
  3. Change or modify battery schemes. Power off machines, or sleep / Hibernate 
machine, etc. 
   
  lsb_release -rd  Ubuntu 23.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/2047595/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2049239] Re: package linux-image-6.5.0-14-generic 6.5.0-14.14~22.04.1 failed to install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/2049239

Title:
  package linux-image-6.5.0-14-generic 6.5.0-14.14~22.04.1 failed to
  install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools
  exited with return code 1

Status in initramfs-tools package in Ubuntu:
  New

Bug description:
  i occured this when i on terminal i can't provide more details because
  i don't know much

  ProblemType: Package
  DistroRelease: Ubuntu 22.04
  Package: linux-image-6.5.0-14-generic 6.5.0-14.14~22.04.1
  ProcVersionSignature: Ubuntu 6.2.0-39.40~22.04.1-generic 6.2.16
  Uname: Linux 6.2.0-39-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: pass
  Date: Fri Jan 12 19:20:00 2024
  ErrorMessage: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with 
return code 1
  InstallationDate: Installed on 2023-10-28 (76 days ago)
  InstallationMedia: Ubuntu 22.04.3 LTS "Jammy Jellyfish" - Release amd64 
(20230807.2)
  Python3Details: /usr/bin/python3.10, Python 3.10.12, python3-minimal, 
3.10.6-1~22.04
  PythonDetails: N/A
  RebootRequiredPkgs: Error: path contained symlinks.
  RelatedPackageVersions:
   dpkg 1.21.1ubuntu2.2
   apt  2.4.11
  SourcePackage: initramfs-tools
  Title: package linux-image-6.5.0-14-generic 6.5.0-14.14~22.04.1 failed to 
install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with 
return code 1
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2049239/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2037323] Re: gst-plugins-bad1.0 fails to build: netsim test failing

2023-11-29 Thread Marc Deslauriers

Note to future mdeslaur: re-mashing the retry button will eventually
result in the test passing and the build succeeding.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gst-plugins-bad1.0 in
Ubuntu.
https://bugs.launchpad.net/bugs/2037323

Title:
  gst-plugins-bad1.0 fails to build: netsim test failing

Status in gst-plugins-bad:
  New
Status in gst-plugins-bad1.0 package in Ubuntu:
  Triaged
Status in gst-plugins-bad1.0 package in Debian:
  Confirmed

Bug description:
  gst-plugin-bad1.0's elements_netsim build test began failing after
  July 6 (when 1.22.4 was uploaded) but before August 15. This is a
  regression caused by a change in one of its build dependencies.

  === 91/109 ===
  test: elements_netsim
  start time:   12:04:11
  duration: 1.31s
  result:   exit status 2
  command:  
GST_PLUGIN_LOADING_WHITELIST=gstreamer:gst-plugins-base:gst-plugins-good:
  
gst-plugins-ugly:gst-libav:libnice:gst-plugins-bad@/<>/obj-x86_64-linux-gnu
   
GST_PLUGIN_PATH_1_0=/<>/obj-x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu/gstreamer-1.0:
  /usr/lib/x86_64-linux-gnu/gstreamer-1.0
   
GST_PLUGIN_SCANNER_1_0=/usr/lib/x86_64-linux-gnu/gstreamer1.0/gstreamer-1.0/gst-plugin-scanner
   GST_STATE_IGNORE_ELEMENTS='' CK_DEFAULT_TIMEOUT=20
   
GST_REGISTRY=/<>/obj-x86_64-linux-gnu/tests/check/elements_netsim.registry
   MALLOC_PERTURB_=119 GST_PLUGIN_SYSTEM_PATH_1_0=''
   
LD_LIBRARY_PATH=/<>/obj-x86_64-linux-gnu/gst-libs/gst/basecamerabinsrc:
  /<>/obj-x86_64-linux-gnu/gst-libs/gst/uridownloader:
  /<>/obj-x86_64-linux-gnu/gst-libs/gst/interfaces:
  /usr/lib/libeatmydata 
/<>/obj-x86_64-linux-gnu/tests/check/elements_netsim
  --- stdout ---
  Running suite(s): netsim

  
  Unexpected critical/warning: 
../gst/gstpad.c:4427:gst_pad_chain_data_unchecked: Got data flow 
before stream-start event

  Stack trace:
  gst_debug_get_stack_trace 
(/usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.2205.0:0x7f94f8b3e6db)
  ?? (/usr/lib/x86_64-linux-gnu/libgstcheck-1.0.so.0.2205.0:0x7f94f8961a9f)
  g_logv (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7800.0:0x7f94f89ddc0c)
  g_log (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7800.0:0x7f94f89ddebf)
  ?? (/usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.2205.0:0x7f94f8b4a072)
  ?? (/usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.2205.0:0x7f94f8b4c2c2)
  gst_pad_push 
(/usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.2205.0:0x7f94f8b53b44)
  ?? (/usr/lib/x86_64-linux-gnu/libgstcheck-1.0.so.0.2205.0:0x7f94f8967b62)
  ?? (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7800.0:0x7f94f8a029dd)
  ?? (/usr/lib/x86_64-linux-gnu/libc.so.6:0x7f94f87fa3e8)
  ?? (/usr/lib/x86_64-linux-gnu/libc.so.6:0x7f94f887aa28)


  Unexpected critical/warning: 
../gst/gstpad.c:4427:gst_pad_chain_data_unchecked:
   Got data flow before stream-start event

  Stack trace:
  gst_debug_get_stack_trace 
(/usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.2205.0:0x7f94f8b3e6db)
  ?? (/usr/lib/x86_64-linux-gnu/libgstcheck-1.0.so.0.2205.0:0x7f94f8961a9f)
  g_logv (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7800.0:0x7f94f89ddc0c)
  g_log (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7800.0:0x7f94f89ddebf)
  ?? (/usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.2205.0:0x7f94f8b4a072)
  ?? (/usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.2205.0:0x7f94f8b4c2c2)
  gst_pad_push 
(/usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.2205.0:0x7f94f8b53b44)
  ?? (/usr/lib/x86_64-linux-gnu/libgstcheck-1.0.so.0.2205.0:0x7f94f8967b62)
  ?? (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7800.0:0x7f94f8a029dd)
  ?? (/usr/lib/x86_64-linux-gnu/libc.so.6:0x7f94f87fa3e8)
  ?? (/usr/lib/x86_64-linux-gnu/libc.so.6:0x7f94f887aa28)

  0%: Checks: 2, Failures: 2, Errors: 0
  ../libs/gst/check/gstcheck.c:286:F:general:netsim_stress:0: Unexpected 
critical/warning:
   ../gst/gstpad.c:4427:gst_pad_chain_data_unchecked: Got data 
flow before stream-start event
  ../libs/gst/check/gstcheck.c:286:F:general:netsim_stress_delayed:0: 
Unexpected critical/warning:
   ../gst/gstpad.c:4427:gst_pad_chain_data_unchecked: Got data flow 
before stream-start event
  Check suite netsim ran in 0.240s (tests failed: 2)

To manage notifications about this bug go to:
https://bugs.launchpad.net/gst-plugins-bad/+bug/2037323/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2036321] Re: Periodically flickering of speaker icon

2023-10-13 Thread Marc Deslauriers

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/2036321

Title:
  Periodically flickering of speaker icon

Status in pulseaudio package in Ubuntu:
  New

Bug description:
  Flickering of speaker icon continuously so that I am not able to use
  Ubuntu 20.04.6 LTS

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: pulseaudio 1:13.99.1-1ubuntu3.14
  ProcVersionSignature: Ubuntu 5.15.0-85.95~20.04.2-generic 5.15.122
  Uname: Linux 5.15.0-85-generic x86_64
  AlsaVersion: Advanced Linux Sound Architecture Driver Version 
k5.15.0-85-generic.
  ApportVersion: 2.20.11-0ubuntu27.27
  Architecture: amd64
  ArecordDevices:
    List of CAPTURE Hardware Devices 
   card 1: PCH [HDA Intel PCH], device 0: ALC3223 Analog [ALC3223 Analog]
 Subdevices: 1/1
 Subdevice #0: subdevice #0
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC1:  vishal 1379 F pulseaudio
   /dev/snd/pcmC1D0p:   vishal 1379 F...m pulseaudio
   /dev/snd/controlC0:  vishal 1379 F pulseaudio
  Card0.Amixer.info:
   Card hw:0 'HDMI'/'HDA Intel HDMI at 0xb071 irq 50'
 Mixer name : 'Intel Haswell HDMI'
 Components : 'HDA:80862807,80860101,0010'
 Controls  : 35
 Simple ctrls  : 5
  Card1.Amixer.info:
   Card hw:1 'PCH'/'HDA Intel PCH at 0xb0714000 irq 48'
 Mixer name : 'Realtek ALC3223'
 Components : 'HDA:10ec0283,102805e9,0013'
 Controls  : 25
 Simple ctrls  : 13
  CasperMD5CheckResult: skip
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Sep 16 21:05:29 2023
  InstallationDate: Installed on 2022-08-21 (390 days ago)
  InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731)
  SourcePackage: pulseaudio
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 05/27/2019
  dmi.bios.vendor: Dell Inc.
  dmi.bios.version: A12
  dmi.board.name: 0Y4M2K
  dmi.board.vendor: Dell Inc.
  dmi.board.version: A00
  dmi.chassis.type: 8
  dmi.chassis.vendor: Dell Inc.
  dmi.chassis.version: A12
  dmi.ec.firmware.release: 1.1
  dmi.modalias: 
dmi:bvnDellInc.:bvrA12:bd05/27/2019:efr1.1:svnDellInc.:pnInspiron5537:pvrA12:rvnDellInc.:rn0Y4M2K:rvrA00:cvnDellInc.:ct8:cvrA12:skuInspiron5537:
  dmi.product.family: 00
  dmi.product.name: Inspiron 5537
  dmi.product.sku: Inspiron 5537
  dmi.product.version: A12
  dmi.sys.vendor: Dell Inc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/2036321/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1971242] Re: printing PDF appears always grey, no color

2023-09-12 Thread Marc Deslauriers

I have tested the lunar-proposed package (2.4.2-3ubuntu2.3), and after
updating the package, and recreating the printer, it now defaults to
printing in colour when using Okular.

** Tags removed: verification-needed verification-needed-lunar
** Tags added: verification-done verification-done-lunar

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1971242

Title:
  printing PDF appears always grey, no color

Status in CUPS:
  Fix Released
Status in atril package in Ubuntu:
  Confirmed
Status in cups package in Ubuntu:
  Fix Released
Status in okular package in Ubuntu:
  Confirmed
Status in cups source package in Jammy:
  Fix Committed
Status in cups source package in Lunar:
  Fix Committed

Bug description:
  After upgrading from 20.04 LTS to 22.04 LTS I can't print colored PDF
  document. The print appears always b/w regardless color printing was
  enabled or not. Printing from LibreOffice produces a color print. This
  behavior (bug) is reproducible on three upgraded machines. It would be
  nice to have color print back again.

  [ Impact ]

  If the PPD file for a printer has a ColorModel option and the only
  choice in it for printing in color is not named RGB but CMYK instead,
  the printer cannot be made printing in color with intuitive methods,
  usually selcting the color choice in the print dialog (which makes
  ColorModel=CMYK be sent along with the job).

  Only an ugly command-line-based workaround, running the command

  lpadmin -p PRINTER -o print-color-mode-default=color

  makes the printer print in color.

  An example for printers with such PPDs are printers from RICOH and OEM
  (Lanier, InfoTec, Savin, ..), so many high-end color laser printers
  are affected.

  [ Test Plan ]

  Remove the workaround if you had applied it:

  lpadmin -p PRINTER -R print-color-mode-default

  If you have an affected printer, print a PDF file (or use the print
  functionality in an application) with colored content and choose the
  setting for color printing in the print dialog. When printing via
  command line do

  lp -d PRINTER -o ColorModel=CMYK FILE.pdf

  Without the SRU applied you will get a grayscale/monochrome printout,
  with it applied, you will get a colored printout.

  To test without a printer:

  Stop CUPS:

  sudo systemctl stop cups

  Edit /etc/cups/cups-files.conf to have a line

  FileDevice Yes

  and start CUPS again:

  sudo systemctl start cups

  Then create a queue using the attached sample PPD file:

  lpadmin -p color-test -E -v file:/tmp/printout -P Ricoh-
  PDF_Printer-PDF.ppd

  Print a file to this queue as described above. When the job is done
  ("lpstat" does not show it any more), open /tmp/printout with a text
  editor. Check whether it contains a line

  @PJL SET RENDERMODE=COLOR

  near its beginning, and NOT a line

  @PJL SET RENDERMODE=GRAYSCALE

  [ Where problems could occur ]

  The patches are simple and they are also for some time in newer CUPS
  versions (2.4.2 and newer) which are included in several distributions
  (Ubuntu 22.10, 23.04, and others) and did not cause any complaints
  about color printing. So the regression potential is very low.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cups/+bug/1971242/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2028774] Re: ssh fails to load opensc-pkcs11.so

2023-07-28 Thread Marc Deslauriers

Upstream says the change is intentional, so I am closing this bug.
Thanks!

** Changed in: openssh (Ubuntu)
   Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2028774

Title:
  ssh fails to load opensc-pkcs11.so

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Won't Fix

Bug description:
  I have PKCS11Provider opensc-pkcs11.so in my ~/.ssh/config

  After the last update of openssh-client I now get:

  $ strace -o slogin.log slogin host
  lib_contains_symbol: open opensc-pkcs11.so: No such file or directory
  provider opensc-pkcs11.so is not a PKCS11 library
  (uwe@host) Password for uwe@host:

  
  $ grep -i pkcs11 slogin.log 
  read(3, "PKCS11Provider opensc-pkcs11.so\n"..., 4096) = 1603
  openat(AT_FDCWD, "opensc-pkcs11.so", O_RDONLY) = -1 ENOENT (No such file or 
directory)
  write(2, "provider opensc-pkcs11.so is not"..., 51) = 51

  $ dpkg-query --listfiles opensc-pkcs11 | grep opensc-pkcs11.so
  /usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so
  /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
  /usr/lib/x86_64-linux-gnu/pkcs11/onepin-opensc-pkcs11.so
  /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: openssh-client 1:8.9p1-3ubuntu0.3
  ProcVersionSignature: Ubuntu 5.19.0-50.50-generic 5.19.17
  Uname: Linux 5.19.0-50-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Jul 26 15:46:30 2023
  InstallationDate: Installed on 2022-08-25 (334 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 
(20220419)
  RelatedPackageVersions:
   ssh-askpass   1:1.2.4.1-13
   libpam-sshN/A
   keychain  N/A
   ssh-askpass-gnome N/A
  SSHClientVersion: OpenSSH_8.9p1 Ubuntu-3ubuntu0.3, OpenSSL 3.0.2 15 Mar 2022
  SourcePackage: openssh
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/2028774/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2028863] [NEW] Denial of service via gvar table loading

2023-07-27 Thread Marc Deslauriers

*** This bug is a security vulnerability ***

Public security bug reported:

focal and earlier need this commit to prevent a DoS:

https://gitlab.freedesktop.org/freetype/freetype/-/commit/216e077600a58346bb022d8409fd82e9d914a10a

** Affects: freetype (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: freetype (Ubuntu Trusty)
 Importance: Undecided
 Status: New

** Affects: freetype (Ubuntu Xenial)
 Importance: Undecided
 Status: New

** Affects: freetype (Ubuntu Bionic)
 Importance: Undecided
 Status: New

** Affects: freetype (Ubuntu Focal)
 Importance: Low
 Status: Confirmed

** Also affects: freetype (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Also affects: freetype (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: freetype (Ubuntu Focal)
   Importance: Undecided
   Status: New

** Also affects: freetype (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: freetype (Ubuntu)
   Status: New => Fix Released

** Changed in: freetype (Ubuntu Focal)
   Status: New => Confirmed

** Changed in: freetype (Ubuntu Focal)
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to freetype in Ubuntu.
https://bugs.launchpad.net/bugs/2028863

Title:
  Denial of service via gvar table loading

Status in freetype package in Ubuntu:
  Fix Released
Status in freetype source package in Trusty:
  New
Status in freetype source package in Xenial:
  New
Status in freetype source package in Bionic:
  New
Status in freetype source package in Focal:
  Confirmed

Bug description:
  focal and earlier need this commit to prevent a DoS:

  
https://gitlab.freedesktop.org/freetype/freetype/-/commit/216e077600a58346bb022d8409fd82e9d914a10a

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/2028863/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2028774] Re: ssh fails to load opensc-pkcs11.so

2023-07-27 Thread Marc Deslauriers

I've filed an upstream bug for this, let's see if they consider this to
be an issue or not: https://bugzilla.mindrot.org/show_bug.cgi?id=3594

Thanks!

** Bug watch added: OpenSSH Portable Bugzilla #3594
   https://bugzilla.mindrot.org/show_bug.cgi?id=3594

** Also affects: openssh via
   https://bugzilla.mindrot.org/show_bug.cgi?id=3594
   Importance: Unknown
   Status: Unknown

** Changed in: openssh (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2028774

Title:
  ssh fails to load opensc-pkcs11.so

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Confirmed

Bug description:
  I have PKCS11Provider opensc-pkcs11.so in my ~/.ssh/config

  After the last update of openssh-client I now get:

  $ strace -o slogin.log slogin host
  lib_contains_symbol: open opensc-pkcs11.so: No such file or directory
  provider opensc-pkcs11.so is not a PKCS11 library
  (uwe@host) Password for uwe@host:

  
  $ grep -i pkcs11 slogin.log 
  read(3, "PKCS11Provider opensc-pkcs11.so\n"..., 4096) = 1603
  openat(AT_FDCWD, "opensc-pkcs11.so", O_RDONLY) = -1 ENOENT (No such file or 
directory)
  write(2, "provider opensc-pkcs11.so is not"..., 51) = 51

  $ dpkg-query --listfiles opensc-pkcs11 | grep opensc-pkcs11.so
  /usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so
  /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
  /usr/lib/x86_64-linux-gnu/pkcs11/onepin-opensc-pkcs11.so
  /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: openssh-client 1:8.9p1-3ubuntu0.3
  ProcVersionSignature: Ubuntu 5.19.0-50.50-generic 5.19.17
  Uname: Linux 5.19.0-50-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Jul 26 15:46:30 2023
  InstallationDate: Installed on 2022-08-25 (334 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 
(20220419)
  RelatedPackageVersions:
   ssh-askpass   1:1.2.4.1-13
   libpam-sshN/A
   keychain  N/A
   ssh-askpass-gnome N/A
  SSHClientVersion: OpenSSH_8.9p1 Ubuntu-3ubuntu0.3, OpenSSL 3.0.2 15 Mar 2022
  SourcePackage: openssh
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/2028774/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2028774] Re: ssh fails to load opensc-pkcs11.so

2023-07-26 Thread Marc Deslauriers

One of the commits for the security fix for CVE-2023-28408 will now
attempt to mmap the library and search for the "C_GetFunctionList"
symbol before doing the dlopen. Unfortunately, dlopen allows specifying
just the library name and the dynamic linker will search for it, but the
new code just tries to open the filename directly.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-28408

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2028774

Title:
  ssh fails to load opensc-pkcs11.so

Status in openssh package in Ubuntu:
  New

Bug description:
  I have PKCS11Provider opensc-pkcs11.so in my ~/.ssh/config

  After the last update of openssh-client I now get:

  $ strace -o slogin.log slogin host
  lib_contains_symbol: open opensc-pkcs11.so: No such file or directory
  provider opensc-pkcs11.so is not a PKCS11 library
  (uwe@host) Password for uwe@host:

  
  $ grep -i pkcs11 slogin.log 
  read(3, "PKCS11Provider opensc-pkcs11.so\n"..., 4096) = 1603
  openat(AT_FDCWD, "opensc-pkcs11.so", O_RDONLY) = -1 ENOENT (No such file or 
directory)
  write(2, "provider opensc-pkcs11.so is not"..., 51) = 51

  $ dpkg-query --listfiles opensc-pkcs11 | grep opensc-pkcs11.so
  /usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so
  /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
  /usr/lib/x86_64-linux-gnu/pkcs11/onepin-opensc-pkcs11.so
  /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: openssh-client 1:8.9p1-3ubuntu0.3
  ProcVersionSignature: Ubuntu 5.19.0-50.50-generic 5.19.17
  Uname: Linux 5.19.0-50-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Jul 26 15:46:30 2023
  InstallationDate: Installed on 2022-08-25 (334 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 
(20220419)
  RelatedPackageVersions:
   ssh-askpass   1:1.2.4.1-13
   libpam-sshN/A
   keychain  N/A
   ssh-askpass-gnome N/A
  SSHClientVersion: OpenSSH_8.9p1 Ubuntu-3ubuntu0.3, OpenSSL 3.0.2 15 Mar 2022
  SourcePackage: openssh
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2028774/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2028774] Re: ssh fails to load opensc-pkcs11.so

2023-07-26 Thread Marc Deslauriers

Can you try putting the full path to the library in your config file?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2028774

Title:
  ssh fails to load opensc-pkcs11.so

Status in openssh package in Ubuntu:
  New

Bug description:
  I have PKCS11Provider opensc-pkcs11.so in my ~/.ssh/config

  After the last update of openssh-client I now get:

  $ strace -o slogin.log slogin host
  lib_contains_symbol: open opensc-pkcs11.so: No such file or directory
  provider opensc-pkcs11.so is not a PKCS11 library
  (uwe@host) Password for uwe@host:

  
  $ grep -i pkcs11 slogin.log 
  read(3, "PKCS11Provider opensc-pkcs11.so\n"..., 4096) = 1603
  openat(AT_FDCWD, "opensc-pkcs11.so", O_RDONLY) = -1 ENOENT (No such file or 
directory)
  write(2, "provider opensc-pkcs11.so is not"..., 51) = 51

  $ dpkg-query --listfiles opensc-pkcs11 | grep opensc-pkcs11.so
  /usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so
  /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
  /usr/lib/x86_64-linux-gnu/pkcs11/onepin-opensc-pkcs11.so
  /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: openssh-client 1:8.9p1-3ubuntu0.3
  ProcVersionSignature: Ubuntu 5.19.0-50.50-generic 5.19.17
  Uname: Linux 5.19.0-50-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Jul 26 15:46:30 2023
  InstallationDate: Installed on 2022-08-25 (334 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 
(20220419)
  RelatedPackageVersions:
   ssh-askpass   1:1.2.4.1-13
   libpam-sshN/A
   keychain  N/A
   ssh-askpass-gnome N/A
  SSHClientVersion: OpenSSH_8.9p1 Ubuntu-3ubuntu0.3, OpenSSL 3.0.2 15 Mar 2022
  SourcePackage: openssh
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2028774/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2028170] Re: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-name

2023-07-21 Thread Marc Deslauriers

What's the output of "dpkg -l | grep curl"?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/2028170

Title:
  curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-
  name

Status in curl package in Ubuntu:
  Invalid
Status in curl source package in Focal:
  Invalid
Status in curl source package in Jammy:
  Fix Released
Status in curl source package in Kinetic:
  Invalid
Status in curl source package in Lunar:
  Invalid
Status in curl source package in Mantic:
  Invalid

Bug description:
  With the latest curl 7.81.0-1ubuntu1.11 on ubuntu 22.04, I'm getting
  the following:

  curl -v https://raw.githubusercontent.com

  *   Trying 185.199.108.133:443...
  * Connected to raw.githubusercontent.com (185.199.108.133) port 443 (#0)
  [...]
  * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  * ALPN, server accepted to use h2
  * Server certificate:
  *  subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; 
CN=*.github.io
  *  start date: Feb 21 00:00:00 2023 GMT
  *  expire date: Mar 20 23:59:59 2024 GMT
  *  subjectAltName does not match raw.githubusercontent.com
  * SSL: no alternative certificate subject name matches target host name 
'raw.githubusercontent.com'
  curl: (60) SSL: no alternative certificate subject name matches target host 
name 'raw.githubusercontent.com'
  More details here: https://curl.se/docs/sslcerts.html

  curl failed to verify the legitimacy of the server and therefore could not
  establish a secure connection to it. To learn more about this situation and
  how to fix it, please visit the web page mentioned above.

  --
  The alt name looks proper when looking at the cert w/ s_client:

  openssl s_client -connect raw.githubusercontent.com:443 /dev/null | openssl x509 -noout -text

  X509v3 Subject Alternative Name:
  DNS:*.github.io, DNS:github.io, DNS:*.github.com, 
DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, 
DNS:githubusercontent.com

  Previous versions of curl work as intended.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2028170/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2028170] Re: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-name

2023-07-20 Thread Marc Deslauriers

Do you have a specific site I can try that doesn't work?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/2028170

Title:
  curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-
  name

Status in curl package in Ubuntu:
  Invalid
Status in curl source package in Focal:
  Invalid
Status in curl source package in Jammy:
  Fix Released
Status in curl source package in Kinetic:
  Invalid
Status in curl source package in Lunar:
  Invalid
Status in curl source package in Mantic:
  Invalid

Bug description:
  With the latest curl 7.81.0-1ubuntu1.11 on ubuntu 22.04, I'm getting
  the following:

  curl -v https://raw.githubusercontent.com

  *   Trying 185.199.108.133:443...
  * Connected to raw.githubusercontent.com (185.199.108.133) port 443 (#0)
  [...]
  * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  * ALPN, server accepted to use h2
  * Server certificate:
  *  subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; 
CN=*.github.io
  *  start date: Feb 21 00:00:00 2023 GMT
  *  expire date: Mar 20 23:59:59 2024 GMT
  *  subjectAltName does not match raw.githubusercontent.com
  * SSL: no alternative certificate subject name matches target host name 
'raw.githubusercontent.com'
  curl: (60) SSL: no alternative certificate subject name matches target host 
name 'raw.githubusercontent.com'
  More details here: https://curl.se/docs/sslcerts.html

  curl failed to verify the legitimacy of the server and therefore could not
  establish a secure connection to it. To learn more about this situation and
  how to fix it, please visit the web page mentioned above.

  --
  The alt name looks proper when looking at the cert w/ s_client:

  openssl s_client -connect raw.githubusercontent.com:443 /dev/null | openssl x509 -noout -text

  X509v3 Subject Alternative Name:
  DNS:*.github.io, DNS:github.io, DNS:*.github.com, 
DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, 
DNS:githubusercontent.com

  Previous versions of curl work as intended.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2028170/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2028170] Re: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-name

https://ubuntu.com/security/notices/USN-6237-2

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/2028170

Title:
  curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-
  name

Status in curl package in Ubuntu:
  Invalid
Status in curl source package in Focal:
  Invalid
Status in curl source package in Jammy:
  Fix Released
Status in curl source package in Kinetic:
  Invalid
Status in curl source package in Lunar:
  Invalid
Status in curl source package in Mantic:
  Invalid

Bug description:
  With the latest curl 7.81.0-1ubuntu1.11 on ubuntu 22.04, I'm getting
  the following:

  curl -v https://raw.githubusercontent.com

  *   Trying 185.199.108.133:443...
  * Connected to raw.githubusercontent.com (185.199.108.133) port 443 (#0)
  [...]
  * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  * ALPN, server accepted to use h2
  * Server certificate:
  *  subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; 
CN=*.github.io
  *  start date: Feb 21 00:00:00 2023 GMT
  *  expire date: Mar 20 23:59:59 2024 GMT
  *  subjectAltName does not match raw.githubusercontent.com
  * SSL: no alternative certificate subject name matches target host name 
'raw.githubusercontent.com'
  curl: (60) SSL: no alternative certificate subject name matches target host 
name 'raw.githubusercontent.com'
  More details here: https://curl.se/docs/sslcerts.html

  curl failed to verify the legitimacy of the server and therefore could not
  establish a secure connection to it. To learn more about this situation and
  how to fix it, please visit the web page mentioned above.

  --
  The alt name looks proper when looking at the cert w/ s_client:

  openssl s_client -connect raw.githubusercontent.com:443 /dev/null | openssl x509 -noout -text

  X509v3 Subject Alternative Name:
  DNS:*.github.io, DNS:github.io, DNS:*.github.com, 
DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, 
DNS:githubusercontent.com

  Previous versions of curl work as intended.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2028170/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2028170] Re: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-name

** Changed in: curl (Ubuntu Mantic)
   Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/2028170

Title:
  curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-
  name

Status in curl package in Ubuntu:
  Invalid
Status in curl source package in Focal:
  Invalid
Status in curl source package in Jammy:
  Fix Released
Status in curl source package in Kinetic:
  Invalid
Status in curl source package in Lunar:
  Invalid
Status in curl source package in Mantic:
  Invalid

Bug description:
  With the latest curl 7.81.0-1ubuntu1.11 on ubuntu 22.04, I'm getting
  the following:

  curl -v https://raw.githubusercontent.com

  *   Trying 185.199.108.133:443...
  * Connected to raw.githubusercontent.com (185.199.108.133) port 443 (#0)
  [...]
  * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  * ALPN, server accepted to use h2
  * Server certificate:
  *  subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; 
CN=*.github.io
  *  start date: Feb 21 00:00:00 2023 GMT
  *  expire date: Mar 20 23:59:59 2024 GMT
  *  subjectAltName does not match raw.githubusercontent.com
  * SSL: no alternative certificate subject name matches target host name 
'raw.githubusercontent.com'
  curl: (60) SSL: no alternative certificate subject name matches target host 
name 'raw.githubusercontent.com'
  More details here: https://curl.se/docs/sslcerts.html

  curl failed to verify the legitimacy of the server and therefore could not
  establish a secure connection to it. To learn more about this situation and
  how to fix it, please visit the web page mentioned above.

  --
  The alt name looks proper when looking at the cert w/ s_client:

  openssl s_client -connect raw.githubusercontent.com:443 /dev/null | openssl x509 -noout -text

  X509v3 Subject Alternative Name:
  DNS:*.github.io, DNS:github.io, DNS:*.github.com, 
DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, 
DNS:githubusercontent.com

  Previous versions of curl work as intended.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2028170/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2028170] Re: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-name

It should appear in -security and get automatically copied to -updates
next time the publisher runs, probably within the next half-hour or so.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/2028170

Title:
  curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-
  name

Status in curl package in Ubuntu:
  Confirmed
Status in curl source package in Focal:
  Invalid
Status in curl source package in Jammy:
  Fix Released
Status in curl source package in Kinetic:
  Invalid
Status in curl source package in Lunar:
  Invalid
Status in curl source package in Mantic:
  Confirmed

Bug description:
  With the latest curl 7.81.0-1ubuntu1.11 on ubuntu 22.04, I'm getting
  the following:

  curl -v https://raw.githubusercontent.com

  *   Trying 185.199.108.133:443...
  * Connected to raw.githubusercontent.com (185.199.108.133) port 443 (#0)
  [...]
  * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  * ALPN, server accepted to use h2
  * Server certificate:
  *  subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; 
CN=*.github.io
  *  start date: Feb 21 00:00:00 2023 GMT
  *  expire date: Mar 20 23:59:59 2024 GMT
  *  subjectAltName does not match raw.githubusercontent.com
  * SSL: no alternative certificate subject name matches target host name 
'raw.githubusercontent.com'
  curl: (60) SSL: no alternative certificate subject name matches target host 
name 'raw.githubusercontent.com'
  More details here: https://curl.se/docs/sslcerts.html

  curl failed to verify the legitimacy of the server and therefore could not
  establish a secure connection to it. To learn more about this situation and
  how to fix it, please visit the web page mentioned above.

  --
  The alt name looks proper when looking at the cert w/ s_client:

  openssl s_client -connect raw.githubusercontent.com:443 /dev/null | openssl x509 -noout -text

  X509v3 Subject Alternative Name:
  DNS:*.github.io, DNS:github.io, DNS:*.github.com, 
DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, 
DNS:githubusercontent.com

  Previous versions of curl work as intended.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2028170/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2028170] Re: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-name

The fix is currently building here:
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages

As soon as the riscv64 builds finish, I will be releasing it.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/2028170

Title:
  curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-
  name

Status in curl package in Ubuntu:
  Confirmed
Status in curl source package in Focal:
  Invalid
Status in curl source package in Jammy:
  In Progress
Status in curl source package in Kinetic:
  Invalid
Status in curl source package in Lunar:
  Invalid
Status in curl source package in Mantic:
  Confirmed

Bug description:
  With the latest curl 7.81.0-1ubuntu1.11 on ubuntu 22.04, I'm getting
  the following:

  curl -v https://raw.githubusercontent.com

  *   Trying 185.199.108.133:443...
  * Connected to raw.githubusercontent.com (185.199.108.133) port 443 (#0)
  [...]
  * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  * ALPN, server accepted to use h2
  * Server certificate:
  *  subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; 
CN=*.github.io
  *  start date: Feb 21 00:00:00 2023 GMT
  *  expire date: Mar 20 23:59:59 2024 GMT
  *  subjectAltName does not match raw.githubusercontent.com
  * SSL: no alternative certificate subject name matches target host name 
'raw.githubusercontent.com'
  curl: (60) SSL: no alternative certificate subject name matches target host 
name 'raw.githubusercontent.com'
  More details here: https://curl.se/docs/sslcerts.html

  curl failed to verify the legitimacy of the server and therefore could not
  establish a secure connection to it. To learn more about this situation and
  how to fix it, please visit the web page mentioned above.

  --
  The alt name looks proper when looking at the cert w/ s_client:

  openssl s_client -connect raw.githubusercontent.com:443 /dev/null | openssl x509 -noout -text

  X509v3 Subject Alternative Name:
  DNS:*.github.io, DNS:github.io, DNS:*.github.com, 
DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, 
DNS:githubusercontent.com

  Previous versions of curl work as intended.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2028170/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2028170] Re: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-name

This only affects Ubuntu 22.04 because of an issue with the backported
patch.

** Changed in: curl (Ubuntu Focal)
   Status: In Progress => Invalid

** Changed in: curl (Ubuntu Kinetic)
   Status: In Progress => Invalid

** Changed in: curl (Ubuntu Lunar)
   Status: In Progress => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/2028170

Title:
  curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-
  name

Status in curl package in Ubuntu:
  Confirmed
Status in curl source package in Focal:
  Invalid
Status in curl source package in Jammy:
  In Progress
Status in curl source package in Kinetic:
  Invalid
Status in curl source package in Lunar:
  Invalid
Status in curl source package in Mantic:
  Confirmed

Bug description:
  With the latest curl 7.81.0-1ubuntu1.11 on ubuntu 22.04, I'm getting
  the following:

  curl -v https://raw.githubusercontent.com

  *   Trying 185.199.108.133:443...
  * Connected to raw.githubusercontent.com (185.199.108.133) port 443 (#0)
  [...]
  * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  * ALPN, server accepted to use h2
  * Server certificate:
  *  subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; 
CN=*.github.io
  *  start date: Feb 21 00:00:00 2023 GMT
  *  expire date: Mar 20 23:59:59 2024 GMT
  *  subjectAltName does not match raw.githubusercontent.com
  * SSL: no alternative certificate subject name matches target host name 
'raw.githubusercontent.com'
  curl: (60) SSL: no alternative certificate subject name matches target host 
name 'raw.githubusercontent.com'
  More details here: https://curl.se/docs/sslcerts.html

  curl failed to verify the legitimacy of the server and therefore could not
  establish a secure connection to it. To learn more about this situation and
  how to fix it, please visit the web page mentioned above.

  --
  The alt name looks proper when looking at the cert w/ s_client:

  openssl s_client -connect raw.githubusercontent.com:443 /dev/null | openssl x509 -noout -text

  X509v3 Subject Alternative Name:
  DNS:*.github.io, DNS:github.io, DNS:*.github.com, 
DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, 
DNS:githubusercontent.com

  Previous versions of curl work as intended.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2028170/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2028170] Re: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-name

We will be reverting this fix until it can be properly investigated. I
will prepare emergency updates that will be published today.

** Also affects: curl (Ubuntu Kinetic)
   Importance: Undecided
   Status: New

** Also affects: curl (Ubuntu Focal)
   Importance: Undecided
   Status: New

** Also affects: curl (Ubuntu Mantic)
   Importance: Undecided
   Status: Confirmed

** Also affects: curl (Ubuntu Jammy)
   Importance: Undecided
   Status: New

** Also affects: curl (Ubuntu Lunar)
   Importance: Undecided
   Status: New

** Changed in: curl (Ubuntu Focal)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: curl (Ubuntu Jammy)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: curl (Ubuntu Kinetic)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: curl (Ubuntu Lunar)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: curl (Ubuntu Mantic)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: curl (Ubuntu Focal)
   Status: New => In Progress

** Changed in: curl (Ubuntu Jammy)
   Status: New => In Progress

** Changed in: curl (Ubuntu Kinetic)
   Status: New => In Progress

** Changed in: curl (Ubuntu Lunar)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/2028170

Title:
  curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-
  name

Status in curl package in Ubuntu:
  Confirmed
Status in curl source package in Focal:
  In Progress
Status in curl source package in Jammy:
  In Progress
Status in curl source package in Kinetic:
  In Progress
Status in curl source package in Lunar:
  In Progress
Status in curl source package in Mantic:
  Confirmed

Bug description:
  With the latest curl 7.81.0-1ubuntu1.11 on ubuntu 22.04, I'm getting
  the following:

  curl -v https://raw.githubusercontent.com

  *   Trying 185.199.108.133:443...
  * Connected to raw.githubusercontent.com (185.199.108.133) port 443 (#0)
  [...]
  * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  * ALPN, server accepted to use h2
  * Server certificate:
  *  subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; 
CN=*.github.io
  *  start date: Feb 21 00:00:00 2023 GMT
  *  expire date: Mar 20 23:59:59 2024 GMT
  *  subjectAltName does not match raw.githubusercontent.com
  * SSL: no alternative certificate subject name matches target host name 
'raw.githubusercontent.com'
  curl: (60) SSL: no alternative certificate subject name matches target host 
name 'raw.githubusercontent.com'
  More details here: https://curl.se/docs/sslcerts.html

  curl failed to verify the legitimacy of the server and therefore could not
  establish a secure connection to it. To learn more about this situation and
  how to fix it, please visit the web page mentioned above.

  --
  The alt name looks proper when looking at the cert w/ s_client:

  openssl s_client -connect raw.githubusercontent.com:443 /dev/null | openssl x509 -noout -text

  X509v3 Subject Alternative Name:
  DNS:*.github.io, DNS:github.io, DNS:*.github.com, 
DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, 
DNS:githubusercontent.com

  Previous versions of curl work as intended.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2028170/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2021484] Re: Editing a VPN ask to introduce credentials but if you cancel can be accessed anyway

2023-07-18 Thread Marc Deslauriers

Are you in the admin or the sudo group? What's the output of the
"groups" command?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-settings in Ubuntu.
https://bugs.launchpad.net/bugs/2021484

Title:
  Editing a VPN ask to introduce credentials but if you cancel can be
  accessed anyway

Status in ubuntu-settings package in Ubuntu:
  New

Bug description:
  I'm logged as a normal user without admin privileges. When I try to
  edit a VPN I'm asked to introduce the credentials of the admin,
  nevertheless if I click cancel I can still access to the VPN
  configuration.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: ubuntu-settings 20.04.6
  ProcVersionSignature: Ubuntu 5.15.0-72.79~20.04.1-generic 5.15.98
  Uname: Linux 5.15.0-72-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.26
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: ubuntu:GNOME
  Date: Mon May 29 11:16:38 2023
  InstallationDate: Installed on 2022-05-04 (389 days ago)
  InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819)
  PackageArchitecture: all
  SourcePackage: ubuntu-settings
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-settings/+bug/2021484/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2025695] Re: manually dhclient ethx，dns nameserver in the /etc/resolve.conf will be written duplicate

2023-07-18 Thread Marc Deslauriers

** Information type changed from Public Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/2025695

Title:
  manually dhclient ethx，dns nameserver in the /etc/resolve.conf will be
  written duplicate

Status in isc-dhcp package in Ubuntu:
  New

Bug description:
  systemd version the issue has been seen with
  249

  Used distribution
  ubuntu22

  Linux kernel version used
  5.15.0-72-generic

  CPU architectures issue was seen on
  None

  Component
  systemd-resolved

  Unexpected behaviour you saw

  https://github.com/systemd/systemd/issues/28055

  not this problem when I was on ubuntu20. The version of systemd is 245

  this problem when I was on ubuntu22. The systemd version is 249

  I compared the codes and suspected that v248 commit cbf23f3
  caused by

  I saw this issuse about netplan on ubuntu
  
https://superuser.com/questions/1721017/remove-redundant-dns-servers-in-ubuntu-22-04

  But it doesn't work for dhclient (why I use dhclient, because I found
  it out of curiosity)

  Steps to reproduce the problem
  1: Start a virtual machine on the cloud
  2: Insert multiple network cards (auxiliary network card)
  3: Manually use dhclient to start ethx (except eth0) dhclient -v -d eth1
  4: View /etc/resolve.conf

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/2025695/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2024182] Re: GHSL-2023-139: use-after-free in user.c

2023-06-28 Thread Marc Deslauriers

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to accountsservice in Ubuntu.
https://bugs.launchpad.net/bugs/2024182

Title:
  GHSL-2023-139: use-after-free in user.c

Status in accountsservice package in Ubuntu:
  In Progress
Status in accountsservice source package in Focal:
  Fix Released
Status in accountsservice source package in Jammy:
  Fix Released
Status in accountsservice source package in Kinetic:
  Fix Released
Status in accountsservice source package in Lunar:
  Fix Released
Status in accountsservice source package in Mantic:
  In Progress

Bug description:
  # GitHub Security Lab (GHSL) Vulnerability Report, accountsservice:
  `GHSL-2023-139`

  The [GitHub Security Lab](https://securitylab.github.com) team has
  identified a potential security vulnerability in
  [accountsservice](https://code.launchpad.net/ubuntu/+source/accountsservice).

  We are committed to working with you to help resolve this issue. In
  this report you will find everything you need to effectively
  coordinate a resolution of this issue with the GHSL team.

  If at any point you have concerns or questions about this process,
  please do not hesitate to reach out to us at `security...@github.com`
  (please include `GHSL-2023-139` as a reference).

  If you are _NOT_ the correct point of contact for this report, please
  let us know!

  ## Summary

  An unprivileged local attacker can trigger a use-after-free
  vulnerability in accountsservice by sending a D-Bus message to the
  accounts-daemon process.

  ## Product

  accountsservice

  ## Tested Version

  
[22.08.8-1ubuntu7](https://launchpad.net/ubuntu/+source/accountsservice/22.08.8-1ubuntu7)

  The bug is easier to observe on Ubuntu 23.04 than on Ubuntu 22.04 LTS,
  but it is present on both.

  ## Details

  ### Use-after-free when `throw_error` is called (`GHSL-2023-139`)

  After receiving a D-Bus [method
  call](https://dbus.freedesktop.org/doc/dbus-
  specification.html#message-protocol-types), a D-Bus server is expected
  to send either a `METHOD_RETURN` or a `ERROR` message back to the
  client, _but not both_. This is done incorrectly in several places in
  accountsservice. For example, in
  
[`user_change_language_authorized_cb`](https://git.launchpad.net/ubuntu/+source/accountsservice/tree/debian/patches/0010-set-
  language.patch?h=import/22.08.8-1ubuntu7#n427):

  ```c
  static void
  user_change_language_authorized_cb (Daemon*daemon,
  User  *user,
  GDBusMethodInvocation *context,
  gpointer   data)

  {
  const gchar *language = data;

  if (!user_HOME_available (user)) {

  /* SetLanguage was probably called from a login greeter,
 and HOME not mounted and/or not decrypted.
 Hence don't save anything, or else accountsservice
 and ~/.pam_environment would become out of sync. */
  throw_error (context, ERROR_FAILED, "not access to HOME yet 
so language not saved");  <= 1
  goto out;
  }

  

  out:
  accounts_user_complete_set_language (ACCOUNTS_USER (user), context);  
<= 2
  }
  ```

  If `user_HOME_available` returns an error, then `throw_error` is
  called at 1 to send an `ERROR` message, but a regular `METHOD_RETURN`
  is also sent at 2. This is incorrect D-Bus protocol, but the more
  serious problem is that it causes a use-after-free because both
  `throw_error` and `accounts_user_complete_set_language` decrease the
  reference count on `context`. In other words, `context` is freed by
  `throw_error` and a UAF occurs in
  `accounts_user_complete_set_language`.

  An attacker can trigger the bug above by causing `user_HOME_available`
  to fail, which they can do by deleting all the files from their home
  directory. But there are other incorrect uses of `throw_error` in
  `user.c` which are less inconvenient to trigger. For example, this
  command triggers a call to `throw_error` in `user_update_environment`
  due to the invalid characters in the string.

  ```bash
  dbus-send --system --print-reply --dest=org.freedesktop.Accounts 
/org/freedesktop/Accounts/User`id -u` org.freedesktop.Accounts.User.SetLanguage 
string:'**'
  ```

  On Ubuntu 23.04, the above command causes `accounts-daemon` to crash
  with a `SIGSEGV`. But on Ubuntu 22.04 LTS it doesn't cause any visible
  harm. The difference is due to a recent [change in
  
GLib's](https://gitlab.gnome.org/GNOME/glib/-/commit/69e9ba80e2f4d2061a1a68d72bae1c32c1e4f8fa)
  memory allocation: older versions of GLib used the "slice" allocator,
  but newer version uses the system allocator. The system allocator
  trashes the memory when it's freed in a way

[Touch-packages] [Bug 2024642] Re: Upgrading libx11-6_2:1.6.2-1ubuntu2.1+esm3 failed

2023-06-23 Thread Marc Deslauriers

Updates were pushed to fix this issue. Please re-open this bug if this
problem is still occurring.

** Changed in: libx11 (Ubuntu)
   Status: New => Invalid

** Changed in: libx11 (Ubuntu Trusty)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libx11 in Ubuntu.
https://bugs.launchpad.net/bugs/2024642

Title:
  Upgrading libx11-6_2:1.6.2-1ubuntu2.1+esm3 failed

Status in libx11 package in Ubuntu:
  Invalid
Status in libx11 source package in Trusty:
  Fix Released

Bug description:
  Upgrading esm3 on Trusty is failed.

  Preparing to unpack .../libx11-6_2%3a1.6.2-1ubuntu2.1+esm3_amd64.deb ...
  Unpacking libx11-6:amd64 (2:1.6.2-1ubuntu2.1+esm3) over (2:1.6.2-1ubuntu2.1) 
...
  dpkg: error processing archive 
/var/cache/apt/archives/libx11-6_2%3a1.6.2-1ubuntu2.1+esm3_amd64.deb (--unpack):
   trying to overwrite shared '/usr/share/doc/libx11-6/changelog.Debian.gz', 
which is different from other instances of package libx11-6:amd64
  dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
  Errors were encountered while processing:
   /var/cache/apt/archives/libx11-6_2%3a1.6.2-1ubuntu2.1+esm3_amd64.deb
  E: Sub-process /usr/bin/dpkg returned an error code (1)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libx11/+bug/2024642/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1971242] Re: printing PDF appears always grey, no color

2023-06-22 Thread Marc Deslauriers

Unfortunately the package in -proposed was superseded by a security
update, and will need to be updated again.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1971242

Title:
  printing PDF appears always grey, no color

Status in CUPS:
  Fix Released
Status in atril package in Ubuntu:
  Confirmed
Status in cups package in Ubuntu:
  Fix Released
Status in okular package in Ubuntu:
  Confirmed
Status in cups source package in Jammy:
  Fix Committed

Bug description:
  After upgrading from 20.04 LTS to 22.04 LTS I can't print colored PDF
  document. The print appears always b/w regardless color printing was
  enabled or not. Printing from LibreOffice produces a color print. This
  behavior (bug) is reproducible on three upgraded machines. It would be
  nice to have color print back again.

  [ Impact ]

  If the PPD file for a printer has a ColorModel option and the only
  choice in it for printing in color is not named RGB but CMYK instead,
  the printer cannot be made printing in color with intuitive methods,
  usually selcting the color choice in the print dialog (which makes
  ColorModel=CMYK be sent along with the job).

  Only an ugly command-line-based workaround, running the command

  lpadmin -p PRINTER -o print-color-mode-default=color

  makes the printer print in color.

  An example for printers with such PPDs are printers from RICOH and OEM
  (Lanier, InfoTec, Savin, ..), so many high-end color laser printers
  are affected.

  [ Test Plan ]

  Remove the workaround if you had applied it:

  lpadmin -p PRINTER -R print-color-mode-default

  If you have an affected printer, print a PDF file (or use the print
  functionality in an application) with colored content and choose the
  setting for color printing in the print dialog. When printing via
  command line do

  lp -d PRINTER -o ColorModel=CMYK FILE.pdf

  Without the SRU applied you will get a grayscale/monochrome printout,
  with it applied, you will get a colored printout.

  To test without a printer:

  Stop CUPS:

  sudo systemctl stop cups

  Edit /etc/cups/cups-files.conf to have a line

  FiileDevice Yes

  and start CUPS again:

  sudo systemctl start cups

  Then create a queue using the attached sample PPD file:

  lpadmin -p color-test -E -v file:/tmp/printout -P Ricoh-
  PDF_Printer-PDF.ppd

  Print a file to this queue as described above. When the job is done
  ("lpstat" does not show it any more), open /tmp/printout with a text
  editor. Check whether it contains a line

  @PJL SET RENDERMODE=COLOR

  near its beginning, and NOT a line

  @PJL SET RENDERMODE=GRAYSCALE

  [ Where problems could occur ]

  The patches are simple and they are also for some time in newer CUPS
  versions (2.4.2 and newer) which are included in several distributions
  (Ubuntu 22.10, 23.04, and others) and did not cause any complaints
  about color printing. So the regression potential is very low.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cups/+bug/1971242/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Re: [Touch-packages] [Bug 2021902] Re: package linux-image-5.4.0-1108-azure 5.4.0-1108.114 failed to install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1

2023-06-09 Thread marc torres

Marc:
As it turns out, I executed this command and it appears the package
successfully installed:
 sudo apt autoremove.
Thanks Marc

On Fri, Jun 9, 2023 at 2:27 PM Marc Deslauriers <2021...@bugs.launchpad.net>
wrote:

> Thanks for taking the time to report this bug and helping to make Ubuntu
> better. We appreciate the difficulties you are facing, but this appears
> to be a "regular" (non-security) bug.  I have unmarked it as a security
> issue since this bug does not show evidence of allowing attackers to
> cross privilege boundaries nor directly cause loss of data/privacy.
> Please feel free to report any other bugs you may find.
>
> ** Information type changed from Private Security to Public
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/2021902
>
> Title:
>   package linux-image-5.4.0-1108-azure 5.4.0-1108.114 failed to
>   install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools
>   exited with return code 1
>
> Status in initramfs-tools package in Ubuntu:
>   New
>
> Bug description:
>   /etc/kernel/postinst.d/initramfs-tools:
>   update-initramfs: Generating /boot/initrd.img-5.4.0-1108-azure
>   Error 24 : Write error : cannot write compressed block
>   E: mkinitramfs failure cpio 141 lz4 -9 -l 24
>
>   dpkg: error processing package linux-image-5.4.0-1108-azure
> (--configure):
>installed linux-image-5.4.0-1108-azure package post-installation script
> subprocess returned error exit status 1
>   Errors were encountered while processing:
>linux-image-5.4.0-1108-azure
>
>   ProblemType: Package
>   DistroRelease: Ubuntu 20.04
>   Package: linux-image-5.4.0-1108-azure 5.4.0-1108.114
>   ProcVersionSignature: Ubuntu 5.4.0-1108.114~18.04.1-azure 5.4.233
>   Uname: Linux 5.4.0-1108-azure x86_64
>   NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
>   ApportVersion: 2.20.11-0ubuntu27.26
>   Architecture: amd64
>   CasperMD5CheckResult: skip
>   Date: Tue May 30 16:13:43 2023
>   ErrorMessage: run-parts: /etc/kernel/postinst.d/initramfs-tools exited
> with return code 1
>   Python3Details: /usr/bin/python3.8, Python 3.8.10, python3-minimal,
> 3.8.2-0ubuntu2
>   PythonDetails: /usr/bin/python2.7, Python 2.7.18, python-is-python2,
> 2.7.17-4
>   RelatedPackageVersions:
>dpkg 1.19.7ubuntu3.2
>apt  2.0.9
>   SourcePackage: initramfs-tools
>   Title: package linux-image-5.4.0-1108-azure 5.4.0-1108.114 failed to
> install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited
> with return code 1
>   UpgradeStatus: Upgraded to focal on 2023-05-30 (0 days ago)
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2021902/+subscriptions
>
>

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/2021902

Title:
  package linux-image-5.4.0-1108-azure 5.4.0-1108.114 failed to
  install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools
  exited with return code 1

Status in initramfs-tools package in Ubuntu:
  New

Bug description:
  /etc/kernel/postinst.d/initramfs-tools:
  update-initramfs: Generating /boot/initrd.img-5.4.0-1108-azure
  Error 24 : Write error : cannot write compressed block
  E: mkinitramfs failure cpio 141 lz4 -9 -l 24

  dpkg: error processing package linux-image-5.4.0-1108-azure (--configure):
   installed linux-image-5.4.0-1108-azure package post-installation script 
subprocess returned error exit status 1
  Errors were encountered while processing:
   linux-image-5.4.0-1108-azure

  ProblemType: Package
  DistroRelease: Ubuntu 20.04
  Package: linux-image-5.4.0-1108-azure 5.4.0-1108.114
  ProcVersionSignature: Ubuntu 5.4.0-1108.114~18.04.1-azure 5.4.233
  Uname: Linux 5.4.0-1108-azure x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.11-0ubuntu27.26
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Tue May 30 16:13:43 2023
  ErrorMessage: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with 
return code 1
  Python3Details: /usr/bin/python3.8, Python 3.8.10, python3-minimal, 
3.8.2-0ubuntu2
  PythonDetails: /usr/bin/python2.7, Python 2.7.18, python-is-python2, 2.7.17-4
  RelatedPackageVersions:
   dpkg 1.19.7ubuntu3.2
   apt  2.0.9
  SourcePackage: initramfs-tools
  Title: package linux-image-5.4.0-1108-azure 5.4.0-1108.114 failed to 
install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with 
return code 1
  UpgradeStatus: Upgraded to focal on 2023-05-30 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-t

[Touch-packages] [Bug 2021902] Re: package linux-image-5.4.0-1108-azure 5.4.0-1108.114 failed to install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1

2023-06-09 Thread Marc Deslauriers

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/2021902

Title:
  package linux-image-5.4.0-1108-azure 5.4.0-1108.114 failed to
  install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools
  exited with return code 1

Status in initramfs-tools package in Ubuntu:
  New

Bug description:
  /etc/kernel/postinst.d/initramfs-tools:
  update-initramfs: Generating /boot/initrd.img-5.4.0-1108-azure
  Error 24 : Write error : cannot write compressed block
  E: mkinitramfs failure cpio 141 lz4 -9 -l 24

  dpkg: error processing package linux-image-5.4.0-1108-azure (--configure):
   installed linux-image-5.4.0-1108-azure package post-installation script 
subprocess returned error exit status 1
  Errors were encountered while processing:
   linux-image-5.4.0-1108-azure

  ProblemType: Package
  DistroRelease: Ubuntu 20.04
  Package: linux-image-5.4.0-1108-azure 5.4.0-1108.114
  ProcVersionSignature: Ubuntu 5.4.0-1108.114~18.04.1-azure 5.4.233
  Uname: Linux 5.4.0-1108-azure x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.11-0ubuntu27.26
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Tue May 30 16:13:43 2023
  ErrorMessage: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with 
return code 1
  Python3Details: /usr/bin/python3.8, Python 3.8.10, python3-minimal, 
3.8.2-0ubuntu2
  PythonDetails: /usr/bin/python2.7, Python 2.7.18, python-is-python2, 2.7.17-4
  RelatedPackageVersions:
   dpkg 1.19.7ubuntu3.2
   apt  2.0.9
  SourcePackage: initramfs-tools
  Title: package linux-image-5.4.0-1108-azure 5.4.0-1108.114 failed to 
install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with 
return code 1
  UpgradeStatus: Upgraded to focal on 2023-05-30 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2021902/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2021889] Re: error OSSL_CMP_MSG_update_recipNonce on base64 decoding

2023-05-30 Thread Marc Deslauriers

OSSL_CMP_MSG_update_recipNonce was added in OpenSSL 3.0.9...did you
perhaps install from source, or a package that didn't come from Ubuntu?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2021889

Title:
  error OSSL_CMP_MSG_update_recipNonce on base64 decoding

Status in openssl package in Ubuntu:
  New

Bug description:
  $ echo "$SSH_PRIVATE_KEY" | openssl base64 -A -d
  Error relocating /usr/bin/openssl: OSSL_CMP_MSG_update_recipNonce: symbol not 
found
  Error loading key "(stdin)": error in libcrypto

  ---

  works with openssl Version: 3.0.2-0ubuntu1.9.
  version 3.0.2-0ubuntu1.10 is broken.

  private key was:
  DEK-Info: AES-128-CBC

  $lsb_release -rd
  Description:Ubuntu 22.04.2 LTS
  Release:22.04

  Policy is from server where I did NOT upgrade (not wanted things to be 
broken).
  $apt-cache policy openssl
  openssl:
Installed: 3.0.2-0ubuntu1.9
Candidate: 3.0.2-0ubuntu1.10
Version table:
   3.0.2-0ubuntu1.10 500
  500 http://archive.ubuntu.com/ubuntu jammy-security/main amd64 
Packages
   *** 3.0.2-0ubuntu1.9 500
  500 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
  100 /var/lib/dpkg/status
   3.0.2-0ubuntu1 500
  500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2021889/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2021889] Re: error OSSL_CMP_MSG_update_recipNonce on base64 decoding

2023-05-30 Thread Marc Deslauriers

Thanks for reporting this issue. Did you also upgrade the libssl3
package too?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2021889

Title:
  error OSSL_CMP_MSG_update_recipNonce on base64 decoding

Status in openssl package in Ubuntu:
  New

Bug description:
  $ echo "$SSH_PRIVATE_KEY" | openssl base64 -A -d
  Error relocating /usr/bin/openssl: OSSL_CMP_MSG_update_recipNonce: symbol not 
found
  Error loading key "(stdin)": error in libcrypto

  ---

  works with openssl Version: 3.0.2-0ubuntu1.9.
  version 3.0.2-0ubuntu1.10 is broken.

  private key was:
  DEK-Info: AES-128-CBC

  $lsb_release -rd
  Description:Ubuntu 22.04.2 LTS
  Release:22.04

  Policy is from server where I did NOT upgrade (not wanted things to be 
broken).
  $apt-cache policy openssl
  openssl:
Installed: 3.0.2-0ubuntu1.9
Candidate: 3.0.2-0ubuntu1.10
Version table:
   3.0.2-0ubuntu1.10 500
  500 http://archive.ubuntu.com/ubuntu jammy-security/main amd64 
Packages
   *** 3.0.2-0ubuntu1.9 500
  500 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
  100 /var/lib/dpkg/status
   3.0.2-0ubuntu1 500
  500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2021889/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2019496] Re: Security implications of SUDO_ASKPASS

2023-05-23 Thread Marc Deslauriers

If an attacker can edit ~/.bashrc they can simply modify the path and
point to a malicious sudo binary that does whatever it wants with the
password. I don't think this is a SUDO_ASKPASS issue.

If you disagree with our reasoning, it would be best to file this bug
with the upstream sudo project here:

https://bugzilla.sudo.ws/index.cgi

Once you file an upstream bug, please add a comment here with a link to
it. Thanks!

** Changed in: sudo (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/2019496

Title:
  Security implications of SUDO_ASKPASS

Status in sudo package in Ubuntu:
  Incomplete

Bug description:
  All that is needed to subvert sudo is adding this line to ~/.bashrc

  alias sudo="SUDO_ASKPASS=/home/$USER/.config/git/doevil sudo -A"

  and a program that reads the password from the command line and makes
  use of it.

  Ignoring the SUDO_ASKPASS environment variable would be an option to
  stop this.

  Best regards

  Heinrich

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2019496/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2020089] [NEW] Update to 20230311 bundle

2023-05-18 Thread Marc Deslauriers

*** This bug is a security vulnerability ***

Public security bug reported:

This is a tracking bug to update the ca-certificates database to 2.60

** Affects: ca-certificates (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: ca-certificates (Ubuntu Bionic)
 Importance: Undecided
 Assignee: Marc Deslauriers (mdeslaur)
 Status: In Progress

** Affects: ca-certificates (Ubuntu Focal)
 Importance: Undecided
 Assignee: Marc Deslauriers (mdeslaur)
 Status: In Progress

** Affects: ca-certificates (Ubuntu Jammy)
 Importance: Undecided
 Assignee: Marc Deslauriers (mdeslaur)
 Status: In Progress

** Affects: ca-certificates (Ubuntu Kinetic)
 Importance: Undecided
 Assignee: Marc Deslauriers (mdeslaur)
 Status: In Progress

** Affects: ca-certificates (Ubuntu Lunar)
 Importance: Undecided
 Status: Fix Released

** Affects: ca-certificates (Ubuntu Mantic)
 Importance: Undecided
 Status: Fix Released

** Also affects: ca-certificates (Ubuntu Kinetic)
   Importance: Undecided
   Status: New

** Also affects: ca-certificates (Ubuntu Focal)
   Importance: Undecided
   Status: New

** Also affects: ca-certificates (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Also affects: ca-certificates (Ubuntu Mantic)
   Importance: Undecided
   Status: New

** Also affects: ca-certificates (Ubuntu Jammy)
   Importance: Undecided
   Status: New

** Also affects: ca-certificates (Ubuntu Lunar)
   Importance: Undecided
   Status: New

** Changed in: ca-certificates (Ubuntu Lunar)
   Status: New => Fix Released

** Changed in: ca-certificates (Ubuntu Mantic)
   Status: New => Fix Released

** Changed in: ca-certificates (Ubuntu Bionic)
   Status: New => In Progress

** Changed in: ca-certificates (Ubuntu Focal)
   Status: New => In Progress

** Changed in: ca-certificates (Ubuntu Jammy)
   Status: New => In Progress

** Changed in: ca-certificates (Ubuntu Kinetic)
   Status: New => In Progress

** Changed in: ca-certificates (Ubuntu Bionic)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: ca-certificates (Ubuntu Focal)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: ca-certificates (Ubuntu Jammy)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: ca-certificates (Ubuntu Kinetic)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ca-certificates in Ubuntu.
https://bugs.launchpad.net/bugs/2020089

Title:
  Update to 20230311 bundle

Status in ca-certificates package in Ubuntu:
  Fix Released
Status in ca-certificates source package in Bionic:
  In Progress
Status in ca-certificates source package in Focal:
  In Progress
Status in ca-certificates source package in Jammy:
  In Progress
Status in ca-certificates source package in Kinetic:
  In Progress
Status in ca-certificates source package in Lunar:
  Fix Released
Status in ca-certificates source package in Mantic:
  Fix Released

Bug description:
  This is a tracking bug to update the ca-certificates database to 2.60

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/2020089/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1978351] Re: MITM vector: ifupdown puts .domains TLD in resolv.conf

2023-03-31 Thread Marc Deslauriers

Similar issue here:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031236

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ifupdown in Ubuntu.
https://bugs.launchpad.net/bugs/1978351

Title:
  MITM vector: ifupdown puts .domains TLD in resolv.conf

Status in ifupdown package in Ubuntu:
  Confirmed

Bug description:
  The bug described in
  https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1907878?comments=all
  is a security vulnerability because DNS names that would normally fail
  are now attempted as "foo.domains".

  ".domains" is a real TLD, with the registrar "Donuts, Inc." based in Bellvue, 
WA.
  "google.com.domains" is registered, for example. So is "test.domains".

  For users with ifupdown, any Internet request (especially that does
  not involve some cryptographic payload and destination signature
  verification) is potentially sending packets to an unintended
  audience. It's impossible to say, but likely, that malicious
  registrants are squatting sensitive and common names in the .domains
  TLD.

  The ifupdown package is still used by some cloud providers that have not 
adopted netplan.
  This vulnerability affects 22.04 and potentially other releases.

  This issue has not been corrected in 0.8.36+nmu1ubuntu4.

  With 0.8.36+nmu1ubuntu3 and after an update to 0.8.36+nmu1ubuntu4, the
  resolv.conf looks like the following (which is vulnerable to mitm
  attacks):

  ```
  root@foo:~# cat /etc/resolv.conf
  # This is /run/systemd/resolve/stub-resolv.conf managed by 
man:systemd-resolved(8).
  # Do not edit.
  #
  # This file might be symlinked as /etc/resolv.conf. If you're looking at
  # /etc/resolv.conf and seeing this text, you have followed the symlink.
  #
  # This is a dynamic resolv.conf file for connecting local clients to the
  # internal DNS stub resolver of systemd-resolved. This file lists all
  # configured search domains.
  #
  # Run "resolvectl status" to see details about the uplink DNS servers
  # currently in use.
  #
  # Third party programs should typically not access this file directly, but 
only
  # through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
  # different way, replace this symlink by a static file or a different symlink.
  #
  # See man:systemd-resolved.service(8) for details about the supported modes of
  # operation for /etc/resolv.conf.

  nameserver 127.0.0.53
  options edns0 trust-ad
  search DOMAINS
  ```

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1978351/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1978351] Re: MITM vector: ifupdown puts .domains TLD in resolv.conf

2023-03-31 Thread Marc Deslauriers

There is possibly a fix in
https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1907878/comments/15
, but I haven't tested it.

** Bug watch added: Debian Bug tracker #1031236
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031236

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ifupdown in Ubuntu.
https://bugs.launchpad.net/bugs/1978351

Title:
  MITM vector: ifupdown puts .domains TLD in resolv.conf

Status in ifupdown package in Ubuntu:
  Confirmed

Bug description:
  The bug described in
  https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1907878?comments=all
  is a security vulnerability because DNS names that would normally fail
  are now attempted as "foo.domains".

  ".domains" is a real TLD, with the registrar "Donuts, Inc." based in Bellvue, 
WA.
  "google.com.domains" is registered, for example. So is "test.domains".

  For users with ifupdown, any Internet request (especially that does
  not involve some cryptographic payload and destination signature
  verification) is potentially sending packets to an unintended
  audience. It's impossible to say, but likely, that malicious
  registrants are squatting sensitive and common names in the .domains
  TLD.

  The ifupdown package is still used by some cloud providers that have not 
adopted netplan.
  This vulnerability affects 22.04 and potentially other releases.

  This issue has not been corrected in 0.8.36+nmu1ubuntu4.

  With 0.8.36+nmu1ubuntu3 and after an update to 0.8.36+nmu1ubuntu4, the
  resolv.conf looks like the following (which is vulnerable to mitm
  attacks):

  ```
  root@foo:~# cat /etc/resolv.conf
  # This is /run/systemd/resolve/stub-resolv.conf managed by 
man:systemd-resolved(8).
  # Do not edit.
  #
  # This file might be symlinked as /etc/resolv.conf. If you're looking at
  # /etc/resolv.conf and seeing this text, you have followed the symlink.
  #
  # This is a dynamic resolv.conf file for connecting local clients to the
  # internal DNS stub resolver of systemd-resolved. This file lists all
  # configured search domains.
  #
  # Run "resolvectl status" to see details about the uplink DNS servers
  # currently in use.
  #
  # Third party programs should typically not access this file directly, but 
only
  # through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
  # different way, replace this symlink by a static file or a different symlink.
  #
  # See man:systemd-resolved.service(8) for details about the supported modes of
  # operation for /etc/resolv.conf.

  nameserver 127.0.0.53
  options edns0 trust-ad
  search DOMAINS
  ```

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1978351/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1978351] Re: MITM vector: ifupdown puts .domains TLD in resolv.conf

2023-03-31 Thread Marc Deslauriers

It looks like debian/if-up.d/resolved contains a few occurrences of:

DNS=DNS
DOMAINS=DOMAINS

Perhaps it was supposed to be DNS=$DNS and DOMAINS=$DOMAINS, but someone
will have to go through the script and figure out what the script is
actually supposed to do and what the proper fix is.

The script is now in Debian too:

https://salsa.debian.org/debian/ifupdown/-/commit/0947ade06af1f4b7feb14cb7f1b1242afca2b3c6

--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ifupdown in Ubuntu.
https://bugs.launchpad.net/bugs/1978351

Title:
MITM vector: ifupdown puts .domains TLD in resolv.conf

Status in ifupdown package in Ubuntu:
Confirmed

Bug description:
The bug described in
https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1907878?comments=all
is a security vulnerability because DNS names that would normally fail
are now attempted as "foo.domains".

".domains" is a real TLD, with the registrar "Donuts, Inc." based in Bellvue,
WA.
"google.com.domains" is registered, for example. So is "test.domains".

For users with ifupdown, any Internet request (especially that does
not involve some cryptographic payload and destination signature
verification) is potentially sending packets to an unintended
audience. It's impossible to say, but likely, that malicious
registrants are squatting sensitive and common names in the .domains
TLD.

The ifupdown package is still used by some cloud providers that have not
adopted netplan.
This vulnerability affects 22.04 and potentially other releases.

This issue has not been corrected in 0.8.36+nmu1ubuntu4.

With 0.8.36+nmu1ubuntu3 and after an update to 0.8.36+nmu1ubuntu4, the
resolv.conf looks like the following (which is vulnerable to mitm
attacks):

```
root@foo:~# cat /etc/resolv.conf
# This is /run/systemd/resolve/stub-resolv.conf managed by
man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but
only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search DOMAINS
```

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1978351/+subscriptions

--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2007272]

2023-03-17 Thread Marc Deslauriers

Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is available, members of the security team will review it and
publish the package. See the following link for more information:
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

** Tags added: community-security

** Information type changed from Private Security to Public Security

** Changed in: heimdal (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to heimdal in Ubuntu.
https://bugs.launchpad.net/bugs/2007272

Title:
  I have ubuntu 22.04 on my system and have the following vulnerability
  : CVE-2022-42898.  On which release/path of Ubuntu can I expect them
  to be fixed ?

Status in heimdal package in Ubuntu:
  Confirmed

Bug description:
  I have ubuntu 22.04 on my system and it has the following
  vulnerability : CVE-2022-42898. Here is the link to the Ubuntu CVE
  link : https://ubuntu.com/security/CVE-2022-42898. On which
  version/patch of Ubuntu can I expect this to get fixed ?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/2007272/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2007730] Re: Unpatched CVE in Jammy

2023-03-17 Thread Marc Deslauriers

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2007730

Title:
  Unpatched CVE in Jammy

Status in openssl package in Ubuntu:
  New

Bug description:
  CVE-2022-3996 (7.5) is showing as in need of patching in Jammy. 
  I was able to apply the upstream patch without modification to the source.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2007730/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2009948] Re: Problem with xorg

2023-03-17 Thread Marc Deslauriers

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/2009948

Title:
  Problem with xorg

Status in xorg package in Ubuntu:
  New

Bug description:
  Is not working.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: xorg 1:7.7+23ubuntu2
  ProcVersionSignature: Ubuntu 5.19.0-35.36~22.04.1-generic 5.19.17
  Uname: Linux 5.19.0-35-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  .proc.driver.nvidia.capabilities.gpu0: Error: path was not a regular file.
  .proc.driver.nvidia.capabilities.mig: Error: path was not a regular file.
  .proc.driver.nvidia.gpus..01.00.0: Error: path was not a regular file.
  .proc.driver.nvidia.registry: Binary: ""
  .proc.driver.nvidia.suspend: suspend hibernate resume
  .proc.driver.nvidia.suspend_depth: default modeset uvm
  .proc.driver.nvidia.version:
   NVRM version: NVIDIA UNIX x86_64 Kernel Module  525.85.05  Sat Jan 14 
00:49:50 UTC 2023
   GCC version:
  ApportVersion: 2.20.11-0ubuntu82.3
  Architecture: amd64
  CasperMD5CheckResult: fail
  CompositorRunning: None
  CurrentDesktop: ubuntu:GNOME
  Date: Fri Mar 10 09:08:31 2023
  DistUpgraded: Fresh install
  DistroCodename: jammy
  DistroVariant: ubuntu
  DkmsStatus: virtualbox/6.1.38, 5.19.0-35-generic, x86_64: installed
  ExtraDebuggingInterest: Yes, if not too technical
  GraphicsCard:
   Intel Corporation CometLake-U GT2 [UHD Graphics] [8086:9b41] (rev 02) 
(prog-if 00 [VGA controller])
 Subsystem: Dell CometLake-U GT2 [UHD Graphics] [1028:0959]
 Subsystem: Dell GP108M [GeForce MX230] [1028:0959]
  InstallationDate: Installed on 2023-03-10 (0 days ago)
  InstallationMedia: Ubuntu 22.04.2 LTS "Jammy Jellyfish" - Release amd64 
(20230223)
  MachineType: Dell Inc. Vostro 5490
  ProcEnviron:
   LANGUAGE=pt_BR:pt:en
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=pt_BR.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.19.0-35-generic 
root=UUID=b6242c65-c3ec-45af-912f-e70f66a54868 ro quiet splash vt.handoff=7
  SourcePackage: xorg
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 07/08/2022
  dmi.bios.release: 1.20
  dmi.bios.vendor: Dell Inc.
  dmi.bios.version: 1.20.0
  dmi.board.name: 0M9F58
  dmi.board.vendor: Dell Inc.
  dmi.board.version: A04
  dmi.chassis.type: 10
  dmi.chassis.vendor: Dell Inc.
  dmi.modalias: 
dmi:bvnDellInc.:bvr1.20.0:bd07/08/2022:br1.20:svnDellInc.:pnVostro5490:pvr:rvnDellInc.:rn0M9F58:rvrA04:cvnDellInc.:ct10:cvr:sku0959:
  dmi.product.family: Vostro
  dmi.product.name: Vostro 5490
  dmi.product.sku: 0959
  dmi.sys.vendor: Dell Inc.
  version.compiz: compiz N/A
  version.libdrm2: libdrm2 2.4.113-2~ubuntu0.22.04.1
  version.libgl1-mesa-dri: libgl1-mesa-dri 22.2.5-0ubuntu0.1~22.04.1
  version.libgl1-mesa-glx: libgl1-mesa-glx N/A
  version.nvidia-graphics-drivers: nvidia-graphics-drivers-* N/A
  version.xserver-xorg-core: xserver-xorg-core 2:21.1.3-2ubuntu2.7
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
  version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-2ubuntu1
  version.xserver-xorg-video-intel: xserver-xorg-video-intel 
2:2.99.917+git20210115-1
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 
1:1.0.17-2build1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/2009948/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2011622] Re: rsync 3.1.3-8ubuntu0.5 (CVE-2022-29154 patch) breaks remote brace interpretation

2023-03-16 Thread Marc Deslauriers

I am closing this bug, since the new behaviour is expected with the
security fix. Thanks!

** Changed in: rsync (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/2011622

Title:
  rsync 3.1.3-8ubuntu0.5 (CVE-2022-29154 patch) breaks remote brace
  interpretation

Status in rsync package in Ubuntu:
  Invalid

Bug description:
  Commands like this:
  rsync -a host.example.org:\{this,that} .
  have worked for decades, in multiple Ubuntu versions, but were broken by the 
rsync 3.1.3-8ubuntu0 update (on the client, i.e. the machine on which I type 
that command).

  (To be clear, the backslash there quotes the '{' so that it is sent to
  the remote rsync rather than being interpreted by the local shell.)

  ("What happens instead?"  It now says "rsync: link_stat
  "/home/flaps/{this,that}" failed: No such file or directory (2)".)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2011622/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2011622] Re: rsync 3.1.3-8ubuntu0.5 (CVE-2022-29154 patch) breaks remote brace interpretation

2023-03-15 Thread Marc Deslauriers

Hi,

The security fix for CVE-2022-29154 unfortunately changed the way
arguments are handled.

Could you try adding --old-args ? That should restore the previous
behaviour you are expecting.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-29154

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/2011622

Title:
  rsync 3.1.3-8ubuntu0.5 (CVE-2022-29154 patch) breaks remote brace
  interpretation

Status in rsync package in Ubuntu:
  New

Bug description:
  Commands like this:
  rsync -a host.example.org:\{this,that} .
  have worked for decades, in multiple Ubuntu versions, but were broken by the 
rsync 3.1.3-8ubuntu0 update (on the client, i.e. the machine on which I type 
that command).

  (To be clear, the backslash there quotes the '{' so that it is sent to
  the remote rsync rather than being interpreted by the local shell.)

  ("What happens instead?"  It now says "rsync: link_stat
  "/home/flaps/{this,that}" failed: No such file or directory (2)".)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2011622/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2009756] Re: backups fail since latest rsync security update

2023-03-14 Thread Marc Deslauriers

** Changed in: rsync (Ubuntu Jammy)
   Status: New => Invalid

** Changed in: rsync (Ubuntu Kinetic)
   Status: New => Invalid

** Changed in: rsync (Ubuntu Lunar)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/2009756

Title:
  backups fail since latest rsync security update

Status in backintime package in Ubuntu:
  Fix Released
Status in rsync package in Ubuntu:
  Invalid
Status in backintime source package in Jammy:
  Fix Released
Status in rsync source package in Jammy:
  Invalid
Status in backintime source package in Kinetic:
  Fix Released
Status in rsync source package in Kinetic:
  Invalid
Status in backintime source package in Lunar:
  Fix Released
Status in rsync source package in Lunar:
  Invalid

Bug description:
  Backintime uses rsync to perform updates. Unfortunately there is an
  incompatibility between the currently released version of backintime
  and rsync >= 3.2.4 (see https://github.com/bit-
  team/backintime/issues/1247)

  Rsync has been updated from 3.2.3 to 3.2.7 on Feb 27. This broke
  backintime backups. The symptom is an error message like this:

  Command "rsync -a --delete --rsh=ssh -o ServerAliveInterval=240 -o
  LogLevel=Error -o IdentityFile=/home/aurelien/.ssh/backintime -p 22
  /tmp/tmpxilwcwk4/
  u...@example.com:"./backintime/switch/aurelien/1/20230308-230517-262""
  returns 3 | rsync: change_dir#3
  "/data/home/user//"./backintime/switch/aurelien/1" failed: No such
  file or directory (2)

  The workaround described in the GitHub issue works (passing `--old-
  args` to rsync), but maybe it would be better if the backintime
  package did this automatically?

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: backintime-common 1.2.1-3ubuntu0.1
  ProcVersionSignature: Ubuntu 5.19.0-35.36~22.04.1-generic 5.19.17
  Uname: Linux 5.19.0-35-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.3
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: KDE
  Date: Wed Mar  8 23:19:02 2023
  InstallationDate: Installed on 2021-06-23 (623 days ago)
  InstallationMedia: Kubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 
(20210209.1)
  PackageArchitecture: all
  SourcePackage: backintime
  UpgradeStatus: Upgraded to jammy on 2022-08-24 (196 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/2009756/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2009756] Re: backups fail since latest rsync security update

2023-03-10 Thread Marc Deslauriers

Great, I'll release the updates monday morning. Thanks for testing!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/2009756

Title:
  backups fail since latest rsync security update

Status in backintime package in Ubuntu:
  Fix Released
Status in rsync package in Ubuntu:
  New
Status in backintime source package in Jammy:
  In Progress
Status in rsync source package in Jammy:
  New
Status in backintime source package in Kinetic:
  In Progress
Status in rsync source package in Kinetic:
  New
Status in backintime source package in Lunar:
  Fix Released
Status in rsync source package in Lunar:
  New

Bug description:
  Backintime uses rsync to perform updates. Unfortunately there is an
  incompatibility between the currently released version of backintime
  and rsync >= 3.2.4 (see https://github.com/bit-
  team/backintime/issues/1247)

  Rsync has been updated from 3.2.3 to 3.2.7 on Feb 27. This broke
  backintime backups. The symptom is an error message like this:

  Command "rsync -a --delete --rsh=ssh -o ServerAliveInterval=240 -o
  LogLevel=Error -o IdentityFile=/home/aurelien/.ssh/backintime -p 22
  /tmp/tmpxilwcwk4/
  u...@example.com:"./backintime/switch/aurelien/1/20230308-230517-262""
  returns 3 | rsync: change_dir#3
  "/data/home/user//"./backintime/switch/aurelien/1" failed: No such
  file or directory (2)

  The workaround described in the GitHub issue works (passing `--old-
  args` to rsync), but maybe it would be better if the backintime
  package did this automatically?

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: backintime-common 1.2.1-3ubuntu0.1
  ProcVersionSignature: Ubuntu 5.19.0-35.36~22.04.1-generic 5.19.17
  Uname: Linux 5.19.0-35-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.3
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: KDE
  Date: Wed Mar  8 23:19:02 2023
  InstallationDate: Installed on 2021-06-23 (623 days ago)
  InstallationMedia: Kubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 
(20210209.1)
  PackageArchitecture: all
  SourcePackage: backintime
  UpgradeStatus: Upgraded to jammy on 2022-08-24 (196 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/2009756/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2009756] Re: backups fail since latest rsync security update

2023-03-10 Thread Marc Deslauriers

I have fixed the typo, and have uploaded new packages to the PPA listed
above. I've run a successful backup with them on both jammy and kinetic.

Could you please confirm they fix the issue for you? Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/2009756

Title:
  backups fail since latest rsync security update

Status in backintime package in Ubuntu:
  Fix Released
Status in rsync package in Ubuntu:
  New
Status in backintime source package in Jammy:
  In Progress
Status in rsync source package in Jammy:
  New
Status in backintime source package in Kinetic:
  In Progress
Status in rsync source package in Kinetic:
  New
Status in backintime source package in Lunar:
  Fix Released
Status in rsync source package in Lunar:
  New

Bug description:
  Backintime uses rsync to perform updates. Unfortunately there is an
  incompatibility between the currently released version of backintime
  and rsync >= 3.2.4 (see https://github.com/bit-
  team/backintime/issues/1247)

  Rsync has been updated from 3.2.3 to 3.2.7 on Feb 27. This broke
  backintime backups. The symptom is an error message like this:

  Command "rsync -a --delete --rsh=ssh -o ServerAliveInterval=240 -o
  LogLevel=Error -o IdentityFile=/home/aurelien/.ssh/backintime -p 22
  /tmp/tmpxilwcwk4/
  u...@example.com:"./backintime/switch/aurelien/1/20230308-230517-262""
  returns 3 | rsync: change_dir#3
  "/data/home/user//"./backintime/switch/aurelien/1" failed: No such
  file or directory (2)

  The workaround described in the GitHub issue works (passing `--old-
  args` to rsync), but maybe it would be better if the backintime
  package did this automatically?

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: backintime-common 1.2.1-3ubuntu0.1
  ProcVersionSignature: Ubuntu 5.19.0-35.36~22.04.1-generic 5.19.17
  Uname: Linux 5.19.0-35-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.3
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: KDE
  Date: Wed Mar  8 23:19:02 2023
  InstallationDate: Installed on 2021-06-23 (623 days ago)
  InstallationMedia: Kubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 
(20210209.1)
  PackageArchitecture: all
  SourcePackage: backintime
  UpgradeStatus: Upgraded to jammy on 2022-08-24 (196 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/2009756/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2009756] Re: backups fail since latest rsync security update

Oh whoops, sorry about that, I'll upload a fixed version first thing
tomorrow (after at least installing it this time).

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/2009756

Title:
  backups fail since latest rsync security update

Status in backintime package in Ubuntu:
  Fix Released
Status in rsync package in Ubuntu:
  New
Status in backintime source package in Jammy:
  In Progress
Status in rsync source package in Jammy:
  New
Status in backintime source package in Kinetic:
  In Progress
Status in rsync source package in Kinetic:
  New
Status in backintime source package in Lunar:
  Fix Released
Status in rsync source package in Lunar:
  New

Bug description:
  Backintime uses rsync to perform updates. Unfortunately there is an
  incompatibility between the currently released version of backintime
  and rsync >= 3.2.4 (see https://github.com/bit-
  team/backintime/issues/1247)

  Rsync has been updated from 3.2.3 to 3.2.7 on Feb 27. This broke
  backintime backups. The symptom is an error message like this:

  Command "rsync -a --delete --rsh=ssh -o ServerAliveInterval=240 -o
  LogLevel=Error -o IdentityFile=/home/aurelien/.ssh/backintime -p 22
  /tmp/tmpxilwcwk4/
  u...@example.com:"./backintime/switch/aurelien/1/20230308-230517-262""
  returns 3 | rsync: change_dir#3
  "/data/home/user//"./backintime/switch/aurelien/1" failed: No such
  file or directory (2)

  The workaround described in the GitHub issue works (passing `--old-
  args` to rsync), but maybe it would be better if the backintime
  package did this automatically?

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: backintime-common 1.2.1-3ubuntu0.1
  ProcVersionSignature: Ubuntu 5.19.0-35.36~22.04.1-generic 5.19.17
  Uname: Linux 5.19.0-35-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.3
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: KDE
  Date: Wed Mar  8 23:19:02 2023
  InstallationDate: Installed on 2021-06-23 (623 days ago)
  InstallationMedia: Kubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 
(20210209.1)
  PackageArchitecture: all
  SourcePackage: backintime
  UpgradeStatus: Upgraded to jammy on 2022-08-24 (196 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/2009756/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2009756] Re: backups fail since latest rsync security update

** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/2009756

Title:
  backups fail since latest rsync security update

Status in backintime package in Ubuntu:
  Fix Released
Status in rsync package in Ubuntu:
  New
Status in backintime source package in Jammy:
  In Progress
Status in rsync source package in Jammy:
  New
Status in backintime source package in Kinetic:
  In Progress
Status in rsync source package in Kinetic:
  New
Status in backintime source package in Lunar:
  Fix Released
Status in rsync source package in Lunar:
  New

Bug description:
  Backintime uses rsync to perform updates. Unfortunately there is an
  incompatibility between the currently released version of backintime
  and rsync >= 3.2.4 (see https://github.com/bit-
  team/backintime/issues/1247)

  Rsync has been updated from 3.2.3 to 3.2.7 on Feb 27. This broke
  backintime backups. The symptom is an error message like this:

  Command "rsync -a --delete --rsh=ssh -o ServerAliveInterval=240 -o
  LogLevel=Error -o IdentityFile=/home/aurelien/.ssh/backintime -p 22
  /tmp/tmpxilwcwk4/
  u...@example.com:"./backintime/switch/aurelien/1/20230308-230517-262""
  returns 3 | rsync: change_dir#3
  "/data/home/user//"./backintime/switch/aurelien/1" failed: No such
  file or directory (2)

  The workaround described in the GitHub issue works (passing `--old-
  args` to rsync), but maybe it would be better if the backintime
  package did this automatically?

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: backintime-common 1.2.1-3ubuntu0.1
  ProcVersionSignature: Ubuntu 5.19.0-35.36~22.04.1-generic 5.19.17
  Uname: Linux 5.19.0-35-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.3
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: KDE
  Date: Wed Mar  8 23:19:02 2023
  InstallationDate: Installed on 2021-06-23 (623 days ago)
  InstallationMedia: Kubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 
(20210209.1)
  PackageArchitecture: all
  SourcePackage: backintime
  UpgradeStatus: Upgraded to jammy on 2022-08-24 (196 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/2009756/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2009706] Re: rsync 3.1.2-2.1ubuntu1.6 breaks compatibility with unison 2.48.4-1ubuntu1 on Bionic

Looks like the rsync security update doesn't like the way unison is
handling arguments. Perhaps adding --old-args to the command lines here
would help:

copyprog = rsync -a -A -X --rsh=ssh --inplace --compress
copyprogrest = rsync -a -A -X --rsh=ssh --partial --inplace --compress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/2009706

Title:
  rsync 3.1.2-2.1ubuntu1.6 breaks compatibility with unison
  2.48.4-1ubuntu1 on Bionic

Status in rsync package in Ubuntu:
  New
Status in unison package in Ubuntu:
  New

Bug description:
  Rsync 3.1.2-2.1ubuntu1.6, when used by Unison using the copyprog
  option in Unison, produces an error message and fails to sync files.
  Rsync 3.1.2-2.1ubuntu1 succeeds in syncing files. I believe Rsync
  3.1.2-2.1ubuntu1.5 succeeded but I no longer have the .deb file to
  test with.

  Steps to reproduce:

  Create a unison profile similar to the one given below, to sync a
  folder between a local machine and a remote ssh server. Both client
  and server need the same Ubuntu and Unison versions, and I used
  unpassphrased SSH keys for authentication. Place a test file in the
  folder to be synced, then run 'unison profilename'.

  Note that I have redacted domains in the below.

  Unison profile:

  label = Test Profile
  root = /root/unison-test
  root = ssh://fs2b.our.domain.org.uk//root/unison-test

  # run repeatedly and fully automatically
  auto = true
  batch = true
  copyonconflict = true
  #repeat = 60

  # the copy program must be manually specified in order to sync ACLs
  copythreshold=0
  copyprog = rsync -a -A -X --rsh=ssh --inplace --compress
  copyprogrest = rsync -a -A -X --rsh=ssh --partial --inplace --compress

  # general settings
  group = true
  owner = true
  #path = sharedfolder
  #path = users
  perms = -1
  sortbysize = true
  times = true

  Unison output with rsync 3.1.2-2.1ubuntu1.6
  root@fs72a:~# unison fs2b_unisontest -debug all
  [startup] Preferences:
  ui = graphic
  host =
  server = false
  prefsdocs = false
  doc =
  version = false
  silent = false
  dumbtty = false
  testserver = false
  rest = fs2b_unisontest
  showprev = false
  selftest = false
  confirmmerge = false
  retry = 0
  repeat =
  contactquietly = false
  key =
  label = Syncs P and S drives between fs72a and fs2a
  expert = false
  height = 15
  auto = true
  maxthreads = 0
  maxsizethreshold = -1
  prefer =
  force =
  sortnewfirst = false
  sortbysize = true
  keeptempfilesaftermerge = false
  diff = diff -u CURRENT2 CURRENT1
  copyonconflict = true
  backupdir =
  maxbackups = 2
  backups = false
  backupsuffix =
  backupprefix = .bak.$VERSION.
  backuploc = central
  copymax = 1
  copyquoterem = default
  copythreshold = 0
  copyprogrest = rsync -a -A -X --rsh=ssh --partial --inplace --compress
  copyprog = rsync -a -A -X --rsh=ssh --inplace --compress
  rsync = true
  fastcheck = default
  ignorelocks = false
  dumparchives = false
  showarchive = false
  rootsName =
  ignorearchives = false
  fastercheckUNSAFE = false
  fat = false
  allHostsAreRunningWindows = false
  someHostIsRunningWindows = false
  confirmbigdel = true
  batch = true
  root = ssh://fs2b.our.domain.org.uk//root/unison-test
  root = /root/unison-test
  killserver = false
  halfduplex = false
  stream = true
  addversionno = false
  servercmd =
  sshargs =
  rshargs =
  rshcmd = rsh
  sshcmd = ssh
  xferbycopying = true
  sshversion =
  clientHostName = fs72a
  ignoreinodenumbers = false
  links-aux = true
  links = default
  times = true
  group = true
  owner = true
  numericids = false
  dontchmod = false
  perms = -1
  watch = true
  rsrc-aux = false
  rsrc = default
  maxerrors = 1
  unicodeCS = false
  unicodeEnc = false
  unicode = default
  someHostIsInsensitive = false
  ignorecase = default
  timers = false
  terse = false
  logfile = /root/.unison/unison.log
  log = true
  debugtimes = false
  debug = all
  addprefsto =
  Contacting server...
  [remote] Shell connection: ssh (ssh, fs2b.our.domain.org.uk, -e, none, 
unison, -server)
  [globals] Checking path '' for expansions
  Connected [//fs2b//root/unison-test -> //fs72a//root/unison-test]
  [startup] Roots:
  /root/unison-test
  ssh://fs2b.our.domain.org.uk//root/unison-test
i.e.
  /root/unison-test
  ssh://fs2b.our.domain.org.uk//root/unison-test
i.e. (in canonical order)
 /root/unison-test
 //fs2b//root/unison-test

  [props] Setting permission mask to  (7 and )
  [stasher] initBackupsLocal
  [stasher] d = /
  [stasher] Prefix and suffix regexps for backup filenames have been updated
  [server: stasher] initBackupsLocal
  [server: stasher] d = /
  [server: stasher] Prefix and suffix regexps for backup filenames have been 
updated
  Looking for changes
  [ui] temp: Globals.paths =
  [update] Loading archive from

[Touch-packages] [Bug 2009756] Re: backups fail since latest rsync security update

Some users only have the -security pocket enabled, and not -updates, so
when a fix is required for a regression introduced by a security update,
it needs to go to the -security pocket. It doesn't in any way mean BIT
had a security issue.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/2009756

Title:
  backups fail since latest rsync security update

Status in backintime package in Ubuntu:
  Fix Released
Status in rsync package in Ubuntu:
  New
Status in backintime source package in Jammy:
  In Progress
Status in rsync source package in Jammy:
  New
Status in backintime source package in Kinetic:
  In Progress
Status in rsync source package in Kinetic:
  New
Status in backintime source package in Lunar:
  Fix Released
Status in rsync source package in Lunar:
  New

Bug description:
  Backintime uses rsync to perform updates. Unfortunately there is an
  incompatibility between the currently released version of backintime
  and rsync >= 3.2.4 (see https://github.com/bit-
  team/backintime/issues/1247)

  Rsync has been updated from 3.2.3 to 3.2.7 on Feb 27. This broke
  backintime backups. The symptom is an error message like this:

  Command "rsync -a --delete --rsh=ssh -o ServerAliveInterval=240 -o
  LogLevel=Error -o IdentityFile=/home/aurelien/.ssh/backintime -p 22
  /tmp/tmpxilwcwk4/
  u...@example.com:"./backintime/switch/aurelien/1/20230308-230517-262""
  returns 3 | rsync: change_dir#3
  "/data/home/user//"./backintime/switch/aurelien/1" failed: No such
  file or directory (2)

  The workaround described in the GitHub issue works (passing `--old-
  args` to rsync), but maybe it would be better if the backintime
  package did this automatically?

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: backintime-common 1.2.1-3ubuntu0.1
  ProcVersionSignature: Ubuntu 5.19.0-35.36~22.04.1-generic 5.19.17
  Uname: Linux 5.19.0-35-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.3
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: KDE
  Date: Wed Mar  8 23:19:02 2023
  InstallationDate: Installed on 2021-06-23 (623 days ago)
  InstallationMedia: Kubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 
(20210209.1)
  PackageArchitecture: all
  SourcePackage: backintime
  UpgradeStatus: Upgraded to jammy on 2022-08-24 (196 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/2009756/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2009756] Re: backups fail since latest rsync security update

Hi @agateau,

I have uploaded fixed backintime packages for jammy and kinetic to the
security team PPA here:

https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages

Once they are finished building, could you give them a try? If they work
correctly, I will release them.

Thanks!

** Changed in: backintime (Ubuntu)
   Status: Invalid => In Progress

** Changed in: backintime (Ubuntu)
 Assignee: buhtz (buhtz) => Marc Deslauriers (mdeslaur)

** Also affects: rsync (Ubuntu Lunar)
   Importance: Undecided
   Status: New

** Also affects: backintime (Ubuntu Lunar)
   Importance: Undecided
 Assignee: Marc Deslauriers (mdeslaur)
   Status: In Progress

** Also affects: rsync (Ubuntu Kinetic)
   Importance: Undecided
   Status: New

** Also affects: backintime (Ubuntu Kinetic)
   Importance: Undecided
   Status: New

** Also affects: rsync (Ubuntu Jammy)
   Importance: Undecided
   Status: New

** Also affects: backintime (Ubuntu Jammy)
   Importance: Undecided
   Status: New

** Changed in: backintime (Ubuntu Lunar)
   Status: In Progress => Fix Released

** Changed in: backintime (Ubuntu Kinetic)
   Status: New => In Progress

** Changed in: backintime (Ubuntu Jammy)
   Status: New => In Progress

** Changed in: backintime (Ubuntu Jammy)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: backintime (Ubuntu Kinetic)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/2009756

Title:
  backups fail since latest rsync security update

Status in backintime package in Ubuntu:
  Fix Released
Status in rsync package in Ubuntu:
  New
Status in backintime source package in Jammy:
  In Progress
Status in rsync source package in Jammy:
  New
Status in backintime source package in Kinetic:
  In Progress
Status in rsync source package in Kinetic:
  New
Status in backintime source package in Lunar:
  Fix Released
Status in rsync source package in Lunar:
  New

Bug description:
  Backintime uses rsync to perform updates. Unfortunately there is an
  incompatibility between the currently released version of backintime
  and rsync >= 3.2.4 (see https://github.com/bit-
  team/backintime/issues/1247)

  Rsync has been updated from 3.2.3 to 3.2.7 on Feb 27. This broke
  backintime backups. The symptom is an error message like this:

  Command "rsync -a --delete --rsh=ssh -o ServerAliveInterval=240 -o
  LogLevel=Error -o IdentityFile=/home/aurelien/.ssh/backintime -p 22
  /tmp/tmpxilwcwk4/
  u...@example.com:"./backintime/switch/aurelien/1/20230308-230517-262""
  returns 3 | rsync: change_dir#3
  "/data/home/user//"./backintime/switch/aurelien/1" failed: No such
  file or directory (2)

  The workaround described in the GitHub issue works (passing `--old-
  args` to rsync), but maybe it would be better if the backintime
  package did this automatically?

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: backintime-common 1.2.1-3ubuntu0.1
  ProcVersionSignature: Ubuntu 5.19.0-35.36~22.04.1-generic 5.19.17
  Uname: Linux 5.19.0-35-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.3
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: KDE
  Date: Wed Mar  8 23:19:02 2023
  InstallationDate: Installed on 2021-06-23 (623 days ago)
  InstallationMedia: Kubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 
(20210209.1)
  PackageArchitecture: all
  SourcePackage: backintime
  UpgradeStatus: Upgraded to jammy on 2022-08-24 (196 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/2009756/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2009575] Re: Upgrade to 3.1.3-8ubuntu0.5 causing sync errors

2023-03-08 Thread Marc Deslauriers

As this is working as expected, I am marking this bug as "invalid".
Thanks!

** Changed in: rsync (Ubuntu)
   Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/2009575

Title:
  Upgrade to 3.1.3-8ubuntu0.5 causing sync errors

Status in rsync package in Ubuntu:
  Invalid

Bug description:
  Hi

  Several systems running Ubuntu 20.04 upgraded their rsync package from
  3.1.3-8ubuntu0.4 to 3.1.3-8ubuntu0.5 overnight.

  Automated syncs that connect to a 16.04 ESM server are now failing
  with:

  receiving file list ...
  ERROR: rejecting unrequested file-list name: [redacted]
  rsync error: protocol incompatibility (code 2) at flist.c(916) 
[Receiver=3.1.3]

  Reverting to the previous release (3.1.3-8ubuntu0.4) on the client
  side solves the problem.

  This has been seen on multiple servers running 20.04 on amd64, I'll
  update this bug with details if we find it on other series too.

  The 16.04 ESM server being connected to is using the rsync package
  version 3.1.1-3ubuntu1.3+esm2, so no recent upgrades on that end.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2009575/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2009575] Re: Upgrade to 3.1.3-8ubuntu0.5 causing sync errors

2023-03-08 Thread Marc Deslauriers

I can confirm the scenario described in comment #5 is what is causing
the issue. There are two ways to correctly fix it: 1- ask for the right
directory that matches the forced command, or 2- use the new --old-args
option that was backported to the security update, that should bypass
the new security checks.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/2009575

Title:
  Upgrade to 3.1.3-8ubuntu0.5 causing sync errors

Status in rsync package in Ubuntu:
  Confirmed

Bug description:
  Hi

  Several systems running Ubuntu 20.04 upgraded their rsync package from
  3.1.3-8ubuntu0.4 to 3.1.3-8ubuntu0.5 overnight.

  Automated syncs that connect to a 16.04 ESM server are now failing
  with:

  receiving file list ...
  ERROR: rejecting unrequested file-list name: [redacted]
  rsync error: protocol incompatibility (code 2) at flist.c(916) 
[Receiver=3.1.3]

  Reverting to the previous release (3.1.3-8ubuntu0.4) on the client
  side solves the problem.

  This has been seen on multiple servers running 20.04 on amd64, I'll
  update this bug with details if we find it on other series too.

  The 16.04 ESM server being connected to is using the rsync package
  version 3.1.1-3ubuntu1.3+esm2, so no recent upgrades on that end.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2009575/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2002918] Re: ERROR: rejecting excluded file-list name

2023-03-08 Thread Marc Deslauriers

Please file a new bug for that issue, this bug is unrelated to the issue
you are having, and is closed. Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/2002918

Title:
  ERROR: rejecting excluded file-list name

Status in rsync:
  Unknown
Status in rsync package in Ubuntu:
  Fix Released

Bug description:
  Problems related to --exclude and --filter=protect options are raising
  error while execution of rsync.

  The following error is launched: 
  ERROR: rejecting excluded file-list name:
  rsync error: protocol incompatibility (code 2) at flist.c(994) 
[receiver=3.2.5]
  rsync: [sender] write error: Broken pipe (32)

  It was already reported in: https://github.com/WayneD/rsync/issues/375
  There is also a patch released.

  ---

  lsb_release -rd
  Description:Ubuntu 22.10
  Release:22.10

  apt-cache policy rsync
  rsync:
    Instalado: 3.2.5-1
    Candidato: 3.2.5-1

To manage notifications about this bug go to:
https://bugs.launchpad.net/rsync/+bug/2002918/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2009575] Re: Upgrade to 3.1.3-8ubuntu0.5 causing sync errors

So after looking further into the way the systems affected by this issue
are configured, this is what is happening:

1- rsync client is requesting a directory: rsync -v -rp 
sshuser@server:/var/cache/foo /tmp/foo
2- the server has an ssh forced command configured that is returning the 
contents of a different directory: rsync --server --sender -pr . /var/cache/bar
3- The updated rsync client now gets files from a different directory than what 
was requested, and is bailing out

The CVE-2022-29154 security update now validates that the server returns
a list of files that match the list of files that were requested,
instead of blindly accepting what the server sends, so I'm pretty
confident the error message is normal. I will be recreating this
scenario to confirm.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-29154

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/2009575

Title:
  Upgrade to 3.1.3-8ubuntu0.5 causing sync errors

Status in rsync package in Ubuntu:
  Confirmed

Bug description:
  Hi

  Several systems running Ubuntu 20.04 upgraded their rsync package from
  3.1.3-8ubuntu0.4 to 3.1.3-8ubuntu0.5 overnight.

  Automated syncs that connect to a 16.04 ESM server are now failing
  with:

  receiving file list ...
  ERROR: rejecting unrequested file-list name: [redacted]
  rsync error: protocol incompatibility (code 2) at flist.c(916) 
[Receiver=3.1.3]

  Reverting to the previous release (3.1.3-8ubuntu0.4) on the client
  side solves the problem.

  This has been seen on multiple servers running 20.04 on amd64, I'll
  update this bug with details if we find it on other series too.

  The 16.04 ESM server being connected to is using the rsync package
  version 3.1.1-3ubuntu1.3+esm2, so no recent upgrades on that end.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2009575/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2009575] Re: Upgrade to 3.1.3-8ubuntu0.5 causing sync errors

I'm going to need a reproducer for this issue so I can figure out what's
not working in your specific example.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/2009575

Title:
  Upgrade to 3.1.3-8ubuntu0.5 causing sync errors

Status in rsync package in Ubuntu:
  Confirmed

Bug description:
  Hi

  Several systems running Ubuntu 20.04 upgraded their rsync package from
  3.1.3-8ubuntu0.4 to 3.1.3-8ubuntu0.5 overnight.

  Automated syncs that connect to a 16.04 ESM server are now failing
  with:

  receiving file list ...
  ERROR: rejecting unrequested file-list name: [redacted]
  rsync error: protocol incompatibility (code 2) at flist.c(916) 
[Receiver=3.1.3]

  Reverting to the previous release (3.1.3-8ubuntu0.4) on the client
  side solves the problem.

  This has been seen on multiple servers running 20.04 on amd64, I'll
  update this bug with details if we find it on other series too.

  The 16.04 ESM server being connected to is using the rsync package
  version 3.1.1-3ubuntu1.3+esm2, so no recent upgrades on that end.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2009575/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2009575] Re: Upgrade to 3.1.3-8ubuntu0.5 causing sync errors

** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/2009575

Title:
  Upgrade to 3.1.3-8ubuntu0.5 causing sync errors

Status in rsync package in Ubuntu:
  Confirmed

Bug description:
  Hi

  Several systems running Ubuntu 20.04 upgraded their rsync package from
  3.1.3-8ubuntu0.4 to 3.1.3-8ubuntu0.5 overnight.

  Automated syncs that connect to a 16.04 ESM server are now failing
  with:

  receiving file list ...
  ERROR: rejecting unrequested file-list name: [redacted]
  rsync error: protocol incompatibility (code 2) at flist.c(916) 
[Receiver=3.1.3]

  Reverting to the previous release (3.1.3-8ubuntu0.4) on the client
  side solves the problem.

  This has been seen on multiple servers running 20.04 on amd64, I'll
  update this bug with details if we find it on other series too.

  The 16.04 ESM server being connected to is using the rsync package
  version 3.1.1-3ubuntu1.3+esm2, so no recent upgrades on that end.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2009575/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2009575] Re: Upgrade to 3.1.3-8ubuntu0.5 causing sync errors