[Touch-packages] [Bug 1913493] Re: pc

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1927078] Re: Don't allow useradd to use fully numeric names

Thanks for looking at this @William - sorry to nitpick but I wonder if rewriting the test as follows could make it a bit easier to parse (at least for me I find this version easier to grok what is being tested for): if (*name < '1' || *name > '9') -- You received this bug notification because

[Touch-packages] [Bug 1928346] Re: package libseccomp2:amd64 2.5.1-1ubuntu1 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting configura

Thanks for reporting this issue - can you please try running the following in a terminal and see if this resolves the problem: sudo apt-get install -f --reinstall libseccomp2 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1926820]

Thank you for taking the time to report this bug and helping to make Ubuntu better. Reviewing your dmesg attachment to this bug report it seems that there may be a problem with your hardware. I'd recommend performing a back up and then investigating the situation. Measures you might take

[Touch-packages] [Bug 1926820] Re: package libseccomp2:amd64 2.4.3-1ubuntu3.20.04.3 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting c

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1914961] Re: Contains literal path: /usr/lib/${DEB_HOST_MULTIARCH}

*** This bug is a duplicate of bug 1908818 *** https://bugs.launchpad.net/bugs/1908818 ** This bug has been marked a duplicate of bug 1908818 pure packaging of libnss3 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1914652] Re: Broken dir and symlinks in package

*** This bug is a duplicate of bug 1908818 *** https://bugs.launchpad.net/bugs/1908818 ** This bug has been marked a duplicate of bug 1908818 pure packaging of libnss3 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1908818] Re: pure packaging of libnss3

** Also affects: nss (Ubuntu Hirsute) Importance: Undecided Status: Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1908818 Title: pure packaging of

[Touch-packages] [Bug 1891810] Re: Backport 2.5.1 to fix missing openat2 syscall, causing problems for fuse-overlayfs in nspawn containers

The fix for systemd's LP: #1918696 is not in the systemd xenial SRU since, as noted in that bug, systemd in xenial doesn't include upstream commit 469830d1426a91e0897c321fdc8ee428f0a750c1 which reworked the code to switch from seccomp_rule_add to seccomp_rule_add_exact. In this case systemd could

[Touch-packages] [Bug 1918696] Re: libseccomp 2.5.1 will break unit tests on ppc

Yes this is not needed for xenial since that version of systemd is not new enough to be affected by this issue (see the bug description for more details). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu.

[Touch-packages] [Bug 1891810] Re: Backport 2.5.1 to fix missing openat2 syscall, causing problems for fuse-overlayfs in nspawn containers

Tested for libseccomp as follows: cat

[Touch-packages] [Bug 1891810] Re: Backport 2.5.1 to fix missing openat2 syscall, causing problems for fuse-overlayfs in nspawn containers

Regarding the failing autopkgtests from bionic reported in comment #28: - the containerd and chrony ones on s390x are transient failures due to networking issues in the test infrastructure so should hopefully pass on a re-run. - I can't reproduce the flatpak/amd64 failure locally so I assume

[Touch-packages] [Bug 1891810] Re: Backport 2.5.1 to fix missing openat2 syscall, causing problems for fuse-overlayfs in nspawn containers

For the focal autopkgtest failures above: docker.io/19.03.8-0ubuntu1.20.04.2 (arm64) systemd/245.4-4ubuntu3.5 (ppc64el) The docker.io/arm64 failed due to network issues in the test infrastructure: + lxc launch ubuntu-daily:focal/arm64 docker -c security.nesting=true Creating docker Error:

[Touch-packages] [Bug 1891810] Re: Backport 2.5.1 to fix missing openat2 syscall, causing problems for fuse-overlayfs in nspawn containers

The systemd/229-4ubuntu21.29 (i386) test looks very flaky - this seems to fail more often than not looking at https://autopkgtest.ubuntu.com/packages/s/systemd/xenial/i386 - and the tests which failed for the libseccomp 2.5.1-1ubuntu1~16.04.1 run (boot- and-services and boot-smoke) also failed for

[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

** Changed in: libseccomp (Ubuntu Xenial) Status: Confirmed => In Progress ** Changed in: libseccomp (Ubuntu Bionic) Status: Confirmed => In Progress ** Changed in: libseccomp (Ubuntu Focal) Status: Confirmed => In Progress ** Changed in: libseccomp (Ubuntu Groovy)

[Touch-packages] [Bug 1922553] Re: libnss3 package contains invalid library paths

*** This bug is a duplicate of bug 1908818 *** https://bugs.launchpad.net/bugs/1908818 ** This bug has been marked a duplicate of bug 1908818 pure packaging of libnss3 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1908818] Re: pure packaging of libnss3

@paelzer - we just got another duplicate of this filed for nss in groovy - is the server team working on a fix for this for groovy? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu.

[Touch-packages] [Bug 1919078] Re: Ubuntu SSO login - not working (Throws "Error connecting to server"

** Package changed: ubuntu => gnome-online-accounts (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gnome-online-accounts in Ubuntu. https://bugs.launchpad.net/bugs/1919078 Title: Ubuntu SSO login - not working

[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

Updating libseccomp to 2.5.1 breaks the systemd unit tests on ppc64el since the behaviour around filtering of the multiplexed socket() system call changes - as such a fix for systemd in https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1918696 is also required. -- You received this bug

[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

** Patch added: "libseccomp_2.5.1-1ubuntu1~18.04.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1891810/+attachment/5476577/+files/libseccomp_2.5.1-1ubuntu1~18.04.1.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

** Patch added: "libseccomp_2.5.1-1ubuntu1~20.10.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1891810/+attachment/5476579/+files/libseccomp_2.5.1-1ubuntu1~20.10.1.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

** Description changed: - The version of libseccomp2 in bionic does not know about the openat2 - syscall. + [Impact] - In my particular usecase, I was trying to run podman/buildah in an - nspawn container, using fuse-overlayfs. This leads to peculiar failure - modes as described in this issue:

[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

** Patch added: "libseccomp_2.5.1-1ubuntu1~20.04.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1891810/+attachment/5476578/+files/libseccomp_2.5.1-1ubuntu1~20.04.1.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1916485] Re: test -x fails inside shell scripts in containers

@oded-geek - yes, the libseccomp SRU to backport 2.5.1 to these releases is being handled in https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1891810 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu.

[Touch-packages] [Bug 1917920] Re: magic-proxy broke with iptables 1.8.7-1ubuntu2

Good point re google.com - I just repeated the above test but replacing www.google.com with http://neverssl.com and verified it worked as expected so it doesn't look like http->https redirect affected the results. Hmmm perhaps there is something else at play compared to when testing locally vs on

[Touch-packages] [Bug 1917920] Re: magic-proxy broke with iptables 1.8.7-1ubuntu2

I tried to reproduce this in an up-to-date bionic VM as follows: # inside the bionic VM sudo snap install lxd sudo lxd init # accept defauls sudo lxc launch ubuntu-daily:hirsute hirsute sudo lxc exec hirsute /bin/bash # then inside the hirsute container install livecd-rootfs apt update apt

[Touch-packages] [Bug 1916485] Re: test -x fails inside shell scripts in containers

As I understand it I don't see there is any issue here with libseccomp in Ubuntu as it currently stands - whilst the aforementioned runc workaround commit description specifies a number of shortcomings with libseccomp and the inability to easily handle and distinguish newly added syscalls between

[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

** Also affects: libseccomp (Ubuntu Hirsute) Importance: Undecided Assignee: Alex Murray (alexmurray) Status: New ** Changed in: libseccomp (Ubuntu Hirsute) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch see

[Touch-packages] [Bug 1915874] Re: autopkgtest fails in hirsute on armhf with glibc 2.33

** Changed in: libseccomp (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1915874 Title: autopkgtest fails in hirsute on

[Touch-packages] [Bug 1916669] [NEW] autopkgtests flaky for hirsute across various architectures

Public bug reported: Currently the lxc 1:4.0.4-1:4.0.4-0ubuntu3 and 1:4.0.6-0ubuntu1 autopkgtests for hirsute are quite flaky across most architectures: amd64 - https://autopkgtest.ubuntu.com/packages/l/lxc/hirsute/amd64 --- only 3

[Touch-packages] [Bug 1891810] Re: Backport 2.5.1 to fix missing openat2 syscall, causing problems for fuse-overlayfs in nspawn containers

similarly for xenial there is only one failure for libseccomp autopkgtests which is systemd/i386 - https://people.canonical.com /~ubuntu-archive/proposed- migration/xenial/update_excuses.html#libseccomp - and this looks reasonably flaky in recent history

[Touch-packages] [Bug 1891810] Re: Backport 2.5.1 to fix missing openat2 syscall, causing problems for fuse-overlayfs in nspawn containers

libseccomp on bionic looks good from what I can see on https://people.canonical.com/~ubuntu-archive/proposed- migration/bionic/update_excuses.html#libseccomp - can this please migrate now? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1915307] Re: Please merge sudo 1.9.5p2-2 (main) from Debian unstable (main)

@iLogin - this is likely caused by https://bugs.launchpad.net/ubuntu/+source/fakeroot/+bug/1915250 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/1915307 Title: Please merge

[Touch-packages] [Bug 1915801] Re: version 1.9.5p2-2ubuntu1 broke system

*** This bug is a duplicate of bug 1915250 *** https://bugs.launchpad.net/bugs/1915250 ** This bug has been marked a duplicate of bug 1915250 buildd file owner/group for shared libraries -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which

[Touch-packages] [Bug 1915792] Re: sudo is no longer owned by root so it no longer works

*** This bug is a duplicate of bug 1915250 *** https://bugs.launchpad.net/bugs/1915250 ** This bug has been marked a duplicate of bug 1915250 buildd file owner/group for shared libraries -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which

[Touch-packages] [Bug 1915874] Re: autopkgtest fails in hirsute on armhf with glibc 2.33

I'm in the process of preparing libseccomp 2.5.1 for hirsute so will add this patch for it's autopkgtests as part of that. Thanks. ** Changed in: libseccomp (Ubuntu) Assignee: (unassigned) => Alex Murray (alexmurray) -- You received this bug notification because you are a member of Ubu

[Touch-packages] [Bug 1915906] Re: Ensure SRP BN_mod_exp follows the constant time path

** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1915906 Title: Ensure SRP BN_mod_exp follows the constant time

[Touch-packages] [Bug 1915250] Re: buildd file owner/group for shared libraries

$ dpkg -c snapd_2.49+21.04_amd64.deb | grep buildd -rwxr-xr-x buildd/buildd 30952 2021-02-10 20:17 ./lib/systemd/system-generators/snapd-generator -rwxr-xr-x buildd/buildd 19558008 2021-02-10 20:17 ./usr/bin/snap -rwxr-xr-x buildd/buildd43304 2021-02-10 20:17 ./usr/bin/snapfuse -rwxr-xr-x

[Touch-packages] [Bug 1915250] Re: buildd file owner/group for shared libraries

This is currently affecting snapd 2.49+21.04 which is in hirsute- proposed - https://forum.snapcraft.io/t/snapd-from-hirsute-proposed- wont-allow-snaps-to-run/22733/8 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils

[Touch-packages] [Bug 1915250] Re: buildd file owner/group for shared libraries

Oh I see - this was for shared libraries but I suspect it is also affecting setuid binaries as well? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/1915250 Title: buildd

[Touch-packages] [Bug 1938938] Re: apparmor denials for gnutls configuration

Hmm there is also a crypto abstraction too https://gitlab.com/apparmor/apparmor/-/blob/master/profiles/apparmor.d/abstractions/crypto - and this is included in the base abstraction so perhaps this *might* be another candidate..? -- You received this bug notification because you are a member of

[Touch-packages] [Bug 1938938] Re: apparmor denials for gnutls configuration

We already have an abstraction (ie a policy fragment) for openssl - https://gitlab.com/apparmor/apparmor/-/blob/master/profiles/apparmor.d/abstractions/openssl - perhaps a similar one should be created for gnutls and then this can be #include'd into the profiles for the various applications that

[Touch-packages] [Bug 1794064] Re: Clicking a hyperlink in a PDF fails to open it if the default browser is a snap

Is there any option to do this via portals - ie can evince use https://flatpak.github.io/xdg-desktop-portal/portal-docs.html#gdbus- org.freedesktop.portal.OpenURI to open the URI? Would then this allow to avoid going via xdg-open? -- You received this bug notification because you are a member of

[Touch-packages] [Bug 1944436] Re: Please backport support for "close_range" syscall

Can you please post a simple reproducer? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1944436 Title: Please backport support for "close_range" syscall Status in

[Touch-packages] [Bug 1951161] Re: Please merge shadow 1:4.8.1-2 (main) from Debian unstable

I think the changelog entry should still list the private home dirs change for login.defs under Remaining changes -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1951161

[Touch-packages] [Bug 1949316] [NEW] kmod modprobe.d scripts are named with non-inclusive language

Public bug reported: The kmod package ships with a number of files in /etc/modprobe.d which have non-inclusive names: $ dpkg -L kmod | grep blacklist /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf

[Touch-packages] [Bug 1953301] Re: Segfault on AArch64 caused by OpenSSL affecting numerous packages

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1953301 Title: Segfault on AArch64 caused by OpenSSL

[Touch-packages] [Bug 1953428] [NEW] /etc/PackageKit/Vendor.conf specifies invalid CodecUrl

Public bug reported: CodecUrl in /etc/PackageKit/Vendor.conf on Impish at least currently has: http://shop.canonical.com/index.php?cPath=19=f1e370ea7563ed5e654c10450364ff24 shop.canonical.com does not have a DNS record and has been dead for a long time so this should be removed. ** Affects:

[Touch-packages] [Bug 1953301] Re: Segfault on AArch64 caused by OpenSSL affecting numerous packages

FWIW I can't reproduce this on a RPi 4 running the aarch64/arm64 Ubuntu 20.04 LTS image: ubuntu@rpi4:~$ wget https://wrapdb.mesonbuild.com/v2/libuv_1.42.0-1/get_patch --2021-12-07 05:50:01-- https://wrapdb.mesonbuild.com/v2/libuv_1.42.0-1/get_patch Resolving wrapdb.mesonbuild.com

[Touch-packages] [Bug 1941752] Re: Regression: exiv2 0.27.3-3ubuntu1.5 makes Gwenview crash when opening images exported by darktable

@leosilva - as you did the original update for exiv2 could you please sponsor the attached debdiff? Thanks. ** Changed in: exiv2 (Ubuntu) Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1957024] [NEW] pam-mkhomedir does not honor private home directories

Public bug reported: As reported in https://discourse.ubuntu.com/t/private-home-directories- for-ubuntu-21-04-onwards/19533/13: A common situation is to have a central set of users (e.g. in LDAP) and use pam_mkhomedir.so to create the home directory when the user first logs in. These changes do

[Touch-packages] [Bug 1957781] Re: when i upgrade my package ask me yes or no ?

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1964325] Re: Fails to print due to apparmor denied connect operation for cupsd - /run/systemd/userdb/io.systemd.Machine

I have proposed a fix for this upstream - https://gitlab.com/apparmor/apparmor/-/merge_requests/861 - once that is reviewed then we can include the fix in jammy. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in

[Touch-packages] [Bug 1962036] Re: dbus was stopped during today's jammy update, breaking desktop

I hit this too - just reported https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1962127 from the associated gnome-shell crash. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dbus in Ubuntu.

[Touch-packages] [Bug 1961196] Re: apparmor autotest failure on jammy with linux 5.15

FYI I am preparing this in https://bileto.ubuntu.com/#/ticket/4796 - I have included the original patch from arighi to fix the aa-notify tests too. Once britney looks happy with this I will upload it to jammy- proposed. -- You received this bug notification because you are a member of Ubuntu

[Touch-packages] [Bug 1962276] Re: [jammy] Laptop monitor does not turn off/disconnect when the lid is closed

See this related debian bug https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=1006368 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to upower in Ubuntu. https://bugs.launchpad.net/bugs/1962276 Title: [jammy] Laptop monitor

[Touch-packages] [Bug 1962276] Re: [jammy] Laptop monitor does not turn off/disconnect when the lid is closed

This appears to be caused (for me at least) by upower 0.99.16-1 - after upgrading today to 0.99.16-2 things are working again as expected. ** Also affects: upower (Ubuntu) Importance: Undecided Status: New ** Bug watch added: Debian Bug tracker #1006368

[Touch-packages] [Bug 1452115] Re: Python interpreter binary is not compiled as PIE

For posterity - this is how I did the analysis above: # download the current python3.9 source package and rebuild it with PIE enabled apt source python3.9 cd python3.9-3.9.10/ sed -i "/export DEB_BUILD_MAINT_OPTIONS=hardening=-pie/d" debian/rules dch -i -D jammy "Enable PIE (LP: #1452115)"

[Touch-packages] [Bug 1452115] Re: Python interpreter binary is not compiled as PIE

I am actively looking at this - FWIW the performance results with PIE enabled look good - https://paste.ubuntu.com/p/PZjqMFSNSR/ - so I am discussing internally whether this is something that can still land for Ubuntu 22.04. -- You received this bug notification because you are a member of

[Touch-packages] [Bug 1961196] Re: apparmor autotest failure on jammy with linux 5.15

FYI I am working on merging apparmor-3.0.4 from debian unstable to jammy at the moment which should resolve this. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1961196

[Touch-packages] [Bug 1961196] Re: apparmor autotest failure on jammy with linux 5.15

Hmm so had to redo my merge after the 3.0.3-0ubuntu9 upload... see new bileto ticket/PPA for the current version of it https://bileto.ubuntu.com/#/ticket/4797 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in

[Touch-packages] [Bug 1452115] Re: Python interpreter binary is not compiled as PIE

Nice - thanks @sdeziel -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python2.7 in Ubuntu. https://bugs.launchpad.net/bugs/1452115 Title: Python interpreter binary is not compiled as PIE Status in Python: New Status in

[Touch-packages] [Bug 1452115] Re: Python interpreter binary is not compiled as PIE

Thanks @doko :) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python2.7 in Ubuntu. https://bugs.launchpad.net/bugs/1452115 Title: Python interpreter binary is not compiled as PIE Status in Python: New Status in

[Touch-packages] [Bug 1968402] Re: Ubuntu 20.04.3 boots to black screen, no TTY available

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1968397] Re: bootloader

Thank you for taking the time to report this bug and helping to make Ubuntu better. Unfortunately we can't fix it, because your description didn't include enough information. You may find it helpful to read 'How to report bugs effectively' http://www.chiark.greenend.org.uk/~sgtatham/bugs.html.

[Touch-packages] [Bug 1968397]

Thank you for using Ubuntu and taking the time to report a bug. Your report should contain, at a minimum, the following information so we can better find the source of the bug and work to resolve it. Submitting the bug about the proper source package is essential. For help see

[Touch-packages] [Bug 2034133] Re: i cant update ubuntu

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 2034449] Re: IP phising

Thank you for using Ubuntu and taking the time to report a bug. Your report should contain, at a minimum, the following information so we can better find the source of the bug and work to resolve it. Submitting the bug about the proper source package is essential. For help see

[Touch-packages] [Bug 2036128] Re: [FFe] enable unprivileged user namespace restrictions by default for mantic

@sil2100 - apologies, I think I wasn't clear - for the actual enablement to take effect, this FFe does require the new kernel - BUT I added some fallback logic to detect if the kernel doesn't support the required feature so that the sysctl gets disabled in that case when the apparmor service is

[Touch-packages] [Bug 2035315] [NEW] Unprivileged user namespace restrictions break various applications

) Importance: High Assignee: Alex Murray (alexmurray) Status: Confirmed ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Alex Murray (alexmurray) ** Changed in: apparmor (Ubuntu) Importance: Undecided => High ** Changed in: apparmor (Ubuntu) Statu

[Touch-packages] [Bug 2036128] [NEW] [FFe] enable unprivileged user namespace restrictions by default for mantic

Public bug reported: As per https://discourse.ubuntu.com/t/spec-unprivileged-user-namespace- restrictions-via-apparmor-in-ubuntu-23-10/37626, unprivileged user namespace restrictions for Ubuntu 23.10 are to be enabled by default via a sysctl.d conf file in apparmor. In

[Touch-packages] [Bug 2036128] Re: [FFe] enable unprivileged user namespace restrictions by default for mantic

Proposed changes for FFe to enable the sysctl by default but add fallback logic to disable it if the system doesn't provide all the required features. ** Patch added: "apparmor_4.0.0~alpha2-0ubuntu4.debdiff"

[Touch-packages] [Bug 2036128] Re: [FFe] enable unprivileged user namespace restrictions by default for mantic

I have uploaded this new version to https://launchpad.net/~alexmurray/+archive/ubuntu/lp2036128 and so it should be built soon (from which the build log will be available). Please let me know if any other information is required. -- You received this bug notification because you are a member of

[Touch-packages] [Bug 2036128] Re: [FFe] enable unprivileged user namespace restrictions by default for mantic

apt log when installing new apparmor packages ** Description changed: As per https://discourse.ubuntu.com/t/spec-unprivileged-user-namespace- restrictions-via-apparmor-in-ubuntu-23-10/37626, unprivileged user namespace restrictions for Ubuntu 23.10 are to be enabled by default via a

[Touch-packages] [Bug 2040484] Re: ubuntu_seccomp pseudo-syscall fails on s390

Adding a task against libseccomp until we know more about where the bug lies. ** Also affects: libseccomp (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in

[Touch-packages] [Bug 2036302] Re: apparmor 4.0.0~alpha2-0ubuntu3 ships same file as liblxc-common

Apologies for this - I am working on an update now to resolve it. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/2036302 Title: apparmor 4.0.0~alpha2-0ubuntu3 ships same file

[Touch-packages] [Bug 2036302] Re: apparmor 4.0.0~alpha2-0ubuntu3 ships same file as liblxc-common

Uploaded in apparmor 4.0.0~alpha2-0ubuntu4 - currently waiting to build etc - https://launchpad.net/ubuntu/mantic/+queue?queue_state=3_text=apparmor ** Changed in: apparmor (Ubuntu) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu

[Touch-packages] [Bug 2035315] Re: Unprivileged user namespace restrictions break various applications

As seen in https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2036302 it turns out the lxc package already shipped a profile in /etc/apparmor.d/usr.bin.lxc-create - so this profile itself needs to be updated to add the userns permission and declare the new ABI in lxc in mantic. ** Also

[Touch-packages] [Bug 2036698] [NEW] Unprivileged user namespace restrictions break various third-party applications

Public bug reported: Similar to https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2035315 the proposed unprivileged user namespace restrictions feature of apparmor in mantic breaks various third-party applications that use unprivileged userns for sandboxing themselves. These include: -

[Touch-packages] [Bug 2036698] Re: Unprivileged user namespace restrictions break various third-party applications

** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Alex Murray (alexmurray) ** Changed in: apparmor (Ubuntu) Importance: Undecided => High ** Changed in: apparmor (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member

[Touch-packages] [Bug 2036128] Re: [FFe] enable unprivileged user namespace restrictions by default for mantic

FYI I redid this change again on top of the fix from https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2036302 and have uploaded it to the aforementioned PPA (debdiff is almost identical, except for the different context in debian/changelog) ** Patch added:

[Touch-packages] [Bug 2036128] Re: [FFe] enable unprivileged user namespace restrictions by default for mantic

As discussed with the wider security team, we have decided not to push ahead with this change for mantic and instead will look to enable it very early in the 24.04 devel cycle . Marking as invalid and unsubscribing the release team. ** Changed in: apparmor (Ubuntu) Status: New => Won't Fix

[Touch-packages] [Bug 2036128] Re: [FFe] enable unprivileged user namespace restrictions by default for mantic

** Changed in: apparmor (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/2036128 Title: [FFe] enable unprivileged user namespace

[Touch-packages] [Bug 2036128] Re: [FFe] enable unprivileged user namespace restrictions by default for mantic

@vorlon - the FFe you approved was to upload a whole new release apparmor-4.0.0~alpha2 with supporting infrastructure for this feature, but crucially it did not enable it at that time (as we wanted more time to add additional profiles for all the packages in the archive so that when then feature

[Touch-packages] [Bug 2039589] Re: Nwidia driver Ubuntu bug

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1973654] Re: Using debian-installer on a server with a Let's Encrypt cert dies

I believe this is caused by debootstrap - it only uses packages from the release pocket (and this is frozen from the time Ubuntu 20.04 LTS was originally released). This is a known issue https://askubuntu.com/questions/744684/latest-security-updates-with- debootstrap but I am not sure if there is

[Touch-packages] [Bug 1975408] Re: Performance is much worse than expected (Normal friendly behaviors)

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1975407] Re: pulseaudio is getting crashed

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1975381] Re: firewall gets disabled

Thank you for taking the time to report this bug and helping to make Ubuntu better. Unfortunately we can't fix it, because your description didn't include enough information. You may find it helpful to read 'How to report bugs effectively' http://www.chiark.greenend.org.uk/~sgtatham/bugs.html.

[Touch-packages] [Bug 1871148] Re: services start before apparmor profiles are loaded

@mardy I thought we had snapd.apparmor specifically to avoid this scenario but I can't see that service mentioned at all in systemd- analyze plot... -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1969896] Re: Evince Document Viewer(42.0) does not remember last page in 22.04 and opens in a tiny window when launched

Kinetic) Importance: High Status: Confirmed ** Changed in: apparmor (Ubuntu Kinetic) Status: Confirmed => In Progress ** Changed in: apparmor (Ubuntu Jammy) Status: New => In Progress ** Changed in: apparmor (Ubuntu Kinetic) Assignee: (unassigned) => Al

[Touch-packages] [Bug 1969896] Re: Evince Document Viewer(42.0) does not remember last page in 22.04 and opens in a tiny window when launched

FYI I have sent a MR to the upstream AppArmor project to remove this dbus deny rule from the exo-open abstraction: https://gitlab.com/apparmor/apparmor/-/merge_requests/884 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1978042] Re: adduser doesn't support extrausers for group management

This looks like a duplicate of LP: #1959375 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to adduser in Ubuntu. https://bugs.launchpad.net/bugs/1978042 Title: adduser doesn't support extrausers for group management Status

[Touch-packages] [Bug 1977710] Re: /etc/adduser.conf.dpkg-save created by postinst since 3.121ubuntu1

>From what I can see of this postinst this looks to be a bug from adduser in debian itself - and would appear to come from https://salsa.debian.org/debian/adduser/-/blob/master/debian/postinst#L33 - ie. if the default value is unchanged then an /etc/adduser.conf.dpkg- save is always generated when

[Touch-packages] [Bug 283115] Re: Gimp: toolbox windows can't be minimized

** Changed in: gimp (Ubuntu) Status: Fix Released => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu. https://bugs.launchpad.net/bugs/283115 Title: Gimp: toolbox windows can't be minimized

[Touch-packages] [Bug 1971288] Re: Merge libseccomp from Debian unstable for kinetic

ges: - Update autopkgtests to use syscalls from 5.16-rc1 -- Alex Murray Thu, 24 Feb 2022 09:53:35 +1030 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1971288/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages P

[Touch-packages] [Bug 1972654] Re: [security review] Sync policykit-1 0.120-6 (main) from Debian experimental

> I do not intend to take further action to modify those packages. If it is a > blocker for Ubuntu > that they are fixed, then someone from Ubuntu will need to do that work. Given the relationship between the packages has now changed - ie. polkitd-pkla is not mutually exclusive from the

[Touch-packages] [Bug 1810241] Re: NULL dereference when decompressing specially crafted archives

Thanks I have updated the status of this CVE in the Ubuntu CVE tracker. ** Changed in: tar (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tar in Ubuntu.

[Touch-packages] [Bug 1992930] Re: chromium won't launch at menu when installed; lubuntu kinetic

This current bug looks like LP: #1991691 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1992930 Title: chromium won't launch at menu when installed; lubuntu kinetic

[Touch-packages] [Bug 1994146] Re: [SRU] apparmor - Focal, Jammy

These have now been uploaded to -proposed and are sitting in UNAPPROVED: https://launchpad.net/ubuntu/jammy/+queue?queue_state=1_text=apparmor https://launchpad.net/ubuntu/focal/+queue?queue_state=1_text=apparmor ** Changed in: apparmor (Ubuntu Focal) Status: Confirmed => In Progress **

<    1   2   3   4   >