date:20180308

[Bug 1729536] Re: InnoDB: Failing assertion: sym_node->table != NULL

2018-03-08 Thread Andreas Hasenack

The new upstream bug (88844) is unfortunately private and I can't see
its state.

-- 
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to mysql-5.7 in Ubuntu.
Matching subscriptions: main
https://bugs.launchpad.net/bugs/1729536

Title:
  InnoDB: Failing assertion: sym_node->table != NULL

To manage notifications about this bug go to:
https://bugs.launchpad.net/mysql-server/+bug/1729536/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 216847] Re: sshd will not start at boot if ListenAddress is set, because network interface is not yet up

2018-03-08 Thread Andreas Hasenack

Upstream server about using IP_FREEBIND:
https://bugzilla.mindrot.org/show_bug.cgi?id=2512

** Bug watch added: OpenSSH Portable Bugzilla #2512
   https://bugzilla.mindrot.org/show_bug.cgi?id=2512

** Also affects: openssh via
   https://bugzilla.mindrot.org/show_bug.cgi?id=2512
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/216847

Title:
  sshd will not start at boot if ListenAddress is set, because network
  interface is not yet up

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/216847/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1638957] Re: [MIR] http-parser, dependency of sssd

2018-03-08 Thread Andreas Hasenack

** Description changed:

  [Availability]
  Package is in universe since trusty:
  
  $ rmadison http-parser
   http-parser | 2.1-2   | trusty/universe | source
   http-parser | 2.1-2   | xenial/universe | source
   http-parser | 2.1-2   | artful/universe | source
   http-parser | 2.7.1-2 | bionic/universe | source
  
  Upstream: https://github.com/nodejs/http-parser
  
  [Rationale]
  sssd uses http-parser in its sssd-secrets service 
[https://docs.pagure.org/SSSD.sssd/design_pages/secrets_service.html], which 
has a REST API over a unix socket.
  
  The Debian sssd package has the secrets service enabled, and disabling
  it in the Ubuntu package is part of the delta we carry.
  
  The secrets service can be used as a generic key/value database for
  secrets, and one of its users is a kerberos KDC via KCM (Kerberos Cache
  Manager), implemented by sssd-kcm.
  
  sssd-secrets is unix socket activated and won't be running until there
  is a connection to that socket.
  
  The goal of this MIR is then twofold:
  a) drop a delta we have with regards to debian
  b) provide the sssd-secrets service for Ubuntu users
  
+ bug #1754365 has an MP and tests for the sssd-secrets service.
+ 
  [Security]
  ubuntu-security review in comment 
https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/comments/9
  
  There are still no CVEs for http-parser or libhttp-parser.
  
  OSS security mailing list search returns no hits for http-parser or
  libhttp-parser
  
  No hits on the Ubuntu CVE Tracker.
  
  No security relevant binaries in the package. The only indirect security
  implication is that this enables a new service in sssd: sssd-secrets,
  used to store secrets by wanting applications.
- 
  
  [Quality assurance]
   * After installing the package it must be possible to make it working with a 
reasonable effort of configuration and documentation reading.
  It's a library and it installs without further configuration.
  
   * The package must not ask debconf questions higher than medium if it is 
going to be installed by default. The debconf questions must have reasonable 
defaults.
  There are no debconf questions needed.
  
   * There are no long-term outstanding bugs which affect the usability of the 
program to a major degree. To support a package, we must be reasonably 
convinced that upstream supports and cares for the package.
  There are 3 ubuntu open bugs, of which this is one, and no closed bugs. These 
are the other 2 bugs:
  bug #1677865: missing dep8 tests
  bug #1733554: disable a failing test, caused by new http-parser
  
  That last bug is a bit scarce on details.
  
   * The status of important bugs in Debian's, Ubuntu's, and upstream's
  bug tracking systems must be evaluated. Important bugs must be pointed
  out and discussed in the MIR report.
  
  Debian has the same bug open regarding the failing test:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882308
  
  There are, as of now, 27 open issues in upstream's bug tracker:
  https://github.com/nodejs/http-parser/issues
  
   * The package is maintained well in Debian/Ubuntu (check out the Debian PTS)
  The low number of bugs may indicate it's not used a lot, or that it's not 
maintained at all.
  
  A good number of upstream bugs have feedback.
  
  * The package should not deal with exotic hardware which we cannot support.
  Not the case here.
  
  * If the package ships a test suite, and there is no obvious reason why it 
cannot work during build (e. g. it needs root privileges or network access), it 
should be run during package build, and a failing test suite should fail the 
build.
  The test suite runs at package build time:
     dh_auto_test
   make -j4 test
  make[1]: Entering directory '/home/ubuntu/http-parser-2.7.1'
  cc -Wdate-time -D_FORTIFY_SOURCE=2 -I. -DHTTP_PARSER_STRICT=1  -g -O2 
-fdebug-prefix-map=/home/ubuntu/http-parser-2.7.1=. -fstack-protector-strong 
-Wformat -Werror=format-security -Wall -Wextra -Werror -O0 -g  -c http_parser.c 
-o http_parser_g.o
  cc -Wdate-time -D_FORTIFY_SOURCE=2 -I. -DHTTP_PARSER_STRICT=1  -g -O2 -(...)
  ./test_g
  http_parser v2.7.1 (0x020701)
  sizeof(http_parser) = 32
  response scan 1/2  100%
  response scan 2/2  100%
  responses okay
  request scan 1/4  100%
  request scan 2/4  100%
  request scan 3/4  100%
  request scan 4/4  100%
  requests okay
  ./test_fast
  http_parser v2.7.1 (0x020701)
  sizeof(http_parser) = 32
  response scan 1/2  100%
  response scan 2/2  100%
  responses okay
  request scan 1/4  100%
  request scan 2/4  100%
  request scan 3/4  100%
  request scan 4/4  100%
  requests okay
  
  * The package uses a debian/watch file whenever possible. In cases where this 
is not possible (e. g. native packages), the package should either provide a 
debian/README.source file or a debian/watch file (with comments only) providing 
clear instructions on how to generate the source tar file.
  There is a debian/watch file:
  version=3
  
  https://github.com/joyent/htt

[Bug 1638957] Re: [MIR] http-parser, dependency of sssd

2018-03-08 Thread Andreas Hasenack

** Tags removed: zesty
** Tags added: bionic

-- 
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1638957

Title:
  [MIR] http-parser, dependency of sssd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1754365] Re: [FFe]: Enable sssd-secrets service

2018-03-08 Thread Andreas Hasenack

** Description changed:

  Please enable the sssd-secrets service. This needs the MIR for http-
  parser (#1638957) to pass.
  
+ [Rationale]
+ From the MIR bug (#1638957):
+ The Debian sssd package has the secrets service enabled, and disabling it in 
the Ubuntu package is part of the delta we carry.
+ 
+ The secrets service can be used as a generic key/value database for
+ secrets, and one of its consumers is a kerberos KDC via KCM (Kerberos
+ Cache Manager), implemented by sssd-kcm. sssd-kcm gives users an option
+ to store the credentials in a cache that persists reboots, as opposed to
+ when it's stored in the kernel keyring or in /tmp, when that is a tmpfs.
+ 
+ sssd-secrets can also use a remote Custodia
+ [https://github.com/simo5/custodia] (in Universe) server to store its
+ secrets there.
+ 
+ sssd-secrets is unix socket activated and won't be running until there
+ is a connection to that socket.
+ 
+ 
  [Testing]
- This is the testing that was done.
- During testing, I found a related bug and filed a bug in debian about it with 
a related MP in salsa (https://bugs.debian.org/892315).
+ This is the testing that was done. Only the local store was tested, not the 
Custodia remote server case.
+ 
+ During testing, I found a related bug and filed a bug in debian about it
+ with a related MP in salsa (https://bugs.debian.org/892315).
  
  Quick simple test
  =
  sudo add-apt-repository -y -u ppa:ahasenack/sssd-secrets-1638957
  sudo apt install sssd
  
  # Store a secret
  $ curl -H "Content-Type: application/json" --unix-socket 
/var/run/secrets.socket -XPUT http://localhost/secrets/foo 
-d'{"type":"simple","value":"foosecret"}';echo
  
  
  200 OK
  
  OK
  Success
  
  
  # retrieve the secret
  $ curl -H "Content-Type: application/json" --unix-socket 
/var/run/secrets.socket -XGET http://localhost/secrets/foo;echo
  {
- "type": "simple",
- "value": "foosecret"
+ "type": "simple",
+ "value": "foosecret"
  }
  
  # try to retrieve the same secret but as a different user won't work because 
secrets are per user
  $ sudo curl -H "Content-Type: application/json" --unix-socket 
/var/run/secrets.socket -XGET http://localhost/secrets/foo;echo
  
  
  404 Not Found
  
  Not Found
  The requested resource was not found.
  
  
  Extended test
  =
  This is a more extended version of this verification and it tests the 
integration of the secrets service between three services: the secrets service 
itself, MIT kerberos client libraries, and the sssd-kcm service (kerberos cache 
manager).
  
  sudo add-apt-repository -y -u ppa:ahasenack/sssd-secrets-1638957
  sudo apt install sssd sssd-kcm
  
  # use EXAMPLE.COM for the kerberos realm, and localhost for the admin and kdc 
servers, when prompted
  sudo apt install krb5-user krb5-kdc krb5-admin-server
  
  # the kdc will fail to start because there is no realm yet, that's ok. We 
will create it now. Use whatever password you want
  sudo krb5_newrealm
  
  # create a kerberos principal. This uses "secret" as a password
  sudo kadmin.local -q "addprinc -pw secret ubuntu"
  
  # edit /etc/krb5.conf and tell the library to use KCM by default
  [libdefaults]
- default_ccache_name = KCM: # <-- add this line
+ default_ccache_name = KCM: # <-- add this line
  
  # create /etc/sssd/sssd.conf with these contents:
  [sssd]
  config_file_version = 2
  services = pam
  domains = example.com
  
  [pam]
  
  [domain/example.com]
  id_provider = proxy
  proxy_lib_name = files
  auth_provider = krb5
  krb5_server = localhost
  krb5_realm = EXAMPLE.COM
  
  # adjust permissions
  sudo chmod 0600 /etc/sssd/sssd.conf
  sudo chown root:root /etc/sssd/sssd.conf
  
  # (re)start sssd
  sudo systemctl restart sssd
  
  # test getting a ticket for "ubuntu". Notice how the cache is using "KCM":
  ubuntu@bionic-sssd-http-parser:~$ kinit
  Password for ubu...@example.com:
  
  ubuntu@bionic-sssd-http-parser:~$ klist
  Ticket cache: KCM:1000
  Default principal: ubu...@example.com
  
  Valid starting Expires Service principal
  03/08/18 13:09:12 03/08/18 23:09:12 krbtgt/example@example.com
-  renew until 03/09/18 13:09:10
+  renew until 03/09/18 13:09:10
  
  # install ldb-tools
  sudo apt install ldb-tools
  
  # perform a search on the secrets database to see the entry created by kcm
  $ sudo ldbsearch -H /var/lib/sss/secrets/secrets.ldb cn
  # record 1
  dn: 
cn=3615a3ca-b857-4ee6-ae70-3a82485276b3-1000,cn=ccache,cn=1000,cn=persistent,cn=kcm
  
  # record 2
  dn: cn=ccache,cn=1000,cn=persistent,cn=kcm
  
  # returned 2 records
  # 2 entries
  # 0 referrals
  
  # destroy the kerberos ticket and confirm it's gone from the secrets database
  ubuntu@bionic-sssd-http-parser:~$ kdestroy
  ubuntu@bionic-sssd-http-parser:~$ sudo ldbsearch -H 
/var/lib/sss/secrets/secrets.ldb cn
  # returned 0 records
  # 0 entries
  # 0 referrals

-- 
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed t

[Bug 1752660] Re: python-cryptography missing cffi dependency

2018-03-08 Thread Corey Bryant

I've marked this incomplete until we can recreate it.

** Changed in: python-cryptography (Ubuntu Bionic)
   Status: Fix Released => Incomplete

** No longer affects: python-cryptography (Ubuntu Artful)

** No longer affects: python-cryptography (Ubuntu)

** No longer affects: python-cryptography (Ubuntu Xenial)

** No longer affects: python-cryptography (Ubuntu Bionic)

** Also affects: python-cryptography (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: python-cryptography (Ubuntu)
   Status: New => Incomplete

** No longer affects: cloud-archive

** No longer affects: cloud-archive/mitaka

** No longer affects: cloud-archive/newton

** No longer affects: cloud-archive/ocata

** No longer affects: cloud-archive/queens

** No longer affects: cloud-archive/pike

-- 
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to python-cryptography in Ubuntu.
https://bugs.launchpad.net/bugs/1752660

Title:
  python-cryptography missing cffi dependency

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-cryptography/+bug/1752660/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1754365] [NEW] [FFe]: Enable sssd-secrets service

2018-03-08 Thread Andreas Hasenack

Public bug reported:

Please enable the sssd-secrets service. This needs the MIR for http-
parser (#1638957) to pass.

[Rationale]
>From the MIR bug (#1638957):
The Debian sssd package has the secrets service enabled, and disabling it in 
the Ubuntu package is part of the delta we carry.

The secrets service can be used as a generic key/value database for
secrets, and one of its consumers is a kerberos KDC via KCM (Kerberos
Cache Manager), implemented by sssd-kcm. sssd-kcm gives users an option
to store the credentials in a cache that persists reboots, as opposed to
when it's stored in the kernel keyring or in /tmp, when that is a tmpfs.

sssd-secrets can also use a remote Custodia
[https://github.com/simo5/custodia] (in Universe) server to store its
secrets there.

sssd-secrets is unix socket activated and won't be running until there
is a connection to that socket.


[Testing]
This is the testing that was done. Only the local store was tested, not the 
Custodia remote server case.

During testing, I found a related bug and filed a bug in debian about it
with a related MP in salsa (https://bugs.debian.org/892315).

Quick simple test
=
sudo add-apt-repository -y -u ppa:ahasenack/sssd-secrets-1638957
sudo apt install sssd

# Store a secret
$ curl -H "Content-Type: application/json" --unix-socket 
/var/run/secrets.socket -XPUT http://localhost/secrets/foo 
-d'{"type":"simple","value":"foosecret"}';echo


200 OK

OK
Success


# retrieve the secret
$ curl -H "Content-Type: application/json" --unix-socket 
/var/run/secrets.socket -XGET http://localhost/secrets/foo;echo
{
"type": "simple",
"value": "foosecret"
}

# try to retrieve the same secret but as a different user won't work because 
secrets are per user
$ sudo curl -H "Content-Type: application/json" --unix-socket 
/var/run/secrets.socket -XGET http://localhost/secrets/foo;echo


404 Not Found

Not Found
The requested resource was not found.


Extended test
=
This is a more extended version of this verification and it tests the 
integration of the secrets service between three services: the secrets service 
itself, MIT kerberos client libraries, and the sssd-kcm service (kerberos cache 
manager).

sudo add-apt-repository -y -u ppa:ahasenack/sssd-secrets-1638957
sudo apt install sssd sssd-kcm

# use EXAMPLE.COM for the kerberos realm, and localhost for the admin and kdc 
servers, when prompted
sudo apt install krb5-user krb5-kdc krb5-admin-server

# the kdc will fail to start because there is no realm yet, that's ok. We will 
create it now. Use whatever password you want
sudo krb5_newrealm

# create a kerberos principal. This uses "secret" as a password
sudo kadmin.local -q "addprinc -pw secret ubuntu"

# edit /etc/krb5.conf and tell the library to use KCM by default
[libdefaults]
default_ccache_name = KCM: # <-- add this line

# create /etc/sssd/sssd.conf with these contents:
[sssd]
config_file_version = 2
services = pam
domains = example.com

[pam]

[domain/example.com]
id_provider = proxy
proxy_lib_name = files
auth_provider = krb5
krb5_server = localhost
krb5_realm = EXAMPLE.COM

# adjust permissions
sudo chmod 0600 /etc/sssd/sssd.conf
sudo chown root:root /etc/sssd/sssd.conf

# (re)start sssd
sudo systemctl restart sssd

# test getting a ticket for "ubuntu". Notice how the cache is using "KCM":
ubuntu@bionic-sssd-http-parser:~$ kinit
Password for ubu...@example.com:

ubuntu@bionic-sssd-http-parser:~$ klist
Ticket cache: KCM:1000
Default principal: ubu...@example.com

Valid starting Expires Service principal
03/08/18 13:09:12 03/08/18 23:09:12 krbtgt/example@example.com
 renew until 03/09/18 13:09:10

# install ldb-tools
sudo apt install ldb-tools

# perform a search on the secrets database to see the entry created by kcm
$ sudo ldbsearch -H /var/lib/sss/secrets/secrets.ldb cn
# record 1
dn: 
cn=3615a3ca-b857-4ee6-ae70-3a82485276b3-1000,cn=ccache,cn=1000,cn=persistent,cn=kcm

# record 2
dn: cn=ccache,cn=1000,cn=persistent,cn=kcm

# returned 2 records
# 2 entries
# 0 referrals

# destroy the kerberos ticket and confirm it's gone from the secrets database
ubuntu@bionic-sssd-http-parser:~$ kdestroy
ubuntu@bionic-sssd-http-parser:~$ sudo ldbsearch -H 
/var/lib/sss/secrets/secrets.ldb cn
# returned 0 records
# 0 entries
# 0 referrals

** Affects: sssd (Ubuntu)
 Importance: Undecided
 Assignee: Andreas Hasenack (ahasenack)
 Status: In Progress

** Merge proposal linked:
   
https://code.launchpad.net/~ahasenack/ubuntu/+source/sssd/+git/sssd/+merge/341122

** Description changed:

  Please enable the sssd-secrets service. This needs the MIR for http-
  parser (#1638957) to pass.
+ 
+ [Testing]
+ This is the testing that was done.
+ During testing, I found a related bug and filed a bug in debian about it with 
a related MP in salsa (https://bugs.debian.org/892315).
+ 
+ Quick simple test
+ =
+ sudo add-apt-repository -y -u ppa:ahasenack/sssd-secrets-1638957
+ sudo apt install sssd

[Bug 1752660] Re: python-cryptography missing cffi dependency

2018-03-08 Thread Corey Bryant

Hi Graham,

I don't think this is a dependency issue. I'm going to back out the
changes I made earlier as I pulled the trigger too quickly with those.
What would be good to know is what 'buf' is set to in your scenario.
Here's a little script that hits the same path your traceback goes down.
It runs successfully on xenial-queens for me.

from cryptography.fernet import Fernet, MultiFernet
key1 = Fernet(Fernet.generate_key())
key2 = Fernet(Fernet.generate_key())
f = MultiFernet([key1, key2])
token = f.encrypt(b"Secret message!")

Thanks,
Corey

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to python-cryptography in Ubuntu.
https://bugs.launchpad.net/bugs/1752660

Title:
  python-cryptography missing cffi dependency

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1752660/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1638957] Re: [MIR] http-parser, dependency of sssd

2018-03-08 Thread Andreas Hasenack

** Description changed:

  [Availability]
  Package is in universe since trusty:
  
  $ rmadison http-parser
   http-parser | 2.1-2   | trusty/universe | source
   http-parser | 2.1-2   | xenial/universe | source
   http-parser | 2.1-2   | artful/universe | source
   http-parser | 2.7.1-2 | bionic/universe | source
  
  Upstream: https://github.com/nodejs/http-parser
  
  [Rationale]
  sssd uses http-parser in its sssd-secrets service 
[https://docs.pagure.org/SSSD.sssd/design_pages/secrets_service.html], which 
has a REST API over a unix socket.
  
  The Debian sssd package has the secrets service enabled, and disabling
  it in the Ubuntu package is part of the delta we carry.
  
  The secrets service can be used as a generic key/value database for
  secrets, and one of its users is a kerberos KDC via KCM (Kerberos Cache
  Manager), implemented by sssd-kcm.
  
  sssd-secrets is unix socket activated and won't be running until there
  is a connection to that socket.
  
  The goal of this MIR is then twofold:
  a) drop a delta we have with regards to debian
  b) provide the sssd-secrets service for Ubuntu users
  
  [Security]
  ubuntu-security review in comment 
https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/comments/9
  
  There are still no CVEs for http-parser or libhttp-parser.
  
  [Quality assurance]
   * After installing the package it must be possible to make it working with a 
reasonable effort of configuration and documentation reading.
  It's a library and it installs without further configuration.
  
   * The package must not ask debconf questions higher than medium if it is 
going to be installed by default. The debconf questions must have reasonable 
defaults.
  There are no debconf questions needed.
  
   * There are no long-term outstanding bugs which affect the usability of the 
program to a major degree. To support a package, we must be reasonably 
convinced that upstream supports and cares for the package.
  There are 3 ubuntu open bugs, of which this is one, and no closed bugs. These 
are the other 2 bugs:
  bug #1677865: missing dep8 tests
  bug #1733554: disable a failing test, caused by new http-parser
  
  That last bug is a bit scarce on details.
  
   * The status of important bugs in Debian's, Ubuntu's, and upstream's
  bug tracking systems must be evaluated. Important bugs must be pointed
  out and discussed in the MIR report.
  
- There are no open debian bug reports.
+ Debian has the same bug open regarding the failing test:
+ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882308
  
  There are, as of now, 27 open issues in upstream's bug tracker:
  https://github.com/nodejs/http-parser/issues
  
   * The package is maintained well in Debian/Ubuntu (check out the Debian PTS)
  The low number of bugs may indicate it's not used a lot, or that it's not 
maintained at all.
  
  A good number of upstream bugs have feedback.
  
  * The package should not deal with exotic hardware which we cannot support.
  Not the case here.
  
  * If the package ships a test suite, and there is no obvious reason why it 
cannot work during build (e. g. it needs root privileges or network access), it 
should be run during package build, and a failing test suite should fail the 
build.
  The test suite runs at package build time:
     dh_auto_test
   make -j4 test
  make[1]: Entering directory '/home/ubuntu/http-parser-2.7.1'
  cc -Wdate-time -D_FORTIFY_SOURCE=2 -I. -DHTTP_PARSER_STRICT=1  -g -O2 
-fdebug-prefix-map=/home/ubuntu/http-parser-2.7.1=. -fstack-protector-strong 
-Wformat -Werror=format-security -Wall -Wextra -Werror -O0 -g  -c http_parser.c 
-o http_parser_g.o
  cc -Wdate-time -D_FORTIFY_SOURCE=2 -I. -DHTTP_PARSER_STRICT=1  -g -O2 -(...)
  ./test_g
  http_parser v2.7.1 (0x020701)
  sizeof(http_parser) = 32
  response scan 1/2  100%
  response scan 2/2  100%
  responses okay
  request scan 1/4  100%
  request scan 2/4  100%
  request scan 3/4  100%
  request scan 4/4  100%
  requests okay
  ./test_fast
  http_parser v2.7.1 (0x020701)
  sizeof(http_parser) = 32
  response scan 1/2  100%
  response scan 2/2  100%
  responses okay
  request scan 1/4  100%
  request scan 2/4  100%
  request scan 3/4  100%
  request scan 4/4  100%
  requests okay
  
- [Dependencies]
- libhttp-parser2.7.1
- Reverse Depends:
-   libhttp-parser-dev
-   tcpflow-nox
-   tcpflow
-   tang-nagios
-   tang
-   ruby-http-parser.rb
-   purple-matrix
-   ocserv
-   jabberd2
-   libgit2-26
- 
  
  * The package uses a debian/watch file whenever possible. In cases where this 
is not possible (e. g. native packages), the package should either provide a 
debian/README.source file or a debian/watch file (with comments only) providing 
clear instructions on how to generate the source tar file.
  There is a debian/watch file:
  version=3
  
  https://github.com/joyent/http-parser/tags
  .*/v?(\d.*)\.(?:tgz|tbz2|tar\.(?:gz|bz2|xz))
  
- 
  * The package should not rely on obsolete or about to be demoted packa

[Bug 1638957] Re: [MIR] http-parser, dependency of sssd

2018-03-08 Thread Andreas Hasenack

** Description changed:

  [Availability]
  Package is in universe since trusty:
  
  $ rmadison http-parser
   http-parser | 2.1-2   | trusty/universe | source
   http-parser | 2.1-2   | xenial/universe | source
   http-parser | 2.1-2   | artful/universe | source
   http-parser | 2.7.1-2 | bionic/universe | source
  
  Upstream: https://github.com/nodejs/http-parser
  
  [Rationale]
  sssd uses http-parser in its sssd-secrets service 
[https://docs.pagure.org/SSSD.sssd/design_pages/secrets_service.html], which 
has a REST API over a unix socket.
  
  The Debian sssd package has the secrets service enabled, and disabling
  it in the Ubuntu package is part of the delta we carry.
  
  The secrets service can be used as a generic key/value database for
  secrets, and one of its users is a kerberos KDC via KCM (Kerberos Cache
  Manager), implemented by sssd-kcm.
  
  sssd-secrets is unix socket activated and won't be running until there
  is a connection to that socket.
  
  The goal of this MIR is then twofold:
  a) drop a delta we have with regards to debian
  b) provide the sssd-secrets service for Ubuntu users
  
  [Security]
  ubuntu-security review in comment 
https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/comments/9
  
  There are still no CVEs for http-parser or libhttp-parser.
  
  [Quality assurance]
-  * After installing the package it must be possible to make it working with a 
reasonable effort of configuration and documentation reading.
+  * After installing the package it must be possible to make it working with a 
reasonable effort of configuration and documentation reading.
  It's a library and it installs without further configuration.
  
-  * The package must not ask debconf questions higher than medium if it is 
going to be installed by default. The debconf questions must have reasonable 
defaults.
+  * The package must not ask debconf questions higher than medium if it is 
going to be installed by default. The debconf questions must have reasonable 
defaults.
  There are no debconf questions needed.
  
-  * There are no long-term outstanding bugs which affect the usability of the 
program to a major degree. To support a package, we must be reasonably 
convinced that upstream supports and cares for the package.
+  * There are no long-term outstanding bugs which affect the usability of the 
program to a major degree. To support a package, we must be reasonably 
convinced that upstream supports and cares for the package.
  There are 3 ubuntu open bugs, of which this is one, and no closed bugs. These 
are the other 2 bugs:
  bug #1677865: missing dep8 tests
  bug #1733554: disable a failing test, caused by new http-parser
  
  That last bug is a bit scarce on details.
  
+  * The status of important bugs in Debian's, Ubuntu's, and upstream's
+ bug tracking systems must be evaluated. Important bugs must be pointed
+ out and discussed in the MIR report.
+ 
  There are no open debian bug reports.
+ 
+ There are, as of now, 27 open issues in upstream's bug tracker:
+ https://github.com/nodejs/http-parser/issues
+ 
+ 
+  * The package is maintained well in Debian/Ubuntu (check out the Debian PTS)
+ The low number of bugs may indicate it's not used a lot, or that it's not 
maintained at all.
+ 
+ A good number of upstream bugs have feedback.
+ 
+ 
+ * The package should not deal with exotic hardware which we cannot support.
+ Not the case here.
+ 
+ 
+ * If the package ships a test suite, and there is no obvious reason why it 
cannot work during build (e. g. it needs root privileges or network access), it 
should be run during package build, and a failing test suite should fail the 
build.
+ The test suite runs at package build time:
+dh_auto_test
+   make -j4 test
+ make[1]: Entering directory '/home/ubuntu/http-parser-2.7.1'
+ cc -Wdate-time -D_FORTIFY_SOURCE=2 -I. -DHTTP_PARSER_STRICT=1  -g -O2 
-fdebug-prefix-map=/home/ubuntu/http-parser-2.7.1=. -fstack-protector-strong 
-Wformat -Werror=format-security -Wall -Wextra -Werror -O0 -g  -c http_parser.c 
-o http_parser_g.o
+ cc -Wdate-time -D_FORTIFY_SOURCE=2 -I. -DHTTP_PARSER_STRICT=1  -g -O2 -(...)
+ ./test_g
+ http_parser v2.7.1 (0x020701)
+ sizeof(http_parser) = 32
+ response scan 1/2  100%
+ response scan 2/2  100%
+ responses okay
+ request scan 1/4  100%
+ request scan 2/4  100%
+ request scan 3/4  100%
+ request scan 4/4  100%
+ requests okay
+ ./test_fast
+ http_parser v2.7.1 (0x020701)
+ sizeof(http_parser) = 32
+ response scan 1/2  100%
+ response scan 2/2  100%
+ responses okay
+ request scan 1/4  100%
+ request scan 2/4  100%
+ request scan 3/4  100%
+ request scan 4/4  100%
+ requests okay
+ 
  
  [Dependencies]
  libhttp-parser2.7.1
  Reverse Depends:
    libhttp-parser-dev
    tcpflow-nox
    tcpflow
    tang-nagios
    tang
    ruby-http-parser.rb
    purple-matrix
    ocserv
    jabberd2
    libgit2-26
  
  [Standards compliance]
  
  [Maintenance]
  
  [Background information]

** Description changed:

[Bug 1638957] Re: [MIR] http-parser, dependency of sssd

2018-03-08 Thread Andreas Hasenack

** Description changed:

  [Availability]
  Package is in universe since trusty:
  
  $ rmadison http-parser
   http-parser | 2.1-2   | trusty/universe | source
   http-parser | 2.1-2   | xenial/universe | source
   http-parser | 2.1-2   | artful/universe | source
   http-parser | 2.7.1-2 | bionic/universe | source
  
  Upstream: https://github.com/nodejs/http-parser
  
  [Rationale]
  sssd uses http-parser in its sssd-secrets service 
[https://docs.pagure.org/SSSD.sssd/design_pages/secrets_service.html], which 
has a REST API over a unix socket.
  
  The Debian sssd package has the secrets service enabled, and disabling
  it in the Ubuntu package is part of the delta we carry.
  
  The secrets service can be used as a generic key/value database for
  secrets, and one of its users is a kerberos KDC via KCM (Kerberos Cache
  Manager), implemented by sssd-kcm.
  
  sssd-secrets is unix socket activated and won't be running until there
  is a connection to that socket.
  
  The goal of this MIR is then twofold:
  a) drop a delta we have with regards to debian
  b) provide the sssd-secrets service for Ubuntu users
  
  [Security]
  ubuntu-security review in comment 
https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/comments/9
  
  There are still no CVEs for http-parser or libhttp-parser.
  
  [Quality assurance]
+  * After installing the package it must be possible to make it working with a 
reasonable effort of configuration and documentation reading.
+ It's a library and it installs without further configuration.
+ 
+  * The package must not ask debconf questions higher than medium if it is 
going to be installed by default. The debconf questions must have reasonable 
defaults.
+ There are no debconf questions needed.
+ 
+  * There are no long-term outstanding bugs which affect the usability of the 
program to a major degree. To support a package, we must be reasonably 
convinced that upstream supports and cares for the package.
+ There are 3 ubuntu open bugs, of which this is one, and no closed bugs. These 
are the other 2 bugs:
+ bug #1677865: missing dep8 tests
+ bug #1733554: disable a failing test, caused by new http-parser
+ 
+ That last bug is a bit scarce on details.
+ 
+ There are no open debian bug reports.
  
  [Dependencies]
  libhttp-parser2.7.1
  Reverse Depends:
-   libhttp-parser-dev
-   tcpflow-nox
-   tcpflow
-   tang-nagios
-   tang
-   ruby-http-parser.rb
-   purple-matrix
-   ocserv
-   jabberd2
-   libgit2-26
- 
+   libhttp-parser-dev
+   tcpflow-nox
+   tcpflow
+   tang-nagios
+   tang
+   ruby-http-parser.rb
+   purple-matrix
+   ocserv
+   jabberd2
+   libgit2-26
  
  [Standards compliance]
  
  [Maintenance]
  
  [Background information]

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1638957

Title:
  [MIR] http-parser, dependency of sssd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1638957] Re: [MIR] http-parser, dependency of sssd

2018-03-08 Thread Andreas Hasenack

** Description changed:

  [Availability]
  Package is in universe since trusty:
  
  $ rmadison http-parser
   http-parser | 2.1-2   | trusty/universe | source
   http-parser | 2.1-2   | xenial/universe | source
   http-parser | 2.1-2   | artful/universe | source
   http-parser | 2.7.1-2 | bionic/universe | source
+ 
+ Upstream: https://github.com/nodejs/http-parser
  
  [Rationale]
  sssd uses http-parser in its sssd-secrets service 
[https://docs.pagure.org/SSSD.sssd/design_pages/secrets_service.html], which 
has a REST API over a unix socket.
  
  The Debian sssd package has the secrets service enabled, and disabling
  it in the Ubuntu package is part of the delta we carry.
  
  The secrets service can be used as a generic key/value database for
  secrets, and one of its users is a kerberos KDC via KCM (Kerberos Cache
  Manager), implemented by sssd-kcm.
  
  sssd-secrets is unix socket activated and won't be running until there
  is a connection to that socket.
  
  The goal of this MIR is then twofold:
  a) drop a delta we have with regards to debian
  b) provide the sssd-secrets service for Ubuntu users
  
  [Security]
+ ubuntu-security review in comment 
https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/comments/9
  
  [Quality assurance]
  
  [Dependencies]
  
  [Standards compliance]
  
  [Maintenance]
  
  [Background information]

** Description changed:

  [Availability]
  Package is in universe since trusty:
  
  $ rmadison http-parser
   http-parser | 2.1-2   | trusty/universe | source
   http-parser | 2.1-2   | xenial/universe | source
   http-parser | 2.1-2   | artful/universe | source
   http-parser | 2.7.1-2 | bionic/universe | source
  
  Upstream: https://github.com/nodejs/http-parser
  
  [Rationale]
  sssd uses http-parser in its sssd-secrets service 
[https://docs.pagure.org/SSSD.sssd/design_pages/secrets_service.html], which 
has a REST API over a unix socket.
  
  The Debian sssd package has the secrets service enabled, and disabling
  it in the Ubuntu package is part of the delta we carry.
  
  The secrets service can be used as a generic key/value database for
  secrets, and one of its users is a kerberos KDC via KCM (Kerberos Cache
  Manager), implemented by sssd-kcm.
  
  sssd-secrets is unix socket activated and won't be running until there
  is a connection to that socket.
  
  The goal of this MIR is then twofold:
  a) drop a delta we have with regards to debian
  b) provide the sssd-secrets service for Ubuntu users
  
  [Security]
  ubuntu-security review in comment 
https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/comments/9
  
+ There are still no CVEs for http-parser or libhttp-parser.
+ 
+ 
  [Quality assurance]
  
  [Dependencies]
  
  [Standards compliance]
  
  [Maintenance]
  
  [Background information]

** Description changed:

  [Availability]
  Package is in universe since trusty:
  
  $ rmadison http-parser
   http-parser | 2.1-2   | trusty/universe | source
   http-parser | 2.1-2   | xenial/universe | source
   http-parser | 2.1-2   | artful/universe | source
   http-parser | 2.7.1-2 | bionic/universe | source
  
  Upstream: https://github.com/nodejs/http-parser
  
  [Rationale]
  sssd uses http-parser in its sssd-secrets service 
[https://docs.pagure.org/SSSD.sssd/design_pages/secrets_service.html], which 
has a REST API over a unix socket.
  
  The Debian sssd package has the secrets service enabled, and disabling
  it in the Ubuntu package is part of the delta we carry.
  
  The secrets service can be used as a generic key/value database for
  secrets, and one of its users is a kerberos KDC via KCM (Kerberos Cache
  Manager), implemented by sssd-kcm.
  
  sssd-secrets is unix socket activated and won't be running until there
  is a connection to that socket.
  
  The goal of this MIR is then twofold:
  a) drop a delta we have with regards to debian
  b) provide the sssd-secrets service for Ubuntu users
  
  [Security]
  ubuntu-security review in comment 
https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/comments/9
  
  There are still no CVEs for http-parser or libhttp-parser.
  
- 
  [Quality assurance]
  
  [Dependencies]
+ libhttp-parser2.7.1
+ Reverse Depends:
+   libhttp-parser-dev
+   tcpflow-nox
+   tcpflow
+   tang-nagios
+   tang
+   ruby-http-parser.rb
+   purple-matrix
+   ocserv
+   jabberd2
+   libgit2-26
+ 
  
  [Standards compliance]
  
  [Maintenance]
  
  [Background information]

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1638957

Title:
  [MIR] http-parser, dependency of sssd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1638957] Re: [MIR] http-parser, dependency of sssd

2018-03-08 Thread Andreas Hasenack

** Description changed:

  [Availability]
  Package is in universe since trusty:
  
  $ rmadison http-parser
-  http-parser | 2.1-2   | trusty/universe | source
-  http-parser | 2.1-2   | xenial/universe | source
-  http-parser | 2.1-2   | artful/universe | source
-  http-parser | 2.7.1-2 | bionic/universe | source
- 
+  http-parser | 2.1-2   | trusty/universe | source
+  http-parser | 2.1-2   | xenial/universe | source
+  http-parser | 2.1-2   | artful/universe | source
+  http-parser | 2.7.1-2 | bionic/universe | source
  
  [Rationale]
+ sssd uses http-parser in its sssd-secrets service 
[https://docs.pagure.org/SSSD.sssd/design_pages/secrets_service.html], which 
has a REST API over a unix socket.
+ 
+ The Debian sssd package has the secrets service enabled, and disabling
+ it in the Ubuntu package is part of the delta we carry.
+ 
+ The secrets service can be used as a generic key/value database for
+ secrets, and one of its users is a kerberos KDC via KCM (Kerberos Cache
+ Manager), implemented by sssd-kcm.
+ 
+ sssd-secrets is unix socket activated and won't be running until there
+ is a connection to that socket.
+ 
+ The goal of this MIR is then twofold:
+ a) drop a delta we have with regards to debian
+ b) provide the sssd-secrets service for Ubuntu users
  
  [Security]
  
  [Quality assurance]
  
  [Dependencies]
  
  [Standards compliance]
  
  [Maintenance]
  
  [Background information]

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1638957

Title:
  [MIR] http-parser, dependency of sssd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1729536] Re: InnoDB: Failing assertion: sym_node->table != NULL

[Bug 216847] Re: sshd will not start at boot if ListenAddress is set, because network interface is not yet up

[Bug 1638957] Re: [MIR] http-parser, dependency of sssd

[Bug 1638957] Re: [MIR] http-parser, dependency of sssd

[Bug 1754365] Re: [FFe]: Enable sssd-secrets service

[Bug 1752660] Re: python-cryptography missing cffi dependency

[Bug 1754365] [NEW] [FFe]: Enable sssd-secrets service

[Bug 1752660] Re: python-cryptography missing cffi dependency

[Bug 1638957] Re: [MIR] http-parser, dependency of sssd

[Bug 1638957] Re: [MIR] http-parser, dependency of sssd

[Bug 1638957] Re: [MIR] http-parser, dependency of sssd

[Bug 1638957] Re: [MIR] http-parser, dependency of sssd

[Bug 1638957] Re: [MIR] http-parser, dependency of sssd

13 matches

Site Navigation

Mail list logo

Footer information