[Bug 1823458] Please test proposed package
Hello Dan, or anyone else affected, Accepted qemu into mitaka-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository. Please help us by testing this new package. To enable the -proposed repository: sudo add-apt-repository cloud-archive:mitaka-proposed sudo apt-get update Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-mitaka-needed to verification-mitaka-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-mitaka-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: cloud-archive/mitaka Status: Triaged => Fix Committed ** Tags added: verification-mitaka-needed -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1823458 Title: race condition between vhost_net_stop and CHR_EVENT_CLOSED on shutdown crashes qemu To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1823458/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1823458] Please test proposed package
Hello Dan, or anyone else affected, Accepted qemu into ocata-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository. Please help us by testing this new package. To enable the -proposed repository: sudo add-apt-repository cloud-archive:ocata-proposed sudo apt-get update Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-ocata-needed to verification-ocata-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-ocata-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: cloud-archive/ocata Status: Triaged => Fix Committed ** Tags added: verification-ocata-needed -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1823458 Title: race condition between vhost_net_stop and CHR_EVENT_CLOSED on shutdown crashes qemu To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1823458/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1807439] Re: openvpn crashes when run with fips openssl
** Description changed: [IMPACT] openvpn segfaults when using fips-mode openssl because of MD5. xenial has version 2.3.x and subsequent releases have 2.4.x. MD5 is used in 2 places in 2.3.x and one place in 2.4.x. - + First place: openvpn when estabishing a tls connection will segfault when used with Ubuntu's FIPS 140-2 libcrypto.so (openssl). openvpn tls connection does TLS PRF(pseudorandom function) to produce securely generated pseudo random output that is used to generate keys. MD5 is used as the hash in this computation. FIPS 140-2 does not permit MD5 use except when used for pseudorandom function (PRF). When openvpn requests MD5 operation to FIPS-mode libcrypto.so, since it is not allowed in general, FIPS-mode libcrypto.so goes into an error state. The context flag value, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW, is defined in both FIPS and non-FIPS libcrypto.so. However, the MD5 check for it is only in FIPS-mode libcrypto.so to permit MD5. In non-FIPS libcrypto.so this check does not exist since it always permits MD5. openvpn should use this flag when it makes its MD5 request. - Second place (only in 2.3.x): + Second place (only in 2.3.x): **NOTE: The openvpn 2.3 version in xenial has the above issue and an additional one. It also use MD5 internally for configuration status verification. It is not communicated externally. However, this particular use of MD5 is not allowed by FIPS and thus when openvpn tries to use FIPS-mode libcrypto.so to compute MD5, it results in openvpn segfaulting. This 2nd issue was fixed by upstream openvpn community in subsequent versions(2.4) to not use MD5 and use SHA(256) instead and thus why bionic, cosmic, and disco do not require any change for this 2nd issue. [TEST] Test data including commands and parameters are included below. Testing comprised establishing a tls connection between an openvpn client and server. Once the connection was successfully established, a ping thru the established vpn tunnel was done from the client for assurance. Interoperability testing was done to ensure no regression. Test data reflects testing was done between openvpn server and client with and without the patch and between various releases (xenial, bionic, and disco). Test was also done with FIPS-enabled libcrypto.so to ensure everything worked in FIPS mode. [REGRESSION] - The context flag value, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW, is defined in both FIPS-mode openssl and non-FIPS openssl. However, the MD5-permit check against this flag-value does not occur in non-FIPS libcrypto.so, so there should be no change in behaviour. non-FIPS libcrypto.so should continue to service all MD5 requests. + The context flag value, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW, is defined in both FIPS-mode openssl and non-FIPS openssl. However, the MD5-permit check against this flag-value does not occur in non-FIPS libcrypto.so, so there should be no change in behaviour. non-FIPS libcrypto.so should continue to service all MD5 requests. - xenial with version 2.3.x, has additional change of using SHA instead of - MD5 for configuration status verification. This is an internal hash that - is not communicated externally. Thus it should not regress + xenial with version 2.3.x, has additional change of using SHA256 instead + of MD5 for configuration status verification. This is an internal hash + that is not communicated externally. Thus it should not regress interoperability or ability to establish connections. -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1807439 Title: openvpn crashes when run with fips openssl To manage notifications about this bug go to: https://bugs.launchpad.net/openvpn/+bug/1807439/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1824615] Re: lockups since version 2:4.7.6+dfsg~ubuntu-0ubuntu2.9
That's ok, thanks for the update. Bugs are like that sometimes. I'll mark this bug as incomplete in the meantime. Once there is new information, feel free to switch it back to new. ** Changed in: samba (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1824615 Title: lockups since version 2:4.7.6+dfsg~ubuntu-0ubuntu2.9 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1824615/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1823458] Re: race condition between vhost_net_stop and CHR_EVENT_CLOSED on shutdown crashes qemu
** Also affects: cloud-archive/ocata Importance: Undecided Status: New ** Changed in: cloud-archive/ocata Importance: Undecided => Medium ** Changed in: cloud-archive/ocata Status: New => Triaged ** Changed in: cloud-archive Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1823458 Title: race condition between vhost_net_stop and CHR_EVENT_CLOSED on shutdown crashes qemu To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1823458/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1823458] Re: race condition between vhost_net_stop and CHR_EVENT_CLOSED on shutdown crashes qemu
** Also affects: cloud-archive Importance: Undecided Status: New ** Also affects: cloud-archive/mitaka Importance: Undecided Status: New ** Changed in: cloud-archive/mitaka Importance: Undecided => Medium ** Changed in: cloud-archive/mitaka Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1823458 Title: race condition between vhost_net_stop and CHR_EVENT_CLOSED on shutdown crashes qemu To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1823458/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1807439] Re: openvpn crashes when run with fips openssl
** Changed in: openvpn (Ubuntu Cosmic) Status: New => Incomplete ** Changed in: openvpn (Ubuntu Cosmic) Status: Incomplete => In Progress ** Changed in: openvpn (Ubuntu Bionic) Status: New => In Progress ** Changed in: openvpn (Ubuntu Bionic) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: openvpn (Ubuntu Cosmic) Assignee: (unassigned) => Andreas Hasenack (ahasenack) -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1807439 Title: openvpn crashes when run with fips openssl To manage notifications about this bug go to: https://bugs.launchpad.net/openvpn/+bug/1807439/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1778322] Re: gvfs-smb-browse can't browse samba/smb tree
Check your smb.conf, maybe you have some overriding setting in there. The default disco install I tested had no config file. With gvfsd running in debug mode, there is also a specific message you can look for which will tell you if your gvfsd was rebuilt with the right samba version: "Forcing NT1 protocol version" I followed steps 1 and 2 last time I checked this: https://wiki.gnome.org/Projects/gvfs/debugging -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1778322 Title: gvfs-smb-browse can't browse samba/smb tree To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/1778322/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1807439] Re: openvpn crashes when run with fips openssl
** Merge proposal linked: https://code.launchpad.net/~j-latten/ubuntu/+source/openvpn/+git/openvpn/+merge/361636 ** Merge proposal linked: https://code.launchpad.net/~j-latten/ubuntu/+source/openvpn/+git/openvpn/+merge/361638 ** Merge proposal linked: https://code.launchpad.net/~j-latten/ubuntu/+source/openvpn/+git/openvpn/+merge/361635 -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1807439 Title: openvpn crashes when run with fips openssl To manage notifications about this bug go to: https://bugs.launchpad.net/openvpn/+bug/1807439/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs