Re: Ubuntu 22.04 LTS support
On Mon, Feb 6, 2023 at 12:00 AM alfredo.nodo wrote: > > Hi, > I see here that you are the maintainers of the package jami > https://packages.ubuntu.com/focal/jami > Are you planning to port it to Ubuntu 22.04 LTS? Hi Alfredo, this binary package belongs to source ring which has many many bugs and crashes [1]. Hence it was removed from Ubuntu [2] and Debian [3] over and over again. There now is a new version [4] but it seems to break just as much. Due to that it is unlikely to make it into the next release 23.04 and even more unlikely to then be backported into 22.04. [1]: https://bugs.launchpad.net/ubuntu/+source/ring [2]: https://bugs.launchpad.net/ubuntu/+source/ring/+bug/1885646 [3]: https://tracker.debian.org/news/1270862/ring-removed-from-testing/ [4]: https://launchpad.net/ubuntu/+source/ring/20210112.2.b757bac~ds1-2 I hope that clarifies why you miss it post focal. > Thank you > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Christian Ehrhardt Senior Staff Engineer, Ubuntu Server Canonical Ltd -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Ubuntu 22.04 LTS support
Hi,I see here that you are the maintainers of the package jami https://packages.ubuntu.com/focal/jami Are you planning to port it to Ubuntu 22.04 LTS? Thank you signature.asc Description: OpenPGP digital signature -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: PAM update (1.3.1-5ubuntu4.4) seems broken
Hi Nishit, Thanks for the quick fix. I took a look at the new bionic and focal sources, it looks good to me. I do see that the debian/patches/series file is still present in both the sources (empty files), maybe best to remove it to avoid a similar issue in the future? Thanks, Vishwanath On 2/2/2023 7:39 AM, Nishit Majithia wrote: > Hi Vishwanath, > > We have updated the package with correct fix and uploaded > here: > https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages?field.name_filter=pam > > It would be great if you can test this updated package and > provide the feedback > > Thanks > Nishit > > On Thu, 02. Feb 12:33, Nishit Majithia wrote: >> Hi Vishwanath, >> >> Thank you for reporting the issue. The patch got applied >> incorrectly to debian/patches instead of >> debian/patches-applied dir. We will fix this issue and could >> track it if you can create an Launchpad bug for this here: >> https://bugs.launchpad.net/ubuntu/+source/pam/+filebug >> >> Thanks >> Nishit >> >> On Wed, 01. Feb 13:53, Vishwanath Pai wrote: >>> I think I messed up my summary a bit: >>> On focal: dpkg-source applies the CVE fix from debian/patchs, but >>> dpkg-buildpackage removes >>> it before building the package. >>> >>> On bionic: dpkg-source does not apply the patches in debian/patch. >>> >>> So in both the cases it does not seem to apply the CVE fix. >>> >>> -Vishwanath >>> >>> On 2/1/2023 1:48 PM, Vishwanath Pai wrote: Hi All, In the latest update for pam, the patch was added to "debian/patches" vs "debian/patches-applied" where all the other patches for pam reside. Was this intentional? pam (1.3.1-5ubuntu4.4) focal-security; urgency=medium * SECURITY UPDATE: authentication bypass vulnerability - debian/patches/CVE-2022-28321.patch: pam_access: handle hostnames in access.conf - CVE-2022-28321 -- Nishit Majithia Tue, 24 Jan 2023 17:15:43 +0530 For our bionic builds it is picking up all patches from debian/patches-applied but not debian/patches. The build passes but the CVE fix is not applied. For our focal builds, it seems to only pickup debian/patches, so the CVE does get patched the rest of the patches in debian/patches-applied does not apply. We only noticed this because the build fails. On focal, dpkg-source seems to be applying the patch: $ dpkg-source -x pam_1.3.1-5ubuntu4.4.dsc gpgv: Signature made Tue 24 Jan 2023 06:56:23 AM EST gpgv: using RSA key B35EBCD35C6717BC0ADEB08AEC873ACED468723C gpgv: issuer "nishit.majit...@canonical.com" gpgv: Can't check signature: No public key dpkg-source: warning: failed to verify signature on ./pam_1.3.1-5ubuntu4.4.dsc dpkg-source: info: extracting pam in pam-1.3.1 dpkg-source: info: unpacking pam_1.3.1.orig.tar.xz dpkg-source: info: unpacking pam_1.3.1-5ubuntu4.4.debian.tar.xz dpkg-source: info: using patch list from debian/patches/series dpkg-source: info: applying CVE-2022-28321.patch But when I do "dpkg-buildpackage" it removes the CVE fix before building: $ dpkg-buildpackage dpkg-buildpackage: info: source package pam dpkg-buildpackage: info: source version 1.3.1-5ubuntu4.4 dpkg-buildpackage: info: source distribution focal-security dpkg-buildpackage: info: source changed by Nishit Majithia dpkg-buildpackage: info: host architecture amd64 dpkg-source --before-build . fakeroot debian/rules clean dh clean --with quilt,autoreconf dh_quilt_unpatch Removing patch CVE-2022-28321.patch Restoring modules/pam_access/pam_access.c On bionic dpkg-source does not apply the CVE patch at all: $ dpkg-source -x pam_1.1.8-3.6ubuntu2.18.04.4.dsc gpgv: Signature made Tue Jan 24 12:36:38 2023 UTC gpgv: using RSA key B35EBCD35C6717BC0ADEB08AEC873ACED468723C gpgv: issuer "nishit.majit...@canonical.com" gpgv: Can't check signature: No public key dpkg-source: warning: failed to verify signature on ./pam_1.1.8-3.6ubuntu2.18.04.4.dsc dpkg-source: info: extracting pam in pam-1.1.8 dpkg-source: info: unpacking pam_1.1.8-3.6ubuntu2.18.04.4.tar.gz I am not sure how the version in the repos got built, but its possible the CVE fix did not apply. Thanks, Vishwanath > -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: PAM update (1.3.1-5ubuntu4.4) seems broken
Hi Vishwanath, Thank you for reporting the issue. The patch got applied incorrectly to debian/patches instead of debian/patches-applied dir. We will fix this issue and could track it if you can create an Launchpad bug for this here: https://bugs.launchpad.net/ubuntu/+source/pam/+filebug Thanks Nishit On Wed, 01. Feb 13:53, Vishwanath Pai wrote: > I think I messed up my summary a bit: > On focal: dpkg-source applies the CVE fix from debian/patchs, but > dpkg-buildpackage removes > it before building the package. > > On bionic: dpkg-source does not apply the patches in debian/patch. > > So in both the cases it does not seem to apply the CVE fix. > > -Vishwanath > > On 2/1/2023 1:48 PM, Vishwanath Pai wrote: > > Hi All, > > > > In the latest update for pam, the patch was added to "debian/patches" vs > > "debian/patches-applied" > > where all the other patches for pam reside. Was this intentional? > > > > pam (1.3.1-5ubuntu4.4) focal-security; urgency=medium > > > > * SECURITY UPDATE: authentication bypass vulnerability > > - debian/patches/CVE-2022-28321.patch: pam_access: handle hostnames in > > access.conf > > - CVE-2022-28321 > > > > -- Nishit Majithia Tue, 24 Jan 2023 > > 17:15:43 +0530 > > > > For our bionic builds it is picking up all patches from > > debian/patches-applied but not > > debian/patches. The build passes but the CVE fix is not applied. > > > > For our focal builds, it seems to only pickup debian/patches, so the CVE > > does get patched the rest > > of the patches in debian/patches-applied does not apply. We only noticed > > this because the build > > fails. > > > > On focal, dpkg-source seems to be applying the patch: > > > > $ dpkg-source -x pam_1.3.1-5ubuntu4.4.dsc > > gpgv: Signature made Tue 24 Jan 2023 06:56:23 AM EST > > gpgv: using RSA key B35EBCD35C6717BC0ADEB08AEC873ACED468723C > > gpgv: issuer "nishit.majit...@canonical.com" > > gpgv: Can't check signature: No public key > > dpkg-source: warning: failed to verify signature on > > ./pam_1.3.1-5ubuntu4.4.dsc > > dpkg-source: info: extracting pam in pam-1.3.1 > > dpkg-source: info: unpacking pam_1.3.1.orig.tar.xz > > dpkg-source: info: unpacking pam_1.3.1-5ubuntu4.4.debian.tar.xz > > dpkg-source: info: using patch list from debian/patches/series > > dpkg-source: info: applying CVE-2022-28321.patch > > > > But when I do "dpkg-buildpackage" it removes the CVE fix before building: > > > > $ dpkg-buildpackage > > dpkg-buildpackage: info: source package pam > > dpkg-buildpackage: info: source version 1.3.1-5ubuntu4.4 > > dpkg-buildpackage: info: source distribution focal-security > > dpkg-buildpackage: info: source changed by Nishit Majithia > > > > dpkg-buildpackage: info: host architecture amd64 > > dpkg-source --before-build . > > fakeroot debian/rules clean > > dh clean --with quilt,autoreconf > > dh_quilt_unpatch > > Removing patch CVE-2022-28321.patch > > Restoring modules/pam_access/pam_access.c > > > > On bionic dpkg-source does not apply the CVE patch at all: > > > > $ dpkg-source -x pam_1.1.8-3.6ubuntu2.18.04.4.dsc > > > > gpgv: Signature made Tue Jan 24 12:36:38 2023 UTC > > > > gpgv: using RSA key B35EBCD35C6717BC0ADEB08AEC873ACED468723C > > > > gpgv: issuer "nishit.majit...@canonical.com" > > > > gpgv: Can't check signature: No public key > > > > dpkg-source: warning: failed to verify signature on > > ./pam_1.1.8-3.6ubuntu2.18.04.4.dsc > > > > dpkg-source: info: extracting pam in pam-1.1.8 > > > > dpkg-source: info: unpacking pam_1.1.8-3.6ubuntu2.18.04.4.tar.gz > > > > > > I am not sure how the version in the repos got built, but its possible the > > CVE fix did not apply. > > > > Thanks, > > Vishwanath signature.asc Description: PGP signature -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: PAM update (1.3.1-5ubuntu4.4) seems broken
I think I messed up my summary a bit: On focal: dpkg-source applies the CVE fix from debian/patchs, but dpkg-buildpackage removes it before building the package. On bionic: dpkg-source does not apply the patches in debian/patch. So in both the cases it does not seem to apply the CVE fix. -Vishwanath On 2/1/2023 1:48 PM, Vishwanath Pai wrote: > Hi All, > > In the latest update for pam, the patch was added to "debian/patches" vs > "debian/patches-applied" > where all the other patches for pam reside. Was this intentional? > > pam (1.3.1-5ubuntu4.4) focal-security; urgency=medium > > * SECURITY UPDATE: authentication bypass vulnerability > - debian/patches/CVE-2022-28321.patch: pam_access: handle hostnames in > access.conf > - CVE-2022-28321 > > -- Nishit Majithia Tue, 24 Jan 2023 > 17:15:43 +0530 > > For our bionic builds it is picking up all patches from > debian/patches-applied but not > debian/patches. The build passes but the CVE fix is not applied. > > For our focal builds, it seems to only pickup debian/patches, so the CVE does > get patched the rest > of the patches in debian/patches-applied does not apply. We only noticed this > because the build > fails. > > On focal, dpkg-source seems to be applying the patch: > > $ dpkg-source -x pam_1.3.1-5ubuntu4.4.dsc > gpgv: Signature made Tue 24 Jan 2023 06:56:23 AM EST > gpgv: using RSA key B35EBCD35C6717BC0ADEB08AEC873ACED468723C > gpgv: issuer "nishit.majit...@canonical.com" > gpgv: Can't check signature: No public key > dpkg-source: warning: failed to verify signature on ./pam_1.3.1-5ubuntu4.4.dsc > dpkg-source: info: extracting pam in pam-1.3.1 > dpkg-source: info: unpacking pam_1.3.1.orig.tar.xz > dpkg-source: info: unpacking pam_1.3.1-5ubuntu4.4.debian.tar.xz > dpkg-source: info: using patch list from debian/patches/series > dpkg-source: info: applying CVE-2022-28321.patch > > But when I do "dpkg-buildpackage" it removes the CVE fix before building: > > $ dpkg-buildpackage > dpkg-buildpackage: info: source package pam > dpkg-buildpackage: info: source version 1.3.1-5ubuntu4.4 > dpkg-buildpackage: info: source distribution focal-security > dpkg-buildpackage: info: source changed by Nishit Majithia > > dpkg-buildpackage: info: host architecture amd64 > dpkg-source --before-build . > fakeroot debian/rules clean > dh clean --with quilt,autoreconf > dh_quilt_unpatch > Removing patch CVE-2022-28321.patch > Restoring modules/pam_access/pam_access.c > > On bionic dpkg-source does not apply the CVE patch at all: > > $ dpkg-source -x pam_1.1.8-3.6ubuntu2.18.04.4.dsc > > gpgv: Signature made Tue Jan 24 12:36:38 2023 UTC > > gpgv: using RSA key B35EBCD35C6717BC0ADEB08AEC873ACED468723C > > gpgv: issuer "nishit.majit...@canonical.com" > > gpgv: Can't check signature: No public key > > dpkg-source: warning: failed to verify signature on > ./pam_1.1.8-3.6ubuntu2.18.04.4.dsc > > dpkg-source: info: extracting pam in pam-1.1.8 > > dpkg-source: info: unpacking pam_1.1.8-3.6ubuntu2.18.04.4.tar.gz > > > I am not sure how the version in the repos got built, but its possible the > CVE fix did not apply. > > Thanks, > Vishwanath -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
PAM update (1.3.1-5ubuntu4.4) seems broken
Hi All, In the latest update for pam, the patch was added to "debian/patches" vs "debian/patches-applied" where all the other patches for pam reside. Was this intentional? pam (1.3.1-5ubuntu4.4) focal-security; urgency=medium * SECURITY UPDATE: authentication bypass vulnerability - debian/patches/CVE-2022-28321.patch: pam_access: handle hostnames in access.conf - CVE-2022-28321 -- Nishit Majithia Tue, 24 Jan 2023 17:15:43 +0530 For our bionic builds it is picking up all patches from debian/patches-applied but not debian/patches. The build passes but the CVE fix is not applied. For our focal builds, it seems to only pickup debian/patches, so the CVE does get patched the rest of the patches in debian/patches-applied does not apply. We only noticed this because the build fails. On focal, dpkg-source seems to be applying the patch: $ dpkg-source -x pam_1.3.1-5ubuntu4.4.dsc gpgv: Signature made Tue 24 Jan 2023 06:56:23 AM EST gpgv: using RSA key B35EBCD35C6717BC0ADEB08AEC873ACED468723C gpgv: issuer "nishit.majit...@canonical.com" gpgv: Can't check signature: No public key dpkg-source: warning: failed to verify signature on ./pam_1.3.1-5ubuntu4.4.dsc dpkg-source: info: extracting pam in pam-1.3.1 dpkg-source: info: unpacking pam_1.3.1.orig.tar.xz dpkg-source: info: unpacking pam_1.3.1-5ubuntu4.4.debian.tar.xz dpkg-source: info: using patch list from debian/patches/series dpkg-source: info: applying CVE-2022-28321.patch But when I do "dpkg-buildpackage" it removes the CVE fix before building: $ dpkg-buildpackage dpkg-buildpackage: info: source package pam dpkg-buildpackage: info: source version 1.3.1-5ubuntu4.4 dpkg-buildpackage: info: source distribution focal-security dpkg-buildpackage: info: source changed by Nishit Majithia dpkg-buildpackage: info: host architecture amd64 dpkg-source --before-build . fakeroot debian/rules clean dh clean --with quilt,autoreconf dh_quilt_unpatch Removing patch CVE-2022-28321.patch Restoring modules/pam_access/pam_access.c On bionic dpkg-source does not apply the CVE patch at all: $ dpkg-source -x pam_1.1.8-3.6ubuntu2.18.04.4.dsc gpgv: Signature made Tue Jan 24 12:36:38 2023 UTC gpgv: using RSA key B35EBCD35C6717BC0ADEB08AEC873ACED468723C gpgv: issuer "nishit.majit...@canonical.com" gpgv: Can't check signature: No public key dpkg-source: warning: failed to verify signature on ./pam_1.1.8-3.6ubuntu2.18.04.4.dsc dpkg-source: info: extracting pam in pam-1.1.8 dpkg-source: info: unpacking pam_1.1.8-3.6ubuntu2.18.04.4.tar.gz I am not sure how the version in the repos got built, but its possible the CVE fix did not apply. Thanks, Vishwanath -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
screenshot feature request
Hi I would like to ask for a change in screenshot program consisting in prevent the use of mouse drag to take a region of screen and change it for two clicks at the corners of the rectangle, showing dotted lines to set the picture area. If someone could change it in the program I would thank them. Have a nice day. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
