lastpass-cli changed bundled CA certificates

Status changed to 'Confirmed' because the bug affects multiple users.

Sorry, I've forgot about this one.
I built package from github sources, it works well. So, I suppose it just enough to rebuild it for the repository.

I confirm this bug also:

$ lpass login --trust <email address hidden>
Error: Peer certificate cannot be authenticated with given CA certificates.

Package: lastpass-cli
Architecture: amd64
Version: 0.7.0-1

Distributor ID: Ubuntu
Description: Ubuntu 16.04.1 LTS
Release: 16.04
Codename: xenial

https://github.com/lastpass/lastpass-cli/issues/242

Maintainer from lastpass here: ubuntu, please just update the build to (at least) 0.7.2 (https://github.com/lastpass/lastpass-cli/releases/tag/v0.7.2) which will fix this; it is still broken in xenial. Versions in yakkety and zesty should be fine.

Also if we can help in this somehow (such as by providing built packages) let me know.

Come on please, maintainer. Seems this package has been broken and out-of-date for a while now :(

Would it be possible to simply hand over maintainership of this package to lastpass?

This package is currently unusable because of this bug. It should either be fixed or removed altogether from xenial -- the current (longstanding) situation is not bearable and does not look very good. :(

It's true that the package is unusable on xenial as it is. However, there's a practical workaround: install the package from the artful release. It has no problematic dependencies. :-)

This happened again today, so all supported releases should probably need fixing.

Nafallo, do you know when 1.0.0-1.2ubuntu2 will appear in the pool? I'd like to test it.

Nafallo, I applied your debdiff to a local build and that sorted me out. Do you have a PPA for this?

Sorry, no, but I built a bionic version in an LXD guest and uploaded it to:
http://people.ubuntu.com/~nafallo/lastpass-cli/bionic/

My plan is to get it sponsored to cuttlefish and then get an SRU done for 18.04.

Why is this hardcoded instead of being configurable? The problem keeps happening again and again rendering lpass useless for long period of times and there doesn't seem to be any improvement in sight.

Nafallo confirmed cosmic is fixed.

Debdiff against 18.04.

> Would it be possible to simply hand over maintainership of this package to lastpass?

For the record, Ubuntu packages are team maintained. Anyone can volunteer a suitable update to Ubuntu; this isn't restricted to specific "maintainers". If lastpass are interested in helping to look after this package in Ubuntu, we'd love to have you do so.

SRU review: this looks fine, except that Launchpad-Bugs-Fixed is missing from the changes file. Can whoever sponsored this upload please ping me, and I'll explain? In the meantime, I'll see about fixing this up myself (after lunch) to avoid holding things up unnecessarily.

Hello Nikolay, or anyone else affected,

Accepted lastpass-cli into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/lastpass-cli/1.0.0-1.2ubuntu2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hi Robie and others,

Sorry guys, since I reported this bug 2 years ago, I gradually switched to Debian system and pass/gopass password manager (even deleted lastpass account). So, currently I don't use neither Ubuntu nor lastpass daily (not because they are any bad, but due personal preferences). For testing new package I'll need couple hours of spare time, which I don't have right now. So, don't wait me, someone else please take an action.

-proposed package works for me and resolves the CA issue.

The verification of the Stable Release Update for lastpass-cli has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package lastpass-cli - 1.0.0-1.2ubuntu2

---------------
lastpass-cli (1.0.0-1.2ubuntu2) bionic; urgency=medium

  * Add debian/patches/0004-revert-removed-certificate-pins.patch:
    - Cherry-pick upstream commit b888411 to revert 46e2a0f
      that disabled some GlobalSign intermediate certificates.
    - This make the client start working again after the LastPass
      servers updated their certificate (LP: #1555562).

 -- Nafallo Bjälevik <email address hidden> Thu, 17 May 2018 14:18:00 +0000