[Touch-packages] [Bug 2083530] Re: gnome-control-center not able to add printer or make settings
Sebastien Bacher ~seb128: this Bug is also related to other gnome Apps like gnome-document-viewer (is it called so?). Here you also can't print e.g. pdf-files. In my case: I see two printers and equal which one I select, it gets not the current status to perform a print-job. Please see: https://ibb.co/5nX0H8h (gnome-document-viewer or gnome-pdf-viewer?) https://ibb.co/xXM6tZ9 (Select printer to perform job) FYI: in all Apps which offer printing all is working perfectly, e.g. Firefox, Thunderbird, Open Office, Editor, gedit, etc. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/2083530 Title: gnome-control-center not able to add printer or make settings Status in cups package in Ubuntu: New Status in gnome-control-center package in Ubuntu: New Bug description: don't know why, but i'm no more able to add a printer or make specific settings and also unable to remove it. Now i must switch to another app which is able to do that all. By the way: why i see my printer twice? It's in fact installed once only. Sorry, German GUI: https://ibb.co/Sfxz7nY This is from the alternate app which don't have this problem (KDE-System-Einstellungen): https://ibb.co/0CFmpwx If you need special informations, please advice, i will provide it. Oh: I'm on Ubuntu 24.04.1 LTS (AMD 64) and gnome-control-center from store in version 46.0.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/2083530/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2082335] Re: Sept 2024 security issue tracking bug
** Changed in: cups (Ubuntu Oracular) Status: New => Fix Committed ** Changed in: cups (Ubuntu Focal) Assignee: Kevin bush (akjk32002) => (unassigned) ** Changed in: cups (Ubuntu Jammy) Assignee: Kevin bush (akjk32002) => (unassigned) ** Changed in: cups (Ubuntu Noble) Assignee: Kevin bush (akjk32002) => (unassigned) ** Changed in: cups-browsed (Ubuntu Oracular) Status: New => Fix Committed ** Changed in: libcupsfilters (Ubuntu Oracular) Status: New => Fix Committed ** Changed in: libppd (Ubuntu Oracular) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/2082335 Title: Sept 2024 security issue tracking bug Status in cups package in Ubuntu: Fix Committed Status in cups-browsed package in Ubuntu: Fix Committed Status in cups-filters package in Ubuntu: Invalid Status in libcupsfilters package in Ubuntu: Fix Committed Status in libppd package in Ubuntu: Fix Committed Status in cups source package in Focal: Fix Released Status in cups-browsed source package in Focal: Invalid Status in cups-filters source package in Focal: Fix Released Status in libcupsfilters source package in Focal: Invalid Status in libppd source package in Focal: Invalid Status in cups source package in Jammy: Fix Released Status in cups-browsed source package in Jammy: Invalid Status in cups-filters source package in Jammy: Fix Released Status in libcupsfilters source package in Jammy: Invalid Status in libppd source package in Jammy: Invalid Status in cups source package in Noble: Fix Released Status in cups-browsed source package in Noble: Fix Released Status in cups-filters source package in Noble: Invalid Status in libcupsfilters source package in Noble: Fix Released Status in libppd source package in Noble: Fix Released Status in cups source package in Oracular: Fix Committed Status in cups-browsed source package in Oracular: Fix Committed Status in cups-filters source package in Oracular: Invalid Status in libcupsfilters source package in Oracular: Fix Committed Status in libppd source package in Oracular: Fix Committed Bug description: This bug is to track the vulnerabilities in the cups and associated packages. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/2082335/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2082335] Re: Sept 2024 security issue tracking bug
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/2082335 Title: Sept 2024 security issue tracking bug Status in cups package in Ubuntu: New Status in cups-browsed package in Ubuntu: New Status in cups-filters package in Ubuntu: Invalid Status in libcupsfilters package in Ubuntu: New Status in libppd package in Ubuntu: New Status in cups source package in Focal: New Status in cups-browsed source package in Focal: Invalid Status in cups-filters source package in Focal: New Status in libcupsfilters source package in Focal: Invalid Status in libppd source package in Focal: Invalid Status in cups source package in Jammy: Fix Released Status in cups-browsed source package in Jammy: Invalid Status in cups-filters source package in Jammy: New Status in libcupsfilters source package in Jammy: Invalid Status in libppd source package in Jammy: Invalid Status in cups source package in Noble: Fix Released Status in cups-browsed source package in Noble: New Status in cups-filters source package in Noble: Invalid Status in libcupsfilters source package in Noble: New Status in libppd source package in Noble: New Status in cups source package in Oracular: New Status in cups-browsed source package in Oracular: New Status in cups-filters source package in Oracular: Invalid Status in libcupsfilters source package in Oracular: New Status in libppd source package in Oracular: New Bug description: This bug is to track the vulnerabilities in the cups and associated packages. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/2082335/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2081875] [NEW] Update to 20240203 bundle
*** This bug is a security vulnerability *** Public security bug reported: This is a tracking bug to update the ca-certificates database to 2.64 ** Affects: ca-certificates (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: ca-certificates (Ubuntu Focal) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: In Progress ** Affects: ca-certificates (Ubuntu Jammy) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: In Progress ** Affects: ca-certificates (Ubuntu Noble) Importance: Undecided Status: Fix Released ** Affects: ca-certificates (Ubuntu Oracular) Importance: Undecided Status: Fix Released ** Also affects: ca-certificates (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: ca-certificates (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: ca-certificates (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: ca-certificates (Ubuntu Oracular) Importance: Undecided Status: New ** Changed in: ca-certificates (Ubuntu Oracular) Status: New => Fix Released ** Changed in: ca-certificates (Ubuntu Noble) Status: New => Fix Released ** Changed in: ca-certificates (Ubuntu Focal) Status: New => In Progress ** Changed in: ca-certificates (Ubuntu Jammy) Status: New => In Progress ** Changed in: ca-certificates (Ubuntu Focal) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: ca-certificates (Ubuntu Jammy) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/2081875 Title: Update to 20240203 bundle Status in ca-certificates package in Ubuntu: Fix Released Status in ca-certificates source package in Focal: In Progress Status in ca-certificates source package in Jammy: In Progress Status in ca-certificates source package in Noble: Fix Released Status in ca-certificates source package in Oracular: Fix Released Bug description: This is a tracking bug to update the ca-certificates database to 2.64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/2081875/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2081855] Re: Following recent Ubuntu 24.04.1 LTS upgrade an 'Error: opening the cache'.
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public ** Package changed: ubuntu-docs (Ubuntu) => apt (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/2081855 Title: Following recent Ubuntu 24.04.1 LTS upgrade an 'Error: opening the cache'. Status in apt package in Ubuntu: New Bug description: 'Error opening the cache (E: Malformed entry 1 in sources file/etc/apt/sources.list.d/third-party.sources (URI parse), E:The list of sources could not be read.)' Synaptic unavailable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2081855/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2080940] Re: unattended-upgrades broken by python-upgrade
** Bug watch added: github.com/python/cpython/issues #124170 https://github.com/python/cpython/issues/124170 ** Also affects: python via https://github.com/python/cpython/issues/124170 Importance: Unknown Status: Unknown ** Bug watch added: Debian Bug tracker #1079780 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079780 ** Also affects: python3.10 (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079780 Importance: Unknown Status: Unknown ** Package changed: python3.10 (Debian) => unattended-upgrades (Debian) ** Package changed: unattended-upgrades (Debian) => python3.12 (Debian) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/2080940 Title: unattended-upgrades broken by python-upgrade Status in Python: Unknown Status in python3.10 package in Ubuntu: Confirmed Status in python3.12 package in Ubuntu: Confirmed Status in python3.8 package in Ubuntu: Confirmed Status in unattended-upgrades package in Ubuntu: Won't Fix Status in python3.12 package in Debian: Unknown Bug description: at least focal and jammy are affected automatic updates installed "python3.10:amd64 3.10.12-1~22.04.6" tonight. This updated does not contain functions/classes required by unattended-upgrade. It resulted in broken status-emails for me, otherwise I would not have seen. One could argue that the bug is with python3.10, since there should be no breaking changes in LTS. Sep 17 06:05:01 xxx systemd[1]: Starting Daily apt upgrade and clean activities... Sep 17 06:05:24 xxx apt.systemd.daily[1894012]: Traceback (most recent call last): Sep 17 06:05:24 xxx apt.systemd.daily[1894012]: File "/usr/bin/unattended-upgrade", line 2005, in main Sep 17 06:05:24 xxx apt.systemd.daily[1894012]: send_summary_mail(res.pkgs, res.success, res.result_str, Sep 17 06:05:24 xxx apt.systemd.daily[1894012]: File "/usr/bin/unattended-upgrade", line 1509, in send_summary_mail Sep 17 06:05:24 xxx apt.systemd.daily[1894012]: ret = _send_mail_using_sendmail(from_email, to_email, subject, body) Sep 17 06:05:24 xxx apt.systemd.daily[1894012]: File "/usr/bin/unattended-upgrade", line 1408, in _send_mail_using_sendmail Sep 17 06:05:24 xxx apt.systemd.daily[1894012]: sendmail.stdin.write(msg.as_string()) Sep 17 06:05:24 xxx apt.systemd.daily[1894012]: File "/usr/lib/python3.10/email/message.py", line 151, in as_string Sep 17 06:05:24 xxx apt.systemd.daily[1894012]: from email.generator import Generator Sep 17 06:05:24 xxx apt.systemd.daily[1894012]: File "/usr/lib/python3.10/email/generator.py", line 17, in Sep 17 06:05:24 xxx apt.systemd.daily[1894012]: from email.errors import HeaderWriteError Sep 17 06:05:24 xxx apt.systemd.daily[1894012]: ImportError: cannot import name 'HeaderWriteError' from 'email.errors' (/usr/lib/python3.10/email/errors.py) To manage notifications about this bug go to: https://bugs.launchpad.net/python/+bug/2080940/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2051574] Re: gnome-shell-portal-helper crashed with SIGTRAP in waitUntilSyncedOrDie() from WebKit::XDGDBusProxy::launch() ["bwrap: setting up uid map: Permission denied" ; "Faile
I'll let someone else decide if this bug is still worth fixing even though we aren't using the helper anymore. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2051574 Title: gnome-shell-portal-helper crashed with SIGTRAP in waitUntilSyncedOrDie() from WebKit::XDGDBusProxy::launch() ["bwrap: setting up uid map: Permission denied" ; "Failed to fully launch dbus- proxy: Child process exited with code 1"] Status in apparmor package in Ubuntu: New Status in gnome-shell package in Ubuntu: Confirmed Status in webkit2gtk package in Ubuntu: Confirmed Bug description: Same as Summary ProblemType: Crash DistroRelease: Ubuntu 24.04 Package: gnome-shell 45.3-1ubuntu1 ProcVersionSignature: Ubuntu 6.6.0-14.14-generic 6.6.3 Uname: Linux 6.6.0-14-generic x86_64 ApportVersion: 2.27.0-0ubuntu6 Architecture: amd64 CasperMD5CheckResult: pass CrashCounter: 1 CurrentDesktop: ubuntu:GNOME Date: Mon Jan 29 08:56:29 2024 DisplayManager: gdm3 ExecutablePath: /usr/libexec/gnome-shell-portal-helper InstallationDate: Installed on 2024-01-25 (4 days ago) InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Daily amd64 (20240116) ProcCmdline: /usr/libexec/gnome-shell-portal-helper ProcEnviron: LANG=en_US.UTF-8 PATH=(custom, no user) SHELL=/bin/bash XDG_RUNTIME_DIR= RelatedPackageVersions: mutter-common 45.3-1ubuntu1 Signal: 5 SourcePackage: gnome-shell StacktraceTop: ?? () from /lib/x86_64-linux-gnu/libwebkitgtk-6.0.so.4 ?? () from /lib/x86_64-linux-gnu/libwebkitgtk-6.0.so.4 ?? () from /lib/x86_64-linux-gnu/libwebkitgtk-6.0.so.4 ?? () from /lib/x86_64-linux-gnu/libwebkitgtk-6.0.so.4 ?? () from /lib/x86_64-linux-gnu/libwebkitgtk-6.0.so.4 Title: gnome-shell-portal-helper crashed with signal 5 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sudo users separator: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2051574/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2051574] Re: gnome-shell-portal-helper crashed with SIGTRAP in waitUntilSyncedOrDie() from WebKit::XDGDBusProxy::launch() ["bwrap: setting up uid map: Permission denied" ; "Faile
Ah yes, this should be fixed now because of the security update. I meant to update this bug, but forgot. Thanks for noticing. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2051574 Title: gnome-shell-portal-helper crashed with SIGTRAP in waitUntilSyncedOrDie() from WebKit::XDGDBusProxy::launch() ["bwrap: setting up uid map: Permission denied" ; "Failed to fully launch dbus- proxy: Child process exited with code 1"] Status in apparmor package in Ubuntu: New Status in gnome-shell package in Ubuntu: Confirmed Status in webkit2gtk package in Ubuntu: Confirmed Bug description: Same as Summary ProblemType: Crash DistroRelease: Ubuntu 24.04 Package: gnome-shell 45.3-1ubuntu1 ProcVersionSignature: Ubuntu 6.6.0-14.14-generic 6.6.3 Uname: Linux 6.6.0-14-generic x86_64 ApportVersion: 2.27.0-0ubuntu6 Architecture: amd64 CasperMD5CheckResult: pass CrashCounter: 1 CurrentDesktop: ubuntu:GNOME Date: Mon Jan 29 08:56:29 2024 DisplayManager: gdm3 ExecutablePath: /usr/libexec/gnome-shell-portal-helper InstallationDate: Installed on 2024-01-25 (4 days ago) InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Daily amd64 (20240116) ProcCmdline: /usr/libexec/gnome-shell-portal-helper ProcEnviron: LANG=en_US.UTF-8 PATH=(custom, no user) SHELL=/bin/bash XDG_RUNTIME_DIR= RelatedPackageVersions: mutter-common 45.3-1ubuntu1 Signal: 5 SourcePackage: gnome-shell StacktraceTop: ?? () from /lib/x86_64-linux-gnu/libwebkitgtk-6.0.so.4 ?? () from /lib/x86_64-linux-gnu/libwebkitgtk-6.0.so.4 ?? () from /lib/x86_64-linux-gnu/libwebkitgtk-6.0.so.4 ?? () from /lib/x86_64-linux-gnu/libwebkitgtk-6.0.so.4 ?? () from /lib/x86_64-linux-gnu/libwebkitgtk-6.0.so.4 Title: gnome-shell-portal-helper crashed with signal 5 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sudo users separator: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2051574/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.
I'm sorry, but if this means that in the default configuration this is no longer working, how is this not a regression ? Should the default configuration not be so that both bind9 and libvirtd can be installed and used without issue as was the case before the dnsmasq update? Breaking this within an LTS release does not sounds right to me. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2055776 Title: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Status in dnsmasq package in Ubuntu: Invalid Bug description: phenomenon: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Cause: This is because the following dnsmasq update operation performed by apt's automatic update causes an error. It worked properly with dnsmasq 2.80, but does not work properly with 2.90. $ cat /var/log/apt/history.log (snip) Start-Date: 2024-02-27 06:17:31 Commandline: /usr/bin/unattended-upgrade Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1) End-Date: 2024-02-27 06:17:44 (snip) $ Cause details: As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below is an example. $ cat default.conf ##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE ##OVERWRITTEN AND LOST. Changes to this configuration should be made using: ##virsh net-edit default ## or other application using the libvirt API. ## ## dnsmasq conf file created by libvirt strict-order user=libvirt-dnsmasq pid-file=/run/libvirt/network/default.pid except-interface=lo bind-dynamic interface=virbr0 dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0 dhcp-no-override dhcp-authoritative dhcp-lease-max=253 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts $ When starting the network with KVM (virsh net-start), dnsmasq started from KVM executes the make_sock function twice as shown below. $ cat network.c (snip) 1087 static struct listener *create_listeners(union mysockaddr *addr, int do_ 1087 tftp, int dienow) 1088 { 1089 struct listener *l = NULL; 1090 int fd = -1, tcpfd = -1, tftpfd = -1; 1091 1092 (void)do_tftp; 1093 1094 if (daemon->port != 0) 1095 { 1096 fd = make_sock(addr, SOCK_DGRAM, dienow); 1097 tcpfd = make_sock(addr, SOCK_STREAM, dienow); 1098 } (snip) The following code causes an issue with the update made in dnsmasq 2.90. $ cat network.c (snip) 895 static int make_sock(union mysockaddr *addr, int type, int dienow) 896 { (snip) 934 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) 935 { 936 if (dienow) 937 die(s, daemon->addrbuff, EC_BADNET); 938 else 939 my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno))939 ; 940 } (snip) function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24, and then make_sock in network.c:1097 tries to bind to the same address. However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so dnsmasq does not cause a startup error. As a result, virsh net-start fails. As a temporary workaround, it will work if you try not to die. $ diff -u network_c_back network.c --- network_c_back 2024-02-29 15:36:05.156467935 + +++ network.c 2024-02-29 15:36:38.733324350 + @@ -934,7 +934,8 @@ if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) { if (dienow) - die(s, daemon->addrbuff, EC_BADNET); + my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); + //die(s, daemon->addrbuff, EC_BADNET); else my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); } $ If bind-dynamic is set, it should be modified so that it works even if errno==98. For reference, in the case of dnsmasq 2.80, the code is as follows, so no error occurs. network.c 699 static int make_sock(union mysockaddr *addr, int type, int dienow) 700 { 701 int family = addr->sa.sa_family; 702 int fd, rc, opt = 1; (snip) 715 err: 716 errsave = errno; 717 port = prettyprint_addr(addr, daemon->addrbuff); 718 if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND)) 719 sprintf(daemon->addrbuff, "port %d", port); 720 s = _("failed to create listening socket for %s: %s"); 721 722 if (fd != -1) 723 close (fd); 724 725 errno = errsave;
[Touch-packages] [Bug 2059265] Re: Kubuntu bluetooth wireles keyboard not see.
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bluez in Ubuntu. https://bugs.launchpad.net/bugs/2059265 Title: Kubuntu bluetooth wireles keyboard not see. Status in bluez package in Ubuntu: New Bug description: Hello, bluetooth not finding my new wireless keyboard this keyboard is k68 https://www.youtube.com/watch?v=ycuVPePMHFo this keyboard is bluetooth not finding. But When I open pairing mode my xiaomi 11 ultra and ipad 9 finding perfectly. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: bluetooth (not installed) ProcVersionSignature: Ubuntu 6.5.0-26.26~22.04.1-generic 6.5.13 Uname: Linux 6.5.0-26-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: KDE Date: Wed Mar 27 17:30:49 2024 InstallationDate: Installed on 2024-03-10 (16 days ago) InstallationMedia: Kubuntu 22.04.4 LTS "Jammy Jellyfish" - Release amd64 (20240216.1) InterestingModules: rfcomm bnep btusb bluetooth MachineType: Dell Inc. Dell G16 7630 ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-6.5.0-26-generic root=UUID=c568cecc-2731-49dd-a130-ac30c7395f61 ro quiet splash vt.handoff=7 SourcePackage: bluez UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 01/05/2024 dmi.bios.release: 1.12 dmi.bios.vendor: Dell Inc. dmi.bios.version: 1.12.0 dmi.board.name: 0GT7NV dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 10 dmi.chassis.vendor: Dell Inc. dmi.ec.firmware.release: 1.4 dmi.modalias: dmi:bvnDellInc.:bvr1.12.0:bd01/05/2024:br1.12:efr1.4:svnDellInc.:pnDellG167630:pvr:rvnDellInc.:rn0GT7NV:rvrA00:cvnDellInc.:ct10:cvr:sku0BFA: dmi.product.family: GSeries dmi.product.name: Dell G16 7630 dmi.product.sku: 0BFA dmi.sys.vendor: Dell Inc. hciconfig: hci0:Type: Primary Bus: USB BD Address: E0:D0:45:D9:23:84 ACL MTU: 1021:4 SCO MTU: 96:6 UP RUNNING PSCAN RX bytes:52443 acl:97 sco:0 events:6953 errors:0 TX bytes:5597118 acl:6626 sco:0 commands:306 errors:0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/2059265/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2059224] Re: package linux-image-5.15.0-101-generic 5.15.0-101.111~20.04.1 failed to install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/2059224 Title: package linux-image-5.15.0-101-generic 5.15.0-101.111~20.04.1 failed to install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1 Status in initramfs-tools package in Ubuntu: New Bug description: i am suddenly facing automatic logout terminal section and he shows linux image error. ProblemType: Package DistroRelease: Ubuntu 20.04 Package: linux-image-5.15.0-101-generic 5.15.0-101.111~20.04.1 ProcVersionSignature: Ubuntu 5.15.0-100.110~20.04.1-generic 5.15.143 Uname: Linux 5.15.0-100-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.27 Architecture: amd64 CasperMD5CheckResult: skip Date: Wed Mar 27 14:15:47 2024 ErrorMessage: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1 InstallationDate: Installed on 2024-02-14 (42 days ago) InstallationMedia: Ubuntu 20.04.6 LTS "Focal Fossa" - Release amd64 (20230316) Python3Details: /usr/bin/python3.8, Python 3.8.10, python3-minimal, 3.8.2-0ubuntu2 PythonDetails: N/A RelatedPackageVersions: dpkg 1.19.7ubuntu3.2 apt 2.0.10 SourcePackage: initramfs-tools Title: package linux-image-5.15.0-101-generic 5.15.0-101.111~20.04.1 failed to install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2059224/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2060900] Re: gst-plugin-scanner crashed with SIGABRT in __assert_fail_base()
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Attachment removed: "CoreDump.gz" https://bugs.launchpad.net/ubuntu/+source/gstreamer1.0/+bug/2060900/+attachment/5763572/+files/CoreDump.gz ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gstreamer1.0 in Ubuntu. https://bugs.launchpad.net/bugs/2060900 Title: gst-plugin-scanner crashed with SIGABRT in __assert_fail_base() Status in gstreamer1.0 package in Ubuntu: New Bug description: this give me error from some files ProblemType: Crash DistroRelease: Ubuntu 24.04 Package: libgstreamer1.0-0 1.24.1-1build1 ProcVersionSignature: Ubuntu 6.8.0-11.11-generic 6.8.0-rc4 Uname: Linux 6.8.0-11-generic x86_64 ApportVersion: 2.28.0-0ubuntu1 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: KDE Date: Thu Apr 11 11:07:09 2024 ExecutablePath: /usr/lib/x86_64-linux-gnu/gstreamer1.0/gstreamer-1.0/gst-plugin-scanner InstallationDate: Installed on 2024-04-04 (7 days ago) InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Daily amd64 (20240323) ProcCmdline: /usr/lib/x86_64-linux-gnu/../../lib/x86_64-linux-gnu/gstreamer1.0/gstreamer-1.0/gst-plugin-scanner -l /usr/bin/rhythmbox ProcEnviron: LANG=en_US.UTF-8 PATH=(custom, no user) SHELL=/bin/bash XDG_RUNTIME_DIR= RebootRequiredPkgs: Error: path contained symlinks. Signal: 6 SignalName: SIGABRT SourcePackage: gstreamer1.0 StacktraceTop: __assert_fail_base (fmt=0x702a92dd01e8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x702a7b4e1c90 "subsampling == SUBSAMPLE_YUV420 || subsampling == SUBSAMPLE_YUV422H || subsampling == SUBSAMPLE_YUV422V || subsampling == SUBSAMPLE_RGBX", file=file@entry=0x702a7b4e44b6 "i965_drv_video.c", line=line@entry=4653, function=function@entry=0x702a7b511600 "i965_check_alloc_surface_bo") at ./assert/assert.c:94 __assert_fail (assertion=0x702a7b4e1c90 "subsampling == SUBSAMPLE_YUV420 || subsampling == SUBSAMPLE_YUV422H || subsampling == SUBSAMPLE_YUV422V || subsampling == SUBSAMPLE_RGBX", file=0x702a7b4e44b6 "i965_drv_video.c", line=4653, function=0x702a7b511600 "i965_check_alloc_surface_bo") at ./assert/assert.c:103 ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_drv_video.so ?? () from /usr/lib/x86_64-linux-gnu/dri/i965_drv_video.so vaCreateSurfaces () from /lib/x86_64-linux-gnu/libva.so.2 Title: gst-plugin-scanner crashed with SIGABRT in __assert_fail_base() UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sudo users separator: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gstreamer1.0/+bug/2060900/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2060906] Re: attempt to add opensc using modutil suddenly fails
@adampankow: the bug only applied to focal and jammy, which are marked as "fix released", the "invalid" task is the development release noble, which isn't affected by this bug. This looks a bit odd, but it's how launchpad bugs work. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/2060906 Title: attempt to add opensc using modutil suddenly fails Status in nss package in Ubuntu: Invalid Status in nss source package in Focal: Fix Released Status in nss source package in Jammy: Fix Released Bug description: The following command to add the OpenSC PKCS11 module for use in, eg, Chrome fails: modutil -dbdir sql:$HOME/.pki/nssdb -add "OpenSC" -libfile /usr/lib/opensc-pkcs11.so This has worked for me several times in the past, but today Chrome stopped detecting my smart card and when I tried to re-initialize ~/.pki/nssdb and re-add OpenSC using the command above, I received the following error: ERROR: Failed to add module "OpenSC". Probable cause : "Unknown code ___P 3". To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2060906/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2060906] Re: attempt to add opensc using modutil suddenly fails
https://ubuntu.com/security/notices/USN-6727-2 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/2060906 Title: attempt to add opensc using modutil suddenly fails Status in nss package in Ubuntu: Invalid Status in nss source package in Focal: Fix Released Status in nss source package in Jammy: Fix Released Bug description: The following command to add the OpenSC PKCS11 module for use in, eg, Chrome fails: modutil -dbdir sql:$HOME/.pki/nssdb -add "OpenSC" -libfile /usr/lib/opensc-pkcs11.so This has worked for me several times in the past, but today Chrome stopped detecting my smart card and when I tried to re-initialize ~/.pki/nssdb and re-add OpenSC using the command above, I received the following error: ERROR: Failed to add module "OpenSC". Probable cause : "Unknown code ___P 3". To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2060906/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2060906] Re: attempt to add opensc using modutil suddenly fails
** Changed in: nss (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/2060906 Title: attempt to add opensc using modutil suddenly fails Status in nss package in Ubuntu: Invalid Status in nss source package in Focal: Fix Released Status in nss source package in Jammy: Fix Released Bug description: The following command to add the OpenSC PKCS11 module for use in, eg, Chrome fails: modutil -dbdir sql:$HOME/.pki/nssdb -add "OpenSC" -libfile /usr/lib/opensc-pkcs11.so This has worked for me several times in the past, but today Chrome stopped detecting my smart card and when I tried to re-initialize ~/.pki/nssdb and re-add OpenSC using the command above, I received the following error: ERROR: Failed to add module "OpenSC". Probable cause : "Unknown code ___P 3". To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2060906/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2060906] Re: attempt to add opensc using modutil suddenly fails
Thanks for testing, I'll publish the regression fix as soon as all archs have finished building. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/2060906 Title: attempt to add opensc using modutil suddenly fails Status in nss package in Ubuntu: Confirmed Status in nss source package in Focal: In Progress Status in nss source package in Jammy: In Progress Bug description: The following command to add the OpenSC PKCS11 module for use in, eg, Chrome fails: modutil -dbdir sql:$HOME/.pki/nssdb -add "OpenSC" -libfile /usr/lib/opensc-pkcs11.so This has worked for me several times in the past, but today Chrome stopped detecting my smart card and when I tried to re-initialize ~/.pki/nssdb and re-add OpenSC using the command above, I received the following error: ERROR: Failed to add module "OpenSC". Probable cause : "Unknown code ___P 3". To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2060906/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2060906] Re: attempt to add opensc using modutil suddenly fails
I have uploaded packages that fix this issue for focal and jammy to the security team PPA here: https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/+packages Once they have finished building, please test them to make sure they fix the issue for you, and I will publish them as a security regression fix this afternoon. Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/2060906 Title: attempt to add opensc using modutil suddenly fails Status in nss package in Ubuntu: Confirmed Status in nss source package in Focal: In Progress Status in nss source package in Jammy: In Progress Bug description: The following command to add the OpenSC PKCS11 module for use in, eg, Chrome fails: modutil -dbdir sql:$HOME/.pki/nssdb -add "OpenSC" -libfile /usr/lib/opensc-pkcs11.so This has worked for me several times in the past, but today Chrome stopped detecting my smart card and when I tried to re-initialize ~/.pki/nssdb and re-add OpenSC using the command above, I received the following error: ERROR: Failed to add module "OpenSC". Probable cause : "Unknown code ___P 3". To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2060906/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2060906] Re: attempt to add opensc using modutil suddenly fails
Thanks for reporting this issue, I am currently investigating and will have an updated package for testing soon. ** Also affects: nss (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: nss (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: nss (Ubuntu Focal) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: nss (Ubuntu Jammy) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: nss (Ubuntu Focal) Status: New => In Progress ** Changed in: nss (Ubuntu Jammy) Status: New => In Progress ** Changed in: nss (Ubuntu Focal) Importance: Undecided => Critical ** Changed in: nss (Ubuntu Jammy) Importance: Undecided => Critical -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/2060906 Title: attempt to add opensc using modutil suddenly fails Status in nss package in Ubuntu: Confirmed Status in nss source package in Focal: In Progress Status in nss source package in Jammy: In Progress Bug description: The following command to add the OpenSC PKCS11 module for use in, eg, Chrome fails: modutil -dbdir sql:$HOME/.pki/nssdb -add "OpenSC" -libfile /usr/lib/opensc-pkcs11.so This has worked for me several times in the past, but today Chrome stopped detecting my smart card and when I tried to re-initialize ~/.pki/nssdb and re-add OpenSC using the command above, I received the following error: ERROR: Failed to add module "OpenSC". Probabl cause : "Unknown code ___P 3". To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2060906/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2060968] Re: SafeNet Authentication Client eToken driver error
*** This bug is a duplicate of bug 2060906 *** https://bugs.launchpad.net/bugs/2060906 This is the same core issue as bug #2060906, so marking as a duplicate, please follow the progress in that bug. Thanks! ** This bug has been marked a duplicate of bug 2060906 attempt to add opensc using modutil suddenly fails -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/2060968 Title: SafeNet Authentication Client eToken driver error Status in nss package in Ubuntu: New Bug description: SafeNet Authentication Client eToken driver (libeTPkcs11.so) throws error when I try to add him through libnss3-tool -add: modutil -dbdir:$HOME/.pki/nssdb -add "eToken" -libfile /usr/lib/libeTPkcs11.so ERROR: Failed to add module "eToken". Probabl cause : "Unknown code ___P 3" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2060968/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2060968] Re: SafeNet Authentication Client eToken driver error
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/2060968 Title: SafeNet Authentication Client eToken driver error Status in nss package in Ubuntu: New Bug description: SafeNet Authentication Client eToken driver (libeTPkcs11.so) throws error when I try to add him through libnss3-tool -add: modutil -dbdir:$HOME/.pki/nssdb -add "eToken" -libfile /usr/lib/libeTPkcs11.so ERROR: Failed to add module "eToken". Probabl cause : "Unknown code ___P 3" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2060968/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2060906] Re: attempt to add opensc using modutil suddenly fails
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/2060906 Title: attempt to add opensc using modutil suddenly fails Status in nss package in Ubuntu: Confirmed Bug description: The following command to add the OpenSC PKCS11 module for use in, eg, Chrome fails: modutil -dbdir sql:$HOME/.pki/nssdb -add "OpenSC" -libfile /usr/lib/opensc-pkcs11.so This has worked for me several times in the past, but today Chrome stopped detecting my smart card and when I tried to re-initialize ~/.pki/nssdb and re-add OpenSC using the command above, I received the following error: ERROR: Failed to add module "OpenSC". Probabl cause : "Unknown code ___P 3". To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2060906/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1597017] Re: mount rules grant excessive permissions
FYI This is now in the jammy and focal upload queues to go to -proposed. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1597017 Title: mount rules grant excessive permissions Status in AppArmor: Fix Released Status in apparmor package in Ubuntu: Fix Released Status in apparmor source package in Focal: In Progress Status in apparmor source package in Jammy: In Progress Bug description: The rule mount options=(rw,make-slave) -> **, ends up allowing mount -t proc proc /mnt which it shouldn't as it should be restricted to commands with a make- slave flag To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1597017/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2058743] Re: systemd local DNS tests failing with timeout
It appears most of the systemd autopkgtest failures are because of this flaky test: https://autopkgtest.ubuntu.com/packages/systemd/jammy/amd64 The effort required to manually retrigger systemd autopkgtests because of that flaky test is substantial. We should disable that particular test unless someone manages to fix it properly. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2058743 Title: systemd local DNS tests failing with timeout Status in dnsmasq package in Ubuntu: New Status in systemd package in Ubuntu: New Bug description: Investigations done in 22.04/Jammy but may be affecting other series, too. The dnsmasq package recently was updated from 2.86-1.1ubuntu0.5 to 2.90-0ubuntu0.22.04.1. This seems to have brought back the same issue reported in bug #1957086. Sounds like both have interaction issues. To reproduce: $ pull-lp-source systemd jammy # Install test deps $ sudo apt install systemd udev libpam-systemd libnss-systemd acl locales evemu-tools python3 pkg-config cryptsetup-bin systemd-sysv policykit-1 dnsmasq-base $ cd systemd-249.11/test/ $ sudo ./networkd-test.py == ERROR: test_resolved_domain_restricted_dns (__main__.DnsmasqClientTest) resolved: domain-restricted DNS servers -- Traceback (most recent call last): File "/home/ubuntu/systemd-249.11/test/./networkd-test.py", line 678, in test_resolved_domain_restricted_dns out = subprocess.check_output(['resolvectl', 'query', 'math.lab']) File "/usr/lib/python3.10/subprocess.py", line 421, in check_output return run(*popenargs, stdout=PIPE, timeout=timeout, check=True, File "/usr/lib/python3.10/subprocess.py", line 526, in run raise CalledProcessError(retcode, process.args, subprocess.CalledProcessError: Command '['resolvectl', 'query', 'math.lab']' returned non-zero exit status 1. -- Ran 35 tests in 252.167s To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2058743/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2058743] Re: systemd local DNS tests failing with timeout
The same issue was present with the old dnsmasq package...for example: https://autopkgtest.ubuntu.com/results/autopkgtest- jammy/jammy/amd64/s/systemd/20240224_133847_88f29@/log.gz -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2058743 Title: systemd local DNS tests failing with timeout Status in dnsmasq package in Ubuntu: New Bug description: Investigations done in 22.04/Jammy but may be affecting other series, too. The dnsmasq package recently was updated from 2.86-1.1ubuntu0.5 to 2.90-0ubuntu0.22.04.1. This seems to have brought back the same issue reported in bug #1957086. Sounds like both have interaction issues. To reproduce: $ pull-lp-source systemd jammy # Install test deps $ sudo apt install systemd udev libpam-systemd libnss-systemd acl locales evemu-tools python3 pkg-config cryptsetup-bin systemd-sysv policykit-1 dnsmasq-base $ cd systemd-249.11/test/ $ sudo ./networkd-test.py == ERROR: test_resolved_domain_restricted_dns (__main__.DnsmasqClientTest) resolved: domain-restricted DNS servers -- Traceback (most recent call last): File "/home/ubuntu/systemd-249.11/test/./networkd-test.py", line 678, in test_resolved_domain_restricted_dns out = subprocess.check_output(['resolvectl', 'query', 'math.lab']) File "/usr/lib/python3.10/subprocess.py", line 421, in check_output return run(*popenargs, stdout=PIPE, timeout=timeout, check=True, File "/usr/lib/python3.10/subprocess.py", line 526, in run raise CalledProcessError(retcode, process.args, subprocess.CalledProcessError: Command '['resolvectl', 'query', 'math.lab']' returned non-zero exit status 1. -- Ran 35 tests in 252.167s To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2058743/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2058053] Re: Change sudo compile options from --with-all-insults to --with-pc-insults
I've filed the upstream bug and have linked it here, please ignore my comment #6. ** Bug watch added: bugzilla.sudo.ws/ #1068 http://bugzilla.sudo.ws/show_bug.cgi?id=1068 ** Also affects: sudo via http://bugzilla.sudo.ws/show_bug.cgi?id=1068 Importance: Unknown Status: Unknown ** Also affects: sudo (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: sudo (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: sudo (Ubuntu Mantic) Importance: Undecided Status: New ** Also affects: sudo (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: sudo (Ubuntu Focal) Status: New => Confirmed ** Changed in: sudo (Ubuntu Jammy) Status: New => Confirmed ** Changed in: sudo (Ubuntu Mantic) Status: New => Confirmed ** Changed in: sudo (Ubuntu Noble) Status: New => Confirmed ** Changed in: sudo (Ubuntu Noble) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/2058053 Title: Change sudo compile options from --with-all-insults to --with-pc- insults Status in sudo: Unknown Status in sudo package in Ubuntu: Confirmed Status in sudo source package in Focal: Confirmed Status in sudo source package in Jammy: Confirmed Status in sudo source package in Mantic: Confirmed Status in sudo source package in Noble: Confirmed Bug description: Tame as they might be, I'd like to continue using "Defaults insults" without any risk of upsetting anyone (and without having to maintain our own package version.) Would the safe insults version at compile time "--with-pc-insults" be a sensible default for all? Current as of Jammy, but looks like it's still the default compile option across the board Version: 1.9.9-1ubuntu2 Current behaviour : Enabling includes the "not PC" insults Expected behaviour : Insults would default to "PC" To manage notifications about this bug go to: https://bugs.launchpad.net/sudo/+bug/2058053/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2058053] Re: Change sudo compile options from --with-all-insults to --with-pc-insults
I'll fix this issue in noble. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/2058053 Title: Change sudo compile options from --with-all-insults to --with-pc- insults Status in sudo package in Ubuntu: New Bug description: Tame as they might be, I'd like to continue using "Defaults insults" without any risk of upsetting anyone (and without having to maintain our own package version.) Would the safe insults version at compile time "--with-pc-insults" be a sensible default for all? Current as of Jammy, but looks like it's still the default compile option across the board Version: 1.9.9-1ubuntu2 Current behaviour : Enabling includes the "not PC" insults Expected behaviour : Insults would default to "PC" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2058053/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2058053] Re: Change sudo compile options from --with-all-insults to --with-pc-insults
Could you please file a bug upstream about the missing change, and let us know the bug number? https://bugzilla.sudo.ws/index.cgi -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/2058053 Title: Change sudo compile options from --with-all-insults to --with-pc- insults Status in sudo package in Ubuntu: New Bug description: Tame as they might be, I'd like to continue using "Defaults insults" without any risk of upsetting anyone (and without having to maintain our own package version.) Would the safe insults version at compile time "--with-pc-insults" be a sensible default for all? Current as of Jammy, but looks like it's still the default compile option across the board Version: 1.9.9-1ubuntu2 Current behaviour : Enabling includes the "not PC" insults Expected behaviour : Insults would default to "PC" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2058053/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2058053] Re: Change sudo compile options from --with-all-insults to --with-pc-insults
Actually, I think you're right, the brains one does seem to be included because while that upstream patch does do the following to plugins/sudoers/ins_classic.h, it didn't apply the same change to plugins/sudoers/ins_csops.h: -#ifdef PC_INSULTS +#ifndef OFFENSIVE_INSULTS -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/2058053 Title: Change sudo compile options from --with-all-insults to --with-pc- insults Status in sudo package in Ubuntu: New Bug description: Tame as they might be, I'd like to continue using "Defaults insults" without any risk of upsetting anyone (and without having to maintain our own package version.) Would the safe insults version at compile time "--with-pc-insults" be a sensible default for all? Current as of Jammy, but looks like it's still the default compile option across the board Version: 1.9.9-1ubuntu2 Current behaviour : Enabling includes the "not PC" insults Expected behaviour : Insults would default to "PC" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2058053/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2058053] Re: Change sudo compile options from --with-all-insults to --with-pc-insults
Great, I'll leave this bug open for now. Please let us know if there is anything that is enabled that shouldn't be. Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/2058053 Title: Change sudo compile options from --with-all-insults to --with-pc- insults Status in sudo package in Ubuntu: New Bug description: Tame as they might be, I'd like to continue using "Defaults insults" without any risk of upsetting anyone (and without having to maintain our own package version.) Would the safe insults version at compile time "--with-pc-insults" be a sensible default for all? Current as of Jammy, but looks like it's still the default compile option across the board Version: 1.9.9-1ubuntu2 Current behaviour : Enabling includes the "not PC" insults Expected behaviour : Insults would default to "PC" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2058053/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2058053] Re: Change sudo compile options from --with-all-insults to --with-pc-insults
I'm not sure I understand this bug, the --with-pc-insults option is deprecated since 2017-09-18 as it is the default option. The noble package doesn't use --enable-offensive-insults. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/2058053 Title: Change sudo compile options from --with-all-insults to --with-pc- insults Status in sudo package in Ubuntu: New Bug description: Tame as they might be, I'd like to continue using "Defaults insults" without any risk of upsetting anyone (and without having to maintain our own package version.) Would the safe insults version at compile time "--with-pc-insults" be a sensible default for all? Current as of Jammy, but looks like it's still the default compile option across the board Version: 1.9.9-1ubuntu2 Current behaviour : Enabling includes the "not PC" insults Expected behaviour : Insults would default to "PC" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2058053/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.
I am marking this bug as "invalid" per your last comment. Thanks! ** Changed in: dnsmasq (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2055776 Title: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Status in dnsmasq package in Ubuntu: Invalid Bug description: phenomenon: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Cause: This is because the following dnsmasq update operation performed by apt's automatic update causes an error. It worked properly with dnsmasq 2.80, but does not work properly with 2.90. $ cat /var/log/apt/history.log (snip) Start-Date: 2024-02-27 06:17:31 Commandline: /usr/bin/unattended-upgrade Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1) End-Date: 2024-02-27 06:17:44 (snip) $ Cause details: As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below is an example. $ cat default.conf ##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE ##OVERWRITTEN AND LOST. Changes to this configuration should be made using: ##virsh net-edit default ## or other application using the libvirt API. ## ## dnsmasq conf file created by libvirt strict-order user=libvirt-dnsmasq pid-file=/run/libvirt/network/default.pid except-interface=lo bind-dynamic interface=virbr0 dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0 dhcp-no-override dhcp-authoritative dhcp-lease-max=253 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts $ When starting the network with KVM (virsh net-start), dnsmasq started from KVM executes the make_sock function twice as shown below. $ cat network.c (snip) 1087 static struct listener *create_listeners(union mysockaddr *addr, int do_ 1087 tftp, int dienow) 1088 { 1089 struct listener *l = NULL; 1090 int fd = -1, tcpfd = -1, tftpfd = -1; 1091 1092 (void)do_tftp; 1093 1094 if (daemon->port != 0) 1095 { 1096 fd = make_sock(addr, SOCK_DGRAM, dienow); 1097 tcpfd = make_sock(addr, SOCK_STREAM, dienow); 1098 } (snip) The following code causes an issue with the update made in dnsmasq 2.90. $ cat network.c (snip) 895 static int make_sock(union mysockaddr *addr, int type, int dienow) 896 { (snip) 934 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) 935 { 936 if (dienow) 937 die(s, daemon->addrbuff, EC_BADNET); 938 else 939 my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno))939 ; 940 } (snip) function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24, and then make_sock in network.c:1097 tries to bind to the same address. However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so dnsmasq does not cause a startup error. As a result, virsh net-start fails. As a temporary workaround, it will work if you try not to die. $ diff -u network_c_back network.c --- network_c_back 2024-02-29 15:36:05.156467935 + +++ network.c 2024-02-29 15:36:38.733324350 + @@ -934,7 +934,8 @@ if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) { if (dienow) - die(s, daemon->addrbuff, EC_BADNET); + my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); + //die(s, daemon->addrbuff, EC_BADNET); else my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); } $ If bind-dynamic is set, it should be modified so that it works even if errno==98. For reference, in the case of dnsmasq 2.80, the code is as follows, so no error occurs. network.c 699 static int make_sock(union mysockaddr *addr, int type, int dienow) 700 { 701 int family = addr->sa.sa_family; 702 int fd, rc, opt = 1; (snip) 715 err: 716 errsave = errno; 717 port = prettyprint_addr(addr, daemon->addrbuff); 718 if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND)) 719 sprintf(daemon->addrbuff, "port %d", port); 720 s = _("failed to create listening socket for %s: %s"); 721 722 if (fd != -1) 723 close (fd); 724 725 errno = errsave; 726 727 if (dienow) 728 { 729 /* failure to bind addresses given by --listen-address at this 729 point 730 is OK if we're doing bind-dynamic */
[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.
By default bind will listen on all interfaces. I don't understand why we're not seeing anything listening on 192.168.122.1 but you are still getting the error message. I suggest adding a listen-on directive to your /etc/bind/named.conf.options file, restarting bind, and seeing if libvirt will now successfully listen on virbr0. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2055776 Title: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Status in dnsmasq package in Ubuntu: New Bug description: phenomenon: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Cause: This is because the following dnsmasq update operation performed by apt's automatic update causes an error. It worked properly with dnsmasq 2.80, but does not work properly with 2.90. $ cat /var/log/apt/history.log (snip) Start-Date: 2024-02-27 06:17:31 Commandline: /usr/bin/unattended-upgrade Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1) End-Date: 2024-02-27 06:17:44 (snip) $ Cause details: As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below is an example. $ cat default.conf ##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE ##OVERWRITTEN AND LOST. Changes to this configuration should be made using: ##virsh net-edit default ## or other application using the libvirt API. ## ## dnsmasq conf file created by libvirt strict-order user=libvirt-dnsmasq pid-file=/run/libvirt/network/default.pid except-interface=lo bind-dynamic interface=virbr0 dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0 dhcp-no-override dhcp-authoritative dhcp-lease-max=253 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts $ When starting the network with KVM (virsh net-start), dnsmasq started from KVM executes the make_sock function twice as shown below. $ cat network.c (snip) 1087 static struct listener *create_listeners(union mysockaddr *addr, int do_ 1087 tftp, int dienow) 1088 { 1089 struct listener *l = NULL; 1090 int fd = -1, tcpfd = -1, tftpfd = -1; 1091 1092 (void)do_tftp; 1093 1094 if (daemon->port != 0) 1095 { 1096 fd = make_sock(addr, SOCK_DGRAM, dienow); 1097 tcpfd = make_sock(addr, SOCK_STREAM, dienow); 1098 } (snip) The following code causes an issue with the update made in dnsmasq 2.90. $ cat network.c (snip) 895 static int make_sock(union mysockaddr *addr, int type, int dienow) 896 { (snip) 934 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) 935 { 936 if (dienow) 937 die(s, daemon->addrbuff, EC_BADNET); 938 else 939 my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno))939 ; 940 } (snip) function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24, and then make_sock in network.c:1097 tries to bind to the same address. However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so dnsmasq does not cause a startup error. As a result, virsh net-start fails. As a temporary workaround, it will work if you try not to die. $ diff -u network_c_back network.c --- network_c_back 2024-02-29 15:36:05.156467935 + +++ network.c 2024-02-29 15:36:38.733324350 + @@ -934,7 +934,8 @@ if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) { if (dienow) - die(s, daemon->addrbuff, EC_BADNET); + my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); + //die(s, daemon->addrbuff, EC_BADNET); else my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); } $ If bind-dynamic is set, it should be modified so that it works even if errno==98. For reference, in the case of dnsmasq 2.80, the code is as follows, so no error occurs. network.c 699 static int make_sock(union mysockaddr *addr, int type, int dienow) 700 { 701 int family = addr->sa.sa_family; 702 int fd, rc, opt = 1; (snip) 715 err: 716 errsave = errno; 717 port = prettyprint_addr(addr, daemon->addrbuff); 718 if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND)) 719 sprintf(daemon->addrbuff, "port %d", port); 720 s = _("failed to create listening socket for %s: %s"); 721 722 if (fd != -1) 723 close (fd); 724 725 errno = errsave; 726 727
[Touch-packages] [Bug 2055455] Re: dnsmasq-base causes network device virbr0 to shut down
That is great news, I'm glad we've identified the root cause of the problem and you have successfully resolved it. I will mark this bug as invalid since, while the dnsmasq update did change behaviour, the behaviour change revealed a configuration issue rather than being an actual regression. Thanks! ** Changed in: dnsmasq (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2055455 Title: dnsmasq-base causes network device virbr0 to shut down Status in dnsmasq package in Ubuntu: Invalid Bug description: Installing dnsmasq-base v2.90-0ubuntu0.22.04.1 causes network device virbr0 to shut down during the boot-up process. Device virbr0 is installed by the libvirtd daemon. libvirtd gets an unexpected error when dnsmasq is called and then the address record for virbr0 is withdrawn. This problem goes away when reverting back to dnsmasq-base v2.86-1.1 The attached text file provides relevant status reports which illustrate this problem. (status is shown for the system when using dnsmasq-base v2.90-0ubuntu0.22.04.1 when the problem occurs and then when the system operates correctly using dnsmasq-base v2.86-1.1) ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: dnsmasq-base 2.90-0ubuntu0.22.04.1 ProcVersionSignature: Ubuntu 5.15.0-60.66-generic 5.15.78 Uname: Linux 5.15.0-60-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: ubuntu:GNOME Date: Thu Feb 29 10:29:20 2024 InstallationDate: Installed on 2018-10-08 (1970 days ago) InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: dnsmasq UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2055455/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2055455] Re: dnsmasq-base causes network device virbr0 to shut down
So, it looks like you are running bind on this machine, and bind is listening on port 53 UDP: udp0 0 192.168.122.1:530.0.0.0:* 1521/named The old dnsmasq would ignore the error when it couldn't bind to a port, but the new dnsmasq will fail if the port is already used, which makes sense. Perhaps you need to configure bind to not listen on the 192.168.122.1 interface... -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2055455 Title: dnsmasq-base causes network device virbr0 to shut down Status in dnsmasq package in Ubuntu: New Bug description: Installing dnsmasq-base v2.90-0ubuntu0.22.04.1 causes network device virbr0 to shut down during the boot-up process. Device virbr0 is installed by the libvirtd daemon. libvirtd gets an unexpected error when dnsmasq is called and then the address record for virbr0 is withdrawn. This problem goes away when reverting back to dnsmasq-base v2.86-1.1 The attached text file provides relevant status reports which illustrate this problem. (status is shown for the system when using dnsmasq-base v2.90-0ubuntu0.22.04.1 when the problem occurs and then when the system operates correctly using dnsmasq-base v2.86-1.1) ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: dnsmasq-base 2.90-0ubuntu0.22.04.1 ProcVersionSignature: Ubuntu 5.15.0-60.66-generic 5.15.78 Uname: Linux 5.15.0-60-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: ubuntu:GNOME Date: Thu Feb 29 10:29:20 2024 InstallationDate: Installed on 2018-10-08 (1970 days ago) InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: dnsmasq UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2055455/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2055455] Re: dnsmasq-base causes network device virbr0 to shut down
What's the output of "sudo netstat --tcp --udp --listening --programs --numeric"? Thanks! ** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2055455 Title: dnsmasq-base causes network device virbr0 to shut down Status in dnsmasq package in Ubuntu: New Bug description: Installing dnsmasq-base v2.90-0ubuntu0.22.04.1 causes network device virbr0 to shut down during the boot-up process. Device virbr0 is installed by the libvirtd daemon. libvirtd gets an unexpected error when dnsmasq is called and then the address record for virbr0 is withdrawn. This problem goes away when reverting back to dnsmasq-base v2.86-1.1 The attached text file provides relevant status reports which illustrate this problem. (status is shown for the system when using dnsmasq-base v2.90-0ubuntu0.22.04.1 when the problem occurs and then when the system operates correctly using dnsmasq-base v2.86-1.1) ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: dnsmasq-base 2.90-0ubuntu0.22.04.1 ProcVersionSignature: Ubuntu 5.15.0-60.66-generic 5.15.78 Uname: Linux 5.15.0-60-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: ubuntu:GNOME Date: Thu Feb 29 10:29:20 2024 InstallationDate: Installed on 2018-10-08 (1970 days ago) InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: dnsmasq UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2055455/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2055776 Title: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Status in dnsmasq package in Ubuntu: New Bug description: phenomenon: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Cause: This is because the following dnsmasq update operation performed by apt's automatic update causes an error. It worked properly with dnsmasq 2.80, but does not work properly with 2.90. $ cat /var/log/apt/history.log (snip) Start-Date: 2024-02-27 06:17:31 Commandline: /usr/bin/unattended-upgrade Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1) End-Date: 2024-02-27 06:17:44 (snip) $ Cause details: As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below is an example. $ cat default.conf ##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE ##OVERWRITTEN AND LOST. Changes to this configuration should be made using: ##virsh net-edit default ## or other application using the libvirt API. ## ## dnsmasq conf file created by libvirt strict-order user=libvirt-dnsmasq pid-file=/run/libvirt/network/default.pid except-interface=lo bind-dynamic interface=virbr0 dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0 dhcp-no-override dhcp-authoritative dhcp-lease-max=253 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts $ When starting the network with KVM (virsh net-start), dnsmasq started from KVM executes the make_sock function twice as shown below. $ cat network.c (snip) 1087 static struct listener *create_listeners(union mysockaddr *addr, int do_ 1087 tftp, int dienow) 1088 { 1089 struct listener *l = NULL; 1090 int fd = -1, tcpfd = -1, tftpfd = -1; 1091 1092 (void)do_tftp; 1093 1094 if (daemon->port != 0) 1095 { 1096 fd = make_sock(addr, SOCK_DGRAM, dienow); 1097 tcpfd = make_sock(addr, SOCK_STREAM, dienow); 1098 } (snip) The following code causes an issue with the update made in dnsmasq 2.90. $ cat network.c (snip) 895 static int make_sock(union mysockaddr *addr, int type, int dienow) 896 { (snip) 934 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) 935 { 936 if (dienow) 937 die(s, daemon->addrbuff, EC_BADNET); 938 else 939 my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno))939 ; 940 } (snip) function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24, and then make_sock in network.c:1097 tries to bind to the same address. However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so dnsmasq does not cause a startup error. As a result, virsh net-start fails. As a temporary workaround, it will work if you try not to die. $ diff -u network_c_back network.c --- network_c_back 2024-02-29 15:36:05.156467935 + +++ network.c 2024-02-29 15:36:38.733324350 + @@ -934,7 +934,8 @@ if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) { if (dienow) - die(s, daemon->addrbuff, EC_BADNET); + my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); + //die(s, daemon->addrbuff, EC_BADNET); else my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); } $ If bind-dynamic is set, it should be modified so that it works even if errno==98. For reference, in the case of dnsmasq 2.80, the code is as follows, so no error occurs. network.c 699 static int make_sock(union mysockaddr *addr, int type, int dienow) 700 { 701 int family = addr->sa.sa_family; 702 int fd, rc, opt = 1; (snip) 715 err: 716 errsave = errno; 717 port = prettyprint_addr(addr, daemon->addrbuff); 718 if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND)) 719 sprintf(daemon->addrbuff, "port %d", port); 720 s = _("failed to create listening socket for %s: %s"); 721 722 if (fd != -1) 723 close (fd); 724 725 errno = errsave; 726 727 if (dienow) 728 { 729 /* failure to bind addresses given by --listen-address at this 729 point 730 is OK if we're doing bind-dynamic */ 731 if (!option_bool(OPT_CLEVERBIND)) 732
[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.
Do you know what else could be listening on that interface? What's the output of "netstat --tcp --udp --listening --programs --numeric"? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2055776 Title: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Status in dnsmasq package in Ubuntu: New Bug description: phenomenon: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Cause: This is because the following dnsmasq update operation performed by apt's automatic update causes an error. It worked properly with dnsmasq 2.80, but does not work properly with 2.90. $ cat /var/log/apt/history.log (snip) Start-Date: 2024-02-27 06:17:31 Commandline: /usr/bin/unattended-upgrade Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1) End-Date: 2024-02-27 06:17:44 (snip) $ Cause details: As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below is an example. $ cat default.conf ##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE ##OVERWRITTEN AND LOST. Changes to this configuration should be made using: ##virsh net-edit default ## or other application using the libvirt API. ## ## dnsmasq conf file created by libvirt strict-order user=libvirt-dnsmasq pid-file=/run/libvirt/network/default.pid except-interface=lo bind-dynamic interface=virbr0 dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0 dhcp-no-override dhcp-authoritative dhcp-lease-max=253 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts $ When starting the network with KVM (virsh net-start), dnsmasq started from KVM executes the make_sock function twice as shown below. $ cat network.c (snip) 1087 static struct listener *create_listeners(union mysockaddr *addr, int do_ 1087 tftp, int dienow) 1088 { 1089 struct listener *l = NULL; 1090 int fd = -1, tcpfd = -1, tftpfd = -1; 1091 1092 (void)do_tftp; 1093 1094 if (daemon->port != 0) 1095 { 1096 fd = make_sock(addr, SOCK_DGRAM, dienow); 1097 tcpfd = make_sock(addr, SOCK_STREAM, dienow); 1098 } (snip) The following code causes an issue with the update made in dnsmasq 2.90. $ cat network.c (snip) 895 static int make_sock(union mysockaddr *addr, int type, int dienow) 896 { (snip) 934 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) 935 { 936 if (dienow) 937 die(s, daemon->addrbuff, EC_BADNET); 938 else 939 my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno))939 ; 940 } (snip) function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24, and then make_sock in network.c:1097 tries to bind to the same address. However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so dnsmasq does not cause a startup error. As a result, virsh net-start fails. As a temporary workaround, it will work if you try not to die. $ diff -u network_c_back network.c --- network_c_back 2024-02-29 15:36:05.156467935 + +++ network.c 2024-02-29 15:36:38.733324350 + @@ -934,7 +934,8 @@ if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) { if (dienow) - die(s, daemon->addrbuff, EC_BADNET); + my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); + //die(s, daemon->addrbuff, EC_BADNET); else my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); } $ If bind-dynamic is set, it should be modified so that it works even if errno==98. For reference, in the case of dnsmasq 2.80, the code is as follows, so no error occurs. network.c 699 static int make_sock(union mysockaddr *addr, int type, int dienow) 700 { 701 int family = addr->sa.sa_family; 702 int fd, rc, opt = 1; (snip) 715 err: 716 errsave = errno; 717 port = prettyprint_addr(addr, daemon->addrbuff); 718 if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND)) 719 sprintf(daemon->addrbuff, "port %d", port); 720 s = _("failed to create listening socket for %s: %s"); 721 722 if (fd != -1) 723 close (fd); 724 725 errno = errsave; 726 727 if (dienow) 728 { 729 /* failure to bind addresses given by --listen-address at this 729 point 730 is OK if we're doing bind-dynami
[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.
I will prepare updates for testing with the problematic commit reverted. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2055776 Title: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Status in dnsmasq package in Ubuntu: New Bug description: phenomenon: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Cause: This is because the following dnsmasq update operation performed by apt's automatic update causes an error. It worked properly with dnsmasq 2.80, but does not work properly with 2.90. $ cat /var/log/apt/history.log (snip) Start-Date: 2024-02-27 06:17:31 Commandline: /usr/bin/unattended-upgrade Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1) End-Date: 2024-02-27 06:17:44 (snip) $ Cause details: As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below is an example. $ cat default.conf ##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE ##OVERWRITTEN AND LOST. Changes to this configuration should be made using: ##virsh net-edit default ## or other application using the libvirt API. ## ## dnsmasq conf file created by libvirt strict-order user=libvirt-dnsmasq pid-file=/run/libvirt/network/default.pid except-interface=lo bind-dynamic interface=virbr0 dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0 dhcp-no-override dhcp-authoritative dhcp-lease-max=253 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts $ When starting the network with KVM (virsh net-start), dnsmasq started from KVM executes the make_sock function twice as shown below. $ cat network.c (snip) 1087 static struct listener *create_listeners(union mysockaddr *addr, int do_ 1087 tftp, int dienow) 1088 { 1089 struct listener *l = NULL; 1090 int fd = -1, tcpfd = -1, tftpfd = -1; 1091 1092 (void)do_tftp; 1093 1094 if (daemon->port != 0) 1095 { 1096 fd = make_sock(addr, SOCK_DGRAM, dienow); 1097 tcpfd = make_sock(addr, SOCK_STREAM, dienow); 1098 } (snip) The following code causes an issue with the update made in dnsmasq 2.90. $ cat network.c (snip) 895 static int make_sock(union mysockaddr *addr, int type, int dienow) 896 { (snip) 934 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) 935 { 936 if (dienow) 937 die(s, daemon->addrbuff, EC_BADNET); 938 else 939 my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno))939 ; 940 } (snip) function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24, and then make_sock in network.c:1097 tries to bind to the same address. However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so dnsmasq does not cause a startup error. As a result, virsh net-start fails. As a temporary workaround, it will work if you try not to die. $ diff -u network_c_back network.c --- network_c_back 2024-02-29 15:36:05.156467935 + +++ network.c 2024-02-29 15:36:38.733324350 + @@ -934,7 +934,8 @@ if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) { if (dienow) - die(s, daemon->addrbuff, EC_BADNET); + my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); + //die(s, daemon->addrbuff, EC_BADNET); else my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); } $ If bind-dynamic is set, it should be modified so that it works even if errno==98. For reference, in the case of dnsmasq 2.80, the code is as follows, so no error occurs. network.c 699 static int make_sock(union mysockaddr *addr, int type, int dienow) 700 { 701 int family = addr->sa.sa_family; 702 int fd, rc, opt = 1; (snip) 715 err: 716 errsave = errno; 717 port = prettyprint_addr(addr, daemon->addrbuff); 718 if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND)) 719 sprintf(daemon->addrbuff, "port %d", port); 720 s = _("failed to create listening socket for %s: %s"); 721 722 if (fd != -1) 723 close (fd); 724 725 errno = errsave; 726 727 if (dienow) 728 { 729 /* failure to bind addresses given by --listen-address at this 729 point 730 is OK if we're doing bind-dynamic */ 731 if (!option_bool(OPT_CLEVERBIND))
[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.
Out of curiosity, what is the contents of your /etc/dnsmasq.d directory? Is there a symlink in there to /etc/dnsmasq.d-available/libvirt-daemon? What is the contents of that file? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2055776 Title: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Status in dnsmasq package in Ubuntu: New Bug description: phenomenon: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Cause: This is because the following dnsmasq update operation performed by apt's automatic update causes an error. It worked properly with dnsmasq 2.80, but does not work properly with 2.90. $ cat /var/log/apt/history.log (snip) Start-Date: 2024-02-27 06:17:31 Commandline: /usr/bin/unattended-upgrade Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1) End-Date: 2024-02-27 06:17:44 (snip) $ Cause details: As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below is an example. $ cat default.conf ##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE ##OVERWRITTEN AND LOST. Changes to this configuration should be made using: ##virsh net-edit default ## or other application using the libvirt API. ## ## dnsmasq conf file created by libvirt strict-order user=libvirt-dnsmasq pid-file=/run/libvirt/network/default.pid except-interface=lo bind-dynamic interface=virbr0 dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0 dhcp-no-override dhcp-authoritative dhcp-lease-max=253 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts $ When starting the network with KVM (virsh net-start), dnsmasq started from KVM executes the make_sock function twice as shown below. $ cat network.c (snip) 1087 static struct listener *create_listeners(union mysockaddr *addr, int do_ 1087 tftp, int dienow) 1088 { 1089 struct listener *l = NULL; 1090 int fd = -1, tcpfd = -1, tftpfd = -1; 1091 1092 (void)do_tftp; 1093 1094 if (daemon->port != 0) 1095 { 1096 fd = make_sock(addr, SOCK_DGRAM, dienow); 1097 tcpfd = make_sock(addr, SOCK_STREAM, dienow); 1098 } (snip) The following code causes an issue with the update made in dnsmasq 2.90. $ cat network.c (snip) 895 static int make_sock(union mysockaddr *addr, int type, int dienow) 896 { (snip) 934 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) 935 { 936 if (dienow) 937 die(s, daemon->addrbuff, EC_BADNET); 938 else 939 my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno))939 ; 940 } (snip) function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24, and then make_sock in network.c:1097 tries to bind to the same address. However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so dnsmasq does not cause a startup error. As a result, virsh net-start fails. As a temporary workaround, it will work if you try not to die. $ diff -u network_c_back network.c --- network_c_back 2024-02-29 15:36:05.156467935 + +++ network.c 2024-02-29 15:36:38.733324350 + @@ -934,7 +934,8 @@ if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) { if (dienow) - die(s, daemon->addrbuff, EC_BADNET); + my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); + //die(s, daemon->addrbuff, EC_BADNET); else my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); } $ If bind-dynamic is set, it should be modified so that it works even if errno==98. For reference, in the case of dnsmasq 2.80, the code is as follows, so no error occurs. network.c 699 static int make_sock(union mysockaddr *addr, int type, int dienow) 700 { 701 int family = addr->sa.sa_family; 702 int fd, rc, opt = 1; (snip) 715 err: 716 errsave = errno; 717 port = prettyprint_addr(addr, daemon->addrbuff); 718 if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND)) 719 sprintf(daemon->addrbuff, "port %d", port); 720 s = _("failed to create listening socket for %s: %s"); 721 722 if (fd != -1) 723 close (fd); 724 725 errno = errsave; 726 727 if (dienow) 728 { 729 /* failure to bind addresses given by --listen-address at this 729 point 730
[Touch-packages] [Bug 2055455] Re: dnsmasq-base causes network device virbr0 to shut down
This may be caused by the same issue as bug 2055776. I am preparing updated packages with the problematic commit reverted for testing. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2055455 Title: dnsmasq-base causes network device virbr0 to shut down Status in dnsmasq package in Ubuntu: New Bug description: Installing dnsmasq-base v2.90-0ubuntu0.22.04.1 causes network device virbr0 to shut down during the boot-up process. Device virbr0 is installed by the libvirtd daemon. libvirtd gets an unexpected error when dnsmasq is called and then the address record for virbr0 is withdrawn. This problem goes away when reverting back to dnsmasq-base v2.86-1.1 The attached text file provides relevant status reports which illustrate this problem. (status is shown for the system when using dnsmasq-base v2.90-0ubuntu0.22.04.1 when the problem occurs and then when the system operates correctly using dnsmasq-base v2.86-1.1) ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: dnsmasq-base 2.90-0ubuntu0.22.04.1 ProcVersionSignature: Ubuntu 5.15.0-60.66-generic 5.15.78 Uname: Linux 5.15.0-60-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: ubuntu:GNOME Date: Thu Feb 29 10:29:20 2024 InstallationDate: Installed on 2018-10-08 (1970 days ago) InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: dnsmasq UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2055455/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.
Thanks for filing this bug, and the excellent analysis. So it looks like the dnsmasq change was introduced here: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=744231d99505cdead314d13506b5ff8c44a13088 That was in response to this mailing list discussion: https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q4/017333.html I think we need to report this issue upstream, perhaps we can revert that commit in the meantime. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2055776 Title: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Status in dnsmasq package in Ubuntu: New Bug description: phenomenon: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Cause: This is because the following dnsmasq update operation performed by apt's automatic update causes an error. It worked properly with dnsmasq 2.80, but does not work properly with 2.90. $ cat /var/log/apt/history.log (snip) Start-Date: 2024-02-27 06:17:31 Commandline: /usr/bin/unattended-upgrade Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1) End-Date: 2024-02-27 06:17:44 (snip) $ Cause details: As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below is an example. $ cat default.conf ##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE ##OVERWRITTEN AND LOST. Changes to this configuration should be made using: ##virsh net-edit default ## or other application using the libvirt API. ## ## dnsmasq conf file created by libvirt strict-order user=libvirt-dnsmasq pid-file=/run/libvirt/network/default.pid except-interface=lo bind-dynamic interface=virbr0 dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0 dhcp-no-override dhcp-authoritative dhcp-lease-max=253 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts $ When starting the network with KVM (virsh net-start), dnsmasq started from KVM executes the make_sock function twice as shown below. $ cat network.c (snip) 1087 static struct listener *create_listeners(union mysockaddr *addr, int do_ 1087 tftp, int dienow) 1088 { 1089 struct listener *l = NULL; 1090 int fd = -1, tcpfd = -1, tftpfd = -1; 1091 1092 (void)do_tftp; 1093 1094 if (daemon->port != 0) 1095 { 1096 fd = make_sock(addr, SOCK_DGRAM, dienow); 1097 tcpfd = make_sock(addr, SOCK_STREAM, dienow); 1098 } (snip) The following code causes an issue with the update made in dnsmasq 2.90. $ cat network.c (snip) 895 static int make_sock(union mysockaddr *addr, int type, int dienow) 896 { (snip) 934 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) 935 { 936 if (dienow) 937 die(s, daemon->addrbuff, EC_BADNET); 938 else 939 my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno))939 ; 940 } (snip) function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24, and then make_sock in network.c:1097 tries to bind to the same address. However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so dnsmasq does not cause a startup error. As a result, virsh net-start fails. As a temporary workaround, it will work if you try not to die. $ diff -u network_c_back network.c --- network_c_back 2024-02-29 15:36:05.156467935 + +++ network.c 2024-02-29 15:36:38.733324350 + @@ -934,7 +934,8 @@ if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) { if (dienow) - die(s, daemon->addrbuff, EC_BADNET); + my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); + //die(s, daemon->addrbuff, EC_BADNET); else my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); } $ If bind-dynamic is set, it should be modified so that it works even if errno==98. For reference, in the case of dnsmasq 2.80, the code is as follows, so no error occurs. network.c 699 static int make_sock(union mysockaddr *addr, int type, int dienow) 700 { 701 int family = addr->sa.sa_family; 702 int fd, rc, opt = 1; (snip) 715 err: 716 errsave = errno; 717 port = prettyprint_addr(addr, daemon->addrbuff); 718 if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND)) 719 sprintf(daemon->addrbuff, "port %d", port); 720 s = _("failed to create listening socket for %s: %s"); 721 722 if
[Touch-packages] [Bug 2055455] Re: dnsmasq-base causes network device virbr0 to shut down
Hi, What the contents of the /etc/dnsmasq.d directory? Is there a symlink to /etc/dnsmasq.d-available/libvirt-daemon ? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2055455 Title: dnsmasq-base causes network device virbr0 to shut down Status in dnsmasq package in Ubuntu: New Bug description: Installing dnsmasq-base v2.90-0ubuntu0.22.04.1 causes network device virbr0 to shut down during the boot-up process. Device virbr0 is installed by the libvirtd daemon. libvirtd gets an unexpected error when dnsmasq is called and then the address record for virbr0 is withdrawn. This problem goes away when reverting back to dnsmasq-base v2.86-1.1 The attached text file provides relevant status reports which illustrate this problem. (status is shown for the system when using dnsmasq-base v2.90-0ubuntu0.22.04.1 when the problem occurs and then when the system operates correctly using dnsmasq-base v2.86-1.1) ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: dnsmasq-base 2.90-0ubuntu0.22.04.1 ProcVersionSignature: Ubuntu 5.15.0-60.66-generic 5.15.78 Uname: Linux 5.15.0-60-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: ubuntu:GNOME Date: Thu Feb 29 10:29:20 2024 InstallationDate: Installed on 2018-10-08 (1970 days ago) InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: dnsmasq UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2055455/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2052739] Re: tzdata 2024a release
+1 from security. Please remember to also release it to the -security pocket on all releases in addition to just -updates. Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tzdata in Ubuntu. https://bugs.launchpad.net/bugs/2052739 Title: tzdata 2024a release Status in tzdata package in Ubuntu: Fix Released Status in tzdata source package in Focal: Fix Released Status in tzdata source package in Jammy: Fix Released Status in tzdata source package in Mantic: Fix Released Bug description: [ Impact ] The 2024a release contains the following changes: * Kazakhstan unifies on UTC+5 beginning 2024-03-01. * Palestine springs forward a week later after Ramadan. * zic no longer pretends to support indefinite-past DST. * localtime no longer mishandles Ciudad JuƔrez in 2422. [ Test Plan ] Test cases were added to the autopkgtest to cover the testing: * python: test_2024a * python-icu: test_2024a (only for focal and newer) So the test plan is to check that the autopkgtest succeeds. [ Other Info ] The autopkgtest for chrony is flaky on jammy and newer (see bug #2002910). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tzdata/+bug/2052739/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2016303] Re: Rebuild NSS with support for system-wide config file
The only curious thing with using "pkcs11.txt" is that is usually used with the security databases. Per some of the manpages: In 2009, NSS introduced a new set of databases that are SQLite databases rather than BerkeleyDB. These new databases provide more accessibility and performance: ā¢ cert9.db for certificates ā¢ key4.db for keys ā¢ pkcs11.txt, a listing of all of the PKCS #11 modules, contained in a new subdirectory in the security databases directory Red Hat decided to use "nss.config" in Fedora for the system-wide policy file, and the test at nss/tests/policy/policy.sh calls it "nss-policy". Perhaps we should call it something different too? I don't really understand the whole impact of this filename though, so my suggestion may be unnecessary. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/2016303 Title: Rebuild NSS with support for system-wide config file Status in nss package in Ubuntu: Confirmed Bug description: NSS should be rebuilt with this patch: diff --git a/debian/libnss3.dirs b/debian/libnss3.dirs new file mode 100644 index ..0f796964 --- /dev/null +++ b/debian/libnss3.dirs @@ -0,0 +1 @@ +etc/nss diff --git a/debian/rules b/debian/rules index 5ab1ced0..51bee160 100755 --- a/debian/rules +++ b/debian/rules @@ -128,6 +128,8 @@ override_dh_auto_build: NSS_USE_SYSTEM_SQLITE=1 \ NSS_ENABLE_ECC=1 \ CHECKLOC= \ + POLICY_FILE=pkcs11.txt \ + POLICY_PATH=/etc/nss \ $(TOOLCHAIN) Ā override_dh_auto_clean: The directory could be another one, of course. This will allow us to create a system-wide /etc/nss/pkcs11.txt file which could load the NSS policy module. The upstream documentation is quite poor and outdated, unfortunately: https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_config_options/ https://firefox-source-docs.mozilla.org/security/nss/legacy/pkcs11/module_specs/index.html The current source code is the best documentation, and has a ton of tests that show how to use the policy module: - allow/disallow options: https://git.launchpad.net/ubuntu/+source/nss/tree/nss/lib/pk11wrap/pk11pars.c#n144 - versions and key sizes: https://git.launchpad.net/ubuntu/+source/nss/tree/nss/lib/pk11wrap/pk11pars.c#n437 - other qualifiers for algorithms (which types of signatures): https://git.launchpad.net/ubuntu/+source/nss/tree/nss/lib/pk11wrap/pk11pars.c#n451 - tons of policy tests: https://git.launchpad.net/ubuntu/+source/nss/tree/nss/tests/ssl/sslpolicy.txt and https://git.launchpad.net/ubuntu/+source/nss/tree/nss/tests/policy Here is a sample /etc/nss/pkcs11.txt which enables the policy module with certain values: library= name=Policy NSS=flags=policyOnly,moduleDB config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:CURVE25519:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:aes128-gcm:aes128-cbc:SHA256:SHA384:SHA512:SHA224:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:ECDSA:RSA-PSS:RSA-PKCS:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=2048:DSA-MIN=2048:RSA-MIN=2048" The same config snippet can of course be used in ~/.pki/nssdb/pkcs11.txt or in any of the other many places we have a pkcs11.txt file on the system (hence the need for this build option: to have just one place): - firefox: ~/snap/firefox/common/.mozilla/firefox/pqx65eu1.default/pkcs11.txt - thunderbid: ~/.thunderbird/6mxs87xg.default-release/pkcs11.txt - chrome and system-provided libnss3: ~/.pki/nssdb/pkcs11.txt Note thunderbird ships its own libnss3 (zomg), and would not be affected by this build change (unless it's done in the thunderbird source package too). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2016303/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2016303] Re: Rebuild NSS with support for system-wide config file
This should get sent to debian too. Quick question: is pkcs11.txt a default filename used anywhere else? Where did the filename come from? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/2016303 Title: Rebuild NSS with support for system-wide config file Status in nss package in Ubuntu: Confirmed Bug description: NSS should be rebuilt with this patch: diff --git a/debian/libnss3.dirs b/debian/libnss3.dirs new file mode 100644 index ..0f796964 --- /dev/null +++ b/debian/libnss3.dirs @@ -0,0 +1 @@ +etc/nss diff --git a/debian/rules b/debian/rules index 5ab1ced0..51bee160 100755 --- a/debian/rules +++ b/debian/rules @@ -128,6 +128,8 @@ override_dh_auto_build: NSS_USE_SYSTEM_SQLITE=1 \ NSS_ENABLE_ECC=1 \ CHECKLOC= \ + POLICY_FILE=pkcs11.txt \ + POLICY_PATH=/etc/nss \ $(TOOLCHAIN) Ā override_dh_auto_clean: The directory could be another one, of course. This will allow us to create a system-wide /etc/nss/pkcs11.txt file which could load the NSS policy module. The upstream documentation is quite poor and outdated, unfortunately: https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_config_options/ https://firefox-source-docs.mozilla.org/security/nss/legacy/pkcs11/module_specs/index.html The current source code is the best documentation, and has a ton of tests that show how to use the policy module: - allow/disallow options: https://git.launchpad.net/ubuntu/+source/nss/tree/nss/lib/pk11wrap/pk11pars.c#n144 - versions and key sizes: https://git.launchpad.net/ubuntu/+source/nss/tree/nss/lib/pk11wrap/pk11pars.c#n437 - other qualifiers for algorithms (which types of signatures): https://git.launchpad.net/ubuntu/+source/nss/tree/nss/lib/pk11wrap/pk11pars.c#n451 - tons of policy tests: https://git.launchpad.net/ubuntu/+source/nss/tree/nss/tests/ssl/sslpolicy.txt and https://git.launchpad.net/ubuntu/+source/nss/tree/nss/tests/policy Here is a sample /etc/nss/pkcs11.txt which enables the policy module with certain values: library= name=Policy NSS=flags=policyOnly,moduleDB config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:CURVE25519:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:aes128-gcm:aes128-cbc:SHA256:SHA384:SHA512:SHA224:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:ECDSA:RSA-PSS:RSA-PKCS:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=2048:DSA-MIN=2048:RSA-MIN=2048" The same config snippet can of course be used in ~/.pki/nssdb/pkcs11.txt or in any of the other many places we have a pkcs11.txt file on the system (hence the need for this build option: to have just one place): - firefox: ~/snap/firefox/common/.mozilla/firefox/pqx65eu1.default/pkcs11.txt - thunderbid: ~/.thunderbird/6mxs87xg.default-release/pkcs11.txt - chrome and system-provided libnss3: ~/.pki/nssdb/pkcs11.txt Note thunderbird ships its own libnss3 (zomg), and would not be affected by this build change (unless it's done in the thunderbird source package too). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2016303/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2016303] Re: Rebuild NSS with support for system-wide config file
ACK on the policy file location change. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/2016303 Title: Rebuild NSS with support for system-wide config file Status in nss package in Ubuntu: Confirmed Bug description: NSS should be rebuilt with this patch: diff --git a/debian/libnss3.dirs b/debian/libnss3.dirs new file mode 100644 index ..0f796964 --- /dev/null +++ b/debian/libnss3.dirs @@ -0,0 +1 @@ +etc/nss diff --git a/debian/rules b/debian/rules index 5ab1ced0..51bee160 100755 --- a/debian/rules +++ b/debian/rules @@ -128,6 +128,8 @@ override_dh_auto_build: NSS_USE_SYSTEM_SQLITE=1 \ NSS_ENABLE_ECC=1 \ CHECKLOC= \ + POLICY_FILE=pkcs11.txt \ + POLICY_PATH=/etc/nss \ $(TOOLCHAIN) Ā override_dh_auto_clean: The directory could be another one, of course. This will allow us to create a system-wide /etc/nss/pkcs11.txt file which could load the NSS policy module. The upstream documentation is quite poor and outdated, unfortunately: https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_config_options/ https://firefox-source-docs.mozilla.org/security/nss/legacy/pkcs11/module_specs/index.html The current source code is the best documentation, and has a ton of tests that show how to use the policy module: - allow/disallow options: https://git.launchpad.net/ubuntu/+source/nss/tree/nss/lib/pk11wrap/pk11pars.c#n144 - versions and key sizes: https://git.launchpad.net/ubuntu/+source/nss/tree/nss/lib/pk11wrap/pk11pars.c#n437 - other qualifiers for algorithms (which types of signatures): https://git.launchpad.net/ubuntu/+source/nss/tree/nss/lib/pk11wrap/pk11pars.c#n451 - tons of policy tests: https://git.launchpad.net/ubuntu/+source/nss/tree/nss/tests/ssl/sslpolicy.txt and https://git.launchpad.net/ubuntu/+source/nss/tree/nss/tests/policy Here is a sample /etc/nss/pkcs11.txt which enables the policy module with certain values: library= name=Policy NSS=flags=policyOnly,moduleDB config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:CURVE25519:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:aes128-gcm:aes128-cbc:SHA256:SHA384:SHA512:SHA224:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:ECDSA:RSA-PSS:RSA-PKCS:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=2048:DSA-MIN=2048:RSA-MIN=2048" The same config snippet can of course be used in ~/.pki/nssdb/pkcs11.txt or in any of the other many places we have a pkcs11.txt file on the system (hence the need for this build option: to have just one place): - firefox: ~/snap/firefox/common/.mozilla/firefox/pqx65eu1.default/pkcs11.txt - thunderbid: ~/.thunderbird/6mxs87xg.default-release/pkcs11.txt - chrome and system-provided libnss3: ~/.pki/nssdb/pkcs11.txt Note thunderbird ships its own libnss3 (zomg), and would not be affected by this build change (unless it's done in the thunderbird source package too). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2016303/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2052328] Re: openssh-client encounters MAC algo issue with EL8
I am closing this bug since the issue appears to be in Oracle Linux and is being tracked here: https://github.com/oracle/oracle-linux/issues/125 Thanks! ** Bug watch added: github.com/oracle/oracle-linux/issues #125 https://github.com/oracle/oracle-linux/issues/125 ** Changed in: openssh (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2052328 Title: openssh-client encounters MAC algo issue with EL8 Status in openssh package in Ubuntu: Invalid Bug description: Ubuntu 22.04 system connecting to an Oracle Linux v8 host. The following error occurs regardless of the the MACs specified (or not) in sshd_config: Corrupted MAC on input. ssh_dispatch_run_fatal: Connection to XX.XX.XX.XX port 22: message authentication code incorrect Presumably, this may happen on any RHEL v8 variant. Note that connecting to Enterprise Linux v7 work as well as other Ubuntu hosts. Downgrading to previous version of openssh-client fixes issue. apt install openssh-client=1:8.9p1-3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2052328/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2052328] Re: openssh-client encounters MAC algo issue with EL8
I believe this issue is caused by a bad backport in Oracle's 8.0p1-19.el8_9.2 package. I think their fix for CVE-2023-48795 isn't properly adding kex-strict-s-...@openssh.com to their KEX. Downgrading the Ubuntu package works around the problem as that prevents the client from offering kex-strict-c-...@openssh.com. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-48795 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2052328 Title: openssh-client encounters MAC algo issue with EL8 Status in openssh package in Ubuntu: New Bug description: Ubuntu 22.04 system connecting to an Oracle Linux v8 host. The following error occurs regardless of the the MACs specified (or not) in sshd_config: Corrupted MAC on input. ssh_dispatch_run_fatal: Connection to XX.XX.XX.XX port 22: message authentication code incorrect Presumably, this may happen on any RHEL v8 variant. Note that connecting to Enterprise Linux v7 work as well as other Ubuntu hosts. Downgrading to previous version of openssh-client fixes issue. apt install openssh-client=1:8.9p1-3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2052328/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2052328] Re: openssh-client encounters MAC algo issue with EL8
OK, I have managed to locate the Oracle binary packages for 8.0p1-19.el8_9.2 and can confirm the issue. This is curious as the same packages from RockyLinux appear to work. I will attempt to investigate the differences. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2052328 Title: openssh-client encounters MAC algo issue with EL8 Status in openssh package in Ubuntu: New Bug description: Ubuntu 22.04 system connecting to an Oracle Linux v8 host. The following error occurs regardless of the the MACs specified (or not) in sshd_config: Corrupted MAC on input. ssh_dispatch_run_fatal: Connection to XX.XX.XX.XX port 22: message authentication code incorrect Presumably, this may happen on any RHEL v8 variant. Note that connecting to Enterprise Linux v7 work as well as other Ubuntu hosts. Downgrading to previous version of openssh-client fixes issue. apt install openssh-client=1:8.9p1-3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2052328/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2052328] Re: openssh-client encounters MAC algo issue with EL8
The Oracle Linux I'm running is the v8 developer preview, as that is the only freely downloadable version. I couldn't reproduce the issue with openssh-server-8.0p1-17.el8.x86_64. Since I can't get newer packages from Oracle with this version, I installed openssh, openssh-askpass, openssh-client and openssh-server 8.0p1-19.el8_9.2 from RockyLinux into the Oracle install, and I still can't reproduce the issue. Could someone perhaps email me the 4 Oracle binary rpms for the packages listed above so I can try them? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2052328 Title: openssh-client encounters MAC algo issue with EL8 Status in openssh package in Ubuntu: New Bug description: Ubuntu 22.04 system connecting to an Oracle Linux v8 host. The following error occurs regardless of the the MACs specified (or not) in sshd_config: Corrupted MAC on input. ssh_dispatch_run_fatal: Connection to XX.XX.XX.XX port 22: message authentication code incorrect Presumably, this may happen on any RHEL v8 variant. Note that connecting to Enterprise Linux v7 work as well as other Ubuntu hosts. Downgrading to previous version of openssh-client fixes issue. apt install openssh-client=1:8.9p1-3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2052328/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2052328] Re: openssh-client encounters MAC algo issue with EL8
Hi, Thanks for reporting this issue. I can't seem to reproduce it though with Oracle Linux v8 running openssh-server-8.0p1-17.el8.x86_64 and an Ubuntu 22.04 client running 1:8.9p1-3ubuntu0.6. Could you perhaps give me a bit more details on how I could reproduce this? Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2052328 Title: openssh-client encounters MAC algo issue with EL8 Status in openssh package in Ubuntu: New Bug description: Ubuntu 22.04 system connecting to an Oracle Linux v8 host. The following error occurs regardless of the the MACs specified (or not) in sshd_config: Corrupted MAC on input. ssh_dispatch_run_fatal: Connection to XX.XX.XX.XX port 22: message authentication code incorrect Presumably, this may happen on any RHEL v8 variant. Note that connecting to Enterprise Linux v7 work as well as other Ubuntu hosts. Downgrading to previous version of openssh-client fixes issue. apt install openssh-client=1:8.9p1-3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2052328/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2046526] Re: pam_access Configuration Treats TTY Names as Hostnames
** Changed in: pam (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/2046526 Title: pam_access Configuration Treats TTY Names as Hostnames Status in pam package in Ubuntu: Confirmed Bug description: Comments in PAM service files at /etc/pam.d/* suggest a line to uncomment to configure complicated authorization rules using pam_access (which in turn is configured by /etc/security/access.conf): /etc/pam.d/sshd: # Uncomment and edit /etc/security/access.conf if you need to set complex # access limits that are hard to express in sshd_config. # account required pam_access.so /etc/pam.d/login: # Uncomment and edit /etc/security/access.conf if you need to # set access limits. # (Replaces /etc/login.access file) # account required pam_access.so Comments in /etc/security/access.conf indicate the origin in this file can be a TTY or domain name: # The third field should be a list of one or more tty names (for # non-networked logins), host names, domain names (begin with "."), I wanted to configure a user on my server, 'localadmin', who can only log in on the console and not via any network service and tried to achieve this using pam_access as follows: I uncommented the default āaccount required pam_access.soā lines in /etc/pam.d/sshd and /etc/pam.d/login. I add the following in /etc/security/access.conf intending to allow user 'localadmin' to only log in on the console: +:localadmin:tty1 -:localadmin:ALL This seems to work. Login via SSH fails and succeeds on the console, as expected. However, /var/log/auth.log suspiciously indicates it is treating tty1 as a hostname during the failed SSH attempt: Dec 15 01:28:12 server sshd[5868]: pam_access(sshd:account): cannot resolve hostname "tty1" Dec 15 01:28:12 server sshd[5868]: pam_access(sshd:account): access denied for user `localadmin' from `10.0.0.101' It is confirmed to be doing DNS lookups for 'tty1' in the search domain during the login attempt: admin@server:~$ resolvectl status eth0 ... DNS Servers: 10.0.0.2 DNS Domain: example.com admin@server:~$ sudo tcpdump -i eth0 -n port 53 01:28:12.100348 IP 10.0.0.42.44968 > 10.0.0.2.53: 21558+ [1au] A? tty1.example.com. (45) 01:28:12.100666 IP 10.0.0.42.44669 > 10.0.0.2.53: 40453+ [1au] ? tty1.example.com. (45) 01:28:12.103027 IP 10.0.0.2.53 > 10.0.0.42.44968: 21558 NXDomain* 0/1/1 (95) 01:28:12.103027 IP 10.0.0.2.53 > 10.0.0.42.44669: 40453 NXDomain* 0/1/1 (95) I configured my DNS service to resolve hostname 'tty1' to the IP address the SSH connection originates from: admin@server:~$ dig +short tty1.example.com 10.0.0.101 SSH access is then unexpectedly allowed: user@clienthost:~$ ip -4 a show dev eth0 inet 10.0.0.101/24 ... user@clienthost:~$ ssh localadmin@10.0.0.42 localadmin@10.0.0.42's password: localadmin@server:~$ I think the local origins should be completely separated from network origins in /etc/security/access.conf somehow (maybe with separate access.conf files used for local and network PAM services). Other requested bug report info: root@server:~# lsb_release -rd Description:Ubuntu 22.04.3 LTS Release:22.04 root@server:~# apt-cache policy pam N: Unable to locate package pam root@server:~# apt-cache policy libpam-modules libpam-modules: Installed: 1.4.0-11ubuntu2.3 Candidate: 1.4.0-11ubuntu2.3 Version table: *** 1.4.0-11ubuntu2.3 500 500 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages 100 /var/lib/dpkg/status 1.4.0-11ubuntu2 500 500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2046526/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2047595] Re: sound control panel security
** Package changed: ubuntu-meta (Ubuntu) => gnome-shell (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/2047595 Title: sound control panel security Status in gnome-shell package in Ubuntu: New Bug description: The controls in the upper right hand corner, which consist of WiFi Bar, Sound Bar, and Battery Bar icons are unlocked when the machine is locked. This will enable anyone, who has physical access to the machine to change, disable or rearrange any settings available in this interface; 1. WiFi-- add or remove access points, disconnect WiFi, change power modes, styles, keyboard, etc. Power Modes. 2. Sounds, disable or modify sounds, lighting settings 3. Change or modify battery schemes. Power off machines, or sleep / Hibernate machine, etc. lsb_release -rd Ubuntu 23.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/2047595/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2046633] Re: Don't include 'nmcli -f all con' output in bug report (for privacy)
** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/2046633 Title: Don't include 'nmcli -f all con' output in bug report (for privacy) Status in network-manager package in Ubuntu: New Bug description: The apport bug reporting hooks for this package (/usr/share/apport/package/hooks/source_network-manager{,-applet}.py) include the output of `nmcli -f all con`. This lists all wifi SSIDs that the user has ever connected to, and the date of last connection. I think this is a privacy problem, as it tends to reveal the user's recent whereabouts, and it's posted publicly on launchpad. (Imagine for instance an entry for "LoveMotelGuestWifi" at a time when the user had said they were at the office...) It is disclosed to the user before the report is sent, but only if they think to expand that item in the "Send / Don't send" dialog (which is not descriptively labeled), and there is no way to opt out of it. You can delete it manually from launchpad afterward, which is what I am going to do with this bug report, but I doubt most people would know to do that. This info should probably not be included at all, or if it is, it should be sanitized. Also, it might be a good idea to purge launchpad of all such files. (Marking this as "security" in case you consider this kind of a privacy leak to be something the security team should handle. If not, feel free to demote it to an ordinary bug.) ProblemType: Bug DistroRelease: Ubuntu 23.10 Package: network-manager 1.44.2-1ubuntu1.2 ProcVersionSignature: Ubuntu 6.5.0-14.14-generic 6.5.3 Uname: Linux 6.5.0-14-generic x86_64 ApportVersion: 2.27.0-0ubuntu5 Architecture: amd64 CasperMD5CheckResult: unknown Date: Sat Dec 16 14:38:45 2023 IfupdownConfig: # interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback InstallationDate: Installed on 2019-06-03 (1657 days ago) InstallationMedia: Ubuntu 19.04 "Disco Dingo" - Release amd64 (20190416) IpRoute: default via 192.168.1.13 dev enxa0cec8c4f782 proto dhcp src 192.168.1.60 metric 100 169.254.0.0/16 dev virbr0 scope link metric 1000 linkdown 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 192.168.1.0/24 dev enxa0cec8c4f782 proto kernel scope link src 192.168.1.60 metric 100 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown ProcEnviron: LANG=en_US.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR= SourcePackage: network-manager UpgradeStatus: Upgraded to mantic on 2023-12-14 (3 days ago) modified.conffile..etc.default.apport: # set this to 0 to disable apport, or to 1 to enable it # you can temporarily override this with # sudo service apport start force_start=1 enabled=0 mtime.conffile..etc.default.apport: 2020-08-04T11:07:36.415303 nmcli-nm: RUNNING VERSION STATE STARTUP CONNECTIVITY NETWORKING WIFI-HW WIFI WWAN-HW WWAN running 1.44.2 connected started full enabled enabled enabled missing enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/2046633/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2047595] Re: sound control panel security
What desktop environment are you using? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/2047595 Title: sound control panel security Status in gnome-shell package in Ubuntu: New Bug description: The controls in the upper right hand corner, which consist of WiFi Bar, Sound Bar, and Battery Bar icons are unlocked when the machine is locked. This will enable anyone, who has physical access to the machine to change, disable or rearrange any settings available in this interface; 1. WiFi-- add or remove access points, disconnect WiFi, change power modes, styles, keyboard, etc. Power Modes. 2. Sounds, disable or modify sounds, lighting settings 3. Change or modify battery schemes. Power off machines, or sleep / Hibernate machine, etc. lsb_release -rd Ubuntu 23.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/2047595/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2049239] Re: package linux-image-6.5.0-14-generic 6.5.0-14.14~22.04.1 failed to install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/2049239 Title: package linux-image-6.5.0-14-generic 6.5.0-14.14~22.04.1 failed to install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1 Status in initramfs-tools package in Ubuntu: New Bug description: i occured this when i on terminal i can't provide more details because i don't know much ProblemType: Package DistroRelease: Ubuntu 22.04 Package: linux-image-6.5.0-14-generic 6.5.0-14.14~22.04.1 ProcVersionSignature: Ubuntu 6.2.0-39.40~22.04.1-generic 6.2.16 Uname: Linux 6.2.0-39-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: pass Date: Fri Jan 12 19:20:00 2024 ErrorMessage: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1 InstallationDate: Installed on 2023-10-28 (76 days ago) InstallationMedia: Ubuntu 22.04.3 LTS "Jammy Jellyfish" - Release amd64 (20230807.2) Python3Details: /usr/bin/python3.10, Python 3.10.12, python3-minimal, 3.10.6-1~22.04 PythonDetails: N/A RebootRequiredPkgs: Error: path contained symlinks. RelatedPackageVersions: dpkg 1.21.1ubuntu2.2 apt 2.4.11 SourcePackage: initramfs-tools Title: package linux-image-6.5.0-14-generic 6.5.0-14.14~22.04.1 failed to install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2049239/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2037323] Re: gst-plugins-bad1.0 fails to build: netsim test failing
Note to future mdeslaur: re-mashing the retry button will eventually result in the test passing and the build succeeding. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gst-plugins-bad1.0 in Ubuntu. https://bugs.launchpad.net/bugs/2037323 Title: gst-plugins-bad1.0 fails to build: netsim test failing Status in gst-plugins-bad: New Status in gst-plugins-bad1.0 package in Ubuntu: Triaged Status in gst-plugins-bad1.0 package in Debian: Confirmed Bug description: gst-plugin-bad1.0's elements_netsim build test began failing after July 6 (when 1.22.4 was uploaded) but before August 15. This is a regression caused by a change in one of its build dependencies. === 91/109 === test: elements_netsim start time: 12:04:11 duration: 1.31s result: exit status 2 command: GST_PLUGIN_LOADING_WHITELIST=gstreamer:gst-plugins-base:gst-plugins-good: gst-plugins-ugly:gst-libav:libnice:gst-plugins-bad@/<>/obj-x86_64-linux-gnu GST_PLUGIN_PATH_1_0=/<>/obj-x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu/gstreamer-1.0: /usr/lib/x86_64-linux-gnu/gstreamer-1.0 GST_PLUGIN_SCANNER_1_0=/usr/lib/x86_64-linux-gnu/gstreamer1.0/gstreamer-1.0/gst-plugin-scanner GST_STATE_IGNORE_ELEMENTS='' CK_DEFAULT_TIMEOUT=20 GST_REGISTRY=/<>/obj-x86_64-linux-gnu/tests/check/elements_netsim.registry MALLOC_PERTURB_=119 GST_PLUGIN_SYSTEM_PATH_1_0='' LD_LIBRARY_PATH=/<>/obj-x86_64-linux-gnu/gst-libs/gst/basecamerabinsrc: /<>/obj-x86_64-linux-gnu/gst-libs/gst/uridownloader: /<>/obj-x86_64-linux-gnu/gst-libs/gst/interfaces: /usr/lib/libeatmydata /<>/obj-x86_64-linux-gnu/tests/check/elements_netsim --- stdout --- Running suite(s): netsim Unexpected critical/warning: ../gst/gstpad.c:4427:gst_pad_chain_data_unchecked: Got data flow before stream-start event Stack trace: gst_debug_get_stack_trace (/usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.2205.0:0x7f94f8b3e6db) ?? (/usr/lib/x86_64-linux-gnu/libgstcheck-1.0.so.0.2205.0:0x7f94f8961a9f) g_logv (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7800.0:0x7f94f89ddc0c) g_log (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7800.0:0x7f94f89ddebf) ?? (/usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.2205.0:0x7f94f8b4a072) ?? (/usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.2205.0:0x7f94f8b4c2c2) gst_pad_push (/usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.2205.0:0x7f94f8b53b44) ?? (/usr/lib/x86_64-linux-gnu/libgstcheck-1.0.so.0.2205.0:0x7f94f8967b62) ?? (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7800.0:0x7f94f8a029dd) ?? (/usr/lib/x86_64-linux-gnu/libc.so.6:0x7f94f87fa3e8) ?? (/usr/lib/x86_64-linux-gnu/libc.so.6:0x7f94f887aa28) Unexpected critical/warning: ../gst/gstpad.c:4427:gst_pad_chain_data_unchecked: Got data flow before stream-start event Stack trace: gst_debug_get_stack_trace (/usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.2205.0:0x7f94f8b3e6db) ?? (/usr/lib/x86_64-linux-gnu/libgstcheck-1.0.so.0.2205.0:0x7f94f8961a9f) g_logv (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7800.0:0x7f94f89ddc0c) g_log (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7800.0:0x7f94f89ddebf) ?? (/usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.2205.0:0x7f94f8b4a072) ?? (/usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.2205.0:0x7f94f8b4c2c2) gst_pad_push (/usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0.2205.0:0x7f94f8b53b44) ?? (/usr/lib/x86_64-linux-gnu/libgstcheck-1.0.so.0.2205.0:0x7f94f8967b62) ?? (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7800.0:0x7f94f8a029dd) ?? (/usr/lib/x86_64-linux-gnu/libc.so.6:0x7f94f87fa3e8) ?? (/usr/lib/x86_64-linux-gnu/libc.so.6:0x7f94f887aa28) 0%: Checks: 2, Failures: 2, Errors: 0 ../libs/gst/check/gstcheck.c:286:F:general:netsim_stress:0: Unexpected critical/warning: ../gst/gstpad.c:4427:gst_pad_chain_data_unchecked: Got data flow before stream-start event ../libs/gst/check/gstcheck.c:286:F:general:netsim_stress_delayed:0: Unexpected critical/warning: ../gst/gstpad.c:4427:gst_pad_chain_data_unchecked: Got data flow before stream-start event Check suite netsim ran in 0.240s (tests failed: 2) To manage notifications about this bug go to: https://bugs.launchpad.net/gst-plugins-bad/+bug/2037323/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2036321] Re: Periodically flickering of speaker icon
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/2036321 Title: Periodically flickering of speaker icon Status in pulseaudio package in Ubuntu: New Bug description: Flickering of speaker icon continuously so that I am not able to use Ubuntu 20.04.6 LTS ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: pulseaudio 1:13.99.1-1ubuntu3.14 ProcVersionSignature: Ubuntu 5.15.0-85.95~20.04.2-generic 5.15.122 Uname: Linux 5.15.0-85-generic x86_64 AlsaVersion: Advanced Linux Sound Architecture Driver Version k5.15.0-85-generic. ApportVersion: 2.20.11-0ubuntu27.27 Architecture: amd64 ArecordDevices: List of CAPTURE Hardware Devices card 1: PCH [HDA Intel PCH], device 0: ALC3223 Analog [ALC3223 Analog] Subdevices: 1/1 Subdevice #0: subdevice #0 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: vishal 1379 F pulseaudio /dev/snd/pcmC1D0p: vishal 1379 F...m pulseaudio /dev/snd/controlC0: vishal 1379 F pulseaudio Card0.Amixer.info: Card hw:0 'HDMI'/'HDA Intel HDMI at 0xb071 irq 50' Mixer name : 'Intel Haswell HDMI' Components : 'HDA:80862807,80860101,0010' Controls : 35 Simple ctrls : 5 Card1.Amixer.info: Card hw:1 'PCH'/'HDA Intel PCH at 0xb0714000 irq 48' Mixer name : 'Realtek ALC3223' Components : 'HDA:10ec0283,102805e9,0013' Controls : 25 Simple ctrls : 13 CasperMD5CheckResult: skip CurrentDesktop: ubuntu:GNOME Date: Sat Sep 16 21:05:29 2023 InstallationDate: Installed on 2022-08-21 (390 days ago) InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731) SourcePackage: pulseaudio UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 05/27/2019 dmi.bios.vendor: Dell Inc. dmi.bios.version: A12 dmi.board.name: 0Y4M2K dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 8 dmi.chassis.vendor: Dell Inc. dmi.chassis.version: A12 dmi.ec.firmware.release: 1.1 dmi.modalias: dmi:bvnDellInc.:bvrA12:bd05/27/2019:efr1.1:svnDellInc.:pnInspiron5537:pvrA12:rvnDellInc.:rn0Y4M2K:rvrA00:cvnDellInc.:ct8:cvrA12:skuInspiron5537: dmi.product.family: 00 dmi.product.name: Inspiron 5537 dmi.product.sku: Inspiron 5537 dmi.product.version: A12 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/2036321/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1971242] Re: printing PDF appears always grey, no color
I have tested the lunar-proposed package (2.4.2-3ubuntu2.3), and after updating the package, and recreating the printer, it now defaults to printing in colour when using Okular. ** Tags removed: verification-needed verification-needed-lunar ** Tags added: verification-done verification-done-lunar -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1971242 Title: printing PDF appears always grey, no color Status in CUPS: Fix Released Status in atril package in Ubuntu: Confirmed Status in cups package in Ubuntu: Fix Released Status in okular package in Ubuntu: Confirmed Status in cups source package in Jammy: Fix Committed Status in cups source package in Lunar: Fix Committed Bug description: After upgrading from 20.04 LTS to 22.04 LTS I can't print colored PDF document. The print appears always b/w regardless color printing was enabled or not. Printing from LibreOffice produces a color print. This behavior (bug) is reproducible on three upgraded machines. It would be nice to have color print back again. [ Impact ] If the PPD file for a printer has a ColorModel option and the only choice in it for printing in color is not named RGB but CMYK instead, the printer cannot be made printing in color with intuitive methods, usually selcting the color choice in the print dialog (which makes ColorModel=CMYK be sent along with the job). Only an ugly command-line-based workaround, running the command lpadmin -p PRINTER -o print-color-mode-default=color makes the printer print in color. An example for printers with such PPDs are printers from RICOH and OEM (Lanier, InfoTec, Savin, ..), so many high-end color laser printers are affected. [ Test Plan ] Remove the workaround if you had applied it: lpadmin -p PRINTER -R print-color-mode-default If you have an affected printer, print a PDF file (or use the print functionality in an application) with colored content and choose the setting for color printing in the print dialog. When printing via command line do lp -d PRINTER -o ColorModel=CMYK FILE.pdf Without the SRU applied you will get a grayscale/monochrome printout, with it applied, you will get a colored printout. To test without a printer: Stop CUPS: sudo systemctl stop cups Edit /etc/cups/cups-files.conf to have a line FileDevice Yes and start CUPS again: sudo systemctl start cups Then create a queue using the attached sample PPD file: lpadmin -p color-test -E -v file:/tmp/printout -P Ricoh- PDF_Printer-PDF.ppd Print a file to this queue as described above. When the job is done ("lpstat" does not show it any more), open /tmp/printout with a text editor. Check whether it contains a line @PJL SET RENDERMODE=COLOR near its beginning, and NOT a line @PJL SET RENDERMODE=GRAYSCALE [ Where problems could occur ] The patches are simple and they are also for some time in newer CUPS versions (2.4.2 and newer) which are included in several distributions (Ubuntu 22.10, 23.04, and others) and did not cause any complaints about color printing. So the regression potential is very low. To manage notifications about this bug go to: https://bugs.launchpad.net/cups/+bug/1971242/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2028774] Re: ssh fails to load opensc-pkcs11.so
Upstream says the change is intentional, so I am closing this bug. Thanks! ** Changed in: openssh (Ubuntu) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2028774 Title: ssh fails to load opensc-pkcs11.so Status in portable OpenSSH: Unknown Status in openssh package in Ubuntu: Won't Fix Bug description: I have PKCS11Provider opensc-pkcs11.so in my ~/.ssh/config After the last update of openssh-client I now get: $ strace -o slogin.log slogin host lib_contains_symbol: open opensc-pkcs11.so: No such file or directory provider opensc-pkcs11.so is not a PKCS11 library (uwe@host) Password for uwe@host: $ grep -i pkcs11 slogin.log read(3, "PKCS11Provider opensc-pkcs11.so\n"..., 4096) = 1603 openat(AT_FDCWD, "opensc-pkcs11.so", O_RDONLY) = -1 ENOENT (No such file or directory) write(2, "provider opensc-pkcs11.so is not"..., 51) = 51 $ dpkg-query --listfiles opensc-pkcs11 | grep opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssh-client 1:8.9p1-3ubuntu0.3 ProcVersionSignature: Ubuntu 5.19.0-50.50-generic 5.19.17 Uname: Linux 5.19.0-50-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Wed Jul 26 15:46:30 2023 InstallationDate: Installed on 2022-08-25 (334 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419) RelatedPackageVersions: ssh-askpass 1:1.2.4.1-13 libpam-sshN/A keychain N/A ssh-askpass-gnome N/A SSHClientVersion: OpenSSH_8.9p1 Ubuntu-3ubuntu0.3, OpenSSL 3.0.2 15 Mar 2022 SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/openssh/+bug/2028774/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2028863] [NEW] Denial of service via gvar table loading
*** This bug is a security vulnerability *** Public security bug reported: focal and earlier need this commit to prevent a DoS: https://gitlab.freedesktop.org/freetype/freetype/-/commit/216e077600a58346bb022d8409fd82e9d914a10a ** Affects: freetype (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: freetype (Ubuntu Trusty) Importance: Undecided Status: New ** Affects: freetype (Ubuntu Xenial) Importance: Undecided Status: New ** Affects: freetype (Ubuntu Bionic) Importance: Undecided Status: New ** Affects: freetype (Ubuntu Focal) Importance: Low Status: Confirmed ** Also affects: freetype (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: freetype (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: freetype (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: freetype (Ubuntu Trusty) Importance: Undecided Status: New ** Changed in: freetype (Ubuntu) Status: New => Fix Released ** Changed in: freetype (Ubuntu Focal) Status: New => Confirmed ** Changed in: freetype (Ubuntu Focal) Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to freetype in Ubuntu. https://bugs.launchpad.net/bugs/2028863 Title: Denial of service via gvar table loading Status in freetype package in Ubuntu: Fix Released Status in freetype source package in Trusty: New Status in freetype source package in Xenial: New Status in freetype source package in Bionic: New Status in freetype source package in Focal: Confirmed Bug description: focal and earlier need this commit to prevent a DoS: https://gitlab.freedesktop.org/freetype/freetype/-/commit/216e077600a58346bb022d8409fd82e9d914a10a To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/2028863/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2028774] Re: ssh fails to load opensc-pkcs11.so
I've filed an upstream bug for this, let's see if they consider this to be an issue or not: https://bugzilla.mindrot.org/show_bug.cgi?id=3594 Thanks! ** Bug watch added: OpenSSH Portable Bugzilla #3594 https://bugzilla.mindrot.org/show_bug.cgi?id=3594 ** Also affects: openssh via https://bugzilla.mindrot.org/show_bug.cgi?id=3594 Importance: Unknown Status: Unknown ** Changed in: openssh (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2028774 Title: ssh fails to load opensc-pkcs11.so Status in portable OpenSSH: Unknown Status in openssh package in Ubuntu: Confirmed Bug description: I have PKCS11Provider opensc-pkcs11.so in my ~/.ssh/config After the last update of openssh-client I now get: $ strace -o slogin.log slogin host lib_contains_symbol: open opensc-pkcs11.so: No such file or directory provider opensc-pkcs11.so is not a PKCS11 library (uwe@host) Password for uwe@host: $ grep -i pkcs11 slogin.log read(3, "PKCS11Provider opensc-pkcs11.so\n"..., 4096) = 1603 openat(AT_FDCWD, "opensc-pkcs11.so", O_RDONLY) = -1 ENOENT (No such file or directory) write(2, "provider opensc-pkcs11.so is not"..., 51) = 51 $ dpkg-query --listfiles opensc-pkcs11 | grep opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssh-client 1:8.9p1-3ubuntu0.3 ProcVersionSignature: Ubuntu 5.19.0-50.50-generic 5.19.17 Uname: Linux 5.19.0-50-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Wed Jul 26 15:46:30 2023 InstallationDate: Installed on 2022-08-25 (334 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419) RelatedPackageVersions: ssh-askpass 1:1.2.4.1-13 libpam-sshN/A keychain N/A ssh-askpass-gnome N/A SSHClientVersion: OpenSSH_8.9p1 Ubuntu-3ubuntu0.3, OpenSSL 3.0.2 15 Mar 2022 SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/openssh/+bug/2028774/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2028774] Re: ssh fails to load opensc-pkcs11.so
One of the commits for the security fix for CVE-2023-28408 will now attempt to mmap the library and search for the "C_GetFunctionList" symbol before doing the dlopen. Unfortunately, dlopen allows specifying just the library name and the dynamic linker will search for it, but the new code just tries to open the filename directly. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-28408 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2028774 Title: ssh fails to load opensc-pkcs11.so Status in openssh package in Ubuntu: New Bug description: I have PKCS11Provider opensc-pkcs11.so in my ~/.ssh/config After the last update of openssh-client I now get: $ strace -o slogin.log slogin host lib_contains_symbol: open opensc-pkcs11.so: No such file or directory provider opensc-pkcs11.so is not a PKCS11 library (uwe@host) Password for uwe@host: $ grep -i pkcs11 slogin.log read(3, "PKCS11Provider opensc-pkcs11.so\n"..., 4096) = 1603 openat(AT_FDCWD, "opensc-pkcs11.so", O_RDONLY) = -1 ENOENT (No such file or directory) write(2, "provider opensc-pkcs11.so is not"..., 51) = 51 $ dpkg-query --listfiles opensc-pkcs11 | grep opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssh-client 1:8.9p1-3ubuntu0.3 ProcVersionSignature: Ubuntu 5.19.0-50.50-generic 5.19.17 Uname: Linux 5.19.0-50-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Wed Jul 26 15:46:30 2023 InstallationDate: Installed on 2022-08-25 (334 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419) RelatedPackageVersions: ssh-askpass 1:1.2.4.1-13 libpam-sshN/A keychain N/A ssh-askpass-gnome N/A SSHClientVersion: OpenSSH_8.9p1 Ubuntu-3ubuntu0.3, OpenSSL 3.0.2 15 Mar 2022 SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2028774/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2028774] Re: ssh fails to load opensc-pkcs11.so
Can you try putting the full path to the library in your config file? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2028774 Title: ssh fails to load opensc-pkcs11.so Status in openssh package in Ubuntu: New Bug description: I have PKCS11Provider opensc-pkcs11.so in my ~/.ssh/config After the last update of openssh-client I now get: $ strace -o slogin.log slogin host lib_contains_symbol: open opensc-pkcs11.so: No such file or directory provider opensc-pkcs11.so is not a PKCS11 library (uwe@host) Password for uwe@host: $ grep -i pkcs11 slogin.log read(3, "PKCS11Provider opensc-pkcs11.so\n"..., 4096) = 1603 openat(AT_FDCWD, "opensc-pkcs11.so", O_RDONLY) = -1 ENOENT (No such file or directory) write(2, "provider opensc-pkcs11.so is not"..., 51) = 51 $ dpkg-query --listfiles opensc-pkcs11 | grep opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: openssh-client 1:8.9p1-3ubuntu0.3 ProcVersionSignature: Ubuntu 5.19.0-50.50-generic 5.19.17 Uname: Linux 5.19.0-50-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Wed Jul 26 15:46:30 2023 InstallationDate: Installed on 2022-08-25 (334 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419) RelatedPackageVersions: ssh-askpass 1:1.2.4.1-13 libpam-sshN/A keychain N/A ssh-askpass-gnome N/A SSHClientVersion: OpenSSH_8.9p1 Ubuntu-3ubuntu0.3, OpenSSL 3.0.2 15 Mar 2022 SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2028774/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2028170] Re: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-name
What's the output of "dpkg -l | grep curl"? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/2028170 Title: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt- name Status in curl package in Ubuntu: Invalid Status in curl source package in Focal: Invalid Status in curl source package in Jammy: Fix Released Status in curl source package in Kinetic: Invalid Status in curl source package in Lunar: Invalid Status in curl source package in Mantic: Invalid Bug description: With the latest curl 7.81.0-1ubuntu1.11 on ubuntu 22.04, I'm getting the following: curl -v https://raw.githubusercontent.com * Trying 185.199.108.133:443... * Connected to raw.githubusercontent.com (185.199.108.133) port 443 (#0) [...] * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=*.github.io * start date: Feb 21 00:00:00 2023 GMT * expire date: Mar 20 23:59:59 2024 GMT * subjectAltName does not match raw.githubusercontent.com * SSL: no alternative certificate subject name matches target host name 'raw.githubusercontent.com' curl: (60) SSL: no alternative certificate subject name matches target host name 'raw.githubusercontent.com' More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. -- The alt name looks proper when looking at the cert w/ s_client: openssl s_client -connect raw.githubusercontent.com:443 /dev/null | openssl x509 -noout -text X509v3 Subject Alternative Name: DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com Previous versions of curl work as intended. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2028170/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2028170] Re: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-name
Do you have a specific site I can try that doesn't work? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/2028170 Title: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt- name Status in curl package in Ubuntu: Invalid Status in curl source package in Focal: Invalid Status in curl source package in Jammy: Fix Released Status in curl source package in Kinetic: Invalid Status in curl source package in Lunar: Invalid Status in curl source package in Mantic: Invalid Bug description: With the latest curl 7.81.0-1ubuntu1.11 on ubuntu 22.04, I'm getting the following: curl -v https://raw.githubusercontent.com * Trying 185.199.108.133:443... * Connected to raw.githubusercontent.com (185.199.108.133) port 443 (#0) [...] * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=*.github.io * start date: Feb 21 00:00:00 2023 GMT * expire date: Mar 20 23:59:59 2024 GMT * subjectAltName does not match raw.githubusercontent.com * SSL: no alternative certificate subject name matches target host name 'raw.githubusercontent.com' curl: (60) SSL: no alternative certificate subject name matches target host name 'raw.githubusercontent.com' More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. -- The alt name looks proper when looking at the cert w/ s_client: openssl s_client -connect raw.githubusercontent.com:443 /dev/null | openssl x509 -noout -text X509v3 Subject Alternative Name: DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com Previous versions of curl work as intended. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2028170/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2028170] Re: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-name
https://ubuntu.com/security/notices/USN-6237-2 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/2028170 Title: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt- name Status in curl package in Ubuntu: Invalid Status in curl source package in Focal: Invalid Status in curl source package in Jammy: Fix Released Status in curl source package in Kinetic: Invalid Status in curl source package in Lunar: Invalid Status in curl source package in Mantic: Invalid Bug description: With the latest curl 7.81.0-1ubuntu1.11 on ubuntu 22.04, I'm getting the following: curl -v https://raw.githubusercontent.com * Trying 185.199.108.133:443... * Connected to raw.githubusercontent.com (185.199.108.133) port 443 (#0) [...] * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=*.github.io * start date: Feb 21 00:00:00 2023 GMT * expire date: Mar 20 23:59:59 2024 GMT * subjectAltName does not match raw.githubusercontent.com * SSL: no alternative certificate subject name matches target host name 'raw.githubusercontent.com' curl: (60) SSL: no alternative certificate subject name matches target host name 'raw.githubusercontent.com' More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. -- The alt name looks proper when looking at the cert w/ s_client: openssl s_client -connect raw.githubusercontent.com:443 /dev/null | openssl x509 -noout -text X509v3 Subject Alternative Name: DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com Previous versions of curl work as intended. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2028170/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2028170] Re: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-name
** Changed in: curl (Ubuntu Mantic) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/2028170 Title: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt- name Status in curl package in Ubuntu: Invalid Status in curl source package in Focal: Invalid Status in curl source package in Jammy: Fix Released Status in curl source package in Kinetic: Invalid Status in curl source package in Lunar: Invalid Status in curl source package in Mantic: Invalid Bug description: With the latest curl 7.81.0-1ubuntu1.11 on ubuntu 22.04, I'm getting the following: curl -v https://raw.githubusercontent.com * Trying 185.199.108.133:443... * Connected to raw.githubusercontent.com (185.199.108.133) port 443 (#0) [...] * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=*.github.io * start date: Feb 21 00:00:00 2023 GMT * expire date: Mar 20 23:59:59 2024 GMT * subjectAltName does not match raw.githubusercontent.com * SSL: no alternative certificate subject name matches target host name 'raw.githubusercontent.com' curl: (60) SSL: no alternative certificate subject name matches target host name 'raw.githubusercontent.com' More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. -- The alt name looks proper when looking at the cert w/ s_client: openssl s_client -connect raw.githubusercontent.com:443 /dev/null | openssl x509 -noout -text X509v3 Subject Alternative Name: DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com Previous versions of curl work as intended. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2028170/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2028170] Re: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-name
It should appear in -security and get automatically copied to -updates next time the publisher runs, probably within the next half-hour or so. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/2028170 Title: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt- name Status in curl package in Ubuntu: Confirmed Status in curl source package in Focal: Invalid Status in curl source package in Jammy: Fix Released Status in curl source package in Kinetic: Invalid Status in curl source package in Lunar: Invalid Status in curl source package in Mantic: Confirmed Bug description: With the latest curl 7.81.0-1ubuntu1.11 on ubuntu 22.04, I'm getting the following: curl -v https://raw.githubusercontent.com * Trying 185.199.108.133:443... * Connected to raw.githubusercontent.com (185.199.108.133) port 443 (#0) [...] * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=*.github.io * start date: Feb 21 00:00:00 2023 GMT * expire date: Mar 20 23:59:59 2024 GMT * subjectAltName does not match raw.githubusercontent.com * SSL: no alternative certificate subject name matches target host name 'raw.githubusercontent.com' curl: (60) SSL: no alternative certificate subject name matches target host name 'raw.githubusercontent.com' More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. -- The alt name looks proper when looking at the cert w/ s_client: openssl s_client -connect raw.githubusercontent.com:443 /dev/null | openssl x509 -noout -text X509v3 Subject Alternative Name: DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com Previous versions of curl work as intended. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2028170/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2028170] Re: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-name
The fix is currently building here: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages As soon as the riscv64 builds finish, I will be releasing it. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/2028170 Title: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt- name Status in curl package in Ubuntu: Confirmed Status in curl source package in Focal: Invalid Status in curl source package in Jammy: In Progress Status in curl source package in Kinetic: Invalid Status in curl source package in Lunar: Invalid Status in curl source package in Mantic: Confirmed Bug description: With the latest curl 7.81.0-1ubuntu1.11 on ubuntu 22.04, I'm getting the following: curl -v https://raw.githubusercontent.com * Trying 185.199.108.133:443... * Connected to raw.githubusercontent.com (185.199.108.133) port 443 (#0) [...] * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=*.github.io * start date: Feb 21 00:00:00 2023 GMT * expire date: Mar 20 23:59:59 2024 GMT * subjectAltName does not match raw.githubusercontent.com * SSL: no alternative certificate subject name matches target host name 'raw.githubusercontent.com' curl: (60) SSL: no alternative certificate subject name matches target host name 'raw.githubusercontent.com' More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. -- The alt name looks proper when looking at the cert w/ s_client: openssl s_client -connect raw.githubusercontent.com:443 /dev/null | openssl x509 -noout -text X509v3 Subject Alternative Name: DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com Previous versions of curl work as intended. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2028170/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2028170] Re: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-name
This only affects Ubuntu 22.04 because of an issue with the backported patch. ** Changed in: curl (Ubuntu Focal) Status: In Progress => Invalid ** Changed in: curl (Ubuntu Kinetic) Status: In Progress => Invalid ** Changed in: curl (Ubuntu Lunar) Status: In Progress => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/2028170 Title: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt- name Status in curl package in Ubuntu: Confirmed Status in curl source package in Focal: Invalid Status in curl source package in Jammy: In Progress Status in curl source package in Kinetic: Invalid Status in curl source package in Lunar: Invalid Status in curl source package in Mantic: Confirmed Bug description: With the latest curl 7.81.0-1ubuntu1.11 on ubuntu 22.04, I'm getting the following: curl -v https://raw.githubusercontent.com * Trying 185.199.108.133:443... * Connected to raw.githubusercontent.com (185.199.108.133) port 443 (#0) [...] * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=*.github.io * start date: Feb 21 00:00:00 2023 GMT * expire date: Mar 20 23:59:59 2024 GMT * subjectAltName does not match raw.githubusercontent.com * SSL: no alternative certificate subject name matches target host name 'raw.githubusercontent.com' curl: (60) SSL: no alternative certificate subject name matches target host name 'raw.githubusercontent.com' More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. -- The alt name looks proper when looking at the cert w/ s_client: openssl s_client -connect raw.githubusercontent.com:443 /dev/null | openssl x509 -noout -text X509v3 Subject Alternative Name: DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com Previous versions of curl work as intended. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2028170/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2028170] Re: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt-name
We will be reverting this fix until it can be properly investigated. I will prepare emergency updates that will be published today. ** Also affects: curl (Ubuntu Kinetic) Importance: Undecided Status: New ** Also affects: curl (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: curl (Ubuntu Mantic) Importance: Undecided Status: Confirmed ** Also affects: curl (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: curl (Ubuntu Lunar) Importance: Undecided Status: New ** Changed in: curl (Ubuntu Focal) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: curl (Ubuntu Jammy) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: curl (Ubuntu Kinetic) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: curl (Ubuntu Lunar) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: curl (Ubuntu Mantic) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: curl (Ubuntu Focal) Status: New => In Progress ** Changed in: curl (Ubuntu Jammy) Status: New => In Progress ** Changed in: curl (Ubuntu Kinetic) Status: New => In Progress ** Changed in: curl (Ubuntu Lunar) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/2028170 Title: curl 7.81.0-1ubuntu1.11 fails verifying proper ssl cert w/ subj-alt- name Status in curl package in Ubuntu: Confirmed Status in curl source package in Focal: In Progress Status in curl source package in Jammy: In Progress Status in curl source package in Kinetic: In Progress Status in curl source package in Lunar: In Progress Status in curl source package in Mantic: Confirmed Bug description: With the latest curl 7.81.0-1ubuntu1.11 on ubuntu 22.04, I'm getting the following: curl -v https://raw.githubusercontent.com * Trying 185.199.108.133:443... * Connected to raw.githubusercontent.com (185.199.108.133) port 443 (#0) [...] * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=*.github.io * start date: Feb 21 00:00:00 2023 GMT * expire date: Mar 20 23:59:59 2024 GMT * subjectAltName does not match raw.githubusercontent.com * SSL: no alternative certificate subject name matches target host name 'raw.githubusercontent.com' curl: (60) SSL: no alternative certificate subject name matches target host name 'raw.githubusercontent.com' More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. -- The alt name looks proper when looking at the cert w/ s_client: openssl s_client -connect raw.githubusercontent.com:443 /dev/null | openssl x509 -noout -text X509v3 Subject Alternative Name: DNS:*.github.io, DNS:github.io, DNS:*.github.com, DNS:github.com, DNS:www.github.com, DNS:*.githubusercontent.com, DNS:githubusercontent.com Previous versions of curl work as intended. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2028170/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2021484] Re: Editing a VPN ask to introduce credentials but if you cancel can be accessed anyway
Are you in the admin or the sudo group? What's the output of the "groups" command? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-settings in Ubuntu. https://bugs.launchpad.net/bugs/2021484 Title: Editing a VPN ask to introduce credentials but if you cancel can be accessed anyway Status in ubuntu-settings package in Ubuntu: New Bug description: I'm logged as a normal user without admin privileges. When I try to edit a VPN I'm asked to introduce the credentials of the admin, nevertheless if I click cancel I can still access to the VPN configuration. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: ubuntu-settings 20.04.6 ProcVersionSignature: Ubuntu 5.15.0-72.79~20.04.1-generic 5.15.98 Uname: Linux 5.15.0-72-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.26 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: ubuntu:GNOME Date: Mon May 29 11:16:38 2023 InstallationDate: Installed on 2022-05-04 (389 days ago) InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) PackageArchitecture: all SourcePackage: ubuntu-settings UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-settings/+bug/2021484/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2025695] Re: manually dhclient ethxļ¼dns nameserver in the /etc/resolve.conf will be written duplicate
** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/2025695 Title: manually dhclient ethxļ¼dns nameserver in the /etc/resolve.conf will be written duplicate Status in isc-dhcp package in Ubuntu: New Bug description: systemd version the issue has been seen with 249 Used distribution ubuntu22 Linux kernel version used 5.15.0-72-generic CPU architectures issue was seen on None Component systemd-resolved Unexpected behaviour you saw https://github.com/systemd/systemd/issues/28055 not this problem when I was on ubuntu20. The version of systemd is 245 this problem when I was on ubuntu22. The systemd version is 249 I compared the codes and suspected that v248 commit cbf23f3 caused by I saw this issuse about netplan on ubuntu https://superuser.com/questions/1721017/remove-redundant-dns-servers-in-ubuntu-22-04 But it doesn't work for dhclient (why I use dhclient, because I found it out of curiosity) Steps to reproduce the problem 1: Start a virtual machine on the cloud 2: Insert multiple network cards (auxiliary network card) 3: Manually use dhclient to start ethx (except eth0) dhclient -v -d eth1 4: View /etc/resolve.conf To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/2025695/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2024182] Re: GHSL-2023-139: use-after-free in user.c
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to accountsservice in Ubuntu. https://bugs.launchpad.net/bugs/2024182 Title: GHSL-2023-139: use-after-free in user.c Status in accountsservice package in Ubuntu: In Progress Status in accountsservice source package in Focal: Fix Released Status in accountsservice source package in Jammy: Fix Released Status in accountsservice source package in Kinetic: Fix Released Status in accountsservice source package in Lunar: Fix Released Status in accountsservice source package in Mantic: In Progress Bug description: # GitHub Security Lab (GHSL) Vulnerability Report, accountsservice: `GHSL-2023-139` The [GitHub Security Lab](https://securitylab.github.com) team has identified a potential security vulnerability in [accountsservice](https://code.launchpad.net/ubuntu/+source/accountsservice). We are committed to working with you to help resolve this issue. In this report you will find everything you need to effectively coordinate a resolution of this issue with the GHSL team. If at any point you have concerns or questions about this process, please do not hesitate to reach out to us at `security...@github.com` (please include `GHSL-2023-139` as a reference). If you are _NOT_ the correct point of contact for this report, please let us know! ## Summary An unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process. ## Product accountsservice ## Tested Version [22.08.8-1ubuntu7](https://launchpad.net/ubuntu/+source/accountsservice/22.08.8-1ubuntu7) The bug is easier to observe on Ubuntu 23.04 than on Ubuntu 22.04 LTS, but it is present on both. ## Details ### Use-after-free when `throw_error` is called (`GHSL-2023-139`) After receiving a D-Bus [method call](https://dbus.freedesktop.org/doc/dbus- specification.html#message-protocol-types), a D-Bus server is expected to send either a `METHOD_RETURN` or a `ERROR` message back to the client, _but not both_. This is done incorrectly in several places in accountsservice. For example, in [`user_change_language_authorized_cb`](https://git.launchpad.net/ubuntu/+source/accountsservice/tree/debian/patches/0010-set- language.patch?h=import/22.08.8-1ubuntu7#n427): ```c static void user_change_language_authorized_cb (Daemon*daemon, User *user, GDBusMethodInvocation *context, gpointer data) { const gchar *language = data; if (!user_HOME_available (user)) { /* SetLanguage was probably called from a login greeter, and HOME not mounted and/or not decrypted. Hence don't save anything, or else accountsservice and ~/.pam_environment would become out of sync. */ throw_error (context, ERROR_FAILED, "not access to HOME yet so language not saved"); <= 1 goto out; } out: accounts_user_complete_set_language (ACCOUNTS_USER (user), context); <= 2 } ``` If `user_HOME_available` returns an error, then `throw_error` is called at 1 to send an `ERROR` message, but a regular `METHOD_RETURN` is also sent at 2. This is incorrect D-Bus protocol, but the more serious problem is that it causes a use-after-free because both `throw_error` and `accounts_user_complete_set_language` decrease the reference count on `context`. In other words, `context` is freed by `throw_error` and a UAF occurs in `accounts_user_complete_set_language`. An attacker can trigger the bug above by causing `user_HOME_available` to fail, which they can do by deleting all the files from their home directory. But there are other incorrect uses of `throw_error` in `user.c` which are less inconvenient to trigger. For example, this command triggers a call to `throw_error` in `user_update_environment` due to the invalid characters in the string. ```bash dbus-send --system --print-reply --dest=org.freedesktop.Accounts /org/freedesktop/Accounts/User`id -u` org.freedesktop.Accounts.User.SetLanguage string:'**' ``` On Ubuntu 23.04, the above command causes `accounts-daemon` to crash with a `SIGSEGV`. But on Ubuntu 22.04 LTS it doesn't cause any visible harm. The difference is due to a recent [change in GLib's](https://gitlab.gnome.org/GNOME/glib/-/commit/69e9ba80e2f4d2061a1a68d72bae1c32c1e4f8fa) memory allocation: older versions of GLib used the "slice" allocator, but newer version uses the system allocator. The system allocator trashes the memory when it's freed in a way that
[Touch-packages] [Bug 2024642] Re: Upgrading libx11-6_2:1.6.2-1ubuntu2.1+esm3 failed
Updates were pushed to fix this issue. Please re-open this bug if this problem is still occurring. ** Changed in: libx11 (Ubuntu) Status: New => Invalid ** Changed in: libx11 (Ubuntu Trusty) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libx11 in Ubuntu. https://bugs.launchpad.net/bugs/2024642 Title: Upgrading libx11-6_2:1.6.2-1ubuntu2.1+esm3 failed Status in libx11 package in Ubuntu: Invalid Status in libx11 source package in Trusty: Fix Released Bug description: Upgrading esm3 on Trusty is failed. Preparing to unpack .../libx11-6_2%3a1.6.2-1ubuntu2.1+esm3_amd64.deb ... Unpacking libx11-6:amd64 (2:1.6.2-1ubuntu2.1+esm3) over (2:1.6.2-1ubuntu2.1) ... dpkg: error processing archive /var/cache/apt/archives/libx11-6_2%3a1.6.2-1ubuntu2.1+esm3_amd64.deb (--unpack): trying to overwrite shared '/usr/share/doc/libx11-6/changelog.Debian.gz', which is different from other instances of package libx11-6:amd64 dpkg-deb: error: subprocess paste was killed by signal (Broken pipe) Errors were encountered while processing: /var/cache/apt/archives/libx11-6_2%3a1.6.2-1ubuntu2.1+esm3_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libx11/+bug/2024642/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1971242] Re: printing PDF appears always grey, no color
Unfortunately the package in -proposed was superseded by a security update, and will need to be updated again. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1971242 Title: printing PDF appears always grey, no color Status in CUPS: Fix Released Status in atril package in Ubuntu: Confirmed Status in cups package in Ubuntu: Fix Released Status in okular package in Ubuntu: Confirmed Status in cups source package in Jammy: Fix Committed Bug description: After upgrading from 20.04 LTS to 22.04 LTS I can't print colored PDF document. The print appears always b/w regardless color printing was enabled or not. Printing from LibreOffice produces a color print. This behavior (bug) is reproducible on three upgraded machines. It would be nice to have color print back again. [ Impact ] If the PPD file for a printer has a ColorModel option and the only choice in it for printing in color is not named RGB but CMYK instead, the printer cannot be made printing in color with intuitive methods, usually selcting the color choice in the print dialog (which makes ColorModel=CMYK be sent along with the job). Only an ugly command-line-based workaround, running the command lpadmin -p PRINTER -o print-color-mode-default=color makes the printer print in color. An example for printers with such PPDs are printers from RICOH and OEM (Lanier, InfoTec, Savin, ..), so many high-end color laser printers are affected. [ Test Plan ] Remove the workaround if you had applied it: lpadmin -p PRINTER -R print-color-mode-default If you have an affected printer, print a PDF file (or use the print functionality in an application) with colored content and choose the setting for color printing in the print dialog. When printing via command line do lp -d PRINTER -o ColorModel=CMYK FILE.pdf Without the SRU applied you will get a grayscale/monochrome printout, with it applied, you will get a colored printout. To test without a printer: Stop CUPS: sudo systemctl stop cups Edit /etc/cups/cups-files.conf to have a line FiileDevice Yes and start CUPS again: sudo systemctl start cups Then create a queue using the attached sample PPD file: lpadmin -p color-test -E -v file:/tmp/printout -P Ricoh- PDF_Printer-PDF.ppd Print a file to this queue as described above. When the job is done ("lpstat" does not show it any more), open /tmp/printout with a text editor. Check whether it contains a line @PJL SET RENDERMODE=COLOR near its beginning, and NOT a line @PJL SET RENDERMODE=GRAYSCALE [ Where problems could occur ] The patches are simple and they are also for some time in newer CUPS versions (2.4.2 and newer) which are included in several distributions (Ubuntu 22.10, 23.04, and others) and did not cause any complaints about color printing. So the regression potential is very low. To manage notifications about this bug go to: https://bugs.launchpad.net/cups/+bug/1971242/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 2021902] Re: package linux-image-5.4.0-1108-azure 5.4.0-1108.114 failed to install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1
Marc: As it turns out, I executed this command and it appears the package successfully installed: sudo apt autoremove. Thanks Marc On Fri, Jun 9, 2023 at 2:27āÆPM Marc Deslauriers <2021...@bugs.launchpad.net> wrote: > Thanks for taking the time to report this bug and helping to make Ubuntu > better. We appreciate the difficulties you are facing, but this appears > to be a "regular" (non-security) bug. I have unmarked it as a security > issue since this bug does not show evidence of allowing attackers to > cross privilege boundaries nor directly cause loss of data/privacy. > Please feel free to report any other bugs you may find. > > ** Information type changed from Private Security to Public > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/2021902 > > Title: > package linux-image-5.4.0-1108-azure 5.4.0-1108.114 failed to > install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools > exited with return code 1 > > Status in initramfs-tools package in Ubuntu: > New > > Bug description: > /etc/kernel/postinst.d/initramfs-tools: > update-initramfs: Generating /boot/initrd.img-5.4.0-1108-azure > Error 24 : Write error : cannot write compressed block > E: mkinitramfs failure cpio 141 lz4 -9 -l 24 > > dpkg: error processing package linux-image-5.4.0-1108-azure > (--configure): >installed linux-image-5.4.0-1108-azure package post-installation script > subprocess returned error exit status 1 > Errors were encountered while processing: >linux-image-5.4.0-1108-azure > > ProblemType: Package > DistroRelease: Ubuntu 20.04 > Package: linux-image-5.4.0-1108-azure 5.4.0-1108.114 > ProcVersionSignature: Ubuntu 5.4.0-1108.114~18.04.1-azure 5.4.233 > Uname: Linux 5.4.0-1108-azure x86_64 > NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair > ApportVersion: 2.20.11-0ubuntu27.26 > Architecture: amd64 > CasperMD5CheckResult: skip > Date: Tue May 30 16:13:43 2023 > ErrorMessage: run-parts: /etc/kernel/postinst.d/initramfs-tools exited > with return code 1 > Python3Details: /usr/bin/python3.8, Python 3.8.10, python3-minimal, > 3.8.2-0ubuntu2 > PythonDetails: /usr/bin/python2.7, Python 2.7.18, python-is-python2, > 2.7.17-4 > RelatedPackageVersions: >dpkg 1.19.7ubuntu3.2 >apt 2.0.9 > SourcePackage: initramfs-tools > Title: package linux-image-5.4.0-1108-azure 5.4.0-1108.114 failed to > install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited > with return code 1 > UpgradeStatus: Upgraded to focal on 2023-05-30 (0 days ago) > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2021902/+subscriptions > > -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/2021902 Title: package linux-image-5.4.0-1108-azure 5.4.0-1108.114 failed to install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1 Status in initramfs-tools package in Ubuntu: New Bug description: /etc/kernel/postinst.d/initramfs-tools: update-initramfs: Generating /boot/initrd.img-5.4.0-1108-azure Error 24 : Write error : cannot write compressed block E: mkinitramfs failure cpio 141 lz4 -9 -l 24 dpkg: error processing package linux-image-5.4.0-1108-azure (--configure): installed linux-image-5.4.0-1108-azure package post-installation script subprocess returned error exit status 1 Errors were encountered while processing: linux-image-5.4.0-1108-azure ProblemType: Package DistroRelease: Ubuntu 20.04 Package: linux-image-5.4.0-1108-azure 5.4.0-1108.114 ProcVersionSignature: Ubuntu 5.4.0-1108.114~18.04.1-azure 5.4.233 Uname: Linux 5.4.0-1108-azure x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu27.26 Architecture: amd64 CasperMD5CheckResult: skip Date: Tue May 30 16:13:43 2023 ErrorMessage: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1 Python3Details: /usr/bin/python3.8, Python 3.8.10, python3-minimal, 3.8.2-0ubuntu2 PythonDetails: /usr/bin/python2.7, Python 2.7.18, python-is-python2, 2.7.17-4 RelatedPackageVersions: dpkg 1.19.7ubuntu3.2 apt 2.0.9 SourcePackage: initramfs-tools Title: package linux-image-5.4.0-1108-azure 5.4.0-1108.114 failed to install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1 UpgradeStatus: Upgraded to focal on 2023-05-30 (0 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/initramfs-t
[Touch-packages] [Bug 2021902] Re: package linux-image-5.4.0-1108-azure 5.4.0-1108.114 failed to install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/2021902 Title: package linux-image-5.4.0-1108-azure 5.4.0-1108.114 failed to install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1 Status in initramfs-tools package in Ubuntu: New Bug description: /etc/kernel/postinst.d/initramfs-tools: update-initramfs: Generating /boot/initrd.img-5.4.0-1108-azure Error 24 : Write error : cannot write compressed block E: mkinitramfs failure cpio 141 lz4 -9 -l 24 dpkg: error processing package linux-image-5.4.0-1108-azure (--configure): installed linux-image-5.4.0-1108-azure package post-installation script subprocess returned error exit status 1 Errors were encountered while processing: linux-image-5.4.0-1108-azure ProblemType: Package DistroRelease: Ubuntu 20.04 Package: linux-image-5.4.0-1108-azure 5.4.0-1108.114 ProcVersionSignature: Ubuntu 5.4.0-1108.114~18.04.1-azure 5.4.233 Uname: Linux 5.4.0-1108-azure x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu27.26 Architecture: amd64 CasperMD5CheckResult: skip Date: Tue May 30 16:13:43 2023 ErrorMessage: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1 Python3Details: /usr/bin/python3.8, Python 3.8.10, python3-minimal, 3.8.2-0ubuntu2 PythonDetails: /usr/bin/python2.7, Python 2.7.18, python-is-python2, 2.7.17-4 RelatedPackageVersions: dpkg 1.19.7ubuntu3.2 apt 2.0.9 SourcePackage: initramfs-tools Title: package linux-image-5.4.0-1108-azure 5.4.0-1108.114 failed to install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1 UpgradeStatus: Upgraded to focal on 2023-05-30 (0 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2021902/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2021889] Re: error OSSL_CMP_MSG_update_recipNonce on base64 decoding
OSSL_CMP_MSG_update_recipNonce was added in OpenSSL 3.0.9...did you perhaps install from source, or a package that didn't come from Ubuntu? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2021889 Title: error OSSL_CMP_MSG_update_recipNonce on base64 decoding Status in openssl package in Ubuntu: New Bug description: $ echo "$SSH_PRIVATE_KEY" | openssl base64 -A -d Error relocating /usr/bin/openssl: OSSL_CMP_MSG_update_recipNonce: symbol not found Error loading key "(stdin)": error in libcrypto --- works with openssl Version: 3.0.2-0ubuntu1.9. version 3.0.2-0ubuntu1.10 is broken. private key was: DEK-Info: AES-128-CBC $lsb_release -rd Description:Ubuntu 22.04.2 LTS Release:22.04 Policy is from server where I did NOT upgrade (not wanted things to be broken). $apt-cache policy openssl openssl: Installed: 3.0.2-0ubuntu1.9 Candidate: 3.0.2-0ubuntu1.10 Version table: 3.0.2-0ubuntu1.10 500 500 http://archive.ubuntu.com/ubuntu jammy-security/main amd64 Packages *** 3.0.2-0ubuntu1.9 500 500 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages 100 /var/lib/dpkg/status 3.0.2-0ubuntu1 500 500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2021889/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2021889] Re: error OSSL_CMP_MSG_update_recipNonce on base64 decoding
Thanks for reporting this issue. Did you also upgrade the libssl3 package too? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2021889 Title: error OSSL_CMP_MSG_update_recipNonce on base64 decoding Status in openssl package in Ubuntu: New Bug description: $ echo "$SSH_PRIVATE_KEY" | openssl base64 -A -d Error relocating /usr/bin/openssl: OSSL_CMP_MSG_update_recipNonce: symbol not found Error loading key "(stdin)": error in libcrypto --- works with openssl Version: 3.0.2-0ubuntu1.9. version 3.0.2-0ubuntu1.10 is broken. private key was: DEK-Info: AES-128-CBC $lsb_release -rd Description:Ubuntu 22.04.2 LTS Release:22.04 Policy is from server where I did NOT upgrade (not wanted things to be broken). $apt-cache policy openssl openssl: Installed: 3.0.2-0ubuntu1.9 Candidate: 3.0.2-0ubuntu1.10 Version table: 3.0.2-0ubuntu1.10 500 500 http://archive.ubuntu.com/ubuntu jammy-security/main amd64 Packages *** 3.0.2-0ubuntu1.9 500 500 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages 100 /var/lib/dpkg/status 3.0.2-0ubuntu1 500 500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2021889/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2019496] Re: Security implications of SUDO_ASKPASS
If an attacker can edit ~/.bashrc they can simply modify the path and point to a malicious sudo binary that does whatever it wants with the password. I don't think this is a SUDO_ASKPASS issue. If you disagree with our reasoning, it would be best to file this bug with the upstream sudo project here: https://bugzilla.sudo.ws/index.cgi Once you file an upstream bug, please add a comment here with a link to it. Thanks! ** Changed in: sudo (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/2019496 Title: Security implications of SUDO_ASKPASS Status in sudo package in Ubuntu: Incomplete Bug description: All that is needed to subvert sudo is adding this line to ~/.bashrc alias sudo="SUDO_ASKPASS=/home/$USER/.config/git/doevil sudo -A" and a program that reads the password from the command line and makes use of it. Ignoring the SUDO_ASKPASS environment variable would be an option to stop this. Best regards Heinrich To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2019496/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2020089] [NEW] Update to 20230311 bundle
*** This bug is a security vulnerability *** Public security bug reported: This is a tracking bug to update the ca-certificates database to 2.60 ** Affects: ca-certificates (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: ca-certificates (Ubuntu Bionic) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: In Progress ** Affects: ca-certificates (Ubuntu Focal) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: In Progress ** Affects: ca-certificates (Ubuntu Jammy) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: In Progress ** Affects: ca-certificates (Ubuntu Kinetic) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: In Progress ** Affects: ca-certificates (Ubuntu Lunar) Importance: Undecided Status: Fix Released ** Affects: ca-certificates (Ubuntu Mantic) Importance: Undecided Status: Fix Released ** Also affects: ca-certificates (Ubuntu Kinetic) Importance: Undecided Status: New ** Also affects: ca-certificates (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: ca-certificates (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: ca-certificates (Ubuntu Mantic) Importance: Undecided Status: New ** Also affects: ca-certificates (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: ca-certificates (Ubuntu Lunar) Importance: Undecided Status: New ** Changed in: ca-certificates (Ubuntu Lunar) Status: New => Fix Released ** Changed in: ca-certificates (Ubuntu Mantic) Status: New => Fix Released ** Changed in: ca-certificates (Ubuntu Bionic) Status: New => In Progress ** Changed in: ca-certificates (Ubuntu Focal) Status: New => In Progress ** Changed in: ca-certificates (Ubuntu Jammy) Status: New => In Progress ** Changed in: ca-certificates (Ubuntu Kinetic) Status: New => In Progress ** Changed in: ca-certificates (Ubuntu Bionic) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: ca-certificates (Ubuntu Focal) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: ca-certificates (Ubuntu Jammy) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: ca-certificates (Ubuntu Kinetic) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/2020089 Title: Update to 20230311 bundle Status in ca-certificates package in Ubuntu: Fix Released Status in ca-certificates source package in Bionic: In Progress Status in ca-certificates source package in Focal: In Progress Status in ca-certificates source package in Jammy: In Progress Status in ca-certificates source package in Kinetic: In Progress Status in ca-certificates source package in Lunar: Fix Released Status in ca-certificates source package in Mantic: Fix Released Bug description: This is a tracking bug to update the ca-certificates database to 2.60 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/2020089/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1978351] Re: MITM vector: ifupdown puts .domains TLD in resolv.conf
There is possibly a fix in https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1907878/comments/15 , but I haven't tested it. ** Bug watch added: Debian Bug tracker #1031236 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031236 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ifupdown in Ubuntu. https://bugs.launchpad.net/bugs/1978351 Title: MITM vector: ifupdown puts .domains TLD in resolv.conf Status in ifupdown package in Ubuntu: Confirmed Bug description: The bug described in https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1907878?comments=all is a security vulnerability because DNS names that would normally fail are now attempted as "foo.domains". ".domains" is a real TLD, with the registrar "Donuts, Inc." based in Bellvue, WA. "google.com.domains" is registered, for example. So is "test.domains". For users with ifupdown, any Internet request (especially that does not involve some cryptographic payload and destination signature verification) is potentially sending packets to an unintended audience. It's impossible to say, but likely, that malicious registrants are squatting sensitive and common names in the .domains TLD. The ifupdown package is still used by some cloud providers that have not adopted netplan. This vulnerability affects 22.04 and potentially other releases. This issue has not been corrected in 0.8.36+nmu1ubuntu4. With 0.8.36+nmu1ubuntu3 and after an update to 0.8.36+nmu1ubuntu4, the resolv.conf looks like the following (which is vulnerable to mitm attacks): ``` root@foo:~# cat /etc/resolv.conf # This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8). # Do not edit. # # This file might be symlinked as /etc/resolv.conf. If you're looking at # /etc/resolv.conf and seeing this text, you have followed the symlink. # # This is a dynamic resolv.conf file for connecting local clients to the # internal DNS stub resolver of systemd-resolved. This file lists all # configured search domains. # # Run "resolvectl status" to see details about the uplink DNS servers # currently in use. # # Third party programs should typically not access this file directly, but only # through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a # different way, replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver 127.0.0.53 options edns0 trust-ad search DOMAINS ``` To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1978351/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1978351] Re: MITM vector: ifupdown puts .domains TLD in resolv.conf
Similar issue here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031236 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ifupdown in Ubuntu. https://bugs.launchpad.net/bugs/1978351 Title: MITM vector: ifupdown puts .domains TLD in resolv.conf Status in ifupdown package in Ubuntu: Confirmed Bug description: The bug described in https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1907878?comments=all is a security vulnerability because DNS names that would normally fail are now attempted as "foo.domains". ".domains" is a real TLD, with the registrar "Donuts, Inc." based in Bellvue, WA. "google.com.domains" is registered, for example. So is "test.domains". For users with ifupdown, any Internet request (especially that does not involve some cryptographic payload and destination signature verification) is potentially sending packets to an unintended audience. It's impossible to say, but likely, that malicious registrants are squatting sensitive and common names in the .domains TLD. The ifupdown package is still used by some cloud providers that have not adopted netplan. This vulnerability affects 22.04 and potentially other releases. This issue has not been corrected in 0.8.36+nmu1ubuntu4. With 0.8.36+nmu1ubuntu3 and after an update to 0.8.36+nmu1ubuntu4, the resolv.conf looks like the following (which is vulnerable to mitm attacks): ``` root@foo:~# cat /etc/resolv.conf # This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8). # Do not edit. # # This file might be symlinked as /etc/resolv.conf. If you're looking at # /etc/resolv.conf and seeing this text, you have followed the symlink. # # This is a dynamic resolv.conf file for connecting local clients to the # internal DNS stub resolver of systemd-resolved. This file lists all # configured search domains. # # Run "resolvectl status" to see details about the uplink DNS servers # currently in use. # # Third party programs should typically not access this file directly, but only # through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a # different way, replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver 127.0.0.53 options edns0 trust-ad search DOMAINS ``` To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1978351/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1978351] Re: MITM vector: ifupdown puts .domains TLD in resolv.conf
It looks like debian/if-up.d/resolved contains a few occurrences of: DNS=DNS DOMAINS=DOMAINS Perhaps it was supposed to be DNS=$DNS and DOMAINS=$DOMAINS, but someone will have to go through the script and figure out what the script is actually supposed to do and what the proper fix is. The script is now in Debian too: https://salsa.debian.org/debian/ifupdown/-/commit/0947ade06af1f4b7feb14cb7f1b1242afca2b3c6 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ifupdown in Ubuntu. https://bugs.launchpad.net/bugs/1978351 Title: MITM vector: ifupdown puts .domains TLD in resolv.conf Status in ifupdown package in Ubuntu: Confirmed Bug description: The bug described in https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1907878?comments=all is a security vulnerability because DNS names that would normally fail are now attempted as "foo.domains". ".domains" is a real TLD, with the registrar "Donuts, Inc." based in Bellvue, WA. "google.com.domains" is registered, for example. So is "test.domains". For users with ifupdown, any Internet request (especially that does not involve some cryptographic payload and destination signature verification) is potentially sending packets to an unintended audience. It's impossible to say, but likely, that malicious registrants are squatting sensitive and common names in the .domains TLD. The ifupdown package is still used by some cloud providers that have not adopted netplan. This vulnerability affects 22.04 and potentially other releases. This issue has not been corrected in 0.8.36+nmu1ubuntu4. With 0.8.36+nmu1ubuntu3 and after an update to 0.8.36+nmu1ubuntu4, the resolv.conf looks like the following (which is vulnerable to mitm attacks): ``` root@foo:~# cat /etc/resolv.conf # This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8). # Do not edit. # # This file might be symlinked as /etc/resolv.conf. If you're looking at # /etc/resolv.conf and seeing this text, you have followed the symlink. # # This is a dynamic resolv.conf file for connecting local clients to the # internal DNS stub resolver of systemd-resolved. This file lists all # configured search domains. # # Run "resolvectl status" to see details about the uplink DNS servers # currently in use. # # Third party programs should typically not access this file directly, but only # through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a # different way, replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver 127.0.0.53 options edns0 trust-ad search DOMAINS ``` To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1978351/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007272]
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Tags added: community-security ** Information type changed from Private Security to Public Security ** Changed in: heimdal (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to heimdal in Ubuntu. https://bugs.launchpad.net/bugs/2007272 Title: I have ubuntu 22.04 on my system and have the following vulnerability : CVE-2022-42898. On which release/path of Ubuntu can I expect them to be fixed ? Status in heimdal package in Ubuntu: Confirmed Bug description: I have ubuntu 22.04 on my system and it has the following vulnerability : CVE-2022-42898. Here is the link to the Ubuntu CVE link : https://ubuntu.com/security/CVE-2022-42898. On which version/patch of Ubuntu can I expect this to get fixed ? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/2007272/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007730] Re: Unpatched CVE in Jammy
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2007730 Title: Unpatched CVE in Jammy Status in openssl package in Ubuntu: New Bug description: CVE-2022-3996 (7.5) is showing as in need of patching in Jammy. I was able to apply the upstream patch without modification to the source. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2007730/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2009948] Re: Problem with xorg
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubuntu. https://bugs.launchpad.net/bugs/2009948 Title: Problem with xorg Status in xorg package in Ubuntu: New Bug description: Is not working. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: xorg 1:7.7+23ubuntu2 ProcVersionSignature: Ubuntu 5.19.0-35.36~22.04.1-generic 5.19.17 Uname: Linux 5.19.0-35-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia .proc.driver.nvidia.capabilities.gpu0: Error: path was not a regular file. .proc.driver.nvidia.capabilities.mig: Error: path was not a regular file. .proc.driver.nvidia.gpus..01.00.0: Error: path was not a regular file. .proc.driver.nvidia.registry: Binary: "" .proc.driver.nvidia.suspend: suspend hibernate resume .proc.driver.nvidia.suspend_depth: default modeset uvm .proc.driver.nvidia.version: NVRM version: NVIDIA UNIX x86_64 Kernel Module 525.85.05 Sat Jan 14 00:49:50 UTC 2023 GCC version: ApportVersion: 2.20.11-0ubuntu82.3 Architecture: amd64 CasperMD5CheckResult: fail CompositorRunning: None CurrentDesktop: ubuntu:GNOME Date: Fri Mar 10 09:08:31 2023 DistUpgraded: Fresh install DistroCodename: jammy DistroVariant: ubuntu DkmsStatus: virtualbox/6.1.38, 5.19.0-35-generic, x86_64: installed ExtraDebuggingInterest: Yes, if not too technical GraphicsCard: Intel Corporation CometLake-U GT2 [UHD Graphics] [8086:9b41] (rev 02) (prog-if 00 [VGA controller]) Subsystem: Dell CometLake-U GT2 [UHD Graphics] [1028:0959] Subsystem: Dell GP108M [GeForce MX230] [1028:0959] InstallationDate: Installed on 2023-03-10 (0 days ago) InstallationMedia: Ubuntu 22.04.2 LTS "Jammy Jellyfish" - Release amd64 (20230223) MachineType: Dell Inc. Vostro 5490 ProcEnviron: LANGUAGE=pt_BR:pt:en TERM=xterm-256color PATH=(custom, no user) LANG=pt_BR.UTF-8 SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.19.0-35-generic root=UUID=b6242c65-c3ec-45af-912f-e70f66a54868 ro quiet splash vt.handoff=7 SourcePackage: xorg UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 07/08/2022 dmi.bios.release: 1.20 dmi.bios.vendor: Dell Inc. dmi.bios.version: 1.20.0 dmi.board.name: 0M9F58 dmi.board.vendor: Dell Inc. dmi.board.version: A04 dmi.chassis.type: 10 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvr1.20.0:bd07/08/2022:br1.20:svnDellInc.:pnVostro5490:pvr:rvnDellInc.:rn0M9F58:rvrA04:cvnDellInc.:ct10:cvr:sku0959: dmi.product.family: Vostro dmi.product.name: Vostro 5490 dmi.product.sku: 0959 dmi.sys.vendor: Dell Inc. version.compiz: compiz N/A version.libdrm2: libdrm2 2.4.113-2~ubuntu0.22.04.1 version.libgl1-mesa-dri: libgl1-mesa-dri 22.2.5-0ubuntu0.1~22.04.1 version.libgl1-mesa-glx: libgl1-mesa-glx N/A version.nvidia-graphics-drivers: nvidia-graphics-drivers-* N/A version.xserver-xorg-core: xserver-xorg-core 2:21.1.3-2ubuntu2.7 version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-2ubuntu1 version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.917+git20210115-1 version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.17-2build1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/2009948/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2011622] Re: rsync 3.1.3-8ubuntu0.5 (CVE-2022-29154 patch) breaks remote brace interpretation
I am closing this bug, since the new behaviour is expected with the security fix. Thanks! ** Changed in: rsync (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/2011622 Title: rsync 3.1.3-8ubuntu0.5 (CVE-2022-29154 patch) breaks remote brace interpretation Status in rsync package in Ubuntu: Invalid Bug description: Commands like this: rsync -a host.example.org:\{this,that} . have worked for decades, in multiple Ubuntu versions, but were broken by the rsync 3.1.3-8ubuntu0 update (on the client, i.e. the machine on which I type that command). (To be clear, the backslash there quotes the '{' so that it is sent to the remote rsync rather than being interpreted by the local shell.) ("What happens instead?" It now says "rsync: link_stat "/home/flaps/{this,that}" failed: No such file or directory (2)".) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2011622/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2011622] Re: rsync 3.1.3-8ubuntu0.5 (CVE-2022-29154 patch) breaks remote brace interpretation
Hi, The security fix for CVE-2022-29154 unfortunately changed the way arguments are handled. Could you try adding --old-args ? That should restore the previous behaviour you are expecting. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-29154 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/2011622 Title: rsync 3.1.3-8ubuntu0.5 (CVE-2022-29154 patch) breaks remote brace interpretation Status in rsync package in Ubuntu: New Bug description: Commands like this: rsync -a host.example.org:\{this,that} . have worked for decades, in multiple Ubuntu versions, but were broken by the rsync 3.1.3-8ubuntu0 update (on the client, i.e. the machine on which I type that command). (To be clear, the backslash there quotes the '{' so that it is sent to the remote rsync rather than being interpreted by the local shell.) ("What happens instead?" It now says "rsync: link_stat "/home/flaps/{this,that}" failed: No such file or directory (2)".) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2011622/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2009756] Re: backups fail since latest rsync security update
** Changed in: rsync (Ubuntu Jammy) Status: New => Invalid ** Changed in: rsync (Ubuntu Kinetic) Status: New => Invalid ** Changed in: rsync (Ubuntu Lunar) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/2009756 Title: backups fail since latest rsync security update Status in backintime package in Ubuntu: Fix Released Status in rsync package in Ubuntu: Invalid Status in backintime source package in Jammy: Fix Released Status in rsync source package in Jammy: Invalid Status in backintime source package in Kinetic: Fix Released Status in rsync source package in Kinetic: Invalid Status in backintime source package in Lunar: Fix Released Status in rsync source package in Lunar: Invalid Bug description: Backintime uses rsync to perform updates. Unfortunately there is an incompatibility between the currently released version of backintime and rsync >= 3.2.4 (see https://github.com/bit- team/backintime/issues/1247) Rsync has been updated from 3.2.3 to 3.2.7 on Feb 27. This broke backintime backups. The symptom is an error message like this: Command "rsync -a --delete --rsh=ssh -o ServerAliveInterval=240 -o LogLevel=Error -o IdentityFile=/home/aurelien/.ssh/backintime -p 22 /tmp/tmpxilwcwk4/ u...@example.com:"./backintime/switch/aurelien/1/20230308-230517-262"" returns 3 | rsync: change_dir#3 "/data/home/user//"./backintime/switch/aurelien/1" failed: No such file or directory (2) The workaround described in the GitHub issue works (passing `--old- args` to rsync), but maybe it would be better if the backintime package did this automatically? ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: backintime-common 1.2.1-3ubuntu0.1 ProcVersionSignature: Ubuntu 5.19.0-35.36~22.04.1-generic 5.19.17 Uname: Linux 5.19.0-35-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.3 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: KDE Date: Wed Mar 8 23:19:02 2023 InstallationDate: Installed on 2021-06-23 (623 days ago) InstallationMedia: Kubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 (20210209.1) PackageArchitecture: all SourcePackage: backintime UpgradeStatus: Upgraded to jammy on 2022-08-24 (196 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/2009756/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2009756] Re: backups fail since latest rsync security update
Great, I'll release the updates monday morning. Thanks for testing! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/2009756 Title: backups fail since latest rsync security update Status in backintime package in Ubuntu: Fix Released Status in rsync package in Ubuntu: New Status in backintime source package in Jammy: In Progress Status in rsync source package in Jammy: New Status in backintime source package in Kinetic: In Progress Status in rsync source package in Kinetic: New Status in backintime source package in Lunar: Fix Released Status in rsync source package in Lunar: New Bug description: Backintime uses rsync to perform updates. Unfortunately there is an incompatibility between the currently released version of backintime and rsync >= 3.2.4 (see https://github.com/bit- team/backintime/issues/1247) Rsync has been updated from 3.2.3 to 3.2.7 on Feb 27. This broke backintime backups. The symptom is an error message like this: Command "rsync -a --delete --rsh=ssh -o ServerAliveInterval=240 -o LogLevel=Error -o IdentityFile=/home/aurelien/.ssh/backintime -p 22 /tmp/tmpxilwcwk4/ u...@example.com:"./backintime/switch/aurelien/1/20230308-230517-262"" returns 3 | rsync: change_dir#3 "/data/home/user//"./backintime/switch/aurelien/1" failed: No such file or directory (2) The workaround described in the GitHub issue works (passing `--old- args` to rsync), but maybe it would be better if the backintime package did this automatically? ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: backintime-common 1.2.1-3ubuntu0.1 ProcVersionSignature: Ubuntu 5.19.0-35.36~22.04.1-generic 5.19.17 Uname: Linux 5.19.0-35-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.3 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: KDE Date: Wed Mar 8 23:19:02 2023 InstallationDate: Installed on 2021-06-23 (623 days ago) InstallationMedia: Kubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 (20210209.1) PackageArchitecture: all SourcePackage: backintime UpgradeStatus: Upgraded to jammy on 2022-08-24 (196 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/2009756/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2009756] Re: backups fail since latest rsync security update
I have fixed the typo, and have uploaded new packages to the PPA listed above. I've run a successful backup with them on both jammy and kinetic. Could you please confirm they fix the issue for you? Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/2009756 Title: backups fail since latest rsync security update Status in backintime package in Ubuntu: Fix Released Status in rsync package in Ubuntu: New Status in backintime source package in Jammy: In Progress Status in rsync source package in Jammy: New Status in backintime source package in Kinetic: In Progress Status in rsync source package in Kinetic: New Status in backintime source package in Lunar: Fix Released Status in rsync source package in Lunar: New Bug description: Backintime uses rsync to perform updates. Unfortunately there is an incompatibility between the currently released version of backintime and rsync >= 3.2.4 (see https://github.com/bit- team/backintime/issues/1247) Rsync has been updated from 3.2.3 to 3.2.7 on Feb 27. This broke backintime backups. The symptom is an error message like this: Command "rsync -a --delete --rsh=ssh -o ServerAliveInterval=240 -o LogLevel=Error -o IdentityFile=/home/aurelien/.ssh/backintime -p 22 /tmp/tmpxilwcwk4/ u...@example.com:"./backintime/switch/aurelien/1/20230308-230517-262"" returns 3 | rsync: change_dir#3 "/data/home/user//"./backintime/switch/aurelien/1" failed: No such file or directory (2) The workaround described in the GitHub issue works (passing `--old- args` to rsync), but maybe it would be better if the backintime package did this automatically? ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: backintime-common 1.2.1-3ubuntu0.1 ProcVersionSignature: Ubuntu 5.19.0-35.36~22.04.1-generic 5.19.17 Uname: Linux 5.19.0-35-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.3 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: KDE Date: Wed Mar 8 23:19:02 2023 InstallationDate: Installed on 2021-06-23 (623 days ago) InstallationMedia: Kubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 (20210209.1) PackageArchitecture: all SourcePackage: backintime UpgradeStatus: Upgraded to jammy on 2022-08-24 (196 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/2009756/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2009756] Re: backups fail since latest rsync security update
Oh whoops, sorry about that, I'll upload a fixed version first thing tomorrow (after at least installing it this time). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/2009756 Title: backups fail since latest rsync security update Status in backintime package in Ubuntu: Fix Released Status in rsync package in Ubuntu: New Status in backintime source package in Jammy: In Progress Status in rsync source package in Jammy: New Status in backintime source package in Kinetic: In Progress Status in rsync source package in Kinetic: New Status in backintime source package in Lunar: Fix Released Status in rsync source package in Lunar: New Bug description: Backintime uses rsync to perform updates. Unfortunately there is an incompatibility between the currently released version of backintime and rsync >= 3.2.4 (see https://github.com/bit- team/backintime/issues/1247) Rsync has been updated from 3.2.3 to 3.2.7 on Feb 27. This broke backintime backups. The symptom is an error message like this: Command "rsync -a --delete --rsh=ssh -o ServerAliveInterval=240 -o LogLevel=Error -o IdentityFile=/home/aurelien/.ssh/backintime -p 22 /tmp/tmpxilwcwk4/ u...@example.com:"./backintime/switch/aurelien/1/20230308-230517-262"" returns 3 | rsync: change_dir#3 "/data/home/user//"./backintime/switch/aurelien/1" failed: No such file or directory (2) The workaround described in the GitHub issue works (passing `--old- args` to rsync), but maybe it would be better if the backintime package did this automatically? ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: backintime-common 1.2.1-3ubuntu0.1 ProcVersionSignature: Ubuntu 5.19.0-35.36~22.04.1-generic 5.19.17 Uname: Linux 5.19.0-35-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.3 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: KDE Date: Wed Mar 8 23:19:02 2023 InstallationDate: Installed on 2021-06-23 (623 days ago) InstallationMedia: Kubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 (20210209.1) PackageArchitecture: all SourcePackage: backintime UpgradeStatus: Upgraded to jammy on 2022-08-24 (196 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/2009756/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2009756] Re: backups fail since latest rsync security update
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/2009756 Title: backups fail since latest rsync security update Status in backintime package in Ubuntu: Fix Released Status in rsync package in Ubuntu: New Status in backintime source package in Jammy: In Progress Status in rsync source package in Jammy: New Status in backintime source package in Kinetic: In Progress Status in rsync source package in Kinetic: New Status in backintime source package in Lunar: Fix Released Status in rsync source package in Lunar: New Bug description: Backintime uses rsync to perform updates. Unfortunately there is an incompatibility between the currently released version of backintime and rsync >= 3.2.4 (see https://github.com/bit- team/backintime/issues/1247) Rsync has been updated from 3.2.3 to 3.2.7 on Feb 27. This broke backintime backups. The symptom is an error message like this: Command "rsync -a --delete --rsh=ssh -o ServerAliveInterval=240 -o LogLevel=Error -o IdentityFile=/home/aurelien/.ssh/backintime -p 22 /tmp/tmpxilwcwk4/ u...@example.com:"./backintime/switch/aurelien/1/20230308-230517-262"" returns 3 | rsync: change_dir#3 "/data/home/user//"./backintime/switch/aurelien/1" failed: No such file or directory (2) The workaround described in the GitHub issue works (passing `--old- args` to rsync), but maybe it would be better if the backintime package did this automatically? ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: backintime-common 1.2.1-3ubuntu0.1 ProcVersionSignature: Ubuntu 5.19.0-35.36~22.04.1-generic 5.19.17 Uname: Linux 5.19.0-35-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.3 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: KDE Date: Wed Mar 8 23:19:02 2023 InstallationDate: Installed on 2021-06-23 (623 days ago) InstallationMedia: Kubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 (20210209.1) PackageArchitecture: all SourcePackage: backintime UpgradeStatus: Upgraded to jammy on 2022-08-24 (196 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/2009756/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2009706] Re: rsync 3.1.2-2.1ubuntu1.6 breaks compatibility with unison 2.48.4-1ubuntu1 on Bionic
Looks like the rsync security update doesn't like the way unison is handling arguments. Perhaps adding --old-args to the command lines here would help: copyprog = rsync -a -A -X --rsh=ssh --inplace --compress copyprogrest = rsync -a -A -X --rsh=ssh --partial --inplace --compress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/2009706 Title: rsync 3.1.2-2.1ubuntu1.6 breaks compatibility with unison 2.48.4-1ubuntu1 on Bionic Status in rsync package in Ubuntu: New Status in unison package in Ubuntu: New Bug description: Rsync 3.1.2-2.1ubuntu1.6, when used by Unison using the copyprog option in Unison, produces an error message and fails to sync files. Rsync 3.1.2-2.1ubuntu1 succeeds in syncing files. I believe Rsync 3.1.2-2.1ubuntu1.5 succeeded but I no longer have the .deb file to test with. Steps to reproduce: Create a unison profile similar to the one given below, to sync a folder between a local machine and a remote ssh server. Both client and server need the same Ubuntu and Unison versions, and I used unpassphrased SSH keys for authentication. Place a test file in the folder to be synced, then run 'unison profilename'. Note that I have redacted domains in the below. Unison profile: label = Test Profile root = /root/unison-test root = ssh://fs2b.our.domain.org.uk//root/unison-test # run repeatedly and fully automatically auto = true batch = true copyonconflict = true #repeat = 60 # the copy program must be manually specified in order to sync ACLs copythreshold=0 copyprog = rsync -a -A -X --rsh=ssh --inplace --compress copyprogrest = rsync -a -A -X --rsh=ssh --partial --inplace --compress # general settings group = true owner = true #path = sharedfolder #path = users perms = -1 sortbysize = true times = true Unison output with rsync 3.1.2-2.1ubuntu1.6 root@fs72a:~# unison fs2b_unisontest -debug all [startup] Preferences: ui = graphic host = server = false prefsdocs = false doc = version = false silent = false dumbtty = false testserver = false rest = fs2b_unisontest showprev = false selftest = false confirmmerge = false retry = 0 repeat = contactquietly = false key = label = Syncs P and S drives between fs72a and fs2a expert = false height = 15 auto = true maxthreads = 0 maxsizethreshold = -1 prefer = force = sortnewfirst = false sortbysize = true keeptempfilesaftermerge = false diff = diff -u CURRENT2 CURRENT1 copyonconflict = true backupdir = maxbackups = 2 backups = false backupsuffix = backupprefix = .bak.$VERSION. backuploc = central copymax = 1 copyquoterem = default copythreshold = 0 copyprogrest = rsync -a -A -X --rsh=ssh --partial --inplace --compress copyprog = rsync -a -A -X --rsh=ssh --inplace --compress rsync = true fastcheck = default ignorelocks = false dumparchives = false showarchive = false rootsName = ignorearchives = false fastercheckUNSAFE = false fat = false allHostsAreRunningWindows = false someHostIsRunningWindows = false confirmbigdel = true batch = true root = ssh://fs2b.our.domain.org.uk//root/unison-test root = /root/unison-test killserver = false halfduplex = false stream = true addversionno = false servercmd = sshargs = rshargs = rshcmd = rsh sshcmd = ssh xferbycopying = true sshversion = clientHostName = fs72a ignoreinodenumbers = false links-aux = true links = default times = true group = true owner = true numericids = false dontchmod = false perms = -1 watch = true rsrc-aux = false rsrc = default maxerrors = 1 unicodeCS = false unicodeEnc = false unicode = default someHostIsInsensitive = false ignorecase = default timers = false terse = false logfile = /root/.unison/unison.log log = true debugtimes = false debug = all addprefsto = Contacting server... [remote] Shell connection: ssh (ssh, fs2b.our.domain.org.uk, -e, none, unison, -server) [globals] Checking path '' for expansions Connected [//fs2b//root/unison-test -> //fs72a//root/unison-test] [startup] Roots: /root/unison-test ssh://fs2b.our.domain.org.uk//root/unison-test i.e. /root/unison-test ssh://fs2b.our.domain.org.uk//root/unison-test i.e. (in canonical order) /root/unison-test //fs2b//root/unison-test [props] Setting permission mask to (7 and ) [stasher] initBackupsLocal [stasher] d = / [stasher] Prefix and suffix regexps for backup filenames have been updated [server: stasher] initBackupsLocal [server: stasher] d = / [server: stasher] Prefix and suffix regexps for backup filenames have been updated Looking for changes [ui] temp: Globals.paths = [update] Loading archive from /root/.unison/areaa77
[Touch-packages] [Bug 2009756] Re: backups fail since latest rsync security update
Some users only have the -security pocket enabled, and not -updates, so when a fix is required for a regression introduced by a security update, it needs to go to the -security pocket. It doesn't in any way mean BIT had a security issue. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/2009756 Title: backups fail since latest rsync security update Status in backintime package in Ubuntu: Fix Released Status in rsync package in Ubuntu: New Status in backintime source package in Jammy: In Progress Status in rsync source package in Jammy: New Status in backintime source package in Kinetic: In Progress Status in rsync source package in Kinetic: New Status in backintime source package in Lunar: Fix Released Status in rsync source package in Lunar: New Bug description: Backintime uses rsync to perform updates. Unfortunately there is an incompatibility between the currently released version of backintime and rsync >= 3.2.4 (see https://github.com/bit- team/backintime/issues/1247) Rsync has been updated from 3.2.3 to 3.2.7 on Feb 27. This broke backintime backups. The symptom is an error message like this: Command "rsync -a --delete --rsh=ssh -o ServerAliveInterval=240 -o LogLevel=Error -o IdentityFile=/home/aurelien/.ssh/backintime -p 22 /tmp/tmpxilwcwk4/ u...@example.com:"./backintime/switch/aurelien/1/20230308-230517-262"" returns 3 | rsync: change_dir#3 "/data/home/user//"./backintime/switch/aurelien/1" failed: No such file or directory (2) The workaround described in the GitHub issue works (passing `--old- args` to rsync), but maybe it would be better if the backintime package did this automatically? ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: backintime-common 1.2.1-3ubuntu0.1 ProcVersionSignature: Ubuntu 5.19.0-35.36~22.04.1-generic 5.19.17 Uname: Linux 5.19.0-35-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.3 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: KDE Date: Wed Mar 8 23:19:02 2023 InstallationDate: Installed on 2021-06-23 (623 days ago) InstallationMedia: Kubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 (20210209.1) PackageArchitecture: all SourcePackage: backintime UpgradeStatus: Upgraded to jammy on 2022-08-24 (196 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/2009756/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2009756] Re: backups fail since latest rsync security update
Hi @agateau, I have uploaded fixed backintime packages for jammy and kinetic to the security team PPA here: https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/+packages Once they are finished building, could you give them a try? If they work correctly, I will release them. Thanks! ** Changed in: backintime (Ubuntu) Status: Invalid => In Progress ** Changed in: backintime (Ubuntu) Assignee: buhtz (buhtz) => Marc Deslauriers (mdeslaur) ** Also affects: rsync (Ubuntu Lunar) Importance: Undecided Status: New ** Also affects: backintime (Ubuntu Lunar) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: In Progress ** Also affects: rsync (Ubuntu Kinetic) Importance: Undecided Status: New ** Also affects: backintime (Ubuntu Kinetic) Importance: Undecided Status: New ** Also affects: rsync (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: backintime (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: backintime (Ubuntu Lunar) Status: In Progress => Fix Released ** Changed in: backintime (Ubuntu Kinetic) Status: New => In Progress ** Changed in: backintime (Ubuntu Jammy) Status: New => In Progress ** Changed in: backintime (Ubuntu Jammy) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: backintime (Ubuntu Kinetic) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/2009756 Title: backups fail since latest rsync security update Status in backintime package in Ubuntu: Fix Released Status in rsync package in Ubuntu: New Status in backintime source package in Jammy: In Progress Status in rsync source package in Jammy: New Status in backintime source package in Kinetic: In Progress Status in rsync source package in Kinetic: New Status in backintime source package in Lunar: Fix Released Status in rsync source package in Lunar: New Bug description: Backintime uses rsync to perform updates. Unfortunately there is an incompatibility between the currently released version of backintime and rsync >= 3.2.4 (see https://github.com/bit- team/backintime/issues/1247) Rsync has been updated from 3.2.3 to 3.2.7 on Feb 27. This broke backintime backups. The symptom is an error message like this: Command "rsync -a --delete --rsh=ssh -o ServerAliveInterval=240 -o LogLevel=Error -o IdentityFile=/home/aurelien/.ssh/backintime -p 22 /tmp/tmpxilwcwk4/ u...@example.com:"./backintime/switch/aurelien/1/20230308-230517-262"" returns 3 | rsync: change_dir#3 "/data/home/user//"./backintime/switch/aurelien/1" failed: No such file or directory (2) The workaround described in the GitHub issue works (passing `--old- args` to rsync), but maybe it would be better if the backintime package did this automatically? ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: backintime-common 1.2.1-3ubuntu0.1 ProcVersionSignature: Ubuntu 5.19.0-35.36~22.04.1-generic 5.19.17 Uname: Linux 5.19.0-35-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.3 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: KDE Date: Wed Mar 8 23:19:02 2023 InstallationDate: Installed on 2021-06-23 (623 days ago) InstallationMedia: Kubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 (20210209.1) PackageArchitecture: all SourcePackage: backintime UpgradeStatus: Upgraded to jammy on 2022-08-24 (196 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/2009756/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2009575] Re: Upgrade to 3.1.3-8ubuntu0.5 causing sync errors
As this is working as expected, I am marking this bug as "invalid". Thanks! ** Changed in: rsync (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/2009575 Title: Upgrade to 3.1.3-8ubuntu0.5 causing sync errors Status in rsync package in Ubuntu: Invalid Bug description: Hi Several systems running Ubuntu 20.04 upgraded their rsync package from 3.1.3-8ubuntu0.4 to 3.1.3-8ubuntu0.5 overnight. Automated syncs that connect to a 16.04 ESM server are now failing with: receiving file list ... ERROR: rejecting unrequested file-list name: [redacted] rsync error: protocol incompatibility (code 2) at flist.c(916) [Receiver=3.1.3] Reverting to the previous release (3.1.3-8ubuntu0.4) on the client side solves the problem. This has been seen on multiple servers running 20.04 on amd64, I'll update this bug with details if we find it on other series too. The 16.04 ESM server being connected to is using the rsync package version 3.1.1-3ubuntu1.3+esm2, so no recent upgrades on that end. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2009575/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp