Kinetic verification
Confirming the problem with the unfixed slapd package:
$ apt-cache policy slapd
slapd:
Installed: 2.5.14+dfsg-0ubuntu0.22.10.1
Candidate: 2.5.14+dfsg-0ubuntu0.22.10.1
Version table:
*** 2.5.14+dfsg-0ubuntu0.22.10.1 500
500 http://br.archive.ubuntu.com/ubuntu ki
** Description changed:
[ Impact ]
- * An explanation of the effects of the bug on users and
+ OpenLDAP deployments using the contrib pw-sha2 module are not able to
+ authenticate their users because the SHA2 calculation is done
+ incorrectly.
- * justification for backporting the fix to
** Description changed:
+ [ Impact ]
+
+ * An explanation of the effects of the bug on users and
+
+ * justification for backporting the fix to the stable release.
+
+ * In addition, it is helpful, but not required, to include an
+explanation of how the upload fixes this bug.
+
+ [ Test
I'm not really looking into syslog-ng. The apparmor profile change I did
was to rsyslog, and that's where I tried to reproduce this issue.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchp
Sorry, works just fine in this lunar vm here:
# id; logger before; ./reproducer.sh ; logger after
uid=0(root) gid=0(root) groups=0(root)
+ set -e
+ . /usr/share/os-prober/common.sh
+ cleanup_tmpdir=false
+ progname=
+ type mapdevfs
+ newns
+ [ ]
+ exec /usr/lib/os-prober/newns ./reproducer.sh
+ s
I'll try to reproduce it and amend the profile as needed.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1826294
Title:
os-prober exits prematurely with "logger: socket /d
I see that the linked ppa has DEP8 results for kinetic, but not jammy.
And there are some failures in the kinetic results.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/200
I checked the build logs from
https://launchpad.net/~sergiodj/+archive/ubuntu/openldap, and they show
the test suite being run.
Regarding bileto, it's crashing, so I can't verify that the DEP8 tests
were run atm. I suppose you had a green run when you filed this? Of
openldap and the dependent test
Removing the systemd jammy task, it's unlikely such a change would be
SRUed.
** Changed in: systemd (Ubuntu Jammy)
Status: Confirmed => Won't Fix
** Tags removed: server-todo
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscrib
** Changed in: openldap (Ubuntu Jammy)
Status: New => In Progress
** Changed in: openldap (Ubuntu Kinetic)
Status: New => In Progress
** Changed in: openldap (Ubuntu Jammy)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
** Changed in: openldap (Ubunt
** Description changed:
The armhf DEP8 testers in Ubuntu infrastructure have some restrictions
and cannot change an apparmor profile. This is causing the tests to
fail, because they try to make sure rsyslog is being tested in enforced
mode:
Enforcing the /etc/apparmor.d/usr.sbin.rsysl
** Description changed:
The armhf DEP8 testers in Ubuntu infrastructure have some restrictions
and cannot change an apparmor profile. This is causing the tests to
fail, because they try to make sure rsyslog is being tested in enforced
mode:
Enforcing the /etc/apparmor.d/usr.sbin.rsysl
** Description changed:
The armhf DEP8 testers in Ubuntu infrastructure have some restrictions
and cannot change an apparmor profile. This is causing the tests to
fail, because they try to make sure rsyslog is being tested in enforced
mode:
Enforcing the /etc/apparmor.d/usr.sbin.rsysl
the armhf baseline was born in this error state.
** Affects: rsyslog (Ubuntu)
Importance: Undecided
Assignee: Andreas Hasenack (ahasenack)
Status: In Progress
** Description changed:
The armhf DEP8 testers in Ubuntu infrastructure have some restrictions
and cannot change a
** Merge proposal unlinked:
https://code.launchpad.net/~ahasenack/ubuntu/+source/rsyslog/+git/rsyslog/+merge/437692
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1906333
All tests succeeded, marking verification done.
** Tags removed: verification-needed-jammy
** Tags added: verification-done-jammy
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu.
https://bugs.launchpad.n
Jammy verification (continued), test (d)
d) It's now possible to have SCRAM and gssapi heimdal mechanisms
installed at the same time
Start with SCRAM available on jammy, by installing the gssapi-mit
package:
$ sudo apt install libsasl2-modules-gssapi-mit
...
$ ll /usr/lib/x86_64-linux-gnu/sasl2/
Jammy verification (continued), test (c)
c) A jammy system WITHOUT the SCRAM mechanism available (i.e.,
libsasl2-modules-gssapi-mit is NOT installed), will get SCRAM available
after the upgrade, but without installing any new package.
Starting on jammy with these installed:
$ dpkg -l | grep -E "^
Jammy verification (continued), test (b)
b) On the heels of the (a) test, release upgrade to kinetic
The summary two packages are going to be removed, not related to cyrus-sasl2.
At the end, 13 packages were going to be removed, also not related to
cyrus-sasl2:
13 packages are going to be remove
Jammy verification, test by test. First, (a):
a) SCRAM remains installed
Installed libsasl2-modules-gssapi-mit package from jammy, and confirmed scram
is part of it:
ubuntu@j-sasl-scram:~$ ll /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2
lrwxrwxrwx 1 root root 18 Oct 19 21:06
/usr/lib/x86_64-lin
Just a nitpick on the patch comment:
+ # allow printing to stdout/stderr when inside a container
+ # (LP: #1667016)
+ /dev/pts/* rw,
This is allowing rw to /etc/pts/* in *all* cases, not just when inside a
container :)
** Package changed: apparmor (Ubuntu) => tcpdump (Ubuntu)
** Also affect
Hello Reuben, or anyone else affected,
Accepted dnsmasq into jammy-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/dnsmasq/2.86-1.1ubuntu0.2 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
https:/
** Merge proposal linked:
https://code.launchpad.net/~ahasenack/ubuntu/+source/rsyslog/+git/rsyslog/+merge/436955
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1906333
Hello Jeremy, or anyone else affected,
Accepted pango1.0 into jammy-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/pango1.0/1.50.6+ds-2ubuntu1 in a
few hours, and then in the -proposed repository.
Please help us by testing this new package. See
http
)
Importance: Undecided
Status: New
** Also affects: openldap (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: openldap (Ubuntu Lunar)
Importance: Undecided
Assignee: Andreas Hasenack (ahasenack)
Status: In Progress
--
You received this bug
> Is there anymore info for this? Any kernel messages?
Can't run dmesg in that container :(
I did run aa-status (after altering the dep8 test, rebuilding,
retesting, etc), got this:
autopkgtest [20:25:06]: test smbk5pwd: [---
SASL/EXTERNAL authentication started
SASL username
** Changed in: rsyslog (Ubuntu)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
** Changed in: rsyslog (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in
This bug is in the context of bug #2000817, because it will prevent
migration from happening unless fixed.
** Changed in: openldap (Ubuntu)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
** Changed in: openldap (Ubuntu)
Status: New => In Progress
** Tags added: serve
Public bug reported:
https://autopkgtest.ubuntu.com/packages/o/openldap/lunar/amd64
autopkgtest [16:06:32]: test smbk5pwd: [---
adding new entry "cn=samba,cn=schema,cn=config"
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,
** Changed in: openldap (Ubuntu)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/2000817
Title:
Wrong SHA256-value computed on kineti
Writing down some options from a quick handover discussion I had with Sergio,
in no particular order:
- rebuild openldap with the attached patch, disabling strict aliasing just for
that module
- check if LTO is having an effect on this: maybe disabling LTO also fixes it,
and there is precedence
** Changed in: openldap (Ubuntu)
Assignee: Sergio Durigan Junior (sergiodj) => Andreas Hasenack (ahasenack)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/2000
g-8) unstable; urgency=medium
[ Andreas Hasenack ]
* Add SASL channel binding support for GSSAPI and GSS-SPNEGO
(LP: #1912256):
- d/p/0034-channel-binding-gssapi-gss-spnego.patch: add SASL channel
binding support for GSSAPI and GSS-SPNEGO
- d/p/0035-Add-support-for-sett
Some references I found back then:
https://gitlab.gnome.org/GNOME/gnome-keyring/-/issues/101
https://github.com/openssh/openssh-
portable/commit/39d17e189f8e72c34c722579d8d4e701fa5132da
>From my chat messages:
plain ssh-agent on kinetic worked with verify-required keys
but I had to install ssh-a
I believe this issue is correct. I noticed this when writing up the
documentation[1] on how to use openssh with fido2 resident keys:
"""
NOTE
If you used the -O verify-required option when generating the keys, or if that
option is set on the SSH server via /etc/ssh/sshd_config’s PubkeyAuthOptions
** Changed in: mesa (Ubuntu Jammy)
Status: Fix Committed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to mesa in Ubuntu.
https://bugs.launchpad.net/bugs/1998893
Title:
NV reverse prime HDMI has no outp
I think this bug/SRU snowballed. Let's take a step back.
It started with fixing two bugs: this one, and bug #1972977. At some
point later, #1972977 was deemed not really fixed[1], and was dropped in
the 0ubuntu0.3 upload[2].
That upload failed to build in jammy-proposed on arm64[3] and amd64[4].
I ran update-maintainer on the mesa source and uploaded again.
Give the removal of PCI IDs, and the vague statement in the "Where
things could go wrong" section of the bug description, I'd like to see a
more clear statement saying that these IDs are already not available in
the jammy kernel, and a
Hello Kai-Chuan, or anyone else affected,
Accepted mesa into jammy-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/mesa/22.0.5-0ubuntu0.3
in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wi
I accepted 22.0.5-0ubuntu0.3 which does NOT fix this bug, so I'm
reopening it.
** Changed in: mesa (Ubuntu Jammy)
Status: Fix Committed => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to mesa in Ubuntu.
https
Hello errors.ubuntu.com, or anyone else affected,
Accepted mesa into jammy-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/mesa/22.0.5-0ubuntu0.3
in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
ht
If the intent was to have apport-unpack deal with any invalid crash file, then
it's not complete. This still happens now:
ubuntu@k-apport:~$ apport-unpack /bin/ls unpack
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/problem_report.py", line 174, in load
(key, value)
** Description changed:
[ Impact ]
The SASL SCRAM mechanism is incorrectly part of the libsasl2-modules-
gssapi-mit package. It has nothing to do with MIT or GSSAPI, and should
be in libsasl2-modules.
Normally this would just be an annoyance, but it just so happens that
this also
.28+dfsg-6ubuntu2
### New Debian Changes ###
cyrus-sasl2 (2.1.28+dfsg-8) unstable; urgency=medium
[ Andreas Hasenack ]
* Add SASL channel binding support for GSSAPI and GSS-SPNEGO
(LP: #1912256):
- d/p/0034-channel-binding-gssapi-gss-spnego.patch: add SASL chan
g-8) unstable; urgency=medium
[ Andreas Hasenack ]
* Add SASL channel binding support for GSSAPI and GSS-SPNEGO
(LP: #1912256):
- d/p/0034-channel-binding-gssapi-gss-spnego.patch: add SASL channel
binding support for GSSAPI and GSS-SPNEGO
- d/p/0035-Add-support-for-sett
I tried a few different arm64 hosts (aws VM, a bare metal in a Canonical MAAS
cluster), and lscpu
was behaving just fine there. But confirmed it with the pi4 using current
util-linux:
util-linux 2.38.1-4ubuntu1
root@l1-lscpu:~# lscpu|grep Socket
Socket(s): -
root@l1
The verification of the Stable Release Update for apport has completed
successfully and the package is now being released to -updates.
Subsequently, the Ubuntu Stable Release Updates Team is being
unsubscribed and will not receive messages about this bug report. In
the event that you encounter a r
The verification of the Stable Release Update for apport has completed
successfully and the package is now being released to -updates.
Subsequently, the Ubuntu Stable Release Updates Team is being
unsubscribed and will not receive messages about this bug report. In
the event that you encounter a r
The verification of the Stable Release Update for apport has completed
successfully and the package is now being released to -updates.
Subsequently, the Ubuntu Stable Release Updates Team is being
unsubscribed and will not receive messages about this bug report. In
the event that you encounter a r
The verification of the Stable Release Update for apport has completed
successfully and the package is now being released to -updates.
Subsequently, the Ubuntu Stable Release Updates Team is being
unsubscribed and will not receive messages about this bug report. In
the event that you encounter a r
The verification of the Stable Release Update for apport has completed
successfully and the package is now being released to -updates.
Subsequently, the Ubuntu Stable Release Updates Team is being
unsubscribed and will not receive messages about this bug report. In
the event that you encounter a r
No new upload to debian yet.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libmnl in Ubuntu.
https://bugs.launchpad.net/bugs/1993409
Title:
Merge libmnl from Debian unstable for l-series
Status in libmnl package in Ubunt
Hi all,
I'm reviewing this SRU, and was trying to reproduce the issue following
the given test case, but no matter what I try, it just works.
I installed cinnamon 22.10 from the ISO image into a VM, and added a
remote network printer (not wifi, though: wired ethernet). I monitored
dmesg, and laun
The tests are green, except for i386 which has "always" been red due to
dependency problems.
The new tests ran fine in all architectures:
(paste from amd64, it's the same for the others)
autopkgtest [00:21:02]: summary
pluginviewer PASS
saslauthdPASS
gssap
The tests are green now.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1912256
Title:
Missing channel binding prevents authentication to ActiveDirectory
Status in cyrus
This finally migrated in lunar, so I can sponsor/adjust the other
uploads. Will try to get to this tomorrow.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1992454
Title:
** Description changed:
[ Impact ]
The SASL SCRAM mechanism is incorrectly part of the libsasl2-modules-
gssapi-mit package. It has nothing to do with MIT or GSSAPI, and should
be in libsasl2-modules.
Normally this would just be an annoyance, but it just so happens that
this also
** Description changed:
[ Impact ]
The SASL SCRAM mechanism is incorrectly part of the libsasl2-modules-
gssapi-mit package. It has nothing to do with MIT or GSSAPI, and should
be in libsasl2-modules.
Normally this would just be an annoyance, but it just so happens that
this also
** Description changed:
[ Impact ]
The SASL SCRAM mechanism is incorrectly part of the libsasl2-modules-
gssapi-mit package. It has nothing to do with MIT or GSSAPI, and should
be in libsasl2-modules.
Normally this would just be an annoyance, but it just so happens that
this also
** Description changed:
[ Impact ]
- * An explanation of the effects of the bug on users and
+ The SASL SCRAM mechanism is incorrectly part of the libsasl2-modules-
+ gssapi-mit package. It has nothing to do with MIT or GSSAPI, and should
+ be in libsasl2-modules.
- * justification for b
** Description changed:
+ [ Impact ]
+
+ * An explanation of the effects of the bug on users and
+
+ * justification for backporting the fix to the stable release.
+
+ * In addition, it is helpful, but not required, to include an
+explanation of how the upload fixes this bug.
+
+ [ Test
** Changed in: cyrus-sasl2 (Ubuntu Jammy)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu.
https://bugs.launchpad.net/bugs/1988730
Title:
package libsasl2-modules
Hello Maximilian, or anyone else affected,
Accepted dnsmasq into focal-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/dnsmasq/2.80-1.1ubuntu1.6 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
htt
** Description changed:
[SRU]
[ Impact ]
Sometimes dnsmasq is incorrectly returning NODATA instead of NXDOMAIN.
This can lead to erroneous actions by clients who need to determine
whether a domain name exists or not.
[ Test Plan ]
- In a focal VM, install dnsmasq (apt insta
There is another ongoing apparmor sru for jammy[1] that is using the
same version number. That one has been uploaded already for some time
and the bug shows it's making progress. I'm not going to ask this change
here to be included in that one, because it's further in the SRU process
than this one
** Description changed:
[Impact]
Users who have:
a) opted in to confining samba with apparmor (by installing
apparmor-profiles); and
b) changed the usr.sbin.smbd and samba-bgqd apparmor profiles to enforce mode;
will experience an error in starting the smbd service in jammy:
** Description changed:
[Impact]
Users who have:
a) opted in to confining samba with apparmor (by installing
apparmor-profiles); and
b) changed the usr.sbin.smbd and samba-bgqd apparmor profiles to enforce mode;
will experience an error in starting the smbd service in jammy:
** Description changed:
[Impact]
Users who have:
a) opted in to confining samba with apparmor (by installing
apparmor-profiles); and
b) changed the usr.sbin.smbd and samba-bgqd apparmor profiles to enforce mode;
will experience an error in starting the smbd service in jammy:
** Description changed:
[ Impact ]
Users who chose to:
a) install apparmor-profiles (a package with extra optional apparmor
profiles, including samba)
b) change the samba related profiles from complain (the default) to
enforce mode
will find out that sharing a printing in
** Description changed:
+ [ Impact ]
+
+ Users who chose to:
+
+ a) install apparmor-profiles (a package with extra optional apparmor
+ profiles, including samba)
+
+ b) change the samba related profiles from complain (the default) to
+ enforce mode
+
+ will find out that sharing a printing in
mportance: Undecided => Wishlist
** Changed in: apparmor (Ubuntu Kinetic)
Importance: Wishlist => Low
** Changed in: apparmor (Ubuntu)
Importance: Undecided => Low
** Changed in: apparmor (Ubuntu Kinetic)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
** Tags added: b
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
** Changed in: apparmor (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to appar
** Changed in: cyrus-sasl2 (Ubuntu Jammy)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu.
https://bugs.launchpad.net/bugs/1988730
Ti
** Also affects: apparmor (Ubuntu Kinetic)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1993572
Title:
samba profile: missin
Is this also contemplating
https://bugs.launchpad.net/ubuntu/jammy/+source/apparmor/+bug/1979879
for jammy? I'll try to take a look
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net
> The following regressions have been reported in tests triggered by the
> package:
>
> dgit/9.15 (armhf)
This was some infrastructure failure. I retriggered the test and it
passed this time.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which i
Hello Ian!, or anyone else affected,
Accepted rsync into jammy-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/rsync/3.2.3-8ubuntu3.1
in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.u
** Description changed:
[Impact]
- This bug causes rsync 3.2.3 to wrongly report files with an exact same mtime
as being "newer"
- implying they would need to be transfered/sync'ed where in fact they are
"uptodate".
+ This bug causes rsync 3.2.3 to wrongly report files with an exact same
+
In jammy you changed the test depends in d/t/control, any particular reason?
-Depends: @, nftables:native
+Depends: @
In focal, this particular test didn't exist before, and you are adding
it (thanks!), and with the "nftables:native" depends.
--
You received this bug notification because you are
I'm going to reject the upload in the kinetic unapproved queue, since it
was superseded by lunar, adjust the versions and sponsor to lunar and
the rest.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https
Thanks, I'll take care of it
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1992454
Title:
iptables: segfault when renaming a chain
Status in iptables package in Ubuntu:
I think we will need newer version numbers.
iptables | 1.8.7-1ubuntu6 | kinetic | source
iptables | 1.8.7-1ubuntu6 | lunar | source
And kinetic has 1ubuntu7 in unapproved, because it was uploaded while kinetic
was the development release.
We will need 1ubuntu7 in lunar, and 1ubuntu6.1 in
Hi Louis, Robie
I see that Robie sponsored the kinetic upload. Will the other releases
follow suit?
Louis, would you mind updating the bug description with the SRU
template[1] filled in? I see the test case, so the remaining steps would
be to fill in the [Impact] section, and, importantly, the [W
Er, correct, just "w" is enough :)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1993572
Title:
samba profile: missing rule for mkdir /var/cache/samba/printing
Status i
/var/cache/samba/printing/ w, # without r,
Just "r" was enough indeed!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1993572
Title:
samba profile: missing rule for mkd
** Description changed:
After the fix for bug #1990692, one more rule is needed it seems.
I put all samba profiles in enforce mode, and when I ran that final
- command, got an error and an apparmor denied message:
+ rpcclient command, got an error and an apparmor denied message:
+
+ Prep:
** Description changed:
[Impact]
When attempting to authenticate against a Windows Active Directory
server configured to require SASL channel binding over SSL/TLS ldap
connections (ldaps), authentication will fail stating invalid
credentials as the cause.
This is due to cyrus-sas
** Description changed:
- After the fix for #1990692, one more rule is needed it seems.
+ After the fix for bug #1990692, one more rule is needed it seems.
I put all samba profiles in enforce mode, and when I ran that final
command, got an error and an apparmor denied message:
$ rpccli
This looks like is enough to address it:
--- samba-rpcd-spoolss.orig 2022-10-19 17:48:42.767775584 +
+++ samba-rpcd-spoolss 2022-10-19 17:47:50.527693050 +
@@ -18,6 +18,7 @@
/usr/lib*/samba/{,samba/}rpcd_spoolss mr,
/usr/lib*/samba/{,samba/}samba-bgqd Px -> samba-bgqd,
+ /var
Public bug reported:
After the fix for #1990692, one more rule is needed it seems.
I put all samba profiles in enforce mode, and when I ran that final
command, got an error and an apparmor denied message:
$ rpcclient -Uroot%root localhost -c 'getprinter testprinter 2'
cli_rpc_pipe_open_noauth: r
** Changed in: libmnl (Ubuntu)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libmnl in Ubuntu.
https://bugs.launchpad.net/bugs/1993409
Title:
Merge libmnl f
** Changed in: cyrus-sasl2 (Ubuntu)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu.
https://bugs.launchpad.net/bugs/1993395
Title:
Me
** Description changed:
[Impact]
When attempting to authenticate against a Windows Active Directory
server configured to require SASL channel binding over SSL/TLS ldap
connections (ldaps), authentication will fail stating invalid
credentials as the cause.
This is due to cyrus-sas
** Description changed:
[Impact]
- When attempting to bind to a SASL channel using GSSAPI or GSS-SPNEGO for
- Windows Active Directory, authentication will fail stating invalid
+ When attempting to authenticate against a Windows Active Directory
+ server configured to require SASL channel bin
Public bug reported:
kinetic
apparmor 3.0.7-1ubuntu1
sudo apt install apparmor-profiles apparmor-utils apparmor-profiles-extra
sudo apt install samba smbclient cups cups-client
Create a fake printer:
sudo lpadmin -p testprinter -E -v /dev/null
Set a password for the samba "root" user:
printf "r
> @Andreas - you subscribed the Foundations team to his bug report back
in July. What were you looking for from the Foundations team?
I don't know how this should be fixed, and was hoping Foundations could help,
since it's an issue that is happening because of the introduction of LTO, and
affec
I checked that jammy and later indeed has the same commit reverted.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iputils in Ubuntu.
https://bugs.launchpad.net/bugs/1964506
Title:
Ping: checks payloads incorrectly, ignore
Upstream bug: https://github.com/iputils/iputils/pull/67
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iputils in Ubuntu.
https://bugs.launchpad.net/bugs/1551020
Title:
IpUtils Ping can be in wait forever
Status in iputi
** Description changed:
[Impact]
Users who have:
a) opted in to confining samba with apparmor (by installing
apparmor-profiles); and
b) changed the usr.sbin.smbd and samba-bgqd apparmor profiles to enforce mode;
will experience an error in starting the smbd service in jammy:
** Description changed:
[Impact]
Users who have:
a) opted in to confining samba with apparmor (by installing
apparmor-profiles); and
b) changed the usr.sbin.smbd and samba-bgqd apparmor profiles to enforce mode;
will experience an error in starting the smbd service in jammy:
401 - 500 of 1032 matches
Mail list logo
