[Bug 53887] Re: [patch] Command completion should be enhanced
Whats the status of this? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/53887 Title: [patch] Command completion should be enhanced To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/53887/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1105645] [NEW] /etc/bash.d
Public bug reported: Hello, two-line summary: I propose to create a /etc/bash.d/ directory for files that need to be read when starting a non-login shell. longer version: Files in /etc/profile.d/ are sourced for _login shells_ (in other words: whenever /etc/profile is read). That works fine for setting environment variables (which are exported to child processes, including shells), but breaks for things like bash completion because those aren't inherited to non-login shells. If you don't know the difference: su - $USER # will give you a login shell bash # will give you a non-login shell If you open a normal (non-login) shell, the files in /etc/profile.d/ are _not_ read. This means that various bash completions are not available. I propose to create a /etc/bash.d/ directory for files that need to be read when starting a non-login shell. This adds the advantage of having a *.d directory where you can just drop in a file and it is used. I never used a different shell, therefore I have no idea if we'll need a /etc/tcsh.d/, /etc/ash.d/, /etc/zsh.d/, ... directory - feedback on this (and of course on the /etc/bash.d/ proposal) is welcome ;-) ** Affects: bash (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1105645 Title: /etc/bash.d To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1105645/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 390508] Re: notifyOSD ignores the expire timeout parameter
I also like to appeal this decision. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/390508 Title: notifyOSD ignores the expire timeout parameter To manage notifications about this bug go to: https://bugs.launchpad.net/hundredpapercuts/+bug/390508/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 296800] Re: [needs-packaging] Netactview
Still interested... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/296800 Title: [needs-packaging] Netactview To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/296800/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1039420] Re: NTP security vulnerability because not using authentication by default
NTP has public and private keys. http://doc.ntp.org/4.1.0/genkeys.htm Just like SSL, gpg, etc. Of course ntp.ubuntu.com and other server owners keep their private key secure. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1039420 Title: NTP security vulnerability because not using authentication by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1039420/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1039420] Re: NTP security vulnerability because not using authentication by default
NTP has public and private keys. http://doc.ntp.org/4.1.0/genkeys.htm Just like SSL, gpg, etc. Of course ntp.ubuntu.com and other server owners keep their private key secure. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1039420 Title: NTP security vulnerability because not using authentication by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1039420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1039420] Re: NTP security vulnerability because not using authentication by default
I have some ideas ideas... There is already ntp.ubuntu.com, can you add authentication? Ubuntu has importance. Can you officially ask the NTP pool if they could add authentication? Can you publicly the problem somewhere? A blog post? I am sure some NTP server volunteers would like to add authentication, if you can provide clear instructions for them. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1039420 Title: NTP security vulnerability because not using authentication by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1039420/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1039420] Re: NTP security vulnerability because not using authentication by default
I have some ideas ideas... There is already ntp.ubuntu.com, can you add authentication? Ubuntu has importance. Can you officially ask the NTP pool if they could add authentication? Can you publicly the problem somewhere? A blog post? I am sure some NTP server volunteers would like to add authentication, if you can provide clear instructions for them. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1039420 Title: NTP security vulnerability because not using authentication by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1039420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1039420] [NEW] NTP security vulnerability because not using authentication by default
*** This bug is a security vulnerability *** Public security bug reported: Ubuntu implements so much security one way or another. So much defenses against network level man in the middle or malicious proxies or wifi hotspots. Cryptographic verification generally works well but there is one big drawback: it requires correct date/time. NTP in Ubuntu does not use any authentication by default, although it is supported by NTP. I conclude, that almost no one is using authenticated NTP, because there are no instructions in a forum or blog how to enable NTP authentication. Therefore almost everyone uses standard configuration and is at risk. An adversary can tamper with the unauthenticated NTP replies and put the users time several years back, especially, but not limited, if the bios battery or hardware clock is defect. That issue becomes more relevant with new devices like RP, which do not even have a hardware clock. Putting the clock several years back allows an adversary to use already revoked, broken, expired certificates; replay old, broken, outdated, known vulnerable updates etc. ** Affects: ntp (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1039420 Title: NTP security vulnerability because not using authentication by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1039420/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1039420] Re: NTP security vulnerability because not using authentication by default
No need to keep this private. Has been publicly discussed but without proper bug report and the discussion felt into oblivion. http://ubuntu.5.n6.nabble.com/authenticated-NTP-td4486136.html -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1039420 Title: NTP security vulnerability because not using authentication by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1039420/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1039420] [NEW] NTP security vulnerability because not using authentication by default
*** This bug is a security vulnerability *** Public security bug reported: Ubuntu implements so much security one way or another. So much defenses against network level man in the middle or malicious proxies or wifi hotspots. Cryptographic verification generally works well but there is one big drawback: it requires correct date/time. NTP in Ubuntu does not use any authentication by default, although it is supported by NTP. I conclude, that almost no one is using authenticated NTP, because there are no instructions in a forum or blog how to enable NTP authentication. Therefore almost everyone uses standard configuration and is at risk. An adversary can tamper with the unauthenticated NTP replies and put the users time several years back, especially, but not limited, if the bios battery or hardware clock is defect. That issue becomes more relevant with new devices like RP, which do not even have a hardware clock. Putting the clock several years back allows an adversary to use already revoked, broken, expired certificates; replay old, broken, outdated, known vulnerable updates etc. ** Affects: ntp (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1039420 Title: NTP security vulnerability because not using authentication by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1039420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1039420] Re: NTP security vulnerability because not using authentication by default
No need to keep this private. Has been publicly discussed but without proper bug report and the discussion felt into oblivion. http://ubuntu.5.n6.nabble.com/authenticated-NTP-td4486136.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1039420 Title: NTP security vulnerability because not using authentication by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1039420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 997212] Re: Openbox crashing X.org, running GTK 3.4 applications.
https://bugzilla.icculus.org/show_bug.cgi?id=5460 says it's fixed upstream. Any updates here? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/997212 Title: Openbox crashing X.org, running GTK 3.4 applications. To manage notifications about this bug go to: https://bugs.launchpad.net/openbox/+bug/997212/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1036482] [NEW] [needs-packaging] Tor Browser
Public bug reported: Tor Browser is an anonymity, security and privacy oriented browser based on Mozilla Firefox from torproject.org. https://www.torproject.org/ Tor is the last serious anonymity network. Tor is the only option for non-criminals to speak freely and anonymously. All other networks are so weak, that researchers don't even talk about the others anymore. http://freehaven.net/anonbib/#2012 Tor Button + Mozilla Firefox is deprecated and recommend against. https://blog.torproject.org/blog/toggle-or-not-toggle-end-torbutton Configuring Mozilla Firefox to use Tor as socks proxy is even more deprecated and recommend against.(browser fingerprinting, https://www.torproject.org/torbutton/torbutton-faq.html.en#oldtorbutton There is only Tor in Ubuntu repository. Tor Browser is missing. Please package! Downloading the bundle from torproject.org is bad. It happened that torproject.org was targeted using a compromised SSL certificate authority. 1. visit torproject.org 2. download 3. import gpg key 4. download signature 5. verify signature... Very bad. Please add to packages, apt-get install torbrowser is much better! URL: https://www.torproject.org/ License: 100% Open Source ** Affects: ubuntu Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1036482 Title: [needs-packaging] Tor Browser To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/1036482/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1024735] [NEW] preseed does not work without any network card
Public bug reported: Version: Ubuntu Server 12.04 CD Test 1: d-i netcfg/enable boolean false Test 2: d-i netcfg/enable boolean false d-i netcfg/dhcp_options select \Do not configure the network at this time\ Test 3: d-i netcfg/enable boolean false d-i netcfg/dhcp_options select \Do not configure the network at this time\ d-i netcfg/no_interfaces boolean true Test 4: d-i netcfg/no_interfaces boolean true Error message always: [!!] Configure the network Installation step failed The failing step is: Configure the network ** Affects: preseed (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1024735 Title: preseed does not work without any network card To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/preseed/+bug/1024735/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
