[Group.of.nepali.translators] [Bug 2058934] Re: Missing version.py update
This is fix released in noble via https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/31.2.2 (and noble has 31.2.3 already). ** Changed in: ubuntu-advantage-tools (Ubuntu Noble) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/2058934 Title: Missing version.py update Status in ubuntu-advantage-tools package in Ubuntu: Fix Released Status in ubuntu-advantage-tools source package in Xenial: Fix Committed Status in ubuntu-advantage-tools source package in Bionic: Fix Committed Status in ubuntu-advantage-tools source package in Focal: Fix Committed Status in ubuntu-advantage-tools source package in Jammy: Fix Committed Status in ubuntu-advantage-tools source package in Mantic: Fix Committed Status in ubuntu-advantage-tools source package in Noble: Fix Released Bug description: [ Impact ] The "pro" command-line tool has a "version" parameter that needs to be kept in sync with the package version from d/changelog. This has been forgotten in 31.2.1, and we decided to release 31.2.2 with that fix. [ Test Plan ] Install ubuntu-advantage-tools and run the command: pro version Its output must match the package version from: dpkg -l ubuntu-advantage-tools [ Where problems could occur ] The most common problem here is to rebuild the package with a new version, or new suffix, and forgetting to update version.py again. Another problem is that the version.py update could be the wrong version, but the test plan is looking for that exactly. [ Other Info ] Not at this time. [ Original Description ] https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/31.2.1 missed a corresponding uaclient/version.py version update to match d/changelog. It was fixed in https://launchpad.net/ubuntu/+source/ubuntu-advantage- tools/31.2.2 without a changelog reference, and we should use this bug for the same change for the upcoming SRU in https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage- tools/+bug/2057937 Version 31.2.1 was not technically released as an SRU yet, it briefly existed in the unapproved queues without the uaclient/version.py fix, but was rejected in time. Technically we could add the corresponding version.py fix and use 31.2.1 in the SRUs, but we prefer to keep the stable releases using the same version everywhere, including devel. So let's make a 31.2.2 for the SRU, matching noble, and use this bug to track that. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2058934/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 2057937] Re: apt-news.service reporting errors after ubuntu-pro-client install
** Changed in: ubuntu-advantage-tools (Ubuntu)
Status: Incomplete => Triaged
** Changed in: ubuntu-advantage-tools (Ubuntu)
Importance: Undecided => High
** Changed in: ubuntu-advantage-tools (Ubuntu)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
** Also affects: ubuntu-advantage-tools (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: ubuntu-advantage-tools (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: ubuntu-advantage-tools (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: ubuntu-advantage-tools (Ubuntu Noble)
Importance: High
Assignee: Andreas Hasenack (ahasenack)
Status: Triaged
** Also affects: ubuntu-advantage-tools (Ubuntu Mantic)
Importance: Undecided
Status: New
** Also affects: ubuntu-advantage-tools (Ubuntu Jammy)
Importance: Undecided
Status: New
** Changed in: ubuntu-advantage-tools (Ubuntu Mantic)
Status: New => Triaged
** Changed in: ubuntu-advantage-tools (Ubuntu Jammy)
Status: New => Triaged
** Changed in: ubuntu-advantage-tools (Ubuntu Focal)
Status: New => Triaged
** Changed in: ubuntu-advantage-tools (Ubuntu Bionic)
Status: New => Triaged
** Changed in: ubuntu-advantage-tools (Ubuntu Xenial)
Status: New => Triaged
** Changed in: ubuntu-advantage-tools (Ubuntu Xenial)
Importance: Undecided => High
** Changed in: ubuntu-advantage-tools (Ubuntu Bionic)
Importance: Undecided => High
** Changed in: ubuntu-advantage-tools (Ubuntu Focal)
Importance: Undecided => High
** Changed in: ubuntu-advantage-tools (Ubuntu Jammy)
Importance: Undecided => High
** Changed in: ubuntu-advantage-tools (Ubuntu Mantic)
Importance: Undecided => High
** Changed in: ubuntu-advantage-tools (Ubuntu Mantic)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
** Changed in: ubuntu-advantage-tools (Ubuntu Jammy)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
** Changed in: ubuntu-advantage-tools (Ubuntu Focal)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
** Changed in: ubuntu-advantage-tools (Ubuntu Bionic)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
** Changed in: ubuntu-advantage-tools (Ubuntu Xenial)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/2057937
Title:
apt-news.service reporting errors after ubuntu-pro-client install
Status in ubuntu-advantage-tools package in Ubuntu:
Triaged
Status in ubuntu-advantage-tools source package in Xenial:
Triaged
Status in ubuntu-advantage-tools source package in Bionic:
Triaged
Status in ubuntu-advantage-tools source package in Focal:
Triaged
Status in ubuntu-advantage-tools source package in Jammy:
Triaged
Status in ubuntu-advantage-tools source package in Mantic:
Triaged
Status in ubuntu-advantage-tools source package in Noble:
Triaged
Bug description:
After ubuntu-pro-client was installed the following errors are being
logged.
Mar 14 09:00:11 edmonton systemd[1]: Starting Update APT News...
Mar 14 09:00:11 edmonton systemd[2927302]: apt-news.service: Failed to
prepare AppArmor profile chang
e to ubuntu_pro_apt_news: No such file or directory
Mar 14 09:00:11 edmonton systemd[2927302]: apt-news.service: Failed at step
APPARMOR spawning /usr/bi
n/python3: No such file or directory
The updates that started the problem:
Start-Date: 2024-03-13 22:00:22
Commandline: apt-get -y -o Dpkg::Options::=--force-confnew dist-upgrade
Install: ubuntu-pro-client:amd64 (31.2~22.04, automatic)
Upgrade: ubuntu-advantage-tools:amd64 (30~22.04, 31.2~22.04)
End-Date: 2024-03-13 22:00:28
This is happening on all servers where this update is installed.
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: ubuntu-pro-client 31.2~22.04
ProcVersionSignature: Ubuntu 5.15.0-91.101-generic 5.15.131
Uname: Linux 5.15.0-91-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Thu Mar 14 10:02:35 2024
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: ubuntu-advantage-tools
UpgradeStatus: No upgrade log present (probably fresh install)
apparmor_logs.txt:
cloud-id.txt-error: Invalid command specified 'cloud-id'.
livepatch-status.txt-error: Invalid command specified
'/snap/bin/canonical-livepatch status'.
uaclient.conf:
contract_url: https://contracts.canonical.com
log_level: debug
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+sou
[Group.of.nepali.translators] [Bug 1990450] Re: Show potential Ubuntu Pro updates and apt news messages
I see 1:16.04.21 is in xenial unapproved, and it fixes the above crash. ** Changed in: update-manager (Ubuntu Xenial) Status: Fix Released => Fix Committed ** Tags removed: verification-done-xenial ** Tags added: verification-needed-xenial -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1990450 Title: Show potential Ubuntu Pro updates and apt news messages Status in update-manager package in Ubuntu: Fix Released Status in update-manager source package in Xenial: Fix Committed Status in update-manager source package in Bionic: Fix Released Status in update-manager source package in Focal: Fix Released Status in update-manager source package in Jammy: Fix Released Status in update-manager source package in Kinetic: Fix Released Status in update-manager source package in Lunar: Won't Fix Status in update-manager source package in Mantic: Won't Fix Status in update-manager source package in Noble: Fix Released Bug description: [Impact] Show the Ubuntu Pro (aka Ubuntu Advantage) updates that would be enabled if you attached this machine. This information is not currently shown. The new revision also update the reference to the Software Properties' Livepatch tab which doesn't exist anymore since bug #2003527 and was replaced by Ubuntu Pro. There is also a new section 'News' showing the apt-news messages if there are any available and some layout changes to accommodate for the new section [Test Case] 1. Do fresh install of Ubuntu with available updates 2. Check there are updates available by running: $ pro security-status Note that updates are only available for older LTS releases. If there are no Pro specific updates available, install any package listed in https://esm.ubuntu.com/apps/ubuntu/dists/jammy-apps-security/main/binary-amd64/Packages (without attaching your machine!) 3. Open update-manager -> There should be a 'Ubuntu Pro security updates (Enable in Settings...)' section at the bottom of the updates list showing disabled and including under it the name of the packages that would be available if pro was enabled 4. start software-properties, go to the ubuntu pro tab and attach to a pro account 5. close software-properties and restart update-manager -> There should be a 'Ubuntu Pro security updates' section at the bottom of the updates list showing enabled and including under it packages updated provided by pro that can be installed 6. Check the top of the update-manager dialog If there is a message available on the server $ curl https://motd.ubuntu.com/aptnews.json with a timestamp older than one month then a 'news' section should be displayed including the message if there isn't a recent post on the server it can be tested locally with the steps from #31 [Regression Potential] Possibility of introducing new bugs. The new livepatch->ubuntu pro string change will not be translated until the next language pack refresh To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1990450/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 2043425] Re: Details pane against unavailable Pro updates is misleading
Hello Robie, or anyone else affected, Accepted update-manager into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/update- manager/1:16.04.21 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-xenial. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: update-manager (Ubuntu Xenial) Status: Fix Released => Fix Committed ** Tags removed: verification-done verification-done-xenial ** Tags added: verification-needed verification-needed-xenial -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/2043425 Title: Details pane against unavailable Pro updates is misleading Status in update-manager package in Ubuntu: Fix Released Status in update-manager source package in Xenial: Fix Committed Status in update-manager source package in Bionic: Fix Released Status in update-manager source package in Focal: Fix Committed Status in update-manager source package in Jammy: Fix Released Status in update-manager source package in Noble: Fix Released Bug description: * Impact If Pro is not enabled, then the details pane against a Pro update misleads the user into believing that there is no update available. Example of someone being misled: https://inteltechniques.com/blog/2023/11/12/ubuntu-pro-shenanigans/ Expected results: either no details presented, or the actual details of the potential Pro update presented Actual results: a message that implies that there is no update available for this package, Pro or not. * Test Case Install the update on a system not attached to Pro, select an update in the Pro section, check the 'Version available' string, it should reflect the version that would be installed if pro was enabled * Regression potential The change is in the code getting the available version to display, if the logic was wrong it could lead to have the 'available version' label being missing or incorrect. The code could hit an exception if there was not non expected value To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/2043425/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 2045918] Re: [SRU] Fix crash caused by updating update-manager from inside itself
Hello errors.ubuntu.com, or anyone else affected, Accepted update-manager into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/update- manager/1:16.04.21 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-xenial. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: update-manager (Ubuntu Xenial) Status: Fix Released => Fix Committed ** Tags removed: verification-done verification-done-xenial ** Tags added: verification-needed verification-needed-xenial -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/2045918 Title: [SRU] Fix crash caused by updating update-manager from inside itself Status in update-manager package in Ubuntu: Fix Released Status in update-manager source package in Xenial: Fix Committed Status in update-manager source package in Bionic: Fix Released Status in update-manager source package in Focal: Fix Released Status in update-manager source package in Jammy: Fix Released Status in update-manager source package in Mantic: Won't Fix Bug description: Impact -- LP:1990450 introduced Ubuntu Pro updates and news to update-manager, but also a bug whereby updating update-manager itself while update- manager is running replaces its UI files with a version incompatible with the already running handle of update-manager, subsequently causing a crash when the latter references an widget existing only in the old UI file. In other words, update-manager crashes if the user tries installing the new update-manager release from inside itself. Even though updates would have been installed successfully at that point and subsequent runs of update-manager would not crash, the user is none the wiser and is most likely left worried about his resulting system state. Test case - 1. Have the old version of Update Manager installed and the proposed version available in the Apt database, such that, in Jammy for example, 'apt install --dry-run --verbose-versions' would report update-manager (1:22.04.9 => 1:22.04.19) 2. Start update-manager from a terminal. 3. Make sure 'Software Updater' is selected in the list. We don't care about any other package for this test. 4. Click 'Install now'. The installation must complete successfully and the view must be automatically recalculated. Verify that the application didn't crash (no tracebacks in the terminal window) and confirm with 'apt policy update-manager' that the new version was indeed installed. To note --- The recalculated view will not include references to Ubuntu Pro (neither news pane nor Ubuntu Pro updates section), as it is still the old version of the program that is running. Regression potential GTK is very finicky about its *.ui files; We must look out for other widgets failing to map or being relocated. Original report --- The Ubuntu Error Tracker has been receiving reports about a problem regarding update-manager. This problem was most recently seen with package version 1:22.04.17, the problem page at https://errors.ubuntu.com/problem/7b4facc926a743e632733dcc290e7cd5623b6eb0 contains more details, including versions of packages affected, stacktrace or traceback, and individual crash reports. If you do not have access to the Ubuntu Error Tracker and are a software developer, you can request it at http://forms.canonical.com/reports/. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/2045918/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help :
[Group.of.nepali.translators] [Bug 2049785] Re: /usr/bin/update-manager:json.decoder.JSONDecodeError:/bin/update-manager@118:start_update:start_available:refresh_cache:_get_ua_security_status:load:loa
Hello errors.ubuntu.com, or anyone else affected, Accepted update-manager into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/update- manager/1:16.04.21 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-xenial. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: update-manager (Ubuntu Xenial) Status: Fix Released => Fix Committed ** Tags removed: verification-done verification-done-xenial ** Tags added: verification-needed verification-needed-xenial -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/2049785 Title: /usr/bin/update-manager:json.decoder.JSONDecodeError:/bin/update- manager@118:start_update:start_available:refresh_cache:_get_ua_security_status:load:loads:decode:raw_decode Status in update-manager package in Ubuntu: Fix Released Status in update-manager source package in Xenial: Fix Committed Status in update-manager source package in Bionic: Fix Released Status in update-manager source package in Focal: Fix Released Status in update-manager source package in Jammy: Fix Released Bug description: * Impact The new Ubuntu Pro integration hits an exception when the pro client call isn't returning a value json output * Test case Check that reports on https://errors.ubuntu.com/problem/741dff427bf59c3208da3b509caf1e8d2385fdea stop Also on a system not connected to pro, install an old ubuntu- advantage-tools 27 (outdated version), disconnect from internet and start update-manager, it should list the updates and not error out * Regression potential The code is changing the callback to get the list of pro updates to use the ubuntu-advantage-tools python API instead of calling the cmdline client. If there is an issue with the new API the pro updates listing on non pro-attached system could be incorrect or the client could hit a new exception -- In JournalErrors: ---> Failed to access URL: https://contracts.canonical.com/v1/resources?architecture=amd64=5.15.0-91-generic=focal Cannot verify certificate of server Please check your openssl configuration. [info] A new version is available: 30~20.04 Please run: sudo apt-get install ubuntu-advantage-tools <--- Is it the ubuntu-advantage-tools version problem, is it the failure to access contracts.canonical.com? Should we switch to calling the API directly as in 24.04[1] or handle the exception? [1] https://code.launchpad.net/~nteodosio/update-manager/+git/update- manager/+merge/456088 -- The Ubuntu Error Tracker has been receiving reports about a problem regarding update-manager. This problem was most recently seen with package version 1:20.04.10.18, the problem page at https://errors.ubuntu.com/problem/741dff427bf59c3208da3b509caf1e8d2385fdea contains more details, including versions of packages affected, stacktrace or traceback, and individual crash reports. If you do not have access to the Ubuntu Error Tracker and are a software developer, you can request it at http://forms.canonical.com/reports/. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/2049785/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 2051115] Re: ubuntu pro integration interferes with dist-upgrade prompting
Hello Sebastien, or anyone else affected, Accepted update-manager into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/update- manager/1:16.04.21 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-xenial. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: update-manager (Ubuntu Xenial) Status: Fix Released => Fix Committed ** Tags removed: verification-done verification-done-xenial ** Tags added: verification-needed verification-needed-xenial -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/2051115 Title: ubuntu pro integration interferes with dist-upgrade prompting Status in update-manager package in Ubuntu: Fix Released Status in update-manager source package in Xenial: Fix Committed Status in update-manager source package in Bionic: Fix Released Status in update-manager source package in Focal: Fix Released Status in update-manager source package in Jammy: Fix Released Status in update-manager source package in Noble: Fix Released Bug description: The listing of Ubuntu Pro packages has been introduced in recent versions of update-manager, but as an undesired consequence, in up to date machines unattached to Ubuntu Pro, update-manager stopped prompting to upgrade to a next supported release. Ubuntu Pro packages should be merely an addition to this program and not alter its main behavior. [Test plan] ---> ua detach --assume-yes apt update apt upgrade apt install hello update-manager <--- Instead of listing Ubuntu Pro packages (the hello one, for example, always has a ESM update) that would be installable if the user attached to Ubuntu Pro, the update-manager window should simply do as it did in older versions, namely, state that software is up to date, and, if a newer LTS is available, suggest to the user to update to it. [Where problems could occur] The Pro packages should still be listed as such (i.e. under their own section, "Ubuntu Pro security updates", in the package listing) in case there is at least one upgradable package (as of 'apt list --upgradable'), whether the machine is attached, in which case the Ubuntu Pro section is sensitive, or unattached to Ubuntu Pro, in which case it is insensitive. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/2051115/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 2037584] Re: ubuntu-pro-client-l10n translations are stripped
This is in mantic already: https://launchpad.net/ubuntu/+source/pkgbinarymangler/154 ** Changed in: pkgbinarymangler (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/2037584 Title: ubuntu-pro-client-l10n translations are stripped Status in pkgbinarymangler package in Ubuntu: Fix Released Status in pkgbinarymangler source package in Xenial: New Status in pkgbinarymangler source package in Bionic: New Status in pkgbinarymangler source package in Focal: New Status in pkgbinarymangler source package in Jammy: New Status in pkgbinarymangler source package in Lunar: New Bug description: [ Impact ] In the upcoming version of ubuntu-advantage-tools, we will ship translation files in a new separate binary package called ubuntu-pro- client-l10n. If you build ubuntu-pro-client-l10n with the current version of pkgbinarymangler, then translations are stripped and tarballed for inclusion in the langpack. We specifically don't want these translations included in the langpack for any release because pro- client gets updates (including strings) more frequently and many more times than langpacks get built. In order to ship those translation files in ubuntu-pro-client-l10n we need to stop pkgbinarymangler from stripping them at build time. pkgbinarymangler has striptranslations.blacklist specifically for this purpose, so the fix is to add ubuntu-pro-client-l10n to that list. [ Test Plan ] Since the ubuntu-pro-client-l10n package is only getting introduced in the next version of ubuntu-advantage-tools (v30), the fixing and testing of this bug needs to be closely coordinated with the release of u-a-t. Once u-a-t v30 is fully reviewed and ready to move to -proposed, we will first upload the fix of this bug to -proposed and wait for the binary proposed publication of pkgbinarymangler to complete. Then we will accept u-a-t v30 to -proposed. In order to test that this bug is fixed, we will check that the binary ubuntu-pro-client-l10n package built from u-a-t v30 in -proposed contains the appropriate translation files. We will also verify that translations are working in u-a-t when ubuntu-pro-client-l10n is installed. After showing all of that working together, we can mark this bug as verification-done [ Where problems could occur ] striptranslations.blacklist is a list of regexes, so if `ubuntu-pro- client-l10n` accidentally matches some other package, then that package would not have its translations stripped either. Generally, new packages in -updates on ESM releases such as xenial and bionic (perhaps aside from u-a-t) are surprising and unexpected to users. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pkgbinarymangler/+bug/2037584/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 2004476] Re: [SRU] Allow openscap to be less strict about epoch digit and able to build security certification projects
** Changed in: openscap (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/2004476 Title: [SRU] Allow openscap to be less strict about epoch digit and able to build security certification projects Status in openscap package in Ubuntu: Fix Released Status in openscap source package in Trusty: Fix Committed Status in openscap source package in Xenial: Fix Committed Status in openscap source package in Bionic: Fix Released Status in openscap source package in Focal: Fix Released Status in openscap source package in Jammy: Fix Released Status in openscap source package in Kinetic: Fix Released Bug description: [Impact] Back in [1] where we added dpkg version comparison algorithm, we were too strict about the epoch number, where oscap would return an error message if no epoch number was provided. This SRU backports the fix provided to upstream [2] and released with openscap 1.3.7, meaning lunar is not affected by it. [Test Case] Attached to this bug is a zip file that contains OVAL data for one package (expat) and data of one CVE (CVE-2022-43680). The OVAL data is in both OCI and non-OCI format. The test consists of comparing the installed version of the mentioned packages, to different versions where the CVE could have been fixed. Testing procedure (Bionic): $ sudo apt update $ sudo apt install libopenscap8 $ sudo apt install libexpat1 $ tar -xzf test-data.tar.gz $ cd test-data/ $ ./run.sh Here is the output of the test, with current openscap in jammy: $ ./run.sh oscap oval eval com.ubuntu.jammy.cve.oval.xml Definition oval:com.ubuntu.jammy:def:20224368: error Definition oval:com.ubuntu.jammy:def:100: true OpenSCAP Error: Invalid epoch. [../../../../src/OVAL/results/oval_cmp_evr_string.c:399] oscap oval eval oci.com.ubuntu.jammy.cve.oval.xml Definition oval:com.ubuntu.jammy:def:20224368: error OpenSCAP Error: Invalid epoch. [../../../../src/OVAL/results/oval_cmp_evr_string.c:399] and the output of the test, with patched openscap in jammy: $ ./run.sh oscap oval eval com.ubuntu.jammy.cve.oval.xml Definition oval:com.ubuntu.jammy:def:20224368: false Definition oval:com.ubuntu.jammy:def:100: true Evaluation done. oscap oval eval oci.com.ubuntu.jammy.cve.oval.xml Definition oval:com.ubuntu.jammy:def:20224368: false Evaluation done. [Where problems could occur] The patch touches the comparison algorithm, so any regressions that it might have, might impact the comparison and scanning results. [Other Info] The epoch issue affects all releases from Bionic to Kinetic, and it also Trusty ESM and Xenial ESM and we will be handling those in the ESM PPAs. The versioning algorithm implemented is based on dpkg's algorithm. Upstream accepted and merged the Debian epoch fix to its maint-1.3 branch and it already made into 1.3.7 version [3] [1] https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1911791 [2] https://github.com/OpenSCAP/openscap/pull/1901 [3] https://github.com/OpenSCAP/openscap/releases/tag/1.3.7 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2004476/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 2006508] Re: /usr/lib/ubuntu-advantage/esm_cache.py:RuntimeError:/usr/lib/ubuntu-advantage/esm_cache.py@22:main:update_esm_caches:is_current_series_lts:get_platform_
** Also affects: ubuntu-advantage-tools (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: ubuntu-advantage-tools (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: ubuntu-advantage-tools (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: ubuntu-advantage-tools (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: ubuntu-advantage-tools (Ubuntu Lunar) Importance: Undecided Status: New ** Also affects: ubuntu-advantage-tools (Ubuntu Kinetic) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/2006508 Title: /usr/lib/ubuntu-advantage/esm_cache.py:RuntimeError:/usr/lib/ubuntu- advantage/esm_cache.py@22:main:update_esm_caches:is_current_series_lts:get_platform_info Status in ubuntu-advantage-tools package in Ubuntu: New Status in ubuntu-advantage-tools source package in Xenial: New Status in ubuntu-advantage-tools source package in Bionic: New Status in ubuntu-advantage-tools source package in Focal: New Status in ubuntu-advantage-tools source package in Jammy: New Status in ubuntu-advantage-tools source package in Kinetic: New Status in ubuntu-advantage-tools source package in Lunar: New Bug description: [Original Description] The Ubuntu Error Tracker has been receiving reports about a problem regarding ubuntu-advantage-tools. This problem was most recently seen with package version 27.13.3~22.04.1, the problem page at https://errors.ubuntu.com/problem/40e03a6c527c3448d3cebf9af7558e3f64887e4d contains more details, including versions of packages affected, stacktrace or traceback, and individual crash reports. If you do not have access to the Ubuntu Error Tracker and are a software developer, you can request it at http://forms.canonical.com/reports/. [Impact] User will see a degrade state on systemd because the `esm_cache` job will fail, since it cannot properly parse /etc/os-release. This is probably affecting releases that are ubuntu based, and not Ubuntu itself. [ Test Case ] Scenario 1: 1) Launch a LXD container with an affected Ubuntu release 2) Install the Pro client version with the fix 3) Modify /etc/os-release so that we don't have the fields VERSION, VERSION_CODENAME and VERSION_ID 4) Run the esm_cache job and verify that it doesn't break anymore 5) Check /var/log/ubuntu-advantage.log to see that we have alerted the user about this scenario Scenario 2: 1) Launch a LXD container with an affected Ubuntu release 2) Install the Pro client version with the fix 3) Modify /etc/os-release so that we don't have the fields VERSION_CODENAME and VERSION_ID and change VERSION to "22.04 LTS (modified to 22.04 LTS)" 4) Run the esm_cache job and verify that it doesn't break anymore 5) Check /var/log/ubuntu-advantage.log to see that we have alerted the user about this scenario Scenario 3: 1) Launch a LXD container with an affected Ubuntu release 2) Install the Pro client version with the fix 3) Modify /etc/os-release so that VERSION is set to "22.04 LTS (modified to 22.04 LTS)" 4) Run the esm_cache job and verify that it doesn't break anymore 5) Check /var/log/ubuntu-advantage.log to see that the job did not generated any error logs [ Regression potential ] We are modifying how we collect information from /etc/os-release. If we have a mismatch between VERSION_ID and VERSION_CODENAME from VERSION, we might now pass different information to the contract server. However, we believe this is low risk, as those fields should be consistent among themselves [ Discussion] Before running the esm_cache job, we check to see if the machine is an ESM release. To perform that check, we gather information from /etc/os-release. If we cannot find the require information there, we raise an Exception that is not being treated on the esm_cache job. We are now not only handling better how we extract information from /etc/os-release, but also making the esm_cache job more resilient to potential unexpected exceptions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2006508/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1999567] Re: [SRU] Bring translations from launchpad
** Also affects: update-notifier (Ubuntu Kinetic) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1999567 Title: [SRU] Bring translations from launchpad Status in update-notifier package in Ubuntu: New Status in update-notifier source package in Xenial: New Status in update-notifier source package in Bionic: New Status in update-notifier source package in Focal: New Status in update-notifier source package in Jammy: New Status in update-notifier source package in Kinetic: New Bug description: [Impact] In the last couple releases we have not updated the translations from Launchpad. We are bringing them to the source package in an effort to unblock this SRU release: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1991030 This is because the launchpad translations already have the "pro status" string properly translated. Not only this will unblock this SRU, but it will make the package aligned with the launchpad translations. [Test Case] To test this change, we will need to verify if the message: See https://ubuntu.com/esm or run: sudo pro status Is correctly translated for the languages that have added support for this message. [Regression Potential] Since we are bringing the translations from launchpad, there could be translations done directly in the package that are now missed. Although this is unlikely, since the translations on Launchpad are better maintained them the ones in the package. Note that update-notifier is not using language pack (reasons in https://launchpad.net/bugs/562900) so it relies on translations updates to be included in the source. We used to do such 'export translations for launchpad and include them in the vcs' but that hadn't been done since 2013 which means none of the strings added in the last years for ua and now ubuntu pro have a working translation today, such the risk of regression a translated string there is rather inexistant [Other Info] We have some gray areas regarding the verification of this bug. The target message: See https://ubuntu.com/esm or run: sudo pro status Is not translated into all Ubuntu releases, like Xenial. For those releases, we are then just updating the translations using the Launchpad language packs. Therefore, we might need future SRUs just to update the translation of new messages into these releases. Additionally, we are still searching for a good way to just verify translation updates in the package. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1999567/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1996424] Re: [SRU] ubuntu-advantage-tools (27.11.3 -> 27.12) Xenial, Bionic, Focal, Jammy, Kinetic
** Also affects: ubuntu-advantage-tools (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: ubuntu-advantage-tools (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: ubuntu-advantage-tools (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: ubuntu-advantage-tools (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: ubuntu-advantage-tools (Ubuntu Kinetic) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1996424 Title: [SRU] ubuntu-advantage-tools (27.11.3 -> 27.12) Xenial, Bionic, Focal, Jammy, Kinetic Status in ubuntu-advantage-tools package in Ubuntu: New Status in ubuntu-advantage-tools source package in Xenial: New Status in ubuntu-advantage-tools source package in Bionic: New Status in ubuntu-advantage-tools source package in Focal: New Status in ubuntu-advantage-tools source package in Jammy: New Status in ubuntu-advantage-tools source package in Kinetic: New Bug description: [Impact] This release mostly include new features for the pro client. They are: * Add functionality to show if the system requires a reboot or not. This functionality can be accessed through our API or the CLI. * Add api support for some security-status information: - package summary information - list of available package updates - livepatch cves information * Add api entry point to show packages installed in the machine as a manifest file * Add retry mechanism for auto-attach on Pro cloud instances Additionally, we are performing some refactorings in the code as well, for example: * Remove package override logic when enabling FIPS services. Now we are relying exclusively on what the Contract server tell us when we install the FIPS metapackage. * Use the auto_attach api on the CLI [Test Case] The following development and SRU process will be followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened. [Regression Potential] There are 3 main concerns that we have regarding this release. They are: * Installing incorrect FIPS metapackages: Now that we are only relying on the Contract Server to tell us which FIPS metapackage to install in the system, we can install incorrect metapackages if the Contract Server deliver us wrong information. * Change return code for auto-attach CLI commands Previously, in the case where the user tried to auto attach using the cli `pro auto-attach` on instances that were already attached or have disable_auto_attach configured as true in the uaclient.conf file, the cli exited with a 0 exit_code. We are changing those return code and that can harm users that are relying on a non-error execution under those conditions. * Adding another service to the daemon To make the retry auto-attach service works, we added a new service to our existing daemon. This service should only run for Pro instances if auto-attach fails. However, due to the already existing GCP service we have for GCP Pro instances, there could be unknown interactions between them, which could make unexpected changes on the machine. However, we believe all of those 3 regression potentials are low risk, as we will discuss in the next section. [Discussion] We want to address all of the regression potentials that we have: * Installing incorrect FIPS metapackages: We already have integration tests for all the clouds we support FIPS on. We were not able to detect any case where we installed the incorrect metapackage on those instance. Because of our tests, we believe that this a low risk regression. * Change return code for auto-attach CLI commands The cli returned 0s for on those two scenarios (auto-attach disabled on config and machine already attached) because we would call the cli command on the ua-auto-attach.service systemd unit. If we detected that the user was already attached or had an explicit config disabling that service, we didn't want to show that this service failed. However, we have a dedicated script for that systemd unit now that properly handle those error situations, which will make the systemd unit to not fail if that happens. Additionally, we didn't advertise the use of `pro auto-attach` for programmatic consumption. Therefore we believe it is safe to change the exit codes for those scenarios * Adding another service to the daemon We have created a flow diagram for the new retry auto-attach service:
[Group.of.nepali.translators] [Bug 1980990] Re: [SRU] ubuntu-advantage-tools (27.9 -> 27.10) Xenial, Bionic, Focal, Impish, Jammy
Marking the Impish task as "won't fix" because it's EOL. ** Changed in: ubuntu-advantage-tools (Ubuntu Impish) Status: New => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1980990 Title: [SRU] ubuntu-advantage-tools (27.9 -> 27.10) Xenial, Bionic, Focal, Impish, Jammy Status in ubuntu-advantage-tools package in Ubuntu: Fix Released Status in ubuntu-advantage-tools source package in Xenial: Fix Released Status in ubuntu-advantage-tools source package in Bionic: Fix Released Status in ubuntu-advantage-tools source package in Focal: Fix Released Status in ubuntu-advantage-tools source package in Impish: Won't Fix Status in ubuntu-advantage-tools source package in Jammy: Fix Released Bug description: [Impact] This release sports both bug-fixes and new features such as: * apt-hooks: - replace json APT go hook for a C++ version - only install APT hooks on LTS releases * cli: - properly sort services based on reverse dependencies before running attach/detach - collect-logs command not collect old rotated log files as well - display UA custom user features directly on `ua status` - add support for pro command - create api command with support to version and magic-attach * fix: add --dry-run support * security-status: include download size of package updates * timer: log when job start running See the changelog entry below for a full list of changes and bugs. [Test Case] The following development and SRU process was followed: [https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates](https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates) The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened. [Regression Potential] The goal of this release is to mainly introduce new features and fix some minor bugs. Due to the nature of the bugs we are fixing, we believe they provide low risk of affecting existing users. [Discussion] We have changed our APT json go hook for a C++ version. This effort allows us to drop the go dependencies of the package while also making it smaller. However, due to that change, we might be open to unexpected errors on the new implementation. We have tested the new C++ hook with the same scenario we have used for the go hook and we believe this is not a huge risk. Additionally, we are now sorting the service based on their reverse dependencies before running attach or detach. We were already doing that, but in a partial way. The new solution just make it simpler if we add new services with reverse dependencies, so we don't believe this also poses a huge risk for the users. Finally, all of other changes are new features to the users, so they should pose no bigger threat to existing users. [Changelog] * d/control: - Add ca-certificates dependency * d/rules: - Only install APT hooks on LTS series * New upstream release 27.10 - apt-hook: replace golang with cpp for json-hook - cli + properly sort services for detach/attach (GH: #1831) + collect-logs include rotated log files + display UA features directly on status + Add support for pro command - fix: + update ua portal url when asking for attach + add --dry-run option - gcp-pro: handle metadata endpoint error - security-status: include download size of package updates - timer: log when job start running To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1980990/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 827151] Re: Annoying log message "DIGEST-MD5 common mech free"
Ok, specifically this log message is fixed in 2.1.28: DIGEST-MD5 common mech free Via https://git.launchpad.net/ubuntu/+source/cyrus- sasl2/tree/debian/patches/0001-plugins-digestmd5-Remove-debug-log-mech- free.patch That patch is just in Ubuntu Kinetic for now. But I still see a lot of DIGEST-MD5 noise in the logs when I just attempt a DIGEST-MD5 auth: May 25 19:15:01 k1-sasl-digest ldapwhoami: DIGEST-MD5 client step 2 May 25 19:15:01 k1-sasl-digest ldapwhoami: DIGEST-MD5 parse_server_challenge() May 25 19:15:01 k1-sasl-digest ldapwhoami: DIGEST-MD5 ask_user_info() May 25 19:15:03 k1-sasl-digest ldapwhoami: DIGEST-MD5 client step 2 May 25 19:15:03 k1-sasl-digest ldapwhoami: DIGEST-MD5 ask_user_info() May 25 19:15:03 k1-sasl-digest ldapwhoami: DIGEST-MD5 make_client_response() May 25 19:15:03 k1-sasl-digest ldapwhoami: DIGEST-MD5 create_layer_keys() May 25 19:15:03 k1-sasl-digest ldapwhoami: DIGEST-MD5 client mech dispose May 25 19:15:03 k1-sasl-digest ldapwhoami: DIGEST-MD5 common mech dispose All except the "common mech free" one ;) The fix for that was committed 22 days ago: https://github.com/cyrusimap/cyrus- sasl/commit/cb549ef71c5bb646fe583697ebdcaba93267a237 And also affects kinetic. I'll reopen this bug then, as it's the same type of noise in the same plugin. ** Changed in: cyrus-sasl2 (Ubuntu) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/827151 Title: Annoying log message "DIGEST-MD5 common mech free" Status in Cyrus-sasl2: Fix Released Status in cyrus-sasl2 package in Ubuntu: Triaged Status in cyrus-sasl2 source package in Trusty: Won't Fix Status in cyrus-sasl2 source package in Xenial: Incomplete Status in cyrus-sasl2 source package in Yakkety: Fix Released Status in cyrus-sasl2 source package in Focal: Triaged Status in cyrus-sasl2 source package in Impish: Triaged Status in cyrus-sasl2 source package in Jammy: Confirmed Status in cyrus-sasl2 package in Debian: Fix Released Bug description: I recently updated the libsasl2-modules to 2.1.24~rc1.dfsg1+cvs2011-05-23-4ubuntu1 in oneiric. That triggered the bug also described in Debian here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631932 The annoying message is logged in auth.log. In my case, it is associated with svnserve: svnserve: DIGEST-MD5 common mech free I'm not exactly sure what action triggers the message, but I can investigate more if required. $ lsb_release -rd Description:Ubuntu oneiric (development branch) Release:11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/cyrus-sasl2/+bug/827151/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 827151] Re: Annoying log message "DIGEST-MD5 common mech free"
** Changed in: cyrus-sasl2 (Ubuntu Jammy) Status: In Progress => Fix Released ** Changed in: cyrus-sasl2 (Ubuntu Jammy) Status: Fix Released => Confirmed ** Changed in: cyrus-sasl2 (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/827151 Title: Annoying log message "DIGEST-MD5 common mech free" Status in Cyrus-sasl2: Fix Released Status in cyrus-sasl2 package in Ubuntu: Fix Released Status in cyrus-sasl2 source package in Trusty: Won't Fix Status in cyrus-sasl2 source package in Xenial: Incomplete Status in cyrus-sasl2 source package in Yakkety: Fix Released Status in cyrus-sasl2 source package in Focal: Triaged Status in cyrus-sasl2 source package in Impish: Triaged Status in cyrus-sasl2 source package in Jammy: Confirmed Status in cyrus-sasl2 package in Debian: Fix Released Bug description: I recently updated the libsasl2-modules to 2.1.24~rc1.dfsg1+cvs2011-05-23-4ubuntu1 in oneiric. That triggered the bug also described in Debian here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631932 The annoying message is logged in auth.log. In my case, it is associated with svnserve: svnserve: DIGEST-MD5 common mech free I'm not exactly sure what action triggers the message, but I can investigate more if required. $ lsb_release -rd Description:Ubuntu oneiric (development branch) Release:11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/cyrus-sasl2/+bug/827151/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1719354] Re: apparmor blocking smbd which is in complain mode
Since these samba profiles are experimental, not enabled by default, and
even when enabled by the user, are loaded in "complain" mode, I don't
think it's worth fixing for stable releases of Ubuntu.
Furthermore, they come from the src:apparmor package, not samba, and
that's a risky update for such a small reason. The risk to benefit ratio
is not in favor for this update.
For Jammy (current Ubuntu development release), I filed
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1952242 and I
will commit there most of the needed changes, leaving just the net_admin
one out.
Xenial is EOL, so nothing to be done there.
If you want to address this in Bionic yourself, I suggest this patch for
/etc/apparmor.d/usr.sbin.smbd:
--- a/usr.sbin.smbd
+++ b/usr.sbin.smbd
@@ -49,6 +50,9 @@
/{,var/}run/samba/smbd.pid rw,
/{,var/}run/samba/msg.lock/ rw,
/{,var/}run/samba/msg.lock/[0-9]* rwk,
+ # when started by systemd
+ /{,var/}run/systemd/notify w,
+
/var/spool/samba/** rw,
@{HOMEDIRS}/** lrwk,
** Changed in: samba (Ubuntu Xenial)
Status: Triaged => Won't Fix
** Changed in: samba (Ubuntu Bionic)
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1719354
Title:
apparmor blocking smbd which is in complain mode
Status in samba package in Ubuntu:
Fix Released
Status in samba source package in Xenial:
Won't Fix
Status in samba source package in Bionic:
Won't Fix
Bug description:
This error is occurring because samba is working in user profile and
folder '/run/samba/msg.log' has owner as root. Any log created will be
as root. Hence, samba not able to log anything.
aravind@comp:~$ tail -f /var/log/syslog | grep -i apparmor
Sep 25 21:25:36 comp kernel: [ 4535.034713] audit: type=1400
audit(1506354936.898:275): apparmor="ALLOWED" operation="open"
profile="/usr/sbin/smbd" name="/run/samba/msg.lock/4470" pid=5690 comm="smbd"
requested_mask="w" denied_mask="w" fsuid=0 ouid=0
Sep 25 21:25:36 comp kernel: [ 4535.034719] audit: type=1400
audit(1506354936.898:276): apparmor="ALLOWED" operation="file_lock"
profile="/usr/sbin/smbd" name="/run/samba/msg.lock/4470" pid=5690 comm="smbd"
requested_mask="w" denied_mask="w" fsuid=0 ouid=0
Sep 25 21:27:39 comp kernel: [ 4657.984668] audit: type=1400
audit(1506355059.847:290): apparmor="ALLOWED" operation="mknod"
profile="/usr/sbin/smbd" name="/run/samba/msg.lock/6056" pid=6056 comm="smbd"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Sep 25 21:27:39 comp kernel: [ 4657.984675] audit: type=1400
audit(1506355059.847:291): apparmor="ALLOWED" operation="open"
profile="/usr/sbin/smbd" name="/run/samba/msg.lock/6056" pid=6056 comm="smbd"
requested_mask="wc" denied_mask="wc" fsuid=0 ouid=0
Sep 25 21:27:39 comp kernel: [ 4657.984679] audit: type=1400
audit(1506355059.847:292): apparmor="ALLOWED" operation="file_lock"
profile="/usr/sbin/smbd" name="/run/samba/msg.lock/6056" pid=6056 comm="smbd"
requested_mask="w" denied_mask="w" fsuid=0 ouid=0
Sep 25 21:27:39 comp kernel: [ 4657.984684] audit: type=1400
audit(1506355059.847:293): apparmor="ALLOWED" operation="truncate"
profile="/usr/sbin/smbd" name="/run/samba/msg.lock/6056" pid=6056 comm="smbd"
requested_mask="w" denied_mask="w" fsuid=0 ouid=0
Sep 25 21:27:39 comp kernel: [ 4657.991838] audit: type=1400
audit(1506355059.855:294): apparmor="ALLOWED" operation="unlink"
profile="/usr/sbin/smbd" name="/run/samba/msg.lock/6056" pid=6056 comm="smbd"
requested_mask="d" denied_mask="d" fsuid=0 ouid=0
^C
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: apparmor 2.10.95-0ubuntu2.7
ProcVersionSignature: Ubuntu 4.10.0-35.39~16.04.1-generic 4.10.17
Uname: Linux 4.10.0-35-generic x86_64
NonfreeKernelModules: nvidia_uvm nvidia_drm nvidia_modeset nvidia
ApportVersion: 2.20.1-0ubuntu2.10
Architecture: amd64
CurrentDesktop: Unity
Date: Mon Sep 25 21:27:07 2017
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-4.10.0-35-generic
root=UUID=3bdb5792-d2a2-4f98-97bd-f274c3d0dde1 ro quiet splash
crashkernel=384M-:128M vt.handoff=7
SourcePackage: apparmor
Syslog:
Sep 25 10:34:40 comp dbus[1174]: [system] AppArmor D-Bus mediation is enabled
Sep 25 18:34:05 comp dbus[1083]: [system] AppArmor D-Bus mediation is enabled
Sep 25 20:10:24 comp dbus[1066]: [system] AppArmor D-Bus mediation is enabled
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1719354/+subscriptions
___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help :
[Group.of.nepali.translators] [Bug 1895302] Re: groovy debootstrap leaves /e/d/motd-news.wasremoved around
s:
sudo apt update
sudo apt purge motd-news-config ubuntu-server
apt-cache policy base-files <-- to verify it's from updates
* In this scenario, you should have no /etc/default/motd* files:
$ ll /etc/default/motd*
ls: cannot access '/etc/default/motd*': No such file or directory
* reinstall base-files:
sudo apt install --reinstall base-files
* Before this SRU, this would create /etc/default/motd-news.wasremoved:
$ ll /etc/default/motd*
-rw-r--r-- 1 root root 0 Sep 16 20:24 /etc/default/motd-news.wasremoved
With the package from proposed for this SRU installed, no such file is
created:
$ ll /etc/default/motd*
ls: cannot access '/etc/default/motd*': No such file or directory
[Regression Potential]
This SRU is further changing maintainer scripts, to address an issue in the
previous maintainer script. Should there be new regressions or new issues, it
might get harder and harder to fix them.
I did wonder about the `dpkg -l` call in base-files' postinst. I worried
about locks, or pre-dependencies, but dpkg was already being used in
this script, although not with -l (list), just a version comparison. But
at least it's already installed.
My other worry was with the dpkg -l output and which flags I should
check to determine if ubuntu-server was installed. "^ii" doesn't work,
because ubuntu-server might be being upgraded in the same apt
transaction, but ^i seemed good enough. Furthermore, I changed the check
for a package name that doesn't exist, to see if dpkg -l would complain
and fail the whole script (which runs with set -e), but it was ok and
just behaved as if the package wasn't installed, which is what we need.
[Other Info]
+ The previous SRU at
https://bugs.launchpad.net/ubuntu/+source/base-files/+bug/1888575 and its
attached merge proposals has more detailed info about the history of this
motd-news split, and things that were considered.
- * Anything else you think is useful to include
- * Anticipate questions from users, SRU, +1 maintenance, security teams and
the Technical Board
- * and address these questions in advance
+ Manually, I used debootstrap with --make-tarball, replace the base-files
+ deb, and --unpack-tarball, to simulate debootstrap with an updated base-
+ files, to confirm this change here would fix the debootstrap problem,
+ and it worked. But I deemed it too complicated to describe as a testcase
+ for this SRU. If you, dear SRU reviewer, would prefer this test to be
+ added, please let me know.
[Original Description]
When debootstrapping groovy, we see an empty /etc/default/motd-
news.wasremoved file.
- groovy: base-files 11ubuntu12
-rw-r--r-- 1 root root 0 set 11 10:20 /etc/default/motd-news.wasremoved
If motd-news-config is later installed, maybe via ubuntu-server, then
the presence of this file will disable motd-news by default, which is
unintended as it's meant to be enabled on a server.
** Also affects: base-files (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: base-files (Ubuntu Bionic)
Importance: Undecided
Status: New
** Changed in: base-files (Ubuntu Xenial)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
** Changed in: base-files (Ubuntu Bionic)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
** Changed in: base-files (Ubuntu Xenial)
Status: New => In Progress
** Changed in: base-files (Ubuntu Bionic)
Status: New => In Progress
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1895302
Title:
groovy debootstrap leaves /e/d/motd-news.wasremoved around
Status in base-files package in Ubuntu:
In Progress
Status in base-files source package in Xenial:
In Progress
Status in base-files source package in Bionic:
In Progress
Status in base-files source package in Focal:
In Progress
Bug description:
[Impact]
A fresh install of base-files, like done when using debootstrap, using the
base-files from the -updates repository (in the case of ubuntu stable
releases), will leave an empty /etc/default/motd-news.wasremoved file. This
file is an artifact of the mechanism used to handle a corner case in the
previous SRU where it would signal the motd-news-config package to install
/etc/default/motd-news with ENABLED=0. See testcases (h) and (i) in the
previous base-files SRU at
https://bugs.launchpad.net/ubuntu/+source/base-files/+bug/1888575 for details.
In test case (i) it was acked that the empty .wasremoved file was lying around,
but its impact was deemed not relevant (see [other info] item (a)).
Another case where /etc/default/motd-news.wasremoved would be created
when it shouldn't be is when you have just base-files installed (and
no ubuntu-server or motd-news-config) and did a rei
[Group.of.nepali.translators] [Bug 1888575] Re: Split motd-news config into a new package
This is fixed in groovy already. ** Changed in: ubuntu-meta (Ubuntu Groovy) Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1888575 Title: Split motd-news config into a new package Status in base-files package in Ubuntu: Fix Released Status in ubuntu-meta package in Ubuntu: Fix Released Status in base-files source package in Xenial: Fix Committed Status in ubuntu-meta source package in Xenial: Fix Committed Status in base-files source package in Bionic: Fix Committed Status in ubuntu-meta source package in Bionic: Fix Committed Status in base-files source package in Focal: Fix Committed Status in ubuntu-meta source package in Focal: Fix Committed Status in base-files source package in Groovy: Fix Released Status in ubuntu-meta source package in Groovy: Fix Released Bug description: [Impact] The motd-news script is largely useless for desktop users, as they rarely login via a text console. It makes more sense for server users. We can use package dependencies to have the motd-news script enabled on servers, but disabled on desktops, and still handle upgrades. This is the plan: - move /etc/default/motd-news from base-files into a new binary package (motd-news-config, produced by src:base-files) - have ubuntu-server depend on motd-news-config - have base-files break current ubuntu-server, so that if base-files if upgraded and ubuntu-server is installed, ubuntu-server will also be upgraded to the new version which has the depends on motd-news-config Care must be taken to preserve a changed /etc/default/motd-news when the upgrade installs the new motd-news-config package. For example, on a server that has set ENABLED=0 in /etc/default/motd-news and upgrades to the new base-files and ubuntu-server, and gets the new motd-config- news package, ENABLED=0 must remain set. [Test Case] a) base-files installed, ubuntu-server installed, unmodified /e/d/motd-news apt install base-files - upgrades ubuntu-server - installs motd-news-config - /e/d/motd-news remains, motd-news remains enabled b) base-files installed, ubuntu-server installed, modified /e/d/motd-news apt install base-files - upgrades ubuntu-server - installs motd-news-config - /e/d/motd-news remains with the original modification c) base-files installed, ubuntu-server not installed, unmodified /e/d/motd-news apt install base-files - upgrades base-files - removes /e/d/motd-news - motd-news is disabled d) base-files installed, ubuntu-server not installed, modified /e/d/motd-news apt install base-files - upgrades base-files - /e/d/motd-news gets renamed to backup - motd-news is disabled e) removing motd-news-config will also remove ubuntu-server (since it's a depends, and not a recommends) f) upgrading just ubuntu-server should pull motd-news-config in, and force-upgrade base-files g) Removing motd-news-server leaves /e/d/motd-news around; purging motd-news-server removes the /e/d/motd-news config file h) base-files installed, ubuntu-server installed, removed /e/d/motd-news - apt install base-files - upgrades base-files, upgrades ubuntu-server, installs motd-news-config - /e/d/motd-news is installed with ENABLED=0 i) base-files installed, ubuntu-server NOT installed, removed e/d/motd-news - apt install base-files - base-files is upgraded - no /e/d/motd-news is installed, motd-news remains disabled j) Perform a release upgrade from the previous ubuntu release to the one being tested while having ubuntu-server NOT installed (or use a desktop install). At the end, motd-news should be disabled. Verify with: $ sudo /etc/update-motd.d/50-motd-news --force $ (no output) [Regression Potential] This update is about config file ownership transfer: /e/d/motd-news belonged to base-files, now it belongs to motd-news-config. We tried to handle two important cases here: a) /e/d/motd-news config was changed while it belonged to base-files. For example, an user could have set ENABLED=0. We need to transfer that change to the motd-news-config package when it is installed, otherwise this SRU would jsut re-enabled motd-news. This is handled in d/motd-news-config.postinst's configure case. b) /e/d/motd-news config file was *removed* while it belonged to base-files. In such a case, a normal upgrade of the package (base-files in this example) would not reinstate the file. Much less this upgrade here, which has an explicit rm_conffile maintscript-helper for it. But the motd-news-config package that could be installed in the transaction would place the default config file back, and the default is ENABLED=1. Thus, a system that had motd-news disabled via removing the config file would now have it re-enabled after the
[Group.of.nepali.translators] [Bug 1888572] Re: motd-news: use wget instead of curl
This was fixed for groovy in https://launchpad.net/ubuntu/+source/base- files/11ubuntu9 ** Changed in: base-files (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1888572 Title: motd-news: use wget instead of curl Status in base-files package in Ubuntu: Fix Released Status in base-files source package in Xenial: In Progress Status in base-files source package in Bionic: In Progress Status in base-files source package in Focal: In Progress Bug description: The motd-news script is using curl, but since that is an optional package, there is no guarantee that it will be installed. The script correctly checks for its presence before trying to use it, though, so it won't fail. As we don't want to add such a dependency to the base- files package, we should switch to wget, which is standard. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-files/+bug/1888572/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1576471] Re: broken link to raphael.min.js and missing settings in conf file
This is not worth fixing for trusty, marking it as such. ** Changed in: raphael (Ubuntu Trusty) Status: New => Won't Fix ** Changed in: raphael (Ubuntu Xenial) Status: New => In Progress ** Changed in: raphael (Ubuntu Xenial) Assignee: (unassigned) => Andreas Hasenack (ahasenack) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1576471 Title: broken link to raphael.min.js and missing settings in conf file Status in nzbget package in Ubuntu: Fix Released Status in raphael package in Ubuntu: Fix Released Status in nzbget source package in Trusty: Won't Fix Status in raphael source package in Trusty: Won't Fix Status in nzbget source package in Xenial: Won't Fix Status in raphael source package in Xenial: In Progress Status in nzbget source package in Zesty: Won't Fix Status in raphael source package in Zesty: Won't Fix Bug description: After a fresh install on 16.04 the symbolic link /usr/share/nzbget/webui/lib/raphael.min.js points a broken link. it *should* point to ../../../javascript/raphael/raphael-min.js also, the default conf file /usr/share/nzbget/webui/nzbget.conf does not have certain required settings set like WebDir and ConfigTemplate also, this can be used as the systemd file /etc/systemd/system/nzbget.service [Unit] Description=NZBGet Daemon Documentation=http://nzbget.net/Documentation After=network.target [Service] User=media Group=media Type=forking ExecStart=/usr/bin/nzbget -c /home/media/.nzbget.conf -D ExecStop=/usr/bin/nzbget -Q ExecReload=/usr/bin/nzbget -O KillMode=process Restart=on-failure [Install] WantedBy=multi-user.target To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nzbget/+bug/1576471/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1557157] Re: apparmor profile denied for saslauthd: /run/saslauthd/mux
** Also affects: openldap (Ubuntu Eoan)
Importance: Undecided
Status: New
** Changed in: openldap (Ubuntu Eoan)
Assignee: (unassigned) => Sergio Durigan Junior (sergiodj)
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1557157
Title:
apparmor profile denied for saslauthd: /run/saslauthd/mux
Status in openldap package in Ubuntu:
Fix Released
Status in openldap source package in Trusty:
Won't Fix
Status in openldap source package in Xenial:
Confirmed
Status in openldap source package in Bionic:
Confirmed
Status in openldap source package in Eoan:
Confirmed
Status in openldap source package in Focal:
Confirmed
Status in openldap source package in Groovy:
Fix Released
Bug description:
[Impact]
When using openldap with sasl authentication, the slapd process will
communicate with the saslauthd daemon via a socket in
{,/var}/run/saslauthd/mux. Unfortunately, this will fail in every
Ubuntu release from trusty onwards, because slapd's apparmor profile
doesn't contain the necessary directive to allow it to read/write
from/to the socket specified above.
The fix is simple: just add the necessary directive to allow slapd to
read/write from/to the saslauthd socket.
[Test Case]
One can reproduce the problem by doing:
$ lxc launch ubuntu-daily:groovy openldap-bugbug1557157-groovy
$ lxc shell openldap-bugbug1557157-groovy
# apt install slapd sasl2-bin ldap-utils apparmor-utils
(As the domain name, use "example.com").
# sed -i -e 's/^START=.*/START=yes/' /etc/default/saslauthd
# cat > /etc/ldap/sasl2/slapd.conf << __EOF__
mech_list: PLAIN
pwcheck_method: saslauthd
__EOF__
# adduser openldap sasl
# aa-enforce /etc/apparmor.d/usr.sbin.slapd
# systemctl restart slapd.service
# systemctl restart saslauthd.service
# passwd root
(You can choose any password here. You will need to type it when
running the next command.)
# ldapsearch -H ldapi:/// -LLL -b 'dc=example,dc=com' -s base -U root
-Y PLAIN
The command will fail with something like:
ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)
additional info: SASL(-1): generic failure: Password verification
failed
[Regression Potential]
This is an extremely simple and well contained fix, so I don't
envision any possible regressions after applying it. It is important
noticing that, since the problem affects older Ubuntu releases, the
openldap package will have to be rebuilt against possible newer
versions of libraries and other depencencies, which, albeit unlikely,
may cause issues.
[Original Description]
When using slapd with saslauthd the processes communicate via the
{,/var}/run/saslauthd/mux socket (this is the default location for the
saslauthd server from the sasl2-bin package in the
/etc/default/saslauthd config), but the apparmor profile for
usr.sbin.slapd does not allow access to this socket/file.
Syslog message:
apparmor="DENIED" operation="connect" profile="/usr/sbin/slapd"
name="/run/saslauthd/mux" pid=1880
4 comm="slapd" requested_mask="r" denied_mask="r" fsuid=108 ouid=0
Please add the following line to /etc/apparmor.d/usr.sbin.slapd:
/{,var/}run/saslauthd/mux rw,
Ubuntu version: Ubuntu 14.04.4 LTS
slapd version: 2.4.31-1+nmu2ubu
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1557157/+subscriptions
___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1576471] Re: broken link to raphael.min.js and missing settings in conf file
Zesty is eol. Re-verifying the others, and starting an SRU. ** Changed in: raphael (Ubuntu Zesty) Status: New => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1576471 Title: broken link to raphael.min.js and missing settings in conf file Status in nzbget package in Ubuntu: Fix Released Status in raphael package in Ubuntu: Fix Released Status in nzbget source package in Trusty: Won't Fix Status in raphael source package in Trusty: New Status in nzbget source package in Xenial: Won't Fix Status in raphael source package in Xenial: New Status in nzbget source package in Zesty: Won't Fix Status in raphael source package in Zesty: Won't Fix Bug description: After a fresh install on 16.04 the symbolic link /usr/share/nzbget/webui/lib/raphael.min.js points a broken link. it *should* point to ../../../javascript/raphael/raphael-min.js also, the default conf file /usr/share/nzbget/webui/nzbget.conf does not have certain required settings set like WebDir and ConfigTemplate also, this can be used as the systemd file /etc/systemd/system/nzbget.service [Unit] Description=NZBGet Daemon Documentation=http://nzbget.net/Documentation After=network.target [Service] User=media Group=media Type=forking ExecStart=/usr/bin/nzbget -c /home/media/.nzbget.conf -D ExecStop=/usr/bin/nzbget -Q ExecReload=/usr/bin/nzbget -O KillMode=process Restart=on-failure [Install] WantedBy=multi-user.target To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nzbget/+bug/1576471/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1641238] Re: as a reverse proxy, a 100 continue response is sent prematurely when a request contains expects: 100-continue
Since this is fixed in 2.4.40, that means eoan and focal have the fix already, since they are at 2.4.41. Confirmed in the CHANGES file: """ Changes with Apache 2.4.40 ... *) mod_proxy_http: forward 100-continue, and minimize race conditions when reusing backend connections. PR 60330. [Yann Ylavic, Jean-Frederic Clere] """ ** Changed in: apache2 (Ubuntu Eoan) Status: Triaged => Fix Released ** Changed in: apache2 (Ubuntu Focal) Status: Triaged => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1641238 Title: as a reverse proxy, a 100 continue response is sent prematurely when a request contains expects: 100-continue Status in Apache2 Web Server: Fix Released Status in apache2 package in Ubuntu: Fix Released Status in apache2 source package in Trusty: New Status in apache2 source package in Xenial: New Status in apache2 source package in Bionic: New Status in apache2 source package in Disco: Triaged Status in apache2 source package in Eoan: Fix Released Status in apache2 source package in Focal: Fix Released Bug description: This effects trusty, xenial and current httpd trunk. https://bz.apache.org/bugzilla/show_bug.cgi?id=60330 As a reverse proxy, a 100 continue response is sent prematurely when a request contains expects: 100-continue. This causes the requesting client to send a body. The apache httpd proxy will then read the body and attempt to send it to the backend, but the backend already sent an error and should be allowed to NOT read the remaining request body, which never should have existed. When the backend does not read the request body mod_proxy_pass errors and returns a 500 error to the client. The client never receives the correct error message. To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1641238/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1837673] Re: Certbot will be unable to create new ACME accounts
> To solve this problem, I recommend backporting the Certbot packages from > Cosmic to Bionic > and Xenial. Cosmic, which is EOL now, had 0.27.0-1: python-certbot (0.27.0-1) unstable; urgency=medium * New upstream version 0.27.0 * Refresh patch after upstream migration to codecov * Bump python-sphinx requirement defensively; bump S-V with no changes * Bump dep on python-acme to 0.26.0~ -- Harlan Lieberman-Berg Wed, 05 Sep 2018 20:29:44 -0400 Noted the python-acme >= 0.26.0~ requirement. B and X have 0.22.2-1something, and also as noted, but #1836823 is bumping that to 0.31.0-2. ** Also affects: python-certbot (Ubuntu Disco) Importance: Undecided Status: New ** Also affects: python-certbot (Ubuntu Eoan) Importance: Undecided Assignee: James Hebden (ec0) Status: New ** Changed in: python-certbot (Ubuntu Disco) Status: New => Fix Released ** Changed in: python-certbot (Ubuntu Eoan) Status: New => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1837673 Title: Certbot will be unable to create new ACME accounts Status in python-certbot package in Ubuntu: Fix Released Status in python-certbot source package in Xenial: Triaged Status in python-certbot source package in Bionic: Triaged Status in python-certbot source package in Disco: Fix Released Status in python-certbot source package in Eoan: Fix Released Bug description: This bug affects the python-certbot packages in Xenial and Bionic. Cosmic and newer is unaffected. To do almost anything in the ACME protocol used by Let's Encrypt and Certbot including obtaining and revoking certificates, you need to first create an account with the ACME server. Starting in November, Certbot will no longer be able to do that with its default configuration. This is because as part of pushing people towards the standardized version of the protocol, Let's Encrypt is no longer letting people create new accounts on their ACMEv1 endpoint. More details about this change can be found at https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430. What this means for Ubuntu users is that new Certbot installations on affected systems would need to be given the URL of an alternative ACME server in order to work. Existing installations would be unaffected for now as long as they don't deactivate their account or delete its credentials. They will have additional problems in the future due to the additional deprecations described in the link above. To solve this problem, I recommend backporting the Certbot packages from Cosmic to Bionic and Xenial. There are no breaking changes to the public interfaces between versions and I think this results in the smallest change to the packages that would resolve this problem while sticking to well tested packages. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-certbot/+bug/1837673/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1840946] Re: [FFe] include cloud-id in user-agent string
** Also affects: base-files (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: base-files (Ubuntu Xenial) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: base-files (Ubuntu Bionic) Status: New => In Progress ** Changed in: base-files (Ubuntu Xenial) Status: New => In Progress ** Changed in: base-files (Ubuntu Disco) Status: New => In Progress ** Changed in: base-files (Ubuntu Disco) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: base-files (Ubuntu Bionic) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Description changed: I'm preemptively filing this bug in case this isn't uploaded before the feature freeze. We would like to include a cloud_id/$name parameter to the user-agent string that is sent to https://motd.ubuntu.com. This will allow the server part of motd.ubuntu.com to serve cloud-specific content if one is available. There is an MP for this already at https://code.launchpad.net/~ahasenack/ubuntu/+source/base-files/+git /base-files/+merge/371370 - - That MP is also fixing a bug where curl would not return a failure if - the server status is not 200. -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1840946 Title: [FFe] include cloud-id in user-agent string Status in base-files package in Ubuntu: Fix Released Status in base-files source package in Xenial: In Progress Status in base-files source package in Bionic: In Progress Status in base-files source package in Disco: In Progress Bug description: I'm preemptively filing this bug in case this isn't uploaded before the feature freeze. We would like to include a cloud_id/$name parameter to the user-agent string that is sent to https://motd.ubuntu.com. This will allow the server part of motd.ubuntu.com to serve cloud-specific content if one is available. There is an MP for this already at https://code.launchpad.net/~ahasenack/ubuntu/+source/base-files/+git /base-files/+merge/371370 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-files/+bug/1840946/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1842701] Re: Apache2 Balancer Manager mod_proxy_balancer not working after Update
** Bug watch added: Debian Bug tracker #941202
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941202
** Also affects: apache2 (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941202
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1842701
Title:
Apache2 Balancer Manager mod_proxy_balancer not working after Update
Status in Apache2 Web Server:
Confirmed
Status in apache2 package in Ubuntu:
Confirmed
Status in apache2 source package in Xenial:
Fix Released
Status in apache2 source package in Bionic:
Fix Released
Status in apache2 source package in Disco:
Fix Released
Status in apache2 package in Debian:
Unknown
Bug description:
OS
Description:Ubuntu 18.04.3 LTS
Release:18.04
Codename: bionic
I use this kind of configuration to reache the Balancer Manager.
-
|Bastian Host |
|Apache Proxy | ---> LB Apache Balancer Manger
-
After Apache Update
from: 2.4.29-1ubuntu4.8
to: 2.4.29-1ubuntu4.10
The Balancer Manager behind a Proxy is not Working and i think this is
comming with
the fix CVE-2019-10092
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10092
http://changelogs.ubuntu.com/changelogs/pool/main/a/apache2/apache2_2.4.29-1ubuntu4.10/changelog
I strip down the configuration to try and explain the situation.
Install new Ubuntu 18.04 VirtualBox. From an another VM i saved the prior
Apache Packages from /var/cache/apt/archives
:~# apt-get install libapr1 libaprutil1 libaprutil1-dbd-sqlite3
libaprutil1-ldap liblua5.2-0
:~# dpkg -i apache2_2.4.29-1ubuntu4.8_amd64.deb
apache2-bin_2.4.29-1ubuntu4.8_amd64.deb apache2-data_2.4.29-1ubuntu4.8_all.deb
apache2-utils_2.4.29-1ubuntu4.8_amd64.deb
:~# dpkg -l | grep apache2
ii apache2 2.4.29-1ubuntu4.8 amd64Apache HTTP Server
ii apache2-bin 2.4.29-1ubuntu4.8 amd64Apache HTTP Server
(modules and other binary files)
ii apache2-data 2.4.29-1ubuntu4.8 all Apache HTTP Server
(common files)
ii apache2-utils2.4.29-1ubuntu4.8 amd64Apache HTTP Server
(utility programs for web servers)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
:~# vim /etc/apache2/sites-available/management.conf
Servername 127.0.0.1
ServerAdmin root@localhost
SetHandler balancer-manager
Require local
#Require ip 192.168.56.0/24 127.0.0.1/24
Require all granted
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/management_error.log
CustomLog ${APACHE_LOG_DIR}/management_access.log combined
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
:~# vim /etc/apache2/sites-available/proxytest.conf
BalancerMember "http://192.168.168.130/test;
BalancerMember "http://192.168.168.131/test; status=+H
ProxySet lbmethod=bybusyness
ServerAdmin root@localhost
ServerName testapp01
ServerAlias 127.0.0.1:8100
ProxyPass "/test" "balancer://test"
ProxyPassReverse"/test" "balancer://test"
CustomLog ${APACHE_LOG_DIR}/test-access.log combined
ErrorLog ${APACHE_LOG_DIR}/test-error.log
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
:~# a2enmod proxy_balancer proxy_http lbmethod_bybusyness lbmethod_byrequests
:~# a2ensite management proxytest
:~# vim /etc/apache2/ports.conf
[...]
Listen 81
Listen 8100
:~# systemctl restart apache2
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
At that point i install also some console Browsers for testing.
:~# apt-get install lynx elinks
:~# tail -f /var/log/apache2/management_error.log
:~# elinks 127.0.0.1:81/balancer-manager
:~# lynx 127.0.0.1:81/balancer-manager
i can do update the Load and made changes. i also connect from outside with
Firefox
http://192.168.56.211:81/balancer-manager
all this creates no error log entrys, the log is still empty
-
update apache
:~# apt-get update
:~# apt-get upgrade
:~# dpkg -l | grep apache2
ii apache22.4.29-1ubuntu4.10 amd64Apache HTTP Server
ii apache2-bin2.4.29-1ubuntu4.10 amd64Apache HTTP Server
(modules and other binary files)
ii apache2-data 2.4.29-1ubuntu4.10 all Apache HTTP Server
(common files)
ii apache2-utils 2.4.29-1ubuntu4.10 amd64Apache HTTP Server
(utility programs for web servers)
do the same with all the Browsers and
[Group.of.nepali.translators] [Bug 1775636] Re: sss_ssh_authorizedkeys fails with: Error looking up public keys when client cert present in IPA
Only xenial affected, adjusting bug tasks ** Also affects: sssd (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: sssd (Ubuntu Xenial) Status: New => Triaged ** Changed in: sssd (Ubuntu Xenial) Importance: Undecided => Low ** Changed in: sssd (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1775636 Title: sss_ssh_authorizedkeys fails with: Error looking up public keys when client cert present in IPA Status in sssd package in Ubuntu: Fix Released Status in sssd source package in Xenial: Triaged Bug description: When trying to get the key for a person with also a client cert present in IPA the following error shows: ``` (Thu Jun 7 14:37:11:920526 2018) [/usr/bin/sss_ssh_authorizedkeys] [main] (0x0020): sss_ssh_get_ent() failed (14): Bad address Error looking up public keys ``` What is supposed to happen: return public key for user Version Information: Ubuntu 16.04.2 LTS Updated sssd-common and related tools to latest: libipa-hbac0 libsss- idmap0 python-libipa-hbac python-sss sssd sssd-ad sssd-ad-common sssd- common sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy so sssd is now at: ii sssd-common1.13.4-1ubuntu1.10 amd64System Security Services Daemon -- common files This doesn't happen on Centos 7.5 (sssd-common-1.16.0-19.el7.x86_64) nor on ubuntu 14.04 (sssd-common==1.11.8-0ubuntu0.7) IPA server is on CentOS 7.5: ipa-server-4.5.4-10.el7.centos.x86_64 From what I've seen upstream, it might be related to the fairly new handling of x509 certificates with ssh certificates in them. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1775636/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1769258] Re: Cope with unsupported kernel
This is fixed in eoan. ** Also affects: ubuntu-advantage-tools (Ubuntu Eoan) Importance: Undecided Status: Triaged ** Changed in: ubuntu-advantage-tools (Ubuntu Eoan) Status: Triaged => Fix Released ** Changed in: ubuntu-advantage-tools (Ubuntu Eoan) Assignee: (unassigned) => Andreas Hasenack (ahasenack) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1769258 Title: Cope with unsupported kernel Status in ubuntu-advantage-script: Fix Released Status in ubuntu-advantage-tools package in Ubuntu: Fix Released Status in ubuntu-advantage-tools source package in Trusty: New Status in ubuntu-advantage-tools source package in Xenial: New Status in ubuntu-advantage-tools source package in Bionic: New Status in ubuntu-advantage-tools source package in Eoan: Fix Released Bug description: Livepatch now checks for the running kernel and let's the user know if it's unsupported. For example: ``` ubuntu@bionic-livepatch:~$ canonical-livepatch enable foo 2018/05/04 19:55:05 cannot use livepatch: your kernel "4.15.0-1008-kvm" is not eligible for livepatch updates ``` `ua status`, however, doesn't interpret that yet and just says that livepatch is disabled: ``` ubuntu@bionic-livepatch:~$ ua status esm: disabled (not available) fips: disabled (not available) livepatch: disabled ``` Furthermore the MOTD component says that livepatch is available for installation, likely because the status output does not say "not available": ``` * Canonical Livepatch is available for installation. - Reduce system reboots and improve kernel security. Activate at: https://ubuntu.com/livepatch ``` `ua enable-livepatch ` also doesn't check and tries to enable it, but it eventually fails: ``` ubuntu@bionic-livepatch:~$ sudo ua enable-livepatch Enabling Livepatch with the given token, stand by... 2018/05/04 19:57:17 cannot use livepatch: your kernel "4.15.0-1008-kvm" is not eligible for livepatch updates ``` We should: - fix the MOTD when running an unsupported kernel. I suggest to output nothing. - don't even try to enable livepatch if we are running an unsupported kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-advantage-script/+bug/1769258/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1769258] Re: Cope with unsupported kernel
** Changed in: ubuntu-advantage-tools (Ubuntu) Assignee: Andreas Hasenack (ahasenack) => (unassigned) ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: In Progress => Triaged ** Also affects: ubuntu-advantage-tools (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: ubuntu-advantage-tools (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: ubuntu-advantage-tools (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: ubuntu-advantage-tools (Ubuntu) Milestone: ubuntu-16.04.5 => None -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1769258 Title: Cope with unsupported kernel Status in ubuntu-advantage-script: Fix Released Status in ubuntu-advantage-tools package in Ubuntu: Triaged Status in ubuntu-advantage-tools source package in Trusty: New Status in ubuntu-advantage-tools source package in Xenial: New Status in ubuntu-advantage-tools source package in Bionic: New Bug description: Livepatch now checks for the running kernel and let's the user know if it's unsupported. For example: ``` ubuntu@bionic-livepatch:~$ canonical-livepatch enable foo 2018/05/04 19:55:05 cannot use livepatch: your kernel "4.15.0-1008-kvm" is not eligible for livepatch updates ``` `ua status`, however, doesn't interpret that yet and just says that livepatch is disabled: ``` ubuntu@bionic-livepatch:~$ ua status esm: disabled (not available) fips: disabled (not available) livepatch: disabled ``` Furthermore the MOTD component says that livepatch is available for installation, likely because the status output does not say "not available": ``` * Canonical Livepatch is available for installation. - Reduce system reboots and improve kernel security. Activate at: https://ubuntu.com/livepatch ``` `ua enable-livepatch ` also doesn't check and tries to enable it, but it eventually fails: ``` ubuntu@bionic-livepatch:~$ sudo ua enable-livepatch Enabling Livepatch with the given token, stand by... 2018/05/04 19:57:17 cannot use livepatch: your kernel "4.15.0-1008-kvm" is not eligible for livepatch updates ``` We should: - fix the MOTD when running an unsupported kernel. I suggest to output nothing. - don't even try to enable livepatch if we are running an unsupported kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-advantage-script/+bug/1769258/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1828012] Re: New upstream microreleases 9.5.17, 10.8 and 11.3
11.3 is in eoan, marking that task as fix released. ** Changed in: postgresql-11 (Ubuntu Eoan) Status: New => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1828012 Title: New upstream microreleases 9.5.17, 10.8 and 11.3 Status in postgresql-11 package in Ubuntu: Fix Released Status in postgresql-9.5 source package in Xenial: Fix Released Status in postgresql-10 source package in Bionic: Fix Released Status in postgresql-10 source package in Cosmic: Fix Released Status in postgresql-11 source package in Disco: Fix Released Status in postgresql-11 source package in Eoan: Fix Released Bug description: Current versions in supported releases: postgresql-9.3 | 9.3.24-0ubuntu0.14.04 trusty <- no upstream updates anymore postgresql-9.5 | 9.5.16-0ubuntu0.16.04 xenial postgresql-10 | 10.7-0ubuntu0.18.04.1 bionic postgresql-10 | 10.7-0ubuntu0.18.10.1 cosmic postgresql-11 | 11.2-2 disco Special cases: - Eoan will be synced from Debian soon (we are on 11.2-2) Last relevant related stable updates: 9.5.16, 10.7 Standing MRE - Consider last updates as template: - pad.lv/1637236 - pad.lv/1664478 - pad.lv/1690730 - pad.lv/1713979 - pad.lv/1730661 - pad.lv/1747676 - pad.lv/1752271 - pad.lv/1786938 - pad.lv/1815665 As usual we test and prep from the PPA and then push through SRU/Security as applicable. Regression potential: - usually this works smoothly except a few test hickups that need to be clarified to be sure. Pre-checks will catch those to be discussed (as last time) Note: opening private as it is not yet announced Public announce will on this Thursday. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postgresql-11/+bug/1828012/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1697339] Re: rpc.gssd performs reverse DNS by default (regardless of -D flag)
Fixed from bionic onwards.
** Also affects: nfs-utils (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: nfs-utils (Ubuntu)
Assignee: Andreas Hasenack (ahasenack) => (unassigned)
** Changed in: nfs-utils (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1697339
Title:
rpc.gssd performs reverse DNS by default (regardless of -D flag)
Status in nfs-utils package in Ubuntu:
Fix Released
Status in nfs-utils source package in Xenial:
New
Status in nfs-utils package in Debian:
Fix Released
Bug description:
Description: Ubuntu 16.04.2 LTS
Release: 16.04
Package: nfs-common 1:1.2.8-9ubuntu12.1.0
This bug affects all active and proposed versions of nfs-common used
by ubuntu (as every version is based on nfs-utils_1.2.8) from trusty
to artful.
There is a small error in the code for rpc.gssd that causes it to always
perform reverse DNS when looking up the server name to pass to GSSAPI. This
causes a problem for NFS4 in environments where reverse DNS is incorrectly
configured or not configurable by the system administrator. This has been
confirmed in Debian and a more recent version of nfs-utils that appears to have
fixed this has been pushed to sid:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803710
However, I do not know if that version of nfs-utils will make it to
ubuntu soon. Will it?
If not, the patch to this appears to be rather straightforward.
The error is an '== 1' instead of an '== 0' in two lines of gssd_proc.c that
are evaluated when the -D flag to rpc.gssd is not passed (and thus avoid_dns is
true)
--- utils/gssd/gssd_proc.c2017-06-11 15:47:35.0 -0700
+++ utils/gssd/gssd_proc_patch.c 2017-06-11 15:48:36.152115792 -0700
@@ -181,17 +181,17 @@
if (avoid_dns) {
/*
* Determine if this is a server name, or an IP address.
* If it is an IP address, do the DNS lookup otherwise
* skip the DNS lookup.
*/
servername = 0;
- if (strchr(name, '.') && inet_pton(AF_INET, name, buf) == 1)
+ if (strchr(name, '.') && inet_pton(AF_INET, name, buf) == 0)
servername = 1; /* IPv4 */
- else if (strchr(name, ':') && inet_pton(AF_INET6, name, buf) ==
1)
+ else if (strchr(name, ':') && inet_pton(AF_INET6, name, buf) ==
0)
servername = 1; /* or IPv6 */
if (servername) {
return strdup(name);
}
}
Is there any way to get either 1) the updated version of nfs-utils or
2) this patch applied to xenial (and, hopefully, other versions of
ubuntu)? Thank you for looking at this!
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1697339/+subscriptions
___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1616497] Re: uwsgi-plugin-python3 failed to install
Pressed enter too soon. I meant to add it's fixed in debian since 2.0.12-6 ** Changed in: uwsgi (Ubuntu) Status: Incomplete => Triaged ** Changed in: uwsgi (Ubuntu) Importance: Undecided => Medium ** Also affects: uwsgi (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: uwsgi (Ubuntu Xenial) Status: New => Triaged ** Changed in: uwsgi (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: uwsgi (Ubuntu) Status: Triaged => Fix Released ** Tags added: server-next ** Tags added: bite-size -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1616497 Title: uwsgi-plugin-python3 failed to install Status in uwsgi package in Ubuntu: Fix Released Status in uwsgi source package in Xenial: Triaged Status in uwsgi package in Debian: Unknown Bug description: I expected the package uwsgi-plugin-python3 will be installed with apt-get install. But instead it failed with error "/var/lib/dpkg/info /uwsgi-plugin-python3.postinst: 61: [: Illegal number:". # apt-get install uwsgi-plugin-python3 Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: python3-uwsgidecorators The following NEW packages will be installed uwsgi-plugin-python3 0 to upgrade, 1 to newly install, 0 to remove and 0 not to upgrade. Need to get 0 B/73.7 kB of archives. After this operation, 259 kB of additional disk space will be used. Selecting previously unselected package uwsgi-plugin-python3. (Reading database ... 101126 files and directories currently installed.) Preparing to unpack .../uwsgi-plugin-python3_2.0.12-5ubuntu3_amd64.deb ... Unpacking uwsgi-plugin-python3 (2.0.12-5ubuntu3) ... Processing triggers for man-db (2.7.5-1) ... Setting up uwsgi-plugin-python3 (2.0.12-5ubuntu3) ... /var/lib/dpkg/info/uwsgi-plugin-python3.postinst: 61: [: Illegal number: # lsb_release -rd Description:Ubuntu 16.04.1 LTS Release:16.04 # apt-cache policy uwsgi-plugin-python3 uwsgi-plugin-python3: Installed: 2.0.12-5ubuntu3 Candidate: 2.0.12-5ubuntu3 Version table: *** 2.0.12-5ubuntu3 500 500 http://gb.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages 100 /var/lib/dpkg/status To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/uwsgi/+bug/1616497/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1755189] Re: squid3 helper basic_pop3_auth crashes
Hm, this is complicated to manage in lp. Cosmic has the package "squid" (not squid3), and is affected. Disco has "squid" but is NOT affected. Xenial and Bionic have "squid3", and are affected. ** Changed in: squid3 (Ubuntu Cosmic) Status: New => Invalid ** Changed in: squid (Ubuntu Bionic) Status: New => Invalid ** Changed in: squid (Ubuntu Xenial) Status: New => Invalid ** Changed in: squid (Ubuntu) Status: New => Fix Released ** Changed in: squid3 (Ubuntu) Status: Triaged => Invalid ** Changed in: squid3 (Ubuntu Xenial) Status: New => Triaged ** Changed in: squid3 (Ubuntu Bionic) Status: New => Triaged ** Changed in: squid (Ubuntu Cosmic) Status: New => Triaged ** Changed in: squid (Ubuntu Cosmic) Importance: Undecided => Medium ** Changed in: squid3 (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: squid3 (Ubuntu Bionic) Importance: Undecided => Medium -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1755189 Title: squid3 helper basic_pop3_auth crashes Status in squid package in Ubuntu: Fix Released Status in squid3 package in Ubuntu: Invalid Status in squid source package in Xenial: Invalid Status in squid3 source package in Xenial: Triaged Status in squid source package in Bionic: Invalid Status in squid3 source package in Bionic: Triaged Status in squid source package in Cosmic: Triaged Status in squid3 source package in Cosmic: Invalid Bug description: Ubuntu Xenial perl is v5.22.1 squid3 version 3.5.12-1ubuntu7.5 Running basic_pop3_auth pop3_server gives : Global symbol "$server" requires explicit package name (did you forget to declare "my $server"?) at ./basic_pop3_auth line 92. Global symbol "$pop" requires explicit package name (did you forget to declare "my $pop"?) at ./basic_pop3_auth line 99. Global symbol "$server" requires explicit package name (did you forget to declare "my $server"?) at ./basic_pop3_auth line 99. Global symbol "$pop" requires explicit package name (did you forget to declare "my $pop"?) at ./basic_pop3_auth line 100. Global symbol "$pop" requires explicit package name (did you forget to declare "my $pop"?) at ./basic_pop3_auth line 106. Global symbol "$pop" requires explicit package name (did you forget to declare "my $pop"?) at ./basic_pop3_auth line 111. Global symbol "$pop" requires explicit package name (did you forget to declare "my $pop"?) at ./basic_pop3_auth line 112. ./basic_pop3_auth had compilation errors. adding my before $server on line 92 and before $pop on line 99 solves the problem. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid/+bug/1755189/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1755189] Re: squid3 helper basic_pop3_auth crashes
This is fixed in disco, which ships squid 4. ** Also affects: squid3 (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: squid3 (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: squid (Ubuntu) Importance: Undecided Status: New ** Also affects: squid (Ubuntu Cosmic) Importance: Undecided Status: New ** Also affects: squid3 (Ubuntu Cosmic) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1755189 Title: squid3 helper basic_pop3_auth crashes Status in squid package in Ubuntu: Fix Released Status in squid3 package in Ubuntu: Invalid Status in squid source package in Xenial: Invalid Status in squid3 source package in Xenial: Triaged Status in squid source package in Bionic: Invalid Status in squid3 source package in Bionic: Triaged Status in squid source package in Cosmic: Triaged Status in squid3 source package in Cosmic: Invalid Bug description: Ubuntu Xenial perl is v5.22.1 squid3 version 3.5.12-1ubuntu7.5 Running basic_pop3_auth pop3_server gives : Global symbol "$server" requires explicit package name (did you forget to declare "my $server"?) at ./basic_pop3_auth line 92. Global symbol "$pop" requires explicit package name (did you forget to declare "my $pop"?) at ./basic_pop3_auth line 99. Global symbol "$server" requires explicit package name (did you forget to declare "my $server"?) at ./basic_pop3_auth line 99. Global symbol "$pop" requires explicit package name (did you forget to declare "my $pop"?) at ./basic_pop3_auth line 100. Global symbol "$pop" requires explicit package name (did you forget to declare "my $pop"?) at ./basic_pop3_auth line 106. Global symbol "$pop" requires explicit package name (did you forget to declare "my $pop"?) at ./basic_pop3_auth line 111. Global symbol "$pop" requires explicit package name (did you forget to declare "my $pop"?) at ./basic_pop3_auth line 112. ./basic_pop3_auth had compilation errors. adding my before $server on line 92 and before $pop on line 99 solves the problem. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid/+bug/1755189/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1804018] Re: Autogenerated interface name prevents creating a bridge over a VLAN
Marking the main task as "wontfix" too, as disco was. ** Changed in: vlan (Ubuntu) Status: In Progress => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1804018 Title: Autogenerated interface name prevents creating a bridge over a VLAN Status in juju: Fix Released Status in juju 2.4 series: Fix Released Status in vlan package in Ubuntu: Won't Fix Status in vlan source package in Trusty: Won't Fix Status in vlan source package in Xenial: Won't Fix Status in vlan source package in Bionic: Won't Fix Status in vlan source package in Cosmic: Won't Fix Status in vlan source package in Disco: Won't Fix Bug description: Hi, First of all, thanks for all your work on creating and maintaining Juju and the charms ecosystem! I believe I have stumbled onto a bug in autogenerating the name for the bridge interface when one needs to be created to grant a container access to a host's network interface. This bug is currently blocking a MAAS/Juju/OpenStack deployment where traffic is separated into VLANs. I have successfully reproduced it on 2.4.6 and 2.5-beta1 installations, although I believe that it has been present ever since at least 2.2.0, if not maybe earlier. Currently the name of the bridge interface is, if possible, generated by prepending "br-" to the host interface name; however, this is problematic with VLAN interfaces. If the host interface is called e.g. "enp3s0f0.503", this would create a bridge named "br- enp3s0f0.503"; however, if there is *also* a bridge on the "enp3s0f0" interface (without the VLAN ID), this would cause the Debian/Ubuntu ifupdown scripts to consider "br-enp3s0f0.503" to be VLAN 503 on the "br-enp3s0f0" interface and, consequently, fail to bring it up correctly the next time the node is rebooted. Steps to reproduce: 1. Define a node with an Ethernet interface (let's call it "enp3s0f0") and a network space (let's call it "mgmt") 2. Define a VLAN over that interface (let's call it "enp3s0f0.503") and a network space for the VLAN (let's call it "storage") 3. Deploy a charm on that node so that Juju knows about the enp3s0f0 interface in the mgmt space and the enp3s0f0.503 interface in the storage space 4. Deploy a charm in a container, specitying `--constraints spaces=storage`; this will lead to Juju autogenerating a bridge interface and calling it "br-enp3s0f0.503" 5. Deploy a charm in a container, specifynig `--constraints spaces=mgmt`; this will lead to Juju autogenerating another bridge interface and calling it "br-enp3s0f0" 6. Reboot the server, then log into it The br-enp3s0f0 bridge may be brought up correctly, but the br- enp3s0f0.503 interface, although it will exist, will have been created as a VLAN interface, not a bridge interface, and so any attempts to add any interfacesd to it will have failed; consequently, the container will also have failed to start up. A naive fix for newly-bootstrapped environments would be to replace any dots with e.g. dashes in the `BridgeNameForDevice()` function in the `network/containerizer/bridgepolicy.go` file - this will lead to creating the new interface with a name that will not be interpreted as a VLAN over an existing interface. However, I think that a proper fix would have to include some sort of migration path for existing deployments, e.g. generating both the old and new names and possibly migrating network interfaces from the old bridge to the new one. Please let me know if there is any more information that I can provide for a hopefully speedy resolution of this problem. Thanks in advance for your consideration, and keep up the great work! Best regards, Peter To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/1804018/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1612954] Re: backuppc-3.3.1-2ubuntu3 fails to backup any Samba shares on Ubuntu 16.04.1 LTS
*** This bug is a duplicate of bug 1576187 *** https://bugs.launchpad.net/bugs/1576187 It is ** This bug has been marked a duplicate of bug 1576187 backuppc/smb: BackupPC failes to backup SMB shares after smbclient update -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1612954 Title: backuppc-3.3.1-2ubuntu3 fails to backup any Samba shares on Ubuntu 16.04.1 LTS Status in backuppc package in Ubuntu: Incomplete Status in backuppc source package in Xenial: Incomplete Status in backuppc source package in Yakkety: Expired Status in backuppc source package in Zesty: Won't Fix Bug description: Upgraded to Ubuntu 16.04.1 LTS, its latest backuppc-3.3.1-2ubuntu3 and Samba 2:4.3.9+dfsg-0. Due to a change in Samba's output, any backup attempted via smbclient will fail. There is a suggested fix, but I haven't checked it: https://bugzilla.redhat.com/attachment.cgi?id=264 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/backuppc/+bug/1612954/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1793882] Re: sssd: Add DEP8 tests
** Also affects: sssd (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: sssd (Ubuntu Xenial) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: sssd (Ubuntu Xenial) Status: New => In Progress -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1793882 Title: sssd: Add DEP8 tests Status in sssd package in Ubuntu: Fix Released Status in sssd source package in Xenial: In Progress Status in sssd source package in Bionic: Fix Released Bug description: Please add DEP8 tests. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1793882/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1807439] Re: openvpn crashes when run with fips openssl
** Also affects: openvpn via https://community.openvpn.net/openvpn/ticket/725 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1807439 Title: openvpn crashes when run with fips openssl Status in OpenVPN: Unknown Status in openvpn package in Ubuntu: New Status in openvpn source package in Xenial: New Status in openvpn source package in Bionic: New Status in openvpn source package in Cosmic: New Status in openvpn source package in Disco: New Bug description: [IMPACT] openvpn segfaults when using fips-mode openssl because of MD5. xenial has version 2.3.x and subsequent releases have 2.4.x. MD5 is used in 2 places in 2.3.x and one place in 2.4.x. First place: openvpn when estabishing a tls connection will segfault when used with Ubuntu's FIPS 140-2 libcrypto.so (openssl). openvpn tls connection does TLS PRF(pseudorandom function) to produce securely generated pseudo random output that is used to generate keys. MD5 is used as the hash in this computation. FIPS 140-2 does not permit MD5 use except when used for pseudorandom function (PRF). When openvpn requests MD5 operation to FIPS-mode libcrypto.so, since it is not allowed in general, FIPS-mode libcrypto.so goes into an error state. The context flag value, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW, is defined in both FIPS and non-FIPS libcrypto.so. However, the MD5 check for it is only in FIPS-mode libcrypto.so to permit MD5. In non-FIPS libcrypto.so this check does not exist since it always permits MD5. openvpn should use this flag when it makes its MD5 request. Second place (only in 2.3.x): **NOTE: The openvpn 2.3 version in xenial has the above issue and an additional one. It also use MD5 internally for configuration status verification. It is not communicated externally. However, this particular use of MD5 is not allowed by FIPS and thus when openvpn tries to use FIPS-mode libcrypto.so to compute MD5, it results in openvpn segfaulting. This 2nd issue was fixed by upstream openvpn community in subsequent versions(2.4) to not use MD5 and use SHA(256) instead and thus why bionic, cosmic, and disco do not require any change for this 2nd issue. [TEST] Test data including commands and parameters are included below. Testing comprised establishing a tls connection between an openvpn client and server. Once the connection was successfully established, a ping thru the established vpn tunnel was done from the client for assurance. Interoperability testing was done to ensure no regression. Test data reflects testing was done between openvpn server and client with and without the patch and between various releases (xenial, bionic, and disco). Test was also done with FIPS-enabled libcrypto.so to ensure everything worked in FIPS mode. [REGRESSION] The context flag value, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW, is defined in both FIPS-mode openssl and non-FIPS openssl. However, the MD5-permit check against this flag-value does not occur in non-FIPS libcrypto.so, so there should be no change in behaviour. non-FIPS libcrypto.so should continue to service all MD5 requests. xenial with version 2.3.x, has additional change of using SHA instead of MD5 for configuration status verification. This is an internal hash that is not communicated externally. Thus it should not regress interoperability or ability to establish connections. To manage notifications about this bug go to: https://bugs.launchpad.net/openvpn/+bug/1807439/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1807439] Re: openvpn crashes when run with fips openssl
** Also affects: openvpn (Ubuntu Cosmic) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1807439 Title: openvpn crashes when run with fips openssl Status in openvpn package in Ubuntu: New Status in openvpn source package in Xenial: New Status in openvpn source package in Bionic: New Status in openvpn source package in Cosmic: New Status in openvpn source package in Disco: New Bug description: [IMPACT] openvpn when estabishing a tls connection will segfault when used with Ubuntu's FIPS 140-2 libcrypto.so (openssl). openvpn tls connection does TLS PRF(pseudorandom function) to produce securely generated pseudo random output that is used to generate keys. MD5 is used as the hash in this computation. FIPS 140-2 does not permit MD5 use except when used for pseudorandom function (PRF). When openvpn requests MD5 operation to FIPS-mode libcrypto.so, since it is not allowed in general, FIPS-mode libcrypto.so goes into an error state. openvpn needs to set and pass a flag that FIPS-mode libcrypto.so recognizes and that indicates it is using MD5 for PRF, thereby FIPS- mode libcrypto.so will grant the request instead of entering an error state. In non-FIPS libcrypto.so the flag has no meaning. **NOTE: The openvpn 2.3 version in xenial has the above issue and an additional one. It also use MD5 internally for configuration status verification. It is not communicated externally. However, this particular use of MD5 is not allowed by FIPS and thus when openvpn tries to use FIPS-mode libcrypto.so to compute MD5, it results in openvpn segfaulting. This 2nd issue was fixed by upstream openvpn community in subsequent versions(2.4) to not use MD5 and use SHA(256) instead and thus why bionic and disco do not require any change for this 2nd issue. [TEST] Test data including commands and parameters are included below. Testing comprised establishing a tls connection between an openvpn client and server. Once the connection was successfully established, a ping thru the established vpn tunnel was done from the client for assurance. Interoperability testing was done to ensure no regression. Test data reflects testing was done between openvpn server and client with and without the patch and between various releases (xenial, bionic, and disco). Test was also done with FIPS-enabled libcrypto.so to ensure everything worked in FIPS mode. [REGRESSION] The FIPS-mode libcrypto.so flag passed by openvpn has no meaning in non-FIPS libcrypto.so. Thus nothing changes for openvpn behaviour in non-FIPS mode in regards to this. xenial has additional change of using SHA instead of MD5 for configuration status verification. This is an internal hash that is not communicated externally. Thus it should not regress interoperability or ability to establish connections. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1807439/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1788219] Re: vm_type detection for nutanix cloud instances
** Changed in: landscape-client (Ubuntu) Status: New => Fix Released ** Changed in: landscape-client (Ubuntu) Assignee: (unassigned) => Simon Poirier (simpoir) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1788219 Title: vm_type detection for nutanix cloud instances Status in landscape-client package in Ubuntu: Fix Released Status in landscape-client source package in Trusty: New Status in landscape-client source package in Xenial: New Status in landscape-client source package in Bionic: New Status in landscape-client source package in Cosmic: In Progress Bug description: [Impact] * The dmi id for Nutanix cloud instances was added to the detection list for it to be properly detected as KVM. [Test Case] * create a vm (uvt-kvm create --no-start vm_name release=xenial) * virsh edit vm_name (and create or update sysinfo manufacturer to be "nutanix", like https://pastebin.ubuntu.com/p/C5mkc2B7rx/) * install landscape-client/common and call landscape-config * see the computer is detected as kvm [Regression Potential] * The hypervisor detection change is both trivial and similar to previous changes and is specific enough not to conflict with other hypervisors. [Other Info] * Patches are already in the upstreams trunk. * Changes have been tested by some affected users To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/landscape-client/+bug/1788219/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1792298] Re: keepalived: MISC healthchecker's exit status is erroneously treated as a permanent error
That patch is applied upstream in the package shipped in bionic and
later
** Also affects: keepalived (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: keepalived (Ubuntu)
Status: Triaged => Fix Released
** Changed in: keepalived (Ubuntu Xenial)
Status: New => Triaged
** Changed in: keepalived (Ubuntu Xenial)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1792298
Title:
keepalived: MISC healthchecker's exit status is erroneously treated as
a permanent error
Status in keepalived package in Ubuntu:
Fix Released
Status in keepalived source package in Xenial:
Triaged
Bug description:
1) The release of Ubuntu we are using
$ lsb_release -rd
Description:Ubuntu 16.04.5 LTS
Release:16.04
2) The version of the package we are using
$ apt-cache policy keepalived
keepalived:
Installed: 1:1.2.24-1ubuntu0.16.04.1
...
3) What we expected to happen
MISC healthcheckers would be treated normally.
4) What happened instead
We are trying to use Ubuntu 16.04's keepalived with our own MISC
healthchecker, which is implemented to exit with exit code 3, and getting the
following log messages endlessly.
--- Note: some IP fields are masked ---
Sep 12 06:55:09 devsvr Keepalived[16705]: Healthcheck child process(34232)
died: Respawning
Sep 12 06:55:09 devsvr Keepalived[16705]: Starting Healthcheck child process,
pid=34239
Sep 12 06:55:09 devsvr Keepalived_healthcheckers[34239]: Initializing ipvs
Sep 12 06:55:09 devsvr Keepalived_healthcheckers[34239]: Registering Kernel
netlink reflector
Sep 12 06:55:09 devsvr Keepalived_healthcheckers[34239]: Registering Kernel
netlink command channel
Sep 12 06:55:09 devsvr Keepalived_healthcheckers[34239]: Opening file
'/etc/keepalived/keepalived.conf'.
Sep 12 06:55:09 devsvr Keepalived_healthcheckers[34239]: Using LinkWatch
kernel netlink reflector...
Sep 12 06:55:09 devsvr Keepalived_healthcheckers[34239]: Activating
healthchecker for service [XX.XX.XX.18]:80
Sep 12 06:55:09 devsvr Keepalived_healthcheckers[34239]: Activating
healthchecker for service [XX.XX.XX.19]:80
Sep 12 06:55:09 devsvr Keepalived_healthcheckers[34239]: Activating
healthchecker for service [XX.XX.XX.18]:443
Sep 12 06:55:09 devsvr Keepalived_healthcheckers[34239]: Activating
healthchecker for service [XX.XX.XX.19]:443
...
Sep 12 06:55:09 devsvr Keepalived_healthcheckers[34239]: Activating
healthchecker for service [XX.XX.XX.52]:443
Sep 12 06:55:09 devsvr Keepalived_healthcheckers[34239]: Activating
healthchecker for service [XX.XX.XX.53]:443
Sep 12 06:55:10 devsvr Keepalived_healthcheckers[34239]: pid 34257 exited
with permanent error CONFIG. Terminating
Sep 12 06:55:10 devsvr Keepalived_healthcheckers[34239]: Removing service
[XX.XX.XX.24]:25 from VS [YY.YY.YY.YY]:0
Sep 12 06:55:10 devsvr Keepalived_healthcheckers[34239]: Removing service
[XX.XX.XX.25]:25 from VS [YY.YY.YY.YY]:0
Sep 12 06:55:10 devsvr Keepalived_healthcheckers[34239]: Removing service
[XX.XX.XX.21]:56667 from VS [ZZ.ZZ.ZZ.ZZ]:0
Sep 12 06:55:10 devsvr Keepalived_healthcheckers[34239]: Removing service
[XX.XX.XX.52]:443 from VS [WW.WW.WW.WW]:0
Sep 12 06:55:10 devsvr Keepalived[16705]: Healthcheck child process(34239)
died: Respawning
Sep 12 06:55:10 devsvr Keepalived[16705]: Starting Healthcheck child process,
pid=34260
...
---
It looks like our MISC healthchecker's exit code 3, which should be a
valid value according to the following description, is treated as a
permanent error since it is equal to KEEPALIVED_EXIT_CONFIG defined in
keepalived's lib/scheduler.h :
---
# MISC healthchecker, run a program
MISC_CHECK
{
# External script or program
...
# exit status 2-255: svc check success, weight
# changed to 2 less than exit status.
# (for example: exit status of 255 would set
# weight to 253)
misc_dynamic
}
---
The problem, we think, have started with this patch (we did not see the
problem in Ubuntu 14.04):
Stop respawning children repeatedly after permanent error
-
https://github.com/acassen/keepalived/commit/4ae9314af448eb8ea4f3d8ef39bcc469779b0fec
The problem will be fixed by this patch (not included in Ubuntu 16.04):
Make report_child_status() check for vrrp and checker child processes
-
https://github.com/acassen/keepalived/commit/ca955a7c1a6af324428ff04e24be68a180be127f
Please consider backporting it to Ubuntu 16.04's keepalived.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/keepalived/+bug/1792298/+subscriptions
[Group.of.nepali.translators] [Bug 1616116] Re: Unrecoverable resyncs if DB is restored from backup
** Also affects: landscape-client (Ubuntu Trusty)
Importance: Undecided
Status: New
** Changed in: landscape-client (Ubuntu Trusty)
Status: New => In Progress
** Changed in: landscape-client (Ubuntu Trusty)
Assignee: (unassigned) => Simon Poirier (simpoir)
** Changed in: landscape-client (Ubuntu Trusty)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1616116
Title:
Unrecoverable resyncs if DB is restored from backup
Status in Landscape Client:
Fix Committed
Status in landscape-client package in Ubuntu:
Fix Released
Status in landscape-client source package in Trusty:
In Progress
Status in landscape-client source package in Xenial:
In Progress
Status in landscape-client source package in Bionic:
In Progress
Status in landscape-client source package in Cosmic:
In Progress
Bug description:
[Impact]
* In some cases generally involving backups/restore, client would get
inconsistent package data and keep that data upon resync, thus getting
stuck in a resync loop. This usually gets noticed through the stress
it adds on the server and though logs which grow abnormally.
[Test Case]
* deploy landscape-server quickstart from ppa:landscape/18.03
* register client against server. wait for package info
* pg_dumpall
* add a repo and wait for new package to show on in landscape.
* restore the postgres backup.
* run ./scripts/hash_id_databases.sh from the server to complete
the restore.
* trigger a package install from the new repo to create some package
info to update
* client should resync once then will re-fetch hash on the next run.
[Regression Potential]
* Modified code is used only during resync operations and removes
cached data when the client state is deemed inconsistent.
* In the unlikely event the code is called outside of the expected
cases, the end result would be limited to the package-monitor
having to re-download the hash-id databases, which shouldn't
cause issues as that is the behaviour at client registration.
[Other Info]
* Other cases than server restores have been noticed to generate the
bug but they are far less common.
[Original description]
Landscape with live clients cannot handle a DB restore to a point in
the past.
The scenario is Landscape running as usual, with live clients,
restoring to a DB backup taken in the past. After the service ir
brought up again with this data, clients will start resyncing and
becoming wedged with all sorts of tracebacks on the message server.
I left such a scenario running overnight, hoping that eventually the
resyncs would settle down and everything recover, but that didn't
happen. The resyncs continued, in the packages scope.
An interesting one in particular was this:
Aug 22 21:46:26 message-server-2 ERR Error handling message
'operation-result' for computer 104: {'status': 6, 'timestamp': 1471901963,
'result-text': u'Mon Aug 22 21:39:23 UTC 2016\n', 'api': '3.3', 'operation-id':
533, 'type': 'operation-result'}#012Traceback (most recent call last):#012
File "/opt/canonical/landscape/canonical/landscape/message/apis.py", line 358,
in _process_messages#012self.handle(message["type"], message)#012 File
"/opt/canonical/landscape/canonical/message/api.py", line 66, in handle#012
return handler(type, body)#012 File
"/opt/canonical/landscape/canonical/message/handler.py", line 30, in
__call__#012return function(self.message_api, type, body)#012 File
"/opt/canonical/landscape/canonical/lib/arguments.py", line 79, in
replacement#012return original(*new_args, **new_kwargs)#012 File
"/opt/canonical/landscape/canonical/landscape/message/handlers/activity.py",
line 32, in handle_activity_result#012activity.succeed(code=result_code,
text=result_text)#012AttributeError: 'NoneType' object has no attribute
'succeed'
That was about an activity that had been delivered already, but did
not exist in the restored DB.
To manage notifications about this bug go to:
https://bugs.launchpad.net/landscape-client/+bug/1616116/+subscriptions
___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1670291] Re: Landscape: Upgrade 14.04.5 to 16.04.2 fails unable to reboot
** Also affects: landscape-client (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: systemd (Ubuntu Trusty) Importance: Undecided Status: New ** Changed in: landscape-client (Ubuntu Trusty) Status: New => In Progress ** Changed in: landscape-client (Ubuntu Trusty) Importance: Undecided => High ** Changed in: landscape-client (Ubuntu Trusty) Assignee: (unassigned) => Simon Poirier (simpoir) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1670291 Title: Landscape: Upgrade 14.04.5 to 16.04.2 fails unable to reboot Status in landscape-client package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Fix Released Status in landscape-client source package in Trusty: In Progress Status in systemd source package in Trusty: New Status in landscape-client source package in Xenial: In Progress Status in systemd source package in Xenial: Fix Released Status in landscape-client source package in Bionic: In Progress Status in systemd source package in Bionic: Fix Committed Status in landscape-client source package in Cosmic: In Progress Status in systemd source package in Cosmic: Fix Released Bug description: https://github.com/systemd/systemd/pull/10061 [Impact] * When logind is not available, shutdown command fails to schedule a shutdown, and despite its intentions to immediately shutdown, does not do so. [Test Case] sudo systemctl mask systemd-logind.service sudo systemctl stop systemd-logind.service shutdown +1 The expectation is that system goes to shutdown. It is buggy if the system remains up - i.e. command returns to shell with exit code 1. [Regression Potential] * It is a corner case to run against systemd-shim logind / or logind not otherwise available. The function still performs a clean-shutdown, and should not cause loss of work. [Other Info] * Original bug report, running against systemd-shim/systemd-service post trusty->xenial upgrade, pre-reboot. Used Landscape (Paid Canonical Subscription) to upgrade one of my machines. Landscape only shows "In Progress" for more than 8 hours now and asked for a reboot of the machine in a second alert. In the reboot attempt I get the message: = Failed to set wall message, ignoring: Method "SetWallMessage" with signature "sb" on interface "org.freedesktop.login1.Manager" doesn't exist Failed to call ScheduleShutdown in logind, proceeding with immediate shutdown: Method "ScheduleShutdown" with signature "st" on interface "org.freedesktop.login1.Manager" doesn't exist = Steps to reproduce: * Fully updated 14.04.5 machine * Open Landscape * Choose the machine * Choose Packages * This computer can be upgraded to a newer release * Apply * Wait 2 hours * Alert comes in a seperate Landscape message Machine is ready for reboot * Choose Info... Power * Deliver to selected computers as soon as possible * Error message I found this thread on reddit about this issue maybe the solution can be built into the upgrade script https://www.reddit.com/r/linuxquestions/comments/4wy3go/trying_to_run_as_user_instance_but_the_system_has/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/landscape-client/+bug/1670291/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1616116] Re: Unrecoverable resyncs if DB is restored from backup
** Also affects: landscape-client (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: landscape-client (Ubuntu Xenial)
Status: New => In Progress
** Changed in: landscape-client (Ubuntu Xenial)
Importance: Undecided => Medium
** Changed in: landscape-client (Ubuntu Xenial)
Assignee: (unassigned) => Simon Poirier (simpoir)
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1616116
Title:
Unrecoverable resyncs if DB is restored from backup
Status in Landscape Client:
Fix Committed
Status in landscape-client package in Ubuntu:
Fix Released
Status in landscape-client source package in Trusty:
In Progress
Status in landscape-client source package in Xenial:
In Progress
Status in landscape-client source package in Bionic:
In Progress
Status in landscape-client source package in Cosmic:
In Progress
Bug description:
[Impact]
* In some cases generally involving backups/restore, client would get
inconsistent package data and keep that data upon resync, thus getting
stuck in a resync loop. This usually gets noticed through the stress
it adds on the server and though logs which grow abnormally.
[Test Case]
* deploy landscape-server quickstart from ppa:landscape/18.03
* register client against server. wait for package info
* pg_dumpall
* add a repo and wait for new package to show on in landscape.
* restore the postgres backup.
* run ./scripts/hash_id_databases.sh from the server to complete
the restore.
* trigger a package install from the new repo to create some package
info to update
* client should resync once then will re-fetch hash on the next run.
[Regression Potential]
* Modified code is used only during resync operations and removes
cached data when the client state is deemed inconsistent.
* In the unlikely event the code is called outside of the expected
cases, the end result would be limited to the package-monitor
having to re-download the hash-id databases, which shouldn't
cause issues as that is the behaviour at client registration.
[Other Info]
* Other cases than server restores have been noticed to generate the
bug but they are far less common.
[Original description]
Landscape with live clients cannot handle a DB restore to a point in
the past.
The scenario is Landscape running as usual, with live clients,
restoring to a DB backup taken in the past. After the service ir
brought up again with this data, clients will start resyncing and
becoming wedged with all sorts of tracebacks on the message server.
I left such a scenario running overnight, hoping that eventually the
resyncs would settle down and everything recover, but that didn't
happen. The resyncs continued, in the packages scope.
An interesting one in particular was this:
Aug 22 21:46:26 message-server-2 ERR Error handling message
'operation-result' for computer 104: {'status': 6, 'timestamp': 1471901963,
'result-text': u'Mon Aug 22 21:39:23 UTC 2016\n', 'api': '3.3', 'operation-id':
533, 'type': 'operation-result'}#012Traceback (most recent call last):#012
File "/opt/canonical/landscape/canonical/landscape/message/apis.py", line 358,
in _process_messages#012self.handle(message["type"], message)#012 File
"/opt/canonical/landscape/canonical/message/api.py", line 66, in handle#012
return handler(type, body)#012 File
"/opt/canonical/landscape/canonical/message/handler.py", line 30, in
__call__#012return function(self.message_api, type, body)#012 File
"/opt/canonical/landscape/canonical/lib/arguments.py", line 79, in
replacement#012return original(*new_args, **new_kwargs)#012 File
"/opt/canonical/landscape/canonical/landscape/message/handlers/activity.py",
line 32, in handle_activity_result#012activity.succeed(code=result_code,
text=result_text)#012AttributeError: 'NoneType' object has no attribute
'succeed'
That was about an activity that had been delivered already, but did
not exist in the restored DB.
To manage notifications about this bug go to:
https://bugs.launchpad.net/landscape-client/+bug/1616116/+subscriptions
___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1699179] Re: PackageReporter kicks in during do-release-upgrade
cosmic is not affected, since back then it got the package from bionic while cosmic was the development series. I'm therefore dropping the cosmic task. ** No longer affects: landscape-client (Ubuntu Cosmic) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1699179 Title: PackageReporter kicks in during do-release-upgrade Status in Landscape Client: Fix Released Status in landscape-client package in Ubuntu: Fix Released Status in landscape-client source package in Trusty: New Status in landscape-client source package in Xenial: New Status in landscape-client source package in Artful: Won't Fix Status in landscape-client source package in Bionic: Fix Released Bug description: [Impact] * This issue affects users of the release-upgrade feature of landscape. * Landscape package monitor would previously race during an upgrade and possibly grab apt locks, thus making the upgrade fail. * The fix adds checks during package operations to make sure a release upgrade is not in progresss. [Test Case] * in /etc/landscape/client.conf , set "apt_update_interval=1800" and "log_level=debug" and restart the client. * Launch a release upgrade from landscape-server. Look for messages in the package-monitor logs stating "conditions not met" [Regression Potential] * Unlikely, as this has already been released to newer ubuntu releases and is fairly well tested. * Any issue with related changes would likely only affect the client getting new package info, but won't affect other functionality. [Original description] Affected release: Ubuntu 14.04.5 Version of package: 14.12-0ubuntu5.14.04 Steps to reproduce: 1. Run do-release-upgrade to upgrade to 16.04.2. 2. Trigger the package-reporter to kick in while do-release-upgrade is working but not having the package database locked. 3. Package database is locked by package-reporter, do-release-upgrade fails to access it and exits. Expected result: Landscape detects that there's an release upgrade in progress and will wait for it to finish. Actual result: PackageReporter locks the apt database, do-release-upgrade cannot access it, exits with an error and may leave the system in an unusable state. * Link to Dariusz's PR on GitHub: https://github.com/CanonicalLtd/landscape-client/pull/14 To manage notifications about this bug go to: https://bugs.launchpad.net/landscape-client/+bug/1699179/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1699179] Re: PackageReporter kicks in during do-release-upgrade
** Also affects: landscape-client (Ubuntu Cosmic) Importance: Undecided Status: New ** Changed in: landscape-client (Ubuntu Cosmic) Status: New => In Progress ** Changed in: landscape-client (Ubuntu Cosmic) Importance: Undecided => Medium ** Changed in: landscape-client (Ubuntu Cosmic) Assignee: (unassigned) => Simon Poirier (simpoir) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1699179 Title: PackageReporter kicks in during do-release-upgrade Status in Landscape Client: Fix Released Status in landscape-client package in Ubuntu: Fix Released Status in landscape-client source package in Trusty: New Status in landscape-client source package in Xenial: New Status in landscape-client source package in Artful: Won't Fix Status in landscape-client source package in Bionic: Fix Released Status in landscape-client source package in Cosmic: In Progress Bug description: [Impact] * This issue affects users of the release-upgrade feature of landscape. * Landscape package monitor would previously race during an upgrade and possibly grab apt locks, thus making the upgrade fail. * The fix adds checks during package operations to make sure a release upgrade is not in progresss. [Test Case] * in /etc/landscape/client.conf , set "apt_update_interval=1800" and "log_level=debug" and restart the client. * Launch a release upgrade from landscape-server. Look for messages in the package-monitor logs stating "conditions not met" [Regression Potential] * Unlikely, as this has already been released to newer ubuntu releases and is fairly well tested. * Any issue with related changes would likely only affect the client getting new package info, but won't affect other functionality. [Original description] Affected release: Ubuntu 14.04.5 Version of package: 14.12-0ubuntu5.14.04 Steps to reproduce: 1. Run do-release-upgrade to upgrade to 16.04.2. 2. Trigger the package-reporter to kick in while do-release-upgrade is working but not having the package database locked. 3. Package database is locked by package-reporter, do-release-upgrade fails to access it and exits. Expected result: Landscape detects that there's an release upgrade in progress and will wait for it to finish. Actual result: PackageReporter locks the apt database, do-release-upgrade cannot access it, exits with an error and may leave the system in an unusable state. * Link to Dariusz's PR on GitHub: https://github.com/CanonicalLtd/landscape-client/pull/14 To manage notifications about this bug go to: https://bugs.launchpad.net/landscape-client/+bug/1699179/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1769304] Re: Apache2 mod_remoteip+rewrite allows client to forge IP address
This is fixed in bionic and later. Leaving a task open for xenial. Links to the upstream fix: https://svn.apache.org/viewvc?view=revision=1767483 https://github.com/apache/httpd/commit/950093162e445141c5126e4d11e6466e3184b0ce ** Also affects: apache2 (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: apache2 (Ubuntu) Status: Triaged => Fix Released ** Changed in: apache2 (Ubuntu Xenial) Status: New => Triaged ** Changed in: apache2 (Ubuntu Xenial) Importance: Undecided => Medium -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1769304 Title: Apache2 mod_remoteip+rewrite allows client to forge IP address Status in apache2 package in Ubuntu: Fix Released Status in apache2 source package in Xenial: Triaged Bug description: Apache bug #60251 describes this problem: https://bz.apache.org/bugzilla/show_bug.cgi?id=60251 mod_remoteip allows us to set the client's IP address using a trusted proxy's X-Forwarded-For header. However, in a location which uses a RewriteRule, the last IP address in the chain is incorrectly stripped while redirecting to the new location, allowing a caller to forge whatever IP address they like by including it in an X-Forwarded-For header. Version 2.4.18-2ubuntu3.8 is vulnerable to this in Xenial. This is fixed upstream in 2.4.24, can the fix be backported to xenial-updates? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1769304/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1616123] Re: rpc-svcgssd.service uses incorrrect variable SVCGSSDARGS
** Also affects: nfs-utils (Debian) Importance: Undecided Status: New ** Bug watch added: Debian Bug tracker #892654 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892654 ** Changed in: nfs-utils (Debian) Importance: Undecided => Unknown ** Changed in: nfs-utils (Debian) Status: New => Unknown ** Changed in: nfs-utils (Debian) Remote watch: None => Debian Bug tracker #892654 -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1616123 Title: rpc-svcgssd.service uses incorrrect variable SVCGSSDARGS Status in nfs-utils package in Ubuntu: Confirmed Status in nfs-utils source package in Xenial: New Status in nfs-utils source package in Bionic: New Status in nfs-utils source package in Cosmic: New Status in nfs-utils package in Debian: Unknown Bug description: In /etc/default/nfs-kernel-server you can specify parameters for rpc.svcgssd: # Options for rpc.svcgssd. RPCSVCGSSDOPTS="-n" But the variable is named incorrectly in /lib/systemd/system/rpc- svcgssd.service: ExecStart=/usr/sbin/rpc.svcgssd $SVCGSSDARGS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1616123/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1745185] Re: If apt-get upgrade is run on mysql server when the server is disabled, the upgrade fails.
Trusty doesn't have systemd, but upstart. There the steps were: - disable updates and security in /etc/apt/sources.list - install mysql-server-5.5 - use mysql command line to connect and create a test database - stop mysql: stop mysql - disable mysql: echo manual | sudo tee /etc/init/mysql.override - reboot to confirm mysql won't start automatically (yes) - re-enable updates and security in sources.list - apt dist-upgrade It worked just fine. For now, this bug is confirmed in xenial only. ** Package changed: mysql-5.5 (Ubuntu) => mysql-5.7 (Ubuntu) ** Also affects: mysql-5.7 (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: mysql-5.7 (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1745185 Title: If apt-get upgrade is run on mysql server when the server is disabled, the upgrade fails. Status in mysql-5.7 package in Ubuntu: Invalid Status in mysql-5.7 source package in Xenial: New Bug description: Since I only use the mysql server for development, I tend to keep the server disabled with systemctl. If mysql server is upgraded while the service is disabled, apt-get fails. To remedy this, I must run "systemctl enable mysqld" before "apt-get upgrade". Since I found a work around, it isn't a big deal, but a less experienced user may have trouble diagnosing this. Possible solutions are: 1) Better error message 2) If the server must be running for upgrade, the upgrade could start it. Maybe prompting first. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1745185/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1738412] Re: Init script fails test on reload/restart because of faulty regex
Zesty is EOL. ** Changed in: squid3 (Ubuntu Zesty) Status: Triaged => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1738412 Title: Init script fails test on reload/restart because of faulty regex Status in squid3 package in Ubuntu: Fix Released Status in squid3 source package in Xenial: Triaged Status in squid3 source package in Zesty: Won't Fix Bug description: This is a very serious issue that got fixed upstream in: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800341 It is also logged in the Ubuntu changelog as fixed in: squid3 (3.5.12-1) unstable; urgency=medium [ Mathieu Parent ] * Fix FATAL parsing before start/reload/restart (Closes: #800341) But is in fact not fixed. When I look in the source package I find two init scripts: squid3.rc and squid.rc. squid3.rc has the patch while squid.rc does not. The one being included in the package and deployed is the one that does not have the fix. I'm including a patch to fix this issue. Please push this out ASAP. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/1738412/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 997217] Re: salsauthd maxes cpu
Ok, trusty isn't affected because the loop there has an exit clause:
+ ret = read(s, rbuf+rc, sizeof(rbuf)-rc);
+ if ( ret<0 ) {
+ rc = ret;
+ break;
+ } else {
+ if (ret == 0) {
+ loopc += 1;
+ } else {
+ loopc = 0;
+ }
+ if (loopc > sizeof(rbuf)) { // arbitrary chosen value
+ break;
+ }
That comes from trusty's patch named 0034-fix_dovecot_authentication.patch. So
trusty does loop for a bit (sizeof(rbuf) is 1000), but won't get stuck. Someone
added the loop counter as a safety net, but didn't change the "ret<0" check
into "ret<=0" which would also have fixed this.
In precise, that same patch (0034) adds the loop, but *without* an exit
clause, hence this bug.
Xenial is interesting. Upstream at some point adopted the patch that
does *NOT* exit the loop, but the code is so similar that someone
decided the patch from the package was already applied and dropped it
from the package, reintroducing the bug.
To add to the confusion, in xenial that patch file was super slightly renamed
from 0034_fix_dovecot_authentication.patch to
0034-fix_dovecot_authentication.patch (can you spot what changed?) and got
totally different contents:
--- cyrus-sasl2.orig/lib/checkpw.c
+++ cyrus-sasl2/lib/checkpw.c
@@ -587,16 +587,14 @@ static int read_wait(int fd, unsigned de
/* Timeout. */
errno = ETIMEDOUT;
return -1;
- case +1:
- if (FD_ISSET(fd, )) {
- /* Success, file descriptor is readable. */
- return 0;
- }
- return -1;
case -1:
if (errno == EINTR || errno == EAGAIN)
continue;
default:
+ if (FD_ISSET(fd, )) {
+ /* Success, file descriptor is readable. */
+ return 0;
+ }
/* Error catch-all. */
return -1;
}
>From bionic onwards, the upstream version has the loop with no loop
counter, but it checks read()'s result for <= 0, not just 0, so it's
fixed there.
Bottom line, only xenial is currently affected (and precise, but precise
is EOL).
** Changed in: cyrus-sasl2 (Ubuntu Trusty)
Status: Triaged => Invalid
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/997217
Title:
salsauthd maxes cpu
Status in cyrus-sasl2 package in Ubuntu:
Fix Released
Status in cyrus-sasl2 source package in Precise:
Won't Fix
Status in cyrus-sasl2 source package in Trusty:
Invalid
Status in cyrus-sasl2 source package in Xenial:
Triaged
Bug description:
[Impact]
The rimap authentication mechanism in saslauthd can hit a condition
where it will start spinning and using all available CPU. This
condition can be easily encountered when an authentication is
happening and the imap service is being restarted.
Furthermore, the saslauthd child process that picked up that
authentication request and that is spinning now won't be reaped nor
can it service further requests. If all children are left in this
state, the authentication service as a whole won't be working anymore.
[Test Case]
This test can be performed in a LXD or VM.
* install the needed packages. mail-stack-delivery is used to have an
imap server available on localhost that needs no further
configuration. Accept the defaults for all debconf prompts:
sudo apt update
sudo apt install sasl2-bin mail-stack-delivery
* set the password "ubuntu" for the ubuntu user
echo ubuntu:ubuntu | sudo chpasswd
* start saslauthd like this, with just one child:
sudo /usr/sbin/saslauthd -a rimap -O localhost -r -n 1
* restart dovecot
sudo service dovecot restart
* test saslauthd authentication:
$ sudo testsaslauthd -u ubuntu -p ubuntu
0: OK "Success."
* Now let's break it. In one terminal watch the output of top:
top
* in another terminal, run the following:
sudo testsaslauthd -u ubuntu -p ubuntu & sleep 1; sudo service dovecot stop
* observe in the "top" terminal that saslauthd is consuming a lot of
cpu. If that's not happening, try starting dovecot again and adjusting
the sleep value in the previous test command, but 1s was enough in all
my runs.
* start dovecot and repeat the authentication request. Since the only
saslauthd child is now spinning, this will block:
sudo service dovecot start
$ sudo testsaslauthd -u ubuntu -p ubuntu
[Regression Potential]
* discussion of how regressions are most likely to manifest as a
result of this change.
* It is assumed that any SRU candidate patch is well-tested before
upload and has a low overall risk of regression, but it's important
to make the effort to think about what ''could'' happen in the
event of a regression.
* This both shows the SRU team that the
[Group.of.nepali.translators] [Bug 997217] Re: salsauthd maxes cpu
Trusty has 0034-fix_dovecot_authentication.patch, but it lacks the above
fix as well.
** Also affects: cyrus-sasl2 (Ubuntu Trusty)
Importance: Undecided
Status: New
** Tags removed: precise
** Tags added: server-next
** Changed in: cyrus-sasl2 (Ubuntu Trusty)
Status: New => Triaged
** Changed in: cyrus-sasl2 (Ubuntu Xenial)
Status: New => Triaged
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/997217
Title:
salsauthd maxes cpu
Status in cyrus-sasl2 package in Ubuntu:
Fix Released
Status in cyrus-sasl2 source package in Precise:
Won't Fix
Status in cyrus-sasl2 source package in Trusty:
Triaged
Status in cyrus-sasl2 source package in Xenial:
Triaged
Bug description:
sasl2-bin version 2.1.24~rc1.dfsg1+cvs2011-05-23-4ubuntu contains a
bug that causes heavy cpu utilization, impacting normal operation of
one of our mail servers following an upgrade to Ubuntu 12.04.
We are running the daemon with the following options:
/usr/sbin/saslauthd -a rimap -O our.imap.server -r -m
/var/spool/postfix/var/run/saslauthd -n 5
We noticed that users were unable to send mail and that the saslauthd
processes were using approximately 100% of each cpu core. An strace of one of
the runaway process showed that it was stuck in the following behaviour:
select(9, [8], NULL, NULL, {0, 0}) = 1 (in [8], left {0, 0})
read(8, "", 940)= 0
select(9, [8], NULL, NULL, {0, 0}) = 1 (in [8], left {0, 0})
read(8, "", 940)= 0
select(9, [8], NULL, NULL, {0, 0}) = 1 (in [8], left {0, 0})
read(8, "", 940)= 0
select(9, [8], NULL, NULL, {0, 0}) = 1 (in [8], left {0, 0})
read(8, "", 940)= 0
select(9, [8], NULL, NULL, {0, 0}) = 1 (in [8], left {0, 0})
read(8, "", 940)= 0
select(9, [8], NULL, NULL, {0, 0}) = 1 (in [8], left {0, 0})
read(8, "", 940)= 0
select(9, [8], NULL, NULL, {0, 0}) = 1 (in [8], left {0, 0})
read(8, "", 940)= 0
.
with further inspection showing that the file descriptor in question was a
socket connected to our imap server in CLOSE_WAIT.
Browsing saslauthd/auth_rimap.c in the source package for sasl2-bin,
we came across the following code, repeated in two locations:
while( select (fds, , NULL, NULL, ) >0 ) {
if ( FD_ISSET(s, ) ) {
ret = read(s, rbuf+rc, sizeof(rbuf)-rc);
if ( ret<0 ) {
rc = ret;
break;
} else {
rc += ret;
}
}
}
It looks like this loop is expected to run until a read error is encountered
or the timeout of 1 second is reached. There is no test to check that 0 bytes
were read, indicating that the connection was closed by the remote peer. Since
select() will immediately return the size of the set of the partially closed
descriptor (1, which is >0), and calls to read() will always yield 0 bytes,
there's the potential for execution to get stuck in this non blocking loop and
I'm presuming that that's what's happening here.
We've not performed any further analysis to prove that this is really
what's happening but if my intuition is correct then our IMAP server
(an nginx imap proxy) most liklely closes the connection at an
unexpected time under as yet undetermined conditions.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/997217/+subscriptions
___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 997217] Re: salsauthd maxes cpu
The patch 0034 mentioned in comment #10 is applied in the xenial package
2.1.26.dfsg1-14build1, so what Roberto hit could be a different issue
requiring a different fix.
Might have been this:
cyrus-sasl2 (2.1.26.dfsg1-15) unstable; urgency=medium
* Add fix for auth_rimap infinite loop (hang) when IMAP server closes
connection (Closes: #815208)
Patch is
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=815208;filename=auth_rimap_socket_closed.patch;msg=5:
--- a/saslauthd/auth_rimap.c
+++ b/saslauthd/auth_rimap.c
@@ -494,7 +494,7 @@
while( select (fds, , NULL, NULL, ) >0 ) {
if ( FD_ISSET(s, ) ) {
ret = read(s, rbuf+rc, sizeof(rbuf)-rc);
- if ( ret<0 ) {
+ if ( ret<=0 ) {
rc = ret;
break;
} else {
@@ -607,7 +607,7 @@
while( select (fds, , NULL, NULL, ) >0 ) {
if ( FD_ISSET(s, ) ) {
ret = read(s, rbuf+rc, sizeof(rbuf)-rc);
- if ( ret<0 ) {
+ if ( ret<=0 ) {
rc = ret;
break;
} else {
** Also affects: cyrus-sasl2 (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: cyrus-sasl2 (Ubuntu Precise)
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/997217
Title:
salsauthd maxes cpu
Status in cyrus-sasl2 package in Ubuntu:
Fix Released
Status in cyrus-sasl2 source package in Precise:
Won't Fix
Status in cyrus-sasl2 source package in Trusty:
Triaged
Status in cyrus-sasl2 source package in Xenial:
Triaged
Bug description:
sasl2-bin version 2.1.24~rc1.dfsg1+cvs2011-05-23-4ubuntu contains a
bug that causes heavy cpu utilization, impacting normal operation of
one of our mail servers following an upgrade to Ubuntu 12.04.
We are running the daemon with the following options:
/usr/sbin/saslauthd -a rimap -O our.imap.server -r -m
/var/spool/postfix/var/run/saslauthd -n 5
We noticed that users were unable to send mail and that the saslauthd
processes were using approximately 100% of each cpu core. An strace of one of
the runaway process showed that it was stuck in the following behaviour:
select(9, [8], NULL, NULL, {0, 0}) = 1 (in [8], left {0, 0})
read(8, "", 940)= 0
select(9, [8], NULL, NULL, {0, 0}) = 1 (in [8], left {0, 0})
read(8, "", 940)= 0
select(9, [8], NULL, NULL, {0, 0}) = 1 (in [8], left {0, 0})
read(8, "", 940)= 0
select(9, [8], NULL, NULL, {0, 0}) = 1 (in [8], left {0, 0})
read(8, "", 940)= 0
select(9, [8], NULL, NULL, {0, 0}) = 1 (in [8], left {0, 0})
read(8, "", 940)= 0
select(9, [8], NULL, NULL, {0, 0}) = 1 (in [8], left {0, 0})
read(8, "", 940)= 0
select(9, [8], NULL, NULL, {0, 0}) = 1 (in [8], left {0, 0})
read(8, "", 940)= 0
.
with further inspection showing that the file descriptor in question was a
socket connected to our imap server in CLOSE_WAIT.
Browsing saslauthd/auth_rimap.c in the source package for sasl2-bin,
we came across the following code, repeated in two locations:
while( select (fds, , NULL, NULL, ) >0 ) {
if ( FD_ISSET(s, ) ) {
ret = read(s, rbuf+rc, sizeof(rbuf)-rc);
if ( ret<0 ) {
rc = ret;
break;
} else {
rc += ret;
}
}
}
It looks like this loop is expected to run until a read error is encountered
or the timeout of 1 second is reached. There is no test to check that 0 bytes
were read, indicating that the connection was closed by the remote peer. Since
select() will immediately return the size of the set of the partially closed
descriptor (1, which is >0), and calls to read() will always yield 0 bytes,
there's the potential for execution to get stuck in this non blocking loop and
I'm presuming that that's what's happening here.
We've not performed any further analysis to prove that this is really
what's happening but if my intuition is correct then our IMAP server
(an nginx imap proxy) most liklely closes the connection at an
unexpected time under as yet undetermined conditions.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/997217/+subscriptions
___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help :
[Group.of.nepali.translators] [Bug 1644057] Re: Excessive Disconnect unmatched entries from sshd
This was fixed in cosmic in 7.4.3+git20161207-2ubuntu2. The bug didn't auto-close because the bug number wasn't correctly mentioned in the changelog of the package (it missed a "#"). I added tasks for xenial and bionic. ** Also affects: logwatch (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: logwatch (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: logwatch (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1644057 Title: Excessive Disconnect unmatched entries from sshd Status in logwatch package in Ubuntu: Fix Released Status in logwatch source package in Xenial: New Status in logwatch source package in Bionic: New Status in logwatch package in Debian: New Bug description: [Impact] User ssh disconnect messages in syslog aren't handled by logwatch, and thus end up in the "Unmatched Entries" section, one per event. This clutters up the logwatch reports unnecessarily. [Test Case] # lxc launch ubuntu-daily:cosmic tester # lxc exec tester bash # apt update # apt dist-upgrade -y # apt install -y logwatch openssh-server mailutils * mail configuration : Local only * System mail name: (use default) # sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config # systemctl restart sshd # passwd ubuntu * choose a password # ssh ubuntu@localhost * login, then exit # logwatch --detail Med --mailto root --service all --range today # sleep 1 # mail * select message 1 * Search for SSHD: /SSHD You will see unmatched entries: **Unmatched Entries** Disconnected from user ubuntu 127.0.0.1 port 53084 : 1 time(s) [Original Description] # lsb_release -rd Description:Ubuntu 16.04.1 LTS Release:16.04 # apt-cache policy logwatch logwatch: Installed: 7.4.2-1ubuntu1 Candidate: 7.4.2-1ubuntu1 Version table: *** 7.4.2-1ubuntu1 500 500 http://mirrors.digitalocean.com/ubuntu xenial/main amd64 Packages 500 http://mirrors.digitalocean.com/ubuntu xenial/main i386 Packages 100 /var/lib/dpkg/status The issue seems to be exactly as described here: https://bugzilla.redhat.com/show_bug.cgi?id=1317620 In synopsis, Logwatch's "SSHD" output contains excessive "Unmatched Entries" regarding SSH disconnections. They look like this: Received disconnect from 123.123.123.123 port 6887:11: disconnected by user : 1 time(s) Received disconnect from 123.123.123.123 port 8310:11: disconnected by user : 1 time(s) Disconnected from 123.123.123.123 port 1306 : 1 time(s) Received disconnect from 123.123.123.123 port 3720:11: disconnected by user : 1 time(s) Received disconnect from 123.123.123.123 port 3001:11: disconnected by user : 1 time(s) Disconnected from 123.123.123.123 port 1054 : 1 time(s) Received disconnect from 123.123.123.123 port 9741:11: disconnected by user : 1 time(s) Received disconnect from 123.123.123.123 port 3261:11: disconnected by user : 1 time(s) Received disconnect from 123.123.123.123 port 4650:11: disconnected by user : 1 time(s) Received disconnect from 123.123.123.123 port 13235:11: disconnected by user : 1 time(s) Received disconnect from 123.123.123.123 port 1065:11: disconnected by user : 1 time(s) Received disconnect from 123.123.123.123 port 13868:11: disconnected by user : 1 time(s) Disconnected from 123.123.123.123 port 8542 : 1 time(s) I should mention that these connections are from me, and are legitimate; they are not from "bots" or other types of probes/scans that are, for example, check for the availability of vulnerable ciphers. The key finding from the above report seems to be: "I don't know why there are two different format disconnect messages, but the bit that seems to confuse logwatch was adding the port number to the message." There seem to be several (3-5) such messages that result from a normal connect/disconnect cycle. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1644057/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1677755] Re: Missing dep8 tests
** Also affects: backuppc (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: backuppc (Ubuntu Trusty) Importance: Undecided Status: New ** Changed in: backuppc (Ubuntu) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: backuppc (Ubuntu Trusty) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: backuppc (Ubuntu Xenial) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: backuppc (Ubuntu Xenial) Status: New => In Progress ** Changed in: backuppc (Ubuntu Trusty) Status: New => In Progress -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1677755 Title: Missing dep8 tests Status in backuppc package in Ubuntu: New Status in backuppc source package in Trusty: In Progress Status in backuppc source package in Xenial: In Progress Bug description: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 As of March 29, 2017, this source package did not contain dep8 tests in the current development release of Ubuntu, named Zesty. This was determined by running `pull-lp-source backuppc zesty` and then checking for the existence of 'debian/tests/' and 'debian/tests/control'. Test automation is essential to higher levels of quality and confidence in updates to packages. dep8 tests [1] specify how automatic testing can be integrated into packages and then run by package maintainers before new uploads. This defect is to report the absence of these tests and to report the opportunity as a potential item for development by both new and experienced contributors. [1] http://packaging.ubuntu.com/html/auto-pkg-test.html affects ubuntu/backuppc status new importance wishlist tag needs-dep8 - --- Joshua Powers Ubuntu Server Canonical Ltd -BEGIN PGP SIGNATURE- iQIcBAEBCAAGBQJY3XQ9AAoJEIP8BxPaZgwltiwP/23S9oClHTBIlyYA4rs0gB7n +EP3wTBIChKNhXcBLlBOz4MKEOwGK5tsiyrTHfnXJz0aR7zhqQiMUBxf6mtmj3dO iBHG+SraPKdArW3wEw03X2I+gpmKU8J4tcPnilFMW1FJ6dk+s0jkg4wb9kFR33nZ HEFn8B5Rn2aOWbw8+4DJjvyPMIpkU8bEtW2WgpAmKjUZwJjW2qLqkMsZCE+Hxs4A CRQIMPlEcbp7edCpIKy9/ItxNgf58iJxdSo42QoDizibhjssSPSEwTT9FN5yVA57 /LMjYENAP1WQzeytQaBSQVEwYnwFTV4k69hMk60mNvHcsgerBBL8uhLfIIMwryhe v72cxj9fQU5plreNj22GBlTHD2vpS6oZCHSraqeSBK4CwqOBxzkUkvWTFmjmAbYN EmXQp9jjZmeAu2aGi0tVBzVmEMcLlok5x1fEPvNJEJP4sCf5lYNQZwMx0LrNNiqo 1PzkI3RSSsFjrlGLGqY6p5PrxnNhM1q3jkot3d8Mdt+LPCMUVWY2yfIM7w0C8OZr UsoRsBxFMapiitjGS/TnnBE+p8XuBDgWGTLO7jPGoOaeL2/d5ISq0gArUQWY6hMQ fCZmNEW3KWj5FZrbC6ycmFKEJ2UrSSI7TM/EfWkndxv5+MFfEPE3dn3+sfKoTxQH B0rug6fGmc1bsNF+etIo =PV7+ -END PGP SIGNATURE- To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/backuppc/+bug/1677755/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1719354] Re: apparmor blocking smbd which is in complain mode
** Also affects: samba (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: samba (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: samba (Ubuntu) Status: Confirmed => Fix Released ** Changed in: samba (Ubuntu Xenial) Status: New => Triaged ** Changed in: samba (Ubuntu Bionic) Status: New => Triaged ** Changed in: samba (Ubuntu Bionic) Importance: Undecided => Medium ** Changed in: samba (Ubuntu Xenial) Importance: Undecided => Medium -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1719354 Title: apparmor blocking smbd which is in complain mode Status in samba package in Ubuntu: Fix Released Status in samba source package in Xenial: Triaged Status in samba source package in Bionic: Triaged Bug description: This error is occurring because samba is working in user profile and folder '/run/samba/msg.log' has owner as root. Any log created will be as root. Hence, samba not able to log anything. aravind@comp:~$ tail -f /var/log/syslog | grep -i apparmor Sep 25 21:25:36 comp kernel: [ 4535.034713] audit: type=1400 audit(1506354936.898:275): apparmor="ALLOWED" operation="open" profile="/usr/sbin/smbd" name="/run/samba/msg.lock/4470" pid=5690 comm="smbd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 Sep 25 21:25:36 comp kernel: [ 4535.034719] audit: type=1400 audit(1506354936.898:276): apparmor="ALLOWED" operation="file_lock" profile="/usr/sbin/smbd" name="/run/samba/msg.lock/4470" pid=5690 comm="smbd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 Sep 25 21:27:39 comp kernel: [ 4657.984668] audit: type=1400 audit(1506355059.847:290): apparmor="ALLOWED" operation="mknod" profile="/usr/sbin/smbd" name="/run/samba/msg.lock/6056" pid=6056 comm="smbd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 Sep 25 21:27:39 comp kernel: [ 4657.984675] audit: type=1400 audit(1506355059.847:291): apparmor="ALLOWED" operation="open" profile="/usr/sbin/smbd" name="/run/samba/msg.lock/6056" pid=6056 comm="smbd" requested_mask="wc" denied_mask="wc" fsuid=0 ouid=0 Sep 25 21:27:39 comp kernel: [ 4657.984679] audit: type=1400 audit(1506355059.847:292): apparmor="ALLOWED" operation="file_lock" profile="/usr/sbin/smbd" name="/run/samba/msg.lock/6056" pid=6056 comm="smbd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 Sep 25 21:27:39 comp kernel: [ 4657.984684] audit: type=1400 audit(1506355059.847:293): apparmor="ALLOWED" operation="truncate" profile="/usr/sbin/smbd" name="/run/samba/msg.lock/6056" pid=6056 comm="smbd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 Sep 25 21:27:39 comp kernel: [ 4657.991838] audit: type=1400 audit(1506355059.855:294): apparmor="ALLOWED" operation="unlink" profile="/usr/sbin/smbd" name="/run/samba/msg.lock/6056" pid=6056 comm="smbd" requested_mask="d" denied_mask="d" fsuid=0 ouid=0 ^C ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: apparmor 2.10.95-0ubuntu2.7 ProcVersionSignature: Ubuntu 4.10.0-35.39~16.04.1-generic 4.10.17 Uname: Linux 4.10.0-35-generic x86_64 NonfreeKernelModules: nvidia_uvm nvidia_drm nvidia_modeset nvidia ApportVersion: 2.20.1-0ubuntu2.10 Architecture: amd64 CurrentDesktop: Unity Date: Mon Sep 25 21:27:07 2017 ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-4.10.0-35-generic root=UUID=3bdb5792-d2a2-4f98-97bd-f274c3d0dde1 ro quiet splash crashkernel=384M-:128M vt.handoff=7 SourcePackage: apparmor Syslog: Sep 25 10:34:40 comp dbus[1174]: [system] AppArmor D-Bus mediation is enabled Sep 25 18:34:05 comp dbus[1083]: [system] AppArmor D-Bus mediation is enabled Sep 25 20:10:24 comp dbus[1066]: [system] AppArmor D-Bus mediation is enabled UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1719354/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1771340] Re: sshd failed on config reload
marking as fix released in the devel task, since the fix is in cosmic. ** Changed in: openssh (Ubuntu) Status: Triaged => Fix Released ** Changed in: openssh (Ubuntu) Assignee: Karl (kstenerud) => (unassigned) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1771340 Title: sshd failed on config reload Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Xenial: In Progress Bug description: [Impact] sshd doesn't check the configuration when reloading. If a user generates an invalid configuration file, sshd will shut down and not come back up when the user issues a reload. [Test Case] $ lxc launch ubuntu:xenial tester $ lxc exec tester bash # echo "blah blah" >>/etc/ssh/sshd_config # systemctl reload sshd Job for ssh.service failed because the control process exited with error code. See "systemctl status ssh.service" and "journalctl -xe" for details. # systemctl status ssh.service ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Tue 2018-08-21 18:15:41 UTC; 19s ago * The service should have checked the config file, failed to reload, but remained active in its current configuration. In this case ssh has shut down. [Regression Potential] This code will only trigger on an invalid configuration file (in which case sshd would not load anyway), so there should be no regressions. [Other Info] autopkgtest [13:45:46]: test regress: ---] autopkgtest [13:45:47]: test regress: - - - - - - - - - - results - - - - - - - - - - regress PASS autopkgtest [13:45:47]: summary regress PASS [Original Description] After adding some lines to /etc/ssh/sshd_config I tried to reload the configuration with the command: ``` sudo systemctl reload sshd ``` No error message was returned. So I assumed that the sshd was running with the current config. But `sudo systemctl status sshd` told me that the service failed due to a wrong option in /etc/ssh/sshd_config. Please see the following output: ~~~ :~$ sudo vim /etc/ssh/sshd_config :~$ sudo systemctl reload sshd :~$ sudo systemctl status sshd ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Di 2018-05-15 10:00:04 CEST; 8s ago Process: 12089 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS) Process: 7536 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=255) Main PID: 7536 (code=exited, status=255) ~~~ I would expect that a warning or error message is returned when the service fails while reloading it's configuration. A fix for this behaviour would be appreciated. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: openssh-server 1:7.2p2-4ubuntu2.4 ProcVersionSignature: Ubuntu 3.13.0-112.159-generic 3.13.11-ckt39 Uname: Linux 3.13.0-112-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.17 Architecture: amd64 Date: Tue May 15 10:18:25 2018 InstallationDate: Installed on 2013-01-10 (1950 days ago) InstallationMedia: Ubuntu-Server 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120817.3) SourcePackage: openssh UpgradeStatus: Upgraded to xenial on 2017-03-12 (428 days ago) mtime.conffile..etc.pam.d.sshd: 2017-03-13T19:59:01.965420 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1771340/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1612954] Re: backuppc-3.3.1-2ubuntu3 fails to backup any Samba shares on Ubuntu 16.04.1 LTS
Zesty is EOL. ** Changed in: backuppc (Ubuntu Zesty) Status: Incomplete => Won't Fix ** Tags removed: bitesize -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1612954 Title: backuppc-3.3.1-2ubuntu3 fails to backup any Samba shares on Ubuntu 16.04.1 LTS Status in backuppc package in Ubuntu: Incomplete Status in backuppc source package in Xenial: Incomplete Status in backuppc source package in Yakkety: Expired Status in backuppc source package in Zesty: Won't Fix Bug description: Upgraded to Ubuntu 16.04.1 LTS, its latest backuppc-3.3.1-2ubuntu3 and Samba 2:4.3.9+dfsg-0. Due to a change in Samba's output, any backup attempted via smbclient will fail. There is a suggested fix, but I haven't checked it: https://bugzilla.redhat.com/attachment.cgi?id=264 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/backuppc/+bug/1612954/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1583324] Re: Samba won't start when an include statement in smb.conf has a variable substitution
Marking as fix released in the main task because it's fixed in bionic and later. ** Changed in: samba (Ubuntu Trusty) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: samba (Ubuntu Xenial) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: samba (Ubuntu Trusty) Status: New => In Progress ** Changed in: samba (Ubuntu Xenial) Status: New => In Progress ** Changed in: samba (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1583324 Title: Samba won't start when an include statement in smb.conf has a variable substitution Status in samba package in Ubuntu: Fix Released Status in samba source package in Trusty: In Progress Status in samba source package in Xenial: In Progress Bug description: [Impact] Samba in AD mode refuses to start when the smb.conf file contains an include line with a variable substitution like "include = /etc/samba/smb.conf.%U" This happens because the initscript calls "samba-tool testparm" to obtain a configuration parameter from smb.conf, and this testparm tool fails because it doesn't expand the %U macro and fails to read "/etc/samba/smb.conf." (note the ending dot). Note that "samba-tool testparm" is different from just "testparm". The latter doesn't fail. We could just replace one with the other in the initscript, but later on in the process of provisioning an AD controller this error is encountered again, so it's best to fix it properly. [Test Case] * install samba: sudo apt install samba * create /etc/samba/smb.conf with this content: [global] netbios name = samba log file = /var/log/samba/log.%m map to guest = Bad User max log size = 1000 obey pam restrictions = Yes pam password change = Yes panic action = /usr/share/samba/panic-action %d passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . passwd program = /usr/bin/passwd %u server string = %h server (Samba, Ubuntu) unix password sync = Yes usershare allow guests = Yes idmap config * : backend = tdb include = /etc/samba/smb.conf.%U * run the command that fails: ubuntu@trusty-samba-include:~$ sudo samba-tool testparm --suppress-prompt ERROR: Unable to load default file ubuntu@trusty-samba-include:~$ echo $? 255 * install the updated packages and run the same command again. This time it will work, exit with status 0, and show the main config file. ubuntu@trusty-samba-include:~$ sudo samba-tool testparm --suppress-prompt # Global parameters [global] netbios name = SAMBA server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes log file = /var/log/samba/log.%m max log size = 1000 usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap config * : backend = tdb include = /etc/samba/smb.conf.%U ubuntu@trusty-samba-include:~$ echo $? 0 [Regression Potential] * discussion of how regressions are most likely to manifest as a result of this change. * It is assumed that any SRU candidate patch is well-tested before upload and has a low overall risk of regression, but it's important to make the effort to think about what ''could'' happen in the event of a regression. * This both shows the SRU team that the risks have been considered, and provides guidance to testers in regression-testing the SRU. [Other Info] * Anything else you think is useful to include * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board * and address these questions in advance [Original Description] Samba refuses to start when the smb.conf file contains an include line with a variable substitution like "include = /etc/samba/smb.conf.%U" According to the man page for smb.conf, all but a few specific variable substitutions should work. include (G) This allows you to include one config file inside another. The file is included literally, as though typed in place. It takes the standard substitutions, except %u, %P and %S. The parameter include = registry has a special meaning: It does not include a file named registry from the current working dire
[Group.of.nepali.translators] [Bug 1774666] Re: Bond interfaces stuck at 1500 MTU on Bionic
Somehow the netplan.io and cloud-init tasks are linked in terms of those nominations. If I approve the cloud-init ones, netplan's also get approved. ** Also affects: cloud-init (Ubuntu Artful) Importance: Undecided Status: New ** Also affects: netplan.io (Ubuntu Artful) Importance: Undecided Status: New ** Also affects: cloud-init (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: netplan.io (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: cloud-init (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: netplan.io (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: cloud-init (Ubuntu Cosmic) Importance: Undecided Status: Confirmed ** Also affects: netplan.io (Ubuntu Cosmic) Importance: Undecided Status: Confirmed -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1774666 Title: Bond interfaces stuck at 1500 MTU on Bionic Status in cloud-init: Fix Committed Status in MAAS: Invalid Status in cloud-init package in Ubuntu: Confirmed Status in netplan.io package in Ubuntu: Confirmed Status in cloud-init source package in Xenial: New Status in netplan.io source package in Xenial: New Status in cloud-init source package in Artful: New Status in netplan.io source package in Artful: New Status in cloud-init source package in Bionic: New Status in netplan.io source package in Bionic: New Status in cloud-init source package in Cosmic: Confirmed Status in netplan.io source package in Cosmic: Confirmed Bug description: When deploying a machine through MAAS with bonded network interfaces, the bond does not have a 9000 byte MTU applied despite the attached VLANs having had a 9000 MTU explicitly set. The MTU size is set on the bond members, but not on the bond itself in Netplan. Consequently, when the bond is brought up, the interface MTU is decreased from 9000 to 1500. Manually changing the interface MTU after boot is successful. This is not observed when deploying Xenial on the same machine. The bond comes up at the expected 9000 byte MTU. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/1774666/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1766186] Re: IncludeOptional fails when a directory does not exist
Packages uploaded to proposed unapproved. ** Also affects: apache2 (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: apache2 (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: apache2 (Ubuntu Artful) Importance: Undecided Status: New ** Changed in: apache2 (Ubuntu) Status: In Progress => Fix Released ** Changed in: apache2 (Ubuntu Xenial) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: apache2 (Ubuntu Artful) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: apache2 (Ubuntu Bionic) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: apache2 (Ubuntu Xenial) Status: New => In Progress ** Changed in: apache2 (Ubuntu Artful) Status: New => In Progress ** Changed in: apache2 (Ubuntu Bionic) Status: New => In Progress ** Changed in: apache2 (Ubuntu Xenial) Importance: Undecided => Low ** Changed in: apache2 (Ubuntu Artful) Importance: Undecided => Low ** Changed in: apache2 (Ubuntu Bionic) Importance: Undecided => Low ** Changed in: apache2 (Ubuntu) Importance: Undecided => Low -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1766186 Title: IncludeOptional fails when a directory does not exist Status in apache2 package in Ubuntu: Fix Released Status in apache2 source package in Xenial: In Progress Status in apache2 source package in Artful: In Progress Status in apache2 source package in Bionic: In Progress Bug description: [Impact] An instruction in apache config such as the following will make apache2 fail to start if the target path does not exist: IncludeOptional /etc/apache2/mellon/sp-location*.conf https://paste.ubuntu.com/p/f2Tb9rgrBB/ (full file: /etc/apache2/sites- enabled/openstack_https_frontend.conf) Apr 23 06:58:31 maas-xenial1 apache2[28269]: * The apache2 configtest failed. Apr 23 06:58:31 maas-xenial1 apache2[28269]: Output of config test was: Apr 23 06:58:31 maas-xenial1 apache2[28269]: apache2: Syntax error on line 219 of /etc/apache2/apache2.conf: Syntax error on line 17 of /etc/apache2/sites-enabled/openstack_https_frontend.conf: Could not o Apr 23 06:58:31 maas-xenial1 apache2[28269]: Action 'configtest' failed. Apr 23 06:58:31 maas-xenial1 apache2[28269]: The Apache error log may have more information. Apr 23 06:58:31 maas-xenial1 systemd[1]: apache2.service: Control process exited, code=exited status=1 Apr 23 06:58:31 maas-xenial1 systemd[1]: Failed to start LSB: Apache2 web server. A fix is available upstream: https://bz.apache.org/bugzilla/show_bug.cgi?id=57585 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878920 https://github.com/apache/httpd/commit/a17ce7dd5e6277867ca48659f70c4bb8a11add56 #diff-18a4bdb1520687ad43a0b4dd2b51d957R1954 [Test Case] * add IncludeOptional /etc/apache2/mellon/sp-location*.conf to an apache config file and try to restart the apache2 service [Regression Potential] * minimal, the patch eases up requirements without rewriting or removing the existing code; * the patch author says that it's been used for ~ 3 years in clearlinux https://bz.apache.org/bugzilla/show_bug.cgi?id=57585#c4 * applied in debian https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878920#22 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1766186/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1732150] Re: Unbound behaviour changes (wrong) when domain-insecure is set for a stub zone with multiple stub-addr(s)
Dropping zesty as it's EOL. Cosmic and bionic affected. ** Changed in: unbound (Ubuntu Zesty) Status: New => Won't Fix ** Also affects: unbound (Ubuntu Bionic) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1732150 Title: Unbound behaviour changes (wrong) when domain-insecure is set for a stub zone with multiple stub-addr(s) Status in Unbound - Caching DNS Resolver: Unknown Status in unbound package in Ubuntu: Triaged Status in unbound source package in Trusty: New Status in unbound source package in Xenial: New Status in unbound source package in Zesty: Won't Fix Status in unbound source package in Artful: New Status in unbound source package in Bionic: New Bug description: Unbound contains a bug when domain-insecure is set for a (stub) zone. This bug is fixed, see https://www.nlnetlabs.nl/bugs- script/show_bug.cgi?id=2882. Can you please backport this to the Trusty package? With regards, Richard Arends To manage notifications about this bug go to: https://bugs.launchpad.net/unbound/+bug/1732150/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1688575] Re: Segmentation fault on a slave slapd (sync replication with kerberos authentication)
** Also affects: openldap (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: openldap (Ubuntu Xenial) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: openldap (Ubuntu Xenial) Status: New => Triaged ** Changed in: openldap (Ubuntu Xenial) Importance: Undecided => High -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1688575 Title: Segmentation fault on a slave slapd (sync replication with kerberos authentication) Status in openldap: Fix Released Status in openldap package in Ubuntu: Fix Released Status in openldap source package in Xenial: Triaged Bug description: I have a slapd problem on a freshly installed 16.04 machine: slapd[17107]: segfault at 1a ip 7f3c12c79f55 sp 7f3c03c2d080 error 4 in libsasl2.so.2.0.25[7f3c12c72000+19000] I'm using the server as Slave LDAP-Server and sync replication with kerberos authentication. The service either starts and runs successfully or it fails with segmentation fault or 100% CPU. Maybe an useful info, I'm replicating two databases. When I deactivate syncrepl for one of them (doesn't matter which one) the problem is not occuring. Linux xxx 4.4.0-75-generic #96-Ubuntu SMP Thu Apr 20 09:56:33 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux slapd 2.4.42+dfsg-2ubuntu3.1 libsasl2-2:amd64 2.1.26.dfsg1-14build1 libsasl2-modules:amd64 2.1.26.dfsg1-14build1 libsasl2-modules-gssapi-mit:amd64 2.1.26.dfsg1-14build1 GDB debug: Starting program: /usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u openldap -g openldap -f /etc/ldap/slapd.conf -d 256 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". 590c82ab @(#) $OpenLDAP: slapd (Ubuntu) (May 11 2016 16:12:05) $ buildd@lgw01-10:/build/openldap-mF7Kfq/openldap-2.4.42+dfsg/debian/build/servers/slapd 590c82ab slapd starting [New Thread 0x7f2e96b7b700 (LWP 42139)] [New Thread 0x7f2e9637a700 (LWP 42140)] [New Thread 0x7f2e95b79700 (LWP 42141)] [New Thread 0x7f2e95378700 (LWP 42142)] [New Thread 0x7f2e94b77700 (LWP 42143)] 590c82ba slap_client_connect: URI=ldap://xxx ldap_sasl_interactive_bind_s failed (-6) 590c82ba do_syncrepl: rid=132 rc -6 retrying (9 retries left) Thread 4 "slapd" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f2e95b79700 (LWP 42141)] 0x7f2ea53035b5 in sasl_client_add_plugin () from /usr/lib/x86_64-linux-gnu/libsasl2.so.2 (gdb) thr apply all bt Thread 6 (Thread 0x7f2e94b77700 (LWP 42143)): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185 #1 0x7f2ea59463f3 in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #2 0x7f2ea487c6ba in start_thread (arg=0x7f2e94b77700) at pthread_create.c:333 #3 0x7f2ea45b282d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 Thread 5 (Thread 0x7f2e95378700 (LWP 42142)): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185 #1 0x7f2ea59463f3 in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #2 0x7f2ea487c6ba in start_thread (arg=0x7f2e95378700) at pthread_create.c:333 #3 0x7f2ea45b282d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 Thread 4 (Thread 0x7f2e95b79700 (LWP 42141)): #0 0x7f2ea53035b5 in sasl_client_add_plugin () from /usr/lib/x86_64-linux-gnu/libsasl2.so.2 #1 0x7f2ea530f250 in ?? () from /usr/lib/x86_64-linux-gnu/libsasl2.so.2 #2 0x7f2ea5303d69 in sasl_client_init () from /usr/lib/x86_64-linux-gnu/libsasl2.so.2 #3 0x7f2ea594da6c in ldap_int_sasl_init () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #4 0x7f2ea594db2c in ldap_int_sasl_open () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #5 0x7f2ea594e2d4 in ldap_int_sasl_bind () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #6 0x7f2ea5951828 in ldap_sasl_interactive_bind () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #7 0x7f2ea5951a4e in ldap_sasl_interactive_bind_s () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #8 0x561fbc556db4 in slap_client_connect (ldp=0x561fbe1e9f68, sb=0x561fbe1e9d40) at ../../../../servers/slapd/config.c:2063 #9 0x561fbc5c699d in do_syncrep1 (si=0x561fbe1e9d10, op=0x7f2e95b787b0) at ../../../../servers/slapd/syncrepl.c:618 #10 do_syncrepl (ctx=, arg=0x561fbe1e5620) at ../../../../servers/slapd/syncrepl.c:1548 #11 0x7f2ea59463a2 in ?? () from /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #12 0x7f2ea487c6ba in start_thread (arg=0x7f2e95b79700) at pthread_create.c:333 #13 0x7f2ea45b282d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
[Group.of.nepali.translators] [Bug 1707970] Re: dovecot unmatched entries: "Logged out"
This is fixed in artful and bionic. ** Also affects: logwatch (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: logwatch (Ubuntu) Status: Confirmed => Fix Released ** Changed in: logwatch (Ubuntu Xenial) Status: New => Triaged ** Changed in: logwatch (Ubuntu Xenial) Importance: Undecided => Low ** Tags added: server-next -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1707970 Title: dovecot unmatched entries: "Logged out" Status in logwatch: Fix Released Status in logwatch package in Ubuntu: Fix Released Status in logwatch source package in Xenial: Triaged Bug description: This is with logwatch 7.4.2-1ubuntu1 on Ubuntu 16.04.2 LTS, Xenial Server. I get many "Unmatched Entries" lines from dovecot in my logwatch emails like the following: dovecot: imap(username): Logged out in=xxx out=yyy: zzz Time(s) Logwatch should be ignoring these entries. This appears to be the same as Debian 840952: https://bugs.debian.org /cgi-bin/bugreport.cgi?bug=840952 Would be nice if we could backport the fix to the current version of logwatch included with xenial. Thanks! To manage notifications about this bug go to: https://bugs.launchpad.net/logwatch/+bug/1707970/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1752632] Re: The motd message is not cached
** Also affects: landscape-client (Ubuntu Trusty) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1752632 Title: The motd message is not cached Status in Landscape Client: New Status in landscape-client package in Ubuntu: New Status in landscape-client source package in Trusty: New Status in landscape-client source package in Xenial: New Status in landscape-client source package in Artful: New Bug description: landscape-common has an MOTD component called landscape-sysinfo. Historically that used update-motd to display cached information. update-motd has been deprecated in favor of pam_motd, but landscape- common was never changed accordingly. The situation we have now in landscape-common's debconf is: - "Cache sysinfo in /etc/motd": places a symlink in /etc/update-motd.d. With pam_motd, there is no cache, so that script is called on every login. - "Run sysinfo on every login": places the same symlink in /etc/profile.d, removes the one from /etc/update-motd.d. End result is the same as before: script is called on every login - "Do not display sysinfo on login": remove /etc/profile.d and /etc/update-motd.d symlinks. This is the only option that is currently working as advertised. To manage notifications about this bug go to: https://bugs.launchpad.net/landscape-client/+bug/1752632/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1699179] Re: PackageReporter kicks in during do-release-upgrade
** Changed in: landscape-client Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1699179 Title: PackageReporter kicks in during do-release-upgrade Status in Landscape Client: Fix Released Status in landscape-client package in Ubuntu: Fix Released Status in landscape-client source package in Trusty: New Status in landscape-client source package in Xenial: New Status in landscape-client source package in Artful: New Status in landscape-client source package in Bionic: Fix Released Bug description: Affected release: Ubuntu 14.04.5 Version of package: 14.12-0ubuntu5.14.04 Steps to reproduce: 1. Run do-release-upgrade to upgrade to 16.04.2. 2. Trigger the package-reporter to kick in while do-release-upgrade is working but not having the package database locked. 3. Package database is locked by package-reporter, do-release-upgrade fails to access it and exits. Expected result: Landscape detects that there's an release upgrade in progress and will wait for it to finish. Actual result: PackageReporter locks the apt database, do-release-upgrade cannot access it, exits with an error and may leave the system in an unusable state. * Link to Dariusz's PR on GitHub: https://github.com/CanonicalLtd/landscape-client/pull/14 To manage notifications about this bug go to: https://bugs.launchpad.net/landscape-client/+bug/1699179/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1742531] Re: New Amazon AWS C5 instances are not recognised as a VM
** Changed in: landscape-client Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1742531 Title: New Amazon AWS C5 instances are not recognised as a VM Status in Landscape Client: Fix Released Status in landscape-client package in Ubuntu: Fix Released Status in landscape-client source package in Trusty: Fix Released Status in landscape-client source package in Xenial: Fix Released Status in landscape-client source package in Artful: Fix Released Status in landscape-client source package in Bionic: Fix Released Bug description: [Impact] The new Amazon AWS C5 instance type is not a recognised VM type in Landscape and thus won't allow use of a Virtual Guest asset to register with. The C5 instance type is a new type that uses a KVM-family hypervisor instead of Xen (displaying "Amazon EC2" in sys_vendor which landscape- client doesn't recognise, thus cannot associate/map to kvm) "AWS has revealed it has created a new hypervisor based on KVM, not the Xen hypervisor on which it has relied for years." From https://www.theregister.co.uk/2017/11/07/aws_writes_new_kvm_based_hypervisor_to_make_its_cloud_go_faster [Test Case] Scenario #1 * Deploy an AWS C5 instance * Look sys_vendor $ cat /sys/class/dmi/id/sys_vendor Amazon EC2 * Install landscape-client * Register the client to the desired landscape-server * Verify "VM Type" to be "kvm" under the computer info in landscape-server. Scenario #2 * Deploy an AWS non KVM/non C5 instance (Example : t2.medium) * Look sys_vendor $ cat /sys/class/dmi/id/sys_vendor Xen * Install landscape-client * Register the client to the desired landscape-server * Verify "VM Type" to still be "xen" under the computer info in landscape-server. [Regression Potential] * No regression anticipated, the fix is only adding a new entry mapping to recognize C5 instance (Amazon EC2) [Other Info] * Upstream commit: https://github.com/CanonicalLtd/landscape-client/pull/22/files [Original Description] The new Amazon AWS C5 instance type is not a recognised VM type in Landscape and thus won't allow use of a Virtual Guest asset to register with. The C5 instance type is a new type that uses a KVM-family hypervisor instead of Xen: "AWS has revealed it has created a new hypervisor based on KVM, not the Xen hypervisor on which it has relied for years." From https://www.theregister.co.uk/2017/11/07/aws_writes_new_kvm_based_hypervisor_to_make_its_cloud_go_faster ubuntu@ip-172-31-54-123:~$ cat /sys/class/dmi/id/sys_vendor Amazon EC2 dmidecode output: # dmidecode 3.0 Getting SMBIOS data from sysfs. SMBIOS 2.7 present. 5 structures occupying 233 bytes. Table at 0x000F9010. Handle 0x, DMI type 0, 24 bytes BIOS Information Vendor: Amazon EC2 Version: 1.0 Release Date: 10/16/2017 Address: 0xF Runtime Size: 64 kB ROM Size: 64 kB Characteristics: PCI is supported EDD is supported ACPI is supported System is a virtual machine BIOS Revision: 1.0 Handle 0x0001, DMI type 1, 27 bytes System Information Manufacturer: Amazon EC2 Product Name: c5.large Version: Not Specified Serial Number: ec23cdb5-a248-6935-b9f6-de3a34334018 UUID: EC23CDB5-A248-6935-B9F6-DE3A34334018 Wake-up Type: Power Switch SKU Number: Not Specified Family: Not Specified Handle 0x0002, DMI type 2, 15 bytes Base Board Information Manufacturer: Amazon EC2 Product Name: Not Specified Version: Not Specified Serial Number: Not Specified Asset Tag: i-09898bff0b7b55c35 Features: None Location In Chassis: Not Specified Chassis Handle: 0x0003 Type: Other Contained Object Handles: 0 Handle 0x0003, DMI type 3, 21 bytes Chassis Information Manufacturer: Amazon EC2 Type: Other Lock: Not Present Version: Not Specified Serial Number: Not Specified Asset Tag: Amazon EC2 Boot-up State: Safe Power Supply State: Safe Thermal State: Safe Security Status: None OEM Information: 0x Height: Unspecified Number Of Power Cords: 1 Contained Elements: 0 Handle 0x0004, DMI type 127, 4 bytes End Of Table contents of /proc/cpuinfo : processor : 0 vendor_id : GenuineIntel cpu family: 6 model : 85 model name: Intel(R) Xeon(R) Platinum 8124M CPU @ 3.00GHz stepping : 3 microcode : 0x100013e cpu MHz : 3000.000 cache size: 25344 KB physical id : 0 siblings : 2 core id : 0 cpu cores : 1 apicid: 0 initial apicid: 0 fpu : yes fpu_exception : yes cpuid level : 13 wp
[Group.of.nepali.translators] [Bug 1743232] Re: set vm_info to kvm for digitalocean instances
** Changed in: landscape-client Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1743232 Title: set vm_info to kvm for digitalocean instances Status in Landscape Client: Fix Released Status in landscape-client package in Ubuntu: Fix Released Status in landscape-client source package in Trusty: Fix Released Status in landscape-client source package in Xenial: Fix Released Status in landscape-client source package in Artful: Fix Released Status in landscape-client source package in Bionic: Fix Released Bug description: [Impact] digitalocean instance type is not a recognised VM type in Landscape and thus won't allow use of a Virtual Guest asset to register with. The digitalocean type uses a KVM-family hypervisor (displaying "digitalocean" in sys_vendor which landscape-client doesn't recognise, thus cannot associate/map to kvm) [Test Case] * Deploy a digitalocean instance * Look sys_vendor $ cat /sys/class/dmi/id/sys_vendor digitalocean * Install landscape-client * Register the client to the desired landscape-server * Verify "VM Type" to be "kvm" under the computer info (in landscape-server) [Regression Potential] * No regression anticipated, the fix is only adding a new entry mapping to recognize digitalocean instances. [Other Info] * Upstream commit: https://github.com/CanonicalLtd/landscape-client/pull/24/files To manage notifications about this bug go to: https://bugs.launchpad.net/landscape-client/+bug/1743232/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1752632] [NEW] The motd message is not cached
Public bug reported: landscape-common has an MOTD component called landscape-sysinfo. Historically that used update-motd to display cached information. update-motd has been deprecated in favor of pam_motd, but landscape- common was never changed accordingly. The situation we have now in landscape-common's debconf is: - "Cache sysinfo in /etc/motd": places a symlink in /etc/update-motd.d. With pam_motd, there is no cache, so that script is called on every login. - "Run sysinfo on every login": places the same symlink in /etc/profile.d, removes the one from /etc/update-motd.d. End result is the same as before: script is called on every login - "Do not display sysinfo on login": remove /etc/profile.d and /etc/update-motd.d symlinks. This is the only option that is currently working as advertised. ** Affects: landscape-client Importance: Undecided Status: New ** Affects: landscape-client (Ubuntu) Importance: Undecided Status: New ** Affects: landscape-client (Ubuntu Xenial) Importance: Undecided Status: New ** Affects: landscape-client (Ubuntu Artful) Importance: Undecided Status: New ** Also affects: landscape-client (Ubuntu) Importance: Undecided Status: New ** Also affects: landscape-client (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: landscape-client (Ubuntu Artful) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1752632 Title: The motd message is not cached Status in Landscape Client: New Status in landscape-client package in Ubuntu: New Status in landscape-client source package in Xenial: New Status in landscape-client source package in Artful: New Bug description: landscape-common has an MOTD component called landscape-sysinfo. Historically that used update-motd to display cached information. update-motd has been deprecated in favor of pam_motd, but landscape- common was never changed accordingly. The situation we have now in landscape-common's debconf is: - "Cache sysinfo in /etc/motd": places a symlink in /etc/update-motd.d. With pam_motd, there is no cache, so that script is called on every login. - "Run sysinfo on every login": places the same symlink in /etc/profile.d, removes the one from /etc/update-motd.d. End result is the same as before: script is called on every login - "Do not display sysinfo on login": remove /etc/profile.d and /etc/update-motd.d symlinks. This is the only option that is currently working as advertised. To manage notifications about this bug go to: https://bugs.launchpad.net/landscape-client/+bug/1752632/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1676328] Re: sssd_be is leaking memory
** Changed in: sssd (Ubuntu Yakkety) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1676328 Title: sssd_be is leaking memory Status in sssd package in Ubuntu: Fix Released Status in sssd source package in Xenial: Confirmed Status in sssd source package in Yakkety: Won't Fix Bug description: The bug is described here: https://pagure.io/SSSD/sssd/issue/3176 Please consider to upgrade from 1.13.4 to 1.13.5. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1676328/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1590838] Re: scheduled shutdown -r does not work without dbus in xenial LXC container
** Changed in: landscape-client (Ubuntu) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: landscape-client (Ubuntu) Status: New => In Progress ** Changed in: landscape-client (Ubuntu Yakkety) Status: New => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1590838 Title: scheduled shutdown -r does not work without dbus in xenial LXC container Status in Landscape Client: Fix Committed Status in landscape-client package in Ubuntu: In Progress Status in systemd package in Ubuntu: Fix Released Status in landscape-client source package in Xenial: New Status in systemd source package in Xenial: Won't Fix Status in landscape-client source package in Yakkety: Won't Fix Status in systemd source package in Yakkety: Fix Released Bug description: The command "shutdown -r +5" doesn't work in a xenial lxc container. I found this out by trying to use Landscape to restart a xenial lxc container and the operation failed. I was told by the Landscape team that the restart button simply does a "shutdown -r +5". The problem seems to be that the dbus package is missing in the xenial lxc image. This is what happens: root@xenialtest:/# shutdown -r +5 Failed to connect to bus: No such file or directory Failed to connect to bus: No such file or directory And if I install dbus: root@xenialtest:/# shutdown -r +5 Shutdown scheduled for Wed 2016-06-08 19:28:44 UTC, use 'shutdown -c' to cancel. The issue happens whether I use the download template or the ubuntu template when creating the LXC container: root@davecorelaptop:/var/cache/lxc# lxc-create -t ubuntu -n test2 root@davecorelaptop:/var/cache/lxc# lxc-start -d -n test2 root@davecorelaptop:/var/cache/lxc# lxc-attach -n test2 root@test2:/# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 16.04 LTS Release: 16.04 Codename: xenial root@test2:/# shutdown -r +5 Failed to connect to bus: No such file or directory Failed to connect to bus: No such file or directory or root@davecorelaptop:~# lxc-create -t download -n test Setting up the GPG keyring Downloading the image index --- DIST RELEASE ARCHVARIANT BUILD --- alpine3.0 amd64 default 20160608_18:03 alpine3.0 i386default 20160608_17:50 alpine3.1 amd64 default 20160608_17:50 alpine3.1 i386default 20160608_18:03 alpine3.2 amd64 default 20160608_17:50 alpine3.2 i386default 20160608_17:50 alpine3.3 amd64 default 20160608_17:50 alpine3.3 i386default 20160608_17:50 alpineedgeamd64 default 20160608_17:50 alpineedgei386default 20160608_17:50 centos6 amd64 default 20160609_02:16 centos6 i386default 20160609_02:16 centos7 amd64 default 20160609_02:16 debianjessie amd64 default 20160608_22:42 debianjessie arm64 default 20160609_02:38 debianjessie armel default 20160608_22:42 debianjessie armhf default 20160608_22:42 debianjessie i386default 20160608_22:42 debianjessie powerpc default 20160608_22:42 debianjessie ppc64el default 20160608_22:42 debianjessie s390x default 20160608_22:42 debiansid amd64 default 20160608_22:42 debiansid arm64 default 20160608_22:42 debiansid armel default 20160608_22:42 debiansid armhf default 20160608_22:42 debiansid i386default 20160608_22:42 debiansid powerpc default 20160608_22:42 debiansid ppc64el default 20160608_22:42 debiansid s390x default 20160608_22:42 debianstretch amd64 default 20160608_22:42 debianstretch arm64 default 20160608_22:42 debianstretch armel default 20160608_22:42 debianstretch armhf default 20160608_22:42 debianstretch i386default 20160608_22:42 debianstretch powerpc default 20160608_22:42 debianstretch ppc64el default 20160608_22:42 debianstretch s390x default 20160608_22:42 debianwheezy amd64 default 20160608_22:42 debianwheezy armel default 20160608_22:42 debianwheezy armhf default 20160608_22:42 debianwheezy i386default 20160608_22:42 debianwheezy powerpc default 20160609_02:38 debianwheezy s390x default 20160608_22:42 fedora22 amd64 default 20160609_01:27 fedora22 armhf default 20160112_01:27 fedora22 i386default 2016
[Group.of.nepali.translators] [Bug 1717040] Re: Please backport libzstd 1.3.1+dfsg-1 (universe) from artful
** Changed in: libzstd (Ubuntu Artful) Status: New => Confirmed ** Changed in: libzstd (Ubuntu Artful) Status: Confirmed => In Progress ** Changed in: libzstd (Ubuntu Artful) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: libzstd (Ubuntu) Status: Fix Released => In Progress ** Changed in: libzstd (Ubuntu) Assignee: (unassigned) => Andreas Hasenack (ahasenack) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1717040 Title: Please backport libzstd 1.3.1+dfsg-1 (universe) from artful Status in libzstd package in Ubuntu: In Progress Status in libzstd source package in Xenial: In Progress Status in libzstd source package in Zesty: Won't Fix Status in libzstd source package in Artful: In Progress Bug description: [Impact] * libzstd v0.5.1 is an experimental version, which generates and read an experimental format incompatible with official libzstd v1+ format. * Backporting a newer version >= v1.0, such as artful's v1.3.1, fixes this issue * This backport/SRU is being requested by upstream. [Test Case] * with the pristine package from each release, compress a big file. For example, /usr/bin/snap. Name the resulting compressed file according to the version that was used to compress it, like this: Xenial: $ zstd /usr/bin/snap -o snap.0.5.1.zst Compressed 15528016 bytes into 4134889 bytes ==> 26.63% Zesty: $ zstd /usr/bin/snap -o snap.1.1.2.zst /usr/bin/snap: 30.59% (10825608 => 3311295 bytes, snap.1.1.2.zst) * Upgrade to the package made available through this SRU and compress it again: Xenial: $ zstd /usr/bin/snap -o snap.1.3.1.zst /usr/bin/snap: 25.11% (15528016 => 3899137 bytes, snap.1.3.1.zst) Zesty: $ zstd /usr/bin/snap -o snap.1.3.1.zst /usr/bin/snap: 30.59% (10825608 => 3311290 bytes, snap.1.3.1.zst) * Uncompress all the generated files using the new version. This proves it can handle files compressed by the old one: Xenial: $ zstd -d snap.0.5.1.zst -o snap.0.5.1 snap.0.5.1.zst : 15528016 bytes $ zstd -d snap.1.3.1.zst -o snap.1.3.1 snap.1.3.1.zst : 15528016 bytes Zesty: $ zstd -d snap.1.1.2.zst -o snap.1.1.2 snap.1.1.2.zst : 10825608 bytes $ zstd -d snap.1.3.1.zst -o snap.1.3.1 snap.1.3.1.zst : 10825608 bytes * Take md5sums of all uncompressed files and the original. They must of course match: Xenial: $ md5sum /usr/bin/snap snap.0.5.1 snap.1.3.1 0fa4fa69d79ef4685aaa93be5b3aa33f /usr/bin/snap 0fa4fa69d79ef4685aaa93be5b3aa33f snap.0.5.1 0fa4fa69d79ef4685aaa93be5b3aa33f snap.1.3.1 Zesty: $ md5sum /usr/bin/snap snap.1.1.2 snap.1.3.1 ba0a3ef5f519688bc5b0b58f190e73a4 /usr/bin/snap ba0a3ef5f519688bc5b0b58f190e73a4 snap.1.1.2 ba0a3ef5f519688bc5b0b58f190e73a4 snap.1.3.1 * Downgrade zstd back to the original version of the ubuntu release you are testing: Xenial: $ sudo apt install zstd=0.5.1-1 Zesty: $ sudo apt install zstd=1.1.2-1 libzstd1=1.1.2-1 * Try to decompress the zst file created with the 1.3.1 version from the previous test. In xenial only, it should fail to recognize the format: $ zstd -d snap.1.3.1.zst -o /dev/null zstd: /dev/null already exists; do you wish to overwrite (y/N) ? y zstd: snap.1.3.1.zst: not in zstd format In zesty it should work: $ zstd -d snap.1.3.1.zst -o snap.1.3.1-new snap.1.3.1.zst : 9909192 bytes * Still in zesty, compare the md5, which should match: $ md5sum snap.1.3.1-new /usr/bin/snap 7c980688861eef598a56c7970d952028 snap.1.3.1-new 7c980688861eef598a56c7970d952028 /usr/bin/snap [Regression Potential] * During transition, if some user switches to newer zstd version, and then send compressed data to another user has not yet updated zstd, the receiver will not be able to decompress as long as he does not update. * Note though that newer version contains a compatibility module which makes it able to read data generated by older versions, such as v0.5.1. Any existing document compressed with v0.5.1 will still be readable after update to v1.3.1. [Other Info] * Linux kernel 4.14 now integrates zstd compression / decompression, primarily for BtrFS and SquashFS, with patches available for reiser4, zram, and initrd. Kernel version does not support compatibility module, hence cannot read data from v0.5.1. Userland tools associated with these services will fail if they link to Ubuntu LTS libzstd, as generating incompatible data. * On top of the incompatible format issue, libzstd v0.5.1 API is old and missing several features that applications relying on libzstd need, such as streaming interface, or bulk processing for dictionary compression. --- Original desc
[Group.of.nepali.translators] [Bug 1717040] Re: Please backport libzstd 1.3.1+dfsg-1 (universe) from artful
** Changed in: libzstd (Ubuntu Zesty) Status: In Progress => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1717040 Title: Please backport libzstd 1.3.1+dfsg-1 (universe) from artful Status in libzstd package in Ubuntu: Fix Released Status in libzstd source package in Xenial: In Progress Status in libzstd source package in Zesty: Won't Fix Bug description: [Impact] * libzstd v0.5.1 is an experimental version, which generates and read an experimental format incompatible with official libzstd v1+ format. * Backporting a newer version >= v1.0, such as artful's v1.3.1, fixes this issue * This backport/SRU is being requested by upstream. [Test Case] * with the pristine package from each release, compress a big file. For example, /usr/bin/snap. Name the resulting compressed file according to the version that was used to compress it, like this: Xenial: $ zstd /usr/bin/snap -o snap.0.5.1.zst Compressed 15528016 bytes into 4134889 bytes ==> 26.63% Zesty: $ zstd /usr/bin/snap -o snap.1.1.2.zst /usr/bin/snap: 30.59% (10825608 => 3311295 bytes, snap.1.1.2.zst) * Upgrade to the package made available through this SRU and compress it again: Xenial: $ zstd /usr/bin/snap -o snap.1.3.1.zst /usr/bin/snap: 25.11% (15528016 => 3899137 bytes, snap.1.3.1.zst) Zesty: $ zstd /usr/bin/snap -o snap.1.3.1.zst /usr/bin/snap: 30.59% (10825608 => 3311290 bytes, snap.1.3.1.zst) * Uncompress all the generated files using the new version. This proves it can handle files compressed by the old one: Xenial: $ zstd -d snap.0.5.1.zst -o snap.0.5.1 snap.0.5.1.zst : 15528016 bytes $ zstd -d snap.1.3.1.zst -o snap.1.3.1 snap.1.3.1.zst : 15528016 bytes Zesty: $ zstd -d snap.1.1.2.zst -o snap.1.1.2 snap.1.1.2.zst : 10825608 bytes $ zstd -d snap.1.3.1.zst -o snap.1.3.1 snap.1.3.1.zst : 10825608 bytes * Take md5sums of all uncompressed files and the original. They must of course match: Xenial: $ md5sum /usr/bin/snap snap.0.5.1 snap.1.3.1 0fa4fa69d79ef4685aaa93be5b3aa33f /usr/bin/snap 0fa4fa69d79ef4685aaa93be5b3aa33f snap.0.5.1 0fa4fa69d79ef4685aaa93be5b3aa33f snap.1.3.1 Zesty: $ md5sum /usr/bin/snap snap.1.1.2 snap.1.3.1 ba0a3ef5f519688bc5b0b58f190e73a4 /usr/bin/snap ba0a3ef5f519688bc5b0b58f190e73a4 snap.1.1.2 ba0a3ef5f519688bc5b0b58f190e73a4 snap.1.3.1 * Downgrade zstd back to the original version of the ubuntu release you are testing: Xenial: $ sudo apt install zstd=0.5.1-1 Zesty: $ sudo apt install zstd=1.1.2-1 libzstd1=1.1.2-1 * Try to decompress the zst file created with the 1.3.1 version from the previous test. In xenial only, it should fail to recognize the format: $ zstd -d snap.1.3.1.zst -o /dev/null zstd: /dev/null already exists; do you wish to overwrite (y/N) ? y zstd: snap.1.3.1.zst: not in zstd format In zesty it should work: $ zstd -d snap.1.3.1.zst -o snap.1.3.1-new snap.1.3.1.zst : 9909192 bytes * Still in zesty, compare the md5, which should match: $ md5sum snap.1.3.1-new /usr/bin/snap 7c980688861eef598a56c7970d952028 snap.1.3.1-new 7c980688861eef598a56c7970d952028 /usr/bin/snap [Regression Potential] * During transition, if some user switches to newer zstd version, and then send compressed data to another user has not yet updated zstd, the receiver will not be able to decompress as long as he does not update. * Note though that newer version contains a compatibility module which makes it able to read data generated by older versions, such as v0.5.1. Any existing document compressed with v0.5.1 will still be readable after update to v1.3.1. [Other Info] * Linux kernel 4.14 now integrates zstd compression / decompression, primarily for BtrFS and SquashFS, with patches available for reiser4, zram, and initrd. Kernel version does not support compatibility module, hence cannot read data from v0.5.1. Userland tools associated with these services will fail if they link to Ubuntu LTS libzstd, as generating incompatible data. * On top of the incompatible format issue, libzstd v0.5.1 API is old and missing several features that applications relying on libzstd need, such as streaming interface, or bulk processing for dictionary compression. --- Original description --- Please backport libzstd 1.3.1+dfsg-1 (universe) from artful to xenial. Reason for the backport: Current version in Xenial is v0.5.1, it's an experimental version, using its own, incompatible format. As a consequence, zstd on Ubuntu Xenial is not compatible with the rest of the world. This is of important concern for products using libzstd as a shared library : on Ubuntu
[Group.of.nepali.translators] [Bug 1708665] Re: prerotate.sh fails due to no shell for www-data user
** Also affects: awstats (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858461
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1708665
Title:
prerotate.sh fails due to no shell for www-data user
Status in awstats package in Ubuntu:
In Progress
Status in awstats source package in Xenial:
In Progress
Status in awstats source package in Zesty:
Won't Fix
Status in awstats source package in Artful:
In Progress
Status in awstats package in Debian:
Unknown
Bug description:
[Impact]
The logrotate script that is responsible for updating awstats statistics does
not run because the www-data user that it runs as does not have a valid shell.
This update adjusts the su command line to specify the same shell as
the script shebang line.
[Test Case]
To test, run the script:
Version with the bug:
$ sudo /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh
No directory, logging in with HOME=/
This account is currently not available.
Fixed version:
$ sudo /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh
No directory, logging in with HOME=/
Error while processing /etc/awstats/awstats.conf
Error: SiteDomain parameter not defined in your config/domain file. You must
edit it for using this version of AWStats.
Setup ('/etc/awstats/awstats.conf' file, web server or permissions) may be
wrong.
Check config file, permissions and AWStats documentation (in 'docs'
directory).
Note the "fixed" version actually runs the script and complains about
something else, unrelated to this bug. The admin must complete the
installation of awstats before using it, but this test is enough to
verify the fix.
If you want to get a full run, you have to follow the instructions in the
README.Debian file. Basically, at a minimum:
- edit /etc/awstats/awstats.conf and give SiteDomain a value
- change group ownership of /var/log/apache2 and /var/log/apache2/* to
www-data (that's one solution). README.Debian has other ideas, and I would add
using ACLs if your filesystem of choice supports them: "setfacl -m
g:www-data:rx /var/log/apache2" and "setfacl -m g:www-data:r /var/log/apache2/*"
[Regression Potential]
Code that wasn't running before because of this bug will now run. If the user
didn't complete the awstats configuration he/she will get more verbose cron
emails.
[Other Info]
Users who have already worked around the issue by manually editing the
logrotate file and adding "-s /bin/sh" or something similar will get a dpkg
prompt when upgrading to this version:
Configuration file '/etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh'
==> Modified (by you or by a script) since installation.
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
=== Original description ===
This was found in Ubuntu 16.04. I have not tested other versions.
The /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh script does
not run by default, because the 'www-data' user does not have a valid
shell by default.
root@www:~# bash -x /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh
+ UPDATE_SCRIPT=/usr/share/awstats/tools/update.sh
+ '[' -x /usr/share/awstats/tools/update.sh ']'
+ su -l -c /usr/share/awstats/tools/update.sh www-data
This account is currently not available.
We could give www-data a valid shell but my preferred fix is to edit
/etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh and explicitly
specify the shell with '-s /bin/bash':
diff -u ~/prerotate.sh /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh
--- /root/prerotate.sh 2017-07-31 17:07:43.749559681 -0500
+++ /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh 2017-07-31
17:07:54.122034426 -0500
@@ -2,5 +2,5 @@
UPDATE_SCRIPT=/usr/share/awstats/tools/update.sh
if [ -x $UPDATE_SCRIPT ]
then
- su -l -c $UPDATE_SCRIPT www-data
+ su -l -c $UPDATE_SCRIPT -s /bin/bash www-data
fi
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/awstats/+bug/1708665/+subscriptions
___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1708665] Re: prerotate.sh fails due to no shell for www-data user
There won't be time to SRU this for zesty before its EOL. ** Changed in: awstats (Ubuntu Zesty) Status: Triaged => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1708665 Title: prerotate.sh fails due to no shell for www-data user Status in awstats package in Ubuntu: Triaged Status in awstats source package in Xenial: Triaged Status in awstats source package in Zesty: Won't Fix Status in awstats source package in Artful: Triaged Bug description: This was found in Ubuntu 16.04. I have not tested other versions. The /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh script does not run by default, because the 'www-data' user does not have a valid shell by default. root@www:~# bash -x /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh + UPDATE_SCRIPT=/usr/share/awstats/tools/update.sh + '[' -x /usr/share/awstats/tools/update.sh ']' + su -l -c /usr/share/awstats/tools/update.sh www-data This account is currently not available. We could give www-data a valid shell but my preferred fix is to edit /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh and explicitly specify the shell with '-s /bin/bash': diff -u ~/prerotate.sh /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh --- /root/prerotate.sh 2017-07-31 17:07:43.749559681 -0500 +++ /etc/logrotate.d/httpd-prerotate/awstats/prerotate.sh 2017-07-31 17:07:54.122034426 -0500 @@ -2,5 +2,5 @@ UPDATE_SCRIPT=/usr/share/awstats/tools/update.sh if [ -x $UPDATE_SCRIPT ] then - su -l -c $UPDATE_SCRIPT www-data + su -l -c $UPDATE_SCRIPT -s /bin/bash www-data fi To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/awstats/+bug/1708665/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1737640] Re: [SRU] /usr/sbin/fanctl: arithmetic expression: expecting primary | unconfigured interfaces cause ifup failures
Zesty will be EOL before we can push this fix out, marking it as "won't fix" ** Changed in: ubuntu-fan (Ubuntu Zesty) Status: Confirmed => Won't Fix ** Changed in: ubuntu-fan (Ubuntu Bionic) Importance: Critical => Undecided ** Changed in: ubuntu-fan (Ubuntu Artful) Status: Incomplete => In Progress ** Changed in: ubuntu-fan (Ubuntu Bionic) Status: Incomplete => In Progress -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1737640 Title: [SRU] /usr/sbin/fanctl: arithmetic expression: expecting primary | unconfigured interfaces cause ifup failures Status in juju: Invalid Status in OPNFV: Fix Committed Status in ubuntu-fan package in Ubuntu: In Progress Status in ubuntu-fan source package in Xenial: Fix Released Status in ubuntu-fan source package in Zesty: Won't Fix Status in ubuntu-fan source package in Artful: In Progress Status in ubuntu-fan source package in Bionic: In Progress Bug description: [Impact] * This bug effects anyone deploying LXD with juju on a machine with interfaces configured as IP/mask. Since this is a very common use case, SRU is needed. [Test Case] * Detailed process can be seen at https://paste.ubuntu.com/26169937/ [Regression Potential] * Potential for regression is low because of the nature of the error. It's just missing a case stanza for interfaces that are defined with IP/mask [Other Info] * Original report: I'm seeing this error as the status of multiple containers in my deploy: http://paste.ubuntu.com/26166720/ I can't connect to the parent machines anymore either - it seems networking is totally hosed on the machines. This is with juju 2.3.1. To manage notifications about this bug go to: https://bugs.launchpad.net/juju/+bug/1737640/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1717040] Re: Please backport libzstd 1.3.1+dfsg-1 (universe) from artful
** Changed in: libzstd (Ubuntu Xenial) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: libzstd (Ubuntu Zesty) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: libzstd (Ubuntu Xenial) Status: New => In Progress ** Changed in: libzstd (Ubuntu Zesty) Status: New => In Progress ** Changed in: libzstd (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1717040 Title: Please backport libzstd 1.3.1+dfsg-1 (universe) from artful Status in libzstd package in Ubuntu: Fix Released Status in libzstd source package in Xenial: In Progress Status in libzstd source package in Zesty: In Progress Bug description: [Impact] * libzstd v0.5.1 is an experimental version, which generates and read an experimental format incompatible with official libzstd v1+ format. * Backporting a newer version >= v1.0, such as artful's v1.3.1, fixes this issue [Test Case] * download latest upstream zstd source tarball from https://github.com/facebook/zstd/releases * unpack, compile (make) * compress a file with upstream version * try to decompress with Ubuntu LTS 16.04 version -> it fails [Regression Potential] * During transition, if some user switches to newer zstd version, and then send compressed data to another user has not yet updated zstd, the receiver will not be able to decompress as long as he does not update. * Note though that newer version contains a compatibility module which makes it able to read data generated by older versions, such as v0.5.1. Any existing document compressed with v0.5.1 will still be readable after update to v1.3.1. [Other Info] * Linux kernel 4.14 now integrates zstd compression / decompression, primarily for BtrFS and SquashFS, with patches available for reiser4, zram, and initrd. Kernel version does not support compatibility module, hence cannot read data from v0.5.1. Userland tools associated with these services will fail if they link to Ubuntu LTS libzstd, as generating incompatible data. * On top of the incompatible format issue, libzstd v0.5.1 API is old and missing several features that applications relying on libzstd need, such as streaming interface, or bulk processing for dictionary compression. --- Original description --- Please backport libzstd 1.3.1+dfsg-1 (universe) from artful to xenial. Reason for the backport: Current version in Xenial is v0.5.1, it's an experimental version, using its own, incompatible format. As a consequence, zstd on Ubuntu Xenial is not compatible with the rest of the world. This is of important concern for products using libzstd as a shared library : on Ubuntu Xenial, produced data is different, not compatible with v1+. This issue has been made more pressing with the integration of zstd in Linux Kernel, as userland tools must also be updated to read and generate zstd. Note : this request was first improperly filled at : https://bugs.launchpad.net/zesty-backports/+bug/1717037 Testing: Mark off items in the checklist [X] as you test them, but please leave the checklist so that backporters can quickly evaluate the state of testing. Backport available from PPA: https://launchpad.net/~ginggs/+archive/ubuntu/backports * xenial: [X] Package builds without modification (needs debhelper 10) [X] zstd installs cleanly and runs [ ] zstd-dbgsym installs cleanly and runs [ ] libzstd1-dbgsym installs cleanly and runs [X] libzstd-dev installs cleanly and runs [X] libzstd1 installs cleanly and runs No reverse dependencies To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libzstd/+bug/1717040/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1721383] Re: Update landscape-client with upstream fixes
** Merge proposal unlinked: https://code.launchpad.net/~ahasenack/ubuntu/+source/landscape-client/+git/landscape-client/+merge/334206 ** Merge proposal unlinked: https://code.launchpad.net/~ahasenack/ubuntu/+source/landscape-client/+git/landscape-client/+merge/334205 ** Merge proposal unlinked: https://code.launchpad.net/~ahasenack/ubuntu/+source/landscape-client/+git/landscape-client/+merge/334204 ** Merge proposal unlinked: https://code.launchpad.net/~ahasenack/ubuntu/+source/landscape-client/+git/landscape-client/+merge/334203 ** No longer affects: landscape-client (Ubuntu Trusty) ** No longer affects: landscape-client (Ubuntu Xenial) ** No longer affects: landscape-client (Ubuntu Zesty) ** No longer affects: landscape-client (Ubuntu Artful) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1721383 Title: Update landscape-client with upstream fixes Status in landscape-client package in Ubuntu: Fix Released Status in landscape-client source package in Bionic: Fix Released Bug description: [Impact] Reference: https://wiki.ubuntu.com/StableReleaseUpdates#New_upstream_microreleases This SRU contains minor updates for landscape-client as follow : - Fix regression in configuration hook under install-cd chroot (LP: #1699789) - Report autoremovable packages (LP: #1208393) - Don't re-register client by default. (LP: #1618483) - Add proxy handling to package reporter. (LP: #1531150) [Test Case] There is unfortunately no specific test cases since this is a bunch of bugfixes to improve landscape-client for Xenial and trusty users. General dogfooding and all tests as outlined by the QA procedures here will have to be covered: https://wiki.ubuntu.com/LandscapeUpdates For xenial and trusty, tests ISOs have been rebuilt by the Landscape team with the updated packages to verify the installer regression is fixed. [Regression Potential] - The debdiff has been provided by the Canonical Landscape team, which IMHO should bring even more confidence (CI verifications, ...) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/landscape-client/+bug/1721383/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1618483] Re: landscape-config new registration request prompt should default to no for subsequent runs
** Information type changed from Proprietary to Public ** Project changed: landscape => landscape-client ** Also affects: landscape-client (Ubuntu) Importance: Undecided Status: New ** Also affects: landscape-client (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: landscape-client (Ubuntu Artful) Importance: Undecided Status: New ** Also affects: landscape-client (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: landscape-client (Ubuntu Zesty) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1618483 Title: landscape-config new registration request prompt should default to no for subsequent runs Status in Landscape Client: Fix Committed Status in landscape-client package in Ubuntu: New Status in landscape-client source package in Trusty: New Status in landscape-client source package in Xenial: New Status in landscape-client source package in Zesty: New Status in landscape-client source package in Artful: New Bug description: When running landscape-config, this prompt always defaults to Yes: "Request a new registration for this computer now? (Y/n):" The landscape-config command can be used to change configuration options in /etc/landscape/client.conf and should default to No when running this command on a computer that is already registered to a Landscape server and that server doesn't change during that run of landscape-config. Steps to replicate: 1) Install landscape-client package on computer $ sudo apt-get install landscape-client 2) Run landscape-config to register client for the first time $ sudo landscape-config --account-name standalone --url https:///message-system --ping-url http:///ping 3) Run landscape-config again to change an option $ sudo landscape-config --ping-interval=60 [Test Case] When running landscape-config, this prompt always defaults to Yes: "Request a new registration for this computer now? (Y/n):" The landscape-config command can be used to change configuration options in /etc/landscape/client.conf and should default to No when running this command on a computer that is already registered to a Landscape server and that server doesn't change during that run of landscape-config. To reproduce: 1) Install landscape-client package on computer. 2) Run landscape-config to register client for the first time. 3) Run landscape-config again to change an option: sudo landscape-config --ping-interval=60 To manage notifications about this bug go to: https://bugs.launchpad.net/landscape-client/+bug/1618483/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1721383] Re: Update landscape-client with upstream fixes
** Also affects: landscape-client (Ubuntu Zesty) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1721383 Title: Update landscape-client with upstream fixes Status in landscape-client package in Ubuntu: In Progress Status in landscape-client source package in Trusty: In Progress Status in landscape-client source package in Xenial: In Progress Status in landscape-client source package in Zesty: New Status in landscape-client source package in Artful: In Progress Status in landscape-client source package in Bionic: In Progress Bug description: [Impact] Reference: https://wiki.ubuntu.com/StableReleaseUpdates#New_upstream_microreleases This SRU contains minor updates for landscape-client as follow : - Fix regression in configuration hook under install-cd chroot (LP: #1699789) - Report autoremovable packages (LP: #1208393) - Don't re-register client by default. (LP: #1618483) - Add proxy handling to package reporter. (LP: #1531150) - PackageReporter kicks in during do-release-upgrade. (LP: #1699179) [Test Case] There is unfortunately no specific test cases since this is a bunch of bugfixes to improve landscape-client for Xenial and trusty users. General dogfooding and all tests as outlined by the QA procedures here will have to be covered: https://wiki.ubuntu.com/LandscapeUpdates For xenial and trusty, tests ISOs have been rebuilt by the Landscape team with the updated packages to verify the installer regression is fixed. [Regression Potential] - The debdiff has been provided by the Canonical Landscape team, which IMHO should bring even more confidence (CI verifications, ...) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/landscape-client/+bug/1721383/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1208393] Re: add autoremove to Landscape
landscape-client was fix committed in r1039 in LP, and https://github.com/CanonicalLtd/landscape-client/pull/11 upstream ** Information type changed from Proprietary to Public ** Also affects: landscape-client (Ubuntu) Importance: Undecided Status: New ** Also affects: landscape-client Importance: Undecided Status: New ** Changed in: landscape-client Status: New => Fix Committed ** Changed in: landscape-client Assignee: (unassigned) => Simon Poirier (simpoir) ** Also affects: landscape-client (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: landscape-client (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: landscape-client (Ubuntu Artful) Importance: Undecided Status: New ** Also affects: landscape-client (Ubuntu Zesty) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1208393 Title: add autoremove to Landscape Status in Landscape Server: Fix Committed Status in Landscape Client: Fix Committed Status in landscape-client package in Ubuntu: New Status in landscape-client source package in Trusty: New Status in landscape-client source package in Xenial: New Status in landscape-client source package in Zesty: New Status in landscape-client source package in Artful: New Bug description: Canonical IS have moved software updates almost entirely to Landscape. Apart from updating software packages, it is also good practice to remove unneeded software. On the shell, this can be achieved using "apt-get autoremove" It would be desirable to have this functionality available in Landscape. To manage notifications about this bug go to: https://bugs.launchpad.net/landscape/+bug/1208393/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1565060] Re: defaults file is ignored
** Changed in: bind9 (Ubuntu Yakkety) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1565060 Title: defaults file is ignored Status in bind9 package in Ubuntu: Fix Committed Status in bind9 source package in Xenial: Confirmed Status in bind9 source package in Yakkety: Won't Fix Status in bind9 source package in Zesty: New Status in bind9 package in Debian: Fix Committed Bug description: i've just upgraded to 15.10, and have now found that the /etc/defaults/bind9 file appears to be ignored. yet another package broken by the adoption of systemd, it would seem. >cat /etc/default/bind9 # run resolvconf? RESOLVCONF=yes # startup options for the server OPTIONS="-4 -u bind" > >service bind9 stop > >service bind9 start > >ps -aefwww | grep -iF named bind 3810 1 17 15:32 ?00:00:01 /usr/sbin/named -f -u bind > modifying /lib/systemd/system/bind9.service works, but this does not seem to offer the same degree of abstraction provided by the files in /etc/default/. 1] >lsb_release -rd Description: Ubuntu 15.10 Release: 15.10 2] >apt-cache policy bind9 bind9: Installed: 1:9.9.5.dfsg-11ubuntu1.3 Candidate: 1:9.9.5.dfsg-11ubuntu1.3 Version table: *** 1:9.9.5.dfsg-11ubuntu1.3 0 500 http://us.archive.ubuntu.com/ubuntu/ wily-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu/ wily-security/main amd64 Packages 100 /var/lib/dpkg/status 1:9.9.5.dfsg-11ubuntu1 0 500 http://us.archive.ubuntu.com/ubuntu/ wily/main amd64 Packages 3] i expected to be able to be able to make changes in /etc/defaults/bind9 and have them honored. 4] they are not. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1565060/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1707400] Re: package libvirt-bin 1.3.1-1ubuntu10.11 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
** Description changed: - I have no further information + [Impact] - ProblemType: Package - DistroRelease: Ubuntu 16.04 - Package: libvirt-bin 1.3.1-1ubuntu10.11 - ProcVersionSignature: Ubuntu 4.4.0-87.110-generic 4.4.73 - Uname: Linux 4.4.0-87-generic x86_64 - ApportVersion: 2.20.1-0ubuntu2.10 - Architecture: amd64 - Date: Sat Jul 29 09:05:14 2017 - ErrorMessage: subprocess installed post-installation script returned error exit status 1 - InstallationDate: Installed on 2016-02-02 (542 days ago) - InstallationMedia: Ubuntu 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805) - ProcCmdline: BOOT_IMAGE=/boot/vmlinuz-4.4.0-87-generic root=UUID=fafa9702-ccf4-455b-a78f-638b44006bc1 ro quiet splash vt.handoff=7 - SourcePackage: libvirt - Title: package libvirt-bin 1.3.1-1ubuntu10.11 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 - UpgradeStatus: No upgrade log present (probably fresh install) + * An explanation of the effects of the bug on users and + + * justification for backporting the fix to the stable release. + + * In addition, it is helpful, but not required, to include an +explanation of how the upload fixes this bug. + + [Test Case] + + * detailed instructions how to reproduce the bug + + * these should allow someone who is not familiar with the affected +package to reproduce the bug and verify that the updated package fixes +the problem. + + [Regression Potential] + + * discussion of how regressions are most likely to manifest as a result + of this change. + + * It is assumed that any SRU candidate patch is well-tested before +upload and has a low overall risk of regression, but it's important +to make the effort to think about what ''could'' happen in the +event of a regression. + + * This both shows the SRU team that the risks have been considered, +and provides guidance to testers in regression-testing the SRU. + + [Other Info] + + * Anything else you think is useful to include + * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board + * and address these questions in advance ** Summary changed: - package libvirt-bin 1.3.1-1ubuntu10.11 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 + libvirt-bin doesn't regenerate apparmor cache in postinst ** Changed in: libvirt (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1707400 Title: libvirt-bin doesn't regenerate apparmor cache in postinst Status in libvirt package in Ubuntu: Fix Released Status in libvirt source package in Trusty: New Status in libvirt source package in Xenial: New Bug description: [Impact] * An explanation of the effects of the bug on users and * justification for backporting the fix to the stable release. * In addition, it is helpful, but not required, to include an explanation of how the upload fixes this bug. [Test Case] * detailed instructions how to reproduce the bug * these should allow someone who is not familiar with the affected package to reproduce the bug and verify that the updated package fixes the problem. [Regression Potential] * discussion of how regressions are most likely to manifest as a result of this change. * It is assumed that any SRU candidate patch is well-tested before upload and has a low overall risk of regression, but it's important to make the effort to think about what ''could'' happen in the event of a regression. * This both shows the SRU team that the risks have been considered, and provides guidance to testers in regression-testing the SRU. [Other Info] * Anything else you think is useful to include * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board * and address these questions in advance To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1707400/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1584485] Re: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS
Revised fix-1584485.patch that includes a missing library in the static build to fix bug #1677329. Patch submitted upstream to samba-technical awaiting feedback. ** Patch added: "fix-1584485-take2.patch" https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+attachment/4914111/+files/fix-1584485-take2.patch ** Changed in: samba (Ubuntu) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1584485 Title: Upgrading samba to latest security fixes together with winbind in nsswitch.conf can harm entire OS Status in samba package in Ubuntu: Incomplete Status in samba source package in Trusty: Fix Released Status in samba source package in Xenial: Fix Committed Status in samba source package in Yakkety: Fix Committed Status in samba package in Debian: New Bug description: [Impact] * Upgrading samba when using winbind as NSS service can break OS. * Probably not triggered if "compat" is BEFORE "winbind" in nsswitch.conf. * Huge impact due to big version different between winbind and libraries. [Test Case 1] Verify that the regression reported in bug 1644428 has not recurred. [Test Case 2] 1) Start an ubuntu Trusty container 2) cp /etc/apt/sources.list /etc/apt/sources.list.back 3) Disable the trusty-updates and trusty-security archives in /etc/apt/sources.list 4) sudo apt-get update 5) sudo apt-get install samba winbind libnss-winbind libpam-winbind 6) Set /etc/nsswitch.conf to : passwd: winbind compat 7) Restart the services 7.1) sudo restart smbd 7.2) sudo restart nmbd 7.3) sudo restart winbind 8) cp /etc/apt/sources.list.back /etc/apt/sources.list 9) sudo apt-get update 7) sudo apt-get install samba winbind libnss-winbind libpam-winbind While installing, you will see things similar to this : > Unpacking libnss-winbind:amd64 (2:4.3.11+dfsg-0ubuntu0.14.04.1) over (2:4.1.6+dfsg-1ubuntu2) ... > dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), core dumped > dpkg: error processing archive /var/cache/apt/archives/libpam-winbind_2%3a4.3.11+dfsg-0ubuntu0.14.04.1_amd64.deb (- > -unpack): > subprocess dpkg-deb --control returned error exit status 2 > dpkg-deb: error: subprocess tar was killed by signal (Segmentation fault), core dumped [Regression Potential] * "preinst" and "postrm" maintainer scripts are acting only in "upgrade" * uninstalling packages and reinstalling would bypass this change [Other Info] * Original Bug Description: It was brought to my attention that, because of latest security fixes for samba: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1577739 samba (2:4.3.9+dfsg-0ubuntu0.14.04.1) trusty-security; urgency=medium samba (2:4.3.8+dfsg-0ubuntu0.14.04.2) trusty-security; urgency=medium samba (2:4.1.6+dfsg-1ubuntu2.14.04.13) trusty-security; urgency=medium when library symbols changed, a samba upgrade MAY jeopardize an entire Ubuntu OS installation IF /etc/nsswitch.conf uses winbind as a service (specially if used before compat mechanism). How to reproduce easily: $ cat /etc/nsswitch.conf passwd: winbind compat shadow: compat group: winbind compat (winbind is usually used after compat, in this case it was used before) to have samba version "4.1.6+dfsg-1ubuntu2.14.04.13" installed and do a: $ sudo apt-get update and FINALLY: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/1 Leading into an unusable system in the following state: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/comments/2 ## state Workaround: DO REMOVE winbind from /etc/nsswitch.conf (and possibly from pam.d with "pam-auth-update") before ANY attempt of upgrading samba to latest version. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1701073] Re: CVE-2017-2619 regression breaks symlinks to directories
Reopening the artful task, since the fix isn't there. ** Changed in: samba (Ubuntu) Status: Fix Released => Confirmed ** Changed in: samba (Ubuntu) Assignee: Marc Deslauriers (mdeslaur) => Andreas Hasenack (ahasenack) ** Changed in: samba (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1701073 Title: CVE-2017-2619 regression breaks symlinks to directories Status in samba: Unknown Status in samba package in Ubuntu: In Progress Status in samba source package in Xenial: Fix Released Status in samba source package in Yakkety: Fix Released Status in samba source package in Zesty: Fix Released Bug description: Found in current version in Xenial (4.3.11+dfsg-0ubuntu0.16.04.7). When share's path is '/', symlinks do not work properly from Windows client. Gives "Cannot Access" error. To reproduce: 1. Install samba and related dependencies apt install -y samba 2. Add a share at the end of the default file that uses '/' as the path: [reproducer] comment = share browseable = no writeable = yes create mode = 0600 directory mode = 0700 path = / 3. Attempt to access a symlink somewhere within the path of the share with a Windows client. 4. Receive "Windows cannot access..." related error To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1701073/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1609866] Re: Need logrotation
** Changed in: landscape Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1609866 Title: Need logrotation Status in Landscape Server: Fix Released Status in ceph package in Ubuntu: Fix Released Status in ceph source package in Xenial: Fix Released Status in ceph source package in Yakkety: Fix Released Status in ceph source package in Zesty: Fix Released Bug description: [Impact] Users of the radosgw package don't get logrotation, resulting in ever growing log files (esp with debug enabled) and exhausted filesystem space. [Test Case] Install ceph and radosgw using charms /var/log/ceph/radosgw.log is never log rotated [Regression Potential] The fix for this is to move log rotation from the ceph package to the ceph-common package, which is used by all ceph daemon binary packages, covering the radosgw package as well; minimal risk. [Original Bug Report] The ceph-radosgw charm appears not to set up log rotation for /var/log/ceph/radosgw.log but probably should as this will grow indef. over time Using lp:~openstack-charmers/charms/trusty/ceph-radosgw/next;revno=86 To manage notifications about this bug go to: https://bugs.launchpad.net/landscape/+bug/1609866/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1668583] Re: upgrade activity failing with "The following packages have unmet dependencies: lxd: Unknown dependency error"
** Also affects: landscape-client (Ubuntu Yakkety) Importance: Undecided Status: New ** Also affects: landscape-client (Ubuntu Trusty) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1668583 Title: upgrade activity failing with "The following packages have unmet dependencies: lxd: Unknown dependency error" Status in Landscape Client: Fix Committed Status in landscape-client package in Ubuntu: In Progress Status in landscape-client source package in Trusty: New Status in landscape-client source package in Xenial: In Progress Status in landscape-client source package in Yakkety: New Bug description: Hi, I have an upgrade activity that is failing with the following error message : The following packages have unmet dependencies: lxd: Unknown dependency error This is on xenial. [Impact] In a lot of cases, landscape-client can't update packages on xenial machines if lxd is installed. [Test case] Register a fresh xenial machine with landscape.canonical.com. (Install landscape-client and run 'sudo landscape-config'). After the registration is done, go to Landscape, accept the pending computer and wait for package information to sync. Without the fix, there should be an upgrade for lxd and lxd-client available to the version that is in xenial-backports. With the patch, there won't be any upgrade available. [Regression potnentials] Users won't be able to install packages from backports. This is OK, though, since Landscape doesn't support that officially. To manage notifications about this bug go to: https://bugs.launchpad.net/landscape-client/+bug/1668583/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1668583] Re: upgrade activity failing with "The following packages have unmet dependencies: lxd: Unknown dependency error"
** Also affects: landscape-client (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: landscape-client (Ubuntu Xenial) Status: New => In Progress ** Changed in: landscape-client (Ubuntu Xenial) Importance: Undecided => Critical ** Changed in: landscape-client (Ubuntu Xenial) Assignee: (unassigned) => Andreas Hasenack (ahasenack) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1668583 Title: upgrade activity failing with "The following packages have unmet dependencies: lxd: Unknown dependency error" Status in Landscape Client: Fix Committed Status in landscape-client package in Ubuntu: In Progress Status in landscape-client source package in Xenial: In Progress Bug description: Hi, I have an upgrade activity that is failing with the following error message : The following packages have unmet dependencies: lxd: Unknown dependency error This is on xenial. [Impact] In a lot of cases, landscape-client can't update packages on xenial machines if lxd is installed. [Test case] Register a fresh xenial machine with landscape.canonical.com. (Install landscape-client and run 'sudo landscape-config'). After the registration is done, go to Landscape, accept the pending computer and wait for package information to sync. Without the fix, there should be an upgrade for lxd and lxd-client available to the version that is in xenial-backports. With the patch, there won't be any upgrade available. [Regression potnentials] Users won't be able to install packages from backports. This is OK, though, since Landscape doesn't support that officially. To manage notifications about this bug go to: https://bugs.launchpad.net/landscape-client/+bug/1668583/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1580674] Re: [SRU] mitaka neutron 8.1.0 point release
** Changed in: landscape Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1580674 Title: [SRU] mitaka neutron 8.1.0 point release Status in Ubuntu Cloud Archive: Invalid Status in Ubuntu Cloud Archive mitaka series: Fix Released Status in Landscape Server: Fix Released Status in Landscape Server 16.06 series: Fix Released Status in neutron package in Ubuntu: Fix Released Status in neutron source package in Xenial: Fix Released Status in neutron-api package in Juju Charms Collection: Fix Released Status in neutron-gateway package in Juju Charms Collection: Fix Released Status in neutron-openvswitch package in Juju Charms Collection: Fix Released Bug description: New point releases for misc openstack components for the mitaka release: neutron 8.1.0 The following components have new upstream releases, but don't actually contain any new functionality, so we'll skip for Ubuntu: neutron-fwaas 8.1.0 neutron-lbaas 8.1.0 neutron-vpnaas 8.1.0 To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1580674/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1580674] Re: [SRU] mitaka neutron 8.1.0 point release
** Changed in: landscape/16.05 Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1580674 Title: [SRU] mitaka neutron 8.1.0 point release Status in Ubuntu Cloud Archive: Invalid Status in Ubuntu Cloud Archive mitaka series: Fix Released Status in Landscape Server: Fix Committed Status in Landscape Server 16.05 series: Fix Released Status in neutron package in Ubuntu: Fix Released Status in neutron source package in Xenial: Fix Released Status in neutron-api package in Juju Charms Collection: Fix Released Status in neutron-gateway package in Juju Charms Collection: Fix Released Status in neutron-openvswitch package in Juju Charms Collection: Fix Released Bug description: New point releases for misc openstack components for the mitaka release: neutron 8.1.0 The following components have new upstream releases, but don't actually contain any new functionality, so we'll skip for Ubuntu: neutron-fwaas 8.1.0 neutron-lbaas 8.1.0 neutron-vpnaas 8.1.0 To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1580674/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1580674] Re: [SRU] mitaka point releases
** Also affects: landscape Importance: Undecided Status: New ** Also affects: landscape/16.05 Importance: Undecided Status: New ** Changed in: landscape/16.05 Milestone: None => 16.05 -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1580674 Title: [SRU] mitaka point releases Status in Ubuntu Cloud Archive: New Status in Ubuntu Cloud Archive mitaka series: New Status in Landscape Server: New Status in Landscape Server 16.05 series: New Status in neutron package in Ubuntu: New Status in neutron-fwaas package in Ubuntu: New Status in neutron-lbaas package in Ubuntu: New Status in neutron-vpnaas package in Ubuntu: New Status in neutron source package in Xenial: New Status in neutron-fwaas source package in Xenial: New Status in neutron-lbaas source package in Xenial: New Status in neutron-vpnaas source package in Xenial: New Bug description: New point releases for misc openstack components for the mitaka release: neutron 8.1.0 neutron-fwaas 8.1.0 neutron-lbaas 8.1.0 neutron-vpnaas 8.1.0 To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1580674/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
