date:20170330

This bug was fixed in the package qemu - 1:2.5+dfsg-5ubuntu10.10

---
qemu (1:2.5+dfsg-5ubuntu10.10) xenial; urgency=medium

  [Nishanth Aravamudan]
  * debian/patches/ubuntu/add_force_size_option.patch:
block/vpc: fix VHD size calculation. (LP: #1490611)

 -- Christian Ehrhardt   Mon, 20 Feb
2017 13:09:53 +0100

** Changed in: qemu (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1490611

Title:
  Using qemu >=2.2.1 to convert raw->VHD (fixed) adds extra padding to
  the result file, which Microsoft Azure rejects as invalid

Status in QEMU:
  Fix Released
Status in qemu package in Ubuntu:
  Fix Released
Status in qemu source package in Xenial:
  Fix Released

Bug description:
  [Impact]

   * Starting with a raw disk image, using "qemu-img convert" to convert
  from raw to VHD results in the output VHD file's virtual size being
  aligned to the nearest 516096 bytes (16 heads x 63 sectors per head x
  512 bytes per sector), instead of preserving the input file's size as
  the output VHD's virtual disk size.

   * Microsoft Azure requires that disk images (VHDs) submitted for
  upload have virtual sizes aligned to a megabyte boundary. (Ex. 4096MB,
  4097MB, 4098MB, etc. are OK, 4096.5MB is rejected with an error.) This
  is reflected in Microsoft's documentation: https://azure.microsoft.com
  /en-us/documentation/articles/virtual-machines-linux-create-upload-
  vhd-generic/

   * The fix for this bug is a backport from upstream.
  http://git.qemu.org/?p=qemu.git;a=commitdiff;h=fb9245c2610932d33ce14

  [Test Case]

   * This is reproducible with the following set of commands (including
  the Azure command line tools from https://github.com/Azure/azure-
  xplat-cli). For the following example, I used qemu version 2.2.1:

  $ dd if=/dev/zero of=source-disk.img bs=1M count=4096

  $ stat source-disk.img
    File: ‘source-disk.img’
    Size: 4294967296  Blocks: 798656 IO Block: 4096   regular file
  Device: fc01h/64513dInode: 13247963Links: 1
  Access: (0644/-rw-r--r--)  Uid: ( 1000/  smkent)   Gid: ( 1000/  smkent)
  Access: 2015-08-18 09:48:02.613988480 -0700
  Modify: 2015-08-18 09:48:02.825985646 -0700
  Change: 2015-08-18 09:48:02.825985646 -0700
   Birth: -

  $ qemu-img convert -f raw -o subformat=fixed -O vpc source-disk.img
  dest-disk.vhd

  $ stat dest-disk.vhd
    File: ‘dest-disk.vhd’
    Size: 4296499712  Blocks: 535216 IO Block: 4096   regular file
  Device: fc01h/64513dInode: 13247964Links: 1
  Access: (0644/-rw-r--r--)  Uid: ( 1000/  smkent)   Gid: ( 1000/  smkent)
  Access: 2015-08-18 09:50:22.252077624 -0700
  Modify: 2015-08-18 09:49:24.424868868 -0700
  Change: 2015-08-18 09:49:24.424868868 -0700
   Birth: -

  $ azure vm image create testimage1 dest-disk.vhd -o linux -l "West US"
  info:Executing command vm image create
  + Retrieving storage accounts
  info:VHD size : 4097 MB
  info:Uploading 4195800.5 KB
  Requested:100.0% Completed:100.0% Running:   0 Time: 1m 0s Speed:  6744 KB/s
  info:https://[redacted].blob.core.windows.net/vm-images/dest-disk.vhd was 
uploaded successfully
  error:   The VHD 
https://[redacted].blob.core.windows.net/vm-images/dest-disk.vhd has an 
unsupported virtual size of 4296499200 bytes.  The size must be a whole number 
(in MBs).
  info:Error information has been recorded to /home/smkent/.azure/azure.err
  error:   vm image create command failed

   * A fixed qemu-img will not result in an error during azure image
  creation. It will require passing -o force_size, which will leverage
  the backported functionality.

  [Regression Potential]

   * The upstream fix introduces a qemu-img option (-o force_size) which
  is unset by default. The regression potential is very low, as a
  result.

  ...

  I also ran the above commands using qemu 2.4.0, which resulted in the
  same error as the conversion behavior is the same.

  However, qemu 2.1.1 and earlier (including qemu 2.0.0 installed by
  Ubuntu 14.04) does not pad the virtual disk size during conversion.
  Using qemu-img convert from qemu versions <=2.1.1 results in a VHD
  that is exactly the size of the raw input file plus 512 bytes (for the
  VHD footer). Those qemu versions do not attempt to realign the disk.
  As a result, Azure accepts VHD files created using those versions of
  qemu-img convert for upload.

  Is there a reason why newer qemu realigns the converted VHD file? It
  would be useful if an option were added to disable this feature, as
  current versions of qemu cannot be used to create VHD files for Azure
  using Microsoft's official instructions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1490611/+subscriptions

[Group.of.nepali.translators] [Bug 1644530] Re: keepalived fails to restart cleanly due to the wrong systemd settings

This bug was fixed in the package keepalived - 1:1.2.19-1ubuntu0.2

---
keepalived (1:1.2.19-1ubuntu0.2) xenial; urgency=medium

  * Add PIDFile to avoid misdetection of MainPID on restart (LP:
#1644530).

 -- Christian Ehrhardt   Mon, 13 Mar
2017 13:23:47 +0100

** Changed in: keepalived (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1644530

Title:
  keepalived fails to restart cleanly due to the wrong systemd settings

Status in keepalived package in Ubuntu:
  Fix Released
Status in systemd package in Ubuntu:
  New
Status in keepalived source package in Xenial:
  Fix Released
Status in systemd source package in Xenial:
  New
Status in keepalived package in Debian:
  New

Bug description:
  [Impact]

   * Restarts of keepalived can leave stale processes with the old
  configuration around.

   * The systemd detection of the MainPID is suboptimal, and combined
  with not waiting on signals being handled it can fail on second
  restart killing the (still) remaining process of the first start.

   * Upstream has a PIDFile statement, this has proven to avoid the
  issue in the MainPID guessing code of systemd.

  [Test Case]

   * Set up keepalived, the more complex the config is the "bigger" is the 
reace window, below in the description is a trivial sample config that works 
well.
   
   * As a test run the loop restarting the service head-to-head while staying 
under the max-restart limit
  $ for j in $(seq 1 20); do sleep 11s; time for i in $(seq 1 5); do sudo 
systemctl restart keepalived; sudo systemctl status keepalived | egrep 
'Main.*exited'; done; done

   Expectation: no output other than timing
   Without fix: sometimes MainPIDs do no more exist, in these cases the child 
processes are the "old" ones from last execution with the old config.

  [Regression Potential]

   * Low because
 * A PIDFile statement is recommended by systemd for type=forking services 
anyway.
 * Upstream keepalived has this statement in their service file
 * By the kind of change, it should have no functional impact to other 
parts of the service other than for the PID detection of the job by Systemd.

   * Yet regression potential is never zero. There might be the unlikely
  case, which were considered working before due to a new config not
  properly being picked up. After the fix they will behave correctly and
  might show up as false-positives then if e.g. config was bad.

  [Other Info]
   
   * Usually a fix has to be in at least the latest Development release before 
SRUing it. But as I outlined below in later Releases than Xenial systemd seems 
to have improved making this change not-required. We haven't identified the 
bits for this (there is a bug task here), and they might as well be very 
complex. I think it is correct to fix Xenial in this regard with the simple 
change to the service file for now.

   * To eventually match I created a Debian bug task to ask them for the
  inclusion of the PIDFile so it can slowly tickle back down to newer
  Ubuntu Releases - also there more often people run backports where the
  issue might occur on older systemd versions (just as it does for us on
  Xenial)

  ---

  Because "PIDFile=" directive is missing in the systemd unit file,
  keepalived sometimes fails to kill all old processes. The old
  processes remain with old settings and cause unexpected behaviors. The
  detail of this bug is described in this ticket in upstream:
  https://github.com/acassen/keepalived/issues/443.

  The official systemd unit file is available since version 1.2.24 by
  this commit:

  
https://github.com/acassen/keepalived/commit/635ab69afb44cd8573663e62f292c6bb84b44f15

  This includes "PIDFile" directive correctly:

  PIDFile=/var/run/keepalived.pid

  We should go the same way.

  I am using Ubuntu 16.04.1, kernel 4.4.0-45-generic.

  Package: keepalived
  Version: 1.2.19-1

  ===

  How to reproduce:

  I used the two instances of Ubuntu 16.04.2 on DigitalOcean:

  Configurations
  --

  MASTER server's /etc/keepalived/keepalived.conf:

    vrrp_script chk_nothing {
   script "/bin/true"
   interval 2
    }

    vrrp_instance G1 {
  interface eth1
  state BACKUP
  priority 100

  virtual_router_id 123
  unicast_src_ip 
  unicast_peer {
    
  }
  track_script {
    chk_nothing
  }
    }

  BACKUP server's /etc/keepalived/keepalived.conf:

    vrrp_script chk_nothing {
   script "/bin/true"
   interval 2
    }

    vrrp_instance G1 {
  interface eth1
  state MASTER
  priority 200

  virtual_router_id 123
  unicast_src_ip 
  unicast_peer {
    
  }

[Group.of.nepali.translators] [Bug 1675369] Re: Metacity Not Sending ConfigureNotify events

This bug was fixed in the package metacity - 1:3.18.7-0ubuntu0.3

---
metacity (1:3.18.7-0ubuntu0.3) xenial; urgency=medium

  * Backport upstream commit to fix send synthetic ConfigureNotify events
when receiving ConfigureRequests (synthetic_configurenotify_events.diff,
LP: #1675369).

 -- Dmitry Shachnev   Thu, 23 Mar 2017 21:14:52
+0300

** Changed in: metacity (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1675369

Title:
  Metacity Not Sending ConfigureNotify events

Status in metacity package in Ubuntu:
  Fix Released
Status in metacity source package in Xenial:
  Fix Released
Status in metacity source package in Yakkety:
  New

Bug description:
  # Impact
  When using seamless applications such as Rdesktop, the window manager needs 
to send ConfigureNotify events.  This is specified in ICCCM section 4.1.5.  
Without it, software will hang and wait for a response.

  This greatly impacts corporate and enterprise users that are trying to
  integrate Microsoft Windows applications using Rdesktop.

  # Proposed Fix
  A patch has been created here and should be merged:

  
https://git.gnome.org/browse/metacity/commit/?h=gnome-3-24=f09967fc0f1d65fc7b5057b362b9657154a86079

  Patch for 3.18 branch which was used for Xenial upload is here:

  
https://git.gnome.org/browse/metacity/commit/?h=gnome-3-18=64e95c2ec2a1669da2ddab6c29108d718f79dfff

  # Test Case
  Use rdesktop in seamless mode:
  rdesktop "%ProgramFiles%\ThinLinc\WTSTools\seamlessrdpshell.exe" -s "notepad" 
server_ip

  This requires server with windows that is setup for remote access. Also extra 
software is needed:
  https://www.cendio.com/thinlinc/download-register

  Opening multiple seamless windows and trying to switch between them
  should not cause any noticeable delays / hangs.

  # Regression Potential
  The reporter has verified the fix, and it works. It has also been in Zesty 
since Mar 20th and so far nobody complained.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/metacity/+bug/1675369/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1668808] Re: [Xenial] iscsitarget-dkms 1.4.20.3+svn502-2ubuntu4: iscsitarget kernel module failed to build [error: field ‘rx_hash’ has incomplete type]

This bug was fixed in the package iscsitarget -
1.4.20.3+svn502-2ubuntu4.1

---
iscsitarget (1.4.20.3+svn502-2ubuntu4.1) xenial; urgency=medium

  * d/dkms.conf.in: iscsitarget has been removed from 16.10 and does not
build against kernels from that release and on. Users are
recommended to use the in-kernel iscsi_target_mod driver and tgt.
Disable the dkms build on HWE kernels for 16.04 (LP: #1668808).

 -- Nishanth Aravamudan   Mon, 20 Mar
2017 17:22:23 -0700

** Changed in: iscsitarget (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1668808

Title:
  [Xenial] iscsitarget-dkms 1.4.20.3+svn502-2ubuntu4: iscsitarget kernel
  module failed to build [error: field ‘rx_hash’ has incomplete type]

Status in iscsitarget package in Ubuntu:
  Invalid
Status in iscsitarget source package in Xenial:
  Fix Released
Status in iscsitarget source package in Yakkety:
  Invalid

Bug description:
  [Impact]

   * The src:iscsitarget package was removed from 16.10 (LP: #1613758).

   * Therefore, the iscsitarget-dkms package is no longer tested with
  16.10+ kernels to ensure it still compiles.

   * The HWE stacks for 16.04 backport the 16.10+ kernels to 16.04.x.

   * End users who successfully built the iscistarget driver on
  16.04.0/1 kernels (4.4.0-*) will see failures with the HWE kernels.

   * iscsitarget and iscsitarget-dkms packages are not technically
  needed on 16.04 at all. There is an iSCSI target driver
  (iscsi_target_mod) in the Ubuntu kernel and the iscistarget tooling
  can be replaced with tgt.

  [Test Case]

   * Install iscsitarget-dkms while having the 16.04.2 headers
  installed. The module build will fail (and apport if on a desktop will
  attempt to submit a bug report).

   * In the fixed case, iscsitarget-dkms will see the specified kernel
  is not supported by the regex and will skip attempting to build.

  [Regression Potential]

   * Currently, the iscsitarget-dkms throws an error. The error is
  actually in the use of iscsitarget-dkms at all with newer kernels, and
  hopefully if end-users depend on it and see the 'skipped' message,
  they will come to this bug via the changelog. I do not believe there
  is any regression potential, as I have tested that 4.4.0-* kernels
  still build the dkms module fine and that all other 16.04 kernel
  families skip it.

  ---

  I am unable to build the iscsitarget DKMS module on a fresh install of
  Ubuntu 16.04.2 LTS. Console output is replicated here; the associated
  make.log file is attached.

  Setting up iscsitarget-dkms (1.4.20.3+svn502-2ubuntu4) ...

  Creating symlink /var/lib/dkms/iscsitarget/1.4.20.3+svn502/source ->
   /usr/src/iscsitarget-1.4.20.3+svn502

  DKMS: add completed.

  Kernel preparation unnecessary for this kernel.  Skipping...

  Building module:
  cleaning build area
  make KERNELRELEASE=4.8.0-39-generic -C /lib/modules/4.8.0-39-generic/build 
M=/var/lib/dkms/iscsitarget/1.4.20.3+svn502/build(bad exit status: 2)
  Error! Bad return status for module build on kernel: 4.8.0-39-generic (i686)
  Consult /var/lib/dkms/iscsitarget/1.4.20.3+svn502/build/make.log for more 
information.
  Removing old iscsitarget-1.4.20.3+svn502 DKMS files...

  --
  Deleting module version: 1.4.20.3+svn502
  completely from the DKMS tree.
  --
  Done.
  Loading new iscsitarget-1.4.20.3+svn502 DKMS files...
  First Installation: checking all kernels...
  Building only for 4.8.0-39-generic
  Building initial module for 4.8.0-39-generic
  ERROR: Cannot create report: [Errno 17] File exists: 
'/var/crash/iscsitarget-dkms.0.crash'
  Error! Bad return status for module build on kernel: 4.8.0-39-generic (i686)
  Consult /var/lib/dkms/iscsitarget/1.4.20.3+svn502/build/make.log for more 
information.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iscsitarget/+bug/1668808/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1661805] Re: Saved passwords for HTTPS sites can be accessed by HTTP sites

This bug was fixed in the package epiphany-browser - 3.22.6-0ubuntu1

---
epiphany-browser (3.22.6-0ubuntu1) yakkety-security; urgency=medium

* SECURITY UPDATE: Saved passwords were viewable by a man-in-the-middle
attack website. This has been mitigated by moving all existing saved
http passwords to https. If a website you use is http-only, you can
find your old password in Preferences>Privacy>Manage Passwords.
- Fixed in new upstream security release 3.22.6 (LP: #1661805)
+ New upstream release also fixes adblocker being too aggressive
and breaking Twitter

-- Jeremy Bicha Sun, 19 Mar 2017 18:46:17 -0400

** Changed in: epiphany-browser (Ubuntu Yakkety)
Status: Confirmed => Fix Released

--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1661805

Title:
Saved passwords for HTTPS sites can be accessed by HTTP sites

Status in Epiphany Browser:
Fix Released
Status in epiphany-browser package in Ubuntu:
Confirmed
Status in epiphany-browser source package in Xenial:
Fix Released
Status in epiphany-browser source package in Yakkety:
Fix Released

Bug description:
Impact
==
Saved passwords are accessible by HTTP sites in epiphany 3.18.10-0ubuntu1 for
Ubuntu 16.04 LTS, 3.22.5-0ubuntu0.1 for 16.10 and older versions. This means
that a man-in-the-middle fake version of a website could capture your password
by presenting say a fake http://facebook.com/

This is made worse because Javascript can be used to collect filled-in
form data even if the user has not clicked Submit yet.

This is made worse because Epiphany doesn't yet respect the HSTS
headers which force sites that have opted in to be only available via
HTTPS.

Test Case
=
osnews.com is an example of an http-only website that you can log in to.
What will happen upon upgrading is that your http password will only be
associated with the https version of the site.

To get your old password, open the app menu at the top left of the
screen. Click Preferences. Switch to the Privacy tab and click Manage
Passwords. You can right click on the site to copy your password and
then manually paste it into your site.

Regression Potential

Moderate but acceptable. The fix for the security bug means that users will
have to do more work to get their saved password for an http only website.

Epiphany 3.24 (only available for Ubuntu 17.04+) gives a prominent
warning about logging in to http websites, as do Firefox and Google
Chrome as of January 2017. So a bit more work is acceptable since
users should now be more cautious about logging into http sites.

Other distros shipped these new versions weeks ago.

Testing Done

I built these updates and successfully ran them in Ubuntu 16.04 LTS and
16.10. I verified that my osnews.com account was converted to https in the
password manager and was not auto-filled in the site. I then was able to
manually enter my password to osnews.com and the password was now remembered as
http.

Other Info
==
Fixed upstream in 3.18.11 and 3.22.6:
https://git.gnome.org/browse/epiphany/tree/NEWS?h=gnome-3-18
https://git.gnome.org/browse/epiphany/log/?h=gnome-3-18

https://git.gnome.org/browse/epiphany/tree/NEWS?h=gnome-3-22
https://git.gnome.org/browse/epiphany/log/?h=gnome-3-22

https://mail.gnome.org/archives/distributor-
list/2017-February/msg0.html

Unfortunately the fix is spread out over several git commits. The new
upstream release is minimal enough I think it would be easier and
safer to just take the new version. The new version also fixes the
critical LP: #1668704 for xenial and a bug breaking twitter for
yakkety (see https://bugzilla.gnome.org/14 )

To manage notifications about this bug go to:
https://bugs.launchpad.net/epiphany-browser/+bug/1661805/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1661805] Re: Saved passwords for HTTPS sites can be accessed by HTTP sites

This bug was fixed in the package epiphany-browser - 3.18.11-0ubuntu1

---
epiphany-browser (3.18.11-0ubuntu1) xenial-security; urgency=medium

* SECURITY UPDATE: Saved passwords were viewable by a man-in-the-middle
attack website. This has been mitigated by moving all existing saved
http passwords to https. If a website you use is http-only, you can
find your old password in Preferences>Privacy>Manage Passwords.
- Fixed in new upstream security release 3.18.11 (LP: #1661805)
+ New upstream release also fixes inability to enter text in
websites, a regression introduced in 3.18.10 (LP: #1668704)

-- Jeremy Bicha Sun, 19 Mar 2017 18:24:58 -0400

** Changed in: epiphany-browser (Ubuntu Xenial)
Status: Confirmed => Fix Released

Title:
Saved passwords for HTTPS sites can be accessed by HTTP sites

This is made worse because Javascript can be used to collect filled-in
form data even if the user has not clicked Submit yet.

This is made worse because Epiphany doesn't yet respect the HSTS
headers which force sites that have opted in to be only available via
HTTPS.

Regression Potential

Moderate but acceptable. The fix for the security bug means that users will
have to do more work to get their saved password for an http only website.

Other distros shipped these new versions weeks ago.

Testing Done

Other Info
==
Fixed upstream in 3.18.11 and 3.22.6:
https://git.gnome.org/browse/epiphany/tree/NEWS?h=gnome-3-18
https://git.gnome.org/browse/epiphany/log/?h=gnome-3-18

https://git.gnome.org/browse/epiphany/tree/NEWS?h=gnome-3-22
https://git.gnome.org/browse/epiphany/log/?h=gnome-3-22

https://mail.gnome.org/archives/distributor-
list/2017-February/msg0.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/epiphany-browser/+bug/1661805/+subscriptions

[Group.of.nepali.translators] [Bug 1543025] Re: Wrong UTC zoneinfo in cloud-images

2017-03-30 Thread Jon Grimm

Updated status, its long been fix released in the upstream.

** Changed in: cloud-init
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1543025

Title:
  Wrong UTC zoneinfo in cloud-images

Status in cloud-init:
  Fix Released
Status in cloud-init package in Ubuntu:
  Fix Released
Status in cloud-init source package in Xenial:
  Fix Released

Bug description:
  ADT runs use cloud-images to create test VM environments. For the Xenial 
cloud-images I observed a weird issue where libvirt suddenly fails its 
build-time tests on a time offset test on UTC.
  Looking at the prepared image (cloud-init did already run there), I found 
that indeed a command-line of

  TZ=UTC date

  reports a CET based time. Looking further this seems to drill down
  into

  /usr/share/zoneinfo/UTC -> Zulu

  and that (Zulu another term for UTC) Zulu file looks quite bigger that
  the same on other hosts and contains the CET string as well (normal
  ~128b, wrong size 2335). Forcing a reinstall of tzdata will fix the
  file and also allows the libvirt test to pass.

  So I am not sure this is wrong in the initial image base or gets in
  some way broken during cloud-init. Thats why I start reporting it
  against cloud-init.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1543025/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1671767] Re: asterisk crashes dialing h264 video sip device

2017-03-30 Thread Nish Aravamudan

** Changed in: asterisk (Ubuntu)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1671767

Title:
  asterisk crashes dialing h264 video sip device

Status in asterisk package in Ubuntu:
  Fix Released
Status in asterisk source package in Xenial:
  New

Bug description:
  [Impact]
  
  when dialing a h264 video sip device (Grandstream GXV3674_FHD_VF 1.0.3.17) 
asterisk crashes with a core dump

  [Test Case]
  ===
  1. See comment #6

  [Regression Potential]
  ==
  Since the patch is already included in more recent versions of asterisk there 
is no regression.

  Due to the location of code changes that are applied to - If an
  unexpected error manifests, it should be local to the h264 encoding
  which is broken today.

  [Other Info]
  
  none

  ---

  asterisk 1:13.1.0~dfsg-1.1ubuntu4

  lsb_release -rd:
  Description:  Ubuntu 16.04.2 LTS
  Release:  16.04

  Bug details:
  
  when dialing a h264 video sip device (Grandstream GXV3674_FHD_VF 1.0.3.17) 
asterisk crashes with a core dump:

  Connected to Asterisk 13.1.0~dfsg-1.1ubuntu4 currently running on samson (pid 
= 29051)
  samson*CLI> console dial waldorf@Phones
  -- Executing [waldorf@Phones:1] Dial("Console/default", "SIP/waldorf,60") 
in new stack
    == Using SIP VIDEO CoS mark 6
    == Using SIP RTP CoS mark 5
  -- Called SIP/waldorf
  -- SIP/waldorf- is ringing
  samson*CLI>
  Disconnected from Asterisk server
  Asterisk cleanly ending (0).
  Executing last minute cleanups

  Analysis:
  =
  gdb reveals that the module "res_format_attr_h264.so" is resposible due to a 
memory allocation failure while examining tokens of the "sprop-parameter-sets" 
string in the SIP header.

  Proposed Solution:
  ==
  This bug is already fixed by 2 small patches included in a more recenent 
versions of "res/res_format_attr_h264.c"

  https://issues.asterisk.org/jira/browse/ASTERISK-24616
  Crash in res_format_attr_h264 due to invalid string copy

  https://issues.asterisk.org/jira/browse/ASTERISK-25573
  [patch] H.264 format attribute module: resets whole SDP

  This fixed version of "res/res_format_attr_h264.c" is included e.g. in
  asterisk (1:13.13.1~dfsg-4ubuntu1) zesty.

  Fixed+Tested:
  =
  I tested by rebuiling asterisk 1:13.1.0~dfsg-1.1ubuntu4 packages with the 
"res/res_format_attr_h264.c" taken from asterisk 1:13.13.1~dfsg-4ubuntu1 and 
could connect to the sip device without any problems.

  I would be great, if you could add this patch into asterisk
  1:13.1.0~dfsg-1.1ubuntu4, since I don't want to use self built debs on
  a 16.4 LTS production system.

  Thanks a lot
  Jörg

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1671767/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1675163] Re: Don't attempt to create devices in LXC containers

This bug was fixed in the package makedev - 2.3.1-89ubuntu3

---
makedev (2.3.1-89ubuntu3) precise; urgency=medium

  * Don't attempt to create /dev devices when inside a container.
(LP: #1675163)

 -- Stéphane Graber   Fri, 24 Mar 2017 02:12:05
-0400

** Changed in: makedev (Ubuntu Precise)
   Status: Fix Committed => Fix Released

** Changed in: makedev (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1675163

Title:
  Don't attempt to create devices in LXC containers

Status in makedev package in Ubuntu:
  Fix Released
Status in makedev source package in Precise:
  Fix Released
Status in makedev source package in Trusty:
  Fix Released
Status in makedev source package in Xenial:
  Fix Released
Status in makedev source package in Yakkety:
  Fix Released
Status in makedev source package in Zesty:
  Fix Released

Bug description:
  Right now the "makedev" postinst script will attempt to create a
  number of devices in /dev, failing the package upgrade should any of
  those mknod calls fail.

  LXC containers, especially unprivileged ones do not allow the use of
  mknod, making it impossible to upgrade makedev in those containers and
  preventing Ubuntu release upgrades.

  The fix is quite simple, detect that we are running in an LXC
  container and skip the rest of the postinst script as is done in a
  number of other cases.

  = SRU
  == Rationale
  This issue prevents release to release upgrades in unprivileged LXC 
containers when makedev is part of the upgraded set. This is currently visible 
when upgrading from Ubuntu 12.04 to Ubuntu 14.04.

  == Testcase
  Install the new package in an unprivileged container. With LXD, simply use 
"lxc launch ubuntu: test" to create the container.

  Prior to this fix, the upgrade will fail on some mknod errors, after
  it, it'll go on after printing a message indicating that LXC was
  detected.

  == Regression potential
  The detection logic is based on PID 1's environment containing a 
container=lxc entry. If a non-LXC system somehow had that set, it'd lead to the 
makedev upgrade no longer creating extra devices. This is unlikely to really 
matter though since the system is clearly already functioning properly at that 
point.

  Similarly, some privileged LXC containers can be configured in a way
  where mknod is possible, this update will still disable the postinst
  for those cases as short of attempting every mknod ahead of time,
  there is no reliable way to detect any seccomp or apparmor policy in
  play.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/makedev/+bug/1675163/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1675163] Re: Don't attempt to create devices in LXC containers

This bug was fixed in the package makedev -
2.3.1-93ubuntu2~ubuntu14.04.1

---
makedev (2.3.1-93ubuntu2~ubuntu14.04.1) trusty; urgency=medium

  * Don't attempt to create /dev devices when inside a container.
(LP: #1675163)

 -- Stéphane Graber   Wed, 22 Mar 2017 16:38:22
-0400

** Changed in: makedev (Ubuntu Trusty)
   Status: Fix Committed => Fix Released

** Changed in: makedev (Ubuntu Yakkety)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1675163

Title:
  Don't attempt to create devices in LXC containers

Status in makedev package in Ubuntu:
  Fix Released
Status in makedev source package in Precise:
  Fix Committed
Status in makedev source package in Trusty:
  Fix Released
Status in makedev source package in Xenial:
  Fix Committed
Status in makedev source package in Yakkety:
  Fix Released
Status in makedev source package in Zesty:
  Fix Released

Bug description:
  Right now the "makedev" postinst script will attempt to create a
  number of devices in /dev, failing the package upgrade should any of
  those mknod calls fail.

  LXC containers, especially unprivileged ones do not allow the use of
  mknod, making it impossible to upgrade makedev in those containers and
  preventing Ubuntu release upgrades.

  The fix is quite simple, detect that we are running in an LXC
  container and skip the rest of the postinst script as is done in a
  number of other cases.

  = SRU
  == Rationale
  This issue prevents release to release upgrades in unprivileged LXC 
containers when makedev is part of the upgraded set. This is currently visible 
when upgrading from Ubuntu 12.04 to Ubuntu 14.04.

  == Testcase
  Install the new package in an unprivileged container. With LXD, simply use 
"lxc launch ubuntu: test" to create the container.

  Prior to this fix, the upgrade will fail on some mknod errors, after
  it, it'll go on after printing a message indicating that LXC was
  detected.

  == Regression potential
  The detection logic is based on PID 1's environment containing a 
container=lxc entry. If a non-LXC system somehow had that set, it'd lead to the 
makedev upgrade no longer creating extra devices. This is unlikely to really 
matter though since the system is clearly already functioning properly at that 
point.

  Similarly, some privileged LXC containers can be configured in a way
  where mknod is possible, this update will still disable the postinst
  for those cases as short of attempting every mknod ahead of time,
  there is no reliable way to detect any seccomp or apparmor policy in
  play.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/makedev/+bug/1675163/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1401532] Re: GRUB's Secure Boot implementation loads unsigned kernel without warning

2017-03-30 Thread Mathieu Trudel-Lapierre

I'm updating the description for this bug and opening a grub2-signed
task (and the relevant release tasks). We're at the point where the
grub2 fallback code needs to be addressed.

** Description changed:

+ [Rationale]
+ GRUB should help us enforce that in UEFI mode, only signed kernels are 
loaded. It should not silently fall back to loading unsigned kernels.
+ 
+ [Impact]
+ All our users booting in UEFI; on all supported releases.
+ 
+ [Test cases]
+ 
+ = grub2 =
+ 
+ Booting unsigned kernels:
+ 1) Try to boot a custom kernel
+ 2) Verify that the kernel will not be loaded by grub (you should see an error 
message about the signature)
+ 
+ Booting signed kernels:
+ 1) Try to boot an official signed kernel (from -release or -updates)
+ 2) Verify that the system boots normally and no warnings are shown about 
signature.
+ 
+ 
+ [Regression Potential]
+ Any failure to boot presenting as a failure to load the kernel from within 
grub, with an "invalid signature" type error message or not, should be 
investigated as a potential regression of this stable update.
+ 
+ ---
+ 
  Me and some other students have conducted some various experiments on
  Secure Boot enabled machines. The main focus of the tests was to
  circumvent Secure Boot and load unsigned kernels or kernels that have
  been signed with other keys.
  
  On your SecureBoot (https://wiki.ubuntu.com/SecurityTeam/SecureBoot) it
  is outlined that GRUB will boot unsigned kernels when the kernel is
  unsigned. During one of our experiments it seemed that this statement
  was true and that GRUB loads unsigned kernels as described on your page.
  We understand that for various reasons GRUB should still support the
  use-case when an unsigned kernel must be loaded, but with the current
  approach the user isn't aware if there is a whole chain of trust. For
  example, it could still be possible to load some malware before it boots
  the Operating System itself (bootkits). One of the many reasons that
  Secure Boot has been developed is to protect the user from these kind of
  attacks.
  
  With the current approach the purpose of Secure Boot is somewhat
  defeated, and the user doesn't know if the whole chain has been verified
  or not. It could easily be the case that an unsigned kernel has been
  loaded by Ubuntu without the user noticing. From our point of view, a
  better approach would be to inform the user that an unsigned kernel will
  be loaded and that the user can make a choice if he/she wants to
  proceed. The default action could be to accept the option, remember the
  user's option and sometimes remind the user of the fact that it is
  loading an unsigned kernel.
  
  This problem is of course related to GRUB itself and not to Ubuntu
  itself. The reason for filing this bug and informing the SecurityTeam of
  Ubuntu is to ask for their opinions and what your point of view is on
  the current approach and to see if other users classify this as a "bug".
  
  GRUB2 versions: grub-2.02~beta2, 1.34.1+2.02~beta2-9ubuntu1
  Ubuntu version: Trusty (will also affect newer and older versions, GRUB 
specific problem)

** Also affects: grub2-signed (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: grub2-signed (Ubuntu)
   Status: New => Triaged

** Changed in: grub2-signed (Ubuntu)
   Importance: Undecided => High

** Changed in: grub2-signed (Ubuntu)
 Assignee: (unassigned) => Mathieu Trudel-Lapierre (cyphermox)

** Also affects: grub2 (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: grub2-signed (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: grub2 (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: grub2-signed (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: grub2 (Ubuntu Zesty)
   Importance: High
 Assignee: Mathieu Trudel-Lapierre (cyphermox)
   Status: Triaged

** Also affects: grub2-signed (Ubuntu Zesty)
   Importance: High
 Assignee: Mathieu Trudel-Lapierre (cyphermox)
   Status: Triaged

** Also affects: grub2 (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

** Also affects: grub2-signed (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1401532

Title:
  GRUB's Secure Boot implementation loads unsigned kernel without
  warning

Status in grub2 package in Ubuntu:
  Triaged
Status in grub2-signed package in Ubuntu:
  Triaged
Status in grub2 source package in Trusty:
  New
Status in grub2-signed source package in Trusty:
  New
Status in grub2 source package in Xenial:
  New
Status in grub2-signed source package in Xenial:
  New
Status in grub2 source package in Yakkety:
  New
Status in grub2-signed source package in Yakkety:
  New
Status in grub2 source package in Zesty:

[Group.of.nepali.translators] [Bug 1667527] Re: [Hyper-V] pci-hyperv: Use device serial number as PCI domain

2017-03-30 Thread Joseph Salisbury

** Also affects: linux (Ubuntu Zesty)
   Importance: Medium
 Assignee: Joseph Salisbury (jsalisbury)
   Status: Fix Committed

** Changed in: linux (Ubuntu Zesty)
   Status: Fix Committed => In Progress

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1667527

Title:
  [Hyper-V] pci-hyperv: Use device serial number as PCI domain

Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Xenial:
  Fix Committed
Status in linux source package in Yakkety:
  In Progress
Status in linux source package in Zesty:
  In Progress

Bug description:
  This allows PCI domain numbers starts with 1, and also unique
  on the same VM. So names, such as VF NIC names, that include
  domain number as part of the name, can be shorter than that
  based on part of bus UUID previously. The new names will also
  stay same for VMs created with copied VHD and same number of
  devices.

  This is needed for SR-IOV in Azure.

  This is Bjorn's tree for 4.11 here:
  https://git.kernel.org/cgit/linux/kernel/git/helgaas/pci.git/commit/?h=pci
  /host-hv=4a9b0933bdfcd85da840284bf5a0eb17b654b9c2

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1667527/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1574727] Re: [SRU] Enforce using signed kernels and modules on UEFI

2017-03-30 Thread Mathieu Trudel-Lapierre

The update of shim, grub, mokutil and others to use signed kernels and
modules are mostly done; one further step that needs to happen is to
have grub enforce that kernels are properly signed, and refuse to load
unsigned kernels (rather than falling back from the linuxefi module
which checks signatures, to linux which doesn't).

In the interest of clarity, I'll close the tasks here as Invalid for
what is left as "New", and we'll move this "last step" to bug 1401532
which is clearly about this issue.

** Changed in: grub2-signed (Ubuntu)
   Status: New => Invalid

** Changed in: grub2 (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1574727

Title:
  [SRU] Enforce using signed kernels and modules on UEFI

Status in dkms package in Ubuntu:
  Fix Released
Status in efibootmgr package in Ubuntu:
  Fix Released
Status in efivar package in Ubuntu:
  Fix Released
Status in grub2 package in Ubuntu:
  Invalid
Status in grub2-signed package in Ubuntu:
  Invalid
Status in mokutil package in Ubuntu:
  Fix Released
Status in shim package in Ubuntu:
  New
Status in shim-signed package in Ubuntu:
  Fix Released
Status in dkms source package in Precise:
  New
Status in efibootmgr source package in Precise:
  Invalid
Status in efivar source package in Precise:
  Fix Released
Status in grub2 source package in Precise:
  Invalid
Status in grub2-signed source package in Precise:
  Invalid
Status in mokutil source package in Precise:
  Fix Released
Status in shim source package in Precise:
  New
Status in shim-signed source package in Precise:
  Fix Released
Status in dkms source package in Trusty:
  Fix Released
Status in efibootmgr source package in Trusty:
  Invalid
Status in efivar source package in Trusty:
  Invalid
Status in grub2 source package in Trusty:
  Invalid
Status in grub2-signed source package in Trusty:
  Invalid
Status in mokutil source package in Trusty:
  Fix Released
Status in shim source package in Trusty:
  New
Status in shim-signed source package in Trusty:
  Fix Released
Status in dkms source package in Wily:
  Fix Released
Status in efibootmgr source package in Wily:
  Fix Released
Status in efivar source package in Wily:
  Fix Released
Status in grub2 source package in Wily:
  Invalid
Status in grub2-signed source package in Wily:
  Invalid
Status in mokutil source package in Wily:
  Fix Released
Status in shim source package in Wily:
  New
Status in shim-signed source package in Wily:
  Fix Released
Status in dkms source package in Xenial:
  Fix Released
Status in efibootmgr source package in Xenial:
  Fix Released
Status in efivar source package in Xenial:
  Fix Released
Status in grub2 source package in Xenial:
  Fix Released
Status in grub2-signed source package in Xenial:
  Fix Released
Status in mokutil source package in Xenial:
  Fix Released
Status in shim source package in Xenial:
  New
Status in shim-signed source package in Xenial:
  Fix Released

Bug description:
  [Rationale]
  Secure Boot is good. We want to be able to validate that as much as possible 
of the boot process happens with signed binaries; from our shim (the part that 
is loaded by the EFI firmware itself), down to grub2, the kernel, and even 
loaded modules.

  [Impact]
  All our users booting in UEFI; on all supported releases.

  [Test cases]
  
https://docs.google.com/spreadsheets/d/1GbyQDb4-sRv7OlIpbISiwVJ2ARHP3AkG2HbPTRk7p-E/edit#gid=0

  Test cases here are separated by the components that need to be
  changed:

  = mokutil =

  Adding a MOK key:
  1) Install system
  2) Run 'mokutil --import ' to import a signing certificate.
  3) On reboot; validate MOK prompts for new MOK key to add.

  Toggling Secure Boot state:
  1) Install system
  2) mokutil --enable-validationormokutil --disable-validation
  3) Validate that on reboot MOK prompts to change Secure Boot state.

  Listing keys:
  1) mokutil --list-enrolled
  -- should list keys previously enrolled, and Microsoft keys on systems that 
are configured with them for factory Secure Boot.

  
  = efivar =

  libefivar0 gets tested via the use of mokutil. Since it is a library
  with no directly usable binaries; we rely on mokutil / sbsigntool /
  efibootmgr to do testing.

  1) Run efibootmgr -v ; verify it lists BootEntries.
  2) Run efibootmgr -c -L ubuntu2 -l \\EFI\\ubuntu\\shimx64.efi ; verify that 
on reboot; you can get into a boot menu that will list 'ubuntu2', and that 
picking that boot entry boots into Ubuntu.

  
  = shim-signed =

  1) Install system; upgrade to new packages
  1b) Verify /proc/sys/kernel/secure_boot shows 1.
  1c) Verify /proc/sys/kernel/moksbstate_disabled shows 0.
  2) Run 'sudo update-secureboot-policy'; validate that it prompts to disable 
Secure Boot if it's not already disabled.
  3) Run 'sudo update-secureboot-policy'; validate

[Group.of.nepali.translators] [Bug 1672144] Re: ifup service of network device stay active after driver stop

2017-03-30 Thread Leann Ogasawara

** Also affects: linux (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: linux (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1672144

Title:
  ifup service of network device stay active after driver stop

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  New
Status in linux source package in Yakkety:
  New
Status in linux source package in Zesty:
  Fix Released

Bug description:
  The network device systemd service stay active after unload the module of 
this network device, that call close port (ndo_stop).
  once we try to load the NIC driver again, it try to start the ifup service of 
his NICs and due to the service is already up, so it fail and we didn't see the 
interface with the static configuration =.
  below simple reproduce with the Mellanox ConnectX4 device (driver name 
mlx5_core).

  Also we see this issue with Azure system, Ubuntu 17.04 guest over
  Hyper-v, the  VF failed to start after re-enable SR-IOV from VM's
  vNIC.

  
  For now we have a Work Around that to add a udev rule,
   echo DRIVERS==\"*mlx*\", SUBSYSTEM==\"net\", 
ACTION==\"add\",RUN+=\"/sbin/ifup --force $env{INTERFACE}\" > 
/lib/udev/rules.d/100-up.rules
  Example:
  #:/lib/udev/rules.d# cat 100-up.rules
  DRIVERS=="*mlx*", SUBSYSTEM=="net", ACTION=="add",RUN+="/sbin/ifup --force 
$env{INTERFACE}" 

  ***
  * More info and reproduce *
  ***
  # ifdown ens1f0
  RTNETLINK answers: Cannot assign requested address
  # ifup ens1f0 
  # ifconfig ens1f0 
  ens1f0: flags=4163  mtu 1500
  inet 123.12.23.1  netmask 255.255.0.0  broadcast 123.12.255.255
  inet6 fe80::268a:7ff:fea1:fbdc  prefixlen 64  scopeid 0x20
  ether 24:8a:07:a1:fb:dc  txqueuelen 1000  (Ethernet)
  RX packets 0  bytes 0 (0.0 B)   
  RX errors 0  dropped 0  overruns 0  frame 0 
  TX packets 17  bytes 1392 (1.3 KB)  
  TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0  

  # ethtool -i ens1f0 |grep driv
  driver: mlx5_core
  # systemctl status ifup@ens1f 
  ifup@ens1f0.service  ifup@ens1f1.service

  # systemctl status ifup@ens1f0.service 
  * ifup@ens1f0.service - ifup for ens1f0  
 Loaded: loaded (/lib/systemd/system/ifup@.service; static; vendor preset: 
enabled)
 Active: active (exited) since Sun 2017-03-12 09:40:04 IST; 2h 26min ago
   
   Main PID: 1608 (code=exited, status=0/SUCCESS)   
   
 CGroup: /system.slice/ifup@ens1f0.service  
   

  Mar 12 09:40:04 qa-h-vrt-039 systemd[1]: Started ifup for ens1f0.
  Mar 12 09:40:04 qa-h-vrt-039 sh[1608]: ifup: interface ens1f0 already 
configured
  root@qa-h-vrt-039:/tmp# modprobe -rv mlx5_ib 
  rmmod mlx5_ib
  rmmod mlx5_core  

  # modprobe -rv mlx5_core

  # ifconfig -a |grep ens1f0

  # lsmod |grep mlx5

  # systemctl status ifup@ens1f0.service
  * ifup@ens1f0.service - ifup for ens1f0 
 Loaded: loaded (/lib/systemd/system/ifup@.service; static; vendor preset: 
enabled)
 Active: active (exited) since Sun 2017-03-12 09:40:04 IST; 2h 27min ago
   Main PID: 1608 (code=exited, status=0/SUCCESS)
 CGroup: /system.slice/ifup@ens1f0.service

  Mar 12 09:40:04 qa-h-vrt-039 systemd[1]: Started ifup for ens1f0.
  Mar 12 09:40:04 qa-h-vrt-039 sh[1608]: ifup: interface ens1f0 already 
configured

  # modprobe mlx5_core

  # ifconfig ens1f0
  ens1f0: flags=4098  mtu 1500
  ether 24:8a:07:a1:fb:dc  txqueuelen 1000  (Ethernet)
  RX packets 0  bytes 0 (0.0 B)
  RX errors 0  dropped 0  overruns 0  frame 0
  TX packets 0  bytes 0 (0.0 B)
  TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

  
  # cat /etc/network/interfaces
  # This file describes the network interfaces available on your system
  # and how to activate them. For more information, see interfaces(5).

  
  # The loopback network interface
  auto lo
  iface lo inet loopback

  # The primary network interface
  auto eno1
  iface eno1 inet dhcp

  #ens1f0
  auto ens1f0
  iface ens1f0 inet static
  address 123.12.23.1
  netmask 255.255.0.0
  mtu 1500

  
  *
  * Another repto and investigate *
  *
  once interface is created the system starts a service that is responsible for 
activating it (basically runs ifup).
  so, at first shot everything works.
  at the second driver reload:
  Good

[Group.of.nepali.translators] [Bug 1675698] Re: Cannot access anything under a subdirectory if symlinks are disallowed

This bug was fixed in the package samba - 2:3.6.25-0ubuntu0.12.04.10

---
samba (2:3.6.25-0ubuntu0.12.04.10) precise-security; urgency=medium

  * SECURITY REGRESSION: follow symlinks issue (LP: #1675698)
- debian/patches/bug12721-*.patch: add backported fixes from Samba bug
  #12721.
  * debian/patches/*: fix CVE number in patch filenames.

 -- Marc Deslauriers   Tue, 28 Mar 2017
09:43:30 -0400

** Changed in: samba (Ubuntu Precise)
   Status: Confirmed => Fix Released

** Changed in: samba (Ubuntu Trusty)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1675698

Title:
  Cannot access anything under a subdirectory if symlinks are disallowed

Status in samba:
  Unknown
Status in samba package in Ubuntu:
  Confirmed
Status in samba source package in Precise:
  Fix Released
Status in samba source package in Trusty:
  Fix Released
Status in samba source package in Xenial:
  Fix Released
Status in samba source package in Yakkety:
  Fix Released
Status in samba source package in Zesty:
  Confirmed
Status in samba package in Debian:
  Confirmed

Bug description:
  After upgrading to 4.3.11+dfsg-0ubuntu0.14.04.6, some of my shares
  broke in a curious way. The affected shares have `follow symlinks =
  no`; the ones with `follow symlinks = yes` aren't affected AFAICT.
  Allowing symlinks on one of the affected shares mitigates the issue
  for that share.

  The issue is that access to anything under a direct subdirectory of
  the share doesn't work. I can create a directory in `\\srv\share`,
  e.g. `\\srv\share\foo`, but I can't create any files or directories
  inside it, e.g. creating `\\srv\share\foo\bar` ends up with error 50
  (The request is not supported). Attempts to access existing files or
  directories at this level produce error 59 (An unexpected network
  error occured).

  The log at level 2 says:

  ```
  ../source3/smbd/vfs.c:1298(check_reduced_name)
check_reduced_name: Bad access attempt: branches is a symlink to foo/bar

  ```

  ... or:

  ```
  ../source3/smbd/vfs.c:1298(check_reduced_name)
check_reduced_name: Bad access attempt: . is a symlink to foo
  ```

To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1675698/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1675698] Re: Cannot access anything under a subdirectory if symlinks are disallowed

This bug was fixed in the package samba - 2:4.4.5+dfsg-2ubuntu5.5

---
samba (2:4.4.5+dfsg-2ubuntu5.5) yakkety-security; urgency=medium

  * SECURITY REGRESSION: follow symlinks issue (LP: #1675698)
- debian/patches/CVE-2017-2619/bug12721-*.patch: add fixes from Samba
  bug #12721.
  * Add missing prerequisite for previous update
- debian/patches/CVE-2017-2619/bug12172.patch: handle non-existant
  files and wildcards in source3/modules/vfs_shadow_copy2.c.

 -- Marc Deslauriers   Tue, 28 Mar 2017
07:31:03 -0400

** Changed in: samba (Ubuntu Yakkety)
   Status: Confirmed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-2619

** Changed in: samba (Ubuntu Xenial)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1675698

Title:
  Cannot access anything under a subdirectory if symlinks are disallowed

Status in samba:
  Unknown
Status in samba package in Ubuntu:
  Confirmed
Status in samba source package in Precise:
  Confirmed
Status in samba source package in Trusty:
  Confirmed
Status in samba source package in Xenial:
  Fix Released
Status in samba source package in Yakkety:
  Fix Released
Status in samba source package in Zesty:
  Confirmed
Status in samba package in Debian:
  Confirmed

Bug description:
  After upgrading to 4.3.11+dfsg-0ubuntu0.14.04.6, some of my shares
  broke in a curious way. The affected shares have `follow symlinks =
  no`; the ones with `follow symlinks = yes` aren't affected AFAICT.
  Allowing symlinks on one of the affected shares mitigates the issue
  for that share.

  The issue is that access to anything under a direct subdirectory of
  the share doesn't work. I can create a directory in `\\srv\share`,
  e.g. `\\srv\share\foo`, but I can't create any files or directories
  inside it, e.g. creating `\\srv\share\foo\bar` ends up with error 50
  (The request is not supported). Attempts to access existing files or
  directories at this level produce error 59 (An unexpected network
  error occured).

  The log at level 2 says:

  ```
  ../source3/smbd/vfs.c:1298(check_reduced_name)
check_reduced_name: Bad access attempt: branches is a symlink to foo/bar

  ```

  ... or:

  ```
  ../source3/smbd/vfs.c:1298(check_reduced_name)
check_reduced_name: Bad access attempt: . is a symlink to foo
  ```

To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1675698/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1567807] Re: nova delete doesn't work with EFI booted VMs

2017-03-30 Thread James Page

This bug was fixed in the package nova - 2:13.1.3-0ubuntu1~cloud0
---

 nova (2:13.1.3-0ubuntu1~cloud0) trusty-mitaka; urgency=medium
 .
   * New upstream release for the Ubuntu Cloud Archive.
 .
 nova (2:13.1.3-0ubuntu1) xenial; urgency=medium
 .
   * New upstream point release for OpenStack Mitaka. (LP: #1668313)
   * d/patches/uefi-delete-instances.patch: Fix deletion of instances
 with UEFI is enabled. (LP: #1567807)


** Changed in: cloud-archive/mitaka
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1567807

Title:
  nova delete doesn't work with EFI booted VMs

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive mitaka series:
  Fix Released
Status in Ubuntu Cloud Archive newton series:
  Fix Committed
Status in Ubuntu Cloud Archive ocata series:
  Fix Released
Status in OpenStack Compute (nova):
  Fix Released
Status in nova package in Ubuntu:
  Fix Released
Status in nova source package in Xenial:
  Fix Released
Status in nova source package in Yakkety:
  Fix Committed
Status in nova source package in Zesty:
  Fix Released

Bug description:
  I've been setting up a Mitaka Openstack using the cloud archive
  running on Trusty, and am having problems working with EFI enabled
  instances on ARM64.

  I've done some work with wgrant and gotten things to a stage where I
  can boot instances, using the aavmf images.

  However, when I tried to delete a VM booted like this, I get an error:

libvirtError: Requested operation is not valid: cannot delete
  inactive domain with nvram

  I've included the full traceback at
  https://paste.ubuntu.com/15682718/.

  Thanks to a suggestion from wgrant again, I got it working by editing 
nova/virt/libvirt/guest.py in delete_configuration() and replacing  
self._domain.undefineFlags(libvirt.VIR_DOMAIN_UNDEFINE_MANAGED_SAVE) with 
self._domain.undefineFlags(libvirt.VIR_DOMAIN_UNDEFINE_MANAGED_SAVE | 
libvirt.VIR_DOMAIN_UNDEFINE_NVRAM).
  I've attached a rough patch.

  Once that's applied and nova-compute restarted, I was able to delete
  the instance fine.

  Could someone please investigate this and see if its the correct fix,
  and look at getting it fixed in the archive?

  This was done on a updated trusty deployment using the cloud-archives
  for mitaka.

  $ dpkg-query -W python-nova
  python-nova 2:13.0.0~b2-0ubuntu1~cloud0

  Please let me know if you need any further information.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1567807/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1668313] Re: [SRU] mitaka point release

2017-03-30 Thread James Page

This bug was fixed in the package ceilometer - 1:6.1.4-0ubuntu1~cloud0
---

 ceilometer (1:6.1.4-0ubuntu1~cloud0) trusty-mitaka; urgency=medium
 .
   * New upstream release for the Ubuntu Cloud Archive.
 .
 ceilometer (1:6.1.4-0ubuntu1) xenial; urgency=medium
 .
   * New upstream point release for OpenStack Mitaka (LP: #1668313).


** Changed in: cloud-archive/mitaka
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1668313

Title:
  [SRU] mitaka point release

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive mitaka series:
  Fix Released
Status in ceilometer package in Ubuntu:
  Invalid
Status in heat package in Ubuntu:
  Invalid
Status in horizon package in Ubuntu:
  Invalid
Status in neutron package in Ubuntu:
  Invalid
Status in nova package in Ubuntu:
  Invalid
Status in nova-lxd package in Ubuntu:
  Invalid
Status in swift package in Ubuntu:
  Invalid
Status in ceilometer source package in Xenial:
  Fix Released
Status in heat source package in Xenial:
  Fix Released
Status in horizon source package in Xenial:
  Fix Released
Status in neutron source package in Xenial:
  Fix Released
Status in nova source package in Xenial:
  Fix Released
Status in nova-lxd source package in Xenial:
  Fix Released
Status in swift source package in Xenial:
  Fix Released

Bug description:
  New point releases for misc openstack components for the mitaka
  release:

  ceilometer 6.1.4
  heat 6.1.1
  horizon 9.1.1
  neutron 8.4.0
  swift 2.7.1
  nova 13.1.3
  nova-lxd 13.3.0

  Updates will undergo the normal deployment and functional testing
  using charms and tempest (the upstream functional test suite for
  OpenStack).

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1668313/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1671117] Re: [SRU] ceph 10.2.6

2017-03-30 Thread James Page

This bug was fixed in the package ceph - 10.2.6-0ubuntu0.16.04.1~cloud0
---

 ceph (10.2.6-0ubuntu0.16.04.1~cloud0) trusty-mitaka; urgency=medium
 .
   * New upstream release for the Ubuntu Cloud Archive.
 .
 ceph (10.2.6-0ubuntu0.16.04.1) xenial; urgency=medium
 .
   * New upstream stable point release (LP: #1671117):
 - d/p/osd-limit-omap-data-in-push-op.patch,rgw_rados-creation_time.patch:
   Dropped, included upstream.
 - d/p/*: Refresh.


** Changed in: cloud-archive/mitaka
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1671117

Title:
  [SRU] ceph 10.2.6

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive mitaka series:
  Fix Released
Status in ceph package in Ubuntu:
  Fix Released
Status in ceph source package in Xenial:
  Fix Released
Status in ceph source package in Yakkety:
  Fix Released
Status in ceph source package in Zesty:
  Fix Released

Bug description:
  This point release fixes several important bugs in RBD mirroring, RGW
  multi-site, CephFS, and RADOS.

  We recommend that all v10.2.x users upgrade.

  For more detailed information, see the complete changelog[1] and the
  release notes[2]

  Notable Changes
  ---
  * build/ops: add hostname sanity check to run-{c}make-check.sh (issue#18134 , 
pr#12302 , Nathan Cutler)
  * build/ops: add ldap lib to rgw lib deps based on build config (issue#17313 
, pr#13183 , Nathan Cutler)
  * build/ops: ceph-create-keys loops forever (issue#17753 , pr#11884 , Alfredo 
Deza)
  * build/ops: ceph daemons DUMPABLE flag is cleared by setuid preventing 
coredumps (issue#17650 , pr#11736 , Patrick Donnelly)
  * build/ops: fixed compilation error when --with-radowsgw=no (issue#18512 , 
pr#12729 , Pan Liu)
  * build/ops: fixed the issue when --disable-server, compilation fails. 
(issue#18120 , pr#12239 , Pan Liu)
  * build/ops: fix undefined crypto references with --with-xio (issue#18133 , 
pr#12296 , Nathan Cutler)
  * build/ops: install-deps.sh based on /etc/os-release (issue#18466 , 
issue#18198 , pr#12405 , Jan Fajerski, Nitin A Kamble, Nathan Cutler)
  * build/ops: Remove the runtime dependency on lsb_release (issue#17425 , 
pr#11875 , John Coyle, Brad Hubbard)
  * build/ops: rpm: /etc/ceph/rbdmap is packaged with executable access rights 
(issue#17395 , pr#11855 , Ken Dreyer)
  * build/ops: selinux: Allow ceph to manage tmp files (issue#17436 , pr#13048 
, Boris Ranto)
  * build/ops: systemd: Restart Mon after 10s in case of failure (issue#18635 , 
pr#13058 , Wido den Hollander)
  * build/ops: systemd restarts Ceph Mon to quickly after failing to start 
(issue#18635 , pr#13184 , Wido den Hollander)
  * ceph-disk: fix flake8 errors (issue#17898 , pr#11976 , Ken Dreyer)
  * cephfs: fuse client crash when adding a new osd (issue#17270 , pr#11860 , 
John Spray)
  * cli: ceph-disk: convert none str to str before printing it (issue#18371 , 
pr#13187 , Kefu Chai)
  * client: Fix lookup of "/.." in jewel (issue#18408 , pr#12766 , Jeff Layton)
  * client: fix stale entries in command table (issue#17974 , pr#12137 , John 
Spray)
  * client: populate metadata during mount (issue#18361 , pr#13085 , John Spray)
  * cli: implement functionality for adding, editing and removing omap values 
with binary keys (issue#18123 , pr#12755 , Jason Dillaman)
  * common: Improve linux dcache hash algorithm (issue#17599 , pr#11529 , Yibo 
Cai)
  * common: utime.h: fix timezone issue in round_to_* funcs.  (issue#14862 , 
pr#11508 , Zhao Chao)
  * doc: Python Swift client commands in Quick Developer Guide don't match 
configuration in vstart.sh (issue#17746 , pr#13043 , Ronak Jain)
  * librbd: allow to open an image without opening parent image (issue#18325 , 
pr#13130 , Ricardo Dias)
  * librbd: metadata_set API operation should not change global config setting 
(issue#18465 , pr#13168 , Mykola Golub)
  * librbd: new API method to force break a peer's exclusive lock (issue#15632 
, issue#16773 , issue#17188 , issue#16988 , issue#17210 , issue#17251 , 
issue#18429 , issue#17227 , issue#18327 , issue#17015 , pr#12890 , Danny 
Al-Gaaf, Mykola Golub, Jason Dillaman)
  * librbd: properly order concurrent updates to the object map (issue#16176 , 
pr#12909 , Jason Dillaman)
  * librbd: restore journal access when force disabling mirroring (issue#17588 
, pr#11916 , Mykola Golub)
  * mds: Cannot create deep directories when caps contain path=/somepath 
(issue#17858 , pr#12154 , Patrick Donnelly)
  * mds: cephfs metadata pool: deep-scrub error omap_digest != best guess 
omap_digest (issue#17177 , pr#12380 , Yan, Zheng)
  * mds: cephfs test failures (ceph.com/qa is broken, should be 
download.ceph.com/qa) (issue#18574 , pr#13023 , John Spray)
  * mds: ceph-fuse crash during snapshot tests (issue#18460 , pr#13120 , Yan, 
Zheng)
  *

[Group.of.nepali.translators] [Bug 1677684] Re: /usr/bin/corosync-blackbox: 34: /usr/bin/corosync-blackbox: qb-blackbox: not found

2017-03-30 Thread Dave Chiluk

** Also affects: corosync (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: corosync (Ubuntu Xenial)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1677684

Title:
  /usr/bin/corosync-blackbox: 34: /usr/bin/corosync-blackbox: qb-
  blackbox: not found

Status in corosync package in Ubuntu:
  New
Status in corosync source package in Trusty:
  New
Status in corosync source package in Xenial:
  New

Bug description:
  [Environment]

  Ubuntu Xenial 16.04
  Amd64

  [Reproduction]

  - Install corosync
  - Run the corosync-blackbox executable.

  root@juju-niedbalski-xenial-machine-5:/home/ubuntu# dpkg -L corosync |grep 
black
  /usr/bin/corosync-blackbox

  Expected results: corosync-blackbox runs OK.
  Current results:

  $ sudo corosync-blackbox
  /usr/bin/corosync-blackbox: 34: /usr/bin/corosync-blackbox: qb-blackbox: not 
found

  Fix:

  Make the package dependant of libqb-dev

  root@juju-niedbalski-xenial-machine-5:/home/ubuntu# dpkg -L libqb-dev | grep 
qb-bl
  /usr/sbin/qb-blackbox

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/corosync/+bug/1677684/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1567807] Re: nova delete doesn't work with EFI booted VMs

This bug was fixed in the package nova - 2:13.1.3-0ubuntu1

---
nova (2:13.1.3-0ubuntu1) xenial; urgency=medium

  * New upstream point release for OpenStack Mitaka. (LP: #1668313)
  * d/patches/uefi-delete-instances.patch: Fix deletion of instances
with UEFI is enabled. (LP: #1567807)

 -- Chuck Short   Wed, 01 Mar 2017 08:44:03 -0500

** Changed in: nova (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1567807

Title:
  nova delete doesn't work with EFI booted VMs

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive mitaka series:
  Fix Released
Status in Ubuntu Cloud Archive newton series:
  Fix Committed
Status in Ubuntu Cloud Archive ocata series:
  Fix Released
Status in OpenStack Compute (nova):
  Fix Released
Status in nova package in Ubuntu:
  Fix Released
Status in nova source package in Xenial:
  Fix Released
Status in nova source package in Yakkety:
  Fix Committed
Status in nova source package in Zesty:
  Fix Released

Bug description:
  I've been setting up a Mitaka Openstack using the cloud archive
  running on Trusty, and am having problems working with EFI enabled
  instances on ARM64.

  I've done some work with wgrant and gotten things to a stage where I
  can boot instances, using the aavmf images.

  However, when I tried to delete a VM booted like this, I get an error:

libvirtError: Requested operation is not valid: cannot delete
  inactive domain with nvram

  I've included the full traceback at
  https://paste.ubuntu.com/15682718/.

  Thanks to a suggestion from wgrant again, I got it working by editing 
nova/virt/libvirt/guest.py in delete_configuration() and replacing  
self._domain.undefineFlags(libvirt.VIR_DOMAIN_UNDEFINE_MANAGED_SAVE) with 
self._domain.undefineFlags(libvirt.VIR_DOMAIN_UNDEFINE_MANAGED_SAVE | 
libvirt.VIR_DOMAIN_UNDEFINE_NVRAM).
  I've attached a rough patch.

  Once that's applied and nova-compute restarted, I was able to delete
  the instance fine.

  Could someone please investigate this and see if its the correct fix,
  and look at getting it fixed in the archive?

  This was done on a updated trusty deployment using the cloud-archives
  for mitaka.

  $ dpkg-query -W python-nova
  python-nova 2:13.0.0~b2-0ubuntu1~cloud0

  Please let me know if you need any further information.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1567807/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1668313] Re: [SRU] mitaka point release

This bug was fixed in the package nova - 2:13.1.3-0ubuntu1

---
nova (2:13.1.3-0ubuntu1) xenial; urgency=medium

  * New upstream point release for OpenStack Mitaka. (LP: #1668313)
  * d/patches/uefi-delete-instances.patch: Fix deletion of instances
with UEFI is enabled. (LP: #1567807)

 -- Chuck Short   Wed, 01 Mar 2017 08:44:03 -0500

** Changed in: nova (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1668313

Title:
  [SRU] mitaka point release

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive mitaka series:
  Fix Released
Status in ceilometer package in Ubuntu:
  Invalid
Status in heat package in Ubuntu:
  Invalid
Status in horizon package in Ubuntu:
  Invalid
Status in neutron package in Ubuntu:
  Invalid
Status in nova package in Ubuntu:
  Invalid
Status in nova-lxd package in Ubuntu:
  Invalid
Status in swift package in Ubuntu:
  Invalid
Status in ceilometer source package in Xenial:
  Fix Released
Status in heat source package in Xenial:
  Fix Released
Status in horizon source package in Xenial:
  Fix Released
Status in neutron source package in Xenial:
  Fix Released
Status in nova source package in Xenial:
  Fix Released
Status in nova-lxd source package in Xenial:
  Fix Released
Status in swift source package in Xenial:
  Fix Released

Bug description:
  New point releases for misc openstack components for the mitaka
  release:

  ceilometer 6.1.4
  heat 6.1.1
  horizon 9.1.1
  neutron 8.4.0
  swift 2.7.1
  nova 13.1.3
  nova-lxd 13.3.0

  Updates will undergo the normal deployment and functional testing
  using charms and tempest (the upstream functional test suite for
  OpenStack).

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1668313/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1664203] Re: [SRU] v1 driver does not delete namespace when pool deleted

This bug was fixed in the package neutron-lbaas - 2:8.3.0-0ubuntu2

---
neutron-lbaas (2:8.3.0-0ubuntu2) xenial; urgency=medium

  * Add patch to ensure namespace deleted by v1 driver delete_pool (LP: 
#1664203)
- d/p/ensure_namespace_deleted_with_pool.patch

 -- Edward Hope-Morley   Mon, 13 Feb
2017 15:17:31 +

** Changed in: neutron-lbaas (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1664203

Title:
  [SRU] v1 driver does not delete namespace when pool deleted

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive kilo series:
  Fix Released
Status in Ubuntu Cloud Archive liberty series:
  Fix Released
Status in Ubuntu Cloud Archive mitaka series:
  Fix Released
Status in neutron-lbaas package in Ubuntu:
  Invalid
Status in neutron-lbaas source package in Trusty:
  New
Status in neutron-lbaas source package in Xenial:
  Fix Released
Status in neutron-lbaas source package in Yakkety:
  Won't Fix

Bug description:
  [Impact]

  The v1 services.loadbalancer.drivers.haproxy.namespace_driver has a
  bug in that it deletes the haproxy state directory for a pool when
  it's vip is deleted. This means that when the pool itself is deleted,
  its associated namespace is never deleted since the delete is
  predicated on the state path being extant.

  The v1 driver is deprecated as of the Liberty release and was totally
  removed from the codebase in the Newton release. However, Openstack
  Kilo and Mitaka are still supported in Ubuntu, the former requiring
  the v1 driver and the latter still capable of using it so while
  upstream will not accept a patch we will still patch the neutron-
  lbaas-agent Ubuntu package to fix this issue.

  [Test Case]

  Please see http://pastebin.ubuntu.com/24058957/

  [Regression Potential]

  None

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1664203/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1668313] Re: [SRU] mitaka point release

This bug was fixed in the package swift - 2.7.1-0ubuntu1

---
swift (2.7.1-0ubuntu1) xenial; urgency=medium

  * New upstream point release for Openstack Mitaka. (LP: #1668313)
  * d/patches/avoid-infinite-loop-while-placing-parts.patch: Dropped
no longer needed.

 -- Chuck Short   Mon, 27 Feb 2017 12:59:47 -0500

** Changed in: nova-lxd (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1668313

Title:
  [SRU] mitaka point release

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive mitaka series:
  Fix Committed
Status in ceilometer package in Ubuntu:
  Invalid
Status in heat package in Ubuntu:
  Invalid
Status in horizon package in Ubuntu:
  Invalid
Status in neutron package in Ubuntu:
  Invalid
Status in nova package in Ubuntu:
  Invalid
Status in nova-lxd package in Ubuntu:
  Invalid
Status in swift package in Ubuntu:
  Invalid
Status in ceilometer source package in Xenial:
  Fix Released
Status in heat source package in Xenial:
  Fix Released
Status in horizon source package in Xenial:
  Fix Released
Status in neutron source package in Xenial:
  Fix Released
Status in nova source package in Xenial:
  Fix Committed
Status in nova-lxd source package in Xenial:
  Fix Released
Status in swift source package in Xenial:
  Fix Released

Bug description:
  New point releases for misc openstack components for the mitaka
  release:

  ceilometer 6.1.4
  heat 6.1.1
  horizon 9.1.1
  neutron 8.4.0
  swift 2.7.1
  nova 13.1.3
  nova-lxd 13.3.0

  Updates will undergo the normal deployment and functional testing
  using charms and tempest (the upstream functional test suite for
  OpenStack).

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1668313/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1668313] Re: [SRU] mitaka point release

This bug was fixed in the package neutron - 2:8.4.0-0ubuntu1

---
neutron (2:8.4.0-0ubuntu1) xenial; urgency=medium

  [ Corey Bryant ]
  * d/p/check-namespace-before-getting-devices.patch: Dropped. Fixed upstream.

  [ Chuck Short ]
  * New upstream stable point release for OpenStack Mitaka (LP: #1668313).

 -- Chuck Short   Mon, 27 Feb 2017 12:36:12 -0500

** Changed in: neutron (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1668313

Title:
  [SRU] mitaka point release

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive mitaka series:
  Fix Committed
Status in ceilometer package in Ubuntu:
  Invalid
Status in heat package in Ubuntu:
  Invalid
Status in horizon package in Ubuntu:
  Invalid
Status in neutron package in Ubuntu:
  Invalid
Status in nova package in Ubuntu:
  Invalid
Status in nova-lxd package in Ubuntu:
  Invalid
Status in swift package in Ubuntu:
  Invalid
Status in ceilometer source package in Xenial:
  Fix Released
Status in heat source package in Xenial:
  Fix Released
Status in horizon source package in Xenial:
  Fix Released
Status in neutron source package in Xenial:
  Fix Released
Status in nova source package in Xenial:
  Fix Committed
Status in nova-lxd source package in Xenial:
  Fix Released
Status in swift source package in Xenial:
  Fix Released

Bug description:
  New point releases for misc openstack components for the mitaka
  release:

  ceilometer 6.1.4
  heat 6.1.1
  horizon 9.1.1
  neutron 8.4.0
  swift 2.7.1
  nova 13.1.3
  nova-lxd 13.3.0

  Updates will undergo the normal deployment and functional testing
  using charms and tempest (the upstream functional test suite for
  OpenStack).

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1668313/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1668313] Re: [SRU] mitaka point release

This bug was fixed in the package horizon - 2:9.1.1-0ubuntu1

---
horizon (2:9.1.1-0ubuntu1) xenial; urgency=medium

  * New upstream point release for OpenStack Mitaka (LP: #1668313).

 -- Chuck Short   Wed, 01 Mar 2017 10:14:18 -0500

** Changed in: horizon (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

** Changed in: heat (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1668313

Title:
  [SRU] mitaka point release

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive mitaka series:
  Fix Committed
Status in ceilometer package in Ubuntu:
  Invalid
Status in heat package in Ubuntu:
  Invalid
Status in horizon package in Ubuntu:
  Invalid
Status in neutron package in Ubuntu:
  Invalid
Status in nova package in Ubuntu:
  Invalid
Status in nova-lxd package in Ubuntu:
  Invalid
Status in swift package in Ubuntu:
  Invalid
Status in ceilometer source package in Xenial:
  Fix Released
Status in heat source package in Xenial:
  Fix Released
Status in horizon source package in Xenial:
  Fix Released
Status in neutron source package in Xenial:
  Fix Released
Status in nova source package in Xenial:
  Fix Committed
Status in nova-lxd source package in Xenial:
  Fix Released
Status in swift source package in Xenial:
  Fix Released

Bug description:
  New point releases for misc openstack components for the mitaka
  release:

  ceilometer 6.1.4
  heat 6.1.1
  horizon 9.1.1
  neutron 8.4.0
  swift 2.7.1
  nova 13.1.3
  nova-lxd 13.3.0

  Updates will undergo the normal deployment and functional testing
  using charms and tempest (the upstream functional test suite for
  OpenStack).

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1668313/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1668313] Re: [SRU] mitaka point release

This bug was fixed in the package ceilometer - 1:6.1.4-0ubuntu1

---
ceilometer (1:6.1.4-0ubuntu1) xenial; urgency=medium

  * New upstream point release for OpenStack Mitaka (LP: #1668313).

 -- Chuck Short   Mon, 27 Feb 2017 10:44:55 -0500

** Changed in: swift (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1668313

Title:
  [SRU] mitaka point release

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive mitaka series:
  Fix Committed
Status in ceilometer package in Ubuntu:
  Invalid
Status in heat package in Ubuntu:
  Invalid
Status in horizon package in Ubuntu:
  Invalid
Status in neutron package in Ubuntu:
  Invalid
Status in nova package in Ubuntu:
  Invalid
Status in nova-lxd package in Ubuntu:
  Invalid
Status in swift package in Ubuntu:
  Invalid
Status in ceilometer source package in Xenial:
  Fix Released
Status in heat source package in Xenial:
  Fix Released
Status in horizon source package in Xenial:
  Fix Released
Status in neutron source package in Xenial:
  Fix Released
Status in nova source package in Xenial:
  Fix Committed
Status in nova-lxd source package in Xenial:
  Fix Released
Status in swift source package in Xenial:
  Fix Released

Bug description:
  New point releases for misc openstack components for the mitaka
  release:

  ceilometer 6.1.4
  heat 6.1.1
  horizon 9.1.1
  neutron 8.4.0
  swift 2.7.1
  nova 13.1.3
  nova-lxd 13.3.0

  Updates will undergo the normal deployment and functional testing
  using charms and tempest (the upstream functional test suite for
  OpenStack).

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1668313/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1668313] Re: [SRU] mitaka point release

This bug was fixed in the package heat - 1:6.1.1-0ubuntu1

---
heat (1:6.1.1-0ubuntu1) xenial; urgency=medium

  * New upstream stable point release for OpenStack Mitaka (LP:
#1668313)

 -- Chuck Short   Mon, 27 Feb 2017 11:14:03 -0500

** Changed in: ceilometer (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1668313

Title:
  [SRU] mitaka point release

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive mitaka series:
  Fix Committed
Status in ceilometer package in Ubuntu:
  Invalid
Status in heat package in Ubuntu:
  Invalid
Status in horizon package in Ubuntu:
  Invalid
Status in neutron package in Ubuntu:
  Invalid
Status in nova package in Ubuntu:
  Invalid
Status in nova-lxd package in Ubuntu:
  Invalid
Status in swift package in Ubuntu:
  Invalid
Status in ceilometer source package in Xenial:
  Fix Released
Status in heat source package in Xenial:
  Fix Released
Status in horizon source package in Xenial:
  Fix Released
Status in neutron source package in Xenial:
  Fix Released
Status in nova source package in Xenial:
  Fix Committed
Status in nova-lxd source package in Xenial:
  Fix Released
Status in swift source package in Xenial:
  Fix Released

Bug description:
  New point releases for misc openstack components for the mitaka
  release:

  ceilometer 6.1.4
  heat 6.1.1
  horizon 9.1.1
  neutron 8.4.0
  swift 2.7.1
  nova 13.1.3
  nova-lxd 13.3.0

  Updates will undergo the normal deployment and functional testing
  using charms and tempest (the upstream functional test suite for
  OpenStack).

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1668313/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1573307] Re: wget crashed with SIGSEGV in __memset_avx2()

This bug was fixed in the package wget - 1.17.1-1ubuntu1.2

---
wget (1.17.1-1ubuntu1.2) xenial-proposed; urgency=medium

  * debian/patches/Sanitize-value-sent-to-memset-to-prevent-SEGFAULT.patch
upstream commited 7099f489 patch to fix segmentation fault (LP: #1573307)

 -- Chen-Han Hsiao (Stanley)   Fri, 24 Feb
2017 12:24:53 -0800

** Changed in: wget (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1573307

Title:
  wget crashed with SIGSEGV in __memset_avx2()

Status in wget package in Ubuntu:
  Fix Released
Status in wget source package in Xenial:
  Fix Released

Bug description:
  [Impact] 
   * wget will crash while displaying progress bar under narrow terminal
   * Upstream already has fixed this issue in commit 7099f489 and 7cb9efa6
  Steps to reproduce:
1. execute "wget 
http://old-releases.ubuntu.com/releases/16.04.0/ubuntu-16.04-desktop-amd64.manifest;
 under a narrow terminal (such as width less than 40 characters)
  Problems:
1. The wget crash with segmentation fault
  Expected behavior:
1. wget will not crash

  [Test Case]
After upgrading to the new version, the repeating the above steps should 
give expected behavior.

  [Regression Potential]
Potential of causing regression is relatively small for a two line change 
for assertion check

  [Other Info]



  EDIT(other user): The crash actually happens when the terminal window
  is too small.

  When I try to download a big file with wget on Ubuntu 16.04 it crashes
  after a couple seconds.

  To reproduce the bug try the following:

  wget http://releases.ubuntu.com/16.04/ubuntu-16.04-desktop-amd64.iso

  I've asked another guy on IRC on channel #ubuntu-it to try and reproduce this 
bug
  and he said it was crashing also on his machine.

  evan@HPPC:~$ lsb_release -rd
  Description:  Ubuntu 16.04 LTS
  Release:  16.04

  evan@HPPC:~$ apt-cache policy wget
  wget:
    Installato: 1.17.1-1ubuntu1
    Candidato:  1.17.1-1ubuntu1
    Tabella versione:
   *** 1.17.1-1ubuntu1 500
  500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
  100 /var/lib/dpkg/status

  ProblemType: Crash
  DistroRelease: Ubuntu 16.04
  Package: wget 1.17.1-1ubuntu1
  ProcVersionSignature: Ubuntu 4.4.0-21.37-generic 4.4.6
  Uname: Linux 4.4.0-21-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Apr 22 01:34:10 2016
  ExecutablePath: /usr/bin/wget
  InstallationDate: Installed on 2016-04-21 (0 days ago)
  InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 
(20160420.1)
  ProcCmdline: wget 
http://releases.ubuntu.com/16.04/ubuntu-16.04-desktop-amd64.iso
  SegvAnalysis:
   Segfault happened at: 0x7f4eac3b7328 <__memset_avx2+392>:rep stos 
%al,%es:(%rdi)
   PC (0x7f4eac3b7328) ok
   source "%al" ok
   destination "%es:(%rdi)" (0x562969134000) not located in a known VMA region 
(needed writable region)!
  SegvReason: writing unknown VMA
  Signal: 11
  SourcePackage: wget
  StacktraceTop:
   __memset_avx2 () at ../sysdeps/x86_64/multiarch/memset-avx2.S:161
   ?? ()
   ?? ()
   ?? ()
   ?? ()
  Title: wget crashed with SIGSEGV in __memset_avx2()
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1573307/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1636656] Re: [Hyper-V] netvsc: fix incorrect receive checksum offloading

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1636656

Title:
  [Hyper-V] netvsc: fix incorrect receive checksum offloading

Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Xenial:
  Fix Released
Status in linux source package in Yakkety:
  Fix Released

Bug description:
  The Hyper-V netvsc driver was looking at the incorrect status bits
  in the checksum info. It was setting the receive checksum unnecessary
  flag based on the IP header checksum being correct. The checksum
  flag is skb is about TCP and UDP checksum status. Because of this
  bug, any packet received with bad TCP checksum would be passed
  up the stack and to the application causing data corruption.
  The problem is reproducible via netcat and netem.

  This had a side effect of not doing receive checksum offload
  on IPv6. The driver was also also always doing checksum offload
  independent of the checksum setting done via ethtool.

  Signed-off-by: Stephen Hemminger 

  https://patchwork.ozlabs.org/patch/685660/

  When this patch is committed I will include the commit ID in this bug.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1636656/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1668847] Re: live-build: handle downgrade of package priority in -updates pocket

This bug was fixed in the package live-build - 3.0~a57-1ubuntu25.2

---
live-build (3.0~a57-1ubuntu25.2) xenial; urgency=medium

  * debian/patches/ubuntu-debootstrap-demotions.patch: remove packages
after bootstrap that have been demoted.  Closes LP: #1668847.

 -- Steve Langasek   Tue, 28 Feb 2017
21:21:28 -0800

** Changed in: live-build (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1668847

Title:
  live-build: handle downgrade of package priority in -updates pocket

Status in live-build package in Ubuntu:
  Fix Released
Status in live-build source package in Xenial:
  Fix Released

Bug description:
  On rare occasions, we may wish to remove a package from the set of
  required packages post-release.  It is possible to have a binary
  package with a different priority in the release pocket vs. the
  updates pocket, but debootstrap only ever operates against a single
  pocket; so while debootstrapping, the demotion is invisible and a
  package which is Priority: required in the release, but Priority:
  important or lower in -updates, remains installed even if we're trying
  to do a minbase bootstrap.

  Since changing debootstrap to look at multiple pockets would be
  extremely non-trivial, a simpler solution is to have live-build, the
  common code that wraps debootstrap for any of our official image
  builds, identify the demotions and try to remove them from the target
  environment.

  [SRU Justification]
  This is a change in the behavior of live-build which is only relevant to 
already-stable releases.  We specifically have packages we would like to demote 
from Required in xenial; this change is required in order for those demotions 
to be effective.

  [Test case]
  Build an ubuntu-base image with -proposed enabled.  Verify that it builds 
successfully, and that the locales package is not included in the image.

  [Regression potential]
  This patch takes pains to ensure that only demoted packages are removed from 
the target chroot, and only if no other installed packages depend on them.  
Since the only package which currently has Priority: required in xenial but 
Priority: important in xenial-updates is locales, there should be minimal risk 
of regression outside the test path.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/live-build/+bug/1668847/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1667527] Re: [Hyper-V] pci-hyperv: Use device serial number as PCI domain

** Also affects: linux (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1667527

Title:
  [Hyper-V] pci-hyperv: Use device serial number as PCI domain

Status in linux package in Ubuntu:
  Fix Committed
Status in linux source package in Xenial:
  Fix Committed
Status in linux source package in Yakkety:
  In Progress

Bug description:
  This allows PCI domain numbers starts with 1, and also unique
  on the same VM. So names, such as VF NIC names, that include
  domain number as part of the name, can be shorter than that
  based on part of bus UUID previously. The new names will also
  stay same for VMs created with copied VHD and same number of
  devices.

  This is needed for SR-IOV in Azure.

  This is Bjorn's tree for 4.11 here:
  https://git.kernel.org/cgit/linux/kernel/git/helgaas/pci.git/commit/?h=pci
  /host-hv=4a9b0933bdfcd85da840284bf5a0eb17b654b9c2

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1667527/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1667531] Re: [Hyper-V] Include bondvf in /usr/sbin for SR-IOV interface bonding

2017-03-30 Thread Joseph Salisbury

** Also affects: linux (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

** Changed in: linux (Ubuntu Yakkety)
   Status: New => In Progress

** Changed in: linux (Ubuntu Yakkety)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Yakkety)
 Assignee: (unassigned) => Joseph Salisbury (jsalisbury)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1667531

Title:
  [Hyper-V] Include bondvf in /usr/sbin for SR-IOV interface bonding

Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Xenial:
  In Progress
Status in linux source package in Yakkety:
  In Progress

Bug description:
  Please include bondvf.sh from kernel git tools/hv/ in /usr/sbin

  commit fd7aabb062fa1a8331a786d617744de220eaf002
  Author: Haiyang Zhang 
  Date:   Fri Dec 2 15:55:38 2016 -0800

  tools: hv: Enable network manager for bonding scripts on RHEL

  We found network manager is necessary on RHEL to make the synthetic
  NIC, VF NIC bonding operations handled automatically. So, enabling
  network manager here.

  Signed-off-by: Haiyang Zhang 
  Reviewed-by: K. Y. Srinivasan 
  Signed-off-by: David S. Miller 

  commit 178cd55f086629cf0bad9c66c793a7e2bcc3abb6
  Author: Haiyang Zhang 
  Date:   Mon Jul 11 17:06:42 2016 -0700

  tools: hv: Add a script to help bonding synthetic and VF NICs

  This script helps to create bonding network devices based on synthetic NIC
  (the virtual network adapter usually provided by Hyper-V) and the matching
  VF NIC (SRIOV virtual function). So the synthetic NIC and VF NIC can
  function as one network device, and fail over to the synthetic NIC if VF 
is
  down.

  Mayjor distros (RHEL, Ubuntu, SLES) supported by Hyper-V are supported by
  this script.

  Signed-off-by: Haiyang Zhang 
  Reviewed-by: K. Y. Srinivasan 
  Signed-off-by: David S. Miller 

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1667531/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1672785] Re: [Hyper-V][Mellanox] net/mlx4_core: Avoid delays during VF driver device shutdown

** Also affects: linux (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1672785

Title:
  [Hyper-V][Mellanox] net/mlx4_core: Avoid delays during VF driver
  device shutdown

Status in linux package in Ubuntu:
  Fix Committed
Status in linux source package in Xenial:
  In Progress
Status in linux source package in Yakkety:
  In Progress
Status in linux source package in Zesty:
  Fix Committed

Bug description:
  Mellanox has submitted the following patch upstream that's important
  for SR-IOV in Azure.

  Please integrate it into the Mellanox mlx4 drivers for lts-xenial,
  HWE, Zesty, and Azure custom.

  https://patchwork.ozlabs.org/patch/738305/

  From: Jack Morgenstein 

  Some Hypervisors detach VFs from VMs by instantly causing an FLR event
  to be generated for a VF.

  In the mlx4 case, this will cause that VF's comm channel to be disabled
  before the VM has an opportunity to invoke the VF device's "shutdown"
  method.

  For such Hypervisors, there is a race condition between the VF's
  shutdown method and its internal-error detection/reset thread.

  The internal-error detection/reset thread (which runs every 5 seconds) also
  detects a disabled comm channel. If the internal-error detection/reset
  flow wins the race, we still get delays (while that flow tries repeatedly
  to detect comm-channel recovery).

  The cited commit fixed the command timeout problem when the
  internal-error detection/reset flow loses the race.

  This commit avoids the unneeded delays when the internal-error
  detection/reset flow wins.

  Fixes: d585df1c5ccf ("net/mlx4_core: Avoid command timeouts during VF driver 
device shutdown")
  Signed-off-by: Jack Morgenstein 
  Reported-by: Simon Xiao 
  Signed-off-by: Tariq Toukan 
  ---
   drivers/net/ethernet/mellanox/mlx4/cmd.c  | 11 +++
   drivers/net/ethernet/mellanox/mlx4/main.c | 11 +++
   include/linux/mlx4/device.h   |  1 +
   3 files changed, 23 insertions(+)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1672785/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1671767] Re: asterisk crashes dialing h264 video sip device

2017-03-30 Thread Nish Aravamudan

** Also affects: asterisk (Ubuntu Xenial)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1671767

Title:
  asterisk crashes dialing h264 video sip device

Status in asterisk package in Ubuntu:
  Triaged
Status in asterisk source package in Xenial:
  New

Bug description:
  [Impact]
  
  when dialing a h264 video sip device (Grandstream GXV3674_FHD_VF 1.0.3.17) 
asterisk crashes with a core dump

  [Test Case]
  ===
  1. See comment #6

  [Regression Potential]
  ==
  Since the patch is already included in more recent versions of asterisk there 
is no regression.

  Due to the location of code changes that are applied to - If an
  unexpected error manifests, it should be local to the h264 encoding
  which is broken today.

  [Other Info]
  
  none

  ---

  asterisk 1:13.1.0~dfsg-1.1ubuntu4

  lsb_release -rd:
  Description:  Ubuntu 16.04.2 LTS
  Release:  16.04

  Bug details:
  
  when dialing a h264 video sip device (Grandstream GXV3674_FHD_VF 1.0.3.17) 
asterisk crashes with a core dump:

  Connected to Asterisk 13.1.0~dfsg-1.1ubuntu4 currently running on samson (pid 
= 29051)
  samson*CLI> console dial waldorf@Phones
  -- Executing [waldorf@Phones:1] Dial("Console/default", "SIP/waldorf,60") 
in new stack
    == Using SIP VIDEO CoS mark 6
    == Using SIP RTP CoS mark 5
  -- Called SIP/waldorf
  -- SIP/waldorf- is ringing
  samson*CLI>
  Disconnected from Asterisk server
  Asterisk cleanly ending (0).
  Executing last minute cleanups

  Analysis:
  =
  gdb reveals that the module "res_format_attr_h264.so" is resposible due to a 
memory allocation failure while examining tokens of the "sprop-parameter-sets" 
string in the SIP header.

  Proposed Solution:
  ==
  This bug is already fixed by 2 small patches included in a more recenent 
versions of "res/res_format_attr_h264.c"

  https://issues.asterisk.org/jira/browse/ASTERISK-24616
  Crash in res_format_attr_h264 due to invalid string copy

  https://issues.asterisk.org/jira/browse/ASTERISK-25573
  [patch] H.264 format attribute module: resets whole SDP

  This fixed version of "res/res_format_attr_h264.c" is included e.g. in
  asterisk (1:13.13.1~dfsg-4ubuntu1) zesty.

  Fixed+Tested:
  =
  I tested by rebuiling asterisk 1:13.1.0~dfsg-1.1ubuntu4 packages with the 
"res/res_format_attr_h264.c" taken from asterisk 1:13.13.1~dfsg-4ubuntu1 and 
could connect to the sip device without any problems.

  I would be great, if you could add this patch into asterisk
  1:13.1.0~dfsg-1.1ubuntu4, since I don't want to use self built debs on
  a 16.4 LTS production system.

  Thanks a lot
  Jörg

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1671767/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1648903] Re: Permission denied and inconsistent behavior in complain mode with 'ip netns list' command

2017-03-30 Thread Steve Beattie

This was incorrectly closed in the kernel security update, re-opening.

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-7184

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1648903

Title:
  Permission denied and inconsistent behavior in complain mode with 'ip
  netns list' command

Status in AppArmor:
  In Progress
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged

Bug description:
  On 16.04 with Ubuntu 4.4.0-53.74-generic 4.4.30

  With this profile:

  #include 

  profile test (attach_disconnected,complain) {
  #include 

  /{,usr/}{,s}bin/ip ixr,  # COMMENT OUT THIS RULE TO SEE WEIRDNESS

  capability sys_admin,
  capability net_admin,
  capability sys_ptrace,

  network netlink raw,

  ptrace (trace),

  / r,
  /run/netns/ rw,
  /run/netns/* rw,

  mount options=(rw, rshared) -> /run/netns/,
  mount options=(rw, bind) /run/netns/ -> /run/netns/,
  mount options=(rw, bind) / -> /run/netns/*,
  mount options=(rw, rslave) /,
  mount options=(rw, rslave), # LP: #1648245
  umount /sys/,
  umount /,

  
  /bin/dash ixr,
  }

  Everything is fine when I do:
  $ sudo apparmor_parser -r /home/jamie/apparmor.profile && sudo aa-exec -p 
test -- sh -c 'ip netns list'
  $

  and there are no ALLOWED entries in syslog.

  
  However, if I comment out the '/{,usr/}{,s}bin/ip ixr,' rule, I get a 
permission denied and a bunch of ALLOWED entries:

  $ sudo apparmor_parser -r /home/jamie/apparmor.profile && sudo aa-exec -p 
test -- sh -c 'ip netns list'
  open("/proc/self/ns/net"): Permission denied
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.862629] audit: type=1400 
audit(1481324889.782:469): apparmor="STATUS" operation="profile_replace" 
profile="unconfined" name="test" pid=4314 comm="apparmor_parser"
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870339] audit: type=1400 
audit(1481324889.790:470): apparmor="ALLOWED" operation="exec" profile="test" 
name="/bin/ip" pid=4317 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 
ouid=0 target="test//null-/bin/ip"
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870559] audit: type=1400 
audit(1481324889.790:471): apparmor="ALLOWED" operation="open" 
profile="test//null-/bin/ip" name="/etc/ld.so.cache" pid=4317 comm="ip" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870628] audit: type=1400 
audit(1481324889.790:472): apparmor="ALLOWED" operation="open" 
profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/libdl-2.23.so" 
pid=4317 comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870703] audit: type=1400 
audit(1481324889.790:473): apparmor="ALLOWED" operation="open" 
profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/libc-2.23.so" pid=4317 
comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870861] audit: type=1400 
audit(1481324889.790:474): apparmor="ALLOWED" operation="file_mprotect" 
profile="test//null-/bin/ip" name="/bin/ip" pid=4317 comm="ip" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870913] audit: type=1400 
audit(1481324889.790:475): apparmor="ALLOWED" operation="file_mprotect" 
profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/ld-2.23.so" pid=4317 
comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871019] audit: type=1400 
audit(1481324889.790:476): apparmor="ALLOWED" operation="create" 
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink" 
sock_type="raw" protocol=0 requested_mask="create" denied_mask="create"
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871066] audit: type=1400 
audit(1481324889.790:477): apparmor="ALLOWED" operation="setsockopt" 
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink" 
sock_type="raw" protocol=0 requested_mask="setopt" denied_mask="setopt"
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871099] audit: type=1400 
audit(1481324889.790:478): apparmor="ALLOWED" operation="setsockopt" 
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink" 
sock_type="raw" protocol=0 requested_mask="setopt" denied_mask="setopt"
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871128] audit: type=1400 
audit(1481324889.790:479): apparmor="ALLOWED" operation="bind" 
profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink" 
sock_type="raw" protocol=0 requested_mask="bind" denied_mask="bind"
  Dec  9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871672] audit: type=1400 
audit(1481324889.794:480): apparmor="ALLOWED"

[Group.of.nepali.translators] [Bug 1673837] Re: linux-hwe-edge: 4.10.0-14.16~16.04.1 -proposed tracker

** Changed in: kernel-sru-workflow/certification-testing
   Status: Confirmed => Invalid

** Changed in: kernel-sru-workflow/verification-testing
   Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1673837

Title:
  linux-hwe-edge: 4.10.0-14.16~16.04.1 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-signed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Confirmed
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow upload-to-ppa series:
  New
Status in Kernel SRU Workflow verification-testing series:
  Invalid
Status in linux-hwe-edge package in Ubuntu:
  Invalid
Status in linux-hwe-edge source package in Xenial:
  Confirmed

Bug description:
  This bug is for tracking the 4.10.0-14.16~16.04.1 upload package. This
  bug will contain status and testing results related to that upload.

  For an explanation of the tasks and the associated workflow see:
  https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  phase: Promoted to proposed
  proposed-announcement-sent: true
  proposed-testing-requested: true

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1673837/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1677600] [NEW] Xenial update to v4.4.58 stable release

2017-03-30 Thread Tim Gardner

Public bug reported:

SRU Justification

Impact:
   The upstream process for stable tree updates is quite similar
   in scope to the Ubuntu SRU process, e.g., each patch has to
   demonstrably fix a bug, and each patch is vetted by upstream
   by originating either directly from a mainline/stable Linux tree or
   a minimally backported form of that patch. The v4.4.58 upstream stable
   patch set is now available. It should be included in the Ubuntu
   kernel as well.

   git://git.kernel.org/

TEST CASE: TBD

   The following patches from the v4.4.58 stable release shall be
applied:

net/openvswitch: Set the ipv6 source tunnel key address attribute correctly
net: bcmgenet: Do not suspend PHY if Wake-on-LAN is enabled
net: properly release sk_frag.page
amd-xgbe: Fix jumbo MTU processing on newer hardware
net: unix: properly re-increment inflight counter of GC discarded candidates
net/mlx5: Increase number of max QPs in default profile
net/mlx5e: Count LRO packets correctly
net: bcmgenet: remove bcmgenet_internal_phy_setup()
ipv4: provide stronger user input validation in nl_fib_input()
socket, bpf: fix sk_filter use after free in sk_clone_lock
tcp: initialize icsk_ack.lrcvtime at session start time
Input: elan_i2c - add ASUS EeeBook X205TA special touchpad fw
Input: i8042 - add noloop quirk for Dell Embedded Box PC 3000
Input: iforce - validate number of endpoints before using them
Input: ims-pcu - validate number of endpoints before using them
Input: hanwang - validate number of endpoints before using them
Input: yealink - validate number of endpoints before using them
Input: cm109 - validate number of endpoints before using them
Input: kbtab - validate number of endpoints before using them
Input: sur40 - validate number of endpoints before using them
ALSA: seq: Fix racy cell insertions during snd_seq_pool_done()
ALSA: ctxfi: Fix the incorrect check of dma_set_mask() call
ALSA: hda - Adding a group of pin definition to fix headset problem
USB: serial: option: add Quectel UC15, UC20, EC21, and EC25 modems
USB: serial: qcserial: add Dell DW5811e
ACM gadget: fix endianness in notifications
usb: gadget: f_uvc: Fix SuperSpeed companion descriptor's wBytesPerInterval
usb-core: Add LINEAR_FRAME_INTR_BINTERVAL USB quirk
USB: uss720: fix NULL-deref at probe
USB: lvtest: fix NULL-deref at probe
USB: idmouse: fix NULL-deref at probe
USB: wusbcore: fix NULL-deref at probe
usb: musb: cppi41: don't check early-TX-interrupt for Isoch transfer
usb: hub: Fix crash after failure to read BOS descriptor
uwb: i1480-dfu: fix NULL-deref at probe
uwb: hwa-rc: fix NULL-deref at probe
mmc: ushc: fix NULL-deref at probe
iio: adc: ti_am335x_adc: fix fifo overrun recovery
iio: hid-sensor-trigger: Change get poll value function order to avoid sensor 
properties losing after resume from S3
parport: fix attempt to write duplicate procfiles
ext4: mark inode dirty after converting inline directory
mmc: sdhci: Do not disable interrupts while waiting for clock
xen/acpi: upload PM state from init-domain to Xen
iommu/vt-d: Fix NULL pointer dereference in device_to_iommu
ARM: at91: pm: cpu_idle: switch DDR to power-down mode
ARM: dts: at91: sama5d2: add dma properties to UART nodes
cpufreq: Restore policy min/max limits on CPU online
raid10: increment write counter after bio is split
libceph: don't set weight to IN when OSD is destroyed
xfs: don't allow di_size with high bit set
xfs: fix up xfs_swap_extent_forks inline extent handling
nl80211: fix dumpit error path RTNL deadlocks
USB: usbtmc: add missing endpoint sanity check
xfs: clear _XBF_PAGES from buffers when readahead page
igb: add i211 to i210 PHY workaround
vfio/spapr: Postpone allocation of userspace version of TCE table
block: allow WRITE_SAME commands with the SG_IO ioctl
fbcon: Fix vc attr at deinit
crypto: algif_hash - avoid zero-sized array
Linux 4.4.58

** Affects: linux (Ubuntu)
 Importance: Undecided
 Status: New

** Affects: linux (Ubuntu Xenial)
 Importance: Undecided
 Status: New


** Tags: kernel-stable-tracking-bug

** Tags added: kernel-stable-tracking-bug

** Also affects: linux (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Description changed:

+ SRU Justification
  
- SRU Justification
+ Impact:
+    The upstream process for stable tree updates is quite similar
+    in scope to the Ubuntu SRU process, e.g., each patch has to
+    demonstrably fix a bug, and each patch is vetted by upstream
+    by originating either directly from a mainline/stable Linux tree or
+    a minimally backported form of that patch. The v4.4.58 upstream stable
+    patch set is now available. It should be included in the Ubuntu
+    kernel as well.
  
- Impact:
-The upstream process for stable tree updates is quite similar
-in scope to the Ubuntu SRU process, e.g., each patch has to
-demonstrably fix a bug, and each patch is vetted by upstream

[Group.of.nepali.translators] [Bug 1677398] Re: Apparmor prevents using ZFS storage pools

2017-03-30 Thread ChristianEhrhardt

Extending your already good testcase description:

# create a simple guest
 $ sudo apt-get install uvtool-libvirt zfsutils-linux
 $ uvt-simplestreams-libvirt --verbose sync --source 
http://cloud-images.ubuntu.com/daily arch=amd64 label=daily release=xenial
 $ ssh-keygen
 $ uvt-kvm create --password=ubuntu testguest release=xenial arch=amd64 
label=daily
# create a zpool to use
 $ for i in $(seq 1 3); do dd if=/dev/zero of=/tmp/fdisk${i} bs=1M count=1024; 
done
 $ sudo zpool create internal /tmp/fdisk*
# make pool in libvirt and guest disk foo
 $ virsh pool-define-as internal zfs
 $ virsh pool-start internal
 $ virsh vol-create-as internal foo 2G
# link up zpool, by adding this to the guest

  
  
  

# start the guest
$ virsh start testguest

All run into:
Could not open '/dev/zvol/internal/foo': Permission denied

And I can see the reported Deny:
apparmor="DENIED" operation="open" [...] name="/dev/zd0" [...]

That said setting to confirmed for now.
Also I checked this applies to all of releases X-Z.

Need to dive into aa-helper how close or far that is as of today to get
this done.

** Changed in: libvirt (Ubuntu)
   Status: New => Confirmed

** Also affects: libvirt (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: libvirt (Ubuntu Zesty)
   Importance: Undecided
   Status: Confirmed

** Also affects: libvirt (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1677398

Title:
  Apparmor prevents using ZFS storage pools

Status in libvirt package in Ubuntu:
  Confirmed
Status in libvirt source package in Xenial:
  Confirmed
Status in libvirt source package in Yakkety:
  Confirmed
Status in libvirt source package in Zesty:
  Confirmed

Bug description:
  Apparmor prevents qemu-kvm guests from using ZFS volumes.

  [Impact]
  * ZFS storage pools are not usable.

  [Test Case]
  0) Create a zpool (system specific so not documented here)
  1) Create a ZFS storage pool (named like your zpool, "internal" here)
virsh pool-define-as internal zfs
virsh pool-start internal
  2) Create a volume
virsh vol-create-as internal foo 2G
  2) Create a KVM guest
  4) Edit the guest's XML profile to use the ZFS volume (zvol)
  



  
  5) Start the guest

  The guest refuses to start:

# virsh start nms
error: Failed to start domain foo
error: internal error: process exited while connecting to monitor: 
2017-03-29T22:07:31.507017Z qemu-system-x86_64: -drive 
file=/dev/zvol/internal/foo,format=raw,if=none,id=drive-virtio-disk0,cache=none:
 Could not open '/dev/zvol/internal/foo': Permission denied

  dmesg reveals the culprit:

  apparmor="DENIED" operation="open" 
profile="libvirt-988a8c25-5190-4762-8170-55dc75fc66ca" name="/dev/zd224" 
pid=23052 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=109 
ouid=109
  apparmor="DENIED" operation="open" 
profile="libvirt-988a8c25-5190-4762-8170-55dc75fc66ca" name="/dev/zd224" 
pid=23052 comm="qemu-system-x86" requested_mask="wr" denied_mask="wr" fsuid=109 
ouid=109

  Checking /etc/apparmor.d/libvirt/libvirt-$UUID.files shows that no
  "/dev/zdXX" has been added.

  
  [Additional info]

  # lsb_release -rd
  Description:  Ubuntu 16.04.2 LTS
  Release:  16.04

  # apt-cache policy libvirt-bin apparmor linux-image-generic
  libvirt-bin:
Installed: 1.3.1-1ubuntu10.8
Candidate: 1.3.1-1ubuntu10.8
Version table:
   *** 1.3.1-1ubuntu10.8 500
  500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 
Packages
  100 /var/lib/dpkg/status
   1.3.1-1ubuntu10 500
  500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
  apparmor:
Installed: 2.10.95-0ubuntu2.5
Candidate: 2.10.95-0ubuntu2.5
Version table:
   *** 2.10.95-0ubuntu2.5 500
  500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 
Packages
  100 /var/lib/dpkg/status
   2.10.95-0ubuntu2 500
  500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
  linux-image-generic:
Installed: 4.4.0.70.76
Candidate: 4.4.0.70.76
Version table:
   *** 4.4.0.70.76 500
  500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 
Packages
  500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 
Packages
  100 /var/lib/dpkg/status
   4.4.0.21.22 500
  500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: libvirt-bin 1.3.1-1ubuntu10.8
  ProcVersionSignature: Ubuntu 4.4.0-70.91-generic 4.4.49
  Uname: Linux 4.4.0-70-generic x86_64
  NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
  ApportVersion: 2.20.1-0ubuntu2.5
  Architecture: amd64
  Date: Wed Mar 29 17:48:06 2017

[Group.of.nepali.translators] [Bug 1664912] Re: linux-lts-xenial 4.4.0-63.84~14.04.2 ADT test failure with linux-lts-xenial 4.4.0-63.84~14.04.2

Unfortunately also "SAUCE: apparmor: fix link auditing failure due to,
uninitialized var" got reverted in the big revert for bug 1666897. So
not really fixed in Yakkety and Xenial based kernels right now.

** Changed in: linux (Ubuntu Xenial)
   Status: Fix Released => Triaged

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

** Changed in: linux-lts-xenial (Ubuntu Trusty)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1664912

Title:
  linux-lts-xenial 4.4.0-63.84~14.04.2 ADT test failure with linux-lts-
  xenial 4.4.0-63.84~14.04.2

Status in linux package in Ubuntu:
  Fix Released
Status in linux-lts-xenial package in Ubuntu:
  Invalid
Status in linux source package in Trusty:
  Invalid
Status in linux-lts-xenial source package in Trusty:
  Triaged
Status in linux source package in Xenial:
  Triaged
Status in linux-lts-xenial source package in Xenial:
  Invalid
Status in linux source package in Yakkety:
  Triaged
Status in linux-lts-xenial source package in Yakkety:
  Invalid
Status in linux source package in Zesty:
  Fix Released
Status in linux-lts-xenial source package in Zesty:
  Invalid

Bug description:
  Testing failed on:
amd64: 
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-trusty/trusty/amd64/l/linux-lts-xenial/20170214_051856_a19a2@/log.gz

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1664912/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1638996] Re: apparmor's raw_data file in securityfs is sometimes truncated

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1638996

Title:
  apparmor's raw_data file in securityfs is sometimes truncated

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged

Bug description:
  Hi,

  It looks like sometimes apparmor's securityfs output is sometimes
  truncated,

  
root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_/profiles/usr.lib.snapd.snap-confine.1#
 ls -al
  total 0
  drwxr-xr-x  3 root root 0 Nov  3 16:45 .
  drwxr-xr-x 13 root root 0 Nov  3 16:44 ..
  -r--r--r--  1 root root 0 Nov  3 16:45 attach
  -r--r--r--  1 root root 0 Nov  3 16:45 mode
  -r--r--r--  1 root root 0 Nov  3 16:45 name
  drwxr-xr-x  3 root root 0 Nov  3 16:45 profiles
  -r--r--r--  1 root root 0 Nov  3 16:45 raw_abi
  -r--r--r--  1 root root 46234 Nov  3 16:45 raw_data
  -r--r--r--  1 root root 0 Nov  3 16:45 raw_hash
  -r--r--r--  1 root root 0 Nov  3 16:45 sha1
  
root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_/profiles/usr.lib.snapd.snap-confine.1#
 cat raw_data > /tmp/out
  
root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_/profiles/usr.lib.snapd.snap-confine.1#
 ls -al /tmp/out 
  -rw-r--r-- 1 root root 4009 Nov  3 16:55 /tmp/out

  and

  2016-11-03 10:58:01 tych0 jjohansen: hi, http://paste.ubuntu.com/23421551/
  2016-11-03 10:58:18 tych0 it looks like fstat is lying to me about the size 
of the policy
  2016-11-03 10:59:20 @jjohansen  tych0: hrmm interesting, can you zip up the 
/tmp/out file so I can see it looks like a complete policy file?
  2016-11-03 11:00:03 @jjohansen  something is definitely not right there. hrmmm
  2016-11-03 11:00:26 @jjohansen  the size is set by the input buffer size
  2016-11-03 11:00:28 tych0 jjohansen: http://files.tycho.ws/tmp/out
  2016-11-03 11:00:36 tych0 yeah, i assume
  2016-11-03 11:01:15 @jjohansen  my guess is something is messing up in the 
seq_file walk of the policy
  2016-11-03 11:02:38 @jjohansen  tych0: yep the file is truncated, can you 
open a bug and I will start looking for it
  2016-11-03 11:03:14 tych0 jjohansen: sure, just on linux?
  2016-11-03 11:03:35 @jjohansen  tych0: yeah for now, just linux
  2016-11-03 11:03:43 @jjohansen  we can add others if needed later
  2016-11-03 11:03:44 tych0 jjohansen: FWIW, somehow it seems racy, becasue 
sometimes it works and sometimes it doesn't

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1638996/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1660832] Re: unix domain socket cross permission check failing with nested namespaces

Not fixed because we had to revert the commits due to various
regressions.

** Changed in: linux (Ubuntu Xenial)
   Status: Fix Released => Triaged

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1660832

Title:
  unix domain socket cross permission check failing with nested
  namespaces

Status in apparmor package in Ubuntu:
  Confirmed
Status in linux package in Ubuntu:
  Fix Released
Status in apparmor source package in Xenial:
  Confirmed
Status in linux source package in Xenial:
  Triaged
Status in apparmor source package in Yakkety:
  Confirmed
Status in linux source package in Yakkety:
  Triaged
Status in apparmor source package in Zesty:
  Confirmed
Status in linux source package in Zesty:
  Fix Released

Bug description:
  When using nested namespaces policy within the nested namespace is trying 
  
  to cross validate with policy outside of the namespace that is not
  
  visible to it. This results the access being denied and with no way to
  
  add a rule to policy that would allow it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1660832/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1645037] Re: apparmor_parser hangs indefinitely when called by multiple threads

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1645037

Title:
  apparmor_parser hangs indefinitely when called by multiple threads

Status in apparmor package in Ubuntu:
  Triaged
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged
Status in linux source package in Zesty:
  Fix Released

Bug description:
  This bug surfaced when starting ~50 LXC container with LXD in parallel
  multiple times:

  # Create the containers
  for c in c foo{1..50}; do lxc launch images:ubuntu/xenial $c; done

  # Exectute this loop multiple times until you observe errors.
  for c in c foo{1..50}; do lxc restart $c & done

  After this you can

  ps aux | grep apparmor

  and you should see output similar to:

  root 19774  0.0  0.0  12524  1116 pts/1S+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo30
  root 19775  0.0  0.0  12524  1208 pts/1S+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo26
  root 19776  0.0  0.0  13592  3224 pts/1D+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo30
  root 19778  0.0  0.0  13592  3384 pts/1D+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo26
  root 19780  0.0  0.0  12524  1208 pts/1S+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo43
  root 19782  0.0  0.0  12524  1208 pts/1S+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo34
  root 19783  0.0  0.0  13592  3388 pts/1D+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo43
  root 19784  0.0  0.0  13592  3252 pts/1D+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo34
  root 19794  0.0  0.0  12524  1208 pts/1S+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo25
  root 19795  0.0  0.0  13592  3256 pts/1D+   20:14   0:00 
apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache 
/var/lib/lxd/security/apparmor/profiles/lxd-foo25

  apparmor_parser remains stuck even after all LXC/LXD commands have
  exited.

  dmesg output yields lines like:

  [41902.815174] audit: type=1400 audit(1480191089.678:43):
  apparmor="STATUS" operation="profile_load" profile="unconfined" name
  ="lxd-foo30_" pid=12545 comm="apparmor_parser"

  and cat /proc/12545/stack shows:

  [] aa_remove_profiles+0x88/0x270
  21:19   brauner  [] profile_remove+0x144/0x2e0
  21:19   brauner  [] __vfs_write+0x18/0x40
  21:19   brauner  [] vfs_write+0xb8/0x1b0
  21:19   brauner  [] SyS_write+0x55/0xc0
  21:19   brauner  [] entry_SYSCALL_64_fastpath+0x1e/0xa8
  21:19   brauner  [] 0x

  This looks like a potential kernel bug.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1645037/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1658219] Re: flock not mediated by 'k'

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1658219

Title:
  flock not mediated by 'k'

Status in AppArmor:
  In Progress
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged

Bug description:
  $ cat ./apparmor.profile 
  #include 

  profile test {
#include 

/bin/bash ixr,
/dev/pts/* rw,
/usr/bin/flock ixr,
# Not blocked:
# aa-exec -p test -- flock -w 1 /tmp/test.lock -c true
/tmp/test.lock rw,

  }

  $ sudo apparmor_parser -r ./apparmor.profile

  $ aa-exec -p test -- flock -w 1 /tmp/test.lock -c true && echo yes
  yes

  $ ls -l /tmp/test.lock 
  -rw-rw-r-- 1 jamie jamie 0 Jan 20 15:57 /tmp/test.lock

  The flock command uses flock(LOCK_EX) and I expected it to be blocked
  due to the lack of 'k'.

  apparmor userspace 2.10.95-0ubuntu2.5 (xenial) and 4.9.0-12.13-generic
  kernel on amd64.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1658219/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1660834] Re: apparmor label leak when new label is unused

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1660834

Title:
  apparmor label leak when new label is unused

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged
Status in linux source package in Zesty:
  Fix Released

Bug description:
  When a new label is created, it is created with a proxy in a circular 
  
  ref count that is broken by replacement. However if the label is not  
  
  used it will never be replaced and the circular ref count will never  
  
  be broken resulting in a leak.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660834/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1660833] Re: apparmor reference count bug in label_merge_insert()

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1660833

Title:
  apparmor reference count bug in label_merge_insert()

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged
Status in linux source package in Zesty:
  Fix Released

Bug description:
  @new does not have a reference taken locally and should not have its  
  
  reference put locally either.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660833/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1656121] Re: unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt from a unshared mount namespace

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1656121

Title:
  unexpected errno=13 and disconnected path when trying to open
  /proc/1/ns/mnt from a unshared mount namespace

Status in AppArmor:
  Confirmed
Status in linux package in Ubuntu:
  Incomplete
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged

Bug description:
  This bug is based on a discussion with jjohansen on IRC.

  While working on a feature for snapd
  (https://github.com/snapcore/snapd/pull/2624) we came across an
  unexpected EACCES that only seems to happen when apparmor is in the
  loop.

  The kernel log shows something interesting. The full log is available
  here: http://paste.ubuntu.com/23789099/

  Jan 12 23:16:43 autopkgtest kernel: [  498.616822] audit: type=1400
  audit(1484259403.009:67): apparmor="ALLOWED" operation="open"
  info="Failed name lookup - disconnected path" error=-13 profile="snap
  .test-snapd-tools.cmd//null-/usr/bin/snap//null-/usr/lib/snapd/snap-
  confine" name="" pid=25299 comm="snap-confine" requested_mask="r"
  denied_mask="r" fsuid=0 ouid=0

  The code that triggers this is reproduced below (also visible here
  https://github.com/snapcore/snapd/pull/2624/files)

  +void sc_reassociate_with_pid1_mount_ns()
   +{
   +int init_mnt_fd __attribute__ ((cleanup(sc_cleanup_close))) = -1;
   +int self_mnt_fd __attribute__ ((cleanup(sc_cleanup_close))) = -1;
   +
   +debug("checking if the current process shares mount namespace"
   +  "with the init process");
   +
   +init_mnt_fd = open("/proc/1/ns/mnt",
   +   O_RDONLY | O_CLOEXEC | O_NOFOLLOW | O_PATH);
   +if (init_mnt_fd < 0) {
   +die("cannot open mount namespace of the init process (O_PATH)");
   +}
   +self_mnt_fd = open("/proc/self/ns/mnt",
   +   O_RDONLY | O_CLOEXEC | O_NOFOLLOW | O_PATH);
   +if (self_mnt_fd < 0) {
   +die("cannot open mount namespace of the current process 
(O_PATH)");
   +}
   +char init_buf[128], self_buf[128];
   +memset(init_buf, 0, sizeof init_buf);
   +if (readlinkat(init_mnt_fd, "", init_buf, sizeof init_buf) < 0) {
   +die("cannot perform readlinkat() on the mount namespace file "
   +"descriptor of the init process");
   +}
   +memset(self_buf, 0, sizeof self_buf);
   +if (readlinkat(self_mnt_fd, "", self_buf, sizeof self_buf) < 0) {
   +die("cannot perform readlinkat() on the mount namespace file "
   +"descriptor of the current process");
   +}
   +if (memcmp(init_buf, self_buf, sizeof init_buf) != 0) {
   +debug("the current process does not share mount namespace with "
   +  "the init process, re-association required");
   +// NOTE: we cannot use O_NOFOLLOW here because that file will 
always be a
   +// symbolic link. We actually want to open it this way.
   +int init_mnt_fd_real
   +__attribute__ ((cleanup(sc_cleanup_close))) = -1;
   +init_mnt_fd_real = open("/proc/1/ns/mnt", O_RDONLY | O_CLOEXEC);
   +if (init_mnt_fd_real < 0) {
   +die("cannot open mount namespace of the init process");
   +}
   +if (setns(init_mnt_fd_real, CLONE_NEWNS) < 0) {
   +die("cannot re-associate the mount namespace with the 
init process");
   +}
   +} else {
   +debug("re-associating is not required");
   +}
   +}

  The specific part that causes the error is:

   +  init_mnt_fd_real = open("/proc/1/ns/mnt", O_RDONLY |
  O_CLOEXEC);

  The call to open returns -1 and errno set to 13 (EACCES) despite using
  attach_disconnected.

  The code in question is executed from a seguid root executable that
  runs under a complain-mode profile (it is started from a process that
  is already confined with such a profile). All of the profiles are
  using attach_disconnected.

  I can reproduce this issue each time by running:

  spread -debug -v qemu:ubuntu-16.04-64:tests/regression/lp-1644439

  Against the code in this pull request:

  https://github.com/snapcore/snapd/pull/2624

  Which is git://github.com/zyga/snapd in the "reassociate-fix" branch

  Appropriate qemu images can be made using instructions from:

  https://github.com/zyga/spread-qemu-images

  I'm also happy to try any test kernels as I can easily run those.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1656121/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to :

[Group.of.nepali.translators] [Bug 1660836] Re: apparmor auditing denied access of special apparmor .null fi\ le

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1660836

Title:
  apparmor  auditing denied access of special apparmor .null fi\ le

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged
Status in linux source package in Zesty:
  Fix Released

Bug description:
  When an fd is disallowed from being inherited during exec, instead of 
  
  closed it is duped to a special apparmor/.null file. This prevents the
  
  fd from being reused by another file in case the application expects  
  
  the original file on a give fd (eg stdin/stdout etc). This results in 
  
  a denial message like 
  
  [32375.561535] audit: type=1400 audit(1478825963.441:358): apparmor="DENIED" 
op\
  eration="file_inherit" namespace="root//lxd-t_" 
profile="/sbin/dhc\
  lient" name="/dev/pts/1" pid=16795 comm="dhclient" requested_mask="wr" 
denied_m\
  ask="wr" fsuid=165536 ouid=165536 
  

  
  Further access to the fd is resultin in the rather useless denial message 
  
  of
  
  [32375.566820] audit: type=1400 audit(1478825963.445:359): apparmor="DENIED" 
op\
  eration="file_perm" namespace="root//lxd-t_" 
profile="/sbin/dhclie\
  nt" name="/apparmor/.null" pid=16795 comm="dhclient" requested_mask="w" 
denied_\
  mask="w" fsuid=165536 ouid=0  
  

  
  since we have the original denial, the noisy and useless .null based  
  
  denials can be skipped.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660836/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1660840] Re: apparmor oops in bind_mnt when dev_path lookup fails

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1660840

Title:
  apparmor oops in bind_mnt when dev_path lookup fails

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged
Status in linux source package in Zesty:
  Fix Released

Bug description:
  Bind mounts can oops when devname lookup fails because the devname is 
  
  unintialized and used in auditing the denial.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660840/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1660842] Re: apparmor not checking error if security_pin_fs() fails

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1660842

Title:
  apparmor not checking error if security_pin_fs() fails

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged
Status in linux source package in Zesty:
  Fix Released

Bug description:
  The error condition of security_pin_fs() was not being checked which
  will result can result in an oops or use after free, due to the fs pin
  count not being incremented.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660842/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1660845] Re: apparmor reference count leak when securityfs_setup_d_inode\ () fails

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1660845

Title:
  apparmor reference count leak when securityfs_setup_d_inode\ () fails

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged
Status in linux source package in Zesty:
  Fix Released

Bug description:
  apparmor is leaking the parent ns ref count, by directly returning the
  error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660845/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1661030] Re: regession tests failing after stackprofile test is run

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1661030

Title:
  regession tests failing after stackprofile test is run

Status in apparmor package in Ubuntu:
  Fix Released
Status in linux package in Ubuntu:
  Incomplete
Status in apparmor source package in Xenial:
  Fix Committed
Status in linux source package in Xenial:
  Triaged
Status in apparmor source package in Yakkety:
  Fix Committed
Status in linux source package in Yakkety:
  Triaged
Status in apparmor source package in Zesty:
  Fix Released
Status in linux source package in Zesty:
  Incomplete

Bug description:
  from source, I'm running the tests and the makefile fails at the end
  with:

  running stackprofile
  Makefile:303: recipe for target 'tests' failed
  make: *** [tests] Error 1

  No idea why that is happening. It's breaking on our kernel team
  regression tests runs, so can this be investigated?  The source was
  fetched using "apt-get source apparmor".

  A full run is below:

  king@ubuntu:~/apparmor-2.10.95/tests/regression/apparmor$ sudo make
  USE_SYSTEM=1 tests

  running aa_exec

  running access
  xfail: ACCESS file rx (r)
  xfail: ACCESS file rwx (r)
  xfail: ACCESS file r (wx)
  xfail: ACCESS file rx (wx)
  xfail: ACCESS file rwx (wx)
  xfail: ACCESS dir rwx (r)
  xfail: ACCESS dir r (wx)
  xfail: ACCESS dir rx (wx)
  xfail: ACCESS dir rwx (wx)

  running at_secure

  running introspect

  running capabilities
  (ptrace)
  (sethostname)
  (setdomainname)
  (setpriority)
  (setscheduler)
  (reboot)
  (chroot)
  (mlockall)
  (net_raw)
  (ioperm)
  (iopl)

  running changeprofile

  running onexec

  running changehat

  running changehat_fork

  running changehat_misc

  *** A 'Killed' message from bash is expected for the following test
  /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 
12503 Killed  $testexec "$@" > $outfile 2>&1

  *** A 'Killed' message from bash is expected for the following test
  /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 
12537 Killed  $testexec "$@" > $outfile 2>&1

  running chdir

  running clone

  running coredump
  *** A 'Segmentation Fault' message from bash is expected for the following 
test
  /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 
12803 Segmentation fault  (core dumped) $testexec "$@" > $outfile 2>&1

  *** A 'Segmentation Fault' message from bash is expected for the following 
test
  /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 
12833 Segmentation fault  $testexec "$@" > $outfile 2>&1

  *** A 'Segmentation Fault' message from bash is expected for the following 
test
  /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 
12869 Segmentation fault  $testexec "$@" > $outfile 2>&1

  *** A 'Segmentation Fault' message from bash is expected for the following 
test
  /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 
12905 Segmentation fault  $testexec "$@" > $outfile 2>&1

  *** A 'Segmentation Fault' message from bash is expected for the following 
test
  /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 
12941 Segmentation fault  $testexec "$@" > $outfile 2>&1
  XFAIL: Error: corefile present when not expected -- COREDUMP (ix confinement)

  running deleted

  running environ
  Fatal Error (environ): Unable to run test sub-executable

  running exec

  running exec_qual

  running fchdir

  running fd_inheritance

  running fork

  running i18n

  running link

  running link_subset

  running mkdir

  running mmap

  running mount
  using mount rules ...

  running mult_mount

  running named_pipe

  running namespaces

  running net_raw

  running open

  running openat

  running pipe

  running pivot_root

  running ptrace
 using ptrace v6 tests ...

  running pwrite

  running query_label
  Alert: query_label passed. Test 'QUERY file (all base perms #1)' was marked 
as expected pass but known problem (xpass)
  xpass: QUERY file (all base perms #1)
  Alert: query_label passed. Test 'QUERY file (all base perms #2)' was marked 
as expected pass but known problem (xpass)
  xpass: QUERY file (all base perms #2)

  running regex

  running rename

  running readdir

  running rw

  running socketpair

  running swap
  mkswap: /tmp/sdtest.21272-20356-eRXvtR/swapfile: insecure permissions 0644, 
0600 suggested.
  swapon: /tmp/sdtest.21272-20356-eRXvtR/swapfile: insecure permissions 0644, 
0600 suggested.

  running sd_flags

  running setattr

  running symlink

  running syscall

  running tcp

[Group.of.nepali.translators] [Bug 1660849] Re: apparmor refcount leak of profile namespace when removing profiles

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1660849

Title:
  apparmor refcount leak of profile namespace when removing profiles

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged
Status in linux source package in Zesty:
  Fix Released

Bug description:
  When doing profile removal, the parent ns of the profiles is taken,
  but the reference isn't being put, resulting in the ns never being
  freed even after it is removed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660849/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1660846] Re: apparmor leaking securityfs pin count

** Changed in: linux (Ubuntu Yakkety)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1660846

Title:
  apparmor leaking securityfs pin count

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Triaged
Status in linux source package in Yakkety:
  Triaged
Status in linux source package in Zesty:
  Fix Released

Bug description:
  apparmor is leaking pinfs refcoutn when inode setup fails.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660846/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1642679] Re: The OpenStack network_config.json implementation fails on Hyper-V compute nodes

2017-03-30 Thread Adrian Vladu

** Changed in: nova
   Status: Fix Released => Incomplete

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1642679

Title:
  The OpenStack network_config.json implementation fails on Hyper-V
  compute nodes

Status in cloud-init:
  Fix Released
Status in OpenStack Compute (nova):
  Incomplete
Status in cloud-init package in Ubuntu:
  Fix Released
Status in cloud-init source package in Xenial:
  Fix Released
Status in cloud-init source package in Yakkety:
  Fix Released

Bug description:
  === Begin SRU Template ===
  [Impact]
  When a config drive provides network_data.json on Azure OpenStack,
  cloud-init will fail to configure networking.

  Console log and /var/log/cloud-init.log will show:
   ValueError: Unknown network_data link type: hyperv

  This woudl also occur when the type of the network device as declared
  to cloud-init was 'hw_veb', 'hyperv', or 'vhostuser'.

  [Test Case]
  Launch an instance with config drive on hyperv cloud.

  [Regression Potential]
  Low to none.   cloud-init is relaxing requirements and will accept things
  now that it previously complained were invalid.
  === End SRU Template ===

  We have discovered an issue when booting Xenial instances on OpenStack
  environments (Liberty or newer) and Hyper-V compute nodes using config
  drive as metadata source.

  When applying the network_config.json, cloud-init fails with this error:
  http://paste.openstack.org/show/RvHZJqn48JBb0TO9QznL/

  The fix would be to add 'hyperv' as a link type here:
  /usr/lib/python3/dist-packages/cloudinit/sources/helpers/openstack.py, line 
587

  Related bugs:
   * bug 1674946: cloud-init fails with "Unknown network_data link type: dvs
   * bug 1642679: OpenStack network_config.json implementation fails on Hyper-V 
compute nodes

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1642679/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1564778] Re: package libsane-common 1.0.25+git20150528-1ubuntu2 failed to install/upgrade: trying to overwrite '/etc/sane.d/hp.conf', which is also in package libsan

This bug was fixed in the package sane-backends -
1.0.25+git20150528-1ubuntu3

---
sane-backends (1.0.25+git20150528-1ubuntu3) zesty; urgency=medium

  * control: add breaks/replaces between libsane and libsane-common to
fix earlier packaging mistake. LP: #1564778
The changes is safe to drop from z+1.

 -- Rolf Leggewie   Thu, 09 Feb 2017 17:29:27
+0800

** Changed in: sane-backends (Ubuntu Zesty)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1564778

Title:
  package libsane-common 1.0.25+git20150528-1ubuntu2 failed to
  install/upgrade: trying to overwrite '/etc/sane.d/hp.conf', which is
  also in package libsane:i386 1.0.23-3ubuntu3.1

Status in sane-backends package in Ubuntu:
  Fix Released
Status in sane-backends source package in Xenial:
  New
Status in sane-backends source package in Yakkety:
  New
Status in sane-backends source package in Zesty:
  Fix Released

Bug description:
  [ Impact ]

  This is a packaging error when upgrading from trusty to xenial.  You
  may see a file conflict error because a file moved from libsane to
  libsane-common.  This is fairly common, as you can see from the dupes
  and affect-count.

  As described in comment #4, only xenial really needs to be patched.
  But since it shares the same version of sane-backends as yakkety and
  zesty, it's nice to update both of those so that upgraders get a clean
  path.

  [ Test Case ]

  Install libsane and libsane-common on trusty.  Upgrade to xenial.

  [ Regression Potential ]

  Tiny.  This is just a Breaks/Conflict packaging error.  No code
  changes.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sane-backends/+bug/1564778/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1513529] Re: cloud images should be built with the same /etc/apt/sources.list as server images

This bug was fixed in the package livecd-rootfs - 2.408.9

---
livecd-rootfs (2.408.9) xenial; urgency=medium

  [ Daniel Watkins ]
  * Don't overwrite the default sources.list in cloud images.
  * Replace sources.list generated using COMPONENTS with the sources.list from
an Ubuntu Server installation (i.e. with all components enabled, and all
deb-src lines commented).  LP: #1513529.

  [ Chris Glass ]
  * Fix the manifest generation in OVA files so that ovf files don't have
double extensions.  (LP: #1627931)
  * Fix the OVF's metadata to include Ubuntu specific identifiers and
descriptions instead of the generic Linux ones.  (LP: #1656293)

  [ Daniel Watkins ]
  * Add replace_grub_root_with_label function thereby consolidating multiple
uses of the same calls to sed.

  [ Robert C Jennings ]
  * ubuntu-cpc: Remove redundant copy of grub files. (LP: #1637290)

 -- Robert C Jennings   Thu, 23 Mar 2017
14:40:59 -0400

** Changed in: livecd-rootfs (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1513529

Title:
  cloud images should be built with the same /etc/apt/sources.list as
  server images

Status in cloud-images:
  Fix Released
Status in livecd-rootfs package in Ubuntu:
  Fix Released
Status in livecd-rootfs source package in Xenial:
  Fix Released

Bug description:
  [Impact]

  In systems created from cloud images where cloud-init does not run (or
  has not yet run), /etc/apt/sources.list does not have the same
  contents as it has in a server install.  This inconsistency can cause
  image modification/bootstrap to fail.

  [Test Case]

  Examine the cloud image built from livecd-rootfs, and confirm that the
  sources.list matches that in a server ISO install.

  [Regression Potential]

  Limited; the majority of cloud image usage does invoke cloud-init,
  which already writes out a source.list that matches the server ISO.
  This change aligns non-cloud-init usage to the existing norm.

  [Original Report]

  When we were poking around under bug 1177432 we found that
  /etc/apt/sources.list that is built into the image does not match that
  of an installed system.  This /etc/apt/sources.list is used if cloud-
  init did not re-write the file (such as woudl be used if you mounted
  the image directly and ran apt-get update).

  Example showing the problem:
  $ qemu-img create -f qcow2 -b 
wily/release-20151029/ubuntu-15.10-server-cloudimg-amd64-disk1.img /tmp/disk.img
  $ sudo mount-image-callback /tmp/disk.img --read-only chroot _MOUNTPOINT_ cat 
/etc/apt/sources.list
  deb http://archive.ubuntu.com/ubuntu/ wily main restricted universe multiverse
  deb http://archive.ubuntu.com/ubuntu/ wily-updates main restricted universe 
multiverse
  deb http://security.ubuntu.com/ubuntu/ wily-security main restricted universe 
multiverse

  What we'd like to see here is exactly what we just added to cloud-init.
  For reference, as attached to bug 1177432, see trusty [1] and wily [2] 
examples.

  For reference, MAAS installed systems end up getting the built-in
  /etc/apt/sources.list with the ubuntu mirrors updated.  So this change
  after making it all the way through will result in maas images having
  the same list as ISO installed systems also.

  --
  [1] https://launchpadlibrarian.net/224142290/trusty-sources.list
  [2] https://launchpadlibrarian.net/224142308/wily-sources.list

  Related bugs:
   * bug 1177432  [SRU] Enable backports in cloud-init archive template

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/1513529/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1627931] Re: SHA256 checksum for ovf in xenial-server-cloudimg-amd64.ova has incorrect path

This bug was fixed in the package livecd-rootfs - 2.408.9

---
livecd-rootfs (2.408.9) xenial; urgency=medium

  [ Daniel Watkins ]
  * Don't overwrite the default sources.list in cloud images.
  * Replace sources.list generated using COMPONENTS with the sources.list from
an Ubuntu Server installation (i.e. with all components enabled, and all
deb-src lines commented).  LP: #1513529.

  [ Chris Glass ]
  * Fix the manifest generation in OVA files so that ovf files don't have
double extensions.  (LP: #1627931)
  * Fix the OVF's metadata to include Ubuntu specific identifiers and
descriptions instead of the generic Linux ones.  (LP: #1656293)

  [ Daniel Watkins ]
  * Add replace_grub_root_with_label function thereby consolidating multiple
uses of the same calls to sed.

  [ Robert C Jennings ]
  * ubuntu-cpc: Remove redundant copy of grub files. (LP: #1637290)

 -- Robert C Jennings   Thu, 23 Mar 2017
14:40:59 -0400

** Changed in: livecd-rootfs (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1627931

Title:
  SHA256 checksum for ovf in xenial-server-cloudimg-amd64.ova has
  incorrect path

Status in cloud-images:
  In Progress
Status in livecd-rootfs package in Ubuntu:
  Fix Released
Status in livecd-rootfs source package in Xenial:
  Fix Released
Status in livecd-rootfs source package in Yakkety:
  Fix Committed

Bug description:
  [Impact]

   * Users will be unable to import OVA disk images with tools that
  check the manifest to verify file checksums

  [Test Case]

  $ apt-get install virtualbox

  $ wget http://cloud-images.ubuntu.com/xenial/current/xenial-server-
  cloudimg-amd64.ova

  ## Requires version newer than 5.0.32_Ubuntur112930  in zesty)
  $ vboxmanage -version
  5.1.18_Ubuntur114002

  $ vboxmanage import  xenial-server-cloudimg-amd64.ova
  0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...
  Progress state: VBOX_E_FILE_ERROR
  VBoxManage: error: Appliance import failed
  VBoxManage: error: Digest mismatch (VERR_NOT_EQUAL): 
'ubuntu-xenial-16.04-cloudimg.ovf.ovf' not found in the 2nd manifest
  VBoxManage: error: Details: code VBOX_E_FILE_ERROR (0x80bb0004), component 
ApplianceWrap, interface IAppliance
  VBoxManage: error: Context: "RTEXITCODE handleImportAppliance(HandlerArg*)" 
at line 886 of file VBoxManageAppliance.cpp

  ## Expecting import success
  "Successfully imported the appliance."

  [Regression Potential]

   * Very low: If a tool is checking the manifest and has been modified
  to strip a duplicate ".ovf" from the name to allow the current image
  to work but also removed handing for valid files it would fail (but we
  know this is not true as there exists in the manifest a file that is
  already specified with the correct filename).

  [Original Description]

  Opening the current "xenial-server-cloudimg-amd64.ova" file from
  cloud-images.ubuntu.com in VirtualBox produces this error:

  Failed to import appliance C:/Users/Jesse/Downloads/xenial-server-
  cloudimg-amd64.ova.

  Digest mismatch (VERR_NOT_EQUAL): 'ubuntu-
  xenial-16.04-cloudimg.ovf.ovf' not found in the 2nd manifest.

  Result Code: VBOX_E_FILE_ERROR (0x80BB0004)
  Component: ApplianceWrap
  Interface: IAppliance {8398f026-4add-4474-5bc3-2f9f2140b23e}

  The ubuntu-xenial-16.04-cloudimg.mf inside the .ova has this contents:

  SHA256(ubuntu-xenial-16.04-cloudimg.vmdk)= 
1a9d4ebadf89aa3a12a20f9933b5f88e3b0edcb00fa286c653356bc2ff9d4a29
  SHA256(ubuntu-xenial-16.04-cloudimg.ovf.ovf)= 
eaca73e5217e0d12f1b5bfbbec039f445c89b807d0c5aba11f842639abb40d35

  After changing ".ovf.ovf" to ".ovf" and saving the file inside the
  .ova, importing the .ova works.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/1627931/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1637290] Re: Update to the signed 0.9+1474479173.6c180c6-1ubuntu1 shim binary from Microsoft

This bug was fixed in the package livecd-rootfs - 2.408.9

---
livecd-rootfs (2.408.9) xenial; urgency=medium

  [ Daniel Watkins ]
  * Don't overwrite the default sources.list in cloud images.
  * Replace sources.list generated using COMPONENTS with the sources.list from
an Ubuntu Server installation (i.e. with all components enabled, and all
deb-src lines commented).  LP: #1513529.

  [ Chris Glass ]
  * Fix the manifest generation in OVA files so that ovf files don't have
double extensions.  (LP: #1627931)
  * Fix the OVF's metadata to include Ubuntu specific identifiers and
descriptions instead of the generic Linux ones.  (LP: #1656293)

  [ Daniel Watkins ]
  * Add replace_grub_root_with_label function thereby consolidating multiple
uses of the same calls to sed.

  [ Robert C Jennings ]
  * ubuntu-cpc: Remove redundant copy of grub files. (LP: #1637290)

 -- Robert C Jennings   Thu, 23 Mar 2017
14:40:59 -0400

** Changed in: livecd-rootfs (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1637290

Title:
  Update to the signed 0.9+1474479173.6c180c6-1ubuntu1 shim binary from
  Microsoft

Status in grub2 package in Ubuntu:
  Fix Released
Status in grub2-signed package in Ubuntu:
  Fix Released
Status in livecd-rootfs package in Ubuntu:
  Fix Released
Status in shim package in Ubuntu:
  Fix Released
Status in shim-signed package in Ubuntu:
  Fix Released
Status in grub2 source package in Precise:
  New
Status in grub2-signed source package in Precise:
  New
Status in livecd-rootfs source package in Precise:
  Invalid
Status in shim source package in Precise:
  New
Status in shim-signed source package in Precise:
  New
Status in grub2 source package in Trusty:
  In Progress
Status in grub2-signed source package in Trusty:
  In Progress
Status in livecd-rootfs source package in Trusty:
  Invalid
Status in shim source package in Trusty:
  In Progress
Status in shim-signed source package in Trusty:
  In Progress
Status in grub2 source package in Xenial:
  Fix Committed
Status in grub2-signed source package in Xenial:
  Fix Committed
Status in livecd-rootfs source package in Xenial:
  Fix Released
Status in shim source package in Xenial:
  Fix Committed
Status in shim-signed source package in Xenial:
  Fix Committed
Status in grub2 source package in Yakkety:
  Fix Committed
Status in grub2-signed source package in Yakkety:
  Fix Committed
Status in livecd-rootfs source package in Yakkety:
  Fix Released
Status in shim source package in Yakkety:
  In Progress
Status in shim-signed source package in Yakkety:
  Fix Committed

Bug description:
  [Impact]
  We might want to boot securely one of these days.

  [Test case]
  1) Upgrading
  - Update to new shim, shim-signed, grub2, grub2-signed on an UEFI system.
  - Verify that the new shimx64.efi file is under /boot/efi/EFI/ubuntu, along 
with mmx64.efi and fbx64.efi.
  - Verify that /boot/efi/EFI/ubuntu/MokManager.efi no longer exists.
  - Verify that trying to apt install grub alone, or apt install shim alone, 
pulls in the correct matching versions of packages and gives the same results.

  2) Booting normally
  - Update to new shim, shim-signed, grub2, grub2-signed on an UEFI system, 
with Secure Boot enabled.
  - Verify it boots successfully to the login prompt.
  - There should be no messages about "Verification failure" or other errors 
before the kernel is loaded.

  3) Network boot.
  - Update to shim signed and grub2 signed EFI binaries on the TFTP server used.
  - Verify that a network booting system still boots normally through shim and 
grub, reaching a login prompt.

  4) BootEntry options
  - Update to new shim, shim-signed, grub2, grub2-signed on an UEFI system.
  - Update or install fwupdate.
  - Verify that new updates can be applied via fwupdate, that when an update is 
available, fwupdate will correctly start, apply the update, and reboot to shim 
normally, leading to a working system.

  5) live builds
  - confirm that the new version of livecd-rootfs has been published to 
-updates first, and that a daily build of the UEFI-enabled cloud images 
succeeds with the new shim filenames.

  [Regression Potential]
  Any failure to load the kernel from grub, or for shim to load grub, or for 
the system firmware to load shim (such as "Verification failure" messages) or 
failure to retrieve or parse BootEntry extended options (such as necessary to 
load MokManager or fwupdate) should be considered regressions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1637290/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to :

[Group.of.nepali.translators] [Bug 1656293] Re: OVF metadata for Ubuntu is wrong