Ubuntu
hibagent package

Backport IMDSv2 support && do nothing if ODH is configured

Bug #2043739 reported by Mitchell Dzurick on 2023-11-16

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	hibagent (Ubuntu)	Fix Released	Undecided	Mitchell Dzurick
	Xenial	Fix Released	Undecided	Mitchell Dzurick
	Bionic	Fix Released	Undecided	Mitchell Dzurick
	Focal	Fix Released	Undecided	Mitchell Dzurick
	Jammy	Fix Released	Undecided	Mitchell Dzurick
	Lunar	Fix Released	Undecided	Mitchell Dzurick
	Mantic	Fix Released	Undecided	Mitchell Dzurick
	Noble	Fix Released	Undecided	Mitchell Dzurick

Bug Description

2 commits need to be backported back to Xenial:

1. IMDSv2 support
https://github.com/aws/ec2-hibernate-linux-agent/commit/559558f28de4456f14b38539eed967df6e1f9217

2. Do nothing if ODH is configured
https://github.com/aws/ec2-hibernate-linux-agent/commit/2ee4ae3fd1333fb3c9aab25bf02b109c3b7b8d9f

IMDSv2 enablement is a security update as IMDSv1 uses an insecure protocol

See original description

Related branches

~mitchdz/ubuntu/+source/hibagent:mitch/bionic-imdsv2

Merged into ubuntu/+source/hibagent:ubuntu/bionic-devel at revision ad55c074c947bc0cfba3c0bdab32d3baabec9d8e

git-ubuntu import: Pending requested 2023-11-20

~mitchdz/ubuntu/+source/hibagent:mitch/xenial-imdsv2

Merged into ubuntu/+source/hibagent:ubuntu/xenial-devel at revision ef48ca8a611aa13347fe7684cdbca8b19b185482

git-ubuntu import: Pending requested 2023-11-17

~mitchdz/ubuntu/+source/hibagent:mitch/focal-imdsv2

Merged into ubuntu/+source/hibagent:ubuntu/focal-devel at revision afb55f8eedeabfeb09d79f4454375566b938d544

git-ubuntu import: Pending requested 2023-11-17

~mitchdz/ubuntu/+source/hibagent:mitch/jammy-imdsv2

Merged into ubuntu/+source/hibagent:ubuntu/jammy-devel at revision 338eda96064f2b4570371bd69f5f2f2b910f571c

git-ubuntu import: Pending requested 2023-11-17

~mitchdz/ubuntu/+source/hibagent:mitch/lunar-imdsv2

Merged into ubuntu/+source/hibagent:ubuntu/lunar-devel at revision b39ef9e02e0bfc36b5eac7ee437676a063f7fd92

git-ubuntu import: Pending requested 2023-11-17

~mitchdz/ubuntu/+source/hibagent:mitch/mantic-imdsv2

Merged into ubuntu/+source/hibagent:ubuntu/mantic-devel at revision 135171b6fb2cbf4e246f49bdeee6dded9e132a68

git-ubuntu import: Pending requested 2023-11-17

~mitchdz/ubuntu/+source/hibagent:mitch/noble-imdsv2

Merged into ubuntu/+source/hibagent:ubuntu/devel at revision 528f788317390c111f894c83f2727dfb7ee2731b

git-ubuntu import: Pending requested 2023-11-17

Mitchell Dzurick (mitchdz) on 2023-11-16

description:

updated

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-11-21:

#1

This bug was fixed in the package hibagent - 1.0.1-0ubuntu2.22.04.2

---------------
hibagent (1.0.1-0ubuntu2.22.04.2) jammy-security; urgency=medium

  * Use imdsv2 and do nothing if ODH is configured (LP: #2043739).
    - d/p/disable-hibernate-test.patch: disable a test that only works on an
      actual EC2 instance.
    - d/p/use-imdsv2: use IMDSv2 instead of IMDSv1. This is important because
      IMDSv1 is an insecure protocol.
    - d/control: add python3-requests as Depends.
    - d/p/do-nothing-if-ODH-is-configured.patch: do nothing if ODH is configured
      this fixes an issue when this package and ec2-hibinit-agent are installed
      and configured at the same time.

-- Mitchell Dzurick <email address hidden> Thu, 16 Nov 2023 16:19:12 -0700

Changed in hibagent (Ubuntu Jammy):
status:	New → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-11-21:

#2

This bug was fixed in the package hibagent - 1.0.1-0ubuntu1.20.04.2

---------------
hibagent (1.0.1-0ubuntu1.20.04.2) focal-security; urgency=medium

  * Use imdsv2 and do nothing if ODH is configured (LP: #2043739).
    - d/p/disable-hibernate-test.patch: disable a test that only works on an
      actual EC2 instance.
    - d/p/use-imdsv2: use IMDSv2 instead of IMDSv1. This is important because
      IMDSv1 is an insecure protocol.
    - d/control: add python3-requests as Depends.
    - d/p/do-nothing-if-ODH-is-configured.patch: do nothing if ODH is configured
      this fixes an issue when this package and ec2-hibinit-agent are installed
      and configured at the same time.

-- Mitchell Dzurick <email address hidden> Thu, 16 Nov 2023 16:19:12 -0700

Changed in hibagent (Ubuntu Focal):
status:	New → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-11-21:

#3

This bug was fixed in the package hibagent - 1.0.1+git20230216.9ac1209f7-0ubuntu1.23.04.1

---------------
hibagent (1.0.1+git20230216.9ac1209f7-0ubuntu1.23.04.1) lunar-security; urgency=medium

  * d/p/do-nothing-if-ODH-is-configured.patch: do nothing if ODH is configured,
    this fixes an issue when this package and ec2-hibinit-agent are installed
    and configured at the same time (LP: #2043739).
  * d/control: add python3-requests as Depends.

-- Mitchell Dzurick <email address hidden> Thu, 16 Nov 2023 15:35:33 -0700

Changed in hibagent (Ubuntu Lunar):
status:	New → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-11-21:

#4

This bug was fixed in the package hibagent - 1.0.1+git20230216.9ac1209f7-0ubuntu1.23.10.1

---------------
hibagent (1.0.1+git20230216.9ac1209f7-0ubuntu1.23.10.1) mantic-security; urgency=medium

  * d/p/do-nothing-if-ODH-is-configured.patch: do nothing if ODH is configured,
    this fixes an issue when this package and ec2-hibinit-agent are installed
    and configured at the same time (LP: #2043739).
  * d/control: add python3-requests as Depends.

-- Mitchell Dzurick <email address hidden> Thu, 16 Nov 2023 15:35:33 -0700

Changed in hibagent (Ubuntu Mantic):
status:	New → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-11-21:

#5

This bug was fixed in the package hibagent - 1.0.1+git20230216.9ac1209f7-0ubuntu3

---------------
hibagent (1.0.1+git20230216.9ac1209f7-0ubuntu3) noble; urgency=medium

* d/p/hibagent-test-use-importlib.patch: use importlib in
test/hibagent_test.py as imp was removed in python3.12 (LP: #2044029).

-- Mitchell Dzurick <email address hidden> Mon, 20 Nov 2023 15:51:14 -0700

Changed in hibagent (Ubuntu Noble):
status:	New → Fix Released

Mitchell Dzurick (mitchdz) on 2023-11-21

Changed in hibagent (Ubuntu Xenial):
assignee:	nobody → Mitchell Dzurick (mitchdz)
Changed in hibagent (Ubuntu Bionic):
assignee:	nobody → Mitchell Dzurick (mitchdz)
Changed in hibagent (Ubuntu Focal):
assignee:	nobody → Mitchell Dzurick (mitchdz)
Changed in hibagent (Ubuntu Jammy):
assignee:	nobody → Mitchell Dzurick (mitchdz)
Changed in hibagent (Ubuntu Lunar):
assignee:	nobody → Mitchell Dzurick (mitchdz)
Changed in hibagent (Ubuntu Mantic):
assignee:	nobody → Mitchell Dzurick (mitchdz)
Changed in hibagent (Ubuntu Noble):
assignee:	nobody → Mitchell Dzurick (mitchdz)
Changed in hibagent (Ubuntu Xenial):
status:	New → Fix Released
Changed in hibagent (Ubuntu Bionic):
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.