[Touch-packages] [Bug 1348241] Re: StateSaver serializes potentially sensitive data under /tmp, doesn’t use O_EXCL
This was fixed in ubuntu-ui-toolkit (1.1.1188+14.10.20140813.4-0ubuntu1) by http://bazaar.launchpad.net/~ubuntu-sdk-team/ubuntu-ui-toolkit/staging/revision/1182 ** Information type changed from Private Security to Public Security ** Changed in: ubuntu-ui-toolkit (Ubuntu Utopic) Status: Confirmed = Fix Released ** Changed in: ubuntu-ui-toolkit (Ubuntu Trusty) Importance: Undecided = Low -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-ui-toolkit in Ubuntu. https://bugs.launchpad.net/bugs/1348241 Title: StateSaver serializes potentially sensitive data under /tmp, doesn’t use O_EXCL Status in Ubuntu UI Toolkit: Fix Committed Status in “ubuntu-ui-toolkit” package in Ubuntu: Fix Released Status in “ubuntu-ui-toolkit” source package in Trusty: Confirmed Status in “ubuntu-ui-toolkit” source package in Utopic: Fix Released Bug description: This issue applies to desktop only, where StateSaver serializes data in files under /tmp. On devices, confined applications have their own TMPDIR, which makes it a non-issue, as far as I understand it. StateSaver uses QSettings under the hood to persist data on disk, which issues a plain QFile::open(QFile::ReadWrite) call to open the file, which does not set the O_EXCL flag. This makes it vulnerable to symlink attacks. Using QTemporaryFile would solve this issue, but it might not be easy to do with QSettings. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-ui-toolkit/+bug/1348241/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1358251] Re: unity-panel-service crashed with SIGSEGV in panel_indicator_entry_accessible_get_n_children()
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity in Ubuntu. https://bugs.launchpad.net/bugs/1358251 Title: unity-panel-service crashed with SIGSEGV in panel_indicator_entry_accessible_get_n_children() Status in Unity: New Status in “unity” package in Ubuntu: New Bug description: disturbs me alot ProblemType: Crash DistroRelease: Ubuntu 12.04 Package: unity-services 5.20.0-0ubuntu2 ProcVersionSignature: Ubuntu 3.2.0-17.27-generic-pae 3.2.6 Uname: Linux 3.2.0-17-generic-pae i686 ApportVersion: 2.0.1-0ubuntu17.2 Architecture: i386 CompizPlugins: [core,composite,opengl,compiztoolbox,decor,vpswitch,snap,mousepoll,resize,place,move,wall,grid,regex,imgpng,session,gnomecompat,animation,fade,unitymtgrabhandles,workarounds,scale,expo,ezoom,unityshell,dbus,staticswitcher] CrashCounter: 1 CrashDB: unity Date: Mon Aug 18 14:04:37 2014 ExecutablePath: /usr/lib/unity/unity-panel-service InstallationMedia: Ubuntu 12.04 LTS Precise Pangolin - Beta i386 (20120301) MarkForUpload: True ProcCmdline: /usr/lib/unity/unity-panel-service ProcEnviron: SHELL=/bin/bash PATH=(custom, no user) LANG=en_US.UTF-8 SegvAnalysis: Segfault happened at: 0x804d0b8: cmp%eax,(%edx) PC (0x0804d0b8) ok source %eax ok destination (%edx) (0x0001ae7e) not located in a known VMA region (needed writable region)! SegvReason: writing unknown VMA Signal: 11 SourcePackage: unity StacktraceTop: ?? () atk_object_get_n_accessible_children () from /usr/lib/i386-linux-gnu/libatk-1.0.so.0 ?? () from /usr/lib/i386-linux-gnu/gtk-3.0/modules/libatk-bridge.so ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0 g_main_context_dispatch () from /lib/i386-linux-gnu/libglib-2.0.so.0 Title: unity-panel-service crashed with SIGSEGV in atk_object_get_n_accessible_children() UpgradeStatus: Upgraded to precise on 2014-03-19 (151 days ago) UserGroups: sudo To manage notifications about this bug go to: https://bugs.launchpad.net/unity/+bug/1358251/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1185665] Re: unity-panel-service crashed with signal 7
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity in Ubuntu. https://bugs.launchpad.net/bugs/1185665 Title: unity-panel-service crashed with signal 7 Status in Unity: New Status in “unity” package in Ubuntu: New Bug description: My machine hanged completely, and i have to restart it again to work. ProblemType: Crash DistroRelease: Ubuntu 12.04 Package: indicator-power 2.0-0ubuntu1 ProcVersionSignature: Ubuntu 3.2.0-29.46-generic-pae 3.2.24 Uname: Linux 3.2.0-29-generic-pae i686 ApportVersion: 2.0.1-0ubuntu12 Architecture: i386 CrashCounter: 1 CrashDB: unity Date: Thu May 30 09:17:07 2013 ExecutablePath: /usr/lib/unity/unity-panel-service InstallationMedia: Ubuntu 12.04.1 LTS Precise Pangolin - Release i386 (20120817.3) ProcCmdline: /usr/lib/unity/unity-panel-service ProcEnviron: SHELL=/bin/bash PATH=(custom, no user) LANGUAGE=en_IN:en LANG=en_IN Signal: 7 SourcePackage: indicator-power StacktraceTop: ?? () from /usr/lib/i386-linux-gnu/gio/modules/libdconfsettings.so ?? () from /usr/lib/i386-linux-gnu/gio/modules/libdconfsettings.so ?? () from /usr/lib/i386-linux-gnu/gio/modules/libdconfsettings.so ?? () from /usr/lib/i386-linux-gnu/libgio-2.0.so.0 ?? () from /usr/lib/i386-linux-gnu/libgio-2.0.so.0 Title: unity-panel-service crashed with signal 7 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo To manage notifications about this bug go to: https://bugs.launchpad.net/unity/+bug/1185665/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1365020] Re: option subject-match not working
Mathieu, Do you have any idea what this could be? ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1365020 Title: option subject-match not working Status in “network-manager” package in Ubuntu: New Bug description: NetworkManager supports checking the radius certificates used within 802.1X Infrastructures. These Options are subject-match and phase2-subject-match. However is these options are set the are read by networkmanager at connection activation, but is silently ignored. Even if the String supplied by this option is known wrong the connection can be established. This is a bis isues within wide spread WPA2-Infrastructures like eduroam where SSID on the network is well known. This issue exist in pakage Network-manager 0.9.8.8-0ubuntu7 (amd64) In other distributions like Debian 7.6 (network-mamanger 0.9.4.0-10) the option is working well. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1365020/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1366314] Re: security issue? auto suggest seems to copy credentials into clipboard
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-keyboard in Ubuntu. https://bugs.launchpad.net/bugs/1366314 Title: security issue? auto suggest seems to copy credentials into clipboard Status in “ubuntu-keyboard” package in Ubuntu: New Bug description: on todays image (krillin rtm-proposed r21) with ONLY auto suggest language option on I get: 13:57 asac 1. kill terminal 13:57 asac 2. open terminal and enter pin 13:57 asac 3. click in terminal pastes my pin :) obviously not good for security. Think might be bad. Seems its not getting to dictionary at least: 13:58 asac 4. /me uses backspace to delete 13:58 asac 5. type ls 13:58 asac 6. type first digit of pin - does not suggest my pin This doesn't happen if I turn auto suggestion off. Not sure if the paste is what doesn't happen or the clipboarding doesn't happen. Surely important to check out and know for sure. We should check other credential prompts too: pin lock screen, sim pin etc. Haven't tried, but I assume UITK password fields and browser dont have that, but might be worth checking. Thanks! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyboard/+bug/1366314/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1365336] Re: Lightdm update=No desktop
This also affects the xserver-xorg-video-vmware driver when running utopic in a VM. ** Also affects: xserver-xorg-video-vmware (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1365336 Title: Lightdm update=No desktop Status in “fglrx-installer” package in Ubuntu: In Progress Status in “fglrx-installer-updates” package in Ubuntu: In Progress Status in “lightdm” package in Ubuntu: Confirmed Status in “nvidia-graphics-drivers-304” package in Ubuntu: Fix Released Status in “nvidia-graphics-drivers-331” package in Ubuntu: Fix Released Status in “nvidia-graphics-drivers-331-updates” package in Ubuntu: Fix Released Status in “xserver-xorg-video-vmware” package in Ubuntu: New Bug description: Update to lightdm from 1.11.7-0ubuntu1 to 1.11.8-0ubuntu1 leaves me with no desktop on normal boot. Machine boots directly to tty1. Logged in at tty1 and then startx leads to a desktop that requires password to start properly and with themes unapplied. Password required to reboot machine. ProblemType: Bug DistroRelease: Ubuntu 14.10 Package: lightdm 1.11.8-0ubuntu1 ProcVersionSignature: Ubuntu 3.16.0-12.18-generic 3.16.1 Uname: Linux 3.16.0-12-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.14.7-0ubuntu1 Architecture: amd64 CurrentDesktop: XFCE Date: Thu Sep 4 08:20:14 2014 InstallationDate: Installed on 2014-07-17 (48 days ago) InstallationMedia: Xubuntu 14.10 Utopic Unicorn - Alpha amd64 (20140717) SourcePackage: lightdm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fglrx-installer/+bug/1365336/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1366790] Re: Fix for CVE-2014-1949 (GTK 3.10.x)
CVE-2014-1949 was assigned to cinnamon-screensaver. The fix for this issue actually lies in gtk+3.0, in the following commit: https://git.gnome.org/browse/gtk+/commit/?id=1691bb741d50c90ee938f0b73fe81b0ca9bfd6d4 gtk+3.0 is already fixed in utopic, and we only have connamon- screensaver in utopic. Hence, this issue doesn't have a security impact in trusty. If you would like this fixed in the gtk+3.0 package in trusty, it will need to be done through the SRU process just like other bug fixes. Please see the following for the procedure: https://wiki.ubuntu.com/StableReleaseUpdates ** Also affects: gtk+3.0 (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: gtk+3.0 (Ubuntu Utopic) Importance: Undecided Status: New ** Changed in: gtk+3.0 (Ubuntu Utopic) Status: New = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-1949 ** Changed in: gtk+3.0 (Ubuntu Trusty) Status: New = Confirmed ** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu. https://bugs.launchpad.net/bugs/1366790 Title: Fix for CVE-2014-1949 (GTK 3.10.x) Status in “gtk+3.0” package in Ubuntu: Fix Released Status in “gtk+3.0” source package in Trusty: Confirmed Status in “gtk+3.0” source package in Utopic: Fix Released Bug description: Please see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759145 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/1366790/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1365336] Re: Lightdm update=No desktop
** Attachment added: logs https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1365336/+attachment/4199604/+files/mdeslaur-logs.tar.gz -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1365336 Title: Lightdm update=No desktop Status in “fglrx-installer” package in Ubuntu: In Progress Status in “fglrx-installer-updates” package in Ubuntu: In Progress Status in “lightdm” package in Ubuntu: Confirmed Status in “nvidia-graphics-drivers-304” package in Ubuntu: Fix Released Status in “nvidia-graphics-drivers-331” package in Ubuntu: Fix Released Status in “nvidia-graphics-drivers-331-updates” package in Ubuntu: Fix Released Status in “xserver-xorg-video-vesa” package in Ubuntu: Confirmed Status in “xserver-xorg-video-vmware” package in Ubuntu: Confirmed Bug description: Update to lightdm from 1.11.7-0ubuntu1 to 1.11.8-0ubuntu1 leaves me with no desktop on normal boot. Machine boots directly to tty1. Logged in at tty1 and then startx leads to a desktop that requires password to start properly and with themes unapplied. Password required to reboot machine. ProblemType: Bug DistroRelease: Ubuntu 14.10 Package: lightdm 1.11.8-0ubuntu1 ProcVersionSignature: Ubuntu 3.16.0-12.18-generic 3.16.1 Uname: Linux 3.16.0-12-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.14.7-0ubuntu1 Architecture: amd64 CurrentDesktop: XFCE Date: Thu Sep 4 08:20:14 2014 InstallationDate: Installed on 2014-07-17 (48 days ago) InstallationMedia: Xubuntu 14.10 Utopic Unicorn - Alpha amd64 (20140717) SourcePackage: lightdm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fglrx-installer/+bug/1365336/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1365336] Re: Lightdm update=No desktop
Id=seat0 ActiveSession=c1 CanMultiSession=yes CanTTY=yes CanGraphical=no Sessions=c1 IdleHint=no IdleSinceHint=1410263200256000 IdleSinceHintMonotonic=394137924 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1365336 Title: Lightdm update=No desktop Status in “fglrx-installer” package in Ubuntu: In Progress Status in “fglrx-installer-updates” package in Ubuntu: In Progress Status in “lightdm” package in Ubuntu: Confirmed Status in “nvidia-graphics-drivers-304” package in Ubuntu: Fix Released Status in “nvidia-graphics-drivers-331” package in Ubuntu: Fix Released Status in “nvidia-graphics-drivers-331-updates” package in Ubuntu: Fix Released Status in “xserver-xorg-video-vesa” package in Ubuntu: Confirmed Status in “xserver-xorg-video-vmware” package in Ubuntu: Confirmed Bug description: Update to lightdm from 1.11.7-0ubuntu1 to 1.11.8-0ubuntu1 leaves me with no desktop on normal boot. Machine boots directly to tty1. Logged in at tty1 and then startx leads to a desktop that requires password to start properly and with themes unapplied. Password required to reboot machine. ProblemType: Bug DistroRelease: Ubuntu 14.10 Package: lightdm 1.11.8-0ubuntu1 ProcVersionSignature: Ubuntu 3.16.0-12.18-generic 3.16.1 Uname: Linux 3.16.0-12-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.14.7-0ubuntu1 Architecture: amd64 CurrentDesktop: XFCE Date: Thu Sep 4 08:20:14 2014 InstallationDate: Installed on 2014-07-17 (48 days ago) InstallationMedia: Xubuntu 14.10 Utopic Unicorn - Alpha amd64 (20140717) SourcePackage: lightdm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fglrx-installer/+bug/1365336/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1365336] Re: Lightdm update=No desktop
Here are my logs with utopic installed in kvm with the vmvga driver: seat0 Sessions: *c1 Devices: ├─/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 │ input:input0 Power Button ├─/sys/device...01.1/ata2/host1/target1:0:0/1:0:0:0/block/sr0 │ block:sr0 ├─/sys/device...a2/host1/target1:0:0/1:0:0:0/scsi_generic/sg0 │ scsi_generic:sg0 ├─/sys/devices/pci:00/:00:01.2/usb1 │ usb:usb1 ├─/sys/devices/platform/i8042/serio0/input/input1 │ input:input1 AT Translated Set 2 keyboard ├─/sys/devices/platform/i8042/serio1/input/input3 │ input:input3 ImExPS/2 Generic Explorer Mouse ├─/sys/devices/virtual/misc/kvm │ misc:kvm └─/sys/devices/virtual/misc/rfkill misc:rfkill -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1365336 Title: Lightdm update=No desktop Status in “fglrx-installer” package in Ubuntu: In Progress Status in “fglrx-installer-updates” package in Ubuntu: In Progress Status in “lightdm” package in Ubuntu: Confirmed Status in “nvidia-graphics-drivers-304” package in Ubuntu: Fix Released Status in “nvidia-graphics-drivers-331” package in Ubuntu: Fix Released Status in “nvidia-graphics-drivers-331-updates” package in Ubuntu: Fix Released Status in “xserver-xorg-video-vesa” package in Ubuntu: Confirmed Status in “xserver-xorg-video-vmware” package in Ubuntu: Confirmed Bug description: Update to lightdm from 1.11.7-0ubuntu1 to 1.11.8-0ubuntu1 leaves me with no desktop on normal boot. Machine boots directly to tty1. Logged in at tty1 and then startx leads to a desktop that requires password to start properly and with themes unapplied. Password required to reboot machine. ProblemType: Bug DistroRelease: Ubuntu 14.10 Package: lightdm 1.11.8-0ubuntu1 ProcVersionSignature: Ubuntu 3.16.0-12.18-generic 3.16.1 Uname: Linux 3.16.0-12-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.14.7-0ubuntu1 Architecture: amd64 CurrentDesktop: XFCE Date: Thu Sep 4 08:20:14 2014 InstallationDate: Installed on 2014-07-17 (48 days ago) InstallationMedia: Xubuntu 14.10 Utopic Unicorn - Alpha amd64 (20140717) SourcePackage: lightdm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fglrx-installer/+bug/1365336/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1370175] [NEW] Libav security fixes Sept 2014
*** This bug is a security vulnerability *** Public security bug reported: Libav 9.17 and 0.8.16 are out, and fix a number of critical functional and security issues (many of which have CVE identifiers assigned) http://www.libav.org/news.html ** Affects: libav (Ubuntu) Importance: Undecided Status: Confirmed ** Affects: libav (Ubuntu Precise) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: libav (Ubuntu Trusty) Importance: Undecided Status: Confirmed ** Affects: libav (Ubuntu Utopic) Importance: Undecided Status: Confirmed ** Also affects: libav (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: libav (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: libav (Ubuntu Utopic) Importance: Undecided Status: New ** Changed in: libav (Ubuntu Precise) Status: New = Confirmed ** Changed in: libav (Ubuntu Trusty) Status: New = Confirmed ** Changed in: libav (Ubuntu Utopic) Status: New = Confirmed ** Changed in: libav (Ubuntu Precise) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1370175 Title: Libav security fixes Sept 2014 Status in “libav” package in Ubuntu: Confirmed Status in “libav” source package in Precise: Confirmed Status in “libav” source package in Trusty: Confirmed Status in “libav” source package in Utopic: Confirmed Bug description: Libav 9.17 and 0.8.16 are out, and fix a number of critical functional and security issues (many of which have CVE identifiers assigned) http://www.libav.org/news.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1370175/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1371058] Re: Regression: Latest apt security update returns Hash Sum mismatch for file: URI:s
** Changed in: apt (Ubuntu Lucid) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: apt (Ubuntu Precise) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: apt (Ubuntu Trusty) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1371058 Title: Regression: Latest apt security update returns Hash Sum mismatch for file: URI:s Status in “apt” package in Ubuntu: In Progress Status in “apt” source package in Lucid: Confirmed Status in “apt” source package in Precise: Confirmed Status in “apt” source package in Trusty: Confirmed Status in “apt” source package in Utopic: In Progress Status in “apt” package in Debian: New Bug description: When running 'apt-get update' on Ubuntu Lucid using 0.7.25.3ubuntu9.16 I get Hash Sum mismatch when using file: URI:s. First time running apt-get update after cleaning /var/lib/dpkg/lists/ and /var/lib/dpkg/lists/partial it works. However the second time I get: root@crepes:/etc/apt# apt-get update Ign file:/mirrors/ubuntu/ubuntu/ lucid-security/main Translation-en_DK Ign file:/mirrors/ubuntu/ubuntu/ lucid-security/restricted Translation-en_DK Ign file:/mirrors/ubuntu/ubuntu/ lucid-security/universe Translation-en_DK Ign file:/mirrors/ubuntu/ubuntu/ lucid-security/multiverse Translation-en_DK Get:1 file: lucid-security Release.gpg [198B] Get:2 file: lucid-security Release [57,3kB] Hit http://security.ubuntu.com lucid-security Release.gpg Ign http://security.ubuntu.com/ubuntu/ lucid-security/main Translation-en_DK Ign http://security.ubuntu.com/ubuntu/ lucid-security/restricted Translation-en_DK Ign http://security.ubuntu.com/ubuntu/ lucid-security/universe Translation-en_DK Ign http://security.ubuntu.com/ubuntu/ lucid-security/multiverse Translation-en_DK Hit http://security.ubuntu.com lucid-security Release Hit http://security.ubuntu.com lucid-security/main Packages Hit http://security.ubuntu.com lucid-security/restricted Packages Hit http://security.ubuntu.com lucid-security/universe Packages Hit http://security.ubuntu.com lucid-security/multiverse Packages W: Failed to fetch file:/mirrors/ubuntu/ubuntu/dists/lucid-security/main/binary-amd64/Packages.bz2 Hash Sum mismatch W: Failed to fetch file:/mirrors/ubuntu/ubuntu/dists/lucid- security/restricted/binary-amd64/Packages.bz2 Hash Sum mismatch W: Failed to fetch file:/mirrors/ubuntu/ubuntu/dists/lucid- security/universe/binary-amd64/Packages.bz2 Hash Sum mismatch W: Failed to fetch file:/mirrors/ubuntu/ubuntu/dists/lucid- security/multiverse/binary-amd64/Packages.bz2 Hash Sum mismatch E: Some index files failed to download, they have been ignored, or old ones used instead. Runnng apt-get -o Acquire::CompressionTypes::Order=gz changing to bz2 every second it works. Reverting back to 0.7.25.3ubuntu9.15 it works. And, of course, it works if only using http: URI:s. Looks like a regression in 0.7.25.3ubuntu9.16 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1371058/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1371058] Re: Regression: Latest apt security update returns Hash Sum mismatch for file: URI:s
Thanks for testing these updates, I will be releasing them on tuesday after they have been through our QA process. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1371058 Title: Regression: Latest apt security update returns Hash Sum mismatch for file: URI:s Status in “apt” package in Ubuntu: In Progress Status in “apt” source package in Lucid: Confirmed Status in “apt” source package in Precise: Confirmed Status in “apt” source package in Trusty: Confirmed Status in “apt” source package in Utopic: In Progress Status in “apt” package in Debian: New Bug description: When running 'apt-get update' on Ubuntu Lucid using 0.7.25.3ubuntu9.16 I get Hash Sum mismatch when using file: URI:s. First time running apt-get update after cleaning /var/lib/dpkg/lists/ and /var/lib/dpkg/lists/partial it works. However the second time I get: root@crepes:/etc/apt# apt-get update Ign file:/mirrors/ubuntu/ubuntu/ lucid-security/main Translation-en_DK Ign file:/mirrors/ubuntu/ubuntu/ lucid-security/restricted Translation-en_DK Ign file:/mirrors/ubuntu/ubuntu/ lucid-security/universe Translation-en_DK Ign file:/mirrors/ubuntu/ubuntu/ lucid-security/multiverse Translation-en_DK Get:1 file: lucid-security Release.gpg [198B] Get:2 file: lucid-security Release [57,3kB] Hit http://security.ubuntu.com lucid-security Release.gpg Ign http://security.ubuntu.com/ubuntu/ lucid-security/main Translation-en_DK Ign http://security.ubuntu.com/ubuntu/ lucid-security/restricted Translation-en_DK Ign http://security.ubuntu.com/ubuntu/ lucid-security/universe Translation-en_DK Ign http://security.ubuntu.com/ubuntu/ lucid-security/multiverse Translation-en_DK Hit http://security.ubuntu.com lucid-security Release Hit http://security.ubuntu.com lucid-security/main Packages Hit http://security.ubuntu.com lucid-security/restricted Packages Hit http://security.ubuntu.com lucid-security/universe Packages Hit http://security.ubuntu.com lucid-security/multiverse Packages W: Failed to fetch file:/mirrors/ubuntu/ubuntu/dists/lucid-security/main/binary-amd64/Packages.bz2 Hash Sum mismatch W: Failed to fetch file:/mirrors/ubuntu/ubuntu/dists/lucid- security/restricted/binary-amd64/Packages.bz2 Hash Sum mismatch W: Failed to fetch file:/mirrors/ubuntu/ubuntu/dists/lucid- security/universe/binary-amd64/Packages.bz2 Hash Sum mismatch W: Failed to fetch file:/mirrors/ubuntu/ubuntu/dists/lucid- security/multiverse/binary-amd64/Packages.bz2 Hash Sum mismatch E: Some index files failed to download, they have been ignored, or old ones used instead. Runnng apt-get -o Acquire::CompressionTypes::Order=gz changing to bz2 every second it works. Reverting back to 0.7.25.3ubuntu9.15 it works. And, of course, it works if only using http: URI:s. Looks like a regression in 0.7.25.3ubuntu9.16 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1371058/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1371766] Re: Latest CVE-2014-5270 patch breaks ElGamal keys of 16k
This is an upstream decision. In fact, they've now limited the size of ElGamal keys to 4096 with the following commit: http://git.gnupg.org/cgi- bin/gitweb.cgi?p=gnupg.git;a=commit;h=aae7ec516b79e20938c56fd48fc0bc9d2116426c Another relevant Debian bug: https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=749335 ** Bug watch added: Debian Bug tracker #739424 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739424 ** Also affects: gnupg (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739424 Importance: Unknown Status: Unknown ** Bug watch added: Debian Bug tracker #749335 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749335 ** Changed in: gnupg (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gnupg in Ubuntu. https://bugs.launchpad.net/bugs/1371766 Title: Latest CVE-2014-5270 patch breaks ElGamal keys of 16k Status in “gnupg” package in Ubuntu: Confirmed Status in “gnupg” package in Debian: Unknown Bug description: I'm currenty using Ubuntu 12.04.5 LTS, 32-bit. This is what i get with GnuPG version 1.4.11-3ubuntu2.6 using Enigmail (correct behavior): 2014-09-19 13:44:09.630 [CONSOLE] enigmail /usr/bin/gpg --charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 -a -t --encrypt --encrypt-to 0x135C7291 - r 0x0B7D1987135C7291 -u 0x135C7291 2014-09-19 13:44:40.545 [DEBUG] enigmailCommon.jsm: encryptMessageEnd: uiFlags=16, sendFlags=0142, outputLen=5768 2014-09-19 13:44:40.545 [DEBUG] enigmailCommon.jsm: parseErrorOutput: status message: gpg: 0x0B7D1987135C7291: skipped: public key already present [GNUPG:] BEGIN_ENCRYPTION 2 9 [GNUPG:] END_ENCRYPTION 2014-09-19 13:44:40.548 [DEBUG] enigmailCommon.jsm: parseErrorOutput: statusFlags = 8000 2014-09-19 13:44:40.549 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.keySelection(): return toAddrStr=0x0B7D1987135C7291 bccAddrStr= 2014-09-19 13:44:40.550 [DEBUG] enigmailMsgComposeOverlay.js: hasAttachments = false 2014-09-19 13:44:40.551 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.editorGetContentAs 2014-09-19 13:44:40.551 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.replaceEditorText: 2014-09-19 13:44:40.556 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.editorInsertText 2014-09-19 13:44:40.569 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.editorInsertText 2014-09-19 13:44:40.573 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.editorGetContentAs 2014-09-19 13:44:40.574 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.editorGetCharset 2014-09-19 13:44:40.574 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.encryptMsg: charset=utf-8 2014-09-19 13:44:40.575 [DEBUG] enigmail.js: Enigmail.encryptMessage: 9 bytes from 0x135C7291 to 0x0B7D1987135C7291 (67) 2014-09-19 13:44:40.575 [DEBUG] enigmailCommon.jsm: encryptMessageStart: uiFlags=1, from 0x135C7291 to 0x0B7D1987135C7291, hashAlgorithm=null (0043) 2014-09-19 13:44:40.575 [DEBUG] enigmailCommon.jsm: getEncryptCommand: hashAlgorithm=null 2014-09-19 13:44:40.577 enigmailCommon.jsm: execStart: command = /usr/bin/gpg --charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 -a -t --encrypt --sign --encrypt-to 0x135C7291 -r 0x0B7D1987135C7291 -u 0x135C7291, needPassphrase=1, domWindow=[object ChromeWindow], listener=[object Object] 2014-09-19 13:44:40.577 [DEBUG] enigmailCommon.jsm: getPassphrase: 2014-09-19 13:44:40.578 [CONSOLE] enigmail /usr/bin/gpg --charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 -a -t --encrypt --sign --encrypt-to 0x135C7291 -r 0x0B7D1987135C7291 -u 0x135C7291 --use-agent 2014-09-19 13:45:15.448 [DEBUG] enigmailCommon.jsm: encryptMessageEnd: uiFlags=1, sendFlags=0043, outputLen=5906 2014-09-19 13:45:15.448 [DEBUG] enigmailCommon.jsm: parseErrorOutput: status message: [GNUPG:] USERID_HINT 0B7D1987135C7291 Ciaby ci...@autistici.org [GNUPG:] NEED_PASSPHRASE 0B7D1987135C7291 0B7D1987135C7291 17 0 [GNUPG:] GOOD_PASSPHRASE gpg: 0x0B7D1987135C7291: skipped: public key already present [GNUPG:] BEGIN_SIGNING [GNUPG:] SIG_CREATED S 17 10 01 1411152280 D0178161A8FA6E506BD07C000B7D1987135C7291 [GNUPG:] BEGIN_ENCRYPTION 2 9 [GNUPG:] END_ENCRYPTION This is what i get with GnuPG version 1.4.11-3ubuntu2.7 using Enigmail (incorrect behavior): 2014-09-18 22:41:19.504 [CONSOLE] enigmail /usr/bin/gpg --charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 -a -t --encrypt --sign --encrypt-to 0x135 C7291 -r 0x834AC0577A169C63 -u 0x135C7291 --use-agent 2014-09-18 22:41:37.732 [DEBUG] enigmailCommon.jsm: encryptMessageEnd: uiFlags=1, sendFlags=0043, outputLen=0 2014-09-18 22:41:37.733 [DEBUG] enigmailCommon.jsm: parseErrorOutput: status message: [GNUPG:] USERID_HINT 0B7D1987135C7291 Ciaby ci...@autistici.org [GNUPG:] NEED_PASSPHRASE
[Touch-packages] [Bug 1372410] [NEW] NSS version in stable releases contain outdated CA certs
*** This bug is a security vulnerability *** Public security bug reported: NSS in stable releases is at 3.15.4, which contains outdated CA certificates. ** Affects: nss (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: nss (Ubuntu Lucid) Importance: Undecided Status: New ** Affects: nss (Ubuntu Precise) Importance: Undecided Status: New ** Affects: nss (Ubuntu Trusty) Importance: Undecided Status: New ** Affects: nss (Ubuntu Utopic) Importance: Undecided Status: Fix Released ** Also affects: nss (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: nss (Ubuntu Utopic) Importance: Undecided Status: New ** Also affects: nss (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: nss (Ubuntu Trusty) Importance: Undecided Status: New ** Changed in: nss (Ubuntu Utopic) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1372410 Title: NSS version in stable releases contain outdated CA certs Status in “nss” package in Ubuntu: Fix Released Status in “nss” source package in Lucid: New Status in “nss” source package in Precise: New Status in “nss” source package in Trusty: New Status in “nss” source package in Utopic: Fix Released Bug description: NSS in stable releases is at 3.15.4, which contains outdated CA certificates. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1372410/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1372410] Re: NSS version in stable releases contain outdated CA certs
Updated have now been released: http://www.ubuntu.com/usn/usn-2350-1/ ** Changed in: nss (Ubuntu Lucid) Status: New = Fix Released ** Changed in: nss (Ubuntu Precise) Status: New = Fix Released ** Changed in: nss (Ubuntu Trusty) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1372410 Title: NSS version in stable releases contain outdated CA certs Status in “nss” package in Ubuntu: Fix Released Status in “nss” source package in Lucid: Fix Released Status in “nss” source package in Precise: Fix Released Status in “nss” source package in Trusty: Fix Released Status in “nss” source package in Utopic: Fix Released Bug description: NSS in stable releases is at 3.15.4, which contains outdated CA certificates. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1372410/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1358727] Re: LibNss Bug 962760 affects usability of Chrome
NSS has now been updated to 3.17 in all supported releases: http://www.ubuntu.com/usn/usn-2350-1/ As such, I am closing this bug. Feel free to reopen it if the update didn't solve the issue. ** Changed in: nss (Ubuntu) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1358727 Title: LibNss Bug 962760 affects usability of Chrome Status in Network Security Services (NSS): Fix Released Status in “nss” package in Ubuntu: Fix Released Bug description: I'm affected by https://bugzilla.mozilla.org/show_bug.cgi?id=962760 because intranet CAs are using name constraints which are incorrectly evaluated. The Chrome browser at version 37 is showing a name constraints violation, which shouldn't be there. Could you please consider upgrading the library or backporting the fix? Thanks. To manage notifications about this bug go to: https://bugs.launchpad.net/nss/+bug/1358727/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1371766] Re: Latest CVE-2014-5270 patch breaks ElGamal keys of 16k
Please report this issue to the gnupg project at the following link, and link the bug here: https://bugs.g10code.com/ -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gnupg in Ubuntu. https://bugs.launchpad.net/bugs/1371766 Title: Latest CVE-2014-5270 patch breaks ElGamal keys of 16k Status in “gnupg” package in Ubuntu: Confirmed Status in “gnupg” package in Debian: New Bug description: I'm currenty using Ubuntu 12.04.5 LTS, 32-bit. This is what i get with GnuPG version 1.4.11-3ubuntu2.6 using Enigmail (correct behavior): 2014-09-19 13:44:09.630 [CONSOLE] enigmail /usr/bin/gpg --charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 -a -t --encrypt --encrypt-to 0x135C7291 - r 0x0B7D1987135C7291 -u 0x135C7291 2014-09-19 13:44:40.545 [DEBUG] enigmailCommon.jsm: encryptMessageEnd: uiFlags=16, sendFlags=0142, outputLen=5768 2014-09-19 13:44:40.545 [DEBUG] enigmailCommon.jsm: parseErrorOutput: status message: gpg: 0x0B7D1987135C7291: skipped: public key already present [GNUPG:] BEGIN_ENCRYPTION 2 9 [GNUPG:] END_ENCRYPTION 2014-09-19 13:44:40.548 [DEBUG] enigmailCommon.jsm: parseErrorOutput: statusFlags = 8000 2014-09-19 13:44:40.549 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.keySelection(): return toAddrStr=0x0B7D1987135C7291 bccAddrStr= 2014-09-19 13:44:40.550 [DEBUG] enigmailMsgComposeOverlay.js: hasAttachments = false 2014-09-19 13:44:40.551 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.editorGetContentAs 2014-09-19 13:44:40.551 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.replaceEditorText: 2014-09-19 13:44:40.556 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.editorInsertText 2014-09-19 13:44:40.569 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.editorInsertText 2014-09-19 13:44:40.573 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.editorGetContentAs 2014-09-19 13:44:40.574 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.editorGetCharset 2014-09-19 13:44:40.574 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.encryptMsg: charset=utf-8 2014-09-19 13:44:40.575 [DEBUG] enigmail.js: Enigmail.encryptMessage: 9 bytes from 0x135C7291 to 0x0B7D1987135C7291 (67) 2014-09-19 13:44:40.575 [DEBUG] enigmailCommon.jsm: encryptMessageStart: uiFlags=1, from 0x135C7291 to 0x0B7D1987135C7291, hashAlgorithm=null (0043) 2014-09-19 13:44:40.575 [DEBUG] enigmailCommon.jsm: getEncryptCommand: hashAlgorithm=null 2014-09-19 13:44:40.577 enigmailCommon.jsm: execStart: command = /usr/bin/gpg --charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 -a -t --encrypt --sign --encrypt-to 0x135C7291 -r 0x0B7D1987135C7291 -u 0x135C7291, needPassphrase=1, domWindow=[object ChromeWindow], listener=[object Object] 2014-09-19 13:44:40.577 [DEBUG] enigmailCommon.jsm: getPassphrase: 2014-09-19 13:44:40.578 [CONSOLE] enigmail /usr/bin/gpg --charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 -a -t --encrypt --sign --encrypt-to 0x135C7291 -r 0x0B7D1987135C7291 -u 0x135C7291 --use-agent 2014-09-19 13:45:15.448 [DEBUG] enigmailCommon.jsm: encryptMessageEnd: uiFlags=1, sendFlags=0043, outputLen=5906 2014-09-19 13:45:15.448 [DEBUG] enigmailCommon.jsm: parseErrorOutput: status message: [GNUPG:] USERID_HINT 0B7D1987135C7291 Ciaby ci...@autistici.org [GNUPG:] NEED_PASSPHRASE 0B7D1987135C7291 0B7D1987135C7291 17 0 [GNUPG:] GOOD_PASSPHRASE gpg: 0x0B7D1987135C7291: skipped: public key already present [GNUPG:] BEGIN_SIGNING [GNUPG:] SIG_CREATED S 17 10 01 1411152280 D0178161A8FA6E506BD07C000B7D1987135C7291 [GNUPG:] BEGIN_ENCRYPTION 2 9 [GNUPG:] END_ENCRYPTION This is what i get with GnuPG version 1.4.11-3ubuntu2.7 using Enigmail (incorrect behavior): 2014-09-18 22:41:19.504 [CONSOLE] enigmail /usr/bin/gpg --charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 -a -t --encrypt --sign --encrypt-to 0x135 C7291 -r 0x834AC0577A169C63 -u 0x135C7291 --use-agent 2014-09-18 22:41:37.732 [DEBUG] enigmailCommon.jsm: encryptMessageEnd: uiFlags=1, sendFlags=0043, outputLen=0 2014-09-18 22:41:37.733 [DEBUG] enigmailCommon.jsm: parseErrorOutput: status message: [GNUPG:] USERID_HINT 0B7D1987135C7291 Ciaby ci...@autistici.org [GNUPG:] NEED_PASSPHRASE 0B7D1987135C7291 0B7D1987135C7291 17 0 [GNUPG:] GOOD_PASSPHRASE gpg: out of secure memory while allocating 2048 bytes gpg: (this may be caused by too many secret keys used simultaneously or due to excessive large key sizes) Obviously, the latest security patch breaks ElGamal encryption with large keys (in this case, 16384 bytes). Although GnuPG doesn't allow to generate these keys, the PGP standard (and GnuPG itself) supports large key sizes. Please review the latest patch and make sure that all key sizes are supported. To manage notifications about this bug go to:
[Touch-packages] [Bug 1371058] Re: Regression: Latest apt security update returns Hash Sum mismatch for file: URI:s
** Changed in: apt (Ubuntu Trusty) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1371058 Title: Regression: Latest apt security update returns Hash Sum mismatch for file: URI:s Status in “apt” package in Ubuntu: In Progress Status in “apt” source package in Lucid: Fix Released Status in “apt” source package in Precise: Fix Released Status in “apt” source package in Trusty: Fix Released Status in “apt” source package in Utopic: In Progress Status in “apt” package in Debian: New Bug description: When running 'apt-get update' on Ubuntu Lucid using 0.7.25.3ubuntu9.16 I get Hash Sum mismatch when using file: URI:s. First time running apt-get update after cleaning /var/lib/dpkg/lists/ and /var/lib/dpkg/lists/partial it works. However the second time I get: root@crepes:/etc/apt# apt-get update Ign file:/mirrors/ubuntu/ubuntu/ lucid-security/main Translation-en_DK Ign file:/mirrors/ubuntu/ubuntu/ lucid-security/restricted Translation-en_DK Ign file:/mirrors/ubuntu/ubuntu/ lucid-security/universe Translation-en_DK Ign file:/mirrors/ubuntu/ubuntu/ lucid-security/multiverse Translation-en_DK Get:1 file: lucid-security Release.gpg [198B] Get:2 file: lucid-security Release [57,3kB] Hit http://security.ubuntu.com lucid-security Release.gpg Ign http://security.ubuntu.com/ubuntu/ lucid-security/main Translation-en_DK Ign http://security.ubuntu.com/ubuntu/ lucid-security/restricted Translation-en_DK Ign http://security.ubuntu.com/ubuntu/ lucid-security/universe Translation-en_DK Ign http://security.ubuntu.com/ubuntu/ lucid-security/multiverse Translation-en_DK Hit http://security.ubuntu.com lucid-security Release Hit http://security.ubuntu.com lucid-security/main Packages Hit http://security.ubuntu.com lucid-security/restricted Packages Hit http://security.ubuntu.com lucid-security/universe Packages Hit http://security.ubuntu.com lucid-security/multiverse Packages W: Failed to fetch file:/mirrors/ubuntu/ubuntu/dists/lucid-security/main/binary-amd64/Packages.bz2 Hash Sum mismatch W: Failed to fetch file:/mirrors/ubuntu/ubuntu/dists/lucid- security/restricted/binary-amd64/Packages.bz2 Hash Sum mismatch W: Failed to fetch file:/mirrors/ubuntu/ubuntu/dists/lucid- security/universe/binary-amd64/Packages.bz2 Hash Sum mismatch W: Failed to fetch file:/mirrors/ubuntu/ubuntu/dists/lucid- security/multiverse/binary-amd64/Packages.bz2 Hash Sum mismatch E: Some index files failed to download, they have been ignored, or old ones used instead. Runnng apt-get -o Acquire::CompressionTypes::Order=gz changing to bz2 every second it works. Reverting back to 0.7.25.3ubuntu9.15 it works. And, of course, it works if only using http: URI:s. Looks like a regression in 0.7.25.3ubuntu9.16 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1371058/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1354110] Re: Merge openssl 1.0.1i-2 (main) from Debian unstable (main)
It's much too late in the 14.10 cycle to merge this. I will look at it again once 15.04 opens. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1354110 Title: Merge openssl 1.0.1i-2 (main) from Debian unstable (main) Status in “openssl” package in Ubuntu: Confirmed Bug description: debdiff attached To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1354110/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 347611] Re: evolution crashed with SIGSEGV in NSSRWLock_LockRead_Util()
Ubuntu 9.04 has been end-of-life for a long time now. I'm closing this bug, please feel free to open a new one if you can reproduce this issue with a current version of Ubuntu. ** Changed in: nss (Ubuntu) Status: New = Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/347611 Title: evolution crashed with SIGSEGV in NSSRWLock_LockRead_Util() Status in “nss” package in Ubuntu: Won't Fix Bug description: Binary package hint: evolution Dont have a clue what caused this. I closed evolution and then I got this bug report. ProblemType: Crash Architecture: amd64 DistroRelease: Ubuntu 9.04 ExecutablePath: /usr/bin/evolution NonfreeKernelModules: nvidia Package: evolution 2.26.0-0ubuntu2 ProcCmdline: evolution --component=mail ProcEnviron: LANG=en_IE.UTF-8 SHELL=/bin/bash Signal: 11 SourcePackage: evolution StacktraceTop: NSSRWLock_LockRead_Util () PK11_TokenExists () from /usr/lib/libnss3.so ?? () from /usr/lib/libssl3.so ?? () from /usr/lib/libssl3.so ?? () from /usr/lib/libssl3.so Title: evolution crashed with SIGSEGV in NSSRWLock_LockRead_Util() Uname: Linux 2.6.28-11-generic x86_64 UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/347611/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 523113] Re: missing manpages for nss tools
** Bug watch added: Debian Bug tracker #505382 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505382 ** Also affects: nss (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505382 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/523113 Title: missing manpages for nss tools Status in “nss” package in Ubuntu: Confirmed Status in “nss” package in Debian: Unknown Bug description: Missing manpages on binary tools included in libnss3-tools: certutilk, modutil, pk12util, shlibsign, signtool and ssltap. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/523113/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1167255] Re: No standard documentation for certutil
*** This bug is a duplicate of bug 523113 *** https://bugs.launchpad.net/bugs/523113 ** Bug watch added: Debian Bug tracker #505382 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505382 ** Also affects: nss (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505382 Importance: Unknown Status: Unknown ** Changed in: nss (Ubuntu) Status: New = Confirmed ** This bug has been marked a duplicate of bug 523113 missing manpages for nss tools -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1167255 Title: No standard documentation for certutil Status in “nss” package in Ubuntu: Confirmed Status in “nss” package in Debian: Unknown Bug description: On a vanilla installation, there doesn't seem to be any documentation installed with the `certutil` tool - none of the following commands yield a manual or pointers to where a manual could be found: man certutil apropos certutil info certutil locate certutil apt-cache search certutil certutil -H The last command provides a verbose parameter reference, but the familiar man page sections with a synopsis, prose description, examples, known bugs, longer option explanations and the like are missing, and there's no pointer to a fuller reference. Googling revealed https://www.mozilla.org/projects/security/pki/nss/tools/certutil.html, which looks great, but it would be great to have an offline reference. ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: libnss3-tools 3.14.3-0ubuntu0.12.04.1 ProcVersionSignature: Ubuntu 3.5.0-27.46~precise1-generic 3.5.7.7 Uname: Linux 3.5.0-27-generic x86_64 ApportVersion: 2.0.1-0ubuntu17.1 Architecture: amd64 Date: Wed Apr 10 11:49:18 2013 InstallationMedia: Ubuntu 12.04.2 LTS Precise Pangolin - Release amd64 (20130213) MarkForUpload: True SourcePackage: nss UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1167255/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 557180] Re: taxbird crashed with SIGSEGV in CERT_NewTempCertificate()
Are you able to reproduce this with Ubuntu 14.04 LTS? ** Changed in: nss (Ubuntu) Status: New = Incomplete ** Changed in: taxbird (Ubuntu) Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/557180 Title: taxbird crashed with SIGSEGV in CERT_NewTempCertificate() Status in “nss” package in Ubuntu: Incomplete Status in “taxbird” package in Ubuntu: Incomplete Bug description: Binary package hint: taxbird This happened when I tried to send a test case and clicked apply at the end of the sending dialog. taxbird-print helper got called afterwards, taxbird crashed. I tried to reproduce it, but couldn't get it to crash another time. ProblemType: Crash DistroRelease: Ubuntu 10.04 Package: taxbird 0.15-1 ProcVersionSignature: Ubuntu 2.6.32-19.28-generic 2.6.32.10+drm33.1 Uname: Linux 2.6.32-19-generic x86_64 Architecture: amd64 CheckboxSubmission: adfe912a677b9e8917f88ee91fbea346 CheckboxSystem: b1865df84255b8716d3bcc269ff410d1 Date: Wed Apr 7 11:28:00 2010 ExecutablePath: /usr/bin/taxbird ProcCmdline: taxbird ProcEnviron: SHELL=/bin/bash LANG=de_DE.utf8 SegvAnalysis: Segfault happened at: 0x7f990b067670:mov0x28(%rdi),%rdi PC (0x7f990b067670) ok source 0x28(%rdi) (0x0028) not located in a known VMA region (needed readable region)! destination %rdi ok SegvReason: reading NULL VMA Signal: 11 SourcePackage: taxbird StacktraceTop: ?? () from /usr/lib/libnss3.so CERT_NewTempCertificate () from /usr/lib/libnss3.so CERT_DecodeCertFromPackage () ?? () from /usr/lib/libgeier.so.0 geier_pkcs7_encrypt () from /usr/lib/libgeier.so.0 Title: taxbird crashed with SIGSEGV in CERT_NewTempCertificate() UserGroups: adm admin cdrom dialout disk lpadmin plugdev sambashare To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/557180/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 348372] Re: nspluginviewer crashed with SIGSEGV in PL_HashTableLookupConst()
This was reported using a version of Ubuntu that has been out of support for a long time. As such, I am closing this bug. Please feel free to open a new bug if you can reproduce the issue with Ubuntu 14.04 LTS. ** Changed in: nspr (Ubuntu) Status: Confirmed = Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nspr in Ubuntu. https://bugs.launchpad.net/bugs/348372 Title: nspluginviewer crashed with SIGSEGV in PL_HashTableLookupConst() Status in “nspr” package in Ubuntu: Won't Fix Bug description: The information that nspluginviewer crashes poped up on bootup. No application had yet been launched. ProblemType: Crash Architecture: i386 DistroRelease: Ubuntu 9.04 ExecutablePath: /usr/bin/nspluginviewer Package: konqueror-nsplugins 4:4.2.1-0ubuntu6 ProcCmdline: /usr/bin/nspluginviewer -dbusservice org.kde.nspluginviewer-3761 ProcEnviron: LANG=de_DE.UTF-8 SHELL=/bin/bash LANGUAGE= Signal: 11 SourcePackage: kdebase StacktraceTop: PL_HashTableLookupConst () from /usr/lib/libplds4.so SECOID_FindOID_Util () from /usr/lib/libnssutil3.so NSS_CMSContentInfo_GetContentTypeTag () ?? () from /usr/lib/libsmime3.so SEC_ASN1DecoderUpdate_Util () from /usr/lib/libnssutil3.so Title: nspluginviewer crashed with SIGSEGV in PL_HashTableLookupConst() Uname: Linux 2.6.28-11-generic i686 UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nspr/+bug/348372/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 512847] Re: NSS_VersionCheck fails to work as intended
This bug was reported against an ancient version of nss, and it was reported fixed against nspr 4.7.5. We currently have 4.10.7 in all supported Ubuntu release. As such, I am closing this bug. If you can reproduce with a current version, please file a new bug. Thanks! ** Changed in: nspr (Ubuntu) Status: New = Fix Released ** Changed in: nss (Ubuntu) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/512847 Title: NSS_VersionCheck fails to work as intended Status in “nspr” package in Ubuntu: Fix Released Status in “nss” package in Ubuntu: Fix Released Bug description: Release: 8.04 Version: 3.12.3.1-0ubuntu0.8.04.2 NSS_VersionCheck doesn't seem to work properly. Calling it with 3.12.3 should return true, but doesn't. I've attached a test program demonstrating this. This was found in relation to http://code.google.com/p/chromium/issues/detail?id=33163 which means it'll start causing problems with newer versions of Chrome sooner or later To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nspr/+bug/512847/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1161374] Re: package libnspr4 4.9.5-0ubuntu0.12.04.1 failed to install/upgrade: ошибка записи в «стандартный вывод»: Победа
nspr has been updated to 4.10.7 in all supported versions of Ubuntu. Are you still able to reproduce this issue? ** Changed in: nspr (Ubuntu) Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nspr in Ubuntu. https://bugs.launchpad.net/bugs/1161374 Title: package libnspr4 4.9.5-0ubuntu0.12.04.1 failed to install/upgrade: ошибка записи в «стандартный вывод»: Победа Status in “nspr” package in Ubuntu: Incomplete Bug description: OS is stable. I can work. ProblemType: Package DistroRelease: Ubuntu 12.04 Package: libnspr4 4.9.5-0ubuntu0.12.04.1 ProcVersionSignature: Ubuntu 3.5.0-23.35~precise1-generic 3.5.7.2 Uname: Linux 3.5.0-23-generic x86_64 ApportVersion: 2.0.1-0ubuntu17.1 Architecture: amd64 Date: Wed Mar 27 15:27:11 2013 ErrorMessage: ошибка записи в «стандартный вывод»: Победа MarkForUpload: True SourcePackage: nspr Title: package libnspr4 4.9.5-0ubuntu0.12.04.1 failed to install/upgrade: ошибка записи в «стандартный вывод»: Победа UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nspr/+bug/1161374/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1155295] Re: nspr needs to be updated for nss 3.14.3
We now have nspr 4.10.7 in all supported versions of Ubuntu. ** Changed in: nspr (Ubuntu) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nspr in Ubuntu. https://bugs.launchpad.net/bugs/1155295 Title: nspr needs to be updated for nss 3.14.3 Status in “nspr” package in Ubuntu: Fix Released Bug description: ... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nspr/+bug/1155295/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1169481] Re: package libnss3 3.14.3-0ubuntu0.12.04.1 failed to install/upgrade: error writing to 'standard output': Success
nss has been updated to 3.17 in all supported versions of Ubuntu. Are you able to reproduce this issue with 3.17? ** Changed in: nss (Ubuntu) Status: Confirmed = Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1169481 Title: package libnss3 3.14.3-0ubuntu0.12.04.1 failed to install/upgrade: error writing to 'standard output': Success Status in “nss” package in Ubuntu: Incomplete Bug description: unknown problem ProblemType: Package DistroRelease: Ubuntu 12.04 Package: libnss3 3.14.3-0ubuntu0.12.04.1 ProcVersionSignature: Ubuntu 3.2.0-29.46-generic 3.2.24 Uname: Linux 3.2.0-29-generic x86_64 ApportVersion: 2.0.1-0ubuntu12 Architecture: amd64 Date: Tue Apr 16 14:13:05 2013 ErrorMessage: error writing to 'standard output': Success InstallationMedia: Ubuntu 12.04.1 LTS Precise Pangolin - Release amd64 (20120823.1) SourcePackage: nss Title: package libnss3 3.14.3-0ubuntu0.12.04.1 failed to install/upgrade: error writing to 'standard output': Success UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1169481/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1349465] Re: Please sync libxml2 (main) 2.9.1+dfsg1-4 from Debian testing (main)
This bug was fixed in the package libxml2 - 2.9.1+dfsg1-4 Sponsored for Aron Xu (happyaron) --- libxml2 (2.9.1+dfsg1-4) unstable; urgency=low [ Christian Svensson ] * Do not build-depend on readline (Closes: #742350) [ Daniel Schepler ] * Patch to bootstrap without python (Closes: #738080) [ Helmut Grohne ] * Drop unneeded B-D on perl and binutils (Closes: #753005) [ Adam Conrad ] * Actually run dh_autoreconf, which the old/new mixed rules file misses. [ Matthias Klose ] * Add patch to fix python multiarch issue * Allow the package to cross-build by tweaking B-Ds on python * Set PYTHON_LIBS for cross builds [ Aron Xu ] * Use correct $CC * Configure udeb without python * New round of cherry-picking upstream fixes - Includes fixes for CVE-2014-0191 (Closes: #747309). * Call prename with -vf * Require python-all-dev (= 2.7.5-5~) * Bump std-ver: 3.9.4 - 3.9.5, no change -- Aron Xu a...@debian.org Wed, 09 Jul 2014 05:40:15 +0800 ** Changed in: libxml2 (Ubuntu) Status: New = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-0191 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libxml2 in Ubuntu. https://bugs.launchpad.net/bugs/1349465 Title: Please sync libxml2 (main) 2.9.1+dfsg1-4 from Debian testing (main) Status in “libxml2” package in Ubuntu: Fix Released Bug description: Please sync libxml2 (main) 2.9.1+dfsg1-4 from Debian testing (main) Why Ubuntu delta can be dropped: all changes are merged into Debian. libxml2 (2.9.1+dfsg1-4) unstable; urgency=low [ Christian Svensson ] * Do not build-depend on readline (Closes: #742350) [ Daniel Schepler ] * Patch to bootstrap without python (Closes: #738080) [ Helmut Grohne ] * Drop unneeded B-D on perl and binutils (Closes: #753005) [ Adam Conrad ] * Actually run dh_autoreconf, which the old/new mixed rules file misses. [ Matthias Klose ] * Add patch to fix python multiarch issue * Allow the package to cross-build by tweaking B-Ds on python * Set PYTHON_LIBS for cross builds [ Aron Xu ] * Use correct $CC * Configure udeb without python * New round of cherry-picking upstream fixes - Includes fixes for CVE-2014-0191 (Closes: #747309). * Call prename with -vf * Require python-all-dev (= 2.7.5-5~) * Bump std-ver: 3.9.4 - 3.9.5, no change -- Aron Xu a...@debian.org Wed, 09 Jul 2014 05:40:15 +0800 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1349465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1310690] Re: Lock screen password field does not capture key press - password is disclosed in background application
You need to install your security updates to get unity 7.2.2+14.04.20140714-0ubuntu1.1 See: http://www.ubuntu.com/usn/usn-2303-1/ -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity in Ubuntu. https://bugs.launchpad.net/bugs/1310690 Title: Lock screen password field does not capture key press - password is disclosed in background application Status in Unity: Expired Status in “unity” package in Ubuntu: Expired Bug description: The new lockscreen in Ubuntu 14.04 is really nice, however I noticed (by 2 times already) that the password field doesn't capture the key presses sometimes. Key presses are not registered by the field and it looks like it is frozen (except by the cursor blinking). What I had to do when this happened was to wait until the tentative expires (screen goes blank) and then try again - then it worked. However the application running in the foregroung (or background, if you consider the lockscreen is on top) received the key presses, i.e, my whole password - you can imagine the implications if it was a chat window. I'm using 14.04, upgraded by 04/17 from 12.04 - all packages updated. To manage notifications about this bug go to: https://bugs.launchpad.net/unity/+bug/1310690/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1351616] Re: Ubuntu 14.04: multi-touch screen can cause desktop to unlock
** Package changed: unity (Ubuntu) = xorg (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubuntu. https://bugs.launchpad.net/bugs/1351616 Title: Ubuntu 14.04: multi-touch screen can cause desktop to unlock Status in “xorg” package in Ubuntu: Confirmed Bug description: Steps to reproduce on a laptop with a multitouch screen (in my case, a Lenovo X1 Carbon Gen 2): 1. Lock the desktop. 2. Start lightly tapping away on the laptop screen and triggering various bogus multitouch events. 3. The Xorg issue reported in https://bugs.launchpad.net/ubuntu/+source/xserver-xorg-input-evdev/+bug/1121379 will eventually trigger and gnome-session will crash 4. You are able to view the unlocked desktop, and have limited keyboard/mouse access to the desktop. The issue seems to be similar to https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572 , which is marked fixed, but it looks like in the event of a crash the screen can still become unlocked. Relevant logs: == /var/log/auth.log == Aug 2 09:14:10 SOMEHOST compiz: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or director y Aug 2 09:14:10 SOMEHOST compiz: PAM adding faulty module: pam_kwallet.so Aug 2 09:14:10 SOMEHOST compiz: pam_succeed_if(lightdm:auth): requirement user ingroup nopasswdlogin not met by user SOMEUSER == /var/log/syslog == Aug 2 09:14:24 SOMEHOST gnome-session[2065]: WARNING: App 'compiz.desktop' respawning too quickly Aug 2 09:14:24 SOMEHOST gnome-session[2065]: WARNING: App 'compiz.desktop' exited with code 1 Aug 2 09:14:24 SOMEHOST gnome-session[2065]: WARNING: App 'compiz.desktop' respawning too quickly == /var/log/Xorg.0.log == [ 445.600] (EE) Backtrace: [ 445.600] (EE) 0: /usr/bin/X (xorg_backtrace+0x48) [0x7f6921bd8c78] [ 445.600] (EE) 1: /usr/bin/X (0x7f6921a3+0x7d3e7) [0x7f6921aad3e7] [ 445.600] (EE) 2: /usr/bin/X (0x7f6921a3+0x138845) [0x7f6921b68845] [ 445.600] (EE) 3: /usr/bin/X (0x7f6921a3+0x138357) [0x7f6921b68357] [ 445.600] (EE) 4: /usr/bin/X (0x7f6921a3+0x13afa2) [0x7f6921b6afa2] [ 445.601] (EE) 5: /usr/bin/X (0x7f6921a3+0x15c1d4) [0x7f6921b8c1d4] [ 445.601] (EE) 6: /usr/bin/X (mieqProcessDeviceEvent+0x1cd) [0x7f6921bbb0cd] [ 445.601] (EE) 7: /usr/bin/X (mieqProcessInputEvents+0xf7) [0x7f6921bbb1e7] [ 445.601] (EE) 8: /usr/bin/X (ProcessInputEvents+0x9) [0x7f6921ac2fe9] [ 445.601] (EE) 9: /usr/bin/X (0x7f6921a3+0x55802) [0x7f6921a85802] [ 445.601] (EE) 10: /usr/bin/X (0x7f6921a3+0x5994a) [0x7f6921a8994a] [ 445.601] (EE) 11: /lib/x86_64-linux-gnu/libc.so.6 (__libc_start_main+0xf5) [0x7f691f56cec5] [ 445.601] (EE) 12: /usr/bin/X (0x7f6921a3+0x44e7e) [0x7f6921a74e7e] [ 445.601] (EE) [ 445.724] (EE) BUG: triggered 'if (!(event-device_event.flags (1 5)))' [ 445.724] (EE) BUG: ../../dix/touch.c:644 in TouchConvertToPointerEvent() [ 445.724] (EE) Non-emulating touch event [ 445.725] (EE) [ 445.725] (EE) Backtrace: [ 445.725] (EE) 0: /usr/bin/X (xorg_backtrace+0x48) [0x7f6921bd8c78] [ 445.725] (EE) 1: /usr/bin/X (0x7f6921a3+0x7d3e7) [0x7f6921aad3e7] [ 445.725] (EE) 2: /usr/bin/X (0x7f6921a3+0x138845) [0x7f6921b68845] [ 445.725] (EE) 3: /usr/bin/X (0x7f6921a3+0x138357) [0x7f6921b68357] [ 445.725] (EE) 4: /usr/bin/X (0x7f6921a3+0x13afa2) [0x7f6921b6afa2] [ 445.726] (EE) 5: /usr/bin/X (0x7f6921a3+0x15c1d4) [0x7f6921b8c1d4] [ 445.726] (EE) 6: /usr/bin/X (mieqProcessDeviceEvent+0x1cd) [0x7f6921bbb0cd] [ 445.726] (EE) 7: /usr/bin/X (mieqProcessInputEvents+0xf7) [0x7f6921bbb1e7] [ 445.726] (EE) 8: /usr/bin/X (ProcessInputEvents+0x9) [0x7f6921ac2fe9] [ 445.726] (EE) 9: /usr/bin/X (0x7f6921a3+0x558c6) [0x7f6921a858c6] [ 445.726] (EE) 10: /usr/bin/X (0x7f6921a3+0x5994a) [0x7f6921a8994a] [ 445.726] (EE) 11: /lib/x86_64-linux-gnu/libc.so.6 (__libc_start_main+0xf5) [0x7f691f56cec5] [ 445.726] (EE) 12: /usr/bin/X (0x7f6921a3+0x44e7e) [0x7f6921a74e7e] [ 445.727] (EE) [ 450.837] (II) AIGLX: Suspending AIGLX clients for VT switch To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1351616/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname
** Changed in: eglibc (Ubuntu) Assignee: TJ (tj) = Marc Deslauriers (mdeslaur) ** Also affects: eglibc (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: eglibc (Ubuntu Utopic) Importance: Critical Assignee: Marc Deslauriers (mdeslaur) Status: In Progress ** Also affects: eglibc (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: eglibc (Ubuntu Precise) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to eglibc in Ubuntu. https://bugs.launchpad.net/bugs/1352504 Title: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname Status in “eglibc” package in Ubuntu: In Progress Status in “eglibc” source package in Lucid: New Status in “eglibc” source package in Precise: New Status in “eglibc” source package in Trusty: New Status in “eglibc” source package in Utopic: In Progress Bug description: After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to getservbyname() are causing segfaults; backtrace attached. I suspect a failure in debian/patches/any/CVE-2013-4357.diff nscd is installed and in use as a caching layer for openldap, which use used for passwd, group, and shadow but not services. Needless to say, a security update that causes a regression which makes 'apt-get' segfault is quite unfortunate. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname
** Changed in: eglibc (Ubuntu Trusty) Status: New = Invalid ** Changed in: eglibc (Ubuntu Utopic) Status: In Progress = Invalid ** Changed in: eglibc (Ubuntu Precise) Status: New = Invalid ** Changed in: eglibc (Ubuntu Lucid) Importance: Undecided = Critical ** Changed in: eglibc (Ubuntu Utopic) Importance: Critical = Undecided ** Changed in: eglibc (Ubuntu Utopic) Assignee: Marc Deslauriers (mdeslaur) = (unassigned) ** Changed in: eglibc (Ubuntu Lucid) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to eglibc in Ubuntu. https://bugs.launchpad.net/bugs/1352504 Title: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname Status in “eglibc” package in Ubuntu: Invalid Status in “eglibc” source package in Lucid: New Status in “eglibc” source package in Precise: Invalid Status in “eglibc” source package in Trusty: Invalid Status in “eglibc” source package in Utopic: Invalid Bug description: After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to getservbyname() are causing segfaults; backtrace attached. I suspect a failure in debian/patches/any/CVE-2013-4357.diff nscd is installed and in use as a caching layer for openldap, which use used for passwd, group, and shadow but not services. Needless to say, a security update that causes a regression which makes 'apt-get' segfault is quite unfortunate. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to eglibc in Ubuntu. https://bugs.launchpad.net/bugs/1352504 Title: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname Status in “eglibc” package in Ubuntu: Invalid Status in “eglibc” source package in Lucid: New Status in “eglibc” source package in Precise: Invalid Status in “eglibc” source package in Trusty: Invalid Status in “eglibc” source package in Utopic: Invalid Bug description: After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to getservbyname() are causing segfaults; backtrace attached. I suspect a failure in debian/patches/any/CVE-2013-4357.diff nscd is installed and in use as a caching layer for openldap, which use used for passwd, group, and shadow but not services. Needless to say, a security update that causes a regression which makes 'apt-get' segfault is quite unfortunate. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname
I am currently preparing an updated package, and will put it in the following PPA: https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/+packages Once it is built, as soon as someone can test it and make sure it solves the issue, I will publish it. Does anyone have steps to reproduce the issue? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to eglibc in Ubuntu. https://bugs.launchpad.net/bugs/1352504 Title: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname Status in “eglibc” package in Ubuntu: Invalid Status in “eglibc” source package in Lucid: Confirmed Status in “eglibc” source package in Precise: Invalid Status in “eglibc” source package in Trusty: Invalid Status in “eglibc” source package in Utopic: Invalid Bug description: After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to getservbyname() are causing segfaults; backtrace attached. I suspect a failure in debian/patches/any/CVE-2013-4357.diff nscd is installed and in use as a caching layer for openldap, which use used for passwd, group, and shadow but not services. Needless to say, a security update that causes a regression which makes 'apt-get' segfault is quite unfortunate. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname
Is everyone that is hitting this issue running nscd with ldap? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to eglibc in Ubuntu. https://bugs.launchpad.net/bugs/1352504 Title: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname Status in “eglibc” package in Ubuntu: Invalid Status in “eglibc” source package in Lucid: Confirmed Status in “eglibc” source package in Precise: Invalid Status in “eglibc” source package in Trusty: Invalid Status in “eglibc” source package in Utopic: Invalid Bug description: After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to getservbyname() are causing segfaults; backtrace attached. I suspect a failure in debian/patches/any/CVE-2013-4357.diff nscd is installed and in use as a caching layer for openldap, which use used for passwd, group, and shadow but not services. Needless to say, a security update that causes a regression which makes 'apt-get' segfault is quite unfortunate. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname
The amd64 packages have finished building in the following PPA: https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/+packages Could someone who can reproduce please test them and see if they solve the issue? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to eglibc in Ubuntu. https://bugs.launchpad.net/bugs/1352504 Title: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname Status in “eglibc” package in Ubuntu: Invalid Status in “eglibc” source package in Lucid: Confirmed Status in “eglibc” source package in Precise: Invalid Status in “eglibc” source package in Trusty: Invalid Status in “eglibc” source package in Utopic: Invalid Bug description: After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to getservbyname() are causing segfaults; backtrace attached. I suspect a failure in debian/patches/any/CVE-2013-4357.diff nscd is installed and in use as a caching layer for openldap, which use used for passwd, group, and shadow but not services. Needless to say, a security update that causes a regression which makes 'apt-get' segfault is quite unfortunate. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname
Thanks for testing everyone! As soon as all the build are finished, I'll release it as a security regression fix. Sorry for the inconvenience. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to eglibc in Ubuntu. https://bugs.launchpad.net/bugs/1352504 Title: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname Status in “eglibc” package in Ubuntu: Invalid Status in “eglibc” source package in Lucid: Confirmed Status in “eglibc” source package in Precise: Invalid Status in “eglibc” source package in Trusty: Invalid Status in “eglibc” source package in Utopic: Invalid Bug description: After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to getservbyname() are causing segfaults; backtrace attached. I suspect a failure in debian/patches/any/CVE-2013-4357.diff nscd is installed and in use as a caching layer for openldap, which use used for passwd, group, and shadow but not services. Needless to say, a security update that causes a regression which makes 'apt-get' segfault is quite unfortunate. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname
The regression will be announced on the ubuntu-security-announce mailing list. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to eglibc in Ubuntu. https://bugs.launchpad.net/bugs/1352504 Title: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname Status in “eglibc” package in Ubuntu: Invalid Status in “eglibc” source package in Lucid: Confirmed Status in “eglibc” source package in Precise: Invalid Status in “eglibc” source package in Trusty: Invalid Status in “eglibc” source package in Utopic: Invalid Bug description: After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to getservbyname() are causing segfaults; backtrace attached. I suspect a failure in debian/patches/any/CVE-2013-4357.diff nscd is installed and in use as a caching layer for openldap, which use used for passwd, group, and shadow but not services. Needless to say, a security update that causes a regression which makes 'apt-get' segfault is quite unfortunate. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname
You need to wait until the packages are available in the archive...probably in ~20 minutes, then the regular update and dist- upgrade should work after you're stopped nscd. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to eglibc in Ubuntu. https://bugs.launchpad.net/bugs/1352504 Title: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname Status in “eglibc” package in Ubuntu: Invalid Status in “eglibc” source package in Lucid: Fix Released Status in “eglibc” source package in Precise: Invalid Status in “eglibc” source package in Trusty: Invalid Status in “eglibc” source package in Utopic: Invalid Bug description: After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to getservbyname() are causing segfaults; backtrace attached. I suspect a failure in debian/patches/any/CVE-2013-4357.diff nscd is installed and in use as a caching layer for openldap, which use used for passwd, group, and shadow but not services. Needless to say, a security update that causes a regression which makes 'apt-get' segfault is quite unfortunate. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1352504] Re: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname
you need to run apt-get update to refresh the list of packages from the mirror, and then apt-get dist-upgrade to install all available updates. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to eglibc in Ubuntu. https://bugs.launchpad.net/bugs/1352504 Title: Regression in 2.11.1-0ubuntu7.14; segfault in getservbyname Status in “eglibc” package in Ubuntu: Invalid Status in “eglibc” source package in Lucid: Fix Released Status in “eglibc” source package in Precise: Invalid Status in “eglibc” source package in Trusty: Invalid Status in “eglibc” source package in Utopic: Invalid Bug description: After taking security updates to 2.11.1-0ubuntu7.14 on Lucid, calls to getservbyname() are causing segfaults; backtrace attached. I suspect a failure in debian/patches/any/CVE-2013-4357.diff nscd is installed and in use as a caching layer for openldap, which use used for passwd, group, and shadow but not services. Needless to say, a security update that causes a regression which makes 'apt-get' segfault is quite unfortunate. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1352504/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1349128] Re: Ubuntu 14.04 lock screen doesn't accept keyboard input and sends it back to the underlying window (until using indicators)
This bug is now fixed in both trusty and utopic. Please install your updates. If you see an issue after making sure all updates are applied and restarting your computer, please file a new bug. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity in Ubuntu. https://bugs.launchpad.net/bugs/1349128 Title: Ubuntu 14.04 lock screen doesn't accept keyboard input and sends it back to the underlying window (until using indicators) Status in Unity: Fix Committed Status in Unity 7.2 series: In Progress Status in “unity” package in Ubuntu: Fix Released Status in “unity” source package in Trusty: Fix Released Bug description: After upgrading to Unity version 7.2.2+14.04.20140714-0ubuntu1 on Trusty, the lockscreen sometimes fails to take the keyboard focus away from Chrome. This might happen if there's a text selection in Chrome, and also when resuming after suspend. It doesn't always happen, as this is a race condition, but it's easy to reproduce by selecting the location bar in Chrome and then locking the screen. Workaround: click on any indicator in the upper right corner, and close the menu. After that, keyboard input is sent to the lockscreen again. To manage notifications about this bug go to: https://bugs.launchpad.net/unity/+bug/1349128/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1354714] Re: buffer overrun in kadmind with ldap backend
This bug was fixed in the package krb5 - 1.12.1+dfsg-7 Sponsored for Sam Hartman (hartmans) --- krb5 (1.12.1+dfsg-7) unstable; urgency=high * Apply upstream's patch for CVE-2014-4345 (MITKRB5-SA-2014-001), buffer overrun in kadmind with LDAP backend, Closes: #757416 -- Benjamin Kaduk ka...@mit.edu Thu, 07 Aug 2014 18:33:37 -0400 ** Changed in: krb5 (Ubuntu) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1354714 Title: buffer overrun in kadmind with ldap backend Status in “krb5” package in Ubuntu: Fix Released Status in “krb5” package in Debian: Unknown Bug description: Fix LDAP key data segmentation [CVE-2014-4345] For principal entries having keys with multiple kvnos (due to use of -keepold), the LDAP KDB module makes an attempt to store all the keys having the same kvno into a single krbPrincipalKey attribute value. There is a fencepost error in the loop, causing currkvno to be set to the just-processed value instead of the next kvno. As a result, the second and all following groups of multiple keys by kvno are each stored in two krbPrincipalKey attribute values. Fix the loop to use the correct kvno value. CVE-2014-4345: In MIT krb5, when kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause it to perform an out-of-bounds write (buffer overrun) by performing multiple cpw -keepold operations. An off-by-one error while copying key information to the new database entry results in keys sharing a common kvno being written to different array buckets, in an array whose size is determined by the number of kvnos present. After sufficient iterations, the extra writes extend past the end of the (NULL-terminated) array. The NULL terminator is always written after the end of the loop, so no out-of-bounds data is read, it is only written. Historically, it has been possible to convert an out-of-bounds write into remote code execution in some cases, though the necessary exploits must be tailored to the individual application and are usually quite complicated. Depending on the allocated length of the array, an out-of-bounds write may also cause a segmentation fault and/or application crash. CVSSv2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1354714/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1354755] Re: Libav security fixes Aug 2014
Ah, yes, I seem to have forgotten to update libav-extra once again. I'll push out an update in a few minutes. ** Changed in: libav-extra (Ubuntu Precise) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: libav (Ubuntu Trusty) Status: In Progress = Fix Released ** Changed in: libav (Ubuntu) Status: Confirmed = Fix Released ** Changed in: libav-extra (Ubuntu) Status: New = Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1354755 Title: Libav security fixes Aug 2014 Status in “libav” package in Ubuntu: Fix Released Status in “libav-extra” package in Ubuntu: Invalid Status in “libav” source package in Precise: Fix Released Status in “libav-extra” source package in Precise: Confirmed Status in “libav” source package in Trusty: Fix Released Status in “libav-extra” source package in Trusty: Invalid Bug description: Trusty should get version 9.16: version 9.16: - vp3: Copy all 3 frames for thread updates (CVE-2011-3934) - mpegts: Do not try to write a PMT larger than SECTION_SIZE (CVE-2014-2263) - mpegts: Define the section length with a constant - error_concealment: avoid using the picture if not fully setup (CVE-2013-0860) - svq1: do not modify the input packet - cdgraphics: do not return 0 from the decode function - cdgraphics: switch to bytestream2 (CVE-2013-3674) - huffyuvdec: check width size for yuv422p (CVE-2013-0848) - mmvideo: check horizontal coordinate too (CVE-2013-3672) - wmalosslessdec: fix mclms_coeffs* array size (CVE-2014-2098) - lavc: Check the image size before calling get_buffer (CVE-2011-3935) - huffyuv: Check and propagate function return values (CVE-2013-0868) - h264: prevent theoretical infinite loop in SEI parsing (CVE-2011-3946) - h264_sei: check SEI size - pgssubdec: Check RLE size before copying (CVE-2013-0852) - fate: Add dependencies for dct/fft/mdct/rdft tests - video4linux2: Avoid a floating point exception - vf_select: Drop a debug av_log with an unchecked double to enum conversion - eamad: use the bytestream2 API instead of AV_RL (CVE-2013-0851) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1354755/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1354755] Re: Libav security fixes Aug 2014
OK, updated libav-extra has been published. ** Changed in: libav-extra (Ubuntu Precise) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1354755 Title: Libav security fixes Aug 2014 Status in “libav” package in Ubuntu: Fix Released Status in “libav-extra” package in Ubuntu: Invalid Status in “libav” source package in Precise: Fix Released Status in “libav-extra” source package in Precise: Fix Released Status in “libav” source package in Trusty: Fix Released Status in “libav-extra” source package in Trusty: Invalid Bug description: Trusty should get version 9.16: version 9.16: - vp3: Copy all 3 frames for thread updates (CVE-2011-3934) - mpegts: Do not try to write a PMT larger than SECTION_SIZE (CVE-2014-2263) - mpegts: Define the section length with a constant - error_concealment: avoid using the picture if not fully setup (CVE-2013-0860) - svq1: do not modify the input packet - cdgraphics: do not return 0 from the decode function - cdgraphics: switch to bytestream2 (CVE-2013-3674) - huffyuvdec: check width size for yuv422p (CVE-2013-0848) - mmvideo: check horizontal coordinate too (CVE-2013-3672) - wmalosslessdec: fix mclms_coeffs* array size (CVE-2014-2098) - lavc: Check the image size before calling get_buffer (CVE-2011-3935) - huffyuv: Check and propagate function return values (CVE-2013-0868) - h264: prevent theoretical infinite loop in SEI parsing (CVE-2011-3946) - h264_sei: check SEI size - pgssubdec: Check RLE size before copying (CVE-2013-0852) - fate: Add dependencies for dct/fft/mdct/rdft tests - video4linux2: Avoid a floating point exception - vf_select: Drop a debug av_log with an unchecked double to enum conversion - eamad: use the bytestream2 API instead of AV_RL (CVE-2013-0851) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1354755/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1356843] Re: ccs received early
So from the irc discussion: two servers, one Ubuntu 10.04, and one Ubuntu 12.04. Both are using postfix. The 12.04 server is running postfix 2.9.6-1~12.04.1. 10.04 is running openssl 0.9.8k-7ubuntu8.20 and 12.04 is running openssl 1.0.1-4ubuntu5.17. The 10.04 is sending mail to the 12.04 server. The 10.04 is getting the following in the log: TLS library problem: 25971:error:14094085:SSL routines:SSL3_READ_BYTES:ccs received early:s3_pkt.c:1146 The 12.04 is getting the following: lost connection after STARTTLS -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1356843 Title: ccs received early Status in “openssl” package in Ubuntu: New Bug description: Postfix is causing a TLS error, when relaying mails with TLS encryption: warning: TLS library problem: 31807:error:14094085:SSL routines:SSL3_READ_BYTES:ccs received early:s3_pkt.c:1146: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1356843/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1320422] Re: Please merge dbus 1.8.2-1 (main) from Debian testing (main)
@laney: The patches have already been submitted and reviewed upstream here: https://bugs.freedesktop.org/show_bug.cgi?id=75113 ** Bug watch added: freedesktop.org Bugzilla #75113 https://bugs.freedesktop.org/show_bug.cgi?id=75113 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dbus in Ubuntu. https://bugs.launchpad.net/bugs/1320422 Title: Please merge dbus 1.8.2-1 (main) from Debian testing (main) Status in “dbus” package in Ubuntu: In Progress Bug description: I'm working on a debdiff to resync our dbus package with the current version in Debian testing. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/1320422/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1356843] Re: ccs received early
The 10.04 server is running postfix 2.7.0-1ubuntu0.2 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1356843 Title: ccs received early Status in “openssl” package in Ubuntu: New Bug description: Postfix is causing a TLS error, when relaying mails with TLS encryption: warning: TLS library problem: 31807:error:14094085:SSL routines:SSL3_READ_BYTES:ccs received early:s3_pkt.c:1146: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1356843/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1356843] Re: ccs received early
I have reproduced this issue. It looks like something may be wrong with openssl in Ubuntu 12.04. Attached is a packet capture that shows 12.04 sending a CCS before a Server Key Exchange for some reason. ** Attachment added: problem.pcap https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1356843/+attachment/4178514/+files/problem.pcap -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1356843 Title: ccs received early Status in “openssl” package in Ubuntu: New Bug description: Postfix is causing a TLS error, when relaying mails with TLS encryption: warning: TLS library problem: 31807:error:14094085:SSL routines:SSL3_READ_BYTES:ccs received early:s3_pkt.c:1146: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1356843/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1356843] Re: ccs received early
Actually, I believe I'm reading that wrong, disregard my last comment. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1356843 Title: ccs received early Status in “openssl” package in Ubuntu: New Bug description: Postfix is causing a TLS error, when relaying mails with TLS encryption: warning: TLS library problem: 31807:error:14094085:SSL routines:SSL3_READ_BYTES:ccs received early:s3_pkt.c:1146: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1356843/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1382133] Re: Issue with servers with SSLv3 disabled due to Poodle
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/1382133 Title: Issue with servers with SSLv3 disabled due to Poodle Status in “evolution-data-server” package in Ubuntu: Fix Released Status in “evolution-data-server” source package in Precise: In Progress Status in “evolution-data-server” source package in Trusty: In Progress Bug description: [ Description ] Cannot connect to servers with SSLv3 disabled, with a message Cannot communicate securely with peer: no common encryption algorithm(s). [ QA ] Try to connect to a server with SSLv3 disabled and see if you can retrieve mail (and that it errors before the update). [ Regression potential ] Might enable a different set of SSL/TLS versions, check with different servers. [ Original report ] Evolution developers asked me to relay that there is a fix to this issue available, please see https://mail.gnome.org/archives/evolution- list/2014-October/msg00113.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/evolution-data-server/+bug/1382133/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1376249] Re: Ubuntu Mate 14.10 Beta2 Upowerd package error message during boot
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a regular (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to upower in Ubuntu. https://bugs.launchpad.net/bugs/1376249 Title: Ubuntu Mate 14.10 Beta2 Upowerd package error message during boot Status in “upower” package in Ubuntu: New Bug description: Error message during boot-up of Ubuntu Mate 14.10 Beta2. No further information. ProblemType: Crash DistroRelease: Ubuntu 14.10 Package: upower 0.9.23-2ubuntu2 ProcVersionSignature: Ubuntu 3.16.0-18.25-generic 3.16.3 Uname: Linux 3.16.0-18-generic x86_64 ApportVersion: 2.14.7-0ubuntu2 Architecture: amd64 Date: Wed Oct 1 07:55:04 2014 ExecutablePath: /usr/lib/upower/upowerd InstallationDate: Installed on 2014-09-26 (4 days ago) InstallationMedia: Ubuntu MATE 14.10 Utopic Unicorn - beta2 amd64 (20140925) ProcCmdline: /usr/lib/upower/upowerd ProcEnviron: SegvAnalysis: Skipped: missing required field Disassembly Signal: 11 SourcePackage: upower UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/upower/+bug/1376249/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1378071] Re: bash crashed with SIGSEGV in strlen()
This should be fixed now by:
http://www.ubuntu.com/usn/usn-2380-1/
** Changed in: bash (Ubuntu)
Status: New = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1378071
Title:
bash crashed with SIGSEGV in strlen()
Status in “bash” package in Ubuntu:
Fix Released
Bug description:
Tried to run vulnerability tester for ShellShock:
curl https://shellshocker.net/shellshock_test.sh | bash
ProblemType: Crash
DistroRelease: Ubuntu 14.10
Package: bash 4.3-10ubuntu1
ProcVersionSignature: Ubuntu 3.16.0-20.27-generic 3.16.3
Uname: Linux 3.16.0-20-generic x86_64
ApportVersion: 2.14.7-0ubuntu3
Architecture: amd64
Date: Mon Oct 6 15:20:52 2014
ExecutablePath: /bin/bash
InstallationDate: Installed on 2014-10-03 (3 days ago)
InstallationMedia: Xubuntu 14.10 Utopic Unicorn - Alpha amd64 (20140923)
ProcCmdline: bash -c f()\ {\ x()\ {\ _;};\ x()\ {\ _;}\ a;\ }
ProcEnviron:
TERM=xterm
SHELL=/bin/bash
PATH=(custom, no user)
LANG=en_US.UTF-8
SegvAnalysis:
Segfault happened at: 0x7fa67ca5c564 strlen+148: pcmpeqb (%rax),%xmm8
PC (0x7fa67ca5c564) ok
source (%rax) (0xdfdfdfdfdfdfdfc0) not located in a known VMA region
(needed readable region)!
destination %xmm8 ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: bash
StacktraceTop:
strlen () at ../sysdeps/x86_64/strlen.S:137
copy_redirect ()
copy_redirects ()
copy_command ()
copy_function_def_contents ()
Title: bash crashed with SIGSEGV in strlen()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1378071/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
@khaled-blah: please file a new bug, you are not supposed to see reboot notifications when openssl gets upgraded on a desktop system. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. Status in “openssl” package in Ubuntu: Fix Released Bug description: The postinst script for libssl0.9.8 currently has a bug where it sends a reboot notifcation whenever libssl is configured. So reconfiguring libssl0.9.8 or even just installing libssl0.9.8 will result in a reboot notification. Sending of the reboot notification should definitely be moved inside the upgrading guard. The correct fix is likely to move it inside a version comparison guard for particular important updates like Colin suggests below -- this is what every other standard package using notify-reboot-required does. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1371170] Re: information disclosure: clipboard contents can be obtained without user knowledge
** Description changed: Currently, the clipboard is implemented such that all apps can access the contents at any time. The clipboard contents should only be given to apps based on user driven input (eg, a paste operation). Attack scenario: 1. user launches malicious app 'baz' that polls the clipboard for contents 2. user launches legitimate app 'foo', at which point 'baz' is backgrounded 3. user selects some text and puts it into the clipboard 4. user opens legitimate app 'bar' and pastes text 5. user foregrounds 'baz' which now has access to the clipboard contents In the above, users can understand that 'foo' and 'bar' have access to the text put in the clipboard. However, it is unexpected that 'baz' also has access since the user didn't paste the text into it. As it is currently implemented, there is no clipboard timeout, so the contents will persist through the session (unless changed by another copy operation). Application lifecycle will help a little, but not fully since whenever an app is foregrounded, it can the contents of the keyboard. In the short term, we should require that only a foregrounded app whould be able to get clipboard contents. Push helpers should have an explicit deny to the (upcoming) DBus clipboard access. Background apps should not be allowed to push content into the clipboard (application lifecycle deals with this, but we need this for the future). Ideally this would be handled via wholly user-driven interactions. While this could be achieved via keyboard driven interactions, it is difficult with toolkit driven interactions (ie, 'Paste' from a menu is necessarily a pull operation). One idea is not to block access but instead make users aware of the clipboard access (eg, an overlay that says Pasted from clipboard and then fades out)-- this should be as unobtrusive as possible. + + Another idea is to implement paste in the input method menu, and make + that the official way for users to paste inside applications, rather + than use menu items or toolbar buttons. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1371170 Title: information disclosure: clipboard contents can be obtained without user knowledge Status in Mir: New Status in “apparmor-easyprof-ubuntu” package in Ubuntu: Fix Released Status in “content-hub” package in Ubuntu: New Status in “mir” package in Ubuntu: New Status in “unity8” package in Ubuntu: New Bug description: Currently, the clipboard is implemented such that all apps can access the contents at any time. The clipboard contents should only be given to apps based on user driven input (eg, a paste operation). Attack scenario: 1. user launches malicious app 'baz' that polls the clipboard for contents 2. user launches legitimate app 'foo', at which point 'baz' is backgrounded 3. user selects some text and puts it into the clipboard 4. user opens legitimate app 'bar' and pastes text 5. user foregrounds 'baz' which now has access to the clipboard contents In the above, users can understand that 'foo' and 'bar' have access to the text put in the clipboard. However, it is unexpected that 'baz' also has access since the user didn't paste the text into it. As it is currently implemented, there is no clipboard timeout, so the contents will persist through the session (unless changed by another copy operation). Application lifecycle will help a little, but not fully since whenever an app is foregrounded, it can the contents of the keyboard. In the short term, we should require that only a foregrounded app whould be able to get clipboard contents. Push helpers should have an explicit deny to the (upcoming) DBus clipboard access. Background apps should not be allowed to push content into the clipboard (application lifecycle deals with this, but we need this for the future). Ideally this would be handled via wholly user-driven interactions. While this could be achieved via keyboard driven interactions, it is difficult with toolkit driven interactions (ie, 'Paste' from a menu is necessarily a pull operation). One idea is not to block access but instead make users aware of the clipboard access (eg, an overlay that says Pasted from clipboard and then fades out)-- this should be as unobtrusive as possible. Another idea is to implement paste in the input method menu, and make that the official way for users to paste inside applications, rather than use menu items or toolbar buttons. To manage notifications about this bug go to: https://bugs.launchpad.net/mir/+bug/1371170/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help :
[Touch-packages] [Bug 1039420] Re: NTP security vulnerability because not using authentication by default
Unfortunately, ntp autokey is broken and insecure, it can't be used to provide any additional security. http://zero-entropy.de/autokey_analysis.pdf The only solution for the moment is for system administrators to set up their own symmetric keys with their own ntp server. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1039420 Title: NTP security vulnerability because not using authentication by default Status in “ntp” package in Ubuntu: Confirmed Bug description: Ubuntu implements so much security one way or another. So much defenses against network level man in the middle or malicious proxies or wifi hotspots. Cryptographic verification generally works well but there is one big drawback: it requires correct date/time. NTP in Ubuntu does not use any authentication by default, although it is supported by NTP. I conclude, that almost no one is using authenticated NTP, because there are no instructions in a forum or blog how to enable NTP authentication. Therefore almost everyone uses standard configuration and is at risk. An adversary can tamper with the unauthenticated NTP replies and put the users time several years back, especially, but not limited, if the bios battery or hardware clock is defect. That issue becomes more relevant with new devices like RP, which do not even have a hardware clock. Putting the clock several years back allows an adversary to use already revoked, broken, expired certificates; replay old, broken, outdated, known vulnerable updates etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1039420/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1382559] Re: adbd does not check the screen state before allowing a connection
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to android-tools in Ubuntu. https://bugs.launchpad.net/bugs/1382559 Title: adbd does not check the screen state before allowing a connection Status in “android-tools” package in Ubuntu: Confirmed Bug description: according to https://wiki.ubuntu.com/SecurityAndPrivacySettings/ProtectingUserData adbd should only allow a connection attempt to succeed when teh screen is unlocked. adbd currently does not do this and needs to be fixed. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/android-tools/+bug/1382559/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1358827] Re: /etc/bash.bashrc checks for admin instead of sudo group
** Changed in: bash (Ubuntu) Status: New = Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1358827 Title: /etc/bash.bashrc checks for admin instead of sudo group Status in “bash” package in Ubuntu: Fix Committed Bug description: Since ubuntu 12.04 sudo group is used for granting root privileges. AFAIK admin group was retained for backward compatibility only, at least Server Guige for Ubuntu 14.04 says that one should use sudo group for root access. Currently /etc/bash.bashrc check only for admin group. If the user belong to admin group, hint message on how to get root access may be printed. I think bashrc should check for sudo group also. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1358827/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 983810] Re: libxml2 security update fails to address problem and breaks thread-safety
Introduced by: https://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a Fixed by: https://git.gnome.org/browse/libxml2/commit/dict.c?id=379ebc1d774865fa92f2a8d80cc4da65cbe19998 https://git.gnome.org/browse/libxml2/commit/dict.c?id=e7715a5963afebfb027120db6914926ec9a7373d ** Also affects: libxml2 (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: libxml2 (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: libxml2 (Ubuntu Precise) Importance: Undecided Status: New ** Changed in: libxml2 (Ubuntu Trusty) Status: New = Fix Released ** Changed in: libxml2 (Ubuntu) Status: Triaged = Fix Released ** Changed in: libxml2 (Ubuntu Lucid) Status: New = Confirmed ** Changed in: libxml2 (Ubuntu Precise) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libxml2 in Ubuntu. https://bugs.launchpad.net/bugs/983810 Title: libxml2 security update fails to address problem and breaks thread- safety Status in libxml2: New Status in “libxml2” package in Ubuntu: Fix Released Status in “libxml2” source package in Lucid: Confirmed Status in “libxml2” source package in Precise: Confirmed Status in “libxml2” source package in Trusty: Fix Released Status in “libxml2” package in Debian: New Bug description: Using libxml2 2.7.8.dfsg-4ubuntu0.2 from (K)Ubuntu 11.10. In an attempt to address oCERT 2011-003, libxml2 now seeds its hash table with using rand(). This is broken and lame: Firstly, srand() and rand() are not thread-safe, even though libxml2 is supposed to be thread-safe (when adequately initialized by the program). The fix is easy: replace srand() with a variable assignment, and replace rand() with rand_r(). Secondly, using time(NULL) as a seed totally misses the point. It is trivial for a potential attacker to guess the value of time(NULL). That's the current UTC current time rounded to the second. To manage notifications about this bug go to: https://bugs.launchpad.net/libxml2/+bug/983810/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1387347] [NEW] sudo doesn't check for sudo group
Public bug reported: In Ubuntu, sudo is built with --enable-admin-flag to create the ~/.sudo_as_admin_successful after being run the first time. At some point, to align with Debian, the group changed from admin to sudo, so this no longer works. A recent bash upload has fixed printing the blurb about using sudo in the terminal, but since the flag file isn't being created, the blurb always gets printed. ** Affects: sudo (Ubuntu) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: New ** Changed in: sudo (Ubuntu) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/1387347 Title: sudo doesn't check for sudo group Status in “sudo” package in Ubuntu: New Bug description: In Ubuntu, sudo is built with --enable-admin-flag to create the ~/.sudo_as_admin_successful after being run the first time. At some point, to align with Debian, the group changed from admin to sudo, so this no longer works. A recent bash upload has fixed printing the blurb about using sudo in the terminal, but since the flag file isn't being created, the blurb always gets printed. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1387347/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1373270] Re: Ubuntu 14.04 fails to pass login screen after dbus:amd64-1.6.18-0ubuntu4.2 update
What desktop environment is this with? Could you attach your dpkg.log file? ** Changed in: dbus (Ubuntu) Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dbus in Ubuntu. https://bugs.launchpad.net/bugs/1373270 Title: Ubuntu 14.04 fails to pass login screen after dbus:amd64-1.6.18-0ubuntu4.2 update Status in “dbus” package in Ubuntu: Incomplete Bug description: Ubuntu 14.04 fails to pass login screen after dbus:amd64-1.6.18-0ubuntu4.2 update. Downgrading to *=0ubuntu4 solves the issue. .xsession-errors log tells that processes started and stopped immediately. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/1373270/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1373270] Re: Ubuntu 14.04 fails to pass login screen after dbus:amd64-1.6.18-0ubuntu4.2 update
Did you also get the libdbus packages? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dbus in Ubuntu. https://bugs.launchpad.net/bugs/1373270 Title: Ubuntu 14.04 fails to pass login screen after dbus:amd64-1.6.18-0ubuntu4.2 update Status in “dbus” package in Ubuntu: Incomplete Bug description: Ubuntu 14.04 fails to pass login screen after dbus:amd64-1.6.18-0ubuntu4.2 update. Downgrading to *=0ubuntu4 solves the issue. .xsession-errors log tells that processes started and stopped immediately. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/1373270/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1373781] Re: bash CVE-2014-6271 fix does NOT work
Proposed patch for CVE-2014-7169 here:
http://www.openwall.com/lists/oss-security/2014/09/25/10
I am building bash updates for Ubuntu containing the proposed fix here
and will publish them once the fix has been made official:
https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages
** Information type changed from Private Security to Public Security
** Summary changed:
- bash CVE-2014-6271 fix does NOT work
+ bash incomplete fix for CVE-2014-6271
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1373781
Title:
bash incomplete fix for CVE-2014-6271
Status in “bash” package in Ubuntu:
New
Bug description:
The fixes for CVE-2014-6271 do NOT work! Security vuln, but should be
public, this is known already.
Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.1
Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.2
Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.1
Testcase:
rm -f echo env -i X='() { (a)=\' bash -c 'echo id'; cat echo
expected output:
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
id
actual output:
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
uid=0(root) gid=0(root) groups=0(root)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1374207] Re: CVE-2014-7169 fix not effective on trusty
There was a build issue with the Ubuntu 14.04 package, and I am in the
process of fixing it now. An update will be released within the hour.
The other releases should be ok.
** Changed in: bash (Ubuntu)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
** Also affects: bash (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: bash (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: bash (Ubuntu Utopic)
Importance: Undecided
Assignee: Marc Deslauriers (mdeslaur)
Status: Confirmed
** Also affects: bash (Ubuntu Precise)
Importance: Undecided
Status: New
** Changed in: bash (Ubuntu Lucid)
Status: New = Fix Released
** Changed in: bash (Ubuntu Precise)
Status: New = Fix Released
** Changed in: bash (Ubuntu Trusty)
Status: New = In Progress
** Changed in: bash (Ubuntu Utopic)
Status: Confirmed = In Progress
** Changed in: bash (Ubuntu Trusty)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1374207
Title:
CVE-2014-7169 fix not effective on trusty
Status in “bash” package in Ubuntu:
In Progress
Status in “bash” source package in Lucid:
Fix Released
Status in “bash” source package in Precise:
Fix Released
Status in “bash” source package in Trusty:
In Progress
Status in “bash” source package in Utopic:
In Progress
Bug description:
I can reproduce the testcase from 1373781 with bash 4.3-7ubuntu1.2 on
trusty. The patch did NOT fix it, unfortunately.
rtucker@racer-x:~$ rm -f echo env -i X='() { (a)=\' bash -c 'echo id';
cat echo
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
uid=1000(rtucker) gid=1000(rtucker)
groups=1000(rtucker),4(adm),6(disk),24(cdrom),27(sudo),30(dip),46(plugdev),112(lpadmin),119(sambashare)
rtucker@racer-x:~$ bash --version
GNU bash, version 4.3.11(1)-release (x86_64-pc-linux-gnu)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
rtucker@racer-x:~$ apt-cache policy bash
bash:
Installed: 4.3-7ubuntu1.2
Candidate: 4.3-7ubuntu1.2
Version table:
*** 4.3-7ubuntu1.2 0
500 http://mirrors.linode.com/ubuntu/ trusty-updates/main amd64
Packages
500 http://mirrors.linode.com/ubuntu/ trusty-security/main amd64
Packages
100 /var/lib/dpkg/status
4.3-6ubuntu1 0
500 http://mirrors.linode.com/ubuntu/ trusty/main amd64 Packages
precise does seem fixed, however:
rtucker@barleywine:~$ rm -f echo env -i X='() { (a)=\' bash -c 'echo id';
cat echo
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
id
cat: echo: No such file or directory
rtucker@barleywine:~$ bash --version
GNU bash, version 4.2.25(1)-release (x86_64-pc-linux-gnu)
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
rtucker@barleywine:~$ apt-cache policy bash
bash:
Installed: 4.2-2ubuntu2.3
Candidate: 4.2-2ubuntu2.3
Version table:
*** 4.2-2ubuntu2.3 0
500 http://mirrors.linode.com/ubuntu/ precise-updates/main amd64
Packages
500 http://mirrors.linode.com/ubuntu/ precise-security/main amd64
Packages
500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64
Packages
500 http://us.archive.ubuntu.com/ubuntu/ precise-updates/main amd64
Packages
100 /var/lib/dpkg/status
4.2-2ubuntu2 0
500 http://mirrors.linode.com/ubuntu/ precise/main amd64 Packages
500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1374207/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1373781] Re: bash incomplete fix for CVE-2014-6271
Fumihito YOSHIDA (hito),
We are awaiting comments from the upstream bash developer about the OOB
memory fixes, and the variable isolation hardening. We will address
those in a later bash update.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1373781
Title:
bash incomplete fix for CVE-2014-6271
Status in “bash” package in Ubuntu:
In Progress
Status in “bash” source package in Lucid:
Fix Released
Status in “bash” source package in Precise:
Fix Released
Status in “bash” source package in Trusty:
Fix Released
Status in “bash” source package in Utopic:
In Progress
Bug description:
The fixes for CVE-2014-6271 do NOT work! Security vuln, but should be
public, this is known already.
Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.1
Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.2
Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.1
Testcase:
rm -f echo env -i X='() { (a)=\' bash -c 'echo id'; cat echo
expected output:
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
id
actual output:
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
uid=0(root) gid=0(root) groups=0(root)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1373781] Re: bash incomplete fix for CVE-2014-6271
@dino99: both your test cases look good to me. What results were you
expecting?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1373781
Title:
bash incomplete fix for CVE-2014-6271
Status in “bash” package in Ubuntu:
Fix Released
Status in “bash” source package in Lucid:
Fix Released
Status in “bash” source package in Precise:
Fix Released
Status in “bash” source package in Trusty:
Fix Released
Status in “bash” source package in Utopic:
Fix Released
Bug description:
The fixes for CVE-2014-6271 do NOT work! Security vuln, but should be
public, this is known already.
Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.1
Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.2
Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.1
Testcase:
rm -f echo env -i X='() { (a)=\' bash -c 'echo id'; cat echo
expected output:
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
id
actual output:
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
uid=0(root) gid=0(root) groups=0(root)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1373781] Re: bash incomplete fix for CVE-2014-6271
do you perhaps have a left-over file called 'echo' in that directory?
If so, you need to delete it before running the test.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1373781
Title:
bash incomplete fix for CVE-2014-6271
Status in “bash” package in Ubuntu:
Fix Released
Status in “bash” source package in Lucid:
Fix Released
Status in “bash” source package in Precise:
Fix Released
Status in “bash” source package in Trusty:
Fix Released
Status in “bash” source package in Utopic:
Fix Released
Bug description:
The fixes for CVE-2014-6271 do NOT work! Security vuln, but should be
public, this is known already.
Ubuntu 14.04 LTS: bash 4.3-7ubuntu1.1
Ubuntu 12.04 LTS: bash 4.2-2ubuntu2.2
Ubuntu 10.04 LTS: bash 4.1-2ubuntu3.1
Testcase:
rm -f echo env -i X='() { (a)=\' bash -c 'echo id'; cat echo
expected output:
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
id
actual output:
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
uid=0(root) gid=0(root) groups=0(root)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1373781/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1374375] Re: CVE-2014-7186: bash crashed with SIGSEGV in list_reverse()
This is now fixed: http://www.ubuntu.com/usn/usn-2364-1/ ** Changed in: bash (Ubuntu Precise) Status: Confirmed = Fix Released ** Changed in: bash (Ubuntu Trusty) Status: Confirmed = Fix Released ** Changed in: bash (Ubuntu Lucid) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1374375 Title: CVE-2014-7186: bash crashed with SIGSEGV in list_reverse() Status in “bash” package in Ubuntu: Fix Committed Status in “bash” source package in Lucid: Fix Released Status in “bash” source package in Precise: Fix Released Status in “bash” source package in Trusty: Fix Released Status in “bash” source package in Utopic: Fix Committed Bug description: Reproduced with bash -c 'true EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF' http://seclists.org/oss-sec/2014/q3/712 ProblemType: Crash DistroRelease: Ubuntu 14.10 Package: bash 4.3-9ubuntu2 ProcVersionSignature: Ubuntu 3.16.0-17.23-generic 3.16.3 Uname: Linux 3.16.0-17-generic x86_64 NonfreeKernelModules: openafs ApportVersion: 2.14.7-0ubuntu2 Architecture: amd64 CurrentDesktop: GNOME Date: Fri Sep 26 05:42:50 2014 EcryptfsInUse: Yes ExecutablePath: /bin/bash InstallationDate: Installed on 2014-08-22 (35 days ago) InstallationMedia: Ubuntu-GNOME 14.10 Utopic Unicorn - Alpha amd64 (20140730) ProcCmdline: bash -c true\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF SegvAnalysis: Segfault happened at: 0x46cfc3 list_reverse+19:mov(%rax),%rdx PC (0x0046cfc3) ok source (%rax) (0x3c3c20464f453c3c) not located in a known VMA region (needed readable region)! destination %rdx ok SegvReason: reading unknown VMA Signal: 11 SourcePackage: bash StacktraceTop: list_reverse () clean_simple_command () yyparse () parse_command () parse_and_execute () Title: bash crashed with SIGSEGV in list_reverse() UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm bumblebee cdrom dip libvirtd lpadmin plugdev sambashare sudo wireshark modified.conffile..etc.bash.bashrc: [modified] mtime.conffile..etc.bash.bashrc: 2014-03-27T19:05:55 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1374375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1374375] Re: CVE-2014-7186: bash crashed with SIGSEGV in list_reverse()
** Changed in: bash (Ubuntu Utopic) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1374375 Title: CVE-2014-7186: bash crashed with SIGSEGV in list_reverse() Status in “bash” package in Ubuntu: Fix Released Status in “bash” source package in Lucid: Fix Released Status in “bash” source package in Precise: Fix Released Status in “bash” source package in Trusty: Fix Released Status in “bash” source package in Utopic: Fix Released Bug description: Reproduced with bash -c 'true EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF' http://seclists.org/oss-sec/2014/q3/712 ProblemType: Crash DistroRelease: Ubuntu 14.10 Package: bash 4.3-9ubuntu2 ProcVersionSignature: Ubuntu 3.16.0-17.23-generic 3.16.3 Uname: Linux 3.16.0-17-generic x86_64 NonfreeKernelModules: openafs ApportVersion: 2.14.7-0ubuntu2 Architecture: amd64 CurrentDesktop: GNOME Date: Fri Sep 26 05:42:50 2014 EcryptfsInUse: Yes ExecutablePath: /bin/bash InstallationDate: Installed on 2014-08-22 (35 days ago) InstallationMedia: Ubuntu-GNOME 14.10 Utopic Unicorn - Alpha amd64 (20140730) ProcCmdline: bash -c true\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF\ EOF SegvAnalysis: Segfault happened at: 0x46cfc3 list_reverse+19:mov(%rax),%rdx PC (0x0046cfc3) ok source (%rax) (0x3c3c20464f453c3c) not located in a known VMA region (needed readable region)! destination %rdx ok SegvReason: reading unknown VMA Signal: 11 SourcePackage: bash StacktraceTop: list_reverse () clean_simple_command () yyparse () parse_command () parse_and_execute () Title: bash crashed with SIGSEGV in list_reverse() UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm bumblebee cdrom dip libvirtd lpadmin plugdev sambashare sudo wireshark modified.conffile..etc.bash.bashrc: [modified] mtime.conffile..etc.bash.bashrc: 2014-03-27T19:05:55 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1374375/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1375271] Re: desktop or other past screen contents visible before lockscreen on resume
What desktop environment are you using? ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity in Ubuntu. https://bugs.launchpad.net/bugs/1375271 Title: desktop or other past screen contents visible before lockscreen on resume Status in Compiz: New Status in GNOME Screensaver: New Status in Unity: New Status in “unity” package in Ubuntu: New Bug description: This appears to be a regression in 14.10 sometime in September 2014. The behavior appears similar to this bug from 2011: https://bugs.launchpad.net/unity-2d/+bug/830348 On resume from suspend, screen contents are displayed for a brief time (perhaps 0.5 to 1 sec) before the lock dialog appears. These screen contents are not always the desktop or open application beneath the lock screen. On at least one occasion, the screen showed content from a full-screen video that had been playing in Firefox some time before the computer had been suspended: neither the video nor its underlying tab were open anymore, so the image(s) was likely part of a buffer somewhere. (Needless to say, if the wrong full-screen video had been watched, depending on the setting, this could be a quite serious issue for some users). I have not exhaustively tested conditions in which this appears. However, just now, the bug did not appear when keeping the lid open, suspending, and then resuming with the power button. But when suspending from menu, closing the lid, then opening the lid and moving the mouse, the screen displayed contents before showing the lock dialog. The image displayed was of the desktop (with this bug reporting window) and showed the suspend item in the power menu being highlighted/clicked. ProblemType: Bug DistroRelease: Ubuntu 14.10 Package: unity 7.3.1+14.10.20140915-0ubuntu1 ProcVersionSignature: Ubuntu 3.16.0-18.25-generic 3.16.3 Uname: Linux 3.16.0-18-generic x86_64 ApportVersion: 2.14.7-0ubuntu2 Architecture: amd64 CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins' CurrentDesktop: Unity Date: Mon Sep 29 08:38:57 2014 InstallationDate: Installed on 2014-08-10 (50 days ago) InstallationMedia: Ubuntu 14.04.1 LTS Trusty Tahr - Release amd64 (20140722.2) SourcePackage: unity UpgradeStatus: Upgraded to utopic on 2014-08-10 (50 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/compiz/+bug/1375271/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1376447] [NEW] When forcing TLSv1.2, the cipher list is truncated
*** This bug is a security vulnerability *** Public security bug reported: Back in 2012, enabling TLSv1.2 would break connecting to certain servers. This was worked around in two ways in Ubuntu 12.04 LTS: - OPENSSL_MAX_TLS1_2_CIPHER_LENGTH was set to 50, so that the cipher list sent would be truncated and wouldn't cause failures when connecting to certain servers that couldn't handle 256 bytes - OPENSSL_NO_TLS1_2_CLIENT was set to disable TLSv1.2 for clients by default Although TLSv1.2 is disabled by default for clients, if it is forced, the cipher list gets truncated. This will cause the following issues: - Important ciphers may get dropped - Secure renegotiation breaks Ubuntu 14.04 LTS shipped with TLSv1.2 turned on by default, and two years later a lot of problematic equipment has been replaced or upgraded. ** Affects: openssl (Ubuntu) Importance: Undecided Status: Invalid ** Affects: openssl (Ubuntu Precise) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Also affects: openssl (Ubuntu Precise) Importance: Undecided Status: New ** Changed in: openssl (Ubuntu) Status: New = Invalid ** Changed in: openssl (Ubuntu Precise) Status: New = Confirmed ** Changed in: openssl (Ubuntu Precise) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1376447 Title: When forcing TLSv1.2, the cipher list is truncated Status in “openssl” package in Ubuntu: Invalid Status in “openssl” source package in Precise: Confirmed Bug description: Back in 2012, enabling TLSv1.2 would break connecting to certain servers. This was worked around in two ways in Ubuntu 12.04 LTS: - OPENSSL_MAX_TLS1_2_CIPHER_LENGTH was set to 50, so that the cipher list sent would be truncated and wouldn't cause failures when connecting to certain servers that couldn't handle 256 bytes - OPENSSL_NO_TLS1_2_CLIENT was set to disable TLSv1.2 for clients by default Although TLSv1.2 is disabled by default for clients, if it is forced, the cipher list gets truncated. This will cause the following issues: - Important ciphers may get dropped - Secure renegotiation breaks Ubuntu 14.04 LTS shipped with TLSv1.2 turned on by default, and two years later a lot of problematic equipment has been replaced or upgraded. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1376447/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1376447] Re: When forcing TLSv1.2, the cipher list is truncated
This is brought to our attention here: https://twitter.com/andreasdotorg/status/517328756365873152 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1376447 Title: When forcing TLSv1.2, the cipher list is truncated Status in “openssl” package in Ubuntu: Invalid Status in “openssl” source package in Precise: Confirmed Bug description: Back in 2012, enabling TLSv1.2 would break connecting to certain servers. This was worked around in two ways in Ubuntu 12.04 LTS: - OPENSSL_MAX_TLS1_2_CIPHER_LENGTH was set to 50, so that the cipher list sent would be truncated and wouldn't cause failures when connecting to certain servers that couldn't handle 256 bytes - OPENSSL_NO_TLS1_2_CLIENT was set to disable TLSv1.2 for clients by default Although TLSv1.2 is disabled by default for clients, if it is forced, the cipher list gets truncated. This will cause the following issues: - Important ciphers may get dropped - Secure renegotiation breaks Ubuntu 14.04 LTS shipped with TLSv1.2 turned on by default, and two years later a lot of problematic equipment has been replaced or upgraded. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1376447/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1256576] Re: Ubuntu 12.04 LTS: OpenSSL downlevel version is 1.0.0, and does not support TLS 1.2
That USN doesn't re-enable TLSv1.2 by default for clients in Ubuntu 12.04. It simply fixes an issue if someone _forced_ TLSv1.2 to be enabled. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1256576 Title: Ubuntu 12.04 LTS: OpenSSL downlevel version is 1.0.0, and does not support TLS 1.2 Status in “openssl” package in Ubuntu: Fix Released Bug description: The long term support version of Ubuntu 12.04 provides OpenSSL 1.0.0. A wireshark trace shows the version of OpenSSL used by Ubuntu does not support TLS 1.2. According to the change logs, TLS 1.2 support was added 14 March 2012. The change log can be found at http://www.openssl.org/news/changelog.html, and the TLS additions can be found under the heading Changes between 1.0.0h and 1.0.1. $ ldd /usr/lib/x86_64-linux-gnu/libssl.so linux-vdso.so.1 = (0x7fffd9d84000) libcrypto.so.1.0.0 = /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x7f1e0691e000) libc.so.6 = /lib/x86_64-linux-gnu/libc.so.6 (0x7f1e0655e000) libdl.so.2 = /lib/x86_64-linux-gnu/libdl.so.2 (0x7f1e06359000) libz.so.1 = /lib/x86_64-linux-gnu/libz.so.1 (0x7f1e06142000) /lib64/ld-linux-x86-64.so.2 (0x7f1e06f6d000) *** OpenSSL 1.0.1 is compatible with 1.0.0. From the OpenSSL FAQ (http://www.openssl.org/support/faq.html): 8. How does the versioning scheme work? After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter releases (e.g. 1.0.1a) can only contain bug and security fixes and no new features. Minor releases change the last number (e.g. 1.0.2) and can contain new features that retain binary compatibility. Changes to the middle number are considered major releases and neither source nor binary compatibility is guaranteed. ** By the way, its nearly impossible to file a bug report through the launch pad. The maze that's been created is impossible to navigate, and its worse than one of those phone menu systems. I had to look up the URL to file at http://www.cryptopp.com/wiki/Talk:Linux. Great job to the designers of the system. Its probably the same idiots who thought a tablet manager was a great idea on the desktop.. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1256576/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1378680] Re: Insecure tempfile handling
Thanks for the debdiffs, I'll prepare security updates. ** Changed in: apt (Ubuntu Trusty) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: apt (Ubuntu Precise) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: apt (Ubuntu Precise) Status: New = Confirmed ** Changed in: apt (Ubuntu Trusty) Status: New = Confirmed ** Changed in: apt (Ubuntu Precise) Importance: Undecided = Medium ** Changed in: apt (Ubuntu Trusty) Importance: Undecided = Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1378680 Title: Insecure tempfile handling Status in “apt” package in Ubuntu: In Progress Status in “apt” source package in Precise: Confirmed Status in “apt” source package in Trusty: Confirmed Status in “apt” source package in Utopic: In Progress Status in “apt” package in Debian: Fix Released Bug description: Apt creates the tempfile for apt-get changelog in a insecure fashion. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780 for the details To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1378680/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1378680] Re: Insecure tempfile handling
http://www.ubuntu.com/usn/usn-2370-1/ ** Changed in: apt (Ubuntu Precise) Status: Confirmed = Fix Released ** Changed in: apt (Ubuntu Trusty) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1378680 Title: Insecure tempfile handling Status in “apt” package in Ubuntu: In Progress Status in “apt” source package in Precise: Fix Released Status in “apt” source package in Trusty: Fix Released Status in “apt” source package in Utopic: In Progress Status in “apt” package in Debian: Fix Released Bug description: Apt creates the tempfile for apt-get changelog in a insecure fashion. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780 for the details To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1378680/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 244250] Re: Spurious reboot notifications caused by libssl upgrades.
@khaled-blah: yes, on a server, it should do the usual and add a reboot required blurb to the motd. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/244250 Title: Spurious reboot notifications caused by libssl upgrades. Status in “openssl” package in Ubuntu: Fix Released Bug description: The postinst script for libssl0.9.8 currently has a bug where it sends a reboot notifcation whenever libssl is configured. So reconfiguring libssl0.9.8 or even just installing libssl0.9.8 will result in a reboot notification. Sending of the reboot notification should definitely be moved inside the upgrading guard. The correct fix is likely to move it inside a version comparison guard for particular important updates like Colin suggests below -- this is what every other standard package using notify-reboot-required does. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/244250/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1389283] [NEW] dh-python 1.20141026-1ubuntu1 incorrectly handles gi package names
Public bug reported: 1.20141026-1ubuntu1 introduced support for guessing dependencies from the egginfo file: * Add support for guessing dependencies from egg-info files (closes: 756378) But this is mishandling gi.introspection dependencies. The pasaffe package, which compiles fine on Utopic, is now adding bogus dependencies to the vivid package: From the egg-info file: Requires: gi.repository.GLib Requires: gi.repository.GObject Requires: gi.repository.Gdk Requires: gi.repository.Gio Requires: gi.repository.Gtk Requires: gi.repository.Pango From the build log: dh_python3 -O--buildsystem=pybuild I: dh_python3 pydist:183: Cannot find installed package that provides gi.repository.glib. Using python3-gi.repository.glib as package name. Please add gi.repository.glib correct_package_name line to debian/py3dist-overrides to override it IF this is incorrect. I: dh_python3 pydist:183: Cannot find installed package that provides gi.repository.gobject. Using python3-gi.repository.gobject as package name. Please add gi.repository.gobject correct_package_name line to debian/py3dist-overrides to override it IF this is incorrect. I: dh_python3 pydist:183: Cannot find installed package that provides gi.repository.gdk. Using python3-gi.repository.gdk as package name. Please add gi.repository.gdk correct_package_name line to debian/py3dist-overrides to override it IF this is incorrect. I: dh_python3 pydist:183: Cannot find installed package that provides gi.repository.gio. Using python3-gi.repository.gio as package name. Please add gi.repository.gio correct_package_name line to debian/py3dist-overrides to override it IF this is incorrect. I: dh_python3 pydist:183: Cannot find installed package that provides gi.repository.gtk. Using python3-gi.repository.gtk as package name. Please add gi.repository.gtk correct_package_name line to debian/py3dist-overrides to override it IF this is incorrect. I: dh_python3 pydist:183: Cannot find installed package that provides gi.repository.pango. Using python3-gi.repository.pango as package name. Please add gi.repository.pango correct_package_name line to debian/py3dist-overrides to override it IF this is incorrect. ** Affects: dh-python (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dh-python in Ubuntu. https://bugs.launchpad.net/bugs/1389283 Title: dh-python 1.20141026-1ubuntu1 incorrectly handles gi package names Status in “dh-python” package in Ubuntu: New Bug description: 1.20141026-1ubuntu1 introduced support for guessing dependencies from the egginfo file: * Add support for guessing dependencies from egg-info files (closes: 756378) But this is mishandling gi.introspection dependencies. The pasaffe package, which compiles fine on Utopic, is now adding bogus dependencies to the vivid package: From the egg-info file: Requires: gi.repository.GLib Requires: gi.repository.GObject Requires: gi.repository.Gdk Requires: gi.repository.Gio Requires: gi.repository.Gtk Requires: gi.repository.Pango From the build log: dh_python3 -O--buildsystem=pybuild I: dh_python3 pydist:183: Cannot find installed package that provides gi.repository.glib. Using python3-gi.repository.glib as package name. Please add gi.repository.glib correct_package_name line to debian/py3dist-overrides to override it IF this is incorrect. I: dh_python3 pydist:183: Cannot find installed package that provides gi.repository.gobject. Using python3-gi.repository.gobject as package name. Please add gi.repository.gobject correct_package_name line to debian/py3dist-overrides to override it IF this is incorrect. I: dh_python3 pydist:183: Cannot find installed package that provides gi.repository.gdk. Using python3-gi.repository.gdk as package name. Please add gi.repository.gdk correct_package_name line to debian/py3dist-overrides to override it IF this is incorrect. I: dh_python3 pydist:183: Cannot find installed package that provides gi.repository.gio. Using python3-gi.repository.gio as package name. Please add gi.repository.gio correct_package_name line to debian/py3dist-overrides to override it IF this is incorrect. I: dh_python3 pydist:183: Cannot find installed package that provides gi.repository.gtk. Using python3-gi.repository.gtk as package name. Please add gi.repository.gtk correct_package_name line to debian/py3dist-overrides to override it IF this is incorrect. I: dh_python3 pydist:183: Cannot find installed package that provides gi.repository.pango. Using python3-gi.repository.pango as package name. Please add gi.repository.pango correct_package_name line to debian/py3dist-overrides to override it IF this is incorrect. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dh-python/+bug/1389283/+subscriptions -- Mailing list:
[Touch-packages] [Bug 1387734] Re: Location service uses the cached authorization, even if the user denied location access to an app
This is CVE-2014-1422 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-1422 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to location-service in Ubuntu. https://bugs.launchpad.net/bugs/1387734 Title: Location service uses the cached authorization, even if the user denied location access to an app Status in trust-store: Confirmed Status in “location-service” package in Ubuntu: Invalid Status in “trust-store” package in Ubuntu: Confirmed Status in “trust-store” package in Ubuntu RTM: Confirmed Bug description: The bug occurs after removing location access authorization to an application. The location is still available to the application, despite the user having revoked access from within USS Privacy Location. To reproduce: 1. Open a map application, like Here map 2. Allow access to location 3. Switch to System Settings Privacy Location 4. Disable location access for Maps 5. Kill Here map, and restart it What should happen: you should not have access anymore (and should not see a prompt) What happens instead: the app still has access to your location, as shown in the logs: I1030 16:15:38.167752 3100 cached_agent_glog_reporter.cpp:32] CachedAgent::authenticate_request_with_parameters: Application pid: 27975 Application uid: 32011 Application id: com.nokia.heremaps_here Cached request: Request(from: com.nokia.heremaps_here, feature: 0, when: 1414682114882519283, answer: granted) I confirmed that the trust store had recorded the authorization change as in: phablet@ubuntu-phablet:~$ sqlite3 ~/.local/share/UbuntuLocationService/trust.db select * from requests 1|unconfined|0|1414098093331252474|1 2|com.nokia.heremaps_here|0|1414682114882519283|1 3|com.nokia.heremaps_here|0|1414682131206341515|0 To manage notifications about this bug go to: https://bugs.launchpad.net/trust-store/+bug/1387734/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1390592] Re: 'ptrace peer=@{profile_name}' does not work on 14.04 (at least) with docker
This is CVE-2014-1424
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1424
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1390592
Title:
'ptrace peer=@{profile_name}' does not work on 14.04 (at least) with
docker
Status in “apparmor” package in Ubuntu:
Fix Released
Status in “apparmor” source package in Trusty:
In Progress
Bug description:
I was helping a docker user out in #apparmor on OFTC and I think we
found a kernel bug in the 14.04 kernel (14.10 kernel seems fine, see
below).
Workaround: install the https://launchpad.net/ubuntu/+source/linux-
lts-utopic kernel.
$ cat /proc/version_signature
Ubuntu 3.13.0-37.64-generic 3.13.11.7
Steps to reproduce:
1. adjust /etc/apparmor.d/abstractions/base to have:
ptrace peer=@{profile_name},
2. sudo apt-get install docker.io
3. sudo docker pull ubuntu:trusty
4. Run 'ps' inside docker:
$ sudo docker run -i -t ubuntu:trusty bash
root@5039d725a41d:/# ps
...
root@5039d725a41d:/# exit
$
Then observe the following denials on the host, which should have been
addressed in the rule added in step 1:
Nov 7 13:43:42 sec-trusty-amd64 kernel: [24258.018580] type=1400
audit(1415389422.303:68): apparmor=DENIED operation=ptrace
profile=docker-default pid=27542 comm=ps requested_mask=trace
denied_mask=trace peer=docker-default
Nov 7 13:43:42 sec-trusty-amd64 kernel: [24258.020832] type=1400
audit(1415389422.307:69): apparmor=DENIED operation=ptrace
profile=docker-default pid=27542 comm=ps requested_mask=read
denied_mask=read peer=docker-default
Nov 7 13:43:42 sec-trusty-amd64 kernel: [24258.020893] type=1400
audit(1415389422.307:70): apparmor=DENIED operation=ptrace
profile=docker-default pid=27542 comm=ps requested_mask=read
denied_mask=read peer=docker-default
Using 'ptrace peer=docker-default,' also did not work. Ubuntu 14.10
works as expected (note, the policy is different on 14.10 and it
already has the rule from step 1). Ubuntu 14.04 with the linux-lts-
utopic backport kernel also works (from trusty-proposed: sudo apt-get
install linux-headers-3.16.0-25-generic linux-image-3.16.0-25-generic
linux-image-extra-3.16.0-25-generic).
Note, docker is different than most applications in that it embeds its
policy inside the docker binary and this binary when launched as a
daemon (ie, via the upstart job) will unconditionally write out the
policy to /etc/apparmor.d/docker-default. As such, to modify the
policy:
0. install docker.io and pull a trusty image # only has to be done once
1. update /etc/apparmor.d/abstractions/base to have the new ptrace rules
2. sudo stop docker.io # 'docker' on 14.10
3. sudo apparmor_parser -R /etc/apparmor.d/docker
4. sudo rm -f /etc/apparmor.d/docker /etc/apparmor.d/cache/docker
5. sudo start docker.io # 'docker' on 14.10
6. Run 'ps' inside docker:
$ sudo docker run -i -t ubuntu:trusty bash
root@5039d725a41d:/# ps
...
root@5039d725a41d:/# exit
$
(Docker just added a way to specify an alternate existing profile in
https://docs.docker.com/reference/run/#security-configuration).
Reference: https://github.com/docker/docker/issues/7276
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1390592/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1392380] Re: OA gives out all tokens to any app
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to signon in Ubuntu. https://bugs.launchpad.net/bugs/1392380 Title: OA gives out all tokens to any app Status in “signon” package in Ubuntu: Confirmed Bug description: The attached app will steal all your tokens. All it takes is the accounts permission in the apparmor file. Here's the code: https://pastebin.canonical.com/120398/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/signon/+bug/1392380/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1390430] Re: package evolution-data-server 3.10.4-0ubuntu1.5 failed to install/upgrade: problemi con le dipendenze - lasciato non configurato
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a regular (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to evolution-data-server in Ubuntu. https://bugs.launchpad.net/bugs/1390430 Title: package evolution-data-server 3.10.4-0ubuntu1.5 failed to install/upgrade: problemi con le dipendenze - lasciato non configurato Status in “evolution-data-server” package in Ubuntu: New Bug description: The problem compare everyone I switch on my pc ProblemType: Package DistroRelease: Ubuntu 14.04 Package: evolution-data-server 3.10.4-0ubuntu1.5 ProcVersionSignature: Ubuntu 3.13.0-40.68-generic 3.13.11.10 Uname: Linux 3.13.0-40-generic i686 ApportVersion: 2.14.1-0ubuntu3.6 Architecture: i386 Date: Thu Nov 6 15:08:41 2014 ErrorMessage: problemi con le dipendenze - lasciato non configurato InstallationDate: Installed on 2012-12-07 (699 days ago) InstallationMedia: Ubuntu 12.10 Quantal Quetzal - Release i386 (20121017.2) SourcePackage: evolution-data-server Title: package evolution-data-server 3.10.4-0ubuntu1.5 failed to install/upgrade: problemi con le dipendenze - lasciato non configurato UpgradeStatus: Upgraded to trusty on 2014-05-16 (175 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/evolution-data-server/+bug/1390430/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1393172] Re: [VGN-G2ABPS, Realtek ALC262, Black Headphone Out, Front] No sound at all
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a regular (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1393172 Title: [VGN-G2ABPS, Realtek ALC262, Black Headphone Out, Front] No sound at all Status in “alsa-driver” package in Ubuntu: New Bug description: my front side speaker some time does not work when i connect with headphone then work properly. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: alsa-base 1.0.25+dfsg-0ubuntu4 ProcVersionSignature: Ubuntu 3.13.0-39.66-generic 3.13.11.8 Uname: Linux 3.13.0-39-generic i686 ApportVersion: 2.14.1-0ubuntu3.5 Architecture: i386 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: monir 1767 F pulseaudio CurrentDesktop: Unity Date: Sun Nov 16 17:41:42 2014 InstallationDate: Installed on 2014-08-28 (79 days ago) InstallationMedia: Ubuntu 14.04.1 LTS Trusty Tahr - Release i386 (20140722.2) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaPlaybackTest: ALSA playback test through plughw:Intel successful Symptom_Card: Built-in Audio - HDA Intel Symptom_DevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: monir 1767 F pulseaudio Symptom_Jack: Black Headphone Out, Front Symptom_PulsePlaybackTest: PulseAudio playback test successful Symptom_Type: No sound at all Title: [VGN-G2ABPS, Realtek ALC262, Black Headphone Out, Front] No sound at all UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 02/07/2008 dmi.bios.vendor: Phoenix Technologies LTD dmi.bios.version: R0031N9 dmi.board.asset.tag: N/A dmi.board.name: VAIO dmi.board.vendor: Sony Corporation dmi.board.version: N/A dmi.chassis.type: 10 dmi.chassis.vendor: Sony Corporation dmi.chassis.version: N/A dmi.modalias: dmi:bvnPhoenixTechnologiesLTD:bvrR0031N9:bd02/07/2008:svnSonyCorporation:pnVGN-G2ABPS:pvrJ003MUHA:rvnSonyCorporation:rnVAIO:rvrN/A:cvnSonyCorporation:ct10:cvrN/A: dmi.product.name: VGN-G2ABPS dmi.product.version: J003MUHA dmi.sys.vendor: Sony Corporation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1393172/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1390183] Re: EFI directory is insecure by default
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mountall in Ubuntu. https://bugs.launchpad.net/bugs/1390183 Title: EFI directory is insecure by default Status in “mountall” package in Ubuntu: Fix Released Status in “partman-efi” package in Ubuntu: Confirmed Bug description: The EFI directory on UEFI/GPT installations (/boot/efi) is insecure by default. It has permissions/mode 0777 (rwx for all). This makes the directory very vulnerable to tampering. Although it may be possible to repair damage to this directory externally if the system becomes unbootable due to such damage, having to do this is undesirable and usually not easy for most users. Distributions other than Ubuntu may also be having this issue, I have not checked, but some distributions enable secure permissions by default (e.g., Fedora). One (or maybe the only) reason for the default configuration being the way it is may be that the EFI partition uses a FAT file system. However, enabling a umask through /etc/fstab as in Fedora, e.g., umask=0077, should make it much more secure. Ubuntu 14.10 Utopic Unicorn (x86_64/amd64) Expected default configuration:- A critical system directory such as /boot/efi should be inaccessible to non-root users by default. Actual default configuration:- The EFI directory /boot/efi is accessible to all users irrespective of the user account's privileges (permission mode 0777/rwxrwxrwx). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/1390183/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1390183] Re: EFI directory is insecure by default
** Bug watch added: Debian Bug tracker #770033 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770033 ** Also affects: partman-efi (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770033 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mountall in Ubuntu. https://bugs.launchpad.net/bugs/1390183 Title: EFI directory is insecure by default Status in “mountall” package in Ubuntu: Fix Released Status in “partman-efi” package in Ubuntu: Confirmed Status in “partman-efi” package in Debian: Unknown Bug description: The EFI directory on UEFI/GPT installations (/boot/efi) is insecure by default. It has permissions/mode 0777 (rwx for all). This makes the directory very vulnerable to tampering. Although it may be possible to repair damage to this directory externally if the system becomes unbootable due to such damage, having to do this is undesirable and usually not easy for most users. Distributions other than Ubuntu may also be having this issue, I have not checked, but some distributions enable secure permissions by default (e.g., Fedora). One (or maybe the only) reason for the default configuration being the way it is may be that the EFI partition uses a FAT file system. However, enabling a umask through /etc/fstab as in Fedora, e.g., umask=0077, should make it much more secure. Ubuntu 14.10 Utopic Unicorn (x86_64/amd64) Expected default configuration:- A critical system directory such as /boot/efi should be inaccessible to non-root users by default. Actual default configuration:- The EFI directory /boot/efi is accessible to all users irrespective of the user account's privileges (permission mode 0777/rwxrwxrwx). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/1390183/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1390183] Re: EFI directory is insecure by default
Thanks for reporting it! :) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mountall in Ubuntu. https://bugs.launchpad.net/bugs/1390183 Title: EFI directory is insecure by default Status in “mountall” package in Ubuntu: Fix Released Status in “partman-efi” package in Ubuntu: Fix Released Status in “partman-efi” package in Debian: Unknown Bug description: The EFI directory on UEFI/GPT installations (/boot/efi) is insecure by default. It has permissions/mode 0777 (rwx for all). This makes the directory very vulnerable to tampering. Although it may be possible to repair damage to this directory externally if the system becomes unbootable due to such damage, having to do this is undesirable and usually not easy for most users. Distributions other than Ubuntu may also be having this issue, I have not checked, but some distributions enable secure permissions by default (e.g., Fedora). One (or maybe the only) reason for the default configuration being the way it is may be that the EFI partition uses a FAT file system. However, enabling a umask through /etc/fstab as in Fedora, e.g., umask=0077, should make it much more secure. Ubuntu 14.10 Utopic Unicorn (x86_64/amd64) Expected default configuration:- A critical system directory such as /boot/efi should be inaccessible to non-root users by default. Actual default configuration:- The EFI directory /boot/efi is accessible to all users irrespective of the user account's privileges (permission mode 0777/rwxrwxrwx). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/1390183/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1391296] Re: 14.10: NFS drives in fstab not mounted automatically
*** This bug is a duplicate of bug 1384502 *** https://bugs.launchpad.net/bugs/1384502 ** This bug has been marked a duplicate of bug 1384502 fstab entry for nfs /home fails to mount on boot -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mountall in Ubuntu. https://bugs.launchpad.net/bugs/1391296 Title: 14.10: NFS drives in fstab not mounted automatically Status in “mountall” package in Ubuntu: Confirmed Bug description: After upgrading to 14.10 (fresh install) my NFS drive does no longer mounts automatically at boot when the network is up and running. Manually running mount -a mounts the drive as expected and hacking a mount -a command into mountall-net.conf makes my system function normally again. Trying to manually to killall -USR1 mountall does not work. ProblemType: Bug DistroRelease: Ubuntu 14.10 Package: mountall 2.54build1 ProcVersionSignature: Ubuntu 3.16.0-24.32-generic 3.16.4 Uname: Linux 3.16.0-24-generic x86_64 ApportVersion: 2.14.7-0ubuntu8 Architecture: amd64 CurrentDesktop: Unity Date: Mon Nov 10 20:37:39 2014 EcryptfsInUse: Yes InstallationDate: Installed on 2014-11-09 (1 days ago) InstallationMedia: Ubuntu 14.10 Utopic Unicorn - Release amd64 (20141022.1) ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-3.16.0-24-generic root=UUID=e1197618-b55d-40d3-9b81-df2dcb847c1f ro quiet splash vt.handoff=7 SourcePackage: mountall UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.init.mountall.net.conf: 2014-11-10T20:26:00.795161 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/1391296/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1389164] Re: Ubuntu 14.10 ppc64le not automatically mounting NFS mounts in /etc/fstab
*** This bug is a duplicate of bug 1384502 *** https://bugs.launchpad.net/bugs/1384502 ** This bug has been marked a duplicate of bug 1384502 fstab entry for nfs /home fails to mount on boot -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mountall in Ubuntu. https://bugs.launchpad.net/bugs/1389164 Title: Ubuntu 14.10 ppc64le not automatically mounting NFS mounts in /etc/fstab Status in “mountall” package in Ubuntu: New Bug description: Problem Description It seems the remote mounts in my /etc/fstab file are not being automatically mounted at bootup with ppc64le Ubuntu 14.10. This leads to some of my upstart scripts not running because they require certain mounts being available. I can give access to the machine via SSH key or password. Using mount -a or any other mount command works just fine after bootup. I don't personally notice a problem in logs with mounts. The machine is a VM hosted on a Power8 PowerKVM system running: # uname -a Linux kvm10d724t.rtp.raleigh.ibm.com 3.10.23-1700.pkvm2_1.2.ppc64 #1 SMP Mon Jun 2 20:14:25 CDT 2014 ppc64 ppc64 ppc64 GNU/Linux # cat /etc/base-release IBM_PowerKVM release 2.1.0 build 18 Service (pkvm2_1) VM details: # uname -a Linux cit607 3.16.0-20-generic #27-Ubuntu SMP Wed Oct 1 17:24:38 UTC 2014 ppc64le ppc64le ppc64le GNU/Linux # cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=14.10 DISTRIB_CODENAME=utopic DISTRIB_DESCRIPTION=Ubuntu Utopic Unicorn (development branch) If I recall correctly, we installed the 141002 daily build of Utopic Unicorn (14.10). I have implemented a workaround for now. I updated /etc/fstab to use IP addresses instead of names, put mount -a as the first non- commented line in /etc/init.d/mountnfs.sh and updated the crontab to run the jobs I had in the upstart configs. This works until the problem is fixed. ---uname output--- Linux cit607 3.16.0-20-generic #27-Ubuntu SMP Wed Oct 1 17:24:38 UTC 2014 ppc64le ppc64le ppc64le GNU/Linux Machine Type = ppc64le Steps to Reproduce = Without the workaround implemented and NFS mounts in your /etc/fstab, boot up the machine. It should be evident the mount points aren't there with df -h. == Comment: #3 - Breno Henrique Leitao bren...@br.ibm.com - == I was able to reproduce this problem. NFS is not mounted automatically, but it is when you run 'mount -a'. I also toggled ASYNCMOUNTNFS in /etc/defaults/rcS and no luck. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/1389164/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1384502] Re: fstab entry for nfs /home fails to mount on boot
Ok, I've investigated this, and it turn out: statd-mounting.conf intercepts nfs mounts and waits for the statd daemon to be run statd.conf starts on (virtual-filesystems and started portmap ON_BOOT=y) rpcbind.conf is what emits the started portmap event: # For compatibility with older upstart jobs in Ubuntu post-start exec initctl emit --no-wait started JOB=portmap ON_BOOT=$ON_BOOT pre-stop exec initctl emit --no-wait stopping JOB=portmap But, to actually work with upstart in 14.10, the INSTANCE variable has to be added, like so: # For compatibility with older upstart jobs in Ubuntu post-start exec initctl emit --no-wait started JOB=portmap INSTANCE='' ON_BOOT=$ON_BOOT pre-stop exec initctl emit --no-wait stopping JOB=portmap INSTANCE='' -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mountall in Ubuntu. https://bugs.launchpad.net/bugs/1384502 Title: fstab entry for nfs /home fails to mount on boot Status in “mountall” package in Ubuntu: Triaged Bug description: i'm uncertain exactly when this issue started as we use cfengine (verifies all expected mounts in place, manually mounts those that are not). from a note i have i believe it goes back as far as lucid. the symptom is that an /etc/fstab entry for an nfs-mounted /home is not mounted during the system boot. once the system is network- accessible, manually running `mount -tnfs -av` as root (or using cfengine or any number of other solutions) is sufficient. per lp#836533 i added --verbose to /etc/init/mountall.conf and will attach the resulting /var/log/upstart/mountall.log and /etc/network/interfaces. the smoking gun appears to be: mount.nfs: Failed to resolve server nfs-home: Temporary failure in name resolution ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: mountall 2.53 ProcVersionSignature: Ubuntu 3.13.0-38.65.lp1383921-generic 3.13.11.8 Uname: Linux 3.13.0-38.65-generic x86_64 .run.mount.utab: ApportVersion: 2.14.1-0ubuntu3.5 Architecture: amd64 Date: Wed Oct 22 16:35:47 2014 ProcEnviron: TERM=rxvt-unicode-256color PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/usr/bin/zsh ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-3.13.0-38.65-generic root=/dev/md0 ro consoleblank=0 console=tty0 console=ttyS2,115200n8 nomdmonddf nomdmonisw bootdegraded=true SourcePackage: mountall UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/1384502/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1389164] Re: Ubuntu 14.10 ppc64le not automatically mounting NFS mounts in /etc/fstab
** This bug is no longer a duplicate of bug 1384502 fstab entry for nfs /home fails to mount on boot -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mountall in Ubuntu. https://bugs.launchpad.net/bugs/1389164 Title: Ubuntu 14.10 ppc64le not automatically mounting NFS mounts in /etc/fstab Status in “mountall” package in Ubuntu: New Bug description: Problem Description It seems the remote mounts in my /etc/fstab file are not being automatically mounted at bootup with ppc64le Ubuntu 14.10. This leads to some of my upstart scripts not running because they require certain mounts being available. I can give access to the machine via SSH key or password. Using mount -a or any other mount command works just fine after bootup. I don't personally notice a problem in logs with mounts. The machine is a VM hosted on a Power8 PowerKVM system running: # uname -a Linux kvm10d724t.rtp.raleigh.ibm.com 3.10.23-1700.pkvm2_1.2.ppc64 #1 SMP Mon Jun 2 20:14:25 CDT 2014 ppc64 ppc64 ppc64 GNU/Linux # cat /etc/base-release IBM_PowerKVM release 2.1.0 build 18 Service (pkvm2_1) VM details: # uname -a Linux cit607 3.16.0-20-generic #27-Ubuntu SMP Wed Oct 1 17:24:38 UTC 2014 ppc64le ppc64le ppc64le GNU/Linux # cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=14.10 DISTRIB_CODENAME=utopic DISTRIB_DESCRIPTION=Ubuntu Utopic Unicorn (development branch) If I recall correctly, we installed the 141002 daily build of Utopic Unicorn (14.10). I have implemented a workaround for now. I updated /etc/fstab to use IP addresses instead of names, put mount -a as the first non- commented line in /etc/init.d/mountnfs.sh and updated the crontab to run the jobs I had in the upstart configs. This works until the problem is fixed. ---uname output--- Linux cit607 3.16.0-20-generic #27-Ubuntu SMP Wed Oct 1 17:24:38 UTC 2014 ppc64le ppc64le ppc64le GNU/Linux Machine Type = ppc64le Steps to Reproduce = Without the workaround implemented and NFS mounts in your /etc/fstab, boot up the machine. It should be evident the mount points aren't there with df -h. == Comment: #3 - Breno Henrique Leitao bren...@br.ibm.com - == I was able to reproduce this problem. NFS is not mounted automatically, but it is when you run 'mount -a'. I also toggled ASYNCMOUNTNFS in /etc/defaults/rcS and no luck. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/1389164/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1384502] Re: fstab entry for nfs /home fails to mount on boot
Please disregard the last comment, that was unfortunately for a different bug that affects 14.10 only. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mountall in Ubuntu. https://bugs.launchpad.net/bugs/1384502 Title: fstab entry for nfs /home fails to mount on boot Status in “mountall” package in Ubuntu: Triaged Bug description: i'm uncertain exactly when this issue started as we use cfengine (verifies all expected mounts in place, manually mounts those that are not). from a note i have i believe it goes back as far as lucid. the symptom is that an /etc/fstab entry for an nfs-mounted /home is not mounted during the system boot. once the system is network- accessible, manually running `mount -tnfs -av` as root (or using cfengine or any number of other solutions) is sufficient. per lp#836533 i added --verbose to /etc/init/mountall.conf and will attach the resulting /var/log/upstart/mountall.log and /etc/network/interfaces. the smoking gun appears to be: mount.nfs: Failed to resolve server nfs-home: Temporary failure in name resolution ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: mountall 2.53 ProcVersionSignature: Ubuntu 3.13.0-38.65.lp1383921-generic 3.13.11.8 Uname: Linux 3.13.0-38.65-generic x86_64 .run.mount.utab: ApportVersion: 2.14.1-0ubuntu3.5 Architecture: amd64 Date: Wed Oct 22 16:35:47 2014 ProcEnviron: TERM=rxvt-unicode-256color PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/usr/bin/zsh ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-3.13.0-38.65-generic root=/dev/md0 ro consoleblank=0 console=tty0 console=ttyS2,115200n8 nomdmonddf nomdmonisw bootdegraded=true SourcePackage: mountall UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/1384502/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1391296] Re: 14.10: NFS drives in fstab not mounted automatically
Upstart shouldn't require an INSTANCE variable for that to work, and nfs-utils shouldn't be waiting on the portmap job, as that is for legacy compatibility only. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to upstart in Ubuntu. https://bugs.launchpad.net/bugs/1391296 Title: 14.10: NFS drives in fstab not mounted automatically Status in “nfs-utils” package in Ubuntu: Confirmed Status in “upstart” package in Ubuntu: Confirmed Bug description: After upgrading to 14.10 (fresh install) my NFS drive does no longer mounts automatically at boot when the network is up and running. Manually running mount -a mounts the drive as expected and hacking a mount -a command into mountall-net.conf makes my system function normally again. Trying to manually to killall -USR1 mountall does not work. ProblemType: Bug DistroRelease: Ubuntu 14.10 Package: mountall 2.54build1 ProcVersionSignature: Ubuntu 3.16.0-24.32-generic 3.16.4 Uname: Linux 3.16.0-24-generic x86_64 ApportVersion: 2.14.7-0ubuntu8 Architecture: amd64 CurrentDesktop: Unity Date: Mon Nov 10 20:37:39 2014 EcryptfsInUse: Yes InstallationDate: Installed on 2014-11-09 (1 days ago) InstallationMedia: Ubuntu 14.10 Utopic Unicorn - Release amd64 (20141022.1) ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-3.16.0-24-generic root=UUID=e1197618-b55d-40d3-9b81-df2dcb847c1f ro quiet splash vt.handoff=7 SourcePackage: mountall UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.init.mountall.net.conf: 2014-11-10T20:26:00.795161 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1391296/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1391296] Re: 14.10: NFS drives in fstab not mounted automatically
Ok, I've investigated this, and it turns out: statd-mounting.conf intercepts nfs mounts and waits for the statd daemon to be run statd.conf starts on (virtual-filesystems and started portmap ON_BOOT=y) rpcbind.conf is what emits the started portmap event: # For compatibility with older upstart jobs in Ubuntu post-start exec initctl emit --no-wait started JOB=portmap ON_BOOT=$ON_BOOT pre-stop exec initctl emit --no-wait stopping JOB=portmap But, to actually work with upstart in 14.10, the INSTANCE variable has to be added, like so: # For compatibility with older upstart jobs in Ubuntu post-start exec initctl emit --no-wait started JOB=portmap INSTANCE='' ON_BOOT=$ON_BOOT pre-stop exec initctl emit --no-wait stopping JOB=portmap INSTANCE='' ** This bug is no longer a duplicate of bug 1384502 fstab entry for nfs /home fails to mount on boot ** Package changed: mountall (Ubuntu) = upstart (Ubuntu) ** Also affects: nfs-utils (Ubuntu) Importance: Undecided Status: New ** Changed in: nfs-utils (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mountall in Ubuntu. https://bugs.launchpad.net/bugs/1391296 Title: 14.10: NFS drives in fstab not mounted automatically Status in “nfs-utils” package in Ubuntu: Confirmed Status in “upstart” package in Ubuntu: Confirmed Bug description: After upgrading to 14.10 (fresh install) my NFS drive does no longer mounts automatically at boot when the network is up and running. Manually running mount -a mounts the drive as expected and hacking a mount -a command into mountall-net.conf makes my system function normally again. Trying to manually to killall -USR1 mountall does not work. ProblemType: Bug DistroRelease: Ubuntu 14.10 Package: mountall 2.54build1 ProcVersionSignature: Ubuntu 3.16.0-24.32-generic 3.16.4 Uname: Linux 3.16.0-24-generic x86_64 ApportVersion: 2.14.7-0ubuntu8 Architecture: amd64 CurrentDesktop: Unity Date: Mon Nov 10 20:37:39 2014 EcryptfsInUse: Yes InstallationDate: Installed on 2014-11-09 (1 days ago) InstallationMedia: Ubuntu 14.10 Utopic Unicorn - Release amd64 (20141022.1) ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-3.16.0-24-generic root=UUID=e1197618-b55d-40d3-9b81-df2dcb847c1f ro quiet splash vt.handoff=7 SourcePackage: mountall UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.init.mountall.net.conf: 2014-11-10T20:26:00.795161 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1391296/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1391296] Re: 14.10: NFS drives in fstab not mounted automatically
** Also affects: nfs-utils (Ubuntu Vivid) Importance: Undecided Status: Confirmed ** Also affects: upstart (Ubuntu Vivid) Importance: Undecided Status: Confirmed ** Also affects: nfs-utils (Ubuntu Utopic) Importance: Undecided Status: New ** Also affects: upstart (Ubuntu Utopic) Importance: Undecided Status: New ** Changed in: nfs-utils (Ubuntu Utopic) Status: New = Confirmed ** Changed in: upstart (Ubuntu Utopic) Status: New = Confirmed ** Changed in: nfs-utils (Ubuntu Utopic) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: nfs-utils (Ubuntu Vivid) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to upstart in Ubuntu. https://bugs.launchpad.net/bugs/1391296 Title: 14.10: NFS drives in fstab not mounted automatically Status in “nfs-utils” package in Ubuntu: Confirmed Status in “upstart” package in Ubuntu: Confirmed Status in “nfs-utils” source package in Utopic: Confirmed Status in “upstart” source package in Utopic: Confirmed Status in “nfs-utils” source package in Vivid: Confirmed Status in “upstart” source package in Vivid: Confirmed Bug description: After upgrading to 14.10 (fresh install) my NFS drive does no longer mounts automatically at boot when the network is up and running. Manually running mount -a mounts the drive as expected and hacking a mount -a command into mountall-net.conf makes my system function normally again. Trying to manually to killall -USR1 mountall does not work. ProblemType: Bug DistroRelease: Ubuntu 14.10 Package: mountall 2.54build1 ProcVersionSignature: Ubuntu 3.16.0-24.32-generic 3.16.4 Uname: Linux 3.16.0-24-generic x86_64 ApportVersion: 2.14.7-0ubuntu8 Architecture: amd64 CurrentDesktop: Unity Date: Mon Nov 10 20:37:39 2014 EcryptfsInUse: Yes InstallationDate: Installed on 2014-11-09 (1 days ago) InstallationMedia: Ubuntu 14.10 Utopic Unicorn - Release amd64 (20141022.1) ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-3.16.0-24-generic root=UUID=e1197618-b55d-40d3-9b81-df2dcb847c1f ro quiet splash vt.handoff=7 SourcePackage: mountall UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.init.mountall.net.conf: 2014-11-10T20:26:00.795161 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1391296/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1391296] Re: 14.10: NFS drives in fstab not mounted automatically
** Description changed: + [SRU Request] + + Due to a change in Upstart behaviour, the statd daemon no longer starts + automatically at boot, resulting in nfs mounts not being mounted at + boot. + + This has been corrected by modifying the statd upstart job to wait for + the rpcbind job to start, instead of waiting for the compatibility + portmap event. + + [Test Case] + 1- set up an NFS mount in /etc/fstab + 2- Reboot, notice the directory didn't get mounted + 3- Install update + 4- Reboot, notice the directory is mounted + + [Regression Potential] + The upstart jobs to get the proper daemons started up at boot have complex relationships, and have suffered from race conditions in the past. Although this change is small, it may slightly change previous behaviour. Of course, not having it work at all is worse than having a possible race condition, so this fix is unlikely to be any worse than the broken behaviour. + + + Original description: + After upgrading to 14.10 (fresh install) my NFS drive does no longer mounts automatically at boot when the network is up and running. Manually running mount -a mounts the drive as expected and hacking a mount -a command into mountall-net.conf makes my system function normally again. Trying to manually to killall -USR1 mountall does not work. ProblemType: Bug DistroRelease: Ubuntu 14.10 Package: mountall 2.54build1 ProcVersionSignature: Ubuntu 3.16.0-24.32-generic 3.16.4 Uname: Linux 3.16.0-24-generic x86_64 ApportVersion: 2.14.7-0ubuntu8 Architecture: amd64 CurrentDesktop: Unity Date: Mon Nov 10 20:37:39 2014 EcryptfsInUse: Yes InstallationDate: Installed on 2014-11-09 (1 days ago) InstallationMedia: Ubuntu 14.10 Utopic Unicorn - Release amd64 (20141022.1) ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-3.16.0-24-generic root=UUID=e1197618-b55d-40d3-9b81-df2dcb847c1f ro quiet splash vt.handoff=7 SourcePackage: mountall UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.init.mountall.net.conf: 2014-11-10T20:26:00.795161 ** Changed in: nfs-utils (Ubuntu Utopic) Status: Confirmed = In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to upstart in Ubuntu. https://bugs.launchpad.net/bugs/1391296 Title: 14.10: NFS drives in fstab not mounted automatically Status in “nfs-utils” package in Ubuntu: Fix Released Status in “upstart” package in Ubuntu: Confirmed Status in “nfs-utils” source package in Utopic: In Progress Status in “upstart” source package in Utopic: Confirmed Status in “nfs-utils” source package in Vivid: Fix Released Status in “upstart” source package in Vivid: Confirmed Bug description: [SRU Request] Due to a change in Upstart behaviour, the statd daemon no longer starts automatically at boot, resulting in nfs mounts not being mounted at boot. This has been corrected by modifying the statd upstart job to wait for the rpcbind job to start, instead of waiting for the compatibility portmap event. [Test Case] 1- set up an NFS mount in /etc/fstab 2- Reboot, notice the directory didn't get mounted 3- Install update 4- Reboot, notice the directory is mounted [Regression Potential] The upstart jobs to get the proper daemons started up at boot have complex relationships, and have suffered from race conditions in the past. Although this change is small, it may slightly change previous behaviour. Of course, not having it work at all is worse than having a possible race condition, so this fix is unlikely to be any worse than the broken behaviour. Original description: After upgrading to 14.10 (fresh install) my NFS drive does no longer mounts automatically at boot when the network is up and running. Manually running mount -a mounts the drive as expected and hacking a mount -a command into mountall-net.conf makes my system function normally again. Trying to manually to killall -USR1 mountall does not work. ProblemType: Bug DistroRelease: Ubuntu 14.10 Package: mountall 2.54build1 ProcVersionSignature: Ubuntu 3.16.0-24.32-generic 3.16.4 Uname: Linux 3.16.0-24-generic x86_64 ApportVersion: 2.14.7-0ubuntu8 Architecture: amd64 CurrentDesktop: Unity Date: Mon Nov 10 20:37:39 2014 EcryptfsInUse: Yes InstallationDate: Installed on 2014-11-09 (1 days ago) InstallationMedia: Ubuntu 14.10 Utopic Unicorn - Release amd64 (20141022.1) ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-3.16.0-24-generic root=UUID=e1197618-b55d-40d3-9b81-df2dcb847c1f ro quiet splash vt.handoff=7 SourcePackage: mountall UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.init.mountall.net.conf: 2014-11-10T20:26:00.795161 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1391296/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post
[Touch-packages] [Bug 1400473] Re: Apache 2.2 on Ubuntu 12.04 LTS only supports TLS1.0 which is vulnerable to BEAST attack
Apache 2.2 on 12.04 LTS does support TLSv1.1 and TLSv1.2 just fine. Could you describe why you think it's not supported? ** Changed in: openssl (Ubuntu) Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1400473 Title: Apache 2.2 on Ubuntu 12.04 LTS only supports TLS1.0 which is vulnerable to BEAST attack Status in openssl package in Ubuntu: Incomplete Bug description: For PCI compliance, one must not be vulnerable to the POODLE or BEAST or CRIME attacks. POODLE suggests removing SSLv2 and SSLv3, and BEAST suggests removing TLSv1. However, since TLSv1.1 and TLSv1.2 do not seem to be supported by apache 2.2 on 12.04 LTS, and since apache 2.4 on 12.04 LTS does not support PHP 5.3.X, the last branch to allow PHP register_globals, which is required for lots of legacy production code often used by sites with payment systems, and since Ubuntu 14.04 LTS does not support apache 2.2, and since Ubuntu 10.04 LTS does not support SHA256 signed SSL certificates, there may be no feasible way for someone to run a credit card processing system with any Ubuntu LTS system if they require both PCI compliance and PHP register_globals support. It looks like manually compiling PHP may be the only plausible way to surmount this issue in this particular circumstance. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1400473/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1256576] Re: Ubuntu 12.04 LTS: OpenSSL downlevel version is 1.0.0, and does not support TLS 1.2
Apache2 in 12.04 supports TLSv1.2 just fine, I've been running test scripts against it. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1256576 Title: Ubuntu 12.04 LTS: OpenSSL downlevel version is 1.0.0, and does not support TLS 1.2 Status in openssl package in Ubuntu: Fix Released Bug description: The long term support version of Ubuntu 12.04 provides OpenSSL 1.0.0. A wireshark trace shows the version of OpenSSL used by Ubuntu does not support TLS 1.2. According to the change logs, TLS 1.2 support was added 14 March 2012. The change log can be found at http://www.openssl.org/news/changelog.html, and the TLS additions can be found under the heading Changes between 1.0.0h and 1.0.1. $ ldd /usr/lib/x86_64-linux-gnu/libssl.so linux-vdso.so.1 = (0x7fffd9d84000) libcrypto.so.1.0.0 = /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x7f1e0691e000) libc.so.6 = /lib/x86_64-linux-gnu/libc.so.6 (0x7f1e0655e000) libdl.so.2 = /lib/x86_64-linux-gnu/libdl.so.2 (0x7f1e06359000) libz.so.1 = /lib/x86_64-linux-gnu/libz.so.1 (0x7f1e06142000) /lib64/ld-linux-x86-64.so.2 (0x7f1e06f6d000) *** OpenSSL 1.0.1 is compatible with 1.0.0. From the OpenSSL FAQ (http://www.openssl.org/support/faq.html): 8. How does the versioning scheme work? After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter releases (e.g. 1.0.1a) can only contain bug and security fixes and no new features. Minor releases change the last number (e.g. 1.0.2) and can contain new features that retain binary compatibility. Changes to the middle number are considered major releases and neither source nor binary compatibility is guaranteed. ** By the way, its nearly impossible to file a bug report through the launch pad. The maze that's been created is impossible to navigate, and its worse than one of those phone menu systems. I had to look up the URL to file at http://www.cryptopp.com/wiki/Talk:Linux. Great job to the designers of the system. Its probably the same idiots who thought a tablet manager was a great idea on the desktop.. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1256576/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1396151] Re: password not checked on screen unlock
** Package changed: light-locker (Ubuntu) = unity (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity in Ubuntu. https://bugs.launchpad.net/bugs/1396151 Title: password not checked on screen unlock Status in unity package in Ubuntu: New Bug description: On a system upgraded from 12.04 to 14.04: When don't ask for password on login is checked for a user, previous screen locking would still require a password - the preference only applied to logins. Now light locker(?) is showing a password dialog box, but it will accept any (or no) password for screen unlock, just as for login. This might be a good change, but it was surely unexpected, and I found the previous functionality (being able to NOT require the PW for login but still require it for screen unlock) very useful, even if it might seem odd on the surface. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: gnome-screensaver (not installed) ProcVersionSignature: Ubuntu 3.13.0-39.66-generic 3.13.11.8 Uname: Linux 3.13.0-39-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.5 Architecture: amd64 CurrentDesktop: XFCE Date: Tue Nov 25 08:29:52 2014 InstallationDate: Installed on 2012-10-08 (777 days ago) InstallationMedia: Xubuntu 12.04.1 LTS Precise Pangolin - Release amd64 (20120822.1) SourcePackage: gnome-screensaver Symptom: security Title: Screen locking issue UpgradeStatus: Upgraded to trusty on 2014-09-03 (83 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1396151/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1396568] Re: saslauthd allow authentication after user deletion until it is restarted
By default, saslauthd caches credentials. The cache and timeout are set by the -c and -t command line options. You can disable caching by removing the -c from /etc/default/saslauthd, or adjust the timeout from the default 28800 seconds by adding -t to it. ** Information type changed from Private Security to Public ** Changed in: cyrus-sasl2 (Ubuntu) Status: New = Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1396568 Title: saslauthd allow authentication after user deletion until it is restarted Status in cyrus-sasl2 package in Ubuntu: Invalid Bug description: as per subject it is possible to login to saslauthd with a deleted user credentials, until the saslauthd daemon is restarted. this is the output of swaks, after the user test deletion: swaks -a -tls -q AUTH -s localhost -au Username: test Password: test === Trying localhost:25... === Connected to localhost. - 220 mail.csc.it ESMTP Exim 4.71 Wed, 26 Nov 2014 12:44:01 +0100 - EHLO server-name-removed - 250-server-name-removed Hello localhost [127.0.0.1] - 250-SIZE 52428800 - 250-PIPELINING - 250-STARTTLS - 250 HELP - STARTTLS - 220 TLS go ahead === TLS started w/ cipher DHE-RSA-AES256-SHA ~ EHLO server-name-removed ~ 250-server-name-removed Hello localhost [127.0.0.1] ~ 250-SIZE 52428800 ~ 250-PIPELINING ~ 250-AUTH PLAIN LOGIN ~ 250 HELP ~ AUTH LOGIN ~ 334 VXNlcm5hbWU6 ~ dGVzdA== ~ 334 UGFzc3dvcmQ6 ~ dGVzdA== ~ 235 Authentication succeeded ~ QUIT ~ 221 server-name-removed closing connection === Connection closed with remote host. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1396568/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1401487] Re: apt reports wrong hashes
This happens from time to time when a mirror is out of sync. ** Information type changed from Private Security to Public ** Package changed: thunderbird (Ubuntu) = apt (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1401487 Title: apt reports wrong hashes Status in apt package in Ubuntu: New Bug description: Hi, ocassionally, I'm getting wrong hashes when doing an apt-get update: W: Fehlschlag beim Holen von http://de.archive.ubuntu.com/ubuntu/dists /trusty-updates/main/binary-amd64/Packages Hash-Summe stimmt nicht überein W: Fehlschlag beim Holen von http://de.archive.ubuntu.com/ubuntu/dists /trusty-updates/main/binary-i386/Packages Hash-Summe stimmt nicht überein W: Fehlschlag beim Holen von http://de.archive.ubuntu.com/ubuntu/dists /trusty-updates/universe/binary-i386/Packages Hash-Summe stimmt nicht überein How can this occur? I don't think there are TCP/IP errors for my connection, at least in the past I did not have them. Is there a technical reason for that on the mirror server (e.g. during an update of the files)? Can you check for corruption/compromization on the server? I'm really concerned about this. Or do I have to think about a man-in-the-middle problem considering my connection/router? As far as I can say, the problem appears and disappers from time to time. I cannot reproduce it relyably. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1401487/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
