[Group.of.nepali.translators] [Bug 1700373] Re: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms
Yakkety is EOL now. ** Changed in: intel-microcode (Ubuntu Yakkety) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1700373 Title: intel-microcode is out of date, version 20170707 fixes errata on 6th and 7th generation platforms Status in intel-microcode package in Ubuntu: Fix Released Status in intel-microcode source package in Trusty: Won't Fix Status in intel-microcode source package in Xenial: Fix Committed Status in intel-microcode source package in Yakkety: Won't Fix Status in intel-microcode source package in Zesty: Fix Committed Status in intel-microcode source package in Artful: Fix Released Bug description: [Impact] * A security fix has been made available as part of intel-microcode * It is advisable to apply it * Thus an SRU of the latest intel-microcode is desirable for all stable releases [Test Case] * Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs * Reboot and verify no averse results, and/or that microcode for your cpu was loaded as expected. [Test case reporting] * Please paste the output of: dpkg-query -W intel-microcode grep -E 'model|stepping' /proc/cpuinfo | sort -u journalctl -k | grep microcode [Regression Potential] Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care. Additional notes from ~racb, wearing an ~ubuntu-sru hat: SRU verification needs to take care to consider CPUs actually tested. We should have a representative sample of CPUs tested in SRU verification reports before considering release to the updates pockets. Given the potential severity of regressions, we should keep this in the proposed pockets for longer than the usual minimum ageing period. Let's have users opt-in to this update first, and only recommend it once we confidence that a reasonable number (and representative CPU sample) of opted-in users have not hit any problems. Testers: please mark verification-done-* only after you consider that the above additional requirements have been met. [Other] caml discussion describing test case to reproduce the crash. https://caml.inria.fr/mantis/view.php?id=7452 * I did not backport the full debian/changelog, as some of the changes were ommitted for SRU purposes, and I don't like the idea of modifying the changelog of others. * I did not backport this below change but I feel as though the SRU team should evaluate including it. I left it out due to the change as little as possible guidance from the SRU team. Additionally we have already been shipping the microcode version that included this change for a long time. More information here https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030=en-fr ''' # 0x206c2: Intel Westmere B1 (Xeon 3600, 5600, Core i7 2nd gen). # # When Intel released a fix for Intel SA-00030, they issued a MCU that # bumps the minimum acceptable version of the Intel TXT ACMs in the # TPM persistent storage. This permanently blacklists the vulnerable # ACMs *even on older microcode* in order to make it somewhat harder # to work around the security fix through a BIOS downgrade attack. # # It is possible that such a microcode update, when peformed by the # operating system, could sucessfully trigger the TPM persistent # storage update Intel intended to happen during firmware boot: we # simply don't know enough to rule it out. Should that happen, Intel # TXT will be permanently disabled. This could easily interact very # badly with the firmware, rendering the system unbootable. If *that* # happens, it would likely require either a TPM module replacement # (rendering sealed data useless) or a direct flash of a new BIOS with # updated ACMs, to repair. # # Blacklist updates for signature 0x206c2 as a safety net. IUC_EXCLUDE += -s !0x206c2 ''' * I versioned the packages 3.20170511.1~ubuntu as I feel this more appropriately reflects the contents of each package rather than simply incrementing the ubuntu version number. = [Original bug report] NB: I am *not* directly affected by this bug. Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt: "This warning advisory is relevant for users of systems with the Intel processors code-named "Skylake" and "Kaby Lake". These are: the 6th and 7th generation Intel Core processors (desktop, embedded, mobile and HEDT), their related server processors (such as
[Group.of.nepali.translators] [Bug 1705274] Re: linux-snapdragon: 4.4.0-1068.73 -proposed tracker
** Changed in: kernel-sru-workflow/automated-testing Status: Confirmed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1705274 Title: linux-snapdragon: 4.4.0-1068.73 -proposed tracker Status in Kernel SRU Workflow: In Progress Status in Kernel SRU Workflow automated-testing series: Fix Released Status in Kernel SRU Workflow certification-testing series: Confirmed Status in Kernel SRU Workflow prepare-package series: Fix Released Status in Kernel SRU Workflow prepare-package-meta series: Fix Released Status in Kernel SRU Workflow promote-to-proposed series: Fix Released Status in Kernel SRU Workflow promote-to-security series: New Status in Kernel SRU Workflow promote-to-updates series: New Status in Kernel SRU Workflow regression-testing series: Invalid Status in Kernel SRU Workflow security-signoff series: Fix Released Status in Kernel SRU Workflow upload-to-ppa series: New Status in Kernel SRU Workflow verification-testing series: Confirmed Status in linux-snapdragon package in Ubuntu: Invalid Status in linux-snapdragon source package in Xenial: Confirmed Bug description: This bug is for tracking the upload package. This bug will contain status and testing results related to that upload. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- boot-testing-requested: true kernel-stable-master-bug: 1705270 phase: Promoted to proposed proposed-announcement-sent: true proposed-testing-requested: true To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1705274/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1705273] Re: linux-raspi2: 4.4.0-1066.74 -proposed tracker
** Changed in: kernel-sru-workflow/automated-testing Status: Confirmed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1705273 Title: linux-raspi2: 4.4.0-1066.74 -proposed tracker Status in Kernel SRU Workflow: In Progress Status in Kernel SRU Workflow automated-testing series: Fix Released Status in Kernel SRU Workflow certification-testing series: Confirmed Status in Kernel SRU Workflow prepare-package series: Fix Released Status in Kernel SRU Workflow prepare-package-meta series: Fix Released Status in Kernel SRU Workflow promote-to-proposed series: Fix Released Status in Kernel SRU Workflow promote-to-security series: New Status in Kernel SRU Workflow promote-to-updates series: New Status in Kernel SRU Workflow regression-testing series: Invalid Status in Kernel SRU Workflow security-signoff series: Fix Released Status in Kernel SRU Workflow upload-to-ppa series: New Status in Kernel SRU Workflow verification-testing series: Confirmed Status in linux-raspi2 package in Ubuntu: Invalid Status in linux-raspi2 source package in Xenial: Confirmed Bug description: This bug is for tracking the upload package. This bug will contain status and testing results related to that upload. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- boot-testing-requested: true kernel-stable-master-bug: 1705270 phase: Promoted to proposed proposed-announcement-sent: true proposed-testing-requested: true To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1705273/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1704473] Re: Traceback when using typing.Optional[Type] on xenial
** Changed in: python3.5 (Ubuntu Yakkety) Status: New => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1704473 Title: Traceback when using typing.Optional[Type] on xenial Status in python3.5 package in Ubuntu: New Status in python3.5 source package in Xenial: New Status in python3.5 source package in Yakkety: Won't Fix Bug description: typing in the Python 3.5.2 stdlib tracebacks when passing Type to a Union (of which Optional is a specific case). (This is typing bug #266: https://github.com/python/typing/issues/266.) (This is particularly annoying because as a stdlib library, the fix released by upstream to PyPI can't easily be used even via pip.) Steps to Reproduce == ``` lxc launch ubuntu:x reproducer lxc exec reproducer -- python3 -c "from typing import Optional, Type; Optional[Type[BaseException]]" ``` Expected Behaviour == No output, exits 0. Actual Behaviour ``` Traceback (most recent call last): File "", line 1, in File "/usr/lib/python3.5/typing.py", line 649, in __getitem__ return Union[arg, type(None)] File "/usr/lib/python3.5/typing.py", line 552, in __getitem__ dict(self.__dict__), parameters, _root=True) File "/usr/lib/python3.5/typing.py", line 512, in __new__ for t2 in all_params - {t1} if not isinstance(t2, TypeVar)): File "/usr/lib/python3.5/typing.py", line 512, in for t2 in all_params - {t1} if not isinstance(t2, TypeVar)): File "/usr/lib/python3.5/typing.py", line 1077, in __subclasscheck__ if super().__subclasscheck__(cls): File "/usr/lib/python3.5/abc.py", line 225, in __subclasscheck__ for scls in cls.__subclasses__(): TypeError: descriptor '__subclasses__' of 'type' object needs an argument ``` To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python3.5/+bug/1704473/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1703461] Re: Update to 3.20.5
This bug was fixed in the package gnome-software - 3.20.5-0ubuntu0.16.04.5 --- gnome-software (3.20.5-0ubuntu0.16.04.5) xenial; urgency=medium * debian/patches/0018-Add-a-Snap-plugin.patch: - Fix crash when failing to load icons from cache (LP: #1702122) gnome-software (3.20.5-0ubuntu0.16.04.4) xenial; urgency=medium * Rebase on stable 3.20.5 release (LP: #1703461). * debian/patches/*.patch: - Convert Ubuntu changes into patches * debian/patches/0018-Add-a-Snap-plugin.patch: - Fix snaps without icons not showing reliably (LP: #1697565) - Show featured snaps (LP: #1663097) -- Robert AncellWed, 12 Jul 2017 16:24:08 +1200 ** Changed in: gnome-software (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1703461 Title: Update to 3.20.5 Status in gnome-software package in Ubuntu: Fix Released Status in gnome-software source package in Xenial: Fix Released Bug description: [Impact] Ubuntu 16.04 is running a version of gnome-software based on 3.20.1 which is an older stable release (latest stable release is 3.20.5). The Ubuntu changes were managed in a git branch that is difficult to manage. We have not been able to bring in all the stable changes to this branch and it is difficult to modify. We have rebased our changes on 3.20.5 [1] and propose these as a Stable Release Update. [1] https://lists.ubuntu.com/archives/ubuntu- desktop/2017-June/005011.html [Test Case] 1. Run GNOME Software 2. Execute the test plan https://wiki.ubuntu.com/Process/Merges/TestPlans/gnome-software Expected result: Running latest stable release, no regressions from 3.20.1 Observed result: Running older release. [Regression Potential] Due to the number of changes there is a risk of regression. These changes are all on a stable branch, so upstream considers them to be safe. We ran this version from a PPA to check for issues, and there don't seem to be any problems. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/1703461/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1543455] Re: wget crashes with openssl-ibmca
** Also affects: openssl-ibmca (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: openssl-ibmca (Ubuntu Artful) Importance: Undecided Assignee: Dimitri John Ledkov (xnox) Status: Fix Released ** Also affects: openssl-ibmca (Ubuntu Zesty) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1543455 Title: wget crashes with openssl-ibmca Status in Ubuntu on IBM z Systems: In Progress Status in openssl-ibmca package in Ubuntu: Fix Released Status in openssl-ibmca source package in Xenial: New Status in openssl-ibmca source package in Zesty: New Status in openssl-ibmca source package in Artful: Fix Released Bug description: WIth openssl-ibmca enabled, wget crashes downloading things from launchpad librarian. actual bug in openssl-ibmca package. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1543455/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1543455] Re: wget crashes with openssl-ibmca
** Changed in: ubuntu-z-systems Status: Fix Released => In Progress -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1543455 Title: wget crashes with openssl-ibmca Status in Ubuntu on IBM z Systems: In Progress Status in openssl-ibmca package in Ubuntu: Fix Released Status in openssl-ibmca source package in Xenial: New Status in openssl-ibmca source package in Zesty: New Status in openssl-ibmca source package in Artful: Fix Released Bug description: WIth openssl-ibmca enabled, wget crashes downloading things from launchpad librarian. actual bug in openssl-ibmca package. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1543455/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1641912] Re: Please backport two recent-manager patches
** Also affects: gtk+2.0 (Ubuntu Artful) Importance: Critical Assignee: Simon Quigley (tsimonq2) Status: In Progress ** Also affects: gtk+2.0 (Ubuntu Zesty) Importance: Undecided Status: New ** Changed in: gtk+2.0 (Ubuntu Zesty) Status: New => In Progress ** Changed in: gtk+2.0 (Ubuntu Zesty) Importance: Undecided => Critical -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1641912 Title: Please backport two recent-manager patches Status in GTK+: Fix Released Status in gtk+2.0 package in Ubuntu: In Progress Status in gtk+2.0 source package in Xenial: In Progress Status in gtk+2.0 source package in Yakkety: Won't Fix Status in gtk+2.0 source package in Zesty: In Progress Status in gtk+2.0 source package in Artful: In Progress Bug description: https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24=a3b2d6a65be9f592de9570c227df00f910167e9e https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24=35871edb318083b2d7e4758cbdaad6109eed60ca Please apply/backport these two patches from the 2.24 branch. They fix a memory DOS, originally reported against mate-panel here: https://github.com/mate-desktop/mate-panel/issues/479 For the GTK3 version of this bug, see bug 1641914 Note that MATE is GTK2 only for Ubuntu 16.04 LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1663097] Re: Show featured snaps
This bug was fixed in the package gnome-software - 3.20.5-0ubuntu0.16.04.5 --- gnome-software (3.20.5-0ubuntu0.16.04.5) xenial; urgency=medium * debian/patches/0018-Add-a-Snap-plugin.patch: - Fix crash when failing to load icons from cache (LP: #1702122) gnome-software (3.20.5-0ubuntu0.16.04.4) xenial; urgency=medium * Rebase on stable 3.20.5 release (LP: #1703461). * debian/patches/*.patch: - Convert Ubuntu changes into patches * debian/patches/0018-Add-a-Snap-plugin.patch: - Fix snaps without icons not showing reliably (LP: #1697565) - Show featured snaps (LP: #1663097) -- Robert AncellWed, 12 Jul 2017 16:24:08 +1200 ** Changed in: gnome-software (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1663097 Title: Show featured snaps Status in gnome-software package in Ubuntu: Fix Released Status in gnome-software source package in Xenial: Fix Released Status in gnome-software source package in Zesty: Fix Released Status in gnome-software source package in Artful: Fix Released Bug description: [Impact] GNOME Software doesn't show any snaps in the "Editor's Picks" section. snapd added a new feature to return snaps in the "featured" section and should be shown in GNOME Software. [Test Case] 1. Open GNOME Software Expected result: Some of the "Editor's Picks" apps should be snaps. Observed result: There are no snaps shown. [Regression Potential] Some risk of new behaviour adversely affecting GNOME Software startup. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/1663097/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1697565] Re: Snaps without icons don't show as installed
This bug was fixed in the package gnome-software - 3.20.5-0ubuntu0.16.04.5 --- gnome-software (3.20.5-0ubuntu0.16.04.5) xenial; urgency=medium * debian/patches/0018-Add-a-Snap-plugin.patch: - Fix crash when failing to load icons from cache (LP: #1702122) gnome-software (3.20.5-0ubuntu0.16.04.4) xenial; urgency=medium * Rebase on stable 3.20.5 release (LP: #1703461). * debian/patches/*.patch: - Convert Ubuntu changes into patches * debian/patches/0018-Add-a-Snap-plugin.patch: - Fix snaps without icons not showing reliably (LP: #1697565) - Show featured snaps (LP: #1663097) -- Robert AncellWed, 12 Jul 2017 16:24:08 +1200 ** Changed in: gnome-software (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1697565 Title: Snaps without icons don't show as installed Status in gnome-software package in Ubuntu: Fix Released Status in gnome-software source package in Xenial: Fix Released Status in gnome-software source package in Zesty: Fix Released Status in gnome-software source package in Artful: Fix Released Bug description: [Impact] Snaps without icons don't show in the installed tab. They do show in search, because the icon is sourced from the store. [Test Case] 1. Open GNOME Software 2. Install a snap without an icon in the snap, but does have one in the store (e.g. moon-buggy) 3. Close GNOME Software 4. Open GNOME Software 5. Click "installed" tab Expected result: Installed snap is shown Observed result: Snap is not shown [Regression Potential] The code was refactored to download the store information for installed snaps. This means the store icon shows if the installed snap didn't have one. There is some risk of new bugs being caused by the refactoring. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/1697565/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1702122] Re: /usr/bin/gnome-software:11:load_icon:gs_plugin_refine_app:gs_plugin_loader_run_refine_app:gs_plugin_loader_run_refine_internal:gs_plugin_loader_run_refi
This bug was fixed in the package gnome-software - 3.20.5-0ubuntu0.16.04.5 --- gnome-software (3.20.5-0ubuntu0.16.04.5) xenial; urgency=medium * debian/patches/0018-Add-a-Snap-plugin.patch: - Fix crash when failing to load icons from cache (LP: #1702122) gnome-software (3.20.5-0ubuntu0.16.04.4) xenial; urgency=medium * Rebase on stable 3.20.5 release (LP: #1703461). * debian/patches/*.patch: - Convert Ubuntu changes into patches * debian/patches/0018-Add-a-Snap-plugin.patch: - Fix snaps without icons not showing reliably (LP: #1697565) - Show featured snaps (LP: #1663097) -- Robert AncellWed, 12 Jul 2017 16:24:08 +1200 ** Changed in: gnome-software (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1702122 Title: /usr/bin/gnome- software:11:load_icon:gs_plugin_refine_app:gs_plugin_loader_run_refine_app:gs_plugin_loader_run_refine_internal:gs_plugin_loader_run_refine Status in gnome-software package in Ubuntu: Fix Released Status in gnome-software source package in Xenial: Fix Released Status in gnome-software source package in Zesty: Fix Committed Status in gnome-software source package in Artful: Fix Released Bug description: [Impact] The new icon cache code has a bug where it doesn't correctly handle errors loading from the cache. This was picked up in the error tracker [1]. [1] https://errors.ubuntu.com/problem/bc8baf24512d0c46f341376c9134e4f04ec284d0 [Test Case] 1. Run GNOME Software Expected result: Crash doesn't show on errors.ubuntu.com Observed result: Crash shows on errors.ubuntu.com [Regression Potential] Fix was to use correct variable (typo). Seems unlikely to be able to cause new issues (though may unmask other issues by now working correctly). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/1702122/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1683876] Re: systemtap doesn't work with HWE kernels
** Also affects: systemtap (Ubuntu Trusty) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1683876 Title: systemtap doesn't work with HWE kernels Status in systemtap package in Ubuntu: Fix Released Status in systemtap source package in Trusty: New Status in systemtap source package in Xenial: New Status in systemtap source package in Yakkety: Fix Released Bug description: [Environment] No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 16.04.2 LTS Release:16.04 Codename: xenial Linux juju-niedbalski-xenial-machine-12 4.8.0-46-generic #49~16.04.1-Ubuntu SMP Fri Mar 31 14:51:03 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux [Description] Xenial system with LTS-hwe xenial kernel enabled. Trying to run the following script: $ sudo stap -e 'probe oneshot { println("hello world") }' Raises the following errors: In file included from /usr/share/systemtap/runtime/linux/runtime.h:204:0, from /usr/share/systemtap/runtime/runtime.h:24, from /tmp/stapjb3FJA/stap_06a893e40e8ca093be8e351d40e8d862_960_src.c:25: /usr/share/systemtap/runtime/linux/access_process_vm.h: In function ‘__access_process_vm_’: /usr/share/systemtap/runtime/linux/access_process_vm.h:35:29: error: passing argument 1 of ‘get_user_pages’ makes integer from pointer without a cast [-Werror=int-conversion] ret = get_user_pages (tsk, mm, addr, 1, write, 1, , ); ^ In file included from ./include/linux/pid_namespace.h:6:0, from ./include/linux/ptrace.h:8, from ./include/linux/ftrace.h:13, from ./include/linux/kprobes.h:42, from /usr/share/systemtap/runtime/linux/runtime.h:21, from /usr/share/systemtap/runtime/runtime.h:24, from /tmp/stapjb3FJA/stap_06a893e40e8ca093be8e351d40e8d862_960_src.c:25: ./include/linux/mm.h:1315:6: note: expected ‘long unsigned int’ but argument is of type ‘struct task_struct *’ long get_user_pages(unsigned long start, unsigned long nr_pages, ^ In file included from /usr/share/systemtap/runtime/linux/runtime.h:204:0, from /usr/share/systemtap/runtime/linux/runtime.h:21, from /usr/share/systemtap/runtime/runtime.h:24, from /tmp/stapjb3FJA/stap_06a893e40e8ca093be8e351d40e8d862_960_src.c:25: ./include/linux/mm.h:1315:6: note: expected ‘struct page **’ but argument is of type ‘int’ long get_user_pages(unsigned long start, unsigned long nr_pages, ^ In file included from /usr/share/systemtap/runtime/linux/runtime.h:204:0, from /usr/share/systemtap/runtime/runtime.h:24, from /tmp/stapjb3FJA/stap_06a893e40e8ca093be8e351d40e8d862_960_src.c:25: /usr/share/systemtap/runtime/linux/access_process_vm.h:35:54: error: passing argument 6 of ‘get_user_pages’ makes pointer from integer without a cast [-Werror=int-conversion] ret = get_user_pages (tsk, mm, addr, 1, write, 1, , ); ^ In file included from ./include/linux/pid_namespace.h:6:0, from ./include/linux/ptrace.h:8, from ./include/linux/ftrace.h:13, from ./include/linux/kprobes.h:42, from /usr/share/systemtap/runtime/linux/runtime.h:21, from /usr/share/systemtap/runtime/runtime.h:24, from /tmp/stapjb3FJA/stap_06a893e40e8ca093be8e351d40e8d862_960_src.c:25: ./include/linux/mm.h:1315:6: note: expected ‘struct vm_area_struct **’ but argument is of type ‘int’ long get_user_pages(unsigned long start, unsigned long nr_pages, ^ In file included from /usr/share/systemtap/runtime/linux/runtime.h:204:0, from /usr/share/systemtap/runtime/runtime.h:24, from /tmp/stapjb3FJA/stap_06a893e40e8ca093be8e351d40e8d862_960_src.c:25: /usr/share/systemtap/runtime/linux/access_process_vm.h:35:13: error: too many arguments to function ‘get_user_pages’ ret = get_user_pages (tsk, mm, addr, 1, write, 1, , ); ^ In file included from ./include/linux/pid_namespace.h:6:0, from ./include/linux/ptrace.h:8, from ./include/linux/ftrace.h:13, from ./include/linux/kprobes.h:42, from /usr/share/systemtap/runtime/linux/runtime.h:21, from /usr/share/systemtap/runtime/runtime.h:24, from /tmp/stapjb3FJA/stap_06a893e40e8ca093be8e351d40e8d862_960_src.c:25: ./include/linux/mm.h:1315:6: note: declared here long get_user_pages(unsigned long start, unsigned
[Group.of.nepali.translators] [Bug 1706132] Re: xfs slab objects (memory) leak when xfs shutdown is called
** Also affects: linux (Ubuntu Xenial) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1706132 Title: xfs slab objects (memory) leak when xfs shutdown is called Status in linux package in Ubuntu: Confirmed Status in linux source package in Xenial: New Bug description: [Impact] * xfs kernel memory leak in case of xfs shutdown due to i/o errors * if xfs on iscsi, iscsi disconnection and module unload will case mem leak [Test Case] * configure tgtd with 1 lun and make it available through tcp/ip * configure open-iscsi to map this lun * make sure node.session.timeo.replacement_timeout = 0 in iscsid.conf * mount a xfs volume using the lun from tgtd host, run bonnie -d /xfsdir * in tgtd server, drop iscsi packets and watch client to have i/o errors * after sometime (depending on timeout) xfs will call shutdown * make sure the i/o errors led to xfs shutdown (comment #3) * after shutdown you try to remove xfs module and it will leak [Regression Potential] * based on upstream fix * tested in the same environment * potential damage to xfs [Other Info] Original Description: This scenario is testing [iscsi <-> scsi <-> disk <-> xfs] [ 551.125604] sd 2:0:0:1: rejecting I/O to offline device [ 551.125615] sd 2:0:0:1: rejecting I/O to offline device [ 551.125627] sd 2:0:0:1: rejecting I/O to offline device [ 551.125639] sd 2:0:0:1: rejecting I/O to offline device [ 551.135216] XFS (sda1): metadata I/O error: block 0xeffe01 ("xfs_trans_read_buf_map") error 5 numblks 1 [ 551.135274] XFS (sda1): page discard on page ea0002a89cc0, inode 0x83, offset 6442385408. # when XFS shuts down because of an error (or offline disk, example): [ 551.850498] XFS (sda1): xfs_do_force_shutdown(0x2) called from line 1197 of file /build/linux-lts-xenial-roXrYH/linux-lts-xenial-4.4.0/fs/xfs/xfs_log.c. Return address = 0xc0300388 [ 551.850568] XFS (sda1): Log I/O Error Detected. Shutting down filesystem [ 551.850618] XFS (sda1): xfs_log_force: error -5 returned. [ 551.850630] XFS (sda1): Failing async write on buffer block 0x77ff08. Retrying async write. [ 551.850634] XFS (sda1): Failing async write on buffer block 0x77ff10. Retrying async write. [ 551.850638] XFS (sda1): Failing async write on buffer block 0x77ff01. Retrying async write. [ 551.853171] XFS (sda1): Please umount the filesystem and rectify the problem(s) [ 551.874131] XFS (sda1): metadata I/O error: block 0x1dffc49 ("xlog_iodone") error 5 numblks 64 [ 551.877993] XFS (sda1): xfs_do_force_shutdown(0x2) called from line 1197 of file /build/linux-lts-xenial-roXrYH/linux-lts-xenial-4.4.0/fs/xfs/xfs_log.c. Return address = 0xc0300388 [ 551.899036] XFS (sda1): xfs_log_force: error -5 returned. [ 569.323074] XFS (sda1): xfs_log_force: error -5 returned. [ 599.403085] XFS (sda1): xfs_log_force: error -5 returned. [ 629.483111] XFS (sda1): xfs_log_force: error -5 returned. [ 659.563115] XFS (sda1): xfs_log_force: error -5 returned. [ 689.643014] XFS (sda1): xfs_log_force: error -5 returned. # when I execute: # sudo umount /dev/sda1: [81634.923043] XFS (sda1): xfs_log_force: error -5 returned. [81640.739097] XFS (sda1): xfs_log_force: error -5 returned. [81640.739137] XFS (sda1): Unmounting Filesystem [81640.739463] XFS (sda1): xfs_log_force: error -5 returned. [81640.739508] XFS (sda1): xfs_log_force: error -5 returned. [81640.742741] sd 2:0:0:1: rejecting I/O to offline device [81640.745576] blk_update_request: 25 callbacks suppressed [81640.745601] blk_update_request: I/O error, dev sda, sector 0 # i was able to umount and then to remove iscsi disk. # but if i try to unload the xfs module: inaddy@(trustyiscsicli):~$ sudo rmmod xfs [82211.059301] = [82211.063764] BUG xfs_log_ticket (Tainted: G OE ): Objects remaining in xfs_log_ticket on kmem_cache_close() [82211.067450] - [82211.067450] [82211.070580] INFO: Slab 0xea0002eb7640 objects=22 used=1 fp=0x8800badd9f18 flags=0xc00080 [82211.074430] INFO: Object 0x8800badd9228 @offset=552 [82211.076133] kmem_cache_destroy xfs_log_ticket: Slab cache still has objects AND [82211.059301] = [82211.063764] BUG xfs_log_ticket (Tainted: G OE ): Objects remaining in xfs_log_ticket on kmem_cache_close() [82211.067450] - [82211.067450] [82211.070570] Disabling lock debugging
[Group.of.nepali.translators] [Bug 1639230] Re: reschedule fails with ip already allocated error
** Also affects: nova (Ubuntu Xenial) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1639230 Title: reschedule fails with ip already allocated error Status in OpenStack Compute (nova): Fix Released Status in OpenStack Compute (nova) newton series: Fix Committed Status in nova package in Ubuntu: Fix Released Status in nova source package in Xenial: New Bug description: Tried to create a server in a multi-host environment. The create failed on the first host that was attempted due to a ClientException raised by nova.volume.cinder.API.initialize_connection while trying to attach a volume. When the build was rescheduled on a different host, it should have realized that the network was already allocated by the first attempt and reused that, but the network_allocated=True from instance.system_metadata somehow disappeared, leading to the following exception that causes the reschedule to fail: 2016-10-13 04:48:29.007 16273 WARNING nova.network.neutronv2.api [req-9b343ef7-e8d9-4a61-b86c-a61908afe4df 0688b01e6439ca32d698d20789d52169126fb41fb1a4ddafcebb97d854e836c9 94e1baed634145e0aade858973ae88e8 - - -] [instance: b85d6c6c-e385-4601-aa47-5c580f893c9b] Neutron error creating port on network 5038a36b-cb1e-4a61-b26c-a05a80b37ed6 2016-10-13 04:48:29.007 16273 ERROR nova.network.neutronv2.api [instance: b85d6c6c-e385-4601-aa47-5c580f893c9b] Traceback (most recent call last): 2016-10-13 04:48:29.007 16273 ERROR nova.network.neutronv2.api [instance: b85d6c6c-e385-4601-aa47-5c580f893c9b] File "/usr/lib/python2.7/site-packages/nova/network/neutronv2/api.py", line 392, in _create_port_minimal 2016-10-13 04:48:29.007 16273 ERROR nova.network.neutronv2.api [instance: b85d6c6c-e385-4601-aa47-5c580f893c9b] port_response = port_client.create_port(port_req_body) 2016-10-13 04:48:29.007 16273 ERROR nova.network.neutronv2.api [instance: b85d6c6c-e385-4601-aa47-5c580f893c9b] File "/usr/lib/python2.7/site-packages/nova/network/neutronv2/api.py", line 98, in wrapper 2016-10-13 04:48:29.007 16273 ERROR nova.network.neutronv2.api [instance: b85d6c6c-e385-4601-aa47-5c580f893c9b] ret = obj(*args, **kwargs) 2016-10-13 04:48:29.007 16273 ERROR nova.network.neutronv2.api [instance: b85d6c6c-e385-4601-aa47-5c580f893c9b] File "/usr/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 750, in create_port 2016-10-13 04:48:29.007 16273 ERROR nova.network.neutronv2.api [instance: b85d6c6c-e385-4601-aa47-5c580f893c9b] return self.post(self.ports_path, body=body) 2016-10-13 04:48:29.007 16273 ERROR nova.network.neutronv2.api [instance: b85d6c6c-e385-4601-aa47-5c580f893c9b] File "/usr/lib/python2.7/site-packages/nova/network/neutronv2/api.py", line 98, in wrapper 2016-10-13 04:48:29.007 16273 ERROR nova.network.neutronv2.api [instance: b85d6c6c-e385-4601-aa47-5c580f893c9b] ret = obj(*args, **kwargs) 2016-10-13 04:48:29.007 16273 ERROR nova.network.neutronv2.api [instance: b85d6c6c-e385-4601-aa47-5c580f893c9b] File "/usr/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 365, in post 2016-10-13 04:48:29.007 16273 ERROR nova.network.neutronv2.api [instance: b85d6c6c-e385-4601-aa47-5c580f893c9b] headers=headers, params=params) 2016-10-13 04:48:29.007 16273 ERROR nova.network.neutronv2.api [instance: b85d6c6c-e385-4601-aa47-5c580f893c9b] File "/usr/lib/python2.7/site-packages/nova/network/neutronv2/api.py", line 98, in wrapper 2016-10-13 04:48:29.007 16273 ERROR nova.network.neutronv2.api [instance: b85d6c6c-e385-4601-aa47-5c580f893c9b] ret = obj(*args, **kwargs) 2016-10-13 04:48:29.007 16273 ERROR nova.network.neutronv2.api [instance: b85d6c6c-e385-4601-aa47-5c580f893c9b] File "/usr/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 300, in do_request 2016-10-13 04:48:29.007 16273 ERROR nova.network.neutronv2.api [instance: b85d6c6c-e385-4601-aa47-5c580f893c9b] self._handle_fault_response(status_code, replybody, resp) 2016-10-13 04:48:29.007 16273 ERROR nova.network.neutronv2.api [instance: b85d6c6c-e385-4601-aa47-5c580f893c9b] File "/usr/lib/python2.7/site-packages/nova/network/neutronv2/api.py", line 98, in wrapper 2016-10-13 04:48:29.007 16273 ERROR nova.network.neutronv2.api [instance: b85d6c6c-e385-4601-aa47-5c580f893c9b] ret = obj(*args, **kwargs) 2016-10-13 04:48:29.007 16273 ERROR nova.network.neutronv2.api [instance: b85d6c6c-e385-4601-aa47-5c580f893c9b] File "/usr/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 275, in _handle_fault_response 2016-10-13 04:48:29.007 16273 ERROR nova.network.neutronv2.api [instance: b85d6c6c-e385-4601-aa47-5c580f893c9b] exception_handler_v20(status_code, error_body) 2016-10-13 04:48:29.007 16273
[Group.of.nepali.translators] [Bug 1706833] Re: atheros bt failed after S3
** Also affects: linux (Ubuntu Xenial) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1706833 Title: atheros bt failed after S3 Status in HWE Next: New Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: New Bug description: [Impact] BT fails to load firmware after S3. On my system it's atheros' chip, but the same issue can be seen with broadcom's chip, too. [542.6274] WARNING: CPU: 0 PID: 20729 at /build/linux-MD8jsN/linux-4.4.0/drivers/base/firmware_class.c:1148 _request_firmware+0x7c2/0xaf0() The root cause of this issue is request_firmware() is being called at the wrong time. [Fix] The fix is from this old thread[1], but the patch didn't be accepted by the maintainer. It prevents the work queue from being re-created and calls request_firmware() immediately before usermodehelper is fully resumed. Making the workqueue freezable preserves the delay and will postpone the firmware loading time. [Test Case] Verified on the machine has this issue, and confirm this patch works. [Regression Potential] From what I can see, I think this change should be safe, and after 240 times S3 test, the system and BT functions are still working. 1. http://lists.openwall.net/netdev/2015/05/06/3 To manage notifications about this bug go to: https://bugs.launchpad.net/hwe-next/+bug/1706833/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1665701] Re: Missing inspect-internal command
sounds like this compatibility issue has been resolved on the curtin side and that this command is no longer present upstream, so there is no change to be made to the btrfs-progs side. ** Changed in: btrfs-progs (Ubuntu) Status: Confirmed => Won't Fix ** Changed in: btrfs-progs (Ubuntu Xenial) Status: New => Won't Fix ** Changed in: btrfs-progs (Ubuntu Yakkety) Status: New => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1665701 Title: Missing inspect-internal command Status in btrfs-progs package in Ubuntu: Won't Fix Status in curtin package in Ubuntu: Fix Released Status in btrfs-progs source package in Xenial: Won't Fix Status in curtin source package in Xenial: Fix Released Status in btrfs-progs source package in Yakkety: Won't Fix Status in curtin source package in Yakkety: Fix Released Bug description: Begin Curtin SRU Template [Impact] This change is actually only a test change. Vmtest does an instllation to a btrfs device and then boots into the installed system and collects information to verify that the install worked properly. That collection of information was using btrfs-show-super (
[Group.of.nepali.translators] [Bug 1635223] Re: please include mlx5_core modules in linux-image-generic package
** Changed in: cloud-images Status: New => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1635223 Title: please include mlx5_core modules in linux-image-generic package Status in cloud-images: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Fix Released Status in linux source package in Yakkety: Fix Released Status in linux source package in Zesty: Fix Released Bug description: Because linux-image-generic pkg doesn't include mlx5_core, stock ubuntu cloud-images can't be used by VM guests using mellanox VFs, forcing the creation of an ad-hoc cloud image with added linux-image-extra-virtual To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/1635223/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1703532] Re: linux-hwe: 4.10.0-28.32~16.04.2 -proposed tracker
This bug was fixed in the package linux-hwe - 4.10.0-28.32~16.04.2 --- linux-hwe (4.10.0-28.32~16.04.2) xenial; urgency=low * linux-hwe: 4.10.0-28.32~16.04.2 -proposed tracker (LP: #1703532) * CVE-2017-1000364 - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack - mm/mmap.c: expand_downwards: don't require the gap if !vm_prev * KILLER1435-S[0489:e0a2] BT cannot search BT 4.0 device (LP: #1699651) - Bluetooth: btusb: Add support for 0489:e0a2 QCA_ROME device * aacraid driver may return uninitialized stack data to userspace (LP: #1700077) - SAUCE: scsi: aacraid: Don't copy uninitialized stack memory to userspace * CVE-2017-9605 - drm/vmwgfx: Make sure backup_handle is always valid * CVE-2017-1000380 - ALSA: timer: Fix race between read and ioctl - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT * XDP eBPF programs fail to verify on Zesty ppc64el (LP: #1699627) - [Config] ppc64el: build for Power8 not Power7 * AACRAID for power9 platform (LP: #1689980) - scripts/spelling.txt: add "therfore" pattern and fix typo instances - scsi: aacraid: fix PCI error recovery path - scsi: aacraid: pci_alloc_consistent() failures on ARM64 - scsi: aacraid: Remove __GFP_DMA for raw srb memory - scsi: aacraid: Fix DMAR issues with iommu=pt - scsi: aacraid: Added 32 and 64 queue depth for arc natives - scsi: aacraid: Set correct Queue Depth for HBA1000 RAW disks - scsi: aacraid: Remove reset support from check_health - scsi: aacraid: Change wait time for fib completion - scsi: aacraid: Log count info of scsi cmds before reset - scsi: aacraid: Print ctrl status before eh reset - scsi: aacraid: Using single reset mask for IOP reset - scsi: aacraid: Rework IOP reset - scsi: aacraid: Add periodic checks to see IOP reset status - scsi: aacraid: Rework SOFT reset code - scsi: aacraid: Rework aac_src_restart - scsi: aacraid: Use correct function to get ctrl health - scsi: aacraid: Make sure ioctl returns on controller reset - scsi: aacraid: Enable ctrl reset for both hba and arc - scsi: aacraid: Add reset debugging statements - scsi: aacraid: Remove reference to Series-9 - scsi: aacraid: Update driver version to 50834 * arm64 kernel crashdump support (LP: #1694859) - memblock: add memblock_clear_nomap() - memblock: add memblock_cap_memory_range() - arm64: limit memory regions based on DT property, usable-memory-range - arm64: kdump: reserve memory for crash dump kernel - arm64: mm: add set_memory_valid() - arm64: mm: use phys_addr_t instead of unsigned long in __map_memblock - arm64: kdump: protect crash dump kernel memory - arm64: hibernate: preserve kdump image around hibernation - arm64: kdump: implement machine_crash_shutdown() - arm64: kdump: add VMCOREINFO's for user-space tools - [Config] CONFIG_CRASH_DUMP=y on arm64 - arm64: kdump: provide /proc/vmcore file - Documentation: kdump: describe arm64 port - Documentation: dt: chosen properties for arm64 kdump - efi/libstub/arm*: Set default address and size cells values for an empty dtb * hibmc driver does not include "pci:" prefix in bus ID (LP: #1698700) - SAUCE: drm: hibmc: Use set_busid function from drm core * Processes in "D" state due to zap_pid_ns_processes kernel call with Ubuntu + Docker (LP: #1698264) - pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes * Bugfixes for hns network driver (LP: #1696031) - hns_enet: use cpumask_var_t for on-stack mask - net: hns: fix uninitialized data use - net: hns: avoid gcc-7.0.1 warning for uninitialized data - net: hns: Add ACPI support to check SFP present - net: hns: Fix the implementation of irq affinity function - net: hns: Modify GMAC init TX threshold value - net: hns: Optimize the code for GMAC pad and crc Config - net: hns: Remove redundant memset during buffer release - net: hns: bug fix of ethtool show the speed - net: hns: Optimize hns_nic_common_poll for better performance - net: hns: Fix to adjust buf_size of ring according to mtu - net: hns: Replace netif_tx_lock to ring spin lock - net: hns: Correct HNS RSS key set function - net: hns: Remove the redundant adding and deleting mac function - net: hns: Remove redundant mac_get_id() - net: hns: Remove redundant mac table operations - net: hns: Clean redundant code from hns_mdio.c file - net: hns: Optimise the code in hns_mdio_wait_ready() - net: hns: Simplify the exception sequence in hns_ppe_init() - net: hns: Adjust the SBM module buffer threshold - net: hns: Avoid Hip06 chip TX packet line bug - net: hns: Some checkpatch.pl script & warning fixes - net: hns: support deferred probe when can not obtain irq - net: hns: support deferred probe when no mdio - net: hns: fix
[Group.of.nepali.translators] [Bug 1696710] Re: Ubuntu 16.04.02: depmod: WARNING: needs unknown symbol .TOC.
This bug was fixed in the package kmod - 22-1ubuntu5 --- kmod (22-1ubuntu5) xenial; urgency=medium * depmod-ignore-powerpc64-abiv2-toc-symbol.patch: Ignore the TOC symbol in depmod on PPC64 as it does not need to be relocated (LP: #1696710) * fix-docs-build: Fix build failure with the xenial version of gtk-doc. -- Adam ConradTue, 25 Jul 2017 07:41:35 -0600 ** Changed in: kmod (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1696710 Title: Ubuntu 16.04.02: depmod: WARNING: needs unknown symbol .TOC. Status in The Ubuntu-power-systems project: Fix Released Status in kmod package in Ubuntu: Fix Released Status in kmod source package in Xenial: Fix Released Bug description: == Comment: #0 - Douglas Miller - 2017-01-24 07:59:54 == ---Problem Description--- depmod does not handle .TOC symbol on powerpc platforms Contact Information = Douglas Miller ---uname output--- Linux p8le03 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:40:06 UTC 2016 ppc64le ppc64le ppc64le GNU/Linux Machine Type = other ---Debugger--- A debugger is not configured ---Steps to Reproduce--- Compile kernel, during modules_install target the messages appear. PPC64 modules have a .TOC symbol which is required. It may be the only symbol with a period in the name, and so tools that restrict symbols based on a pattern may neglect to include .TOC. Userspace tool common name: depmod The userspace tool has the following bit modes: 64 Userspace rpm: libkmod2:ppc64el Userspace tool obtained from project website: na *Additional Instructions for Douglas Miller : -Attach ltrace and strace of userspace application. == Comment: #3 - Douglas Miller - 2017-01-24 08:12:58 == kmod package: # dpkg --list |grep kmod ii kmod 22-1ubuntu4 ppc64el tools for managing Linux kernel modules ii libkmod2:ppc64el 22-1ubuntu4 ppc64el libkmod shared library == Comment: #7 - Douglas Miller - 2017-06-07 16:20:38 == I was doing a build of upstream origin/master on Ubuntu 16.04.2 fresh install and still getting these messages. In the "make modules_install" output I see: ... DEPMOD 4.12.0-rc4 depmod: WARNING: /lib/modules/4.12.0-rc4/kernel/arch/powerpc/kernel/rtas_flash.ko needs unknown symb ol .TOC. ... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1696710/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1694859] Re: arm64 kernel crashdump support
This bug was fixed in the package kexec-tools - 1:2.0.10-1ubuntu2.3 --- kexec-tools (1:2.0.10-1ubuntu2.3) xenial; urgency=medium * Add backport of upstream arm64 crashdump support (LP: #1694859). -- dann frazierFri, 23 Jun 2017 12:27:52 -0600 ** Changed in: kexec-tools (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1694859 Title: arm64 kernel crashdump support Status in kexec-tools package in Ubuntu: Fix Released Status in linux package in Ubuntu: Fix Released Status in makedumpfile package in Ubuntu: Fix Released Status in kexec-tools source package in Xenial: Fix Released Status in linux source package in Xenial: Won't Fix Status in makedumpfile source package in Xenial: Fix Committed Status in kexec-tools source package in Yakkety: In Progress Status in linux source package in Yakkety: Won't Fix Status in makedumpfile source package in Yakkety: Won't Fix Status in kexec-tools source package in Zesty: Fix Released Status in linux source package in Zesty: Fix Released Status in makedumpfile source package in Zesty: Fix Released Bug description: Note: Updates are being staged at ppa:dannf/arm64-kdump. [Impact] It is not possible to collect a kernel crash dump from a crashed arm64 server for later debugging. [Test Case] sudo apt install kdump-tools (reboot, so crashkernel= is added to the kernel commandline) echo c | sudo tee /proc/sysrq-trigger Crash dump should occur, with artifacts collected in /var/crash. If you want to verify that the dump is usable, install the corresponding linux-image--dbgsym package and run: sudo crash /usr/lib/debug/boot/vmlinux- /var/crash//dump. crash should successfully load, placing you at a "crash>" prompt. At that prompt, you can issue the 'bt' command to see a backtrace. Note: you need crash from zesty (7.1.8-1ubuntu1) or later. [Regression Risk] = Kernel = 3 patches here touch code outside of arch/arm64/: memblock: add memblock_clear_nomap() This adds a new function with no callers, so regression risk is negligible. (A later patch adds a call to it under arch/arm64/). memblock: add memblock_cap_memory_range() This refactors some of the code in memblock_mem_limit_remove_map() into a new function. The only existing caller of memblock_mem_limit_remove_map() is under arch/arm64/, so the regression risk outside of arm64 is negligible. efi/libstub/arm*: Set default address and size cells values for an empty dtb Because this code is for EFI platforms that support device-tree, it is de-facto ARM-specific (as noted in the patch title). For arm64, we have mitigated the risk by explicit regression testing on several platforms: - Qualcomm QDF2400 - Cavium ThunderX CRB1S - HP m400 (X-Gene) - HiSilicon D05 (Hi07) = kexec-tools = == zesty == For zesty, 10 patches are required to add kdump support. 0001-kexec-extend-the-semantics-of-kexec_iomem_for_each_l.patch: This modifies a function used on armhf & x86. The description explains the change, and why it does not impact those archs: - The current users of kexec_iomem_for_each_line(), arm, sh and x86, will not be affected by this change because * arm The callback function only returns -1 or 0, and the return value of kexec_iomem_for_each_line() will never be used. * sh, x86 The callback function may return (-1 for sh,) 0 or 1, but always returns 1 once we have reached the maximum number of entries allowed. Even so the current kexec_iomem_for_each_line() counts them up. This change actually fixes this bug. - 0002-kexec-generalize-and-rename-get_kernel_stext_sym.patch: This generalizes a function that was duplicated by arm & x86 and makes it common so arm64 can use it. The remaining 8 of these only touch code in kexec/arch/arm64, so regression risk for other architectures is negligible. Finally, I have tested this update on both i386 and amd64 VMs. i386 crashes do not currently work in zesty (filed LP: #1699874), and my test results show no change there. amd64 worked before, and continues to work with these changes. == yakkety == Since yakkety is based on an older upstream, 6 additional patches are required: arm-fix-get_kernel_stext_sym-to-close-its-file.patch: This is a cleanup patch, cherry-picked because it allows later patches to apply w/o backporting. ARM-specific. kexec-add-max_size-to-memory_ranges.patch: Adds a new element to struct, to be used by later commits. kexec-add-generic-helper-to-add-to-memoryq_regions.patch, kexec-add-mem_regions-sorting-implementation.patch, kexec-add-helper-to-exlude-a-region-from-a-set-of-me.patch, kexec-fix-mem_regions_sort.patch:
[Group.of.nepali.translators] [Bug 1700994] Re: Installed snaps show twice in GNOME Software
This bug was fixed in the package appstream-glib - 0.5.13-1ubuntu5 --- appstream-glib (0.5.13-1ubuntu5) xenial; urgency=medium * debian/patches/0001-Skip-loading-desktop-data-from-Snap-directory.patch: - Don't load .desktop files provided by snapd - we already have this information from snapd. (LP: #1700994) -- Robert AncellFri, 07 Jul 2017 13:49:05 +1200 ** Changed in: appstream-glib (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1700994 Title: Installed snaps show twice in GNOME Software Status in appstream-glib package in Ubuntu: Fix Released Status in gnome-software package in Ubuntu: Fix Released Status in appstream-glib source package in Xenial: Fix Released Status in gnome-software source package in Xenial: In Progress Status in appstream-glib source package in Zesty: Fix Committed Status in gnome-software source package in Zesty: In Progress Status in appstream-glib source package in Artful: Fix Released Status in gnome-software source package in Artful: Fix Released Bug description: [Impact] Installed snaps show twice in GNOME Software. The solution is to not scan the installed .desktop files - there is sufficient information provided by snapd. [Test Case] 1. Open GNOME Software 2. Install a snap (e.g. ohmygiraffe) 3. Switched to "Installed" tab Expected result: ohmygiraffe is shown once in the installed list. Observed result: ohmygiraffe is shown twice. One entry has data from the snap metadata, the other from the installed .desktop file. [Regression Potential] There is some risk of breaking other appstream behaviour. The risk is low because we only filter out the snapd specific directory that contains this data. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/appstream-glib/+bug/1700994/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1646585] Re: oem-config replaces /etc/resolv.conf symlink with a hard file
Hello Newton, or anyone else affected, Accepted ubiquity into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubiquity/2.21.63.4 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: netcfg (Ubuntu Yakkety) Status: Fix Committed => Won't Fix ** Changed in: ubiquity (Ubuntu Xenial) Status: Triaged => Fix Committed ** Tags removed: verification-done-xenial ** Tags added: verification-needed verification-needed-xenial -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1646585 Title: oem-config replaces /etc/resolv.conf symlink with a hard file Status in Nvidia: New Status in netcfg package in Ubuntu: Fix Released Status in ubiquity package in Ubuntu: Fix Released Status in netcfg source package in Xenial: Fix Released Status in ubiquity source package in Xenial: Fix Committed Status in netcfg source package in Yakkety: Won't Fix Status in netcfg source package in Zesty: Fix Released Status in ubiquity source package in Zesty: Fix Released Bug description: [Impact] This breaks oem-config installs because after running oem-config-firstboot, /etc/resolv.conf's symlink might be replaced by a regular file. [Test case] The DGX server install process uses oem-config to setup certain settings. We are seeing that oem-config-firstboot is replacing the /etc/resolv.conf symlink to /run/resolvconf/resolv.conf with a hard file at /etc/resolv.conf. This was confirmed by booting in single user mode after a fresh install, and seeing the symlink is still there. Then go thru oem- config-firstboot, and find that the symlink is no longer there when that is done. We have to run "sudo dpkg-reconfigure resolvconf" to restore that symlink. [Regression potential] This may regress by failing to recognize a case where resolvconf is not in use, or triggering a false-positive (resolvconf is not in use, by an install is tricked into thinking it is and removes resolv.conf). Corruption of /etc/resolv.conf or /run/resolvconf/resolv.conf should be considered as possible regressions from this SRU. To manage notifications about this bug go to: https://bugs.launchpad.net/nvidia/+bug/1646585/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1593907] Re: ntpdate startup routine prevents ntp service from launching up on Ubuntu 16.04 server on system boot
This bug was fixed in the package ntp - 1:4.2.8p4+dfsg-3ubuntu5.6 --- ntp (1:4.2.8p4+dfsg-3ubuntu5.6) xenial; urgency=medium * debian/ntpdate.if-up: Drop delta to stop/start service around ntpdate updates - fixes ntp restart storms due to network changes, fixes accidential start of ntp, avoids issues of ntpdate jumping too far while running ntp was supposed to drift (LP: #1593907) -- Christian EhrhardtFri, 07 Jul 2017 07:56:45 +0200 ** Changed in: ntp (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1593907 Title: ntpdate startup routine prevents ntp service from launching up on Ubuntu 16.04 server on system boot Status in ntp package in Ubuntu: Fix Released Status in ntp source package in Trusty: Fix Committed Status in ntp source package in Xenial: Fix Released Status in ntp source package in Yakkety: Fix Released Status in ntp source package in Zesty: Fix Released Bug description: [Impact] * Fixes several broken cases, those are: * Case 1 - ntp configured to drift time slowly, but time jumping - ntp is running and drifts time towards a target being way off - an interface comes up - stop ntpd - warp time via ntpdate-debian (static interfaces will even set -b) - (re-)start ntpd - if users relied on non-time warp they are now in trouble * Case 2 - ntp start/stop storms - ntpd comes up normally - the admin brings interfaces up/down rather often - ntp is restarted very very often due to this for no reason => reason for bugs like debian 823533 * Case 3 - unintentional enablement of ntp - ntpd is installed but disabled (for whatever reason) - all is fine on any ifup/down - one installs ntpdate, maybe even without realizing due to a depends - now on the next ifup ntpd (or openntpd) will be started * Solution, drop the broken Delta [Test Case] * Testing Case 2/3 as it is the easiest, case 1 needs a more complex setup to cause the time drift but otherwise works the same way. - install ntp and ntpdate - stop ntp - ifup/ifdown an interface multiple times; as simplification you can also call /etc/network/if-up.d/ntpdate directly (not that this spawns the change asnchronous and locks concurrency, so do that a few times over the time of a minute or so) - the service of ntp should still be stopped and not report plenty of restarts [Regression Potential] * It improves a lot of cases (otherwise we wouldn't SRU), but there is one regression potential I can see: - users that relied on starting NTP later on after other interfaces got up due to that code in ntpdate which did that as a side effect. But that is outweigh by Case2/3 for the majority of users. And even Case1 only hits this potential regression on e.g. late network intialization, but in that case please remind that the default (systemd timedatectl) would handle that. - Since most users of ntp do not install ntpdate (which doesn't work when ntp is active) we should be rather safe to assume that almost no one should rely on that side effect. - Furthermore this is a Ubuntu Delta for very long, cause issues (see the references on the git commit) but never made it into Debian - in that sense another indicator it isn't an important delta to have. [Other Info] * The original intention "what if net is available too late" fixed correctly would not be part of ntpdate, but ntp and additionally check if it is actually meant to be enabled - but I never seen/heard of any of it since systemd is around - maybe new ordering mostly avoids the original issue. --- I've installed ntp service on the clean ubuntu 16.04 server system. Configured it. Checked that it works, but, after reboot, it doesn't start automatically. When I check: 'systemctl is-enabled ntp', it shows enabled. If I manually start it 'systemctl start ntp' it starts just fine and woks correctly, but until I manually start it, 'systemctl status ntp' shows: Loaded: loaded (/etc/init.d/ntp; bad; vendor preset: enabled) Active: inactive (deadi) Installed 1.29ubuntu2 version of init-systems-helper, but it didn't fix the problem. Found a bugreport on ntpd package: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1577596 led to solution that involves a change to be made in file: /etc/network/if-up.d/ntpdate of ntpdate package After changing from: __CODE_START__ invoke-rc.d --quiet $service stop >/dev/null
[Group.of.nepali.translators] [Bug 1696599] Re: backport/sync UEFI, Secure Boot support
** Changed in: grub2-signed (Ubuntu Yakkety) Status: Fix Committed => Won't Fix ** Changed in: grub2 (Ubuntu Yakkety) Status: Fix Committed => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1696599 Title: backport/sync UEFI, Secure Boot support Status in grub2 package in Ubuntu: Fix Released Status in grub2-signed package in Ubuntu: Fix Released Status in grub2 source package in Trusty: New Status in grub2-signed source package in Trusty: New Status in grub2 source package in Xenial: Fix Committed Status in grub2-signed source package in Xenial: Fix Committed Status in grub2 source package in Yakkety: Won't Fix Status in grub2-signed source package in Yakkety: Won't Fix Status in grub2 source package in Zesty: Fix Released Status in grub2-signed source package in Zesty: Fix Released Status in grub2 source package in Artful: Fix Released Status in grub2-signed source package in Artful: Fix Released Bug description: [Impact] Since the implementation of UEFI Secure Boot in Ubuntu, there has been a large number of changes to the EFI patchset, handled "upstream" at https://github.com/vathpela/grub2-fedora/tree/sb. This SRU is handled as a wholesale "sync" with a known set of patches rather than individual cherry-picks given the high risk in cherry- picking individual changes; we do not want to risk subtly breaking Secure Boot support or introducing a security issue due to using different sets of patches across our currently supported releases. Using a common set of patches across releases and making sure we're in sync with "upstream" for that particular section of the grub2 codebase (specifically, UEFI/SB support is typically outside the GNU GRUB tree) allows us to make sure UEFI Secure Boot remains supportable and that potential security issues are easy to fix quickly given the complexity of the codebase. This is a complex set of enablement patches; most of them will be fairly straightforward backports, but there are a few known warts: * The included patches are based on grub2 2.02~beta3; as such, some patches require extra backporting effort of other pieces of the loader code down to releases that do not yet include 2.02~beta3 code. [Test Case] The desktop, server, and alternate install images should all boot and install on an SB-enabled system. I would recommend testing installations from both a CD and a USB stick. After each installation, validate that Secure Boot is enabled by checking /sys/firmware/efi/efivars/SecureBoot-*, as well as /sys/firmware/efi/efivars/Mok* variables (for the cases where shim validation may be disabled). Tests should include: - booting with Secure Boot enabled - booting with Secure Boot enabled, but shim validation disabled - booting with Secure Boot disabled, but still in EFI mode [Regression Potential] Check that non-SB installations of all these images still work. For this, it is sufficient to test with either a CD or a USB stick, but not necessarily both. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1696599/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1694859] Re: arm64 kernel crashdump support
This bug was fixed in the package kexec-tools - 1:2.0.14-1ubuntu3.1 --- kexec-tools (1:2.0.14-1ubuntu3.1) zesty; urgency=medium * Add backport of upstream arm64 crashdump support (LP: #1694859). -- dann frazierWed, 21 Jun 2017 15:15:25 -0600 ** Changed in: kexec-tools (Ubuntu Zesty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1694859 Title: arm64 kernel crashdump support Status in kexec-tools package in Ubuntu: Fix Released Status in linux package in Ubuntu: Fix Released Status in makedumpfile package in Ubuntu: Fix Released Status in kexec-tools source package in Xenial: Fix Released Status in linux source package in Xenial: Won't Fix Status in makedumpfile source package in Xenial: Fix Committed Status in kexec-tools source package in Yakkety: In Progress Status in linux source package in Yakkety: Won't Fix Status in makedumpfile source package in Yakkety: Won't Fix Status in kexec-tools source package in Zesty: Fix Released Status in linux source package in Zesty: Fix Released Status in makedumpfile source package in Zesty: Fix Released Bug description: Note: Updates are being staged at ppa:dannf/arm64-kdump. [Impact] It is not possible to collect a kernel crash dump from a crashed arm64 server for later debugging. [Test Case] sudo apt install kdump-tools (reboot, so crashkernel= is added to the kernel commandline) echo c | sudo tee /proc/sysrq-trigger Crash dump should occur, with artifacts collected in /var/crash. If you want to verify that the dump is usable, install the corresponding linux-image--dbgsym package and run: sudo crash /usr/lib/debug/boot/vmlinux- /var/crash//dump. crash should successfully load, placing you at a "crash>" prompt. At that prompt, you can issue the 'bt' command to see a backtrace. Note: you need crash from zesty (7.1.8-1ubuntu1) or later. [Regression Risk] = Kernel = 3 patches here touch code outside of arch/arm64/: memblock: add memblock_clear_nomap() This adds a new function with no callers, so regression risk is negligible. (A later patch adds a call to it under arch/arm64/). memblock: add memblock_cap_memory_range() This refactors some of the code in memblock_mem_limit_remove_map() into a new function. The only existing caller of memblock_mem_limit_remove_map() is under arch/arm64/, so the regression risk outside of arm64 is negligible. efi/libstub/arm*: Set default address and size cells values for an empty dtb Because this code is for EFI platforms that support device-tree, it is de-facto ARM-specific (as noted in the patch title). For arm64, we have mitigated the risk by explicit regression testing on several platforms: - Qualcomm QDF2400 - Cavium ThunderX CRB1S - HP m400 (X-Gene) - HiSilicon D05 (Hi07) = kexec-tools = == zesty == For zesty, 10 patches are required to add kdump support. 0001-kexec-extend-the-semantics-of-kexec_iomem_for_each_l.patch: This modifies a function used on armhf & x86. The description explains the change, and why it does not impact those archs: - The current users of kexec_iomem_for_each_line(), arm, sh and x86, will not be affected by this change because * arm The callback function only returns -1 or 0, and the return value of kexec_iomem_for_each_line() will never be used. * sh, x86 The callback function may return (-1 for sh,) 0 or 1, but always returns 1 once we have reached the maximum number of entries allowed. Even so the current kexec_iomem_for_each_line() counts them up. This change actually fixes this bug. - 0002-kexec-generalize-and-rename-get_kernel_stext_sym.patch: This generalizes a function that was duplicated by arm & x86 and makes it common so arm64 can use it. The remaining 8 of these only touch code in kexec/arch/arm64, so regression risk for other architectures is negligible. Finally, I have tested this update on both i386 and amd64 VMs. i386 crashes do not currently work in zesty (filed LP: #1699874), and my test results show no change there. amd64 worked before, and continues to work with these changes. == yakkety == Since yakkety is based on an older upstream, 6 additional patches are required: arm-fix-get_kernel_stext_sym-to-close-its-file.patch: This is a cleanup patch, cherry-picked because it allows later patches to apply w/o backporting. ARM-specific. kexec-add-max_size-to-memory_ranges.patch: Adds a new element to struct, to be used by later commits. kexec-add-generic-helper-to-add-to-memoryq_regions.patch, kexec-add-mem_regions-sorting-implementation.patch, kexec-add-helper-to-exlude-a-region-from-a-set-of-me.patch, kexec-fix-mem_regions_sort.patch: These
[Group.of.nepali.translators] [Bug 1593907] Re: ntpdate startup routine prevents ntp service from launching up on Ubuntu 16.04 server on system boot
This bug was fixed in the package ntp - 1:4.2.8p9+dfsg-2ubuntu1.2 --- ntp (1:4.2.8p9+dfsg-2ubuntu1.2) zesty; urgency=medium * debian/ntpdate.if-up: Drop delta to stop/start service around ntpdate updates - fixes ntp restart storms due to network changes, fixes accidential start of ntp, avoids issues of ntpdate jumping too far while running ntp was supposed to drift (LP: #1593907) -- Christian EhrhardtFri, 07 Jul 2017 07:59:52 +0200 ** Changed in: ntp (Ubuntu Zesty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1593907 Title: ntpdate startup routine prevents ntp service from launching up on Ubuntu 16.04 server on system boot Status in ntp package in Ubuntu: Fix Released Status in ntp source package in Trusty: Fix Released Status in ntp source package in Xenial: Fix Released Status in ntp source package in Yakkety: Fix Released Status in ntp source package in Zesty: Fix Released Bug description: [Impact] * Fixes several broken cases, those are: * Case 1 - ntp configured to drift time slowly, but time jumping - ntp is running and drifts time towards a target being way off - an interface comes up - stop ntpd - warp time via ntpdate-debian (static interfaces will even set -b) - (re-)start ntpd - if users relied on non-time warp they are now in trouble * Case 2 - ntp start/stop storms - ntpd comes up normally - the admin brings interfaces up/down rather often - ntp is restarted very very often due to this for no reason => reason for bugs like debian 823533 * Case 3 - unintentional enablement of ntp - ntpd is installed but disabled (for whatever reason) - all is fine on any ifup/down - one installs ntpdate, maybe even without realizing due to a depends - now on the next ifup ntpd (or openntpd) will be started * Solution, drop the broken Delta [Test Case] * Testing Case 2/3 as it is the easiest, case 1 needs a more complex setup to cause the time drift but otherwise works the same way. - install ntp and ntpdate - stop ntp - ifup/ifdown an interface multiple times; as simplification you can also call /etc/network/if-up.d/ntpdate directly (not that this spawns the change asnchronous and locks concurrency, so do that a few times over the time of a minute or so) - the service of ntp should still be stopped and not report plenty of restarts [Regression Potential] * It improves a lot of cases (otherwise we wouldn't SRU), but there is one regression potential I can see: - users that relied on starting NTP later on after other interfaces got up due to that code in ntpdate which did that as a side effect. But that is outweigh by Case2/3 for the majority of users. And even Case1 only hits this potential regression on e.g. late network intialization, but in that case please remind that the default (systemd timedatectl) would handle that. - Since most users of ntp do not install ntpdate (which doesn't work when ntp is active) we should be rather safe to assume that almost no one should rely on that side effect. - Furthermore this is a Ubuntu Delta for very long, cause issues (see the references on the git commit) but never made it into Debian - in that sense another indicator it isn't an important delta to have. [Other Info] * The original intention "what if net is available too late" fixed correctly would not be part of ntpdate, but ntp and additionally check if it is actually meant to be enabled - but I never seen/heard of any of it since systemd is around - maybe new ordering mostly avoids the original issue. --- I've installed ntp service on the clean ubuntu 16.04 server system. Configured it. Checked that it works, but, after reboot, it doesn't start automatically. When I check: 'systemctl is-enabled ntp', it shows enabled. If I manually start it 'systemctl start ntp' it starts just fine and woks correctly, but until I manually start it, 'systemctl status ntp' shows: Loaded: loaded (/etc/init.d/ntp; bad; vendor preset: enabled) Active: inactive (deadi) Installed 1.29ubuntu2 version of init-systems-helper, but it didn't fix the problem. Found a bugreport on ntpd package: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1577596 led to solution that involves a change to be made in file: /etc/network/if-up.d/ntpdate of ntpdate package After changing from: __CODE_START__ invoke-rc.d --quiet $service stop >/dev/null 2>&1
[Group.of.nepali.translators] [Bug 1695578] Re: shim-signed trigger should not fail when attempting to re-prompt noninteractively and we've prompted before
This bug was fixed in the package shim-signed - 1.32~16.04.1 --- shim-signed (1.32~16.04.1) xenial; urgency=medium * Backport shim-signed 1.32 to 16.04. (LP: #1700170) shim-signed (1.32) artful; urgency=medium * Handle cleanup of /var/lib/shim-signed on package purge. shim-signed (1.31) artful; urgency=medium * Fix regression in postinst when /var/lib/dkms does not exist. (LP#1700195) * Sort the list of dkms modules when recording. shim-signed (1.30) artful; urgency=medium * update-secureboot-policy: track the installed DKMS modules so we can skip failing unattended upgrades if they hasn't changed (ie. if no new DKMS modules have been installed, just honour the user's previous decision to not disable shim validation). (LP: #1695578) * update-secureboot-policy: allow re-enabling shim validation when no DKMS packages are installed. (LP: #1673904) * debian/source_shim-signed.py: add the textual representation of SecureBoot and MokSBStateRT EFI variables rather than just adding the files directly; also, make sure we include the relevant EFI bits from kernel log. (LP: #1680279) shim-signed (1.29) artful; urgency=medium * Makefile: Generate BOOT$arch.CSV, for use with fallback. * debian/rules: make sure we can do per-arch EFI files. -- Mathieu Trudel-LapierreMon, 10 Jul 2017 17:43:10 -0400 ** Changed in: shim-signed (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1695578 Title: shim-signed trigger should not fail when attempting to re-prompt noninteractively and we've prompted before Status in shim-signed package in Ubuntu: Fix Released Status in shim-signed source package in Trusty: Fix Committed Status in shim-signed source package in Xenial: Fix Released Status in shim-signed source package in Yakkety: Fix Committed Status in shim-signed source package in Zesty: Fix Released Bug description: [Impact] Users may require updates to DKMS modules while shim validation is disabled, and expect to do these updates non-interactively, such as via unattended-upgrades. [Test Case] == Interactive == (on an EFI system with proper Secure Boot support) 1- Install an old version of a DKMS package (such as bbswitch-dkms or r8168-dkms) 2- Follow the prompts on install to disable shim validation; reboot. The system should allow you to install the dkms module and prompt you for a password to disable Secure Boot validation in shim. This behavior should remain the same with or without the patch and serves as an extra verification to guard against regressions. == Uninteractive == (on an EFI system with proper Secure Boot support) 1- Install an old version of a DKMS package (such as bbswitch-dkms or r8168-dkms) 2- Follow the prompts on install to disable shim validation; reboot. 3- Run 'sudo apt update' 4- Enable unattended-upgrades (see https://help.ubuntu.com/lts/serverguide/automatic-updates.html) 4b - If necessary, using PPA packages for testing, allow the PPA source in /etc/apt/apt.conf.d/50unattended-upgrades. 5- Wait/trigger unattended upgrades; observe the behavior: The user has not installed any new DKMS modules, and we're noninteractive, the trigger should silently pass. Without the patch, this test case should fail (upgrade fails) because update-secureboot- policy is unable to prompt the user. == New DKMS package install uninteractively == 1- Enable unattended upgrades 2- Prepare a new PPA package update that adds a dependency on a -dkms package. 3- Wait/trigger unattended upgrades; observe the behavior. The user is in effect installing a new DKMS module that was not already present on the system and being upgraded. In this case, the upgrade should fail, because update-secureboot-policy is unable to prompt the user. Without the patch, the same behavior occurs (this serves as another regression guard) [Regression Potential] Failure to complete an update in non-interactive (unattended-upgrades) when DKMS modules are in use, triggering a failure in apt's upgrade process would be a regression of this update. Also, being unable to correctly recognize the current state of Secure Boot and shim validation, or incorrectly returning before prompting for the password required to toggle shim validation when the shim validation state make sense to be changed (ie. prompting to enable when it is disabled only, prompting to disable only if it's currently enabled). [Background information] The upgrades should run non-interactively without issue whenever possible, but forcefully prompt the user if a new DKMS package is being installed uninteractively: - If the user installs a new DKMS module, we should not silently
[Group.of.nepali.translators] [Bug 1695578] Re: shim-signed trigger should not fail when attempting to re-prompt noninteractively and we've prompted before
This bug was fixed in the package shim-signed - 1.32~17.04.1 --- shim-signed (1.32~17.04.1) zesty; urgency=medium * Backport shim-signed 1.32 to 17.04. (LP: #1700170) shim-signed (1.32) artful; urgency=medium * Handle cleanup of /var/lib/shim-signed on package purge. shim-signed (1.31) artful; urgency=medium * Fix regression in postinst when /var/lib/dkms does not exist. (LP#1700195) * Sort the list of dkms modules when recording. shim-signed (1.30) artful; urgency=medium * update-secureboot-policy: track the installed DKMS modules so we can skip failing unattended upgrades if they hasn't changed (ie. if no new DKMS modules have been installed, just honour the user's previous decision to not disable shim validation). (LP: #1695578) * update-secureboot-policy: allow re-enabling shim validation when no DKMS packages are installed. (LP: #1673904) * debian/source_shim-signed.py: add the textual representation of SecureBoot and MokSBStateRT EFI variables rather than just adding the files directly; also, make sure we include the relevant EFI bits from kernel log. (LP: #1680279) shim-signed (1.29) artful; urgency=medium * Makefile: Generate BOOT$arch.CSV, for use with fallback. * debian/rules: make sure we can do per-arch EFI files. -- Mathieu Trudel-LapierreMon, 10 Jul 2017 17:10:08 -0400 ** Changed in: shim-signed (Ubuntu Zesty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1695578 Title: shim-signed trigger should not fail when attempting to re-prompt noninteractively and we've prompted before Status in shim-signed package in Ubuntu: Fix Released Status in shim-signed source package in Trusty: Fix Committed Status in shim-signed source package in Xenial: Fix Released Status in shim-signed source package in Yakkety: Fix Committed Status in shim-signed source package in Zesty: Fix Released Bug description: [Impact] Users may require updates to DKMS modules while shim validation is disabled, and expect to do these updates non-interactively, such as via unattended-upgrades. [Test Case] == Interactive == (on an EFI system with proper Secure Boot support) 1- Install an old version of a DKMS package (such as bbswitch-dkms or r8168-dkms) 2- Follow the prompts on install to disable shim validation; reboot. The system should allow you to install the dkms module and prompt you for a password to disable Secure Boot validation in shim. This behavior should remain the same with or without the patch and serves as an extra verification to guard against regressions. == Uninteractive == (on an EFI system with proper Secure Boot support) 1- Install an old version of a DKMS package (such as bbswitch-dkms or r8168-dkms) 2- Follow the prompts on install to disable shim validation; reboot. 3- Run 'sudo apt update' 4- Enable unattended-upgrades (see https://help.ubuntu.com/lts/serverguide/automatic-updates.html) 4b - If necessary, using PPA packages for testing, allow the PPA source in /etc/apt/apt.conf.d/50unattended-upgrades. 5- Wait/trigger unattended upgrades; observe the behavior: The user has not installed any new DKMS modules, and we're noninteractive, the trigger should silently pass. Without the patch, this test case should fail (upgrade fails) because update-secureboot- policy is unable to prompt the user. == New DKMS package install uninteractively == 1- Enable unattended upgrades 2- Prepare a new PPA package update that adds a dependency on a -dkms package. 3- Wait/trigger unattended upgrades; observe the behavior. The user is in effect installing a new DKMS module that was not already present on the system and being upgraded. In this case, the upgrade should fail, because update-secureboot-policy is unable to prompt the user. Without the patch, the same behavior occurs (this serves as another regression guard) [Regression Potential] Failure to complete an update in non-interactive (unattended-upgrades) when DKMS modules are in use, triggering a failure in apt's upgrade process would be a regression of this update. Also, being unable to correctly recognize the current state of Secure Boot and shim validation, or incorrectly returning before prompting for the password required to toggle shim validation when the shim validation state make sense to be changed (ie. prompting to enable when it is disabled only, prompting to disable only if it's currently enabled). [Background information] The upgrades should run non-interactively without issue whenever possible, but forcefully prompt the user if a new DKMS package is being installed uninteractively: - If the user installs a new DKMS module, we should not silently
[Group.of.nepali.translators] [Bug 1696599] Re: backport/sync UEFI, Secure Boot support
This bug was fixed in the package grub2-signed - 1.80.2 --- grub2-signed (1.80.2) zesty; urgency=medium * Rebuild against grub2 2.02~beta3-4ubuntu2.2. (LP: #1696599) -- Mathieu Trudel-LapierreWed, 14 Jun 2017 14:46:59 -0400 ** Changed in: grub2-signed (Ubuntu Zesty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1696599 Title: backport/sync UEFI, Secure Boot support Status in grub2 package in Ubuntu: Fix Released Status in grub2-signed package in Ubuntu: Fix Released Status in grub2 source package in Trusty: New Status in grub2-signed source package in Trusty: New Status in grub2 source package in Xenial: Fix Committed Status in grub2-signed source package in Xenial: Fix Committed Status in grub2 source package in Yakkety: Won't Fix Status in grub2-signed source package in Yakkety: Won't Fix Status in grub2 source package in Zesty: Fix Released Status in grub2-signed source package in Zesty: Fix Released Status in grub2 source package in Artful: Fix Released Status in grub2-signed source package in Artful: Fix Released Bug description: [Impact] Since the implementation of UEFI Secure Boot in Ubuntu, there has been a large number of changes to the EFI patchset, handled "upstream" at https://github.com/vathpela/grub2-fedora/tree/sb. This SRU is handled as a wholesale "sync" with a known set of patches rather than individual cherry-picks given the high risk in cherry- picking individual changes; we do not want to risk subtly breaking Secure Boot support or introducing a security issue due to using different sets of patches across our currently supported releases. Using a common set of patches across releases and making sure we're in sync with "upstream" for that particular section of the grub2 codebase (specifically, UEFI/SB support is typically outside the GNU GRUB tree) allows us to make sure UEFI Secure Boot remains supportable and that potential security issues are easy to fix quickly given the complexity of the codebase. This is a complex set of enablement patches; most of them will be fairly straightforward backports, but there are a few known warts: * The included patches are based on grub2 2.02~beta3; as such, some patches require extra backporting effort of other pieces of the loader code down to releases that do not yet include 2.02~beta3 code. [Test Case] The desktop, server, and alternate install images should all boot and install on an SB-enabled system. I would recommend testing installations from both a CD and a USB stick. After each installation, validate that Secure Boot is enabled by checking /sys/firmware/efi/efivars/SecureBoot-*, as well as /sys/firmware/efi/efivars/Mok* variables (for the cases where shim validation may be disabled). Tests should include: - booting with Secure Boot enabled - booting with Secure Boot enabled, but shim validation disabled - booting with Secure Boot disabled, but still in EFI mode [Regression Potential] Check that non-SB installations of all these images still work. For this, it is sufficient to test with either a CD or a USB stick, but not necessarily both. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1696599/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1700170] Re: backport shim-signed 1.30 from artful to supported releases
This bug was fixed in the package shim-signed - 1.32~17.04.1 --- shim-signed (1.32~17.04.1) zesty; urgency=medium * Backport shim-signed 1.32 to 17.04. (LP: #1700170) shim-signed (1.32) artful; urgency=medium * Handle cleanup of /var/lib/shim-signed on package purge. shim-signed (1.31) artful; urgency=medium * Fix regression in postinst when /var/lib/dkms does not exist. (LP#1700195) * Sort the list of dkms modules when recording. shim-signed (1.30) artful; urgency=medium * update-secureboot-policy: track the installed DKMS modules so we can skip failing unattended upgrades if they hasn't changed (ie. if no new DKMS modules have been installed, just honour the user's previous decision to not disable shim validation). (LP: #1695578) * update-secureboot-policy: allow re-enabling shim validation when no DKMS packages are installed. (LP: #1673904) * debian/source_shim-signed.py: add the textual representation of SecureBoot and MokSBStateRT EFI variables rather than just adding the files directly; also, make sure we include the relevant EFI bits from kernel log. (LP: #1680279) shim-signed (1.29) artful; urgency=medium * Makefile: Generate BOOT$arch.CSV, for use with fallback. * debian/rules: make sure we can do per-arch EFI files. -- Mathieu Trudel-LapierreMon, 10 Jul 2017 17:10:08 -0400 ** Changed in: shim-signed (Ubuntu Zesty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1700170 Title: backport shim-signed 1.30 from artful to supported releases Status in shim-signed package in Ubuntu: Fix Released Status in shim-signed source package in Trusty: Fix Committed Status in shim-signed source package in Xenial: Fix Released Status in shim-signed source package in Yakkety: Fix Committed Status in shim-signed source package in Zesty: Fix Released Bug description: [Impact] shim-signed ships the signed shim$arch.efi binary that goes with the shim package available in each release, which should remain synchronized across all supported releases as to make sure the security sensitive binary can be appropriately supported. shim-signed also ships some additional bits that are useful to go along with the shim binary; and this is what is actually targetted on this SRU: shim itself does not change, but in the interest of making support as easy as possible, the supporting files shipped with it are also kept synchronized across releases. These files are the following: - an apport hook, useful to let users report issues in updating the Boot Entries on their firmware, debugging upgrade issues, etc; and provides critical information about the system on which a bug is reported about the state of that system's EFI firmware: whether EFI validation is enabled, whether Secure Boot is enabled, whether it was properly started by the kernel; - a BOOT$arch.CSV file, to be installed by grub2 if present, where grub2 has that feature (in artful only), or to be installed manually by the user if wanted. This file is a text file that provides the location of shim on a system when running the shim fallback binary (also not installed prior to artful). [Test case] See the other closed bugs for this backport, which include their own test cases. == boot.csv == 1) Verify that /usr/lib/shim/BOOTX64.CSV contains: shimx64.efi,ubuntu,,This is the boot entry for Ubuntu [Regression potential] See the other closed bugs for this backport, which include their own test cases. Shipping the BOOT$arch.CSV file alone has no risk of regression, it constitutes a single text file shipped in a location where it is not used; it is only contained in the backport to simplify keeping the shim-signed packages synchronized. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1700170/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1696599] Re: backport/sync UEFI, Secure Boot support
This bug was fixed in the package grub2 - 2.02~beta3-4ubuntu2.2 --- grub2 (2.02~beta3-4ubuntu2.2) zesty; urgency=medium * debian/patches: Rework linuxefi/SecureBoot support and sync with upstream SB patch set: (LP: #1696599) - linuxefi_arm_sb_support.patch: add Secure Boot support for arm for its chainloader. - linuxefi_fix_validation_race.patch: Fix a race in validating images. - linuxefi_chainloader_path.patch: honor the starting path for grub, so images do not need to be started from $root. - linuxefi_chainloader_sb.patch: Fix some more issues in chainloader use when Secure Boot is enabled. - linuxefi_loaders_enforce_sb.patch: Enforce Secure Boot policy for all loaders: don't load the commands when Secure Boot is enabled. - linuxefi_re-enable_linux_cmd.patch: Since we rely on the linux and initrd commands to automatically hand-off to linuxefi/initrdefi; re- enable the linux loader. - linuxefi_chainloader_pe_fixes.patch: PE parsing fixes for chainloading "special" PE images, such as Windows'. - linuxefi_rework_non-sb_cases.patch: rework cases where Secure Boot is disabled or shim validation is disabled so loading works as EFI binaries when it is supposed to. - Removed linuxefi_require_shim.patch; superseded by the above. (LP: #1689687) -- Mathieu Trudel-LapierreWed, 14 Jun 2017 14:44:48 -0400 ** Changed in: grub2 (Ubuntu Zesty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1696599 Title: backport/sync UEFI, Secure Boot support Status in grub2 package in Ubuntu: Fix Released Status in grub2-signed package in Ubuntu: Fix Released Status in grub2 source package in Trusty: New Status in grub2-signed source package in Trusty: New Status in grub2 source package in Xenial: Fix Committed Status in grub2-signed source package in Xenial: Fix Committed Status in grub2 source package in Yakkety: Won't Fix Status in grub2-signed source package in Yakkety: Won't Fix Status in grub2 source package in Zesty: Fix Released Status in grub2-signed source package in Zesty: Fix Released Status in grub2 source package in Artful: Fix Released Status in grub2-signed source package in Artful: Fix Released Bug description: [Impact] Since the implementation of UEFI Secure Boot in Ubuntu, there has been a large number of changes to the EFI patchset, handled "upstream" at https://github.com/vathpela/grub2-fedora/tree/sb. This SRU is handled as a wholesale "sync" with a known set of patches rather than individual cherry-picks given the high risk in cherry- picking individual changes; we do not want to risk subtly breaking Secure Boot support or introducing a security issue due to using different sets of patches across our currently supported releases. Using a common set of patches across releases and making sure we're in sync with "upstream" for that particular section of the grub2 codebase (specifically, UEFI/SB support is typically outside the GNU GRUB tree) allows us to make sure UEFI Secure Boot remains supportable and that potential security issues are easy to fix quickly given the complexity of the codebase. This is a complex set of enablement patches; most of them will be fairly straightforward backports, but there are a few known warts: * The included patches are based on grub2 2.02~beta3; as such, some patches require extra backporting effort of other pieces of the loader code down to releases that do not yet include 2.02~beta3 code. [Test Case] The desktop, server, and alternate install images should all boot and install on an SB-enabled system. I would recommend testing installations from both a CD and a USB stick. After each installation, validate that Secure Boot is enabled by checking /sys/firmware/efi/efivars/SecureBoot-*, as well as /sys/firmware/efi/efivars/Mok* variables (for the cases where shim validation may be disabled). Tests should include: - booting with Secure Boot enabled - booting with Secure Boot enabled, but shim validation disabled - booting with Secure Boot disabled, but still in EFI mode [Regression Potential] Check that non-SB installations of all these images still work. For this, it is sufficient to test with either a CD or a USB stick, but not necessarily both. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1696599/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help :
[Group.of.nepali.translators] [Bug 1689687] Re: pass validation if shim protocol is not installed
This bug was fixed in the package grub2 - 2.02~beta3-4ubuntu2.2 --- grub2 (2.02~beta3-4ubuntu2.2) zesty; urgency=medium * debian/patches: Rework linuxefi/SecureBoot support and sync with upstream SB patch set: (LP: #1696599) - linuxefi_arm_sb_support.patch: add Secure Boot support for arm for its chainloader. - linuxefi_fix_validation_race.patch: Fix a race in validating images. - linuxefi_chainloader_path.patch: honor the starting path for grub, so images do not need to be started from $root. - linuxefi_chainloader_sb.patch: Fix some more issues in chainloader use when Secure Boot is enabled. - linuxefi_loaders_enforce_sb.patch: Enforce Secure Boot policy for all loaders: don't load the commands when Secure Boot is enabled. - linuxefi_re-enable_linux_cmd.patch: Since we rely on the linux and initrd commands to automatically hand-off to linuxefi/initrdefi; re- enable the linux loader. - linuxefi_chainloader_pe_fixes.patch: PE parsing fixes for chainloading "special" PE images, such as Windows'. - linuxefi_rework_non-sb_cases.patch: rework cases where Secure Boot is disabled or shim validation is disabled so loading works as EFI binaries when it is supposed to. - Removed linuxefi_require_shim.patch; superseded by the above. (LP: #1689687) -- Mathieu Trudel-LapierreWed, 14 Jun 2017 14:44:48 -0400 ** Changed in: grub2 (Ubuntu Zesty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1689687 Title: pass validation if shim protocol is not installed Status in grub2 package in Ubuntu: Fix Released Status in grub2 source package in Xenial: Fix Committed Status in grub2 source package in Yakkety: Fix Committed Status in grub2 source package in Zesty: Fix Released Status in grub2 source package in Artful: Fix Released Bug description: [Impact] Users of UEFI Secure Boot that must disable SB validation in shim, for example to run dkms modules, may notice that the kernel incorrectly reports the SecureBoot/shim states. [Test case] 1) Install bbswitch-dkms a) Validate whether you are prompted to disable Secure Boot. If Secure Boot is already disabled, you should not be prompted again. If it isn't, you should be prompted once. b) If shim validation was previously disabled, verify that the kernel reports /proc/sys/kernel/moksbstate_disabled as "1" (shim validation disabled) [Regression Potential] This affects the loading behavior for the kernel, which will now load as an EFI binary and thus execute some extra code to bring up UEFI, which would otherwise not get loaded in the case shim validation is disabled. Given that the system must have booted successfully once for validation to get disabled, there should not be any issues; but possible resulting regressions would be a failure to correctly load the kernel, or a kernel issue early on during boot. Furthermore, any instance where the incorrect loading behavior was relied upon by installs (though I can think of no examples for this) would regress. The kind of issue that might be seen there is where code relies on /proc/sys/kernel/moksbstate_disabled or /proc/sys/kernel/secure_boot, or on other aspects of the kernel's secure boot policy (there seems to exist at least one special case for SB in kernel bluetooth code), the programs that rely on such behavior would regress. There are no packages shipped in Ubuntu that rely on this incorrect behavior; the only known package to ship something that checks the relevant /proc files is shim-signed, and this is meant to correct the behavior when these values are set. --- GRUB currently fails SecureBoot validation (ie. calls to grub_linuxefi_secure_validate() fail) if shim's protocol is not installed when that function is called. This currently breaks some kernel features relying on starting in the EFI stub code (ie. the kernel being loaded as an EFI binary); and instead falls back to the 'linux' command instead of 'linuxefi'. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1689687/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1700170] Re: backport shim-signed 1.30 from artful to supported releases
This bug was fixed in the package shim-signed - 1.32~16.04.1 --- shim-signed (1.32~16.04.1) xenial; urgency=medium * Backport shim-signed 1.32 to 16.04. (LP: #1700170) shim-signed (1.32) artful; urgency=medium * Handle cleanup of /var/lib/shim-signed on package purge. shim-signed (1.31) artful; urgency=medium * Fix regression in postinst when /var/lib/dkms does not exist. (LP#1700195) * Sort the list of dkms modules when recording. shim-signed (1.30) artful; urgency=medium * update-secureboot-policy: track the installed DKMS modules so we can skip failing unattended upgrades if they hasn't changed (ie. if no new DKMS modules have been installed, just honour the user's previous decision to not disable shim validation). (LP: #1695578) * update-secureboot-policy: allow re-enabling shim validation when no DKMS packages are installed. (LP: #1673904) * debian/source_shim-signed.py: add the textual representation of SecureBoot and MokSBStateRT EFI variables rather than just adding the files directly; also, make sure we include the relevant EFI bits from kernel log. (LP: #1680279) shim-signed (1.29) artful; urgency=medium * Makefile: Generate BOOT$arch.CSV, for use with fallback. * debian/rules: make sure we can do per-arch EFI files. -- Mathieu Trudel-LapierreMon, 10 Jul 2017 17:43:10 -0400 ** Changed in: shim-signed (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1700170 Title: backport shim-signed 1.30 from artful to supported releases Status in shim-signed package in Ubuntu: Fix Released Status in shim-signed source package in Trusty: Fix Committed Status in shim-signed source package in Xenial: Fix Released Status in shim-signed source package in Yakkety: Fix Committed Status in shim-signed source package in Zesty: Fix Released Bug description: [Impact] shim-signed ships the signed shim$arch.efi binary that goes with the shim package available in each release, which should remain synchronized across all supported releases as to make sure the security sensitive binary can be appropriately supported. shim-signed also ships some additional bits that are useful to go along with the shim binary; and this is what is actually targetted on this SRU: shim itself does not change, but in the interest of making support as easy as possible, the supporting files shipped with it are also kept synchronized across releases. These files are the following: - an apport hook, useful to let users report issues in updating the Boot Entries on their firmware, debugging upgrade issues, etc; and provides critical information about the system on which a bug is reported about the state of that system's EFI firmware: whether EFI validation is enabled, whether Secure Boot is enabled, whether it was properly started by the kernel; - a BOOT$arch.CSV file, to be installed by grub2 if present, where grub2 has that feature (in artful only), or to be installed manually by the user if wanted. This file is a text file that provides the location of shim on a system when running the shim fallback binary (also not installed prior to artful). [Test case] See the other closed bugs for this backport, which include their own test cases. == boot.csv == 1) Verify that /usr/lib/shim/BOOTX64.CSV contains: shimx64.efi,ubuntu,,This is the boot entry for Ubuntu [Regression potential] See the other closed bugs for this backport, which include their own test cases. Shipping the BOOT$arch.CSV file alone has no risk of regression, it constitutes a single text file shipped in a location where it is not used; it is only contained in the backport to simplify keeping the shim-signed packages synchronized. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1700170/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1680279] Re: attach secureboot state files to shim-signed apport reports
This bug was fixed in the package shim-signed - 1.32~16.04.1 --- shim-signed (1.32~16.04.1) xenial; urgency=medium * Backport shim-signed 1.32 to 16.04. (LP: #1700170) shim-signed (1.32) artful; urgency=medium * Handle cleanup of /var/lib/shim-signed on package purge. shim-signed (1.31) artful; urgency=medium * Fix regression in postinst when /var/lib/dkms does not exist. (LP#1700195) * Sort the list of dkms modules when recording. shim-signed (1.30) artful; urgency=medium * update-secureboot-policy: track the installed DKMS modules so we can skip failing unattended upgrades if they hasn't changed (ie. if no new DKMS modules have been installed, just honour the user's previous decision to not disable shim validation). (LP: #1695578) * update-secureboot-policy: allow re-enabling shim validation when no DKMS packages are installed. (LP: #1673904) * debian/source_shim-signed.py: add the textual representation of SecureBoot and MokSBStateRT EFI variables rather than just adding the files directly; also, make sure we include the relevant EFI bits from kernel log. (LP: #1680279) shim-signed (1.29) artful; urgency=medium * Makefile: Generate BOOT$arch.CSV, for use with fallback. * debian/rules: make sure we can do per-arch EFI files. -- Mathieu Trudel-LapierreMon, 10 Jul 2017 17:43:10 -0400 ** Changed in: shim-signed (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1680279 Title: attach secureboot state files to shim-signed apport reports Status in shim-signed package in Ubuntu: Fix Released Status in shim-signed source package in Trusty: Fix Committed Status in shim-signed source package in Xenial: Fix Released Status in shim-signed source package in Yakkety: Fix Committed Status in shim-signed source package in Zesty: Fix Released Bug description: [SRU Justification] I'm asking the same questions repeatedly of bug submitters about the state of secureboot on their systems, so we should just include these files in the apport hook. Since shim-signed changes in stable releases for policy reasons, this should be SRUed back in as well. [Test case] 1. Install the shim-signed package from -proposed 2. Run apport-bug shim-signed 3. Confirm that the apport collection succeeds 4. Verify that the report to be sent includes keys for two files under /sys/firmware/efi/efivars and for /proc/sys/kernel/moksbstate_disabled [Regression potential] If I done messed up, we could fail to get bug reports about shim that we really need. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1680279/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1673904] Re: update-secureboot-policy --enable does not work after dkms modules removed
This bug was fixed in the package shim-signed - 1.32~17.04.1 --- shim-signed (1.32~17.04.1) zesty; urgency=medium * Backport shim-signed 1.32 to 17.04. (LP: #1700170) shim-signed (1.32) artful; urgency=medium * Handle cleanup of /var/lib/shim-signed on package purge. shim-signed (1.31) artful; urgency=medium * Fix regression in postinst when /var/lib/dkms does not exist. (LP#1700195) * Sort the list of dkms modules when recording. shim-signed (1.30) artful; urgency=medium * update-secureboot-policy: track the installed DKMS modules so we can skip failing unattended upgrades if they hasn't changed (ie. if no new DKMS modules have been installed, just honour the user's previous decision to not disable shim validation). (LP: #1695578) * update-secureboot-policy: allow re-enabling shim validation when no DKMS packages are installed. (LP: #1673904) * debian/source_shim-signed.py: add the textual representation of SecureBoot and MokSBStateRT EFI variables rather than just adding the files directly; also, make sure we include the relevant EFI bits from kernel log. (LP: #1680279) shim-signed (1.29) artful; urgency=medium * Makefile: Generate BOOT$arch.CSV, for use with fallback. * debian/rules: make sure we can do per-arch EFI files. -- Mathieu Trudel-LapierreMon, 10 Jul 2017 17:10:08 -0400 ** Changed in: shim-signed (Ubuntu Zesty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1673904 Title: update-secureboot-policy --enable does not work after dkms modules removed Status in shim-signed package in Ubuntu: Fix Released Status in shim-signed source package in Trusty: Fix Committed Status in shim-signed source package in Xenial: Fix Released Status in shim-signed source package in Yakkety: Fix Committed Status in shim-signed source package in Zesty: Fix Released Bug description: [Impact] Re-enabling Secure Boot after DKMS packages are no longer needed is useful to benefit from the extra security afforded by having all bits of the bootloader and kernel signed by a proper key. [Test Case] (on a system with SHIM validation disabled) 1- Remove all dkms modules 2- Attempt to run 'sudo update-secureboot-policy --enable' 3- Observe the behavior. With the fixed update-secureboot-policy script, you should be prompted to re-enable shim validation; which is otherwise skipped with no output with previous versions of the script in shim-signed. [Regression Potential] Possible regression from this update would be changes to expected behavior of the update-secureboot-policy script; such as being unable to correctly recognize the current state of Secure Boot and shim validation, or incorrectly returning before prompting for the password required to toggle shim validation when the shim validation state make sense to be changed (ie. prompting to enable when it is disabled only, prompting to disable only if it's currently enabled). Any change in proper prompting in a debconf non-interactive context could also be a regression from this update. --- If I have disabled secureboot on my system via update-secureboot- policy due to the presence of dkms modules, but subsequently remove these dkms modules because I decide I don't like not having secureboot, I cannot re-enable SB by running 'update-secureboot-policy --enable'. I think either the check for /var/lib/dkms should only apply when update-secureboot-policy is called without arguments, or this check should be encoded in the shim-signed postinst so that manual calls from the commandline DWIM. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1673904/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1673904] Re: update-secureboot-policy --enable does not work after dkms modules removed
This bug was fixed in the package shim-signed - 1.32~16.04.1 --- shim-signed (1.32~16.04.1) xenial; urgency=medium * Backport shim-signed 1.32 to 16.04. (LP: #1700170) shim-signed (1.32) artful; urgency=medium * Handle cleanup of /var/lib/shim-signed on package purge. shim-signed (1.31) artful; urgency=medium * Fix regression in postinst when /var/lib/dkms does not exist. (LP#1700195) * Sort the list of dkms modules when recording. shim-signed (1.30) artful; urgency=medium * update-secureboot-policy: track the installed DKMS modules so we can skip failing unattended upgrades if they hasn't changed (ie. if no new DKMS modules have been installed, just honour the user's previous decision to not disable shim validation). (LP: #1695578) * update-secureboot-policy: allow re-enabling shim validation when no DKMS packages are installed. (LP: #1673904) * debian/source_shim-signed.py: add the textual representation of SecureBoot and MokSBStateRT EFI variables rather than just adding the files directly; also, make sure we include the relevant EFI bits from kernel log. (LP: #1680279) shim-signed (1.29) artful; urgency=medium * Makefile: Generate BOOT$arch.CSV, for use with fallback. * debian/rules: make sure we can do per-arch EFI files. -- Mathieu Trudel-LapierreMon, 10 Jul 2017 17:43:10 -0400 ** Changed in: shim-signed (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1673904 Title: update-secureboot-policy --enable does not work after dkms modules removed Status in shim-signed package in Ubuntu: Fix Released Status in shim-signed source package in Trusty: Fix Committed Status in shim-signed source package in Xenial: Fix Released Status in shim-signed source package in Yakkety: Fix Committed Status in shim-signed source package in Zesty: Fix Released Bug description: [Impact] Re-enabling Secure Boot after DKMS packages are no longer needed is useful to benefit from the extra security afforded by having all bits of the bootloader and kernel signed by a proper key. [Test Case] (on a system with SHIM validation disabled) 1- Remove all dkms modules 2- Attempt to run 'sudo update-secureboot-policy --enable' 3- Observe the behavior. With the fixed update-secureboot-policy script, you should be prompted to re-enable shim validation; which is otherwise skipped with no output with previous versions of the script in shim-signed. [Regression Potential] Possible regression from this update would be changes to expected behavior of the update-secureboot-policy script; such as being unable to correctly recognize the current state of Secure Boot and shim validation, or incorrectly returning before prompting for the password required to toggle shim validation when the shim validation state make sense to be changed (ie. prompting to enable when it is disabled only, prompting to disable only if it's currently enabled). Any change in proper prompting in a debconf non-interactive context could also be a regression from this update. --- If I have disabled secureboot on my system via update-secureboot- policy due to the presence of dkms modules, but subsequently remove these dkms modules because I decide I don't like not having secureboot, I cannot re-enable SB by running 'update-secureboot-policy --enable'. I think either the check for /var/lib/dkms should only apply when update-secureboot-policy is called without arguments, or this check should be encoded in the shim-signed postinst so that manual calls from the commandline DWIM. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1673904/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1680279] Re: attach secureboot state files to shim-signed apport reports
This bug was fixed in the package shim-signed - 1.32~17.04.1 --- shim-signed (1.32~17.04.1) zesty; urgency=medium * Backport shim-signed 1.32 to 17.04. (LP: #1700170) shim-signed (1.32) artful; urgency=medium * Handle cleanup of /var/lib/shim-signed on package purge. shim-signed (1.31) artful; urgency=medium * Fix regression in postinst when /var/lib/dkms does not exist. (LP#1700195) * Sort the list of dkms modules when recording. shim-signed (1.30) artful; urgency=medium * update-secureboot-policy: track the installed DKMS modules so we can skip failing unattended upgrades if they hasn't changed (ie. if no new DKMS modules have been installed, just honour the user's previous decision to not disable shim validation). (LP: #1695578) * update-secureboot-policy: allow re-enabling shim validation when no DKMS packages are installed. (LP: #1673904) * debian/source_shim-signed.py: add the textual representation of SecureBoot and MokSBStateRT EFI variables rather than just adding the files directly; also, make sure we include the relevant EFI bits from kernel log. (LP: #1680279) shim-signed (1.29) artful; urgency=medium * Makefile: Generate BOOT$arch.CSV, for use with fallback. * debian/rules: make sure we can do per-arch EFI files. -- Mathieu Trudel-LapierreMon, 10 Jul 2017 17:10:08 -0400 ** Changed in: shim-signed (Ubuntu Zesty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1680279 Title: attach secureboot state files to shim-signed apport reports Status in shim-signed package in Ubuntu: Fix Released Status in shim-signed source package in Trusty: Fix Committed Status in shim-signed source package in Xenial: Fix Released Status in shim-signed source package in Yakkety: Fix Committed Status in shim-signed source package in Zesty: Fix Released Bug description: [SRU Justification] I'm asking the same questions repeatedly of bug submitters about the state of secureboot on their systems, so we should just include these files in the apport hook. Since shim-signed changes in stable releases for policy reasons, this should be SRUed back in as well. [Test case] 1. Install the shim-signed package from -proposed 2. Run apport-bug shim-signed 3. Confirm that the apport collection succeeds 4. Verify that the report to be sent includes keys for two files under /sys/firmware/efi/efivars and for /proc/sys/kernel/moksbstate_disabled [Regression potential] If I done messed up, we could fail to get bug reports about shim that we really need. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1680279/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1593907] Re: ntpdate startup routine prevents ntp service from launching up on Ubuntu 16.04 server on system boot
This bug was fixed in the package ntp - 1:4.2.6.p5+dfsg- 3ubuntu2.14.04.12 --- ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.12) trusty; urgency=medium * debian/ntpdate.if-up: Drop delta to stop/start service around ntpdate updates - fixes ntp restart storms due to network changes, fixes accidential start of ntp, avoids issues of ntpdate jumping too far while running ntp was supposed to drift (LP: #1593907) -- Christian EhrhardtFri, 07 Jul 2017 07:53:16 +0200 ** Changed in: ntp (Ubuntu Trusty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1593907 Title: ntpdate startup routine prevents ntp service from launching up on Ubuntu 16.04 server on system boot Status in ntp package in Ubuntu: Fix Released Status in ntp source package in Trusty: Fix Released Status in ntp source package in Xenial: Fix Released Status in ntp source package in Yakkety: Fix Released Status in ntp source package in Zesty: Fix Released Bug description: [Impact] * Fixes several broken cases, those are: * Case 1 - ntp configured to drift time slowly, but time jumping - ntp is running and drifts time towards a target being way off - an interface comes up - stop ntpd - warp time via ntpdate-debian (static interfaces will even set -b) - (re-)start ntpd - if users relied on non-time warp they are now in trouble * Case 2 - ntp start/stop storms - ntpd comes up normally - the admin brings interfaces up/down rather often - ntp is restarted very very often due to this for no reason => reason for bugs like debian 823533 * Case 3 - unintentional enablement of ntp - ntpd is installed but disabled (for whatever reason) - all is fine on any ifup/down - one installs ntpdate, maybe even without realizing due to a depends - now on the next ifup ntpd (or openntpd) will be started * Solution, drop the broken Delta [Test Case] * Testing Case 2/3 as it is the easiest, case 1 needs a more complex setup to cause the time drift but otherwise works the same way. - install ntp and ntpdate - stop ntp - ifup/ifdown an interface multiple times; as simplification you can also call /etc/network/if-up.d/ntpdate directly (not that this spawns the change asnchronous and locks concurrency, so do that a few times over the time of a minute or so) - the service of ntp should still be stopped and not report plenty of restarts [Regression Potential] * It improves a lot of cases (otherwise we wouldn't SRU), but there is one regression potential I can see: - users that relied on starting NTP later on after other interfaces got up due to that code in ntpdate which did that as a side effect. But that is outweigh by Case2/3 for the majority of users. And even Case1 only hits this potential regression on e.g. late network intialization, but in that case please remind that the default (systemd timedatectl) would handle that. - Since most users of ntp do not install ntpdate (which doesn't work when ntp is active) we should be rather safe to assume that almost no one should rely on that side effect. - Furthermore this is a Ubuntu Delta for very long, cause issues (see the references on the git commit) but never made it into Debian - in that sense another indicator it isn't an important delta to have. [Other Info] * The original intention "what if net is available too late" fixed correctly would not be part of ntpdate, but ntp and additionally check if it is actually meant to be enabled - but I never seen/heard of any of it since systemd is around - maybe new ordering mostly avoids the original issue. --- I've installed ntp service on the clean ubuntu 16.04 server system. Configured it. Checked that it works, but, after reboot, it doesn't start automatically. When I check: 'systemctl is-enabled ntp', it shows enabled. If I manually start it 'systemctl start ntp' it starts just fine and woks correctly, but until I manually start it, 'systemctl status ntp' shows: Loaded: loaded (/etc/init.d/ntp; bad; vendor preset: enabled) Active: inactive (deadi) Installed 1.29ubuntu2 version of init-systems-helper, but it didn't fix the problem. Found a bugreport on ntpd package: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1577596 led to solution that involves a change to be made in file: /etc/network/if-up.d/ntpdate of ntpdate package After changing from: __CODE_START__ invoke-rc.d --quiet $service
[Group.of.nepali.translators] [Bug 1689687] Re: pass validation if shim protocol is not installed
** Changed in: grub2 (Ubuntu Yakkety) Status: Fix Committed => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1689687 Title: pass validation if shim protocol is not installed Status in grub2 package in Ubuntu: Fix Released Status in grub2 source package in Xenial: Fix Committed Status in grub2 source package in Yakkety: Won't Fix Status in grub2 source package in Zesty: Fix Released Status in grub2 source package in Artful: Fix Released Bug description: [Impact] Users of UEFI Secure Boot that must disable SB validation in shim, for example to run dkms modules, may notice that the kernel incorrectly reports the SecureBoot/shim states. [Test case] 1) Install bbswitch-dkms a) Validate whether you are prompted to disable Secure Boot. If Secure Boot is already disabled, you should not be prompted again. If it isn't, you should be prompted once. b) If shim validation was previously disabled, verify that the kernel reports /proc/sys/kernel/moksbstate_disabled as "1" (shim validation disabled) [Regression Potential] This affects the loading behavior for the kernel, which will now load as an EFI binary and thus execute some extra code to bring up UEFI, which would otherwise not get loaded in the case shim validation is disabled. Given that the system must have booted successfully once for validation to get disabled, there should not be any issues; but possible resulting regressions would be a failure to correctly load the kernel, or a kernel issue early on during boot. Furthermore, any instance where the incorrect loading behavior was relied upon by installs (though I can think of no examples for this) would regress. The kind of issue that might be seen there is where code relies on /proc/sys/kernel/moksbstate_disabled or /proc/sys/kernel/secure_boot, or on other aspects of the kernel's secure boot policy (there seems to exist at least one special case for SB in kernel bluetooth code), the programs that rely on such behavior would regress. There are no packages shipped in Ubuntu that rely on this incorrect behavior; the only known package to ship something that checks the relevant /proc files is shim-signed, and this is meant to correct the behavior when these values are set. --- GRUB currently fails SecureBoot validation (ie. calls to grub_linuxefi_secure_validate() fail) if shim's protocol is not installed when that function is called. This currently breaks some kernel features relying on starting in the EFI stub code (ie. the kernel being loaded as an EFI binary); and instead falls back to the 'linux' command instead of 'linuxefi'. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1689687/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1706900] Re: CVE-2016-9877 RabbitMQ authentication vulnerability
** Also affects: rabbitmq-server (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: rabbitmq-server (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: rabbitmq-server (Ubuntu) Status: Triaged => Fix Released ** Changed in: rabbitmq-server (Ubuntu Trusty) Status: New => Confirmed ** Changed in: rabbitmq-server (Ubuntu Xenial) Status: New => Confirmed ** Changed in: rabbitmq-server (Ubuntu Trusty) Importance: Undecided => High ** Changed in: rabbitmq-server (Ubuntu Xenial) Importance: Undecided => High ** Changed in: rabbitmq-server (Ubuntu Trusty) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: rabbitmq-server (Ubuntu Xenial) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1706900 Title: CVE-2016-9877 RabbitMQ authentication vulnerability Status in RabbitMQ: Fix Released Status in rabbitmq-server package in Ubuntu: Fix Released Status in rabbitmq-server source package in Trusty: Confirmed Status in rabbitmq-server source package in Xenial: Confirmed Bug description: https://pivotal.io/security/cve-2016-9877 "MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected." Affects RabbitMQ "3.x versions prior to 3.5.8" Ubuntu's Xenial repos are currently offering 3.5.7-1ubuntu0.16.04.1, and according to its changelog, Pivotal's fix for CVE-2016-9877 has not been included. To manage notifications about this bug go to: https://bugs.launchpad.net/rabbitmq/+bug/1706900/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1687273] Re: Shared folder randomly not mounted
seems to be resolved, issue did not occured again ** Changed in: linux (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1687273 Title: Shared folder randomly not mounted Status in Linux: Unknown Status in cifs-utils package in Ubuntu: Invalid Status in linux package in Ubuntu: Fix Released Status in cifs-utils source package in Xenial: New Status in linux source package in Xenial: In Progress Status in linux package in Debian: Fix Released Bug description: Hello Everybody, since last update from ubuntu 16.04.2, last night, my servers are randomly not able to read and write from shared folders. I got this message: lsof: WARNING: can't stat() cifs file system /mnt/record Output information may be incomplete. lsof: WARNING: can't stat() cifs file system /mnt/record Output information may be incomplete. lsof: WARNING: can't stat() cifs file system /mnt/record Output information may be incomplete. ... rsync: ERROR: cannot stat destination "/mnt/record/": Host is down (112) rsync error: errors selecting input/output files, dirs (code 3) at main.c(652) [Receiver=3.1.1] This comes from my cron script. When I type df -h it takes sometimes very long to get the list. And it also can be that the mounted share is disconnected and I have to mount -a (what also takes long) again. My fstab have this command: //address /mnt/storage cifs auto,nofail,iocharset=utf8,rw,credentials=/path/.smb,uid=1000,gid=1000,file_mode=0660,dir_mode=0770 0 0 My update list from last night was this: linux-image-4.4.0-75-generic:amd64 (4.4.0-75.96, automatic) linux-image-extra-4.4.0-75-generic:amd64 (4.4.0-75.96, automatic) linux-headers-4.4.0-75-generic:amd64 (4.4.0-75.96, automatic) linux-headers-4.4.0-75:amd64 (4.4.0-75.96, automatic) Upgrade: libdns-export162:amd64 (1:9.10.3.dfsg.P4-8ubuntu1.5, 1:9.10.3.dfsg.P4-8ubuntu1.6) linux-headers-generic:amd64 (4.4.0.72.78, 4.4.0.75.81) linux-libc-dev:amd64 (4.4.0-72.93, 4.4.0-75.96) mysql-client-5.7:amd64 (5.7.17-0ubuntu0.16.04.2, 5.7.18-0ubuntu0.16.04.1) libapt-inst2.0:amd64 (1.2.19, 1.2.20) mysql-server-5.7:amd64 (5.7.17-0ubuntu0.16.04.2, 5.7.18-0ubuntu0.16.04.1) libsystemd0:amd64 (229-4ubuntu16, 229-4ubuntu17) linux-image-generic:amd64 (4.4.0.72.78, 4.4.0.75.81) apt:amd64 (1.2.19, 1.2.20) mysql-server:amd64 (5.7.17-0ubuntu0.16.04.2, 5.7.18-0ubuntu0.16.04.1) udev:amd64 (229-4ubuntu16, 229-4ubuntu17) libapt-pkg5.0:amd64 (1.2.19, 1.2.20) libudev1:amd64 (229-4ubuntu16, 229-4ubuntu17) cifs-utils:amd64 (2:6.4-1ubuntu1, 2:6.4-1ubuntu1.1) dpkg:amd64 (1.18.4ubuntu1.1, 1.18.4ubuntu1.2) mysql-client-core-5.7:amd64 (5.7.17-0ubuntu0.16.04.2, 5.7.18-0ubuntu0.16.04.1) libisc-export160:amd64 (1:9.10.3.dfsg.P4-8ubuntu1.5, 1:9.10.3.dfsg.P4-8ubuntu1.6) linux-virtual:amd64 (4.4.0.72.78, 4.4.0.75.81) systemd-sysv:amd64 (229-4ubuntu16, 229-4ubuntu17) distro-info-data:amd64 (0.28ubuntu0.2, 0.28ubuntu0.3) systemd:amd64 (229-4ubuntu16, 229-4ubuntu17) mysql-common:amd64 (5.7.17-0ubuntu0.16.04.2, 5.7.18-0ubuntu0.16.04.1) apt-utils:amd64 (1.2.19, 1.2.20) libmysqlclient20:amd64 (5.7.17-0ubuntu0.16.04.2, 5.7.18-0ubuntu0.16.04.1) linux-headers-virtual:amd64 (4.4.0.72.78, 4.4.0.75.81) linux-image-extra-virtual:amd64 (4.4.0.72.78, 4.4.0.75.81) thermald:amd64 (1.5-2ubuntu3, 1.5-2ubuntu4) qemu-guest-agent:amd64 (1:2.5+dfsg-5ubuntu10.10, 1:2.5+dfsg-5ubuntu10.11) libfreetype6:amd64 (2.6.1-0.1ubuntu2.1, 2.6.1-0.1ubuntu2.2) linux-image-virtual:amd64 (4.4.0.72.78, 4.4.0.75.81) libdpkg-perl:amd64 (1.18.4ubuntu1.1, 1.18.4ubuntu1.2) mysql-server-core-5.7:amd64 (5.7.17-0ubuntu0.16.04.2, 5.7.18-0ubuntu0.16.04.1) libxslt1.1:amd64 (1.1.28-2.1, 1.1.28-2.1ubuntu0.1) dpkg-dev:amd64 (1.18.4ubuntu1.1, 1.18.4ubuntu1.2) I saw that somebody else has the same problem: https://askubuntu.com/questions/910058/updates-broke-cifs-smb-mounts- in-16-04 I had to remove the latest kernel update, after that it works. Regards To manage notifications about this bug go to: https://bugs.launchpad.net/linux/+bug/1687273/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1696814] Re: add openjdk hs log to list of acceptable_fields in whoopsie
This bug was fixed in the package whoopsie - 0.2.55.1 --- whoopsie (0.2.55.1) zesty-proposed; urgency=medium [ Brian Murray ] * src/connectivity.c: query the correct property when trying to network-manager's state. (LP: #1697375) * Modify the whoopsie service file to start after networking is on-line. * src/whoopsie.c: Add HotspotError from the openjdk-8 package hook which can be larger than 1KB to the list of accepted fields. (LP: #1696814) -- Tiago Stürmer DaitxWed, 19 Jul 2017 11:34:31 -0700 ** Changed in: whoopsie (Ubuntu Zesty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1696814 Title: add openjdk hs log to list of acceptable_fields in whoopsie Status in whoopsie package in Ubuntu: Fix Released Status in whoopsie source package in Xenial: Fix Released Status in whoopsie source package in Zesty: Fix Released Bug description: [Impact] By default OpenJDK 8 generates an hs_err file when it crashes, this file contains the stacktrace generated by OpenJDK (thus it contains different data compared to a gdb stacktrace) plus information on the running threads, classes, and memory usage (OpenJDK's regions). This file is usually required by the OpenJDK and/or IcedTea upstream developers when filling a bug and, in the case of OpenJDK, is more useful than the incomplete stacktrace that GDB can generate from OpenJDK crashes. OpenJDK 8 now includes a new apport hook to collect additional data from crash reports as well as the hs_err log file (in the new HotspotError key). A new release is soon reaching Zesty and Xenial with the hook included and without SRU'ing this fix the hs_err file won't be uploaded to the error tracker. [Test Case] Make sure that you are using OpenJDK 8 and to stop whoopsie service before continuing. If any popup about submitting a crash report shows up at any time, ignore/cancel it - we are going to manually submit the report to the staging error tracker (instead of the official one). # SleepTest.java public class SleepTest { public static void main(String[] args) throws Exception { Thread.sleep(5000); } } 1. Run whoopsie: $ sudo CRASH_DB_URL=https://daisy.staging.ubuntu.com whoopsie -f 2. Run the SleepTest and SIGKILL it in another terminal: $ java SleepTest & sleep 1 && pkill -f -SIGILL "java SleepTest" 3. View the crash report and submit it: $ apport-cli -c report /var/crash/_usr_lib_jvm_java-8-openjdk-amd64_jre_bin_java.1000.crash 3a) View the report 3b) [Optional] Search for the "HotspotError" key 3c) Send the report 4. Verify that the report was saved, including the hs_err content: 4a) In whoopsie terminal, check the OOPS ID code 4b) Browse to errors.staging.ubuntu.com/oops/$OOPSID 4c) Confirm that the HotspotError was added to the report [Regression Potential] If the new key is added to acceptable_fields whoopsie will upload the entries in it. Currently the OpenJDK apport hook limits this to 100 KB, but changes to it could allow bigger files with in turn cause an overhead in the error tracker infrastructure. [Original bug report] OpenJDK 8 apport hook attaches the hs_err_pid.log (if it exists) to a Crash report under the HotspotError key. The hook is currently limited to attaching files under 100 KB. Please add HotspotError key to the whitelist in order for it to be available in error tracker. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1696814/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1502136] Re: Everything returns 403 if show_multiple_locations is true and get_image_location policy is set
This bug was fixed in the package glance - 1:2015.1.4-0ubuntu2 --- glance (1:2015.1.4-0ubuntu2) trusty-kilo; urgency=medium . * d/p/allow-image-list-if-access-to-attrs-is-forbidden.patch: Allow to list images in v2 if get_image_location policy is set to role:admin and user is not admin. (LP: #1502136). ** Changed in: cloud-archive/kilo Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1502136 Title: Everything returns 403 if show_multiple_locations is true and get_image_location policy is set Status in Ubuntu Cloud Archive: Fix Released Status in Ubuntu Cloud Archive kilo series: Fix Released Status in Glance: Fix Released Status in glance package in Ubuntu: Fix Released Status in glance source package in Trusty: Triaged Status in glance source package in Xenial: Fix Released Bug description: [Impact] If, in glance-api.conf you set: show_multiple_locations = true Things work as expected: $ glance --os-image-api-version 2 image-show 13ae74f0-74bf-4792-a8bb-7c622abc5410 +--+--+ | Property | Value | +--+--+ | checksum | 9cb02fe7fcac26f8a25d6db3109063ae | | container_format | bare | | created_at | 2015-10-02T12:43:33Z | | disk_format | raw | | id | 13ae74f0-74bf-4792-a8bb-7c622abc5410 | | locations| [{"url": "swift+config://ref1/glance/13ae74f0-74bf-4792-a8bb-7c622abc5410", | | | "metadata": {}}] | | min_disk | 0 | | min_ram | 0 | | name | good-image | | owner| 88cffb9c8aee457788066c97b359585b | | protected| False | | size | 145 | | status | active | | tags | [] | | updated_at | 2015-10-02T12:43:34Z | | virtual_size | None | | visibility | private | +--+--+ but if you then set the get_image_location policy to role:admin, most calls return 403: $ glance --os-image-api-version 2 image-list 403 Forbidden: You are not authorized to complete this action. (HTTP 403) $ glance --os-image-api-version 2 image-show 13ae74f0-74bf-4792-a8bb-7c622abc5410 403 Forbidden: You are not authorized to complete this action. (HTTP 403) $ glance --os-image-api-version 2 image-delete 13ae74f0-74bf-4792-a8bb-7c622abc5410 403 Forbidden: You are not authorized to complete this action. (HTTP 403) etc. As https://review.openstack.org/#/c/48401/ says: 1. A user should be able to list/show/update/download image without needing permission on get_image_location. 2. A policy failure should result in a 403 return code. We're getting a 500 This is v2 only, v1 works ok. [Test Case] - Set show_multiple_locations = true on glance-api.conf - Set get_image_location policy to role:admin in /etc/glance/policy.json - Run glance --os-image-api-version 2 image-show 13ae74f0-74bf-4792-a8bb-7c622abc5410 , This should work. [Regression Potential] * None Identified [Other Info] * Already backported to mitaka/newton. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1502136/+subscriptions ___
[Group.of.nepali.translators] [Bug 1694697] Re: build-depends keeps OR flag if end of or group is ignored
Hello Julian, or anyone else affected, Accepted apt into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/1.2.24 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: apt (Ubuntu Yakkety) Status: In Progress => Won't Fix ** Changed in: apt (Ubuntu Xenial) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-xenial ** Changed in: apt (Ubuntu Zesty) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1694697 Title: build-depends keeps OR flag if end of or group is ignored Status in apt package in Ubuntu: Fix Released Status in apt source package in Trusty: New Status in apt source package in Xenial: Fix Committed Status in apt source package in Yakkety: Won't Fix Status in apt source package in Zesty: Fix Committed Bug description: [Impact] If the last alternative(s) of an Or group is ignored, because it does not match an architecture list, we would end up keeping the or flag, effectively making the next AND an OR. For example, when parsing (on amd64): debhelper (>= 9), libnacl-dev [amd64] | libnacl-dev [i386] => debhelper (>= 9), libnacl-dev | Which can cause python-apt and apt-get build-dep to crash. Even worse: debhelper (>= 9), libnacl-dev [amd64] | libnacl-dev [i386], foobar => debhelper (>= 9), libnacl-dev [amd64] | foobar [Test case] On amd64: cat > segv.dsc << EOF Format: 3.0 (native) Source: foobar Binary: foobar Architecture: all Version: 1 Maintainer: Joe SixpackBuild-Depends: build-essential [amd64] | build-essential [fancy] Standards-Version: 3.9.8 EOF cat > failure.dsc << EOF Format: 3.0 (native) Source: foobar Binary: foobar Architecture: all Version: 1 Maintainer: Joe Sixpack Build-Depends: build-essential [amd64] | build-essential [fancy], a-non-existing-package Standards-Version: 3.9.8 EOF (1) apt-get build-dep -s ./segv.dsc should succeed instead of crash (2) apt-get build-dep -s ./failure.dsc should complain about "Depends: a-non-existing-package but it is not installable" instead of succeeding. This is the same test as run by CI and autopkgtests, so if they pass the tests passed. You can also run apt-get build-dep -s dq for a real life example that should not segfault. [Regression Potential] apt-get build-dep and friends can now fail where they succeeded previously for packages that employ architecture-limited alternatives in their build depends, as in the second example given above, because now additional packages need to be installed (which is correct, though). [Other info] By setting the previous alternatives Or flag to the current Or flag if the current alternative is ignored, we solve the issue. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1694697/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1686470] Re: Apt updates that are uniformly spread across all timezones, with predictable application windows
Hello Dimitri, or anyone else affected, Accepted apt into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/1.2.24 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: apt (Ubuntu Xenial) Status: In Progress => Fix Committed ** Changed in: apt (Ubuntu Yakkety) Status: In Progress => Won't Fix ** Tags added: verification-needed verification-needed-xenial ** Changed in: unattended-upgrades (Ubuntu Yakkety) Status: Triaged => Won't Fix ** Changed in: apt (Ubuntu Zesty) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1686470 Title: Apt updates that are uniformly spread across all timezones, with predictable application windows Status in apt package in Ubuntu: Fix Released Status in unattended-upgrades package in Ubuntu: Triaged Status in apt source package in Xenial: Fix Committed Status in unattended-upgrades source package in Xenial: Triaged Status in apt source package in Yakkety: Won't Fix Status in unattended-upgrades source package in Yakkety: Won't Fix Status in apt source package in Zesty: Fix Committed Status in unattended-upgrades source package in Zesty: Triaged Status in apt source package in Artful: Fix Released Status in unattended-upgrades source package in Artful: Triaged Status in apt package in Debian: Fix Released Status in unattended-upgrades package in Debian: Fix Committed Bug description: [ Impact ] * unattended-upgrades are enabled by default in Ubuntu 16.04 and later * Currently the following three things happen as a monolithic event: - metadata updates: apt update - download of updates: apt upgrade --download-only - application of updates: apt upgrade * For the long running instances, all of the above happens at random times throughout the day. * If systems were poweredoff / suspended, this happens on boot / resume * End-users would like to have predictable timing, and control over when the updates happen. Considering all of the above, the following new behavior is proposed which should address all concerns in question. It combines all the desired properties from both end-user and mirror perspectives. [ Proposed Default Behavior ] * Decouple unattended-upgrades application, from apt update * apt update: - shall be a systemd timer based unit, triggered every 12h with a random delay of 12h, therefore executed randomly twice a day. - if unattened-upgrades (default on), or download-upgreadaeble-packages are enabled, it should result in updates being downloaded aka `apt upgrade --download-only` * unattended-upgrades: - shall be a separate systemd timer based unit triggered at 6am local time with a random delay of 1h, therefore executed between 6am and 7am local time. * On boot / resume: - if we have missed one, or more, apt update timers, apt update / download upgrades / unattended-upgrade will happen in sequence. This may result in mirror spikes, but we do want to secure cold/stale-booted systems as soon as possible. [Test Case] * Run system for more than 24h, and check that apt updates were automatically executed twice. * Check that unattended upgrades were triggered to be applied at 6am..7am window, if any. * Poweroff the machine over the period when apt-get update was scheduled, poweron and observe that apt-get update / download / unattended upgrade are all performed on boot. [Regression Potential] * The newly proposed behavior is a mix of Pre-xenial behavior of "do everything at 6am..6:30am window" and the xenial+ behavior of "do everything at random times throughout the day". If there are specific deployments that rely on the previous types of behaviour they will be able to adjust manually the systemd timers with the overrides to be executed exactly as they wish; or match the
[Group.of.nepali.translators] [Bug 1672710] Re: apt fails to verify keys when Dir has space, and set via cmdline
Hello Dimitri, or anyone else affected, Accepted apt into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/1.2.24 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Tags added: verification-needed-xenial ** Changed in: apt (Ubuntu Yakkety) Status: Fix Committed => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1672710 Title: apt fails to verify keys when Dir has space, and set via cmdline Status in apt package in Ubuntu: Fix Released Status in apt source package in Xenial: Fix Committed Status in apt source package in Yakkety: Won't Fix Bug description: When Dir has a space, and it is set via APT_CONFIG file, keys are found and validated correctly. When Dir is set without a space via cmdline, keys are found and validated correctly. When Dir is set with a space via cmdline, keys are not found and repositories are not verified. [Test case] Please see attached reproducer, which works on xenial system (gpg1) but not on zesty system (gpg2) $ bash reproducer.sh ++ mktemp -d + tmpdir=/tmp/tmp.sFipy6h5yL + pushd /tmp/tmp.sFipy6h5yL /tmp/tmp.sFipy6h5yL ~ + mkdir 'Sub Dir' + pushd 'Sub Dir' /tmp/tmp.sFipy6h5yL/Sub Dir /tmp/tmp.sFipy6h5yL ~ + mkdir -p etc/apt/apt.conf.d + mkdir -p etc/apt/trusted.gpg.d + mkdir -p etc/apt/preferences.d + mkdir -p var/lib/apt/lists/partial + mkdir -p var/lib/dpkg + touch var/lib/dpkg/status + cp /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg etc/apt/trusted.gpg.d/ + echo 'deb http://archive.ubuntu.com/ubuntu/ trusty main' + echo 'Dir "/tmp/tmp.sFipy6h5yL/Sub Dir";' + export APT_CONFIG=/tmp/tmp.sFipy6h5yL/apt.conf + APT_CONFIG=/tmp/tmp.sFipy6h5yL/apt.conf + cat /tmp/tmp.sFipy6h5yL/apt.conf Dir "/tmp/tmp.sFipy6h5yL/Sub Dir"; + : + : == list available keys == + apt-key list /tmp/tmp.sFipy6h5yL/Sub Dir/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg - pub rsa4096 2012-05-11 [SC] 790B C727 7767 219C 42C8 6F93 3B4F E6AC C0B2 1F32 uid [ unknown] Ubuntu Archive Automatic Signing Key (2012)+ : + : == update with environ APT_CONFIG setting the Dir variable == + apt update Ign:1 http://archive.ubuntu.com/ubuntu trusty InRelease Get:2 http://archive.ubuntu.com/ubuntu trusty Release [58.5 kB] Get:3 http://archive.ubuntu.com/ubuntu trusty Release.gpg [933 B] Get:4 http://archive.ubuntu.com/ubuntu trusty/main amd64 Packages [1,350 kB] Fetched 1,410 kB in 0s (1,959 kB/s) Reading package lists... Done Building dependency tree... Done All packages are up to date. + unset APT_CONFIG + : + : == update with cmdline Dir option setting Dir to relative pwd == + apt -o Dir=./ update Ign:1 http://archive.ubuntu.com/ubuntu trusty InRelease Hit:2 http://archive.ubuntu.com/ubuntu trusty Release Reading package lists... Done Building dependency tree... Done All packages are up to date. + : + : == update with cmdline Dir option setting Dir to absolute pwd with space == + apt -o 'Dir=/tmp/tmp.sFipy6h5yL/Sub Dir' update Ign:1 http://archive.ubuntu.com/ubuntu trusty InRelease Hit:2 http://archive.ubuntu.com/ubuntu trusty Release Err:3 http://archive.ubuntu.com/ubuntu trusty Release.gpg The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32 Reading package lists... Done Building dependency tree... Done All packages are up to date. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://archive.ubuntu.com/ubuntu trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32 W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/Release.gpg The
[Group.of.nepali.translators] [Bug 1699331] Re: linux-azure: 4.11.0-1002.2 -proposed tracker
*** This bug is a duplicate of bug 1707061 *** https://bugs.launchpad.net/bugs/1707061 ** This bug is no longer a duplicate of bug 1700833 linux-azure: 4.11.0-1003.3 -proposed tracker ** This bug has been marked a duplicate of bug 1707061 linux-azure: 4.11.0-1004.4 -proposed tracker -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1699331 Title: linux-azure: 4.11.0-1002.2 -proposed tracker Status in Kernel SRU Workflow: In Progress Status in Kernel SRU Workflow automated-testing series: Incomplete Status in Kernel SRU Workflow certification-testing series: Confirmed Status in Kernel SRU Workflow prepare-package series: Fix Released Status in Kernel SRU Workflow prepare-package-meta series: Fix Released Status in Kernel SRU Workflow promote-to-proposed series: Fix Released Status in Kernel SRU Workflow promote-to-security series: New Status in Kernel SRU Workflow promote-to-updates series: New Status in Kernel SRU Workflow regression-testing series: Fix Released Status in Kernel SRU Workflow security-signoff series: Fix Released Status in Kernel SRU Workflow upload-to-ppa series: New Status in Kernel SRU Workflow verification-testing series: Invalid Status in linux-azure package in Ubuntu: Invalid Status in linux-azure source package in Xenial: New Bug description: This bug is for tracking the 4.11.0-1002.2 upload package. This bug will contain status and testing results related to that upload. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- boot-testing-requested: true phase: Promoted to proposed proposed-announcement-sent: true proposed-testing-requested: true To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1699331/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1696814] Re: add openjdk hs log to list of acceptable_fields in whoopsie
This bug was fixed in the package whoopsie - 0.2.52.4 --- whoopsie (0.2.52.4) xenial-proposed; urgency=medium [Brian Murray] * src/connectivity.c: query the correct property when trying to network-manager's state. (LP: #1697375) * Modify the whoopsie service file to start after networking is on-line. * src/whoopsie.c: Add HotspotError from the openjdk-8 package hook which can be larger than 1KB to the list of accepted fields. (LP: #1696814) -- Tiago Stürmer DaitxWed, 19 Jul 2017 11:39:47 -0700 ** Changed in: whoopsie (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1696814 Title: add openjdk hs log to list of acceptable_fields in whoopsie Status in whoopsie package in Ubuntu: Fix Released Status in whoopsie source package in Xenial: Fix Released Status in whoopsie source package in Zesty: Fix Released Bug description: [Impact] By default OpenJDK 8 generates an hs_err file when it crashes, this file contains the stacktrace generated by OpenJDK (thus it contains different data compared to a gdb stacktrace) plus information on the running threads, classes, and memory usage (OpenJDK's regions). This file is usually required by the OpenJDK and/or IcedTea upstream developers when filling a bug and, in the case of OpenJDK, is more useful than the incomplete stacktrace that GDB can generate from OpenJDK crashes. OpenJDK 8 now includes a new apport hook to collect additional data from crash reports as well as the hs_err log file (in the new HotspotError key). A new release is soon reaching Zesty and Xenial with the hook included and without SRU'ing this fix the hs_err file won't be uploaded to the error tracker. [Test Case] Make sure that you are using OpenJDK 8 and to stop whoopsie service before continuing. If any popup about submitting a crash report shows up at any time, ignore/cancel it - we are going to manually submit the report to the staging error tracker (instead of the official one). # SleepTest.java public class SleepTest { public static void main(String[] args) throws Exception { Thread.sleep(5000); } } 1. Run whoopsie: $ sudo CRASH_DB_URL=https://daisy.staging.ubuntu.com whoopsie -f 2. Run the SleepTest and SIGKILL it in another terminal: $ java SleepTest & sleep 1 && pkill -f -SIGILL "java SleepTest" 3. View the crash report and submit it: $ apport-cli -c report /var/crash/_usr_lib_jvm_java-8-openjdk-amd64_jre_bin_java.1000.crash 3a) View the report 3b) [Optional] Search for the "HotspotError" key 3c) Send the report 4. Verify that the report was saved, including the hs_err content: 4a) In whoopsie terminal, check the OOPS ID code 4b) Browse to errors.staging.ubuntu.com/oops/$OOPSID 4c) Confirm that the HotspotError was added to the report [Regression Potential] If the new key is added to acceptable_fields whoopsie will upload the entries in it. Currently the OpenJDK apport hook limits this to 100 KB, but changes to it could allow bigger files with in turn cause an overhead in the error tracker infrastructure. [Original bug report] OpenJDK 8 apport hook attaches the hs_err_pid.log (if it exists) to a Crash report under the HotspotError key. The hook is currently limited to attaching files under 100 KB. Please add HotspotError key to the whitelist in order for it to be available in error tracker. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1696814/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1697375] Re: whoopsie's network-manager state querying is broken
This bug was fixed in the package whoopsie - 0.2.52.4 --- whoopsie (0.2.52.4) xenial-proposed; urgency=medium [Brian Murray] * src/connectivity.c: query the correct property when trying to network-manager's state. (LP: #1697375) * Modify the whoopsie service file to start after networking is on-line. * src/whoopsie.c: Add HotspotError from the openjdk-8 package hook which can be larger than 1KB to the list of accepted fields. (LP: #1696814) -- Tiago Stürmer DaitxWed, 19 Jul 2017 11:39:47 -0700 ** Changed in: whoopsie (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1697375 Title: whoopsie's network-manager state querying is broken Status in whoopsie package in Ubuntu: Fix Released Status in whoopsie source package in Xenial: Fix Released Status in whoopsie source package in Zesty: Fix Released Status in whoopsie source package in Artful: Fix Released Bug description: [Impact] whoopsie's querying of network-manager's state is broken and this results in whoopsie only being able to detect if the system is on-line when network manager's state changes. Subsequently, if one manually restarts whoopsie then whoopsie will stay off-line until an n-m state change. This can result in crashes not being uploaded. Additionally, whoopsie's systemd service file does not start after networking which is incorrect since it initially needs to query network-manager's state. (However, this ended up allowing crash reports to still be submitted because whoopsie would start first then the n-m's state would change and whoopsie would detect that.) [Test Case] (state detection failure) 1) Manually restart the whoopsie service 2) Observe the following two messages: "Jul 14 14:48:09 speedy whoopsie[14137]: [14:48:09] Could not get the Network Manager state: Jul 14 14:48:09 speedy whoopsie[14137]: [14:48:09] GDBus.Error:org.freedesktop.DBus.Error.InvalidArgs: No such property 'state'" with the version of network-manager from -proposed you will not see these messages when restarting whoopsie. [Test Case] (starting after network-manager0 1) Boot your system 2) Observe the following in syslog: "Jul 17 06:46:47 speedy whoopsie[1156]: [06:46:47] Could not get the Network Manager state: Jul 17 06:46:47 speedy whoopsie[1156]: [06:46:47] GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.NetworkManager was not provided by any .service files " with the version of network-manager in -proposed you will not see the "NetworkManager was not provided" messages. [Regression Potential] Its possible that systems that were not submitting crash reports suddenly will and that will use some network bandwidth and Error Tracker resources. - Original Description - On artful crash reports are not uploaded automatically (several .crash files in /var/crash and no corresponding upload or .uploaded files) ProblemType: BugDistroRelease: Ubuntu 17.10 Package: whoopsie 0.2.56 ProcVersionSignature: Ubuntu 4.10.0-22.24-generic 4.10.15 Uname: Linux 4.10.0-22-generic x86_64 ApportVersion: 2.20.5-0ubuntu4 Architecture: amd64 CurrentDesktop: GNOME Date: Mon Jun 12 09:39:29 2017 InstallationDate: Installed on 2013-09-03 (1377 days ago) InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Alpha amd64 (20130902) ProcEnviron: TERM=screen-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=fr_FR.UTF-8 SHELL=/bin/bash RelatedPackageVersions: apport-noui N/ASourcePackage: whoopsie UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1697375/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1706165] Re: linux-azure: disable unused modules in the -extra package
** Also affects: linux-azure (Ubuntu Xenial) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1706165 Title: linux-azure: disable unused modules in the -extra package Status in linux-azure package in Ubuntu: Fix Committed Status in linux-azure source package in Xenial: Fix Committed Bug description: SRU Justification: Impact: Currently the linux-image-extra-*-azure package contains many unused modules. Fix: Remove modules that are not use in Azure. Testcase: not applied. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/1706165/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1701744] Re: [Hyper-V] Add infiniband support for Azure HPC
** Also affects: linux-azure (Ubuntu Xenial) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1701744 Title: [Hyper-V] Add infiniband support for Azure HPC Status in linux-azure package in Ubuntu: Fix Committed Status in linux-azure source package in Xenial: Fix Committed Bug description: This is the infiniband driver for Azure HPC. Windows Azure agent will provision an image for running infiniband RDMA via DAPL when "OS.EnableRDMA=y" is defined in waagent.conf. Note: Ubuntu image needs to load rdma_ucm on boot to expose the RDMA CM interface to user-mode library. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/1701744/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1602813] Re: openvpn-auth-ldap causing segfault on network timeout
This bug was fixed in the package openvpn-auth-ldap - 2.0.3-5.1ubuntu0.1 --- openvpn-auth-ldap (2.0.3-5.1ubuntu0.1) trusty; urgency=medium * debian/patches/openvpn_ldap_timeout_fix-lp1602813.patch: Properly check ldap_result() return code. Thanks to Aaron Peschel. Closes LP: #1602813. -- Andreas Hasenack Wed, 05 Jul 2017 16:35:52 -0300 ** Changed in: openvpn-auth-ldap (Ubuntu Trusty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1602813 Title: openvpn-auth-ldap causing segfault on network timeout Status in openvpn-auth-ldap package in Ubuntu: Fix Released Status in openvpn-auth-ldap source package in Trusty: Fix Released Status in openvpn-auth-ldap source package in Xenial: Fix Released Status in openvpn-auth-ldap source package in Yakkety: Won't Fix Status in openvpn-auth-ldap source package in Zesty: Fix Released Status in openvpn-auth-ldap package in Debian: New Bug description: [Impact] There is a timeout bug in the openvpn-auth-ldap package that causes OpenVPN to crash when the network timeout is exceeded. The openvpn-auth-ldap plugin is not correctly checking the error codes from ldap_result. As a result, it is not catching timeouts, and proceeds as if ldap_result was successful. This results in a segfault when access to the result (which is set to Null) is attempted. Network timeouts are somewhat common and services should be resilient to it. Having a service as a whole crash because of such an occurrence is not acceptable. This upload fixes the problem by simply including the timeout error case in an existing check. It was clearly just an oversight in that one call, as the remainder of the code does handle timeout errors. It was just never reached. [Test Case] To reproduce the problem in an openvpn server: * install openvpn and openvpn-auth-ldap: $ sudo apt install openvpn openvpn-auth-ldap * expand the attached openvpn-test-server.tar.gz tarball inside /etc: $ sudo tar -C /etc -xzf openvpn-test-server.tar.gz * start nc on port 389: $ sudo nc -l -p 389 * In another terminal, start the openvpn server: $ cd /etc/openvpn $ sudo openvpn --config server.conf Next you will need an openvpn client, also configured with the SSL certs as usual, plus "auth-user-pass". This client can be the same for all server tests, if you are testing multiple Ubuntu releases, since what crashes is the server. It also doesn't have to be the fixed package from proposed. * Install openvpn: $ sudo apt install openvpn * Expand the client tarball in /etc: $ sudo tar -C /etc -xzf openvpn-test-client.tar.gz * Edit /etc/openvpn/client.conf and change the "remote " line to point to your openvpn server's hostname * Start the client: $ cd /etc/openvpn $ sudo openvpn --config client.conf * It will prompt you for username and password. The values you provide are irrelevant: (...) Enter Auth Username: asd Enter Auth Password: *** The vulnerable server will crash: root@trusty-openvpn-1602813:/etc/openvpn$ sudo openvpn --config server.conf Tue Jun 20 13:56:55 2017 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec 1 2014 Tue Jun 20 13:56:55 2017 TUN/TAP device tun0 opened Tue Jun 20 13:56:55 2017 Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1) Tue Jun 20 13:56:55 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Tue Jun 20 13:56:55 2017 /sbin/ip link set dev tun0 up mtu 1500 Tue Jun 20 13:56:55 2017 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2 Tue Jun 20 13:56:55 2017 UDPv4 link local (bound): [undef] Tue Jun 20 13:56:55 2017 UDPv4 link remote: [undef] Tue Jun 20 13:56:55 2017 Initialization Sequence Completed openvpn: sasl.c:257: ldap_parse_sasl_bind_result: Assertion `res != ((void *)0)' failed. Aborted (core dumped) The fixed version will just complain about a timeout error and remain running: (...) LDAP bind failed: Timed out Unable to bind as uid=john,ou=People,dc=lxd LDAP connect failed. Tue Jun 20 15:55:51 2017 10.0.100.162:1194 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/openvpn-auth-ldap.so Tue Jun 20 15:55:51 2017 10.0.100.162:1194 TLS Auth Error: Auth Username/Password verification failed for peer Tue Jun 20 15:55:51 2017 10.0.100.162:1194 [client] Peer Connection Initiated with [AF_INET]10.0.100.162:1194 [Regression Potential] The patch is very focused. I believe the biggest regression potential lies in the fact that this package hasn't been rebuilt very often. This new build will be done with the surrounding system
[Group.of.nepali.translators] [Bug 1602813] Re: openvpn-auth-ldap causing segfault on network timeout
This bug was fixed in the package openvpn-auth-ldap - 2.0.3-6.1ubuntu0.17.04.1 --- openvpn-auth-ldap (2.0.3-6.1ubuntu0.17.04.1) zesty; urgency=medium * debian/patches/openvpn_ldap_timeout_fix-lp1602813.patch: Properly check ldap_result() return code. Thanks to Aaron Peschel. Closes LP: #1602813. -- Andreas Hasenack Wed, 05 Jul 2017 16:26:16 -0300 ** Changed in: openvpn-auth-ldap (Ubuntu Zesty) Status: Fix Committed => Fix Released ** Changed in: openvpn-auth-ldap (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1602813 Title: openvpn-auth-ldap causing segfault on network timeout Status in openvpn-auth-ldap package in Ubuntu: Fix Released Status in openvpn-auth-ldap source package in Trusty: Fix Released Status in openvpn-auth-ldap source package in Xenial: Fix Released Status in openvpn-auth-ldap source package in Yakkety: Won't Fix Status in openvpn-auth-ldap source package in Zesty: Fix Released Status in openvpn-auth-ldap package in Debian: New Bug description: [Impact] There is a timeout bug in the openvpn-auth-ldap package that causes OpenVPN to crash when the network timeout is exceeded. The openvpn-auth-ldap plugin is not correctly checking the error codes from ldap_result. As a result, it is not catching timeouts, and proceeds as if ldap_result was successful. This results in a segfault when access to the result (which is set to Null) is attempted. Network timeouts are somewhat common and services should be resilient to it. Having a service as a whole crash because of such an occurrence is not acceptable. This upload fixes the problem by simply including the timeout error case in an existing check. It was clearly just an oversight in that one call, as the remainder of the code does handle timeout errors. It was just never reached. [Test Case] To reproduce the problem in an openvpn server: * install openvpn and openvpn-auth-ldap: $ sudo apt install openvpn openvpn-auth-ldap * expand the attached openvpn-test-server.tar.gz tarball inside /etc: $ sudo tar -C /etc -xzf openvpn-test-server.tar.gz * start nc on port 389: $ sudo nc -l -p 389 * In another terminal, start the openvpn server: $ cd /etc/openvpn $ sudo openvpn --config server.conf Next you will need an openvpn client, also configured with the SSL certs as usual, plus "auth-user-pass". This client can be the same for all server tests, if you are testing multiple Ubuntu releases, since what crashes is the server. It also doesn't have to be the fixed package from proposed. * Install openvpn: $ sudo apt install openvpn * Expand the client tarball in /etc: $ sudo tar -C /etc -xzf openvpn-test-client.tar.gz * Edit /etc/openvpn/client.conf and change the "remote " line to point to your openvpn server's hostname * Start the client: $ cd /etc/openvpn $ sudo openvpn --config client.conf * It will prompt you for username and password. The values you provide are irrelevant: (...) Enter Auth Username: asd Enter Auth Password: *** The vulnerable server will crash: root@trusty-openvpn-1602813:/etc/openvpn$ sudo openvpn --config server.conf Tue Jun 20 13:56:55 2017 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec 1 2014 Tue Jun 20 13:56:55 2017 TUN/TAP device tun0 opened Tue Jun 20 13:56:55 2017 Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1) Tue Jun 20 13:56:55 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Tue Jun 20 13:56:55 2017 /sbin/ip link set dev tun0 up mtu 1500 Tue Jun 20 13:56:55 2017 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2 Tue Jun 20 13:56:55 2017 UDPv4 link local (bound): [undef] Tue Jun 20 13:56:55 2017 UDPv4 link remote: [undef] Tue Jun 20 13:56:55 2017 Initialization Sequence Completed openvpn: sasl.c:257: ldap_parse_sasl_bind_result: Assertion `res != ((void *)0)' failed. Aborted (core dumped) The fixed version will just complain about a timeout error and remain running: (...) LDAP bind failed: Timed out Unable to bind as uid=john,ou=People,dc=lxd LDAP connect failed. Tue Jun 20 15:55:51 2017 10.0.100.162:1194 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/openvpn-auth-ldap.so Tue Jun 20 15:55:51 2017 10.0.100.162:1194 TLS Auth Error: Auth Username/Password verification failed for peer Tue Jun 20 15:55:51 2017 10.0.100.162:1194 [client] Peer Connection Initiated with [AF_INET]10.0.100.162:1194 [Regression Potential] The patch is very focused. I believe the biggest regression potential lies in the fact that
[Group.of.nepali.translators] [Bug 1700531] Re: linux-azure: -proposed tracker
*** This bug is a duplicate of bug 1707061 *** https://bugs.launchpad.net/bugs/1707061 ** This bug is no longer a duplicate of bug 1700833 linux-azure: 4.11.0-1003.3 -proposed tracker ** This bug has been marked a duplicate of bug 1707061 linux-azure: 4.11.0-1004.4 -proposed tracker -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1700531 Title: linux-azure: -proposed tracker Status in Kernel SRU Workflow: In Progress Status in Kernel SRU Workflow automated-testing series: New Status in Kernel SRU Workflow certification-testing series: New Status in Kernel SRU Workflow prepare-package series: New Status in Kernel SRU Workflow prepare-package-meta series: New Status in Kernel SRU Workflow promote-to-proposed series: New Status in Kernel SRU Workflow promote-to-security series: New Status in Kernel SRU Workflow promote-to-updates series: New Status in Kernel SRU Workflow regression-testing series: New Status in Kernel SRU Workflow security-signoff series: New Status in Kernel SRU Workflow upload-to-ppa series: New Status in Kernel SRU Workflow verification-testing series: New Status in linux-azure package in Ubuntu: Invalid Status in linux-azure source package in Xenial: Confirmed Bug description: This bug is for tracking the upload package. This bug will contain status and testing results related to that upload. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- kernel-stable-master-bug: 1700528 To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1700531/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1700833] Re: linux-azure: 4.11.0-1003.3 -proposed tracker
*** This bug is a duplicate of bug 1707061 *** https://bugs.launchpad.net/bugs/1707061 ** This bug has been marked a duplicate of bug 1707061 linux-azure: 4.11.0-1004.4 -proposed tracker -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1700833 Title: linux-azure: 4.11.0-1003.3 -proposed tracker Status in Kernel SRU Workflow: In Progress Status in Kernel SRU Workflow automated-testing series: Incomplete Status in Kernel SRU Workflow certification-testing series: Invalid Status in Kernel SRU Workflow prepare-package series: Fix Released Status in Kernel SRU Workflow prepare-package-meta series: Fix Released Status in Kernel SRU Workflow promote-to-proposed series: Fix Released Status in Kernel SRU Workflow promote-to-security series: Invalid Status in Kernel SRU Workflow promote-to-updates series: Invalid Status in Kernel SRU Workflow regression-testing series: Fix Released Status in Kernel SRU Workflow security-signoff series: Invalid Status in Kernel SRU Workflow upload-to-ppa series: New Status in Kernel SRU Workflow verification-testing series: Confirmed Status in linux-azure package in Ubuntu: Invalid Status in linux-azure source package in Xenial: Confirmed Bug description: This bug is for tracking the 4.11.0-1003.3 upload package. This bug will contain status and testing results related to that upload. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- boot-testing-requested: true phase: Promoted to proposed proposed-announcement-sent: true proposed-testing-requested: true To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1700833/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1697375] Re: whoopsie's network-manager state querying is broken
This bug was fixed in the package whoopsie - 0.2.55.1 --- whoopsie (0.2.55.1) zesty-proposed; urgency=medium [ Brian Murray ] * src/connectivity.c: query the correct property when trying to network-manager's state. (LP: #1697375) * Modify the whoopsie service file to start after networking is on-line. * src/whoopsie.c: Add HotspotError from the openjdk-8 package hook which can be larger than 1KB to the list of accepted fields. (LP: #1696814) -- Tiago Stürmer DaitxWed, 19 Jul 2017 11:34:31 -0700 ** Changed in: whoopsie (Ubuntu Zesty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1697375 Title: whoopsie's network-manager state querying is broken Status in whoopsie package in Ubuntu: Fix Released Status in whoopsie source package in Xenial: Fix Released Status in whoopsie source package in Zesty: Fix Released Status in whoopsie source package in Artful: Fix Released Bug description: [Impact] whoopsie's querying of network-manager's state is broken and this results in whoopsie only being able to detect if the system is on-line when network manager's state changes. Subsequently, if one manually restarts whoopsie then whoopsie will stay off-line until an n-m state change. This can result in crashes not being uploaded. Additionally, whoopsie's systemd service file does not start after networking which is incorrect since it initially needs to query network-manager's state. (However, this ended up allowing crash reports to still be submitted because whoopsie would start first then the n-m's state would change and whoopsie would detect that.) [Test Case] (state detection failure) 1) Manually restart the whoopsie service 2) Observe the following two messages: "Jul 14 14:48:09 speedy whoopsie[14137]: [14:48:09] Could not get the Network Manager state: Jul 14 14:48:09 speedy whoopsie[14137]: [14:48:09] GDBus.Error:org.freedesktop.DBus.Error.InvalidArgs: No such property 'state'" with the version of network-manager from -proposed you will not see these messages when restarting whoopsie. [Test Case] (starting after network-manager0 1) Boot your system 2) Observe the following in syslog: "Jul 17 06:46:47 speedy whoopsie[1156]: [06:46:47] Could not get the Network Manager state: Jul 17 06:46:47 speedy whoopsie[1156]: [06:46:47] GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.NetworkManager was not provided by any .service files " with the version of network-manager in -proposed you will not see the "NetworkManager was not provided" messages. [Regression Potential] Its possible that systems that were not submitting crash reports suddenly will and that will use some network bandwidth and Error Tracker resources. - Original Description - On artful crash reports are not uploaded automatically (several .crash files in /var/crash and no corresponding upload or .uploaded files) ProblemType: BugDistroRelease: Ubuntu 17.10 Package: whoopsie 0.2.56 ProcVersionSignature: Ubuntu 4.10.0-22.24-generic 4.10.15 Uname: Linux 4.10.0-22-generic x86_64 ApportVersion: 2.20.5-0ubuntu4 Architecture: amd64 CurrentDesktop: GNOME Date: Mon Jun 12 09:39:29 2017 InstallationDate: Installed on 2013-09-03 (1377 days ago) InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Alpha amd64 (20130902) ProcEnviron: TERM=screen-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=fr_FR.UTF-8 SHELL=/bin/bash RelatedPackageVersions: apport-noui N/ASourcePackage: whoopsie UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1697375/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1701698] Re: update skiboot to 5.4.3 in xenial
This bug was fixed in the package skiboot - 5.4.3-1ubuntu0.16.04.1 --- skiboot (5.4.3-1ubuntu0.16.04.1) xenial; urgency=medium * Backport latest upstream release to xenial. (LP: #1701698) * Merge the xenial and Debian changelogs. -- Łukasz 'sil2100' ZemczakTue, 11 Jul 2017 14:42:14 +0200 ** Changed in: skiboot (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1701698 Title: update skiboot to 5.4.3 in xenial Status in The Ubuntu-power-systems project: Fix Released Status in skiboot package in Ubuntu: Fix Released Status in skiboot source package in Xenial: Fix Released Bug description: [Impact] skiboot is a hardware enablement component used by certain POWER systems and should be kept up-to-date on LTS releases. The new upstream version of skiboot is required for xenial to support the new POWER9 systems. The new upstream version update was requested by upstream and includes only hardware enablement changes and bugfixes, making it an ideal case for a new microrelease backport. [Test Case] On a supported system, upgrade opal-prd and opal-utils. Reboot and verify that system works as expected. Verify that the opal-prd service is running with `systemctl status opal-prd`, make sure there are no worrying error messages in the logs. [Regression Potential] Any new upstream release can introduce potential regressions. The opal-prd service is used for diagnostics and runtime maintenance of POWER systems, meaning a critical regression can cause the system being unusable. The requested release is in zesty since the end of May 2017 and no critical issues have been reported so far. Also, seeing that the package is still in universe and only targets specific ppc64el hardware, in the case of a regression the number of affected users should be relatively low. [Original Description] Dear Canonical, Current skiboot version on Xenial is not enough to full support POWER9 machines, and the backport is not trivial, since it involves a lot of commit, We would like to migrate skiboot version 5.4.3, from Zesty into xenial-updates, if possible. Thank you, To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1701698/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1707061] Re: linux-azure: 4.11.0-1004.4 -proposed tracker
** Also affects: linux-azure (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: linux-azure (Ubuntu Xenial) Status: New => Confirmed -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1707061 Title: linux-azure: 4.11.0-1004.4 -proposed tracker Status in Kernel SRU Workflow: In Progress Status in Kernel SRU Workflow automated-testing series: New Status in Kernel SRU Workflow certification-testing series: New Status in Kernel SRU Workflow prepare-package series: Fix Released Status in Kernel SRU Workflow prepare-package-meta series: Fix Released Status in Kernel SRU Workflow promote-to-proposed series: Confirmed Status in Kernel SRU Workflow promote-to-security series: Invalid Status in Kernel SRU Workflow promote-to-updates series: Invalid Status in Kernel SRU Workflow regression-testing series: New Status in Kernel SRU Workflow security-signoff series: Invalid Status in Kernel SRU Workflow upload-to-ppa series: New Status in Kernel SRU Workflow verification-testing series: New Status in linux-azure package in Ubuntu: Invalid Status in linux-azure source package in Xenial: Confirmed Bug description: This bug is for tracking the 4.11.0-1004.4 upload package. This bug will contain status and testing results related to that upload. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow kernel-stable-phase:Uploaded kernel-stable-phase-changed:Thursday, 27. July 2017 21:01 UTC -- swm properties -- boot-testing-requested: true phase: Uploaded To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1707061/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1703532] Re: linux-hwe: 4.10.0-28.32~16.04.2 -proposed tracker
** Changed in: kernel-sru-workflow/automated-testing Status: Incomplete => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1703532 Title: linux-hwe: 4.10.0-28.32~16.04.2 -proposed tracker Status in Kernel SRU Workflow: Fix Released Status in Kernel SRU Workflow automated-testing series: Fix Released Status in Kernel SRU Workflow certification-testing series: Invalid Status in Kernel SRU Workflow prepare-package series: Fix Released Status in Kernel SRU Workflow prepare-package-meta series: Fix Released Status in Kernel SRU Workflow prepare-package-signed series: Fix Released Status in Kernel SRU Workflow promote-to-proposed series: Fix Released Status in Kernel SRU Workflow promote-to-security series: Fix Released Status in Kernel SRU Workflow promote-to-updates series: Fix Released Status in Kernel SRU Workflow regression-testing series: Fix Released Status in Kernel SRU Workflow security-signoff series: Fix Released Status in Kernel SRU Workflow upload-to-ppa series: New Status in Kernel SRU Workflow verification-testing series: Fix Released Status in linux-hwe package in Ubuntu: Invalid Status in linux-hwe source package in Xenial: Fix Released Bug description: This bug is for tracking the 4.10.0-28.32~16.04.1 upload package. This bug will contain status and testing results related to that upload. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- boot-testing-requested: true phase: Released proposed-announcement-sent: true proposed-testing-requested: true To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1703532/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1703532] Re: linux-hwe: 4.10.0-28.32~16.04.2 -proposed tracker
The package has been published and the bug is being set to Fix Released ** Changed in: kernel-sru-workflow/promote-to-security Status: New => Confirmed ** Changed in: kernel-sru-workflow/promote-to-updates Status: New => Confirmed ** Tags removed: block-proposed-xenial ** Tags removed: block-proposed ** Changed in: kernel-sru-workflow/promote-to-security Status: Confirmed => Fix Released ** Changed in: kernel-sru-workflow/promote-to-updates Status: Confirmed => Fix Released ** Changed in: kernel-sru-workflow Status: In Progress => Fix Released ** Description changed: This bug is for tracking the 4.10.0-28.32~16.04.1 upload package. This bug will contain status and testing results related to that upload. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- boot-testing-requested: true phase: Promoted to proposed proposed-announcement-sent: true proposed-testing-requested: true + kernel-stable-phase:Released + kernel-stable-phase-changed:Friday, 28. July 2017 05:35 UTC ** Description changed: This bug is for tracking the 4.10.0-28.32~16.04.1 upload package. This bug will contain status and testing results related to that upload. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- boot-testing-requested: true - phase: Promoted to proposed + phase: Released proposed-announcement-sent: true proposed-testing-requested: true - kernel-stable-phase:Released - kernel-stable-phase-changed:Friday, 28. July 2017 05:35 UTC ** Tags removed: kernel-release-tracking-bug-live -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1703532 Title: linux-hwe: 4.10.0-28.32~16.04.2 -proposed tracker Status in Kernel SRU Workflow: Fix Released Status in Kernel SRU Workflow automated-testing series: Fix Released Status in Kernel SRU Workflow certification-testing series: Invalid Status in Kernel SRU Workflow prepare-package series: Fix Released Status in Kernel SRU Workflow prepare-package-meta series: Fix Released Status in Kernel SRU Workflow prepare-package-signed series: Fix Released Status in Kernel SRU Workflow promote-to-proposed series: Fix Released Status in Kernel SRU Workflow promote-to-security series: Fix Released Status in Kernel SRU Workflow promote-to-updates series: Fix Released Status in Kernel SRU Workflow regression-testing series: Fix Released Status in Kernel SRU Workflow security-signoff series: Fix Released Status in Kernel SRU Workflow upload-to-ppa series: New Status in Kernel SRU Workflow verification-testing series: Fix Released Status in linux-hwe package in Ubuntu: Invalid Status in linux-hwe source package in Xenial: Fix Released Bug description: This bug is for tracking the 4.10.0-28.32~16.04.1 upload package. This bug will contain status and testing results related to that upload. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- boot-testing-requested: true phase: Released proposed-announcement-sent: true proposed-testing-requested: true To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1703532/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1705132] Re: Large memory guests, "error: monitor socket did not show up: No such file or directory"
Hello Jorge, or anyone else affected, Accepted libvirt into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/libvirt/2.5.0-3ubuntu5.4 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-zesty to verification-done-zesty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-zesty. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: libvirt (Ubuntu Yakkety) Status: In Progress => Won't Fix ** Changed in: libvirt (Ubuntu Zesty) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-zesty ** Changed in: libvirt (Ubuntu Xenial) Status: In Progress => Fix Committed ** Tags added: verification-needed-xenial -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1705132 Title: Large memory guests, "error: monitor socket did not show up: No such file or directory" Status in Ubuntu Cloud Archive: Fix Released Status in Ubuntu Cloud Archive mitaka series: New Status in Ubuntu Cloud Archive ocata series: New Status in libvirt package in Ubuntu: Fix Released Status in libvirt source package in Xenial: Fix Committed Status in libvirt source package in Yakkety: Won't Fix Status in libvirt source package in Zesty: Fix Committed Bug description: [Description] - Configured a machine with 32 static VCPUs, 160GB of RAM using 1G hugepages on a NUMA capable machine. Domain definition (http://pastebin.ubuntu.com/25121106/) - Once started (virsh start). Libvirt log. LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin QEMU_AUDIO_DRV=none /usr/bin/kvm-spice -name reproducer2 -S -machine pc-i440fx-2.5,accel=kvm,usb=off -cpu host -m 124928 -realtime mlock=off -smp 32,sockets=16,cores=1,threads=2 -object memory-backend- file,id=ram-node0,prealloc=yes,mem- path=/dev/hugepages/libvirt/qemu,share=yes,size=64424509440,host- nodes=0,policy=bind -numa node,nodeid=0,cpus=0-15,memdev=ram-node0 -object memory-backend-file,id=ram-node1,prealloc=yes,mem- path=/dev/hugepages/libvirt/qemu,share=yes,size=66571993088,host- nodes=1,policy=bind -numa node,nodeid=1,cpus=16-31,memdev=ram-node1 -uuid d7a4af7f-7549-4b44-8ceb-4a6c951388d4 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain- reproducer2/monitor.sock,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -boot strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=/var/lib/uvtool/libvirt/images/test.qcow,format=qcow2,if=none,id =drive-virtio-disk0,cache=none -device virtio-blk- pci,scsi=off,bus=pci.0,addr=0x3,drive=drive-virtio-disk0,id=virtio- disk0,bootindex=1 -chardev pty,id=charserial0 -device isa- serial,chardev=charserial0,id=serial0 -vnc 127.0.0.1:0 -device cirrus- vga,id=video0,bus=pci.0,addr=0x2 -device virtio-balloon- pci,id=balloon0,bus=pci.0,addr=0x4 -msg timestamp=on Then the following error is raised. virsh start reproducer2 error: Failed to start domain reproducer2 error: monitor socket did not show up: No such file or directory - The fix is done via backports, as a TL;DR the change does: 1. instead of sleeping too short (1ms) in a loop for very long start small but exponentially increase for the few cases that need long. That way fast actions are done fast, but long actions are no cpu-hogs 2. huge guests get ~1s per 1Gb extra timeout to come up, that allows huge guests to initialize properly. [Impact] * Cannot start virtual machines with large pools of memory allocated on NUMA nodes. [Test Case] * this is a tradeoff of memory clearing speed vs guest size. Once the clearing of guest memory exceeds ~30 seconds the issue will trigger. * Guest must be backed by huge pages as otherwise the kernel will fault in on demand instead of needing the initial clear. * One way to "slow down" is to Configure a Machine with multiple NUMA nodes. root@buneary:/home/ubuntu# virsh freepages 0 1G 1048576KiB: 60 root@buneary:/home/ubuntu# virsh freepages 1 1G 1048576KiB: 62 * Another one to
[Group.of.nepali.translators] [Bug 1690083] Re: [SRU] 2.26.10
** Changed in: snapd (Ubuntu Xenial) Status: Fix Released => Fix Committed ** Changed in: snapd (Ubuntu Yakkety) Status: Fix Committed => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1690083 Title: [SRU] 2.26.10 Status in snapd package in Ubuntu: Fix Released Status in snapd source package in Trusty: Fix Committed Status in snapd source package in Xenial: Fix Committed Status in snapd source package in Yakkety: Won't Fix Status in snapd source package in Zesty: Fix Committed Bug description: This is a new version of snapd. The changelog for 2.26.8 is available here https://github.com/snapcore/snapd/blob/2.26.8/packaging/ubuntu-16.04/changelog, the raw git changelog is available here: https://github.com/snapcore/snapd/commits/2.26.8 (note that the debian changelog is auto-generated from the merges of the git commits so there is usually no need to look at the raw git commits). The snappy team released a new 2.26.8 release that we want SRU into xenial. The new process described in https://wiki.ubuntu.com/SnapdUpdates was used and we have done integration-tests on the snappy images, autopkgtests on classic and unit tests. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1690083/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1683878] Re: blkfront: add uevent for size change
** No longer affects: cloud-images/x-series ** Changed in: cloud-images Status: New => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1683878 Title: blkfront: add uevent for size change Status in cloud-images: Fix Released Status in linux package in Ubuntu: Triaged Status in linux-aws package in Ubuntu: In Progress Status in linux source package in Xenial: New Status in linux-aws source package in Xenial: Fix Released Bug description: A Xen blkfront(xen-blkfront:) patch has been submitted upstream, regarding the resizing of a blkfront device from dom0. This patch would emit a KOBJ_CHANGE uevent, to notify a guest of the change. This allows for custom udev rules, such as automatically resizing a filesystem, when an event occurs. We are requesting that this patch be cherry-picked/backported to the supported Ubuntu kernels. Reference: https://patchwork.kernel.org/patch/9676017/ Reference: https://lkml.org/lkml/2017/4/11/736 To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/1683878/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp