[Bug 1729536] Re: InnoDB: Failing assertion: sym_node->table != NULL
The new upstream bug (88844) is unfortunately private and I can't see its state. -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to mysql-5.7 in Ubuntu. Matching subscriptions: main https://bugs.launchpad.net/bugs/1729536 Title: InnoDB: Failing assertion: sym_node->table != NULL To manage notifications about this bug go to: https://bugs.launchpad.net/mysql-server/+bug/1729536/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 216847] Re: sshd will not start at boot if ListenAddress is set, because network interface is not yet up
Upstream server about using IP_FREEBIND: https://bugzilla.mindrot.org/show_bug.cgi?id=2512 ** Bug watch added: OpenSSH Portable Bugzilla #2512 https://bugzilla.mindrot.org/show_bug.cgi?id=2512 ** Also affects: openssh via https://bugzilla.mindrot.org/show_bug.cgi?id=2512 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/216847 Title: sshd will not start at boot if ListenAddress is set, because network interface is not yet up To manage notifications about this bug go to: https://bugs.launchpad.net/openssh/+bug/216847/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1638957] Re: [MIR] http-parser, dependency of sssd
** Description changed: [Availability] Package is in universe since trusty: $ rmadison http-parser http-parser | 2.1-2 | trusty/universe | source http-parser | 2.1-2 | xenial/universe | source http-parser | 2.1-2 | artful/universe | source http-parser | 2.7.1-2 | bionic/universe | source Upstream: https://github.com/nodejs/http-parser [Rationale] sssd uses http-parser in its sssd-secrets service [https://docs.pagure.org/SSSD.sssd/design_pages/secrets_service.html], which has a REST API over a unix socket. The Debian sssd package has the secrets service enabled, and disabling it in the Ubuntu package is part of the delta we carry. The secrets service can be used as a generic key/value database for secrets, and one of its users is a kerberos KDC via KCM (Kerberos Cache Manager), implemented by sssd-kcm. sssd-secrets is unix socket activated and won't be running until there is a connection to that socket. The goal of this MIR is then twofold: a) drop a delta we have with regards to debian b) provide the sssd-secrets service for Ubuntu users + bug #1754365 has an MP and tests for the sssd-secrets service. + [Security] ubuntu-security review in comment https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/comments/9 There are still no CVEs for http-parser or libhttp-parser. OSS security mailing list search returns no hits for http-parser or libhttp-parser No hits on the Ubuntu CVE Tracker. No security relevant binaries in the package. The only indirect security implication is that this enables a new service in sssd: sssd-secrets, used to store secrets by wanting applications. - [Quality assurance] * After installing the package it must be possible to make it working with a reasonable effort of configuration and documentation reading. It's a library and it installs without further configuration. * The package must not ask debconf questions higher than medium if it is going to be installed by default. The debconf questions must have reasonable defaults. There are no debconf questions needed. * There are no long-term outstanding bugs which affect the usability of the program to a major degree. To support a package, we must be reasonably convinced that upstream supports and cares for the package. There are 3 ubuntu open bugs, of which this is one, and no closed bugs. These are the other 2 bugs: bug #1677865: missing dep8 tests bug #1733554: disable a failing test, caused by new http-parser That last bug is a bit scarce on details. * The status of important bugs in Debian's, Ubuntu's, and upstream's bug tracking systems must be evaluated. Important bugs must be pointed out and discussed in the MIR report. Debian has the same bug open regarding the failing test: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882308 There are, as of now, 27 open issues in upstream's bug tracker: https://github.com/nodejs/http-parser/issues * The package is maintained well in Debian/Ubuntu (check out the Debian PTS) The low number of bugs may indicate it's not used a lot, or that it's not maintained at all. A good number of upstream bugs have feedback. * The package should not deal with exotic hardware which we cannot support. Not the case here. * If the package ships a test suite, and there is no obvious reason why it cannot work during build (e. g. it needs root privileges or network access), it should be run during package build, and a failing test suite should fail the build. The test suite runs at package build time: dh_auto_test make -j4 test make[1]: Entering directory '/home/ubuntu/http-parser-2.7.1' cc -Wdate-time -D_FORTIFY_SOURCE=2 -I. -DHTTP_PARSER_STRICT=1 -g -O2 -fdebug-prefix-map=/home/ubuntu/http-parser-2.7.1=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -Wextra -Werror -O0 -g -c http_parser.c -o http_parser_g.o cc -Wdate-time -D_FORTIFY_SOURCE=2 -I. -DHTTP_PARSER_STRICT=1 -g -O2 -(...) ./test_g http_parser v2.7.1 (0x020701) sizeof(http_parser) = 32 response scan 1/2 100% response scan 2/2 100% responses okay request scan 1/4 100% request scan 2/4 100% request scan 3/4 100% request scan 4/4 100% requests okay ./test_fast http_parser v2.7.1 (0x020701) sizeof(http_parser) = 32 response scan 1/2 100% response scan 2/2 100% responses okay request scan 1/4 100% request scan 2/4 100% request scan 3/4 100% request scan 4/4 100% requests okay * The package uses a debian/watch file whenever possible. In cases where this is not possible (e. g. native packages), the package should either provide a debian/README.source file or a debian/watch file (with comments only) providing clear instructions on how to generate the source tar file. There is a debian/watch file: version=3 https://github.com/joyent/htt
[Bug 1638957] Re: [MIR] http-parser, dependency of sssd
** Tags removed: zesty ** Tags added: bionic -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1638957 Title: [MIR] http-parser, dependency of sssd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1754365] Re: [FFe]: Enable sssd-secrets service
** Description changed: Please enable the sssd-secrets service. This needs the MIR for http- parser (#1638957) to pass. + [Rationale] + From the MIR bug (#1638957): + The Debian sssd package has the secrets service enabled, and disabling it in the Ubuntu package is part of the delta we carry. + + The secrets service can be used as a generic key/value database for + secrets, and one of its consumers is a kerberos KDC via KCM (Kerberos + Cache Manager), implemented by sssd-kcm. sssd-kcm gives users an option + to store the credentials in a cache that persists reboots, as opposed to + when it's stored in the kernel keyring or in /tmp, when that is a tmpfs. + + sssd-secrets can also use a remote Custodia + [https://github.com/simo5/custodia] (in Universe) server to store its + secrets there. + + sssd-secrets is unix socket activated and won't be running until there + is a connection to that socket. + + [Testing] - This is the testing that was done. - During testing, I found a related bug and filed a bug in debian about it with a related MP in salsa (https://bugs.debian.org/892315). + This is the testing that was done. Only the local store was tested, not the Custodia remote server case. + + During testing, I found a related bug and filed a bug in debian about it + with a related MP in salsa (https://bugs.debian.org/892315). Quick simple test = sudo add-apt-repository -y -u ppa:ahasenack/sssd-secrets-1638957 sudo apt install sssd # Store a secret $ curl -H "Content-Type: application/json" --unix-socket /var/run/secrets.socket -XPUT http://localhost/secrets/foo -d'{"type":"simple","value":"foosecret"}';echo 200 OK OK Success # retrieve the secret $ curl -H "Content-Type: application/json" --unix-socket /var/run/secrets.socket -XGET http://localhost/secrets/foo;echo { - "type": "simple", - "value": "foosecret" + "type": "simple", + "value": "foosecret" } # try to retrieve the same secret but as a different user won't work because secrets are per user $ sudo curl -H "Content-Type: application/json" --unix-socket /var/run/secrets.socket -XGET http://localhost/secrets/foo;echo 404 Not Found Not Found The requested resource was not found. Extended test = This is a more extended version of this verification and it tests the integration of the secrets service between three services: the secrets service itself, MIT kerberos client libraries, and the sssd-kcm service (kerberos cache manager). sudo add-apt-repository -y -u ppa:ahasenack/sssd-secrets-1638957 sudo apt install sssd sssd-kcm # use EXAMPLE.COM for the kerberos realm, and localhost for the admin and kdc servers, when prompted sudo apt install krb5-user krb5-kdc krb5-admin-server # the kdc will fail to start because there is no realm yet, that's ok. We will create it now. Use whatever password you want sudo krb5_newrealm # create a kerberos principal. This uses "secret" as a password sudo kadmin.local -q "addprinc -pw secret ubuntu" # edit /etc/krb5.conf and tell the library to use KCM by default [libdefaults] - default_ccache_name = KCM: # <-- add this line + default_ccache_name = KCM: # <-- add this line # create /etc/sssd/sssd.conf with these contents: [sssd] config_file_version = 2 services = pam domains = example.com [pam] [domain/example.com] id_provider = proxy proxy_lib_name = files auth_provider = krb5 krb5_server = localhost krb5_realm = EXAMPLE.COM # adjust permissions sudo chmod 0600 /etc/sssd/sssd.conf sudo chown root:root /etc/sssd/sssd.conf # (re)start sssd sudo systemctl restart sssd # test getting a ticket for "ubuntu". Notice how the cache is using "KCM": ubuntu@bionic-sssd-http-parser:~$ kinit Password for ubu...@example.com: ubuntu@bionic-sssd-http-parser:~$ klist Ticket cache: KCM:1000 Default principal: ubu...@example.com Valid starting Expires Service principal 03/08/18 13:09:12 03/08/18 23:09:12 krbtgt/example@example.com - renew until 03/09/18 13:09:10 + renew until 03/09/18 13:09:10 # install ldb-tools sudo apt install ldb-tools # perform a search on the secrets database to see the entry created by kcm $ sudo ldbsearch -H /var/lib/sss/secrets/secrets.ldb cn # record 1 dn: cn=3615a3ca-b857-4ee6-ae70-3a82485276b3-1000,cn=ccache,cn=1000,cn=persistent,cn=kcm # record 2 dn: cn=ccache,cn=1000,cn=persistent,cn=kcm # returned 2 records # 2 entries # 0 referrals # destroy the kerberos ticket and confirm it's gone from the secrets database ubuntu@bionic-sssd-http-parser:~$ kdestroy ubuntu@bionic-sssd-http-parser:~$ sudo ldbsearch -H /var/lib/sss/secrets/secrets.ldb cn # returned 0 records # 0 entries # 0 referrals -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed t
[Bug 1752660] Re: python-cryptography missing cffi dependency
I've marked this incomplete until we can recreate it. ** Changed in: python-cryptography (Ubuntu Bionic) Status: Fix Released => Incomplete ** No longer affects: python-cryptography (Ubuntu Artful) ** No longer affects: python-cryptography (Ubuntu) ** No longer affects: python-cryptography (Ubuntu Xenial) ** No longer affects: python-cryptography (Ubuntu Bionic) ** Also affects: python-cryptography (Ubuntu) Importance: Undecided Status: New ** Changed in: python-cryptography (Ubuntu) Status: New => Incomplete ** No longer affects: cloud-archive ** No longer affects: cloud-archive/mitaka ** No longer affects: cloud-archive/newton ** No longer affects: cloud-archive/ocata ** No longer affects: cloud-archive/queens ** No longer affects: cloud-archive/pike -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to python-cryptography in Ubuntu. https://bugs.launchpad.net/bugs/1752660 Title: python-cryptography missing cffi dependency To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-cryptography/+bug/1752660/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1754365] [NEW] [FFe]: Enable sssd-secrets service
Public bug reported: Please enable the sssd-secrets service. This needs the MIR for http- parser (#1638957) to pass. [Rationale] >From the MIR bug (#1638957): The Debian sssd package has the secrets service enabled, and disabling it in the Ubuntu package is part of the delta we carry. The secrets service can be used as a generic key/value database for secrets, and one of its consumers is a kerberos KDC via KCM (Kerberos Cache Manager), implemented by sssd-kcm. sssd-kcm gives users an option to store the credentials in a cache that persists reboots, as opposed to when it's stored in the kernel keyring or in /tmp, when that is a tmpfs. sssd-secrets can also use a remote Custodia [https://github.com/simo5/custodia] (in Universe) server to store its secrets there. sssd-secrets is unix socket activated and won't be running until there is a connection to that socket. [Testing] This is the testing that was done. Only the local store was tested, not the Custodia remote server case. During testing, I found a related bug and filed a bug in debian about it with a related MP in salsa (https://bugs.debian.org/892315). Quick simple test = sudo add-apt-repository -y -u ppa:ahasenack/sssd-secrets-1638957 sudo apt install sssd # Store a secret $ curl -H "Content-Type: application/json" --unix-socket /var/run/secrets.socket -XPUT http://localhost/secrets/foo -d'{"type":"simple","value":"foosecret"}';echo 200 OK OK Success # retrieve the secret $ curl -H "Content-Type: application/json" --unix-socket /var/run/secrets.socket -XGET http://localhost/secrets/foo;echo { "type": "simple", "value": "foosecret" } # try to retrieve the same secret but as a different user won't work because secrets are per user $ sudo curl -H "Content-Type: application/json" --unix-socket /var/run/secrets.socket -XGET http://localhost/secrets/foo;echo 404 Not Found Not Found The requested resource was not found. Extended test = This is a more extended version of this verification and it tests the integration of the secrets service between three services: the secrets service itself, MIT kerberos client libraries, and the sssd-kcm service (kerberos cache manager). sudo add-apt-repository -y -u ppa:ahasenack/sssd-secrets-1638957 sudo apt install sssd sssd-kcm # use EXAMPLE.COM for the kerberos realm, and localhost for the admin and kdc servers, when prompted sudo apt install krb5-user krb5-kdc krb5-admin-server # the kdc will fail to start because there is no realm yet, that's ok. We will create it now. Use whatever password you want sudo krb5_newrealm # create a kerberos principal. This uses "secret" as a password sudo kadmin.local -q "addprinc -pw secret ubuntu" # edit /etc/krb5.conf and tell the library to use KCM by default [libdefaults] default_ccache_name = KCM: # <-- add this line # create /etc/sssd/sssd.conf with these contents: [sssd] config_file_version = 2 services = pam domains = example.com [pam] [domain/example.com] id_provider = proxy proxy_lib_name = files auth_provider = krb5 krb5_server = localhost krb5_realm = EXAMPLE.COM # adjust permissions sudo chmod 0600 /etc/sssd/sssd.conf sudo chown root:root /etc/sssd/sssd.conf # (re)start sssd sudo systemctl restart sssd # test getting a ticket for "ubuntu". Notice how the cache is using "KCM": ubuntu@bionic-sssd-http-parser:~$ kinit Password for ubu...@example.com: ubuntu@bionic-sssd-http-parser:~$ klist Ticket cache: KCM:1000 Default principal: ubu...@example.com Valid starting Expires Service principal 03/08/18 13:09:12 03/08/18 23:09:12 krbtgt/example@example.com renew until 03/09/18 13:09:10 # install ldb-tools sudo apt install ldb-tools # perform a search on the secrets database to see the entry created by kcm $ sudo ldbsearch -H /var/lib/sss/secrets/secrets.ldb cn # record 1 dn: cn=3615a3ca-b857-4ee6-ae70-3a82485276b3-1000,cn=ccache,cn=1000,cn=persistent,cn=kcm # record 2 dn: cn=ccache,cn=1000,cn=persistent,cn=kcm # returned 2 records # 2 entries # 0 referrals # destroy the kerberos ticket and confirm it's gone from the secrets database ubuntu@bionic-sssd-http-parser:~$ kdestroy ubuntu@bionic-sssd-http-parser:~$ sudo ldbsearch -H /var/lib/sss/secrets/secrets.ldb cn # returned 0 records # 0 entries # 0 referrals ** Affects: sssd (Ubuntu) Importance: Undecided Assignee: Andreas Hasenack (ahasenack) Status: In Progress ** Merge proposal linked: https://code.launchpad.net/~ahasenack/ubuntu/+source/sssd/+git/sssd/+merge/341122 ** Description changed: Please enable the sssd-secrets service. This needs the MIR for http- parser (#1638957) to pass. + + [Testing] + This is the testing that was done. + During testing, I found a related bug and filed a bug in debian about it with a related MP in salsa (https://bugs.debian.org/892315). + + Quick simple test + = + sudo add-apt-repository -y -u ppa:ahasenack/sssd-secrets-1638957 + sudo apt install sssd
[Bug 1752660] Re: python-cryptography missing cffi dependency
Hi Graham, I don't think this is a dependency issue. I'm going to back out the changes I made earlier as I pulled the trigger too quickly with those. What would be good to know is what 'buf' is set to in your scenario. Here's a little script that hits the same path your traceback goes down. It runs successfully on xenial-queens for me. from cryptography.fernet import Fernet, MultiFernet key1 = Fernet(Fernet.generate_key()) key2 = Fernet(Fernet.generate_key()) f = MultiFernet([key1, key2]) token = f.encrypt(b"Secret message!") Thanks, Corey -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-cryptography in Ubuntu. https://bugs.launchpad.net/bugs/1752660 Title: python-cryptography missing cffi dependency To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1752660/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1638957] Re: [MIR] http-parser, dependency of sssd
** Description changed: [Availability] Package is in universe since trusty: $ rmadison http-parser http-parser | 2.1-2 | trusty/universe | source http-parser | 2.1-2 | xenial/universe | source http-parser | 2.1-2 | artful/universe | source http-parser | 2.7.1-2 | bionic/universe | source Upstream: https://github.com/nodejs/http-parser [Rationale] sssd uses http-parser in its sssd-secrets service [https://docs.pagure.org/SSSD.sssd/design_pages/secrets_service.html], which has a REST API over a unix socket. The Debian sssd package has the secrets service enabled, and disabling it in the Ubuntu package is part of the delta we carry. The secrets service can be used as a generic key/value database for secrets, and one of its users is a kerberos KDC via KCM (Kerberos Cache Manager), implemented by sssd-kcm. sssd-secrets is unix socket activated and won't be running until there is a connection to that socket. The goal of this MIR is then twofold: a) drop a delta we have with regards to debian b) provide the sssd-secrets service for Ubuntu users [Security] ubuntu-security review in comment https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/comments/9 There are still no CVEs for http-parser or libhttp-parser. [Quality assurance] * After installing the package it must be possible to make it working with a reasonable effort of configuration and documentation reading. It's a library and it installs without further configuration. * The package must not ask debconf questions higher than medium if it is going to be installed by default. The debconf questions must have reasonable defaults. There are no debconf questions needed. * There are no long-term outstanding bugs which affect the usability of the program to a major degree. To support a package, we must be reasonably convinced that upstream supports and cares for the package. There are 3 ubuntu open bugs, of which this is one, and no closed bugs. These are the other 2 bugs: bug #1677865: missing dep8 tests bug #1733554: disable a failing test, caused by new http-parser That last bug is a bit scarce on details. * The status of important bugs in Debian's, Ubuntu's, and upstream's bug tracking systems must be evaluated. Important bugs must be pointed out and discussed in the MIR report. - There are no open debian bug reports. + Debian has the same bug open regarding the failing test: + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882308 There are, as of now, 27 open issues in upstream's bug tracker: https://github.com/nodejs/http-parser/issues * The package is maintained well in Debian/Ubuntu (check out the Debian PTS) The low number of bugs may indicate it's not used a lot, or that it's not maintained at all. A good number of upstream bugs have feedback. * The package should not deal with exotic hardware which we cannot support. Not the case here. * If the package ships a test suite, and there is no obvious reason why it cannot work during build (e. g. it needs root privileges or network access), it should be run during package build, and a failing test suite should fail the build. The test suite runs at package build time: dh_auto_test make -j4 test make[1]: Entering directory '/home/ubuntu/http-parser-2.7.1' cc -Wdate-time -D_FORTIFY_SOURCE=2 -I. -DHTTP_PARSER_STRICT=1 -g -O2 -fdebug-prefix-map=/home/ubuntu/http-parser-2.7.1=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -Wextra -Werror -O0 -g -c http_parser.c -o http_parser_g.o cc -Wdate-time -D_FORTIFY_SOURCE=2 -I. -DHTTP_PARSER_STRICT=1 -g -O2 -(...) ./test_g http_parser v2.7.1 (0x020701) sizeof(http_parser) = 32 response scan 1/2 100% response scan 2/2 100% responses okay request scan 1/4 100% request scan 2/4 100% request scan 3/4 100% request scan 4/4 100% requests okay ./test_fast http_parser v2.7.1 (0x020701) sizeof(http_parser) = 32 response scan 1/2 100% response scan 2/2 100% responses okay request scan 1/4 100% request scan 2/4 100% request scan 3/4 100% request scan 4/4 100% requests okay - [Dependencies] - libhttp-parser2.7.1 - Reverse Depends: - libhttp-parser-dev - tcpflow-nox - tcpflow - tang-nagios - tang - ruby-http-parser.rb - purple-matrix - ocserv - jabberd2 - libgit2-26 - * The package uses a debian/watch file whenever possible. In cases where this is not possible (e. g. native packages), the package should either provide a debian/README.source file or a debian/watch file (with comments only) providing clear instructions on how to generate the source tar file. There is a debian/watch file: version=3 https://github.com/joyent/http-parser/tags .*/v?(\d.*)\.(?:tgz|tbz2|tar\.(?:gz|bz2|xz)) - * The package should not rely on obsolete or about to be demoted packa
[Bug 1638957] Re: [MIR] http-parser, dependency of sssd
** Description changed: [Availability] Package is in universe since trusty: $ rmadison http-parser http-parser | 2.1-2 | trusty/universe | source http-parser | 2.1-2 | xenial/universe | source http-parser | 2.1-2 | artful/universe | source http-parser | 2.7.1-2 | bionic/universe | source Upstream: https://github.com/nodejs/http-parser [Rationale] sssd uses http-parser in its sssd-secrets service [https://docs.pagure.org/SSSD.sssd/design_pages/secrets_service.html], which has a REST API over a unix socket. The Debian sssd package has the secrets service enabled, and disabling it in the Ubuntu package is part of the delta we carry. The secrets service can be used as a generic key/value database for secrets, and one of its users is a kerberos KDC via KCM (Kerberos Cache Manager), implemented by sssd-kcm. sssd-secrets is unix socket activated and won't be running until there is a connection to that socket. The goal of this MIR is then twofold: a) drop a delta we have with regards to debian b) provide the sssd-secrets service for Ubuntu users [Security] ubuntu-security review in comment https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/comments/9 There are still no CVEs for http-parser or libhttp-parser. [Quality assurance] - * After installing the package it must be possible to make it working with a reasonable effort of configuration and documentation reading. + * After installing the package it must be possible to make it working with a reasonable effort of configuration and documentation reading. It's a library and it installs without further configuration. - * The package must not ask debconf questions higher than medium if it is going to be installed by default. The debconf questions must have reasonable defaults. + * The package must not ask debconf questions higher than medium if it is going to be installed by default. The debconf questions must have reasonable defaults. There are no debconf questions needed. - * There are no long-term outstanding bugs which affect the usability of the program to a major degree. To support a package, we must be reasonably convinced that upstream supports and cares for the package. + * There are no long-term outstanding bugs which affect the usability of the program to a major degree. To support a package, we must be reasonably convinced that upstream supports and cares for the package. There are 3 ubuntu open bugs, of which this is one, and no closed bugs. These are the other 2 bugs: bug #1677865: missing dep8 tests bug #1733554: disable a failing test, caused by new http-parser That last bug is a bit scarce on details. + * The status of important bugs in Debian's, Ubuntu's, and upstream's + bug tracking systems must be evaluated. Important bugs must be pointed + out and discussed in the MIR report. + There are no open debian bug reports. + + There are, as of now, 27 open issues in upstream's bug tracker: + https://github.com/nodejs/http-parser/issues + + + * The package is maintained well in Debian/Ubuntu (check out the Debian PTS) + The low number of bugs may indicate it's not used a lot, or that it's not maintained at all. + + A good number of upstream bugs have feedback. + + + * The package should not deal with exotic hardware which we cannot support. + Not the case here. + + + * If the package ships a test suite, and there is no obvious reason why it cannot work during build (e. g. it needs root privileges or network access), it should be run during package build, and a failing test suite should fail the build. + The test suite runs at package build time: +dh_auto_test + make -j4 test + make[1]: Entering directory '/home/ubuntu/http-parser-2.7.1' + cc -Wdate-time -D_FORTIFY_SOURCE=2 -I. -DHTTP_PARSER_STRICT=1 -g -O2 -fdebug-prefix-map=/home/ubuntu/http-parser-2.7.1=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -Wextra -Werror -O0 -g -c http_parser.c -o http_parser_g.o + cc -Wdate-time -D_FORTIFY_SOURCE=2 -I. -DHTTP_PARSER_STRICT=1 -g -O2 -(...) + ./test_g + http_parser v2.7.1 (0x020701) + sizeof(http_parser) = 32 + response scan 1/2 100% + response scan 2/2 100% + responses okay + request scan 1/4 100% + request scan 2/4 100% + request scan 3/4 100% + request scan 4/4 100% + requests okay + ./test_fast + http_parser v2.7.1 (0x020701) + sizeof(http_parser) = 32 + response scan 1/2 100% + response scan 2/2 100% + responses okay + request scan 1/4 100% + request scan 2/4 100% + request scan 3/4 100% + request scan 4/4 100% + requests okay + [Dependencies] libhttp-parser2.7.1 Reverse Depends: libhttp-parser-dev tcpflow-nox tcpflow tang-nagios tang ruby-http-parser.rb purple-matrix ocserv jabberd2 libgit2-26 [Standards compliance] [Maintenance] [Background information] ** Description changed:
[Bug 1638957] Re: [MIR] http-parser, dependency of sssd
** Description changed: [Availability] Package is in universe since trusty: $ rmadison http-parser http-parser | 2.1-2 | trusty/universe | source http-parser | 2.1-2 | xenial/universe | source http-parser | 2.1-2 | artful/universe | source http-parser | 2.7.1-2 | bionic/universe | source Upstream: https://github.com/nodejs/http-parser [Rationale] sssd uses http-parser in its sssd-secrets service [https://docs.pagure.org/SSSD.sssd/design_pages/secrets_service.html], which has a REST API over a unix socket. The Debian sssd package has the secrets service enabled, and disabling it in the Ubuntu package is part of the delta we carry. The secrets service can be used as a generic key/value database for secrets, and one of its users is a kerberos KDC via KCM (Kerberos Cache Manager), implemented by sssd-kcm. sssd-secrets is unix socket activated and won't be running until there is a connection to that socket. The goal of this MIR is then twofold: a) drop a delta we have with regards to debian b) provide the sssd-secrets service for Ubuntu users [Security] ubuntu-security review in comment https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/comments/9 There are still no CVEs for http-parser or libhttp-parser. [Quality assurance] + * After installing the package it must be possible to make it working with a reasonable effort of configuration and documentation reading. + It's a library and it installs without further configuration. + + * The package must not ask debconf questions higher than medium if it is going to be installed by default. The debconf questions must have reasonable defaults. + There are no debconf questions needed. + + * There are no long-term outstanding bugs which affect the usability of the program to a major degree. To support a package, we must be reasonably convinced that upstream supports and cares for the package. + There are 3 ubuntu open bugs, of which this is one, and no closed bugs. These are the other 2 bugs: + bug #1677865: missing dep8 tests + bug #1733554: disable a failing test, caused by new http-parser + + That last bug is a bit scarce on details. + + There are no open debian bug reports. [Dependencies] libhttp-parser2.7.1 Reverse Depends: - libhttp-parser-dev - tcpflow-nox - tcpflow - tang-nagios - tang - ruby-http-parser.rb - purple-matrix - ocserv - jabberd2 - libgit2-26 - + libhttp-parser-dev + tcpflow-nox + tcpflow + tang-nagios + tang + ruby-http-parser.rb + purple-matrix + ocserv + jabberd2 + libgit2-26 [Standards compliance] [Maintenance] [Background information] -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1638957 Title: [MIR] http-parser, dependency of sssd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1638957] Re: [MIR] http-parser, dependency of sssd
** Description changed: [Availability] Package is in universe since trusty: $ rmadison http-parser http-parser | 2.1-2 | trusty/universe | source http-parser | 2.1-2 | xenial/universe | source http-parser | 2.1-2 | artful/universe | source http-parser | 2.7.1-2 | bionic/universe | source + + Upstream: https://github.com/nodejs/http-parser [Rationale] sssd uses http-parser in its sssd-secrets service [https://docs.pagure.org/SSSD.sssd/design_pages/secrets_service.html], which has a REST API over a unix socket. The Debian sssd package has the secrets service enabled, and disabling it in the Ubuntu package is part of the delta we carry. The secrets service can be used as a generic key/value database for secrets, and one of its users is a kerberos KDC via KCM (Kerberos Cache Manager), implemented by sssd-kcm. sssd-secrets is unix socket activated and won't be running until there is a connection to that socket. The goal of this MIR is then twofold: a) drop a delta we have with regards to debian b) provide the sssd-secrets service for Ubuntu users [Security] + ubuntu-security review in comment https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/comments/9 [Quality assurance] [Dependencies] [Standards compliance] [Maintenance] [Background information] ** Description changed: [Availability] Package is in universe since trusty: $ rmadison http-parser http-parser | 2.1-2 | trusty/universe | source http-parser | 2.1-2 | xenial/universe | source http-parser | 2.1-2 | artful/universe | source http-parser | 2.7.1-2 | bionic/universe | source Upstream: https://github.com/nodejs/http-parser [Rationale] sssd uses http-parser in its sssd-secrets service [https://docs.pagure.org/SSSD.sssd/design_pages/secrets_service.html], which has a REST API over a unix socket. The Debian sssd package has the secrets service enabled, and disabling it in the Ubuntu package is part of the delta we carry. The secrets service can be used as a generic key/value database for secrets, and one of its users is a kerberos KDC via KCM (Kerberos Cache Manager), implemented by sssd-kcm. sssd-secrets is unix socket activated and won't be running until there is a connection to that socket. The goal of this MIR is then twofold: a) drop a delta we have with regards to debian b) provide the sssd-secrets service for Ubuntu users [Security] ubuntu-security review in comment https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/comments/9 + There are still no CVEs for http-parser or libhttp-parser. + + [Quality assurance] [Dependencies] [Standards compliance] [Maintenance] [Background information] ** Description changed: [Availability] Package is in universe since trusty: $ rmadison http-parser http-parser | 2.1-2 | trusty/universe | source http-parser | 2.1-2 | xenial/universe | source http-parser | 2.1-2 | artful/universe | source http-parser | 2.7.1-2 | bionic/universe | source Upstream: https://github.com/nodejs/http-parser [Rationale] sssd uses http-parser in its sssd-secrets service [https://docs.pagure.org/SSSD.sssd/design_pages/secrets_service.html], which has a REST API over a unix socket. The Debian sssd package has the secrets service enabled, and disabling it in the Ubuntu package is part of the delta we carry. The secrets service can be used as a generic key/value database for secrets, and one of its users is a kerberos KDC via KCM (Kerberos Cache Manager), implemented by sssd-kcm. sssd-secrets is unix socket activated and won't be running until there is a connection to that socket. The goal of this MIR is then twofold: a) drop a delta we have with regards to debian b) provide the sssd-secrets service for Ubuntu users [Security] ubuntu-security review in comment https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/comments/9 There are still no CVEs for http-parser or libhttp-parser. - [Quality assurance] [Dependencies] + libhttp-parser2.7.1 + Reverse Depends: + libhttp-parser-dev + tcpflow-nox + tcpflow + tang-nagios + tang + ruby-http-parser.rb + purple-matrix + ocserv + jabberd2 + libgit2-26 + [Standards compliance] [Maintenance] [Background information] -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1638957 Title: [MIR] http-parser, dependency of sssd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1638957] Re: [MIR] http-parser, dependency of sssd
** Description changed: [Availability] Package is in universe since trusty: $ rmadison http-parser - http-parser | 2.1-2 | trusty/universe | source - http-parser | 2.1-2 | xenial/universe | source - http-parser | 2.1-2 | artful/universe | source - http-parser | 2.7.1-2 | bionic/universe | source - + http-parser | 2.1-2 | trusty/universe | source + http-parser | 2.1-2 | xenial/universe | source + http-parser | 2.1-2 | artful/universe | source + http-parser | 2.7.1-2 | bionic/universe | source [Rationale] + sssd uses http-parser in its sssd-secrets service [https://docs.pagure.org/SSSD.sssd/design_pages/secrets_service.html], which has a REST API over a unix socket. + + The Debian sssd package has the secrets service enabled, and disabling + it in the Ubuntu package is part of the delta we carry. + + The secrets service can be used as a generic key/value database for + secrets, and one of its users is a kerberos KDC via KCM (Kerberos Cache + Manager), implemented by sssd-kcm. + + sssd-secrets is unix socket activated and won't be running until there + is a connection to that socket. + + The goal of this MIR is then twofold: + a) drop a delta we have with regards to debian + b) provide the sssd-secrets service for Ubuntu users [Security] [Quality assurance] [Dependencies] [Standards compliance] [Maintenance] [Background information] -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1638957 Title: [MIR] http-parser, dependency of sssd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs