[Bug 1444656] Re: GnuTLS TLS 1.2 handshake failure
We encountered this bug today and it has the potential to be pretty nasty if you're unfortunate enough to hit it. In our case we have several systems which perform authentication against a Windows domain using LDAPS. We recently updated the TLS certificate on those systems and all the services which perform LDAPS authentication starting failing with the symptoms described earlier in this bug. The new TLS certificate we installed had the same key size and hash algorithm, but it turned out the root CA & intermediate certificate were using SHA384 as the signature hash. This in turn caused the LDAPS connections to stop working. Given the CA's certificates were using SHA384 reissuing the certificate wasn't going to help and downgrading the TLS version was not at all desirable given the potential security implications. I've backported the commit referenced by Marc and confirmed it resolves the problem for us. In my view it'd be wise to push this out to 14.04 users as this issue is going to presumably become more prominent as more certificates start using stronger hash algorithms and TLS 1.2 becomes more prevalent. ** Patch added: "fix-tls12-handshake.diff" https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1444656/+attachment/4837425/+files/fix-tls12-handshake.diff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1444656 Title: GnuTLS TLS 1.2 handshake failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1444656/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1275495] Re: check_radius missing
This should be an easy fix, but as an alternative while a developer gets around to it, you can also use the Monitoring Plugins PPA: https://launchpad.net/~pkg-nagios-devel/+archive/ubuntu/plugins. See also: https://www.monitoring-plugins.org/ Note that this will result in installing a far newer version of the plugins so you should only do this if you're willing to invest the time to also fix any potential incompatibilities due to the major version bump. That said, my own installation on a production Icinga instance went very smoothly. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nagios-plugins in Ubuntu. https://bugs.launchpad.net/bugs/1275495 Title: check_radius missing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nagios-plugins/+bug/1275495/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1275495] Re: check_radius missing
This should be an easy fix, but as an alternative while a developer gets around to it, you can also use the Monitoring Plugins PPA: https://launchpad.net/~pkg-nagios-devel/+archive/ubuntu/plugins. See also: https://www.monitoring-plugins.org/ Note that this will result in installing a far newer version of the plugins so you should only do this if you're willing to invest the time to also fix any potential incompatibilities due to the major version bump. That said, my own installation on a production Icinga instance went very smoothly. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1275495 Title: check_radius missing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nagios-plugins/+bug/1275495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1342574] Re: Samba crashing on null path in cleanup_tmp_files
Seeing the exact same issue here. I also note that the crash seems to be from starting smbd with the '-D' parameter by samba-ad-dc, however, it shouldn't even be trying to run this from what I can see. The system is running a fresh installation of Samba with a vanilla configuration and as such is not configured to function as a domain controller. The init.d script for samba-ad-dc contains this excerpt: start) SERVER_ROLE=`samba-tool testparm --parameter-name=server role 2/dev/null | tail -1` if [ $SERVER_ROLE != active directory domain controller ]; then exit 0 fi However, the upstart script performs no such check and simply attempts to start it unconditionally. I'm not sure if this is related to the behaviour we see here (expecting configuration parameters that aren't present?) or is a separate issue. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1342574 Title: Samba crashing on null path in cleanup_tmp_files To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1342574/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1342574] Re: Samba crashing on null path in cleanup_tmp_files
Seeing the exact same issue here. I also note that the crash seems to be from starting smbd with the '-D' parameter by samba-ad-dc, however, it shouldn't even be trying to run this from what I can see. The system is running a fresh installation of Samba with a vanilla configuration and as such is not configured to function as a domain controller. The init.d script for samba-ad-dc contains this excerpt: start) SERVER_ROLE=`samba-tool testparm --parameter-name=server role 2/dev/null | tail -1` if [ $SERVER_ROLE != active directory domain controller ]; then exit 0 fi However, the upstart script performs no such check and simply attempts to start it unconditionally. I'm not sure if this is related to the behaviour we see here (expecting configuration parameters that aren't present?) or is a separate issue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1342574 Title: Samba crashing on null path in cleanup_tmp_files To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1342574/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1292400] Re: task systemd-udevd:1906 blocked for more than 120 seconds.
This bug has been quiet for a while by the looks of it so just chipping in. I can confirm I witnessed this bug last week on an Ubuntu 14.04 x64 VM on a Windows Server 2012 R2 Hyper-V server with dynamic memory enabled on the guest. I suspect that dynamic memory (aka. memory hot- add/remove) may be related to this issue. If so, creating a VM with dynamic memory enabled and then running a workload that is memory intensive to ensure the Hyper-V server allocates more RAM to the VM may be beneficial. The tie-in with the balloon driver is interesting, and might suggest there's some level of interaction going on between these two components? Perhaps after dynamic memory adds more RAM to the system the balloon driver may trigger the issue due to no longer valid assumptions, or alternatively, the removal of memory from the system once it no longer needs it has a similar effect? It may also be useful for others to know that we initially detected this issue due to it causing a very high load average on the affected system which can be trivially detected by monitoring systems like Nagios. Note that while the load average is high, this doesn't correspond to any given process actually consuming substantial CPU resources, so you'll want to take a look at the dmesg output which will confirm if you're experiencing the issue via the blocked systemd-udevd and kworker processes. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1292400 Title: task systemd-udevd:1906 blocked for more than 120 seconds. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1292400/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1363519] Re: start-stop-daemon fails debsums check
Just chipping in that I have just encountered this exact bug as reported by RafaĆ Roncoszek on an Ubuntu Server 14.04.1 x64 server I admin. Was initially very concerned to see a critical system binary failing a debsums check but the md5sum's of the failing binary and the updated binary via a 'apt-get install dpkg --reinstall' exactly match those provided in this bug report. While I agree this isn't a security issue, I do consider it a fairly severe bug when incorrect/unexpected versions of system binaries are being installed and in turn causing simple auditing tools to report issues with the installation. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1363519 Title: start-stop-daemon fails debsums check To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1363519/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1345059] [NEW] linux-cloud-tools missing from precise
Public bug reported: The Trusty Tahir Hardware Enablement Stack for Ubuntu 12.04 is available and being aggressively promoted to existing Ubuntu 12.04 deployments running now End-of-Life Hardware Enablement Stacks. However, the linux- cloud-tools packages have not been made available to Precise users. This package was newly introduced in Trusty Tahir and contains cloud specific tooling associated with a given kernel version, separate from the general tools provided in the linux-tools packages. Right now, this package only contains Hyper-V specific daemons and utilities. The result of this is that on updating to the Trusty HWE the userspace hv-kvp-daemon Hyper-V daemon previously provided by the linux-tools packages is no longer present and will fail to start when the hv-kvp-daemon-init package attempts to do so: hv_kvp_daemon not available for kernel 3.13.0-30 This is in my view a very serious issue as it risks potentially breaking Hyper-V deployments of Ubuntu 12.04 which have either updated to the Trusty HWE or will be installed via the 12.04.05 installation media (the latter has yet to be released). From my brief look at the packaging situation the linux-cloud-tools packages depend on a newer version of sysv-rc than is currently available for 12.04, though, this is the only unmet dependency and I'm unsure if the newer sysv-rc is technically required or was just pinned against the release that Ubuntu 14.04 shipped with. ** Affects: linux-meta (Ubuntu) Importance: Undecided Status: New ** Package changed: hv-kvp-daemon-init (Ubuntu) = linux-meta (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to hv-kvp-daemon-init in Ubuntu. https://bugs.launchpad.net/bugs/1345059 Title: linux-cloud-tools missing from precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1345059/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1320488] Re: hv-kvp-daemon-init incompatible with kernel 3.11
Closing as the issue only affects a Hardware Enablement Stack which is now End-of-Life. However, have opened bug #1345059 which is similar but far more serious as it affects the new Trusty HWE which is supported for the next three years and there is no current workaround. ** Changed in: hv-kvp-daemon-init (Ubuntu) Status: New = Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to hv-kvp-daemon-init in Ubuntu. https://bugs.launchpad.net/bugs/1320488 Title: hv-kvp-daemon-init incompatible with kernel 3.11 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/hv-kvp-daemon-init/+bug/1320488/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1320488] Re: hv-kvp-daemon-init incompatible with kernel 3.11
Closing as the issue only affects a Hardware Enablement Stack which is now End-of-Life. However, have opened bug #1345059 which is similar but far more serious as it affects the new Trusty HWE which is supported for the next three years and there is no current workaround. ** Changed in: hv-kvp-daemon-init (Ubuntu) Status: New = Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1320488 Title: hv-kvp-daemon-init incompatible with kernel 3.11 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/hv-kvp-daemon-init/+bug/1320488/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1345059] [NEW] linux-cloud-tools missing from precise
Public bug reported: The Trusty Tahir Hardware Enablement Stack for Ubuntu 12.04 is available and being aggressively promoted to existing Ubuntu 12.04 deployments running now End-of-Life Hardware Enablement Stacks. However, the linux- cloud-tools packages have not been made available to Precise users. This package was newly introduced in Trusty Tahir and contains cloud specific tooling associated with a given kernel version, separate from the general tools provided in the linux-tools packages. Right now, this package only contains Hyper-V specific daemons and utilities. The result of this is that on updating to the Trusty HWE the userspace hv-kvp-daemon Hyper-V daemon previously provided by the linux-tools packages is no longer present and will fail to start when the hv-kvp-daemon-init package attempts to do so: hv_kvp_daemon not available for kernel 3.13.0-30 This is in my view a very serious issue as it risks potentially breaking Hyper-V deployments of Ubuntu 12.04 which have either updated to the Trusty HWE or will be installed via the 12.04.05 installation media (the latter has yet to be released). From my brief look at the packaging situation the linux-cloud-tools packages depend on a newer version of sysv-rc than is currently available for 12.04, though, this is the only unmet dependency and I'm unsure if the newer sysv-rc is technically required or was just pinned against the release that Ubuntu 14.04 shipped with. ** Affects: linux-meta (Ubuntu) Importance: Undecided Status: New ** Package changed: hv-kvp-daemon-init (Ubuntu) = linux-meta (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1345059 Title: linux-cloud-tools missing from precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1345059/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1345059] Re: linux-cloud-tools missing from precise
Not sure apport-collect is helpful for this particular bug? It crashes regardless: *** Collecting problem information The collected information can be sent to the developers to improve the application. This might take a few minutes. .ERROR: hook /usr/share/apport/general-hooks/cloud_archive.py crashed: Traceback (most recent call last): File /usr/lib/python2.7/dist-packages/apport/report.py, line 719, in add_hooks_info symb['add_info'](self, ui) File /usr/share/apport/general-hooks/cloud_archive.py, line 18, in add_info if '~cloud' in packaging.get_version(package) and \ File /usr/lib/python2.7/dist-packages/apport/packaging_impl.py, line 95, in get_version raise ValueError('package does not exist') ValueError: package does not exist .No packages found matching linux. ** Changed in: linux (Ubuntu) Status: Incomplete = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1345059 Title: linux-cloud-tools missing from precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1345059/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1320488] [NEW] hv-kvp-daemon-init incompatible with kernel 3.11
Public bug reported: The /usr/sbin/hv_kvp_daemon script installed by the hv-kvp-daemon-init package currently fails to find the hv_kvp_daemon binary for the running kernel when running under a 3.11 release (as per a reasonably up-to-date Ubuntu 12.04 installation). Ironically, the hv_kvp_daemon script installed by linux-tools-common package works fine, however, it is diverted by the package ending up at /usr/sbin/hv_kvp_daemon.hv-kvp- daemon-init. It is thus never actually called by the hv-kvp-daemon init script. The hv-kvp-daemon-init package is still required as it installs various other support utilities as well as the init script itself used to start the KVP (Key-Value Pair) daemon. I believe this issue has arisen as the /usr/sbin/hv_kvp_daemon script was presumably not included until the linux-tools-common releases associated with the 3.11 series of kernels and has not been updated to reflect this. A simple workaround for now is to remove the divert and restore the script installed by linux-tools-common: sudo dpkg-divert --remove /usr/sbin/hv_kvp_daemon sudo mv /usr/sbin/hv_kvp_daemon /usr/sbin/hv_kvp_daemon.bak sudo mv /usr/sbin/hv_kvp_daemon.hv-kvp-daemon-init /usr/sbin/hv_kvp_daemon sudo service hv-kvp-daemon-init start ps -ef | grep kvp # Verify the daemon is actually running For the unaware, the daemon is non-critical from the guest OS's perspective, however, it is used by the Hyper-V host to exchange information with the guest OS instance, such as IP addressing and system state information. When not running various information usually accessible to the hypervisor won't be which can impact scripting tasks as well as in some cases system functions (e.g. some backup types may be affected where they rely on the daemon to communicate with the host). ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: hv-kvp-daemon-init 0.3ubuntu4~12.04.0 [modified: usr/sbin/hv_kvp_daemon] ProcVersionSignature: Ubuntu 3.11.0-20.35~precise1-generic 3.11.10.6 Uname: Linux 3.11.0-20-generic x86_64 NonfreeKernelModules: ksplice_ttt6czy9_floppy_new ksplice_ttt6czy9 ksplice_hxl9iy0x_vmlinux_new ksplice_hxl9iy0x ksplice_arnypzmc_vmlinux_new ksplice_arnypzmc ApportVersion: 2.0.1-0ubuntu17.6 Architecture: amd64 Date: Sat May 17 21:08:42 2014 InstallationMedia: Ubuntu-Server 12.04.4 LTS Precise Pangolin - Release amd64 (20140204) MarkForUpload: True SourcePackage: hv-kvp-daemon-init UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: hv-kvp-daemon-init (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug precise third-party-packages -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to hv-kvp-daemon-init in Ubuntu. https://bugs.launchpad.net/bugs/1320488 Title: hv-kvp-daemon-init incompatible with kernel 3.11 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/hv-kvp-daemon-init/+bug/1320488/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1320488] [NEW] hv-kvp-daemon-init incompatible with kernel 3.11
Public bug reported: The /usr/sbin/hv_kvp_daemon script installed by the hv-kvp-daemon-init package currently fails to find the hv_kvp_daemon binary for the running kernel when running under a 3.11 release (as per a reasonably up-to-date Ubuntu 12.04 installation). Ironically, the hv_kvp_daemon script installed by linux-tools-common package works fine, however, it is diverted by the package ending up at /usr/sbin/hv_kvp_daemon.hv-kvp- daemon-init. It is thus never actually called by the hv-kvp-daemon init script. The hv-kvp-daemon-init package is still required as it installs various other support utilities as well as the init script itself used to start the KVP (Key-Value Pair) daemon. I believe this issue has arisen as the /usr/sbin/hv_kvp_daemon script was presumably not included until the linux-tools-common releases associated with the 3.11 series of kernels and has not been updated to reflect this. A simple workaround for now is to remove the divert and restore the script installed by linux-tools-common: sudo dpkg-divert --remove /usr/sbin/hv_kvp_daemon sudo mv /usr/sbin/hv_kvp_daemon /usr/sbin/hv_kvp_daemon.bak sudo mv /usr/sbin/hv_kvp_daemon.hv-kvp-daemon-init /usr/sbin/hv_kvp_daemon sudo service hv-kvp-daemon-init start ps -ef | grep kvp # Verify the daemon is actually running For the unaware, the daemon is non-critical from the guest OS's perspective, however, it is used by the Hyper-V host to exchange information with the guest OS instance, such as IP addressing and system state information. When not running various information usually accessible to the hypervisor won't be which can impact scripting tasks as well as in some cases system functions (e.g. some backup types may be affected where they rely on the daemon to communicate with the host). ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: hv-kvp-daemon-init 0.3ubuntu4~12.04.0 [modified: usr/sbin/hv_kvp_daemon] ProcVersionSignature: Ubuntu 3.11.0-20.35~precise1-generic 3.11.10.6 Uname: Linux 3.11.0-20-generic x86_64 NonfreeKernelModules: ksplice_ttt6czy9_floppy_new ksplice_ttt6czy9 ksplice_hxl9iy0x_vmlinux_new ksplice_hxl9iy0x ksplice_arnypzmc_vmlinux_new ksplice_arnypzmc ApportVersion: 2.0.1-0ubuntu17.6 Architecture: amd64 Date: Sat May 17 21:08:42 2014 InstallationMedia: Ubuntu-Server 12.04.4 LTS Precise Pangolin - Release amd64 (20140204) MarkForUpload: True SourcePackage: hv-kvp-daemon-init UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: hv-kvp-daemon-init (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug precise third-party-packages -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1320488 Title: hv-kvp-daemon-init incompatible with kernel 3.11 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/hv-kvp-daemon-init/+bug/1320488/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1320488] Re: hv-kvp-daemon-init incompatible with kernel 3.11
I'll clarify in advance that the modified: usr/sbin/hv_kvp_daemon is due to me inserting a hack in the original script to make it work. The stock unmodified script is broken as per the bug report. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1320488 Title: hv-kvp-daemon-init incompatible with kernel 3.11 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/hv-kvp-daemon-init/+bug/1320488/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs