[Group.of.nepali.translators] [Bug 1490611] Re: Using qemu >=2.2.1 to convert raw->VHD (fixed) adds extra padding to the result file, which Microsoft Azure rejects as invalid
This bug was fixed in the package qemu - 1:2.5+dfsg-5ubuntu10.10 --- qemu (1:2.5+dfsg-5ubuntu10.10) xenial; urgency=medium [Nishanth Aravamudan] * debian/patches/ubuntu/add_force_size_option.patch: block/vpc: fix VHD size calculation. (LP: #1490611) -- Christian EhrhardtMon, 20 Feb 2017 13:09:53 +0100 ** Changed in: qemu (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1490611 Title: Using qemu >=2.2.1 to convert raw->VHD (fixed) adds extra padding to the result file, which Microsoft Azure rejects as invalid Status in QEMU: Fix Released Status in qemu package in Ubuntu: Fix Released Status in qemu source package in Xenial: Fix Released Bug description: [Impact] * Starting with a raw disk image, using "qemu-img convert" to convert from raw to VHD results in the output VHD file's virtual size being aligned to the nearest 516096 bytes (16 heads x 63 sectors per head x 512 bytes per sector), instead of preserving the input file's size as the output VHD's virtual disk size. * Microsoft Azure requires that disk images (VHDs) submitted for upload have virtual sizes aligned to a megabyte boundary. (Ex. 4096MB, 4097MB, 4098MB, etc. are OK, 4096.5MB is rejected with an error.) This is reflected in Microsoft's documentation: https://azure.microsoft.com /en-us/documentation/articles/virtual-machines-linux-create-upload- vhd-generic/ * The fix for this bug is a backport from upstream. http://git.qemu.org/?p=qemu.git;a=commitdiff;h=fb9245c2610932d33ce14 [Test Case] * This is reproducible with the following set of commands (including the Azure command line tools from https://github.com/Azure/azure- xplat-cli). For the following example, I used qemu version 2.2.1: $ dd if=/dev/zero of=source-disk.img bs=1M count=4096 $ stat source-disk.img File: ‘source-disk.img’ Size: 4294967296 Blocks: 798656 IO Block: 4096 regular file Device: fc01h/64513dInode: 13247963Links: 1 Access: (0644/-rw-r--r--) Uid: ( 1000/ smkent) Gid: ( 1000/ smkent) Access: 2015-08-18 09:48:02.613988480 -0700 Modify: 2015-08-18 09:48:02.825985646 -0700 Change: 2015-08-18 09:48:02.825985646 -0700 Birth: - $ qemu-img convert -f raw -o subformat=fixed -O vpc source-disk.img dest-disk.vhd $ stat dest-disk.vhd File: ‘dest-disk.vhd’ Size: 4296499712 Blocks: 535216 IO Block: 4096 regular file Device: fc01h/64513dInode: 13247964Links: 1 Access: (0644/-rw-r--r--) Uid: ( 1000/ smkent) Gid: ( 1000/ smkent) Access: 2015-08-18 09:50:22.252077624 -0700 Modify: 2015-08-18 09:49:24.424868868 -0700 Change: 2015-08-18 09:49:24.424868868 -0700 Birth: - $ azure vm image create testimage1 dest-disk.vhd -o linux -l "West US" info:Executing command vm image create + Retrieving storage accounts info:VHD size : 4097 MB info:Uploading 4195800.5 KB Requested:100.0% Completed:100.0% Running: 0 Time: 1m 0s Speed: 6744 KB/s info:https://[redacted].blob.core.windows.net/vm-images/dest-disk.vhd was uploaded successfully error: The VHD https://[redacted].blob.core.windows.net/vm-images/dest-disk.vhd has an unsupported virtual size of 4296499200 bytes. The size must be a whole number (in MBs). info:Error information has been recorded to /home/smkent/.azure/azure.err error: vm image create command failed * A fixed qemu-img will not result in an error during azure image creation. It will require passing -o force_size, which will leverage the backported functionality. [Regression Potential] * The upstream fix introduces a qemu-img option (-o force_size) which is unset by default. The regression potential is very low, as a result. ... I also ran the above commands using qemu 2.4.0, which resulted in the same error as the conversion behavior is the same. However, qemu 2.1.1 and earlier (including qemu 2.0.0 installed by Ubuntu 14.04) does not pad the virtual disk size during conversion. Using qemu-img convert from qemu versions <=2.1.1 results in a VHD that is exactly the size of the raw input file plus 512 bytes (for the VHD footer). Those qemu versions do not attempt to realign the disk. As a result, Azure accepts VHD files created using those versions of qemu-img convert for upload. Is there a reason why newer qemu realigns the converted VHD file? It would be useful if an option were added to disable this feature, as current versions of qemu cannot be used to create VHD files for Azure using Microsoft's official instructions. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1490611/+subscriptions
[Group.of.nepali.translators] [Bug 1644530] Re: keepalived fails to restart cleanly due to the wrong systemd settings
This bug was fixed in the package keepalived - 1:1.2.19-1ubuntu0.2 --- keepalived (1:1.2.19-1ubuntu0.2) xenial; urgency=medium * Add PIDFile to avoid misdetection of MainPID on restart (LP: #1644530). -- Christian EhrhardtMon, 13 Mar 2017 13:23:47 +0100 ** Changed in: keepalived (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1644530 Title: keepalived fails to restart cleanly due to the wrong systemd settings Status in keepalived package in Ubuntu: Fix Released Status in systemd package in Ubuntu: New Status in keepalived source package in Xenial: Fix Released Status in systemd source package in Xenial: New Status in keepalived package in Debian: New Bug description: [Impact] * Restarts of keepalived can leave stale processes with the old configuration around. * The systemd detection of the MainPID is suboptimal, and combined with not waiting on signals being handled it can fail on second restart killing the (still) remaining process of the first start. * Upstream has a PIDFile statement, this has proven to avoid the issue in the MainPID guessing code of systemd. [Test Case] * Set up keepalived, the more complex the config is the "bigger" is the reace window, below in the description is a trivial sample config that works well. * As a test run the loop restarting the service head-to-head while staying under the max-restart limit $ for j in $(seq 1 20); do sleep 11s; time for i in $(seq 1 5); do sudo systemctl restart keepalived; sudo systemctl status keepalived | egrep 'Main.*exited'; done; done Expectation: no output other than timing Without fix: sometimes MainPIDs do no more exist, in these cases the child processes are the "old" ones from last execution with the old config. [Regression Potential] * Low because * A PIDFile statement is recommended by systemd for type=forking services anyway. * Upstream keepalived has this statement in their service file * By the kind of change, it should have no functional impact to other parts of the service other than for the PID detection of the job by Systemd. * Yet regression potential is never zero. There might be the unlikely case, which were considered working before due to a new config not properly being picked up. After the fix they will behave correctly and might show up as false-positives then if e.g. config was bad. [Other Info] * Usually a fix has to be in at least the latest Development release before SRUing it. But as I outlined below in later Releases than Xenial systemd seems to have improved making this change not-required. We haven't identified the bits for this (there is a bug task here), and they might as well be very complex. I think it is correct to fix Xenial in this regard with the simple change to the service file for now. * To eventually match I created a Debian bug task to ask them for the inclusion of the PIDFile so it can slowly tickle back down to newer Ubuntu Releases - also there more often people run backports where the issue might occur on older systemd versions (just as it does for us on Xenial) --- Because "PIDFile=" directive is missing in the systemd unit file, keepalived sometimes fails to kill all old processes. The old processes remain with old settings and cause unexpected behaviors. The detail of this bug is described in this ticket in upstream: https://github.com/acassen/keepalived/issues/443. The official systemd unit file is available since version 1.2.24 by this commit: https://github.com/acassen/keepalived/commit/635ab69afb44cd8573663e62f292c6bb84b44f15 This includes "PIDFile" directive correctly: PIDFile=/var/run/keepalived.pid We should go the same way. I am using Ubuntu 16.04.1, kernel 4.4.0-45-generic. Package: keepalived Version: 1.2.19-1 === How to reproduce: I used the two instances of Ubuntu 16.04.2 on DigitalOcean: Configurations -- MASTER server's /etc/keepalived/keepalived.conf: vrrp_script chk_nothing { script "/bin/true" interval 2 } vrrp_instance G1 { interface eth1 state BACKUP priority 100 virtual_router_id 123 unicast_src_ip unicast_peer { } track_script { chk_nothing } } BACKUP server's /etc/keepalived/keepalived.conf: vrrp_script chk_nothing { script "/bin/true" interval 2 } vrrp_instance G1 { interface eth1 state MASTER priority 200 virtual_router_id 123 unicast_src_ip unicast_peer { }
[Group.of.nepali.translators] [Bug 1675369] Re: Metacity Not Sending ConfigureNotify events
This bug was fixed in the package metacity - 1:3.18.7-0ubuntu0.3 --- metacity (1:3.18.7-0ubuntu0.3) xenial; urgency=medium * Backport upstream commit to fix send synthetic ConfigureNotify events when receiving ConfigureRequests (synthetic_configurenotify_events.diff, LP: #1675369). -- Dmitry ShachnevThu, 23 Mar 2017 21:14:52 +0300 ** Changed in: metacity (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1675369 Title: Metacity Not Sending ConfigureNotify events Status in metacity package in Ubuntu: Fix Released Status in metacity source package in Xenial: Fix Released Status in metacity source package in Yakkety: New Bug description: # Impact When using seamless applications such as Rdesktop, the window manager needs to send ConfigureNotify events. This is specified in ICCCM section 4.1.5. Without it, software will hang and wait for a response. This greatly impacts corporate and enterprise users that are trying to integrate Microsoft Windows applications using Rdesktop. # Proposed Fix A patch has been created here and should be merged: https://git.gnome.org/browse/metacity/commit/?h=gnome-3-24=f09967fc0f1d65fc7b5057b362b9657154a86079 Patch for 3.18 branch which was used for Xenial upload is here: https://git.gnome.org/browse/metacity/commit/?h=gnome-3-18=64e95c2ec2a1669da2ddab6c29108d718f79dfff # Test Case Use rdesktop in seamless mode: rdesktop "%ProgramFiles%\ThinLinc\WTSTools\seamlessrdpshell.exe" -s "notepad" server_ip This requires server with windows that is setup for remote access. Also extra software is needed: https://www.cendio.com/thinlinc/download-register Opening multiple seamless windows and trying to switch between them should not cause any noticeable delays / hangs. # Regression Potential The reporter has verified the fix, and it works. It has also been in Zesty since Mar 20th and so far nobody complained. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/metacity/+bug/1675369/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1668808] Re: [Xenial] iscsitarget-dkms 1.4.20.3+svn502-2ubuntu4: iscsitarget kernel module failed to build [error: field ‘rx_hash’ has incomplete type]
This bug was fixed in the package iscsitarget - 1.4.20.3+svn502-2ubuntu4.1 --- iscsitarget (1.4.20.3+svn502-2ubuntu4.1) xenial; urgency=medium * d/dkms.conf.in: iscsitarget has been removed from 16.10 and does not build against kernels from that release and on. Users are recommended to use the in-kernel iscsi_target_mod driver and tgt. Disable the dkms build on HWE kernels for 16.04 (LP: #1668808). -- Nishanth AravamudanMon, 20 Mar 2017 17:22:23 -0700 ** Changed in: iscsitarget (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1668808 Title: [Xenial] iscsitarget-dkms 1.4.20.3+svn502-2ubuntu4: iscsitarget kernel module failed to build [error: field ‘rx_hash’ has incomplete type] Status in iscsitarget package in Ubuntu: Invalid Status in iscsitarget source package in Xenial: Fix Released Status in iscsitarget source package in Yakkety: Invalid Bug description: [Impact] * The src:iscsitarget package was removed from 16.10 (LP: #1613758). * Therefore, the iscsitarget-dkms package is no longer tested with 16.10+ kernels to ensure it still compiles. * The HWE stacks for 16.04 backport the 16.10+ kernels to 16.04.x. * End users who successfully built the iscistarget driver on 16.04.0/1 kernels (4.4.0-*) will see failures with the HWE kernels. * iscsitarget and iscsitarget-dkms packages are not technically needed on 16.04 at all. There is an iSCSI target driver (iscsi_target_mod) in the Ubuntu kernel and the iscistarget tooling can be replaced with tgt. [Test Case] * Install iscsitarget-dkms while having the 16.04.2 headers installed. The module build will fail (and apport if on a desktop will attempt to submit a bug report). * In the fixed case, iscsitarget-dkms will see the specified kernel is not supported by the regex and will skip attempting to build. [Regression Potential] * Currently, the iscsitarget-dkms throws an error. The error is actually in the use of iscsitarget-dkms at all with newer kernels, and hopefully if end-users depend on it and see the 'skipped' message, they will come to this bug via the changelog. I do not believe there is any regression potential, as I have tested that 4.4.0-* kernels still build the dkms module fine and that all other 16.04 kernel families skip it. --- I am unable to build the iscsitarget DKMS module on a fresh install of Ubuntu 16.04.2 LTS. Console output is replicated here; the associated make.log file is attached. Setting up iscsitarget-dkms (1.4.20.3+svn502-2ubuntu4) ... Creating symlink /var/lib/dkms/iscsitarget/1.4.20.3+svn502/source -> /usr/src/iscsitarget-1.4.20.3+svn502 DKMS: add completed. Kernel preparation unnecessary for this kernel. Skipping... Building module: cleaning build area make KERNELRELEASE=4.8.0-39-generic -C /lib/modules/4.8.0-39-generic/build M=/var/lib/dkms/iscsitarget/1.4.20.3+svn502/build(bad exit status: 2) Error! Bad return status for module build on kernel: 4.8.0-39-generic (i686) Consult /var/lib/dkms/iscsitarget/1.4.20.3+svn502/build/make.log for more information. Removing old iscsitarget-1.4.20.3+svn502 DKMS files... -- Deleting module version: 1.4.20.3+svn502 completely from the DKMS tree. -- Done. Loading new iscsitarget-1.4.20.3+svn502 DKMS files... First Installation: checking all kernels... Building only for 4.8.0-39-generic Building initial module for 4.8.0-39-generic ERROR: Cannot create report: [Errno 17] File exists: '/var/crash/iscsitarget-dkms.0.crash' Error! Bad return status for module build on kernel: 4.8.0-39-generic (i686) Consult /var/lib/dkms/iscsitarget/1.4.20.3+svn502/build/make.log for more information. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iscsitarget/+bug/1668808/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1661805] Re: Saved passwords for HTTPS sites can be accessed by HTTP sites
This bug was fixed in the package epiphany-browser - 3.22.6-0ubuntu1 --- epiphany-browser (3.22.6-0ubuntu1) yakkety-security; urgency=medium * SECURITY UPDATE: Saved passwords were viewable by a man-in-the-middle attack website. This has been mitigated by moving all existing saved http passwords to https. If a website you use is http-only, you can find your old password in Preferences>Privacy>Manage Passwords. - Fixed in new upstream security release 3.22.6 (LP: #1661805) + New upstream release also fixes adblocker being too aggressive and breaking Twitter -- Jeremy BichaSun, 19 Mar 2017 18:46:17 -0400 ** Changed in: epiphany-browser (Ubuntu Yakkety) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1661805 Title: Saved passwords for HTTPS sites can be accessed by HTTP sites Status in Epiphany Browser: Fix Released Status in epiphany-browser package in Ubuntu: Confirmed Status in epiphany-browser source package in Xenial: Fix Released Status in epiphany-browser source package in Yakkety: Fix Released Bug description: Impact == Saved passwords are accessible by HTTP sites in epiphany 3.18.10-0ubuntu1 for Ubuntu 16.04 LTS, 3.22.5-0ubuntu0.1 for 16.10 and older versions. This means that a man-in-the-middle fake version of a website could capture your password by presenting say a fake http://facebook.com/ This is made worse because Javascript can be used to collect filled-in form data even if the user has not clicked Submit yet. This is made worse because Epiphany doesn't yet respect the HSTS headers which force sites that have opted in to be only available via HTTPS. Test Case = osnews.com is an example of an http-only website that you can log in to. What will happen upon upgrading is that your http password will only be associated with the https version of the site. To get your old password, open the app menu at the top left of the screen. Click Preferences. Switch to the Privacy tab and click Manage Passwords. You can right click on the site to copy your password and then manually paste it into your site. Regression Potential Moderate but acceptable. The fix for the security bug means that users will have to do more work to get their saved password for an http only website. Epiphany 3.24 (only available for Ubuntu 17.04+) gives a prominent warning about logging in to http websites, as do Firefox and Google Chrome as of January 2017. So a bit more work is acceptable since users should now be more cautious about logging into http sites. Other distros shipped these new versions weeks ago. Testing Done I built these updates and successfully ran them in Ubuntu 16.04 LTS and 16.10. I verified that my osnews.com account was converted to https in the password manager and was not auto-filled in the site. I then was able to manually enter my password to osnews.com and the password was now remembered as http. Other Info == Fixed upstream in 3.18.11 and 3.22.6: https://git.gnome.org/browse/epiphany/tree/NEWS?h=gnome-3-18 https://git.gnome.org/browse/epiphany/log/?h=gnome-3-18 https://git.gnome.org/browse/epiphany/tree/NEWS?h=gnome-3-22 https://git.gnome.org/browse/epiphany/log/?h=gnome-3-22 https://mail.gnome.org/archives/distributor- list/2017-February/msg0.html Unfortunately the fix is spread out over several git commits. The new upstream release is minimal enough I think it would be easier and safer to just take the new version. The new version also fixes the critical LP: #1668704 for xenial and a bug breaking twitter for yakkety (see https://bugzilla.gnome.org/14 ) To manage notifications about this bug go to: https://bugs.launchpad.net/epiphany-browser/+bug/1661805/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1661805] Re: Saved passwords for HTTPS sites can be accessed by HTTP sites
This bug was fixed in the package epiphany-browser - 3.18.11-0ubuntu1 --- epiphany-browser (3.18.11-0ubuntu1) xenial-security; urgency=medium * SECURITY UPDATE: Saved passwords were viewable by a man-in-the-middle attack website. This has been mitigated by moving all existing saved http passwords to https. If a website you use is http-only, you can find your old password in Preferences>Privacy>Manage Passwords. - Fixed in new upstream security release 3.18.11 (LP: #1661805) + New upstream release also fixes inability to enter text in websites, a regression introduced in 3.18.10 (LP: #1668704) -- Jeremy BichaSun, 19 Mar 2017 18:24:58 -0400 ** Changed in: epiphany-browser (Ubuntu Xenial) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1661805 Title: Saved passwords for HTTPS sites can be accessed by HTTP sites Status in Epiphany Browser: Fix Released Status in epiphany-browser package in Ubuntu: Confirmed Status in epiphany-browser source package in Xenial: Fix Released Status in epiphany-browser source package in Yakkety: Fix Released Bug description: Impact == Saved passwords are accessible by HTTP sites in epiphany 3.18.10-0ubuntu1 for Ubuntu 16.04 LTS, 3.22.5-0ubuntu0.1 for 16.10 and older versions. This means that a man-in-the-middle fake version of a website could capture your password by presenting say a fake http://facebook.com/ This is made worse because Javascript can be used to collect filled-in form data even if the user has not clicked Submit yet. This is made worse because Epiphany doesn't yet respect the HSTS headers which force sites that have opted in to be only available via HTTPS. Test Case = osnews.com is an example of an http-only website that you can log in to. What will happen upon upgrading is that your http password will only be associated with the https version of the site. To get your old password, open the app menu at the top left of the screen. Click Preferences. Switch to the Privacy tab and click Manage Passwords. You can right click on the site to copy your password and then manually paste it into your site. Regression Potential Moderate but acceptable. The fix for the security bug means that users will have to do more work to get their saved password for an http only website. Epiphany 3.24 (only available for Ubuntu 17.04+) gives a prominent warning about logging in to http websites, as do Firefox and Google Chrome as of January 2017. So a bit more work is acceptable since users should now be more cautious about logging into http sites. Other distros shipped these new versions weeks ago. Testing Done I built these updates and successfully ran them in Ubuntu 16.04 LTS and 16.10. I verified that my osnews.com account was converted to https in the password manager and was not auto-filled in the site. I then was able to manually enter my password to osnews.com and the password was now remembered as http. Other Info == Fixed upstream in 3.18.11 and 3.22.6: https://git.gnome.org/browse/epiphany/tree/NEWS?h=gnome-3-18 https://git.gnome.org/browse/epiphany/log/?h=gnome-3-18 https://git.gnome.org/browse/epiphany/tree/NEWS?h=gnome-3-22 https://git.gnome.org/browse/epiphany/log/?h=gnome-3-22 https://mail.gnome.org/archives/distributor- list/2017-February/msg0.html Unfortunately the fix is spread out over several git commits. The new upstream release is minimal enough I think it would be easier and safer to just take the new version. The new version also fixes the critical LP: #1668704 for xenial and a bug breaking twitter for yakkety (see https://bugzilla.gnome.org/14 ) To manage notifications about this bug go to: https://bugs.launchpad.net/epiphany-browser/+bug/1661805/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1543025] Re: Wrong UTC zoneinfo in cloud-images
Updated status, its long been fix released in the upstream. ** Changed in: cloud-init Status: Triaged => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1543025 Title: Wrong UTC zoneinfo in cloud-images Status in cloud-init: Fix Released Status in cloud-init package in Ubuntu: Fix Released Status in cloud-init source package in Xenial: Fix Released Bug description: ADT runs use cloud-images to create test VM environments. For the Xenial cloud-images I observed a weird issue where libvirt suddenly fails its build-time tests on a time offset test on UTC. Looking at the prepared image (cloud-init did already run there), I found that indeed a command-line of TZ=UTC date reports a CET based time. Looking further this seems to drill down into /usr/share/zoneinfo/UTC -> Zulu and that (Zulu another term for UTC) Zulu file looks quite bigger that the same on other hosts and contains the CET string as well (normal ~128b, wrong size 2335). Forcing a reinstall of tzdata will fix the file and also allows the libvirt test to pass. So I am not sure this is wrong in the initial image base or gets in some way broken during cloud-init. Thats why I start reporting it against cloud-init. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/1543025/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1671767] Re: asterisk crashes dialing h264 video sip device
** Changed in: asterisk (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1671767 Title: asterisk crashes dialing h264 video sip device Status in asterisk package in Ubuntu: Fix Released Status in asterisk source package in Xenial: New Bug description: [Impact] when dialing a h264 video sip device (Grandstream GXV3674_FHD_VF 1.0.3.17) asterisk crashes with a core dump [Test Case] === 1. See comment #6 [Regression Potential] == Since the patch is already included in more recent versions of asterisk there is no regression. Due to the location of code changes that are applied to - If an unexpected error manifests, it should be local to the h264 encoding which is broken today. [Other Info] none --- asterisk 1:13.1.0~dfsg-1.1ubuntu4 lsb_release -rd: Description: Ubuntu 16.04.2 LTS Release: 16.04 Bug details: when dialing a h264 video sip device (Grandstream GXV3674_FHD_VF 1.0.3.17) asterisk crashes with a core dump: Connected to Asterisk 13.1.0~dfsg-1.1ubuntu4 currently running on samson (pid = 29051) samson*CLI> console dial waldorf@Phones -- Executing [waldorf@Phones:1] Dial("Console/default", "SIP/waldorf,60") in new stack == Using SIP VIDEO CoS mark 6 == Using SIP RTP CoS mark 5 -- Called SIP/waldorf -- SIP/waldorf- is ringing samson*CLI> Disconnected from Asterisk server Asterisk cleanly ending (0). Executing last minute cleanups Analysis: = gdb reveals that the module "res_format_attr_h264.so" is resposible due to a memory allocation failure while examining tokens of the "sprop-parameter-sets" string in the SIP header. Proposed Solution: == This bug is already fixed by 2 small patches included in a more recenent versions of "res/res_format_attr_h264.c" https://issues.asterisk.org/jira/browse/ASTERISK-24616 Crash in res_format_attr_h264 due to invalid string copy https://issues.asterisk.org/jira/browse/ASTERISK-25573 [patch] H.264 format attribute module: resets whole SDP This fixed version of "res/res_format_attr_h264.c" is included e.g. in asterisk (1:13.13.1~dfsg-4ubuntu1) zesty. Fixed+Tested: = I tested by rebuiling asterisk 1:13.1.0~dfsg-1.1ubuntu4 packages with the "res/res_format_attr_h264.c" taken from asterisk 1:13.13.1~dfsg-4ubuntu1 and could connect to the sip device without any problems. I would be great, if you could add this patch into asterisk 1:13.1.0~dfsg-1.1ubuntu4, since I don't want to use self built debs on a 16.4 LTS production system. Thanks a lot Jörg To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1671767/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1675163] Re: Don't attempt to create devices in LXC containers
This bug was fixed in the package makedev - 2.3.1-89ubuntu3 --- makedev (2.3.1-89ubuntu3) precise; urgency=medium * Don't attempt to create /dev devices when inside a container. (LP: #1675163) -- Stéphane GraberFri, 24 Mar 2017 02:12:05 -0400 ** Changed in: makedev (Ubuntu Precise) Status: Fix Committed => Fix Released ** Changed in: makedev (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1675163 Title: Don't attempt to create devices in LXC containers Status in makedev package in Ubuntu: Fix Released Status in makedev source package in Precise: Fix Released Status in makedev source package in Trusty: Fix Released Status in makedev source package in Xenial: Fix Released Status in makedev source package in Yakkety: Fix Released Status in makedev source package in Zesty: Fix Released Bug description: Right now the "makedev" postinst script will attempt to create a number of devices in /dev, failing the package upgrade should any of those mknod calls fail. LXC containers, especially unprivileged ones do not allow the use of mknod, making it impossible to upgrade makedev in those containers and preventing Ubuntu release upgrades. The fix is quite simple, detect that we are running in an LXC container and skip the rest of the postinst script as is done in a number of other cases. = SRU == Rationale This issue prevents release to release upgrades in unprivileged LXC containers when makedev is part of the upgraded set. This is currently visible when upgrading from Ubuntu 12.04 to Ubuntu 14.04. == Testcase Install the new package in an unprivileged container. With LXD, simply use "lxc launch ubuntu: test" to create the container. Prior to this fix, the upgrade will fail on some mknod errors, after it, it'll go on after printing a message indicating that LXC was detected. == Regression potential The detection logic is based on PID 1's environment containing a container=lxc entry. If a non-LXC system somehow had that set, it'd lead to the makedev upgrade no longer creating extra devices. This is unlikely to really matter though since the system is clearly already functioning properly at that point. Similarly, some privileged LXC containers can be configured in a way where mknod is possible, this update will still disable the postinst for those cases as short of attempting every mknod ahead of time, there is no reliable way to detect any seccomp or apparmor policy in play. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/makedev/+bug/1675163/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1675163] Re: Don't attempt to create devices in LXC containers
This bug was fixed in the package makedev - 2.3.1-93ubuntu2~ubuntu14.04.1 --- makedev (2.3.1-93ubuntu2~ubuntu14.04.1) trusty; urgency=medium * Don't attempt to create /dev devices when inside a container. (LP: #1675163) -- Stéphane GraberWed, 22 Mar 2017 16:38:22 -0400 ** Changed in: makedev (Ubuntu Trusty) Status: Fix Committed => Fix Released ** Changed in: makedev (Ubuntu Yakkety) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1675163 Title: Don't attempt to create devices in LXC containers Status in makedev package in Ubuntu: Fix Released Status in makedev source package in Precise: Fix Committed Status in makedev source package in Trusty: Fix Released Status in makedev source package in Xenial: Fix Committed Status in makedev source package in Yakkety: Fix Released Status in makedev source package in Zesty: Fix Released Bug description: Right now the "makedev" postinst script will attempt to create a number of devices in /dev, failing the package upgrade should any of those mknod calls fail. LXC containers, especially unprivileged ones do not allow the use of mknod, making it impossible to upgrade makedev in those containers and preventing Ubuntu release upgrades. The fix is quite simple, detect that we are running in an LXC container and skip the rest of the postinst script as is done in a number of other cases. = SRU == Rationale This issue prevents release to release upgrades in unprivileged LXC containers when makedev is part of the upgraded set. This is currently visible when upgrading from Ubuntu 12.04 to Ubuntu 14.04. == Testcase Install the new package in an unprivileged container. With LXD, simply use "lxc launch ubuntu: test" to create the container. Prior to this fix, the upgrade will fail on some mknod errors, after it, it'll go on after printing a message indicating that LXC was detected. == Regression potential The detection logic is based on PID 1's environment containing a container=lxc entry. If a non-LXC system somehow had that set, it'd lead to the makedev upgrade no longer creating extra devices. This is unlikely to really matter though since the system is clearly already functioning properly at that point. Similarly, some privileged LXC containers can be configured in a way where mknod is possible, this update will still disable the postinst for those cases as short of attempting every mknod ahead of time, there is no reliable way to detect any seccomp or apparmor policy in play. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/makedev/+bug/1675163/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1401532] Re: GRUB's Secure Boot implementation loads unsigned kernel without warning
I'm updating the description for this bug and opening a grub2-signed task (and the relevant release tasks). We're at the point where the grub2 fallback code needs to be addressed. ** Description changed: + [Rationale] + GRUB should help us enforce that in UEFI mode, only signed kernels are loaded. It should not silently fall back to loading unsigned kernels. + + [Impact] + All our users booting in UEFI; on all supported releases. + + [Test cases] + + = grub2 = + + Booting unsigned kernels: + 1) Try to boot a custom kernel + 2) Verify that the kernel will not be loaded by grub (you should see an error message about the signature) + + Booting signed kernels: + 1) Try to boot an official signed kernel (from -release or -updates) + 2) Verify that the system boots normally and no warnings are shown about signature. + + + [Regression Potential] + Any failure to boot presenting as a failure to load the kernel from within grub, with an "invalid signature" type error message or not, should be investigated as a potential regression of this stable update. + + --- + Me and some other students have conducted some various experiments on Secure Boot enabled machines. The main focus of the tests was to circumvent Secure Boot and load unsigned kernels or kernels that have been signed with other keys. On your SecureBoot (https://wiki.ubuntu.com/SecurityTeam/SecureBoot) it is outlined that GRUB will boot unsigned kernels when the kernel is unsigned. During one of our experiments it seemed that this statement was true and that GRUB loads unsigned kernels as described on your page. We understand that for various reasons GRUB should still support the use-case when an unsigned kernel must be loaded, but with the current approach the user isn't aware if there is a whole chain of trust. For example, it could still be possible to load some malware before it boots the Operating System itself (bootkits). One of the many reasons that Secure Boot has been developed is to protect the user from these kind of attacks. With the current approach the purpose of Secure Boot is somewhat defeated, and the user doesn't know if the whole chain has been verified or not. It could easily be the case that an unsigned kernel has been loaded by Ubuntu without the user noticing. From our point of view, a better approach would be to inform the user that an unsigned kernel will be loaded and that the user can make a choice if he/she wants to proceed. The default action could be to accept the option, remember the user's option and sometimes remind the user of the fact that it is loading an unsigned kernel. This problem is of course related to GRUB itself and not to Ubuntu itself. The reason for filing this bug and informing the SecurityTeam of Ubuntu is to ask for their opinions and what your point of view is on the current approach and to see if other users classify this as a "bug". GRUB2 versions: grub-2.02~beta2, 1.34.1+2.02~beta2-9ubuntu1 Ubuntu version: Trusty (will also affect newer and older versions, GRUB specific problem) ** Also affects: grub2-signed (Ubuntu) Importance: Undecided Status: New ** Changed in: grub2-signed (Ubuntu) Status: New => Triaged ** Changed in: grub2-signed (Ubuntu) Importance: Undecided => High ** Changed in: grub2-signed (Ubuntu) Assignee: (unassigned) => Mathieu Trudel-Lapierre (cyphermox) ** Also affects: grub2 (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: grub2-signed (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: grub2 (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: grub2-signed (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: grub2 (Ubuntu Zesty) Importance: High Assignee: Mathieu Trudel-Lapierre (cyphermox) Status: Triaged ** Also affects: grub2-signed (Ubuntu Zesty) Importance: High Assignee: Mathieu Trudel-Lapierre (cyphermox) Status: Triaged ** Also affects: grub2 (Ubuntu Yakkety) Importance: Undecided Status: New ** Also affects: grub2-signed (Ubuntu Yakkety) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1401532 Title: GRUB's Secure Boot implementation loads unsigned kernel without warning Status in grub2 package in Ubuntu: Triaged Status in grub2-signed package in Ubuntu: Triaged Status in grub2 source package in Trusty: New Status in grub2-signed source package in Trusty: New Status in grub2 source package in Xenial: New Status in grub2-signed source package in Xenial: New Status in grub2 source package in Yakkety: New Status in grub2-signed source package in Yakkety: New Status in grub2 source package in Zesty:
[Group.of.nepali.translators] [Bug 1667527] Re: [Hyper-V] pci-hyperv: Use device serial number as PCI domain
** Also affects: linux (Ubuntu Zesty) Importance: Medium Assignee: Joseph Salisbury (jsalisbury) Status: Fix Committed ** Changed in: linux (Ubuntu Zesty) Status: Fix Committed => In Progress -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1667527 Title: [Hyper-V] pci-hyperv: Use device serial number as PCI domain Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: Fix Committed Status in linux source package in Yakkety: In Progress Status in linux source package in Zesty: In Progress Bug description: This allows PCI domain numbers starts with 1, and also unique on the same VM. So names, such as VF NIC names, that include domain number as part of the name, can be shorter than that based on part of bus UUID previously. The new names will also stay same for VMs created with copied VHD and same number of devices. This is needed for SR-IOV in Azure. This is Bjorn's tree for 4.11 here: https://git.kernel.org/cgit/linux/kernel/git/helgaas/pci.git/commit/?h=pci /host-hv=4a9b0933bdfcd85da840284bf5a0eb17b654b9c2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1667527/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1574727] Re: [SRU] Enforce using signed kernels and modules on UEFI
The update of shim, grub, mokutil and others to use signed kernels and modules are mostly done; one further step that needs to happen is to have grub enforce that kernels are properly signed, and refuse to load unsigned kernels (rather than falling back from the linuxefi module which checks signatures, to linux which doesn't). In the interest of clarity, I'll close the tasks here as Invalid for what is left as "New", and we'll move this "last step" to bug 1401532 which is clearly about this issue. ** Changed in: grub2-signed (Ubuntu) Status: New => Invalid ** Changed in: grub2 (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1574727 Title: [SRU] Enforce using signed kernels and modules on UEFI Status in dkms package in Ubuntu: Fix Released Status in efibootmgr package in Ubuntu: Fix Released Status in efivar package in Ubuntu: Fix Released Status in grub2 package in Ubuntu: Invalid Status in grub2-signed package in Ubuntu: Invalid Status in mokutil package in Ubuntu: Fix Released Status in shim package in Ubuntu: New Status in shim-signed package in Ubuntu: Fix Released Status in dkms source package in Precise: New Status in efibootmgr source package in Precise: Invalid Status in efivar source package in Precise: Fix Released Status in grub2 source package in Precise: Invalid Status in grub2-signed source package in Precise: Invalid Status in mokutil source package in Precise: Fix Released Status in shim source package in Precise: New Status in shim-signed source package in Precise: Fix Released Status in dkms source package in Trusty: Fix Released Status in efibootmgr source package in Trusty: Invalid Status in efivar source package in Trusty: Invalid Status in grub2 source package in Trusty: Invalid Status in grub2-signed source package in Trusty: Invalid Status in mokutil source package in Trusty: Fix Released Status in shim source package in Trusty: New Status in shim-signed source package in Trusty: Fix Released Status in dkms source package in Wily: Fix Released Status in efibootmgr source package in Wily: Fix Released Status in efivar source package in Wily: Fix Released Status in grub2 source package in Wily: Invalid Status in grub2-signed source package in Wily: Invalid Status in mokutil source package in Wily: Fix Released Status in shim source package in Wily: New Status in shim-signed source package in Wily: Fix Released Status in dkms source package in Xenial: Fix Released Status in efibootmgr source package in Xenial: Fix Released Status in efivar source package in Xenial: Fix Released Status in grub2 source package in Xenial: Fix Released Status in grub2-signed source package in Xenial: Fix Released Status in mokutil source package in Xenial: Fix Released Status in shim source package in Xenial: New Status in shim-signed source package in Xenial: Fix Released Bug description: [Rationale] Secure Boot is good. We want to be able to validate that as much as possible of the boot process happens with signed binaries; from our shim (the part that is loaded by the EFI firmware itself), down to grub2, the kernel, and even loaded modules. [Impact] All our users booting in UEFI; on all supported releases. [Test cases] https://docs.google.com/spreadsheets/d/1GbyQDb4-sRv7OlIpbISiwVJ2ARHP3AkG2HbPTRk7p-E/edit#gid=0 Test cases here are separated by the components that need to be changed: = mokutil = Adding a MOK key: 1) Install system 2) Run 'mokutil --import ' to import a signing certificate. 3) On reboot; validate MOK prompts for new MOK key to add. Toggling Secure Boot state: 1) Install system 2) mokutil --enable-validationormokutil --disable-validation 3) Validate that on reboot MOK prompts to change Secure Boot state. Listing keys: 1) mokutil --list-enrolled -- should list keys previously enrolled, and Microsoft keys on systems that are configured with them for factory Secure Boot. = efivar = libefivar0 gets tested via the use of mokutil. Since it is a library with no directly usable binaries; we rely on mokutil / sbsigntool / efibootmgr to do testing. 1) Run efibootmgr -v ; verify it lists BootEntries. 2) Run efibootmgr -c -L ubuntu2 -l \\EFI\\ubuntu\\shimx64.efi ; verify that on reboot; you can get into a boot menu that will list 'ubuntu2', and that picking that boot entry boots into Ubuntu. = shim-signed = 1) Install system; upgrade to new packages 1b) Verify /proc/sys/kernel/secure_boot shows 1. 1c) Verify /proc/sys/kernel/moksbstate_disabled shows 0. 2) Run 'sudo update-secureboot-policy'; validate that it prompts to disable Secure Boot if it's not already disabled. 3) Run 'sudo update-secureboot-policy'; validate
[Group.of.nepali.translators] [Bug 1672144] Re: ifup service of network device stay active after driver stop
** Also affects: linux (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Yakkety) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1672144 Title: ifup service of network device stay active after driver stop Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: New Status in linux source package in Yakkety: New Status in linux source package in Zesty: Fix Released Bug description: The network device systemd service stay active after unload the module of this network device, that call close port (ndo_stop). once we try to load the NIC driver again, it try to start the ifup service of his NICs and due to the service is already up, so it fail and we didn't see the interface with the static configuration =. below simple reproduce with the Mellanox ConnectX4 device (driver name mlx5_core). Also we see this issue with Azure system, Ubuntu 17.04 guest over Hyper-v, the VF failed to start after re-enable SR-IOV from VM's vNIC. For now we have a Work Around that to add a udev rule, echo DRIVERS==\"*mlx*\", SUBSYSTEM==\"net\", ACTION==\"add\",RUN+=\"/sbin/ifup --force $env{INTERFACE}\" > /lib/udev/rules.d/100-up.rules Example: #:/lib/udev/rules.d# cat 100-up.rules DRIVERS=="*mlx*", SUBSYSTEM=="net", ACTION=="add",RUN+="/sbin/ifup --force $env{INTERFACE}" *** * More info and reproduce * *** # ifdown ens1f0 RTNETLINK answers: Cannot assign requested address # ifup ens1f0 # ifconfig ens1f0 ens1f0: flags=4163mtu 1500 inet 123.12.23.1 netmask 255.255.0.0 broadcast 123.12.255.255 inet6 fe80::268a:7ff:fea1:fbdc prefixlen 64 scopeid 0x20 ether 24:8a:07:a1:fb:dc txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 17 bytes 1392 (1.3 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 # ethtool -i ens1f0 |grep driv driver: mlx5_core # systemctl status ifup@ens1f ifup@ens1f0.service ifup@ens1f1.service # systemctl status ifup@ens1f0.service * ifup@ens1f0.service - ifup for ens1f0 Loaded: loaded (/lib/systemd/system/ifup@.service; static; vendor preset: enabled) Active: active (exited) since Sun 2017-03-12 09:40:04 IST; 2h 26min ago Main PID: 1608 (code=exited, status=0/SUCCESS) CGroup: /system.slice/ifup@ens1f0.service Mar 12 09:40:04 qa-h-vrt-039 systemd[1]: Started ifup for ens1f0. Mar 12 09:40:04 qa-h-vrt-039 sh[1608]: ifup: interface ens1f0 already configured root@qa-h-vrt-039:/tmp# modprobe -rv mlx5_ib rmmod mlx5_ib rmmod mlx5_core # modprobe -rv mlx5_core # ifconfig -a |grep ens1f0 # lsmod |grep mlx5 # systemctl status ifup@ens1f0.service * ifup@ens1f0.service - ifup for ens1f0 Loaded: loaded (/lib/systemd/system/ifup@.service; static; vendor preset: enabled) Active: active (exited) since Sun 2017-03-12 09:40:04 IST; 2h 27min ago Main PID: 1608 (code=exited, status=0/SUCCESS) CGroup: /system.slice/ifup@ens1f0.service Mar 12 09:40:04 qa-h-vrt-039 systemd[1]: Started ifup for ens1f0. Mar 12 09:40:04 qa-h-vrt-039 sh[1608]: ifup: interface ens1f0 already configured # modprobe mlx5_core # ifconfig ens1f0 ens1f0: flags=4098 mtu 1500 ether 24:8a:07:a1:fb:dc txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 # cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eno1 iface eno1 inet dhcp #ens1f0 auto ens1f0 iface ens1f0 inet static address 123.12.23.1 netmask 255.255.0.0 mtu 1500 * * Another repto and investigate * * once interface is created the system starts a service that is responsible for activating it (basically runs ifup). so, at first shot everything works. at the second driver reload: Good
[Group.of.nepali.translators] [Bug 1675698] Re: Cannot access anything under a subdirectory if symlinks are disallowed
This bug was fixed in the package samba - 2:3.6.25-0ubuntu0.12.04.10 --- samba (2:3.6.25-0ubuntu0.12.04.10) precise-security; urgency=medium * SECURITY REGRESSION: follow symlinks issue (LP: #1675698) - debian/patches/bug12721-*.patch: add backported fixes from Samba bug #12721. * debian/patches/*: fix CVE number in patch filenames. -- Marc DeslauriersTue, 28 Mar 2017 09:43:30 -0400 ** Changed in: samba (Ubuntu Precise) Status: Confirmed => Fix Released ** Changed in: samba (Ubuntu Trusty) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1675698 Title: Cannot access anything under a subdirectory if symlinks are disallowed Status in samba: Unknown Status in samba package in Ubuntu: Confirmed Status in samba source package in Precise: Fix Released Status in samba source package in Trusty: Fix Released Status in samba source package in Xenial: Fix Released Status in samba source package in Yakkety: Fix Released Status in samba source package in Zesty: Confirmed Status in samba package in Debian: Confirmed Bug description: After upgrading to 4.3.11+dfsg-0ubuntu0.14.04.6, some of my shares broke in a curious way. The affected shares have `follow symlinks = no`; the ones with `follow symlinks = yes` aren't affected AFAICT. Allowing symlinks on one of the affected shares mitigates the issue for that share. The issue is that access to anything under a direct subdirectory of the share doesn't work. I can create a directory in `\\srv\share`, e.g. `\\srv\share\foo`, but I can't create any files or directories inside it, e.g. creating `\\srv\share\foo\bar` ends up with error 50 (The request is not supported). Attempts to access existing files or directories at this level produce error 59 (An unexpected network error occured). The log at level 2 says: ``` ../source3/smbd/vfs.c:1298(check_reduced_name) check_reduced_name: Bad access attempt: branches is a symlink to foo/bar ``` ... or: ``` ../source3/smbd/vfs.c:1298(check_reduced_name) check_reduced_name: Bad access attempt: . is a symlink to foo ``` To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1675698/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1675698] Re: Cannot access anything under a subdirectory if symlinks are disallowed
This bug was fixed in the package samba - 2:4.4.5+dfsg-2ubuntu5.5 --- samba (2:4.4.5+dfsg-2ubuntu5.5) yakkety-security; urgency=medium * SECURITY REGRESSION: follow symlinks issue (LP: #1675698) - debian/patches/CVE-2017-2619/bug12721-*.patch: add fixes from Samba bug #12721. * Add missing prerequisite for previous update - debian/patches/CVE-2017-2619/bug12172.patch: handle non-existant files and wildcards in source3/modules/vfs_shadow_copy2.c. -- Marc DeslauriersTue, 28 Mar 2017 07:31:03 -0400 ** Changed in: samba (Ubuntu Yakkety) Status: Confirmed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-2619 ** Changed in: samba (Ubuntu Xenial) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1675698 Title: Cannot access anything under a subdirectory if symlinks are disallowed Status in samba: Unknown Status in samba package in Ubuntu: Confirmed Status in samba source package in Precise: Confirmed Status in samba source package in Trusty: Confirmed Status in samba source package in Xenial: Fix Released Status in samba source package in Yakkety: Fix Released Status in samba source package in Zesty: Confirmed Status in samba package in Debian: Confirmed Bug description: After upgrading to 4.3.11+dfsg-0ubuntu0.14.04.6, some of my shares broke in a curious way. The affected shares have `follow symlinks = no`; the ones with `follow symlinks = yes` aren't affected AFAICT. Allowing symlinks on one of the affected shares mitigates the issue for that share. The issue is that access to anything under a direct subdirectory of the share doesn't work. I can create a directory in `\\srv\share`, e.g. `\\srv\share\foo`, but I can't create any files or directories inside it, e.g. creating `\\srv\share\foo\bar` ends up with error 50 (The request is not supported). Attempts to access existing files or directories at this level produce error 59 (An unexpected network error occured). The log at level 2 says: ``` ../source3/smbd/vfs.c:1298(check_reduced_name) check_reduced_name: Bad access attempt: branches is a symlink to foo/bar ``` ... or: ``` ../source3/smbd/vfs.c:1298(check_reduced_name) check_reduced_name: Bad access attempt: . is a symlink to foo ``` To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1675698/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1567807] Re: nova delete doesn't work with EFI booted VMs
This bug was fixed in the package nova - 2:13.1.3-0ubuntu1~cloud0 --- nova (2:13.1.3-0ubuntu1~cloud0) trusty-mitaka; urgency=medium . * New upstream release for the Ubuntu Cloud Archive. . nova (2:13.1.3-0ubuntu1) xenial; urgency=medium . * New upstream point release for OpenStack Mitaka. (LP: #1668313) * d/patches/uefi-delete-instances.patch: Fix deletion of instances with UEFI is enabled. (LP: #1567807) ** Changed in: cloud-archive/mitaka Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1567807 Title: nova delete doesn't work with EFI booted VMs Status in Ubuntu Cloud Archive: Fix Released Status in Ubuntu Cloud Archive mitaka series: Fix Released Status in Ubuntu Cloud Archive newton series: Fix Committed Status in Ubuntu Cloud Archive ocata series: Fix Released Status in OpenStack Compute (nova): Fix Released Status in nova package in Ubuntu: Fix Released Status in nova source package in Xenial: Fix Released Status in nova source package in Yakkety: Fix Committed Status in nova source package in Zesty: Fix Released Bug description: I've been setting up a Mitaka Openstack using the cloud archive running on Trusty, and am having problems working with EFI enabled instances on ARM64. I've done some work with wgrant and gotten things to a stage where I can boot instances, using the aavmf images. However, when I tried to delete a VM booted like this, I get an error: libvirtError: Requested operation is not valid: cannot delete inactive domain with nvram I've included the full traceback at https://paste.ubuntu.com/15682718/. Thanks to a suggestion from wgrant again, I got it working by editing nova/virt/libvirt/guest.py in delete_configuration() and replacing self._domain.undefineFlags(libvirt.VIR_DOMAIN_UNDEFINE_MANAGED_SAVE) with self._domain.undefineFlags(libvirt.VIR_DOMAIN_UNDEFINE_MANAGED_SAVE | libvirt.VIR_DOMAIN_UNDEFINE_NVRAM). I've attached a rough patch. Once that's applied and nova-compute restarted, I was able to delete the instance fine. Could someone please investigate this and see if its the correct fix, and look at getting it fixed in the archive? This was done on a updated trusty deployment using the cloud-archives for mitaka. $ dpkg-query -W python-nova python-nova 2:13.0.0~b2-0ubuntu1~cloud0 Please let me know if you need any further information. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1567807/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1668313] Re: [SRU] mitaka point release
This bug was fixed in the package ceilometer - 1:6.1.4-0ubuntu1~cloud0 --- ceilometer (1:6.1.4-0ubuntu1~cloud0) trusty-mitaka; urgency=medium . * New upstream release for the Ubuntu Cloud Archive. . ceilometer (1:6.1.4-0ubuntu1) xenial; urgency=medium . * New upstream point release for OpenStack Mitaka (LP: #1668313). ** Changed in: cloud-archive/mitaka Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1668313 Title: [SRU] mitaka point release Status in Ubuntu Cloud Archive: Invalid Status in Ubuntu Cloud Archive mitaka series: Fix Released Status in ceilometer package in Ubuntu: Invalid Status in heat package in Ubuntu: Invalid Status in horizon package in Ubuntu: Invalid Status in neutron package in Ubuntu: Invalid Status in nova package in Ubuntu: Invalid Status in nova-lxd package in Ubuntu: Invalid Status in swift package in Ubuntu: Invalid Status in ceilometer source package in Xenial: Fix Released Status in heat source package in Xenial: Fix Released Status in horizon source package in Xenial: Fix Released Status in neutron source package in Xenial: Fix Released Status in nova source package in Xenial: Fix Released Status in nova-lxd source package in Xenial: Fix Released Status in swift source package in Xenial: Fix Released Bug description: New point releases for misc openstack components for the mitaka release: ceilometer 6.1.4 heat 6.1.1 horizon 9.1.1 neutron 8.4.0 swift 2.7.1 nova 13.1.3 nova-lxd 13.3.0 Updates will undergo the normal deployment and functional testing using charms and tempest (the upstream functional test suite for OpenStack). To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1668313/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1671117] Re: [SRU] ceph 10.2.6
This bug was fixed in the package ceph - 10.2.6-0ubuntu0.16.04.1~cloud0 --- ceph (10.2.6-0ubuntu0.16.04.1~cloud0) trusty-mitaka; urgency=medium . * New upstream release for the Ubuntu Cloud Archive. . ceph (10.2.6-0ubuntu0.16.04.1) xenial; urgency=medium . * New upstream stable point release (LP: #1671117): - d/p/osd-limit-omap-data-in-push-op.patch,rgw_rados-creation_time.patch: Dropped, included upstream. - d/p/*: Refresh. ** Changed in: cloud-archive/mitaka Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1671117 Title: [SRU] ceph 10.2.6 Status in Ubuntu Cloud Archive: Invalid Status in Ubuntu Cloud Archive mitaka series: Fix Released Status in ceph package in Ubuntu: Fix Released Status in ceph source package in Xenial: Fix Released Status in ceph source package in Yakkety: Fix Released Status in ceph source package in Zesty: Fix Released Bug description: This point release fixes several important bugs in RBD mirroring, RGW multi-site, CephFS, and RADOS. We recommend that all v10.2.x users upgrade. For more detailed information, see the complete changelog[1] and the release notes[2] Notable Changes --- * build/ops: add hostname sanity check to run-{c}make-check.sh (issue#18134 , pr#12302 , Nathan Cutler) * build/ops: add ldap lib to rgw lib deps based on build config (issue#17313 , pr#13183 , Nathan Cutler) * build/ops: ceph-create-keys loops forever (issue#17753 , pr#11884 , Alfredo Deza) * build/ops: ceph daemons DUMPABLE flag is cleared by setuid preventing coredumps (issue#17650 , pr#11736 , Patrick Donnelly) * build/ops: fixed compilation error when --with-radowsgw=no (issue#18512 , pr#12729 , Pan Liu) * build/ops: fixed the issue when --disable-server, compilation fails. (issue#18120 , pr#12239 , Pan Liu) * build/ops: fix undefined crypto references with --with-xio (issue#18133 , pr#12296 , Nathan Cutler) * build/ops: install-deps.sh based on /etc/os-release (issue#18466 , issue#18198 , pr#12405 , Jan Fajerski, Nitin A Kamble, Nathan Cutler) * build/ops: Remove the runtime dependency on lsb_release (issue#17425 , pr#11875 , John Coyle, Brad Hubbard) * build/ops: rpm: /etc/ceph/rbdmap is packaged with executable access rights (issue#17395 , pr#11855 , Ken Dreyer) * build/ops: selinux: Allow ceph to manage tmp files (issue#17436 , pr#13048 , Boris Ranto) * build/ops: systemd: Restart Mon after 10s in case of failure (issue#18635 , pr#13058 , Wido den Hollander) * build/ops: systemd restarts Ceph Mon to quickly after failing to start (issue#18635 , pr#13184 , Wido den Hollander) * ceph-disk: fix flake8 errors (issue#17898 , pr#11976 , Ken Dreyer) * cephfs: fuse client crash when adding a new osd (issue#17270 , pr#11860 , John Spray) * cli: ceph-disk: convert none str to str before printing it (issue#18371 , pr#13187 , Kefu Chai) * client: Fix lookup of "/.." in jewel (issue#18408 , pr#12766 , Jeff Layton) * client: fix stale entries in command table (issue#17974 , pr#12137 , John Spray) * client: populate metadata during mount (issue#18361 , pr#13085 , John Spray) * cli: implement functionality for adding, editing and removing omap values with binary keys (issue#18123 , pr#12755 , Jason Dillaman) * common: Improve linux dcache hash algorithm (issue#17599 , pr#11529 , Yibo Cai) * common: utime.h: fix timezone issue in round_to_* funcs. (issue#14862 , pr#11508 , Zhao Chao) * doc: Python Swift client commands in Quick Developer Guide don't match configuration in vstart.sh (issue#17746 , pr#13043 , Ronak Jain) * librbd: allow to open an image without opening parent image (issue#18325 , pr#13130 , Ricardo Dias) * librbd: metadata_set API operation should not change global config setting (issue#18465 , pr#13168 , Mykola Golub) * librbd: new API method to force break a peer's exclusive lock (issue#15632 , issue#16773 , issue#17188 , issue#16988 , issue#17210 , issue#17251 , issue#18429 , issue#17227 , issue#18327 , issue#17015 , pr#12890 , Danny Al-Gaaf, Mykola Golub, Jason Dillaman) * librbd: properly order concurrent updates to the object map (issue#16176 , pr#12909 , Jason Dillaman) * librbd: restore journal access when force disabling mirroring (issue#17588 , pr#11916 , Mykola Golub) * mds: Cannot create deep directories when caps contain path=/somepath (issue#17858 , pr#12154 , Patrick Donnelly) * mds: cephfs metadata pool: deep-scrub error omap_digest != best guess omap_digest (issue#17177 , pr#12380 , Yan, Zheng) * mds: cephfs test failures (ceph.com/qa is broken, should be download.ceph.com/qa) (issue#18574 , pr#13023 , John Spray) * mds: ceph-fuse crash during snapshot tests (issue#18460 , pr#13120 , Yan, Zheng) *
[Group.of.nepali.translators] [Bug 1677684] Re: /usr/bin/corosync-blackbox: 34: /usr/bin/corosync-blackbox: qb-blackbox: not found
** Also affects: corosync (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: corosync (Ubuntu Xenial) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1677684 Title: /usr/bin/corosync-blackbox: 34: /usr/bin/corosync-blackbox: qb- blackbox: not found Status in corosync package in Ubuntu: New Status in corosync source package in Trusty: New Status in corosync source package in Xenial: New Bug description: [Environment] Ubuntu Xenial 16.04 Amd64 [Reproduction] - Install corosync - Run the corosync-blackbox executable. root@juju-niedbalski-xenial-machine-5:/home/ubuntu# dpkg -L corosync |grep black /usr/bin/corosync-blackbox Expected results: corosync-blackbox runs OK. Current results: $ sudo corosync-blackbox /usr/bin/corosync-blackbox: 34: /usr/bin/corosync-blackbox: qb-blackbox: not found Fix: Make the package dependant of libqb-dev root@juju-niedbalski-xenial-machine-5:/home/ubuntu# dpkg -L libqb-dev | grep qb-bl /usr/sbin/qb-blackbox To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/corosync/+bug/1677684/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1567807] Re: nova delete doesn't work with EFI booted VMs
This bug was fixed in the package nova - 2:13.1.3-0ubuntu1 --- nova (2:13.1.3-0ubuntu1) xenial; urgency=medium * New upstream point release for OpenStack Mitaka. (LP: #1668313) * d/patches/uefi-delete-instances.patch: Fix deletion of instances with UEFI is enabled. (LP: #1567807) -- Chuck ShortWed, 01 Mar 2017 08:44:03 -0500 ** Changed in: nova (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1567807 Title: nova delete doesn't work with EFI booted VMs Status in Ubuntu Cloud Archive: Fix Released Status in Ubuntu Cloud Archive mitaka series: Fix Released Status in Ubuntu Cloud Archive newton series: Fix Committed Status in Ubuntu Cloud Archive ocata series: Fix Released Status in OpenStack Compute (nova): Fix Released Status in nova package in Ubuntu: Fix Released Status in nova source package in Xenial: Fix Released Status in nova source package in Yakkety: Fix Committed Status in nova source package in Zesty: Fix Released Bug description: I've been setting up a Mitaka Openstack using the cloud archive running on Trusty, and am having problems working with EFI enabled instances on ARM64. I've done some work with wgrant and gotten things to a stage where I can boot instances, using the aavmf images. However, when I tried to delete a VM booted like this, I get an error: libvirtError: Requested operation is not valid: cannot delete inactive domain with nvram I've included the full traceback at https://paste.ubuntu.com/15682718/. Thanks to a suggestion from wgrant again, I got it working by editing nova/virt/libvirt/guest.py in delete_configuration() and replacing self._domain.undefineFlags(libvirt.VIR_DOMAIN_UNDEFINE_MANAGED_SAVE) with self._domain.undefineFlags(libvirt.VIR_DOMAIN_UNDEFINE_MANAGED_SAVE | libvirt.VIR_DOMAIN_UNDEFINE_NVRAM). I've attached a rough patch. Once that's applied and nova-compute restarted, I was able to delete the instance fine. Could someone please investigate this and see if its the correct fix, and look at getting it fixed in the archive? This was done on a updated trusty deployment using the cloud-archives for mitaka. $ dpkg-query -W python-nova python-nova 2:13.0.0~b2-0ubuntu1~cloud0 Please let me know if you need any further information. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1567807/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1668313] Re: [SRU] mitaka point release
This bug was fixed in the package nova - 2:13.1.3-0ubuntu1 --- nova (2:13.1.3-0ubuntu1) xenial; urgency=medium * New upstream point release for OpenStack Mitaka. (LP: #1668313) * d/patches/uefi-delete-instances.patch: Fix deletion of instances with UEFI is enabled. (LP: #1567807) -- Chuck ShortWed, 01 Mar 2017 08:44:03 -0500 ** Changed in: nova (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1668313 Title: [SRU] mitaka point release Status in Ubuntu Cloud Archive: Invalid Status in Ubuntu Cloud Archive mitaka series: Fix Released Status in ceilometer package in Ubuntu: Invalid Status in heat package in Ubuntu: Invalid Status in horizon package in Ubuntu: Invalid Status in neutron package in Ubuntu: Invalid Status in nova package in Ubuntu: Invalid Status in nova-lxd package in Ubuntu: Invalid Status in swift package in Ubuntu: Invalid Status in ceilometer source package in Xenial: Fix Released Status in heat source package in Xenial: Fix Released Status in horizon source package in Xenial: Fix Released Status in neutron source package in Xenial: Fix Released Status in nova source package in Xenial: Fix Released Status in nova-lxd source package in Xenial: Fix Released Status in swift source package in Xenial: Fix Released Bug description: New point releases for misc openstack components for the mitaka release: ceilometer 6.1.4 heat 6.1.1 horizon 9.1.1 neutron 8.4.0 swift 2.7.1 nova 13.1.3 nova-lxd 13.3.0 Updates will undergo the normal deployment and functional testing using charms and tempest (the upstream functional test suite for OpenStack). To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1668313/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1664203] Re: [SRU] v1 driver does not delete namespace when pool deleted
This bug was fixed in the package neutron-lbaas - 2:8.3.0-0ubuntu2 --- neutron-lbaas (2:8.3.0-0ubuntu2) xenial; urgency=medium * Add patch to ensure namespace deleted by v1 driver delete_pool (LP: #1664203) - d/p/ensure_namespace_deleted_with_pool.patch -- Edward Hope-MorleyMon, 13 Feb 2017 15:17:31 + ** Changed in: neutron-lbaas (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1664203 Title: [SRU] v1 driver does not delete namespace when pool deleted Status in Ubuntu Cloud Archive: Invalid Status in Ubuntu Cloud Archive kilo series: Fix Released Status in Ubuntu Cloud Archive liberty series: Fix Released Status in Ubuntu Cloud Archive mitaka series: Fix Released Status in neutron-lbaas package in Ubuntu: Invalid Status in neutron-lbaas source package in Trusty: New Status in neutron-lbaas source package in Xenial: Fix Released Status in neutron-lbaas source package in Yakkety: Won't Fix Bug description: [Impact] The v1 services.loadbalancer.drivers.haproxy.namespace_driver has a bug in that it deletes the haproxy state directory for a pool when it's vip is deleted. This means that when the pool itself is deleted, its associated namespace is never deleted since the delete is predicated on the state path being extant. The v1 driver is deprecated as of the Liberty release and was totally removed from the codebase in the Newton release. However, Openstack Kilo and Mitaka are still supported in Ubuntu, the former requiring the v1 driver and the latter still capable of using it so while upstream will not accept a patch we will still patch the neutron- lbaas-agent Ubuntu package to fix this issue. [Test Case] Please see http://pastebin.ubuntu.com/24058957/ [Regression Potential] None To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1664203/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1668313] Re: [SRU] mitaka point release
This bug was fixed in the package swift - 2.7.1-0ubuntu1 --- swift (2.7.1-0ubuntu1) xenial; urgency=medium * New upstream point release for Openstack Mitaka. (LP: #1668313) * d/patches/avoid-infinite-loop-while-placing-parts.patch: Dropped no longer needed. -- Chuck ShortMon, 27 Feb 2017 12:59:47 -0500 ** Changed in: nova-lxd (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1668313 Title: [SRU] mitaka point release Status in Ubuntu Cloud Archive: Invalid Status in Ubuntu Cloud Archive mitaka series: Fix Committed Status in ceilometer package in Ubuntu: Invalid Status in heat package in Ubuntu: Invalid Status in horizon package in Ubuntu: Invalid Status in neutron package in Ubuntu: Invalid Status in nova package in Ubuntu: Invalid Status in nova-lxd package in Ubuntu: Invalid Status in swift package in Ubuntu: Invalid Status in ceilometer source package in Xenial: Fix Released Status in heat source package in Xenial: Fix Released Status in horizon source package in Xenial: Fix Released Status in neutron source package in Xenial: Fix Released Status in nova source package in Xenial: Fix Committed Status in nova-lxd source package in Xenial: Fix Released Status in swift source package in Xenial: Fix Released Bug description: New point releases for misc openstack components for the mitaka release: ceilometer 6.1.4 heat 6.1.1 horizon 9.1.1 neutron 8.4.0 swift 2.7.1 nova 13.1.3 nova-lxd 13.3.0 Updates will undergo the normal deployment and functional testing using charms and tempest (the upstream functional test suite for OpenStack). To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1668313/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1668313] Re: [SRU] mitaka point release
This bug was fixed in the package neutron - 2:8.4.0-0ubuntu1 --- neutron (2:8.4.0-0ubuntu1) xenial; urgency=medium [ Corey Bryant ] * d/p/check-namespace-before-getting-devices.patch: Dropped. Fixed upstream. [ Chuck Short ] * New upstream stable point release for OpenStack Mitaka (LP: #1668313). -- Chuck ShortMon, 27 Feb 2017 12:36:12 -0500 ** Changed in: neutron (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1668313 Title: [SRU] mitaka point release Status in Ubuntu Cloud Archive: Invalid Status in Ubuntu Cloud Archive mitaka series: Fix Committed Status in ceilometer package in Ubuntu: Invalid Status in heat package in Ubuntu: Invalid Status in horizon package in Ubuntu: Invalid Status in neutron package in Ubuntu: Invalid Status in nova package in Ubuntu: Invalid Status in nova-lxd package in Ubuntu: Invalid Status in swift package in Ubuntu: Invalid Status in ceilometer source package in Xenial: Fix Released Status in heat source package in Xenial: Fix Released Status in horizon source package in Xenial: Fix Released Status in neutron source package in Xenial: Fix Released Status in nova source package in Xenial: Fix Committed Status in nova-lxd source package in Xenial: Fix Released Status in swift source package in Xenial: Fix Released Bug description: New point releases for misc openstack components for the mitaka release: ceilometer 6.1.4 heat 6.1.1 horizon 9.1.1 neutron 8.4.0 swift 2.7.1 nova 13.1.3 nova-lxd 13.3.0 Updates will undergo the normal deployment and functional testing using charms and tempest (the upstream functional test suite for OpenStack). To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1668313/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1668313] Re: [SRU] mitaka point release
This bug was fixed in the package horizon - 2:9.1.1-0ubuntu1 --- horizon (2:9.1.1-0ubuntu1) xenial; urgency=medium * New upstream point release for OpenStack Mitaka (LP: #1668313). -- Chuck ShortWed, 01 Mar 2017 10:14:18 -0500 ** Changed in: horizon (Ubuntu Xenial) Status: Fix Committed => Fix Released ** Changed in: heat (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1668313 Title: [SRU] mitaka point release Status in Ubuntu Cloud Archive: Invalid Status in Ubuntu Cloud Archive mitaka series: Fix Committed Status in ceilometer package in Ubuntu: Invalid Status in heat package in Ubuntu: Invalid Status in horizon package in Ubuntu: Invalid Status in neutron package in Ubuntu: Invalid Status in nova package in Ubuntu: Invalid Status in nova-lxd package in Ubuntu: Invalid Status in swift package in Ubuntu: Invalid Status in ceilometer source package in Xenial: Fix Released Status in heat source package in Xenial: Fix Released Status in horizon source package in Xenial: Fix Released Status in neutron source package in Xenial: Fix Released Status in nova source package in Xenial: Fix Committed Status in nova-lxd source package in Xenial: Fix Released Status in swift source package in Xenial: Fix Released Bug description: New point releases for misc openstack components for the mitaka release: ceilometer 6.1.4 heat 6.1.1 horizon 9.1.1 neutron 8.4.0 swift 2.7.1 nova 13.1.3 nova-lxd 13.3.0 Updates will undergo the normal deployment and functional testing using charms and tempest (the upstream functional test suite for OpenStack). To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1668313/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1668313] Re: [SRU] mitaka point release
This bug was fixed in the package ceilometer - 1:6.1.4-0ubuntu1 --- ceilometer (1:6.1.4-0ubuntu1) xenial; urgency=medium * New upstream point release for OpenStack Mitaka (LP: #1668313). -- Chuck ShortMon, 27 Feb 2017 10:44:55 -0500 ** Changed in: swift (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1668313 Title: [SRU] mitaka point release Status in Ubuntu Cloud Archive: Invalid Status in Ubuntu Cloud Archive mitaka series: Fix Committed Status in ceilometer package in Ubuntu: Invalid Status in heat package in Ubuntu: Invalid Status in horizon package in Ubuntu: Invalid Status in neutron package in Ubuntu: Invalid Status in nova package in Ubuntu: Invalid Status in nova-lxd package in Ubuntu: Invalid Status in swift package in Ubuntu: Invalid Status in ceilometer source package in Xenial: Fix Released Status in heat source package in Xenial: Fix Released Status in horizon source package in Xenial: Fix Released Status in neutron source package in Xenial: Fix Released Status in nova source package in Xenial: Fix Committed Status in nova-lxd source package in Xenial: Fix Released Status in swift source package in Xenial: Fix Released Bug description: New point releases for misc openstack components for the mitaka release: ceilometer 6.1.4 heat 6.1.1 horizon 9.1.1 neutron 8.4.0 swift 2.7.1 nova 13.1.3 nova-lxd 13.3.0 Updates will undergo the normal deployment and functional testing using charms and tempest (the upstream functional test suite for OpenStack). To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1668313/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1668313] Re: [SRU] mitaka point release
This bug was fixed in the package heat - 1:6.1.1-0ubuntu1 --- heat (1:6.1.1-0ubuntu1) xenial; urgency=medium * New upstream stable point release for OpenStack Mitaka (LP: #1668313) -- Chuck ShortMon, 27 Feb 2017 11:14:03 -0500 ** Changed in: ceilometer (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1668313 Title: [SRU] mitaka point release Status in Ubuntu Cloud Archive: Invalid Status in Ubuntu Cloud Archive mitaka series: Fix Committed Status in ceilometer package in Ubuntu: Invalid Status in heat package in Ubuntu: Invalid Status in horizon package in Ubuntu: Invalid Status in neutron package in Ubuntu: Invalid Status in nova package in Ubuntu: Invalid Status in nova-lxd package in Ubuntu: Invalid Status in swift package in Ubuntu: Invalid Status in ceilometer source package in Xenial: Fix Released Status in heat source package in Xenial: Fix Released Status in horizon source package in Xenial: Fix Released Status in neutron source package in Xenial: Fix Released Status in nova source package in Xenial: Fix Committed Status in nova-lxd source package in Xenial: Fix Released Status in swift source package in Xenial: Fix Released Bug description: New point releases for misc openstack components for the mitaka release: ceilometer 6.1.4 heat 6.1.1 horizon 9.1.1 neutron 8.4.0 swift 2.7.1 nova 13.1.3 nova-lxd 13.3.0 Updates will undergo the normal deployment and functional testing using charms and tempest (the upstream functional test suite for OpenStack). To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1668313/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1573307] Re: wget crashed with SIGSEGV in __memset_avx2()
This bug was fixed in the package wget - 1.17.1-1ubuntu1.2 --- wget (1.17.1-1ubuntu1.2) xenial-proposed; urgency=medium * debian/patches/Sanitize-value-sent-to-memset-to-prevent-SEGFAULT.patch upstream commited 7099f489 patch to fix segmentation fault (LP: #1573307) -- Chen-Han Hsiao (Stanley)Fri, 24 Feb 2017 12:24:53 -0800 ** Changed in: wget (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1573307 Title: wget crashed with SIGSEGV in __memset_avx2() Status in wget package in Ubuntu: Fix Released Status in wget source package in Xenial: Fix Released Bug description: [Impact] * wget will crash while displaying progress bar under narrow terminal * Upstream already has fixed this issue in commit 7099f489 and 7cb9efa6 Steps to reproduce: 1. execute "wget http://old-releases.ubuntu.com/releases/16.04.0/ubuntu-16.04-desktop-amd64.manifest; under a narrow terminal (such as width less than 40 characters) Problems: 1. The wget crash with segmentation fault Expected behavior: 1. wget will not crash [Test Case] After upgrading to the new version, the repeating the above steps should give expected behavior. [Regression Potential] Potential of causing regression is relatively small for a two line change for assertion check [Other Info] EDIT(other user): The crash actually happens when the terminal window is too small. When I try to download a big file with wget on Ubuntu 16.04 it crashes after a couple seconds. To reproduce the bug try the following: wget http://releases.ubuntu.com/16.04/ubuntu-16.04-desktop-amd64.iso I've asked another guy on IRC on channel #ubuntu-it to try and reproduce this bug and he said it was crashing also on his machine. evan@HPPC:~$ lsb_release -rd Description: Ubuntu 16.04 LTS Release: 16.04 evan@HPPC:~$ apt-cache policy wget wget: Installato: 1.17.1-1ubuntu1 Candidato: 1.17.1-1ubuntu1 Tabella versione: *** 1.17.1-1ubuntu1 500 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status ProblemType: Crash DistroRelease: Ubuntu 16.04 Package: wget 1.17.1-1ubuntu1 ProcVersionSignature: Ubuntu 4.4.0-21.37-generic 4.4.6 Uname: Linux 4.4.0-21-generic x86_64 ApportVersion: 2.20.1-0ubuntu2 Architecture: amd64 CurrentDesktop: Unity Date: Fri Apr 22 01:34:10 2016 ExecutablePath: /usr/bin/wget InstallationDate: Installed on 2016-04-21 (0 days ago) InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1) ProcCmdline: wget http://releases.ubuntu.com/16.04/ubuntu-16.04-desktop-amd64.iso SegvAnalysis: Segfault happened at: 0x7f4eac3b7328 <__memset_avx2+392>:rep stos %al,%es:(%rdi) PC (0x7f4eac3b7328) ok source "%al" ok destination "%es:(%rdi)" (0x562969134000) not located in a known VMA region (needed writable region)! SegvReason: writing unknown VMA Signal: 11 SourcePackage: wget StacktraceTop: __memset_avx2 () at ../sysdeps/x86_64/multiarch/memset-avx2.S:161 ?? () ?? () ?? () ?? () Title: wget crashed with SIGSEGV in __memset_avx2() UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1573307/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1636656] Re: [Hyper-V] netvsc: fix incorrect receive checksum offloading
** Changed in: linux (Ubuntu Yakkety) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1636656 Title: [Hyper-V] netvsc: fix incorrect receive checksum offloading Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: Fix Released Status in linux source package in Yakkety: Fix Released Bug description: The Hyper-V netvsc driver was looking at the incorrect status bits in the checksum info. It was setting the receive checksum unnecessary flag based on the IP header checksum being correct. The checksum flag is skb is about TCP and UDP checksum status. Because of this bug, any packet received with bad TCP checksum would be passed up the stack and to the application causing data corruption. The problem is reproducible via netcat and netem. This had a side effect of not doing receive checksum offload on IPv6. The driver was also also always doing checksum offload independent of the checksum setting done via ethtool. Signed-off-by: Stephen Hemmingerhttps://patchwork.ozlabs.org/patch/685660/ When this patch is committed I will include the commit ID in this bug. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1636656/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1668847] Re: live-build: handle downgrade of package priority in -updates pocket
This bug was fixed in the package live-build - 3.0~a57-1ubuntu25.2 --- live-build (3.0~a57-1ubuntu25.2) xenial; urgency=medium * debian/patches/ubuntu-debootstrap-demotions.patch: remove packages after bootstrap that have been demoted. Closes LP: #1668847. -- Steve LangasekTue, 28 Feb 2017 21:21:28 -0800 ** Changed in: live-build (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1668847 Title: live-build: handle downgrade of package priority in -updates pocket Status in live-build package in Ubuntu: Fix Released Status in live-build source package in Xenial: Fix Released Bug description: On rare occasions, we may wish to remove a package from the set of required packages post-release. It is possible to have a binary package with a different priority in the release pocket vs. the updates pocket, but debootstrap only ever operates against a single pocket; so while debootstrapping, the demotion is invisible and a package which is Priority: required in the release, but Priority: important or lower in -updates, remains installed even if we're trying to do a minbase bootstrap. Since changing debootstrap to look at multiple pockets would be extremely non-trivial, a simpler solution is to have live-build, the common code that wraps debootstrap for any of our official image builds, identify the demotions and try to remove them from the target environment. [SRU Justification] This is a change in the behavior of live-build which is only relevant to already-stable releases. We specifically have packages we would like to demote from Required in xenial; this change is required in order for those demotions to be effective. [Test case] Build an ubuntu-base image with -proposed enabled. Verify that it builds successfully, and that the locales package is not included in the image. [Regression potential] This patch takes pains to ensure that only demoted packages are removed from the target chroot, and only if no other installed packages depend on them. Since the only package which currently has Priority: required in xenial but Priority: important in xenial-updates is locales, there should be minimal risk of regression outside the test path. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/live-build/+bug/1668847/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1667527] Re: [Hyper-V] pci-hyperv: Use device serial number as PCI domain
** Also affects: linux (Ubuntu Yakkety) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1667527 Title: [Hyper-V] pci-hyperv: Use device serial number as PCI domain Status in linux package in Ubuntu: Fix Committed Status in linux source package in Xenial: Fix Committed Status in linux source package in Yakkety: In Progress Bug description: This allows PCI domain numbers starts with 1, and also unique on the same VM. So names, such as VF NIC names, that include domain number as part of the name, can be shorter than that based on part of bus UUID previously. The new names will also stay same for VMs created with copied VHD and same number of devices. This is needed for SR-IOV in Azure. This is Bjorn's tree for 4.11 here: https://git.kernel.org/cgit/linux/kernel/git/helgaas/pci.git/commit/?h=pci /host-hv=4a9b0933bdfcd85da840284bf5a0eb17b654b9c2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1667527/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1667531] Re: [Hyper-V] Include bondvf in /usr/sbin for SR-IOV interface bonding
** Also affects: linux (Ubuntu Yakkety) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Yakkety) Status: New => In Progress ** Changed in: linux (Ubuntu Yakkety) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Yakkety) Assignee: (unassigned) => Joseph Salisbury (jsalisbury) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1667531 Title: [Hyper-V] Include bondvf in /usr/sbin for SR-IOV interface bonding Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Status in linux source package in Yakkety: In Progress Bug description: Please include bondvf.sh from kernel git tools/hv/ in /usr/sbin commit fd7aabb062fa1a8331a786d617744de220eaf002 Author: Haiyang ZhangDate: Fri Dec 2 15:55:38 2016 -0800 tools: hv: Enable network manager for bonding scripts on RHEL We found network manager is necessary on RHEL to make the synthetic NIC, VF NIC bonding operations handled automatically. So, enabling network manager here. Signed-off-by: Haiyang Zhang Reviewed-by: K. Y. Srinivasan Signed-off-by: David S. Miller commit 178cd55f086629cf0bad9c66c793a7e2bcc3abb6 Author: Haiyang Zhang Date: Mon Jul 11 17:06:42 2016 -0700 tools: hv: Add a script to help bonding synthetic and VF NICs This script helps to create bonding network devices based on synthetic NIC (the virtual network adapter usually provided by Hyper-V) and the matching VF NIC (SRIOV virtual function). So the synthetic NIC and VF NIC can function as one network device, and fail over to the synthetic NIC if VF is down. Mayjor distros (RHEL, Ubuntu, SLES) supported by Hyper-V are supported by this script. Signed-off-by: Haiyang Zhang Reviewed-by: K. Y. Srinivasan Signed-off-by: David S. Miller To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1667531/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1672785] Re: [Hyper-V][Mellanox] net/mlx4_core: Avoid delays during VF driver device shutdown
** Also affects: linux (Ubuntu Yakkety) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1672785 Title: [Hyper-V][Mellanox] net/mlx4_core: Avoid delays during VF driver device shutdown Status in linux package in Ubuntu: Fix Committed Status in linux source package in Xenial: In Progress Status in linux source package in Yakkety: In Progress Status in linux source package in Zesty: Fix Committed Bug description: Mellanox has submitted the following patch upstream that's important for SR-IOV in Azure. Please integrate it into the Mellanox mlx4 drivers for lts-xenial, HWE, Zesty, and Azure custom. https://patchwork.ozlabs.org/patch/738305/ From: Jack MorgensteinSome Hypervisors detach VFs from VMs by instantly causing an FLR event to be generated for a VF. In the mlx4 case, this will cause that VF's comm channel to be disabled before the VM has an opportunity to invoke the VF device's "shutdown" method. For such Hypervisors, there is a race condition between the VF's shutdown method and its internal-error detection/reset thread. The internal-error detection/reset thread (which runs every 5 seconds) also detects a disabled comm channel. If the internal-error detection/reset flow wins the race, we still get delays (while that flow tries repeatedly to detect comm-channel recovery). The cited commit fixed the command timeout problem when the internal-error detection/reset flow loses the race. This commit avoids the unneeded delays when the internal-error detection/reset flow wins. Fixes: d585df1c5ccf ("net/mlx4_core: Avoid command timeouts during VF driver device shutdown") Signed-off-by: Jack Morgenstein Reported-by: Simon Xiao Signed-off-by: Tariq Toukan --- drivers/net/ethernet/mellanox/mlx4/cmd.c | 11 +++ drivers/net/ethernet/mellanox/mlx4/main.c | 11 +++ include/linux/mlx4/device.h | 1 + 3 files changed, 23 insertions(+) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1672785/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1671767] Re: asterisk crashes dialing h264 video sip device
** Also affects: asterisk (Ubuntu Xenial) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1671767 Title: asterisk crashes dialing h264 video sip device Status in asterisk package in Ubuntu: Triaged Status in asterisk source package in Xenial: New Bug description: [Impact] when dialing a h264 video sip device (Grandstream GXV3674_FHD_VF 1.0.3.17) asterisk crashes with a core dump [Test Case] === 1. See comment #6 [Regression Potential] == Since the patch is already included in more recent versions of asterisk there is no regression. Due to the location of code changes that are applied to - If an unexpected error manifests, it should be local to the h264 encoding which is broken today. [Other Info] none --- asterisk 1:13.1.0~dfsg-1.1ubuntu4 lsb_release -rd: Description: Ubuntu 16.04.2 LTS Release: 16.04 Bug details: when dialing a h264 video sip device (Grandstream GXV3674_FHD_VF 1.0.3.17) asterisk crashes with a core dump: Connected to Asterisk 13.1.0~dfsg-1.1ubuntu4 currently running on samson (pid = 29051) samson*CLI> console dial waldorf@Phones -- Executing [waldorf@Phones:1] Dial("Console/default", "SIP/waldorf,60") in new stack == Using SIP VIDEO CoS mark 6 == Using SIP RTP CoS mark 5 -- Called SIP/waldorf -- SIP/waldorf- is ringing samson*CLI> Disconnected from Asterisk server Asterisk cleanly ending (0). Executing last minute cleanups Analysis: = gdb reveals that the module "res_format_attr_h264.so" is resposible due to a memory allocation failure while examining tokens of the "sprop-parameter-sets" string in the SIP header. Proposed Solution: == This bug is already fixed by 2 small patches included in a more recenent versions of "res/res_format_attr_h264.c" https://issues.asterisk.org/jira/browse/ASTERISK-24616 Crash in res_format_attr_h264 due to invalid string copy https://issues.asterisk.org/jira/browse/ASTERISK-25573 [patch] H.264 format attribute module: resets whole SDP This fixed version of "res/res_format_attr_h264.c" is included e.g. in asterisk (1:13.13.1~dfsg-4ubuntu1) zesty. Fixed+Tested: = I tested by rebuiling asterisk 1:13.1.0~dfsg-1.1ubuntu4 packages with the "res/res_format_attr_h264.c" taken from asterisk 1:13.13.1~dfsg-4ubuntu1 and could connect to the sip device without any problems. I would be great, if you could add this patch into asterisk 1:13.1.0~dfsg-1.1ubuntu4, since I don't want to use self built debs on a 16.4 LTS production system. Thanks a lot Jörg To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1671767/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1648903] Re: Permission denied and inconsistent behavior in complain mode with 'ip netns list' command
This was incorrectly closed in the kernel security update, re-opening. ** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-7184 -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1648903 Title: Permission denied and inconsistent behavior in complain mode with 'ip netns list' command Status in AppArmor: In Progress Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Bug description: On 16.04 with Ubuntu 4.4.0-53.74-generic 4.4.30 With this profile: #include profile test (attach_disconnected,complain) { #include /{,usr/}{,s}bin/ip ixr, # COMMENT OUT THIS RULE TO SEE WEIRDNESS capability sys_admin, capability net_admin, capability sys_ptrace, network netlink raw, ptrace (trace), / r, /run/netns/ rw, /run/netns/* rw, mount options=(rw, rshared) -> /run/netns/, mount options=(rw, bind) /run/netns/ -> /run/netns/, mount options=(rw, bind) / -> /run/netns/*, mount options=(rw, rslave) /, mount options=(rw, rslave), # LP: #1648245 umount /sys/, umount /, /bin/dash ixr, } Everything is fine when I do: $ sudo apparmor_parser -r /home/jamie/apparmor.profile && sudo aa-exec -p test -- sh -c 'ip netns list' $ and there are no ALLOWED entries in syslog. However, if I comment out the '/{,usr/}{,s}bin/ip ixr,' rule, I get a permission denied and a bunch of ALLOWED entries: $ sudo apparmor_parser -r /home/jamie/apparmor.profile && sudo aa-exec -p test -- sh -c 'ip netns list' open("/proc/self/ns/net"): Permission denied Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.862629] audit: type=1400 audit(1481324889.782:469): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="test" pid=4314 comm="apparmor_parser" Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870339] audit: type=1400 audit(1481324889.790:470): apparmor="ALLOWED" operation="exec" profile="test" name="/bin/ip" pid=4317 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="test//null-/bin/ip" Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870559] audit: type=1400 audit(1481324889.790:471): apparmor="ALLOWED" operation="open" profile="test//null-/bin/ip" name="/etc/ld.so.cache" pid=4317 comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870628] audit: type=1400 audit(1481324889.790:472): apparmor="ALLOWED" operation="open" profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/libdl-2.23.so" pid=4317 comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870703] audit: type=1400 audit(1481324889.790:473): apparmor="ALLOWED" operation="open" profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/libc-2.23.so" pid=4317 comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870861] audit: type=1400 audit(1481324889.790:474): apparmor="ALLOWED" operation="file_mprotect" profile="test//null-/bin/ip" name="/bin/ip" pid=4317 comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.870913] audit: type=1400 audit(1481324889.790:475): apparmor="ALLOWED" operation="file_mprotect" profile="test//null-/bin/ip" name="/lib/x86_64-linux-gnu/ld-2.23.so" pid=4317 comm="ip" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871019] audit: type=1400 audit(1481324889.790:476): apparmor="ALLOWED" operation="create" profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink" sock_type="raw" protocol=0 requested_mask="create" denied_mask="create" Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871066] audit: type=1400 audit(1481324889.790:477): apparmor="ALLOWED" operation="setsockopt" profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink" sock_type="raw" protocol=0 requested_mask="setopt" denied_mask="setopt" Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871099] audit: type=1400 audit(1481324889.790:478): apparmor="ALLOWED" operation="setsockopt" profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink" sock_type="raw" protocol=0 requested_mask="setopt" denied_mask="setopt" Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871128] audit: type=1400 audit(1481324889.790:479): apparmor="ALLOWED" operation="bind" profile="test//null-/bin/ip" pid=4317 comm="ip" family="netlink" sock_type="raw" protocol=0 requested_mask="bind" denied_mask="bind" Dec 9 17:08:09 sec-xenial-amd64 kernel: [ 3117.871672] audit: type=1400 audit(1481324889.794:480): apparmor="ALLOWED"
[Group.of.nepali.translators] [Bug 1673837] Re: linux-hwe-edge: 4.10.0-14.16~16.04.1 -proposed tracker
** Changed in: kernel-sru-workflow/certification-testing Status: Confirmed => Invalid ** Changed in: kernel-sru-workflow/verification-testing Status: Confirmed => Invalid -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1673837 Title: linux-hwe-edge: 4.10.0-14.16~16.04.1 -proposed tracker Status in Kernel SRU Workflow: In Progress Status in Kernel SRU Workflow automated-testing series: Fix Released Status in Kernel SRU Workflow certification-testing series: Invalid Status in Kernel SRU Workflow prepare-package series: Fix Released Status in Kernel SRU Workflow prepare-package-meta series: Fix Released Status in Kernel SRU Workflow prepare-package-signed series: Fix Released Status in Kernel SRU Workflow promote-to-proposed series: Fix Released Status in Kernel SRU Workflow promote-to-security series: New Status in Kernel SRU Workflow promote-to-updates series: New Status in Kernel SRU Workflow regression-testing series: Confirmed Status in Kernel SRU Workflow security-signoff series: Fix Released Status in Kernel SRU Workflow upload-to-ppa series: New Status in Kernel SRU Workflow verification-testing series: Invalid Status in linux-hwe-edge package in Ubuntu: Invalid Status in linux-hwe-edge source package in Xenial: Confirmed Bug description: This bug is for tracking the 4.10.0-14.16~16.04.1 upload package. This bug will contain status and testing results related to that upload. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- boot-testing-requested: true phase: Promoted to proposed proposed-announcement-sent: true proposed-testing-requested: true To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1673837/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1677600] [NEW] Xenial update to v4.4.58 stable release
Public bug reported: SRU Justification Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The v4.4.58 upstream stable patch set is now available. It should be included in the Ubuntu kernel as well. git://git.kernel.org/ TEST CASE: TBD The following patches from the v4.4.58 stable release shall be applied: net/openvswitch: Set the ipv6 source tunnel key address attribute correctly net: bcmgenet: Do not suspend PHY if Wake-on-LAN is enabled net: properly release sk_frag.page amd-xgbe: Fix jumbo MTU processing on newer hardware net: unix: properly re-increment inflight counter of GC discarded candidates net/mlx5: Increase number of max QPs in default profile net/mlx5e: Count LRO packets correctly net: bcmgenet: remove bcmgenet_internal_phy_setup() ipv4: provide stronger user input validation in nl_fib_input() socket, bpf: fix sk_filter use after free in sk_clone_lock tcp: initialize icsk_ack.lrcvtime at session start time Input: elan_i2c - add ASUS EeeBook X205TA special touchpad fw Input: i8042 - add noloop quirk for Dell Embedded Box PC 3000 Input: iforce - validate number of endpoints before using them Input: ims-pcu - validate number of endpoints before using them Input: hanwang - validate number of endpoints before using them Input: yealink - validate number of endpoints before using them Input: cm109 - validate number of endpoints before using them Input: kbtab - validate number of endpoints before using them Input: sur40 - validate number of endpoints before using them ALSA: seq: Fix racy cell insertions during snd_seq_pool_done() ALSA: ctxfi: Fix the incorrect check of dma_set_mask() call ALSA: hda - Adding a group of pin definition to fix headset problem USB: serial: option: add Quectel UC15, UC20, EC21, and EC25 modems USB: serial: qcserial: add Dell DW5811e ACM gadget: fix endianness in notifications usb: gadget: f_uvc: Fix SuperSpeed companion descriptor's wBytesPerInterval usb-core: Add LINEAR_FRAME_INTR_BINTERVAL USB quirk USB: uss720: fix NULL-deref at probe USB: lvtest: fix NULL-deref at probe USB: idmouse: fix NULL-deref at probe USB: wusbcore: fix NULL-deref at probe usb: musb: cppi41: don't check early-TX-interrupt for Isoch transfer usb: hub: Fix crash after failure to read BOS descriptor uwb: i1480-dfu: fix NULL-deref at probe uwb: hwa-rc: fix NULL-deref at probe mmc: ushc: fix NULL-deref at probe iio: adc: ti_am335x_adc: fix fifo overrun recovery iio: hid-sensor-trigger: Change get poll value function order to avoid sensor properties losing after resume from S3 parport: fix attempt to write duplicate procfiles ext4: mark inode dirty after converting inline directory mmc: sdhci: Do not disable interrupts while waiting for clock xen/acpi: upload PM state from init-domain to Xen iommu/vt-d: Fix NULL pointer dereference in device_to_iommu ARM: at91: pm: cpu_idle: switch DDR to power-down mode ARM: dts: at91: sama5d2: add dma properties to UART nodes cpufreq: Restore policy min/max limits on CPU online raid10: increment write counter after bio is split libceph: don't set weight to IN when OSD is destroyed xfs: don't allow di_size with high bit set xfs: fix up xfs_swap_extent_forks inline extent handling nl80211: fix dumpit error path RTNL deadlocks USB: usbtmc: add missing endpoint sanity check xfs: clear _XBF_PAGES from buffers when readahead page igb: add i211 to i210 PHY workaround vfio/spapr: Postpone allocation of userspace version of TCE table block: allow WRITE_SAME commands with the SG_IO ioctl fbcon: Fix vc attr at deinit crypto: algif_hash - avoid zero-sized array Linux 4.4.58 ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Affects: linux (Ubuntu Xenial) Importance: Undecided Status: New ** Tags: kernel-stable-tracking-bug ** Tags added: kernel-stable-tracking-bug ** Also affects: linux (Ubuntu Xenial) Importance: Undecided Status: New ** Description changed: + SRU Justification - SRU Justification + Impact: + The upstream process for stable tree updates is quite similar + in scope to the Ubuntu SRU process, e.g., each patch has to + demonstrably fix a bug, and each patch is vetted by upstream + by originating either directly from a mainline/stable Linux tree or + a minimally backported form of that patch. The v4.4.58 upstream stable + patch set is now available. It should be included in the Ubuntu + kernel as well. - Impact: -The upstream process for stable tree updates is quite similar -in scope to the Ubuntu SRU process, e.g., each patch has to -demonstrably fix a bug, and each patch is vetted by upstream
[Group.of.nepali.translators] [Bug 1677398] Re: Apparmor prevents using ZFS storage pools
Extending your already good testcase description: # create a simple guest $ sudo apt-get install uvtool-libvirt zfsutils-linux $ uvt-simplestreams-libvirt --verbose sync --source http://cloud-images.ubuntu.com/daily arch=amd64 label=daily release=xenial $ ssh-keygen $ uvt-kvm create --password=ubuntu testguest release=xenial arch=amd64 label=daily # create a zpool to use $ for i in $(seq 1 3); do dd if=/dev/zero of=/tmp/fdisk${i} bs=1M count=1024; done $ sudo zpool create internal /tmp/fdisk* # make pool in libvirt and guest disk foo $ virsh pool-define-as internal zfs $ virsh pool-start internal $ virsh vol-create-as internal foo 2G # link up zpool, by adding this to the guest # start the guest $ virsh start testguest All run into: Could not open '/dev/zvol/internal/foo': Permission denied And I can see the reported Deny: apparmor="DENIED" operation="open" [...] name="/dev/zd0" [...] That said setting to confirmed for now. Also I checked this applies to all of releases X-Z. Need to dive into aa-helper how close or far that is as of today to get this done. ** Changed in: libvirt (Ubuntu) Status: New => Confirmed ** Also affects: libvirt (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: libvirt (Ubuntu Zesty) Importance: Undecided Status: Confirmed ** Also affects: libvirt (Ubuntu Yakkety) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1677398 Title: Apparmor prevents using ZFS storage pools Status in libvirt package in Ubuntu: Confirmed Status in libvirt source package in Xenial: Confirmed Status in libvirt source package in Yakkety: Confirmed Status in libvirt source package in Zesty: Confirmed Bug description: Apparmor prevents qemu-kvm guests from using ZFS volumes. [Impact] * ZFS storage pools are not usable. [Test Case] 0) Create a zpool (system specific so not documented here) 1) Create a ZFS storage pool (named like your zpool, "internal" here) virsh pool-define-as internal zfs virsh pool-start internal 2) Create a volume virsh vol-create-as internal foo 2G 2) Create a KVM guest 4) Edit the guest's XML profile to use the ZFS volume (zvol) 5) Start the guest The guest refuses to start: # virsh start nms error: Failed to start domain foo error: internal error: process exited while connecting to monitor: 2017-03-29T22:07:31.507017Z qemu-system-x86_64: -drive file=/dev/zvol/internal/foo,format=raw,if=none,id=drive-virtio-disk0,cache=none: Could not open '/dev/zvol/internal/foo': Permission denied dmesg reveals the culprit: apparmor="DENIED" operation="open" profile="libvirt-988a8c25-5190-4762-8170-55dc75fc66ca" name="/dev/zd224" pid=23052 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=109 ouid=109 apparmor="DENIED" operation="open" profile="libvirt-988a8c25-5190-4762-8170-55dc75fc66ca" name="/dev/zd224" pid=23052 comm="qemu-system-x86" requested_mask="wr" denied_mask="wr" fsuid=109 ouid=109 Checking /etc/apparmor.d/libvirt/libvirt-$UUID.files shows that no "/dev/zdXX" has been added. [Additional info] # lsb_release -rd Description: Ubuntu 16.04.2 LTS Release: 16.04 # apt-cache policy libvirt-bin apparmor linux-image-generic libvirt-bin: Installed: 1.3.1-1ubuntu10.8 Candidate: 1.3.1-1ubuntu10.8 Version table: *** 1.3.1-1ubuntu10.8 500 500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages 100 /var/lib/dpkg/status 1.3.1-1ubuntu10 500 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages apparmor: Installed: 2.10.95-0ubuntu2.5 Candidate: 2.10.95-0ubuntu2.5 Version table: *** 2.10.95-0ubuntu2.5 500 500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages 100 /var/lib/dpkg/status 2.10.95-0ubuntu2 500 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages linux-image-generic: Installed: 4.4.0.70.76 Candidate: 4.4.0.70.76 Version table: *** 4.4.0.70.76 500 500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages 100 /var/lib/dpkg/status 4.4.0.21.22 500 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: libvirt-bin 1.3.1-1ubuntu10.8 ProcVersionSignature: Ubuntu 4.4.0-70.91-generic 4.4.49 Uname: Linux 4.4.0-70-generic x86_64 NonfreeKernelModules: zfs zunicode zcommon znvpair zavl ApportVersion: 2.20.1-0ubuntu2.5 Architecture: amd64 Date: Wed Mar 29 17:48:06 2017
[Group.of.nepali.translators] [Bug 1664912] Re: linux-lts-xenial 4.4.0-63.84~14.04.2 ADT test failure with linux-lts-xenial 4.4.0-63.84~14.04.2
Unfortunately also "SAUCE: apparmor: fix link auditing failure due to, uninitialized var" got reverted in the big revert for bug 1666897. So not really fixed in Yakkety and Xenial based kernels right now. ** Changed in: linux (Ubuntu Xenial) Status: Fix Released => Triaged ** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged ** Changed in: linux-lts-xenial (Ubuntu Trusty) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1664912 Title: linux-lts-xenial 4.4.0-63.84~14.04.2 ADT test failure with linux-lts- xenial 4.4.0-63.84~14.04.2 Status in linux package in Ubuntu: Fix Released Status in linux-lts-xenial package in Ubuntu: Invalid Status in linux source package in Trusty: Invalid Status in linux-lts-xenial source package in Trusty: Triaged Status in linux source package in Xenial: Triaged Status in linux-lts-xenial source package in Xenial: Invalid Status in linux source package in Yakkety: Triaged Status in linux-lts-xenial source package in Yakkety: Invalid Status in linux source package in Zesty: Fix Released Status in linux-lts-xenial source package in Zesty: Invalid Bug description: Testing failed on: amd64: https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-trusty/trusty/amd64/l/linux-lts-xenial/20170214_051856_a19a2@/log.gz To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1664912/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1638996] Re: apparmor's raw_data file in securityfs is sometimes truncated
** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1638996 Title: apparmor's raw_data file in securityfs is sometimes truncated Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Bug description: Hi, It looks like sometimes apparmor's securityfs output is sometimes truncated, root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_/profiles/usr.lib.snapd.snap-confine.1# ls -al total 0 drwxr-xr-x 3 root root 0 Nov 3 16:45 . drwxr-xr-x 13 root root 0 Nov 3 16:44 .. -r--r--r-- 1 root root 0 Nov 3 16:45 attach -r--r--r-- 1 root root 0 Nov 3 16:45 mode -r--r--r-- 1 root root 0 Nov 3 16:45 name drwxr-xr-x 3 root root 0 Nov 3 16:45 profiles -r--r--r-- 1 root root 0 Nov 3 16:45 raw_abi -r--r--r-- 1 root root 46234 Nov 3 16:45 raw_data -r--r--r-- 1 root root 0 Nov 3 16:45 raw_hash -r--r--r-- 1 root root 0 Nov 3 16:45 sha1 root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_/profiles/usr.lib.snapd.snap-confine.1# cat raw_data > /tmp/out root@zesty:/sys/kernel/security/apparmor/policy/namespaces/lxd-zest_/profiles/usr.lib.snapd.snap-confine.1# ls -al /tmp/out -rw-r--r-- 1 root root 4009 Nov 3 16:55 /tmp/out and 2016-11-03 10:58:01 tych0 jjohansen: hi, http://paste.ubuntu.com/23421551/ 2016-11-03 10:58:18 tych0 it looks like fstat is lying to me about the size of the policy 2016-11-03 10:59:20 @jjohansen tych0: hrmm interesting, can you zip up the /tmp/out file so I can see it looks like a complete policy file? 2016-11-03 11:00:03 @jjohansen something is definitely not right there. hrmmm 2016-11-03 11:00:26 @jjohansen the size is set by the input buffer size 2016-11-03 11:00:28 tych0 jjohansen: http://files.tycho.ws/tmp/out 2016-11-03 11:00:36 tych0 yeah, i assume 2016-11-03 11:01:15 @jjohansen my guess is something is messing up in the seq_file walk of the policy 2016-11-03 11:02:38 @jjohansen tych0: yep the file is truncated, can you open a bug and I will start looking for it 2016-11-03 11:03:14 tych0 jjohansen: sure, just on linux? 2016-11-03 11:03:35 @jjohansen tych0: yeah for now, just linux 2016-11-03 11:03:43 @jjohansen we can add others if needed later 2016-11-03 11:03:44 tych0 jjohansen: FWIW, somehow it seems racy, becasue sometimes it works and sometimes it doesn't To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1638996/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1660832] Re: unix domain socket cross permission check failing with nested namespaces
Not fixed because we had to revert the commits due to various regressions. ** Changed in: linux (Ubuntu Xenial) Status: Fix Released => Triaged ** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1660832 Title: unix domain socket cross permission check failing with nested namespaces Status in apparmor package in Ubuntu: Confirmed Status in linux package in Ubuntu: Fix Released Status in apparmor source package in Xenial: Confirmed Status in linux source package in Xenial: Triaged Status in apparmor source package in Yakkety: Confirmed Status in linux source package in Yakkety: Triaged Status in apparmor source package in Zesty: Confirmed Status in linux source package in Zesty: Fix Released Bug description: When using nested namespaces policy within the nested namespace is trying to cross validate with policy outside of the namespace that is not visible to it. This results the access being denied and with no way to add a rule to policy that would allow it. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1660832/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1645037] Re: apparmor_parser hangs indefinitely when called by multiple threads
** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1645037 Title: apparmor_parser hangs indefinitely when called by multiple threads Status in apparmor package in Ubuntu: Triaged Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Status in linux source package in Zesty: Fix Released Bug description: This bug surfaced when starting ~50 LXC container with LXD in parallel multiple times: # Create the containers for c in c foo{1..50}; do lxc launch images:ubuntu/xenial $c; done # Exectute this loop multiple times until you observe errors. for c in c foo{1..50}; do lxc restart $c & done After this you can ps aux | grep apparmor and you should see output similar to: root 19774 0.0 0.0 12524 1116 pts/1S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo30 root 19775 0.0 0.0 12524 1208 pts/1S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo26 root 19776 0.0 0.0 13592 3224 pts/1D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo30 root 19778 0.0 0.0 13592 3384 pts/1D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo26 root 19780 0.0 0.0 12524 1208 pts/1S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo43 root 19782 0.0 0.0 12524 1208 pts/1S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo34 root 19783 0.0 0.0 13592 3388 pts/1D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo43 root 19784 0.0 0.0 13592 3252 pts/1D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo34 root 19794 0.0 0.0 12524 1208 pts/1S+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo25 root 19795 0.0 0.0 13592 3256 pts/1D+ 20:14 0:00 apparmor_parser -RWL /var/lib/lxd/security/apparmor/cache /var/lib/lxd/security/apparmor/profiles/lxd-foo25 apparmor_parser remains stuck even after all LXC/LXD commands have exited. dmesg output yields lines like: [41902.815174] audit: type=1400 audit(1480191089.678:43): apparmor="STATUS" operation="profile_load" profile="unconfined" name ="lxd-foo30_" pid=12545 comm="apparmor_parser" and cat /proc/12545/stack shows: [] aa_remove_profiles+0x88/0x270 21:19 brauner [] profile_remove+0x144/0x2e0 21:19 brauner [] __vfs_write+0x18/0x40 21:19 brauner [] vfs_write+0xb8/0x1b0 21:19 brauner [] SyS_write+0x55/0xc0 21:19 brauner [] entry_SYSCALL_64_fastpath+0x1e/0xa8 21:19 brauner [] 0x This looks like a potential kernel bug. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1645037/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1658219] Re: flock not mediated by 'k'
** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1658219 Title: flock not mediated by 'k' Status in AppArmor: In Progress Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Bug description: $ cat ./apparmor.profile #include profile test { #include /bin/bash ixr, /dev/pts/* rw, /usr/bin/flock ixr, # Not blocked: # aa-exec -p test -- flock -w 1 /tmp/test.lock -c true /tmp/test.lock rw, } $ sudo apparmor_parser -r ./apparmor.profile $ aa-exec -p test -- flock -w 1 /tmp/test.lock -c true && echo yes yes $ ls -l /tmp/test.lock -rw-rw-r-- 1 jamie jamie 0 Jan 20 15:57 /tmp/test.lock The flock command uses flock(LOCK_EX) and I expected it to be blocked due to the lack of 'k'. apparmor userspace 2.10.95-0ubuntu2.5 (xenial) and 4.9.0-12.13-generic kernel on amd64. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1658219/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1660834] Re: apparmor label leak when new label is unused
** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1660834 Title: apparmor label leak when new label is unused Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Status in linux source package in Zesty: Fix Released Bug description: When a new label is created, it is created with a proxy in a circular ref count that is broken by replacement. However if the label is not used it will never be replaced and the circular ref count will never be broken resulting in a leak. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660834/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1660833] Re: apparmor reference count bug in label_merge_insert()
** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1660833 Title: apparmor reference count bug in label_merge_insert() Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Status in linux source package in Zesty: Fix Released Bug description: @new does not have a reference taken locally and should not have its reference put locally either. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660833/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1656121] Re: unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt from a unshared mount namespace
** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1656121 Title: unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt from a unshared mount namespace Status in AppArmor: Confirmed Status in linux package in Ubuntu: Incomplete Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Bug description: This bug is based on a discussion with jjohansen on IRC. While working on a feature for snapd (https://github.com/snapcore/snapd/pull/2624) we came across an unexpected EACCES that only seems to happen when apparmor is in the loop. The kernel log shows something interesting. The full log is available here: http://paste.ubuntu.com/23789099/ Jan 12 23:16:43 autopkgtest kernel: [ 498.616822] audit: type=1400 audit(1484259403.009:67): apparmor="ALLOWED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="snap .test-snapd-tools.cmd//null-/usr/bin/snap//null-/usr/lib/snapd/snap- confine" name="" pid=25299 comm="snap-confine" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 The code that triggers this is reproduced below (also visible here https://github.com/snapcore/snapd/pull/2624/files) +void sc_reassociate_with_pid1_mount_ns() +{ +int init_mnt_fd __attribute__ ((cleanup(sc_cleanup_close))) = -1; +int self_mnt_fd __attribute__ ((cleanup(sc_cleanup_close))) = -1; + +debug("checking if the current process shares mount namespace" + "with the init process"); + +init_mnt_fd = open("/proc/1/ns/mnt", + O_RDONLY | O_CLOEXEC | O_NOFOLLOW | O_PATH); +if (init_mnt_fd < 0) { +die("cannot open mount namespace of the init process (O_PATH)"); +} +self_mnt_fd = open("/proc/self/ns/mnt", + O_RDONLY | O_CLOEXEC | O_NOFOLLOW | O_PATH); +if (self_mnt_fd < 0) { +die("cannot open mount namespace of the current process (O_PATH)"); +} +char init_buf[128], self_buf[128]; +memset(init_buf, 0, sizeof init_buf); +if (readlinkat(init_mnt_fd, "", init_buf, sizeof init_buf) < 0) { +die("cannot perform readlinkat() on the mount namespace file " +"descriptor of the init process"); +} +memset(self_buf, 0, sizeof self_buf); +if (readlinkat(self_mnt_fd, "", self_buf, sizeof self_buf) < 0) { +die("cannot perform readlinkat() on the mount namespace file " +"descriptor of the current process"); +} +if (memcmp(init_buf, self_buf, sizeof init_buf) != 0) { +debug("the current process does not share mount namespace with " + "the init process, re-association required"); +// NOTE: we cannot use O_NOFOLLOW here because that file will always be a +// symbolic link. We actually want to open it this way. +int init_mnt_fd_real +__attribute__ ((cleanup(sc_cleanup_close))) = -1; +init_mnt_fd_real = open("/proc/1/ns/mnt", O_RDONLY | O_CLOEXEC); +if (init_mnt_fd_real < 0) { +die("cannot open mount namespace of the init process"); +} +if (setns(init_mnt_fd_real, CLONE_NEWNS) < 0) { +die("cannot re-associate the mount namespace with the init process"); +} +} else { +debug("re-associating is not required"); +} +} The specific part that causes the error is: + init_mnt_fd_real = open("/proc/1/ns/mnt", O_RDONLY | O_CLOEXEC); The call to open returns -1 and errno set to 13 (EACCES) despite using attach_disconnected. The code in question is executed from a seguid root executable that runs under a complain-mode profile (it is started from a process that is already confined with such a profile). All of the profiles are using attach_disconnected. I can reproduce this issue each time by running: spread -debug -v qemu:ubuntu-16.04-64:tests/regression/lp-1644439 Against the code in this pull request: https://github.com/snapcore/snapd/pull/2624 Which is git://github.com/zyga/snapd in the "reassociate-fix" branch Appropriate qemu images can be made using instructions from: https://github.com/zyga/spread-qemu-images I'm also happy to try any test kernels as I can easily run those. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1656121/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to :
[Group.of.nepali.translators] [Bug 1660836] Re: apparmor auditing denied access of special apparmor .null fi\ le
** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1660836 Title: apparmor auditing denied access of special apparmor .null fi\ le Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Status in linux source package in Zesty: Fix Released Bug description: When an fd is disallowed from being inherited during exec, instead of closed it is duped to a special apparmor/.null file. This prevents the fd from being reused by another file in case the application expects the original file on a give fd (eg stdin/stdout etc). This results in a denial message like [32375.561535] audit: type=1400 audit(1478825963.441:358): apparmor="DENIED" op\ eration="file_inherit" namespace="root//lxd-t_" profile="/sbin/dhc\ lient" name="/dev/pts/1" pid=16795 comm="dhclient" requested_mask="wr" denied_m\ ask="wr" fsuid=165536 ouid=165536 Further access to the fd is resultin in the rather useless denial message of [32375.566820] audit: type=1400 audit(1478825963.445:359): apparmor="DENIED" op\ eration="file_perm" namespace="root//lxd-t_" profile="/sbin/dhclie\ nt" name="/apparmor/.null" pid=16795 comm="dhclient" requested_mask="w" denied_\ mask="w" fsuid=165536 ouid=0 since we have the original denial, the noisy and useless .null based denials can be skipped. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660836/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1660840] Re: apparmor oops in bind_mnt when dev_path lookup fails
** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1660840 Title: apparmor oops in bind_mnt when dev_path lookup fails Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Status in linux source package in Zesty: Fix Released Bug description: Bind mounts can oops when devname lookup fails because the devname is unintialized and used in auditing the denial. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660840/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1660842] Re: apparmor not checking error if security_pin_fs() fails
** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1660842 Title: apparmor not checking error if security_pin_fs() fails Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Status in linux source package in Zesty: Fix Released Bug description: The error condition of security_pin_fs() was not being checked which will result can result in an oops or use after free, due to the fs pin count not being incremented. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660842/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1660845] Re: apparmor reference count leak when securityfs_setup_d_inode\ () fails
** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1660845 Title: apparmor reference count leak when securityfs_setup_d_inode\ () fails Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Status in linux source package in Zesty: Fix Released Bug description: apparmor is leaking the parent ns ref count, by directly returning the error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660845/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1661030] Re: regession tests failing after stackprofile test is run
** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1661030 Title: regession tests failing after stackprofile test is run Status in apparmor package in Ubuntu: Fix Released Status in linux package in Ubuntu: Incomplete Status in apparmor source package in Xenial: Fix Committed Status in linux source package in Xenial: Triaged Status in apparmor source package in Yakkety: Fix Committed Status in linux source package in Yakkety: Triaged Status in apparmor source package in Zesty: Fix Released Status in linux source package in Zesty: Incomplete Bug description: from source, I'm running the tests and the makefile fails at the end with: running stackprofile Makefile:303: recipe for target 'tests' failed make: *** [tests] Error 1 No idea why that is happening. It's breaking on our kernel team regression tests runs, so can this be investigated? The source was fetched using "apt-get source apparmor". A full run is below: king@ubuntu:~/apparmor-2.10.95/tests/regression/apparmor$ sudo make USE_SYSTEM=1 tests running aa_exec running access xfail: ACCESS file rx (r) xfail: ACCESS file rwx (r) xfail: ACCESS file r (wx) xfail: ACCESS file rx (wx) xfail: ACCESS file rwx (wx) xfail: ACCESS dir rwx (r) xfail: ACCESS dir r (wx) xfail: ACCESS dir rx (wx) xfail: ACCESS dir rwx (wx) running at_secure running introspect running capabilities (ptrace) (sethostname) (setdomainname) (setpriority) (setscheduler) (reboot) (chroot) (mlockall) (net_raw) (ioperm) (iopl) running changeprofile running onexec running changehat running changehat_fork running changehat_misc *** A 'Killed' message from bash is expected for the following test /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 12503 Killed $testexec "$@" > $outfile 2>&1 *** A 'Killed' message from bash is expected for the following test /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 12537 Killed $testexec "$@" > $outfile 2>&1 running chdir running clone running coredump *** A 'Segmentation Fault' message from bash is expected for the following test /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 12803 Segmentation fault (core dumped) $testexec "$@" > $outfile 2>&1 *** A 'Segmentation Fault' message from bash is expected for the following test /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 12833 Segmentation fault $testexec "$@" > $outfile 2>&1 *** A 'Segmentation Fault' message from bash is expected for the following test /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 12869 Segmentation fault $testexec "$@" > $outfile 2>&1 *** A 'Segmentation Fault' message from bash is expected for the following test /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 12905 Segmentation fault $testexec "$@" > $outfile 2>&1 *** A 'Segmentation Fault' message from bash is expected for the following test /home/king/apparmor-2.10.95/tests/regression/apparmor/prologue.inc: line 219: 12941 Segmentation fault $testexec "$@" > $outfile 2>&1 XFAIL: Error: corefile present when not expected -- COREDUMP (ix confinement) running deleted running environ Fatal Error (environ): Unable to run test sub-executable running exec running exec_qual running fchdir running fd_inheritance running fork running i18n running link running link_subset running mkdir running mmap running mount using mount rules ... running mult_mount running named_pipe running namespaces running net_raw running open running openat running pipe running pivot_root running ptrace using ptrace v6 tests ... running pwrite running query_label Alert: query_label passed. Test 'QUERY file (all base perms #1)' was marked as expected pass but known problem (xpass) xpass: QUERY file (all base perms #1) Alert: query_label passed. Test 'QUERY file (all base perms #2)' was marked as expected pass but known problem (xpass) xpass: QUERY file (all base perms #2) running regex running rename running readdir running rw running socketpair running swap mkswap: /tmp/sdtest.21272-20356-eRXvtR/swapfile: insecure permissions 0644, 0600 suggested. swapon: /tmp/sdtest.21272-20356-eRXvtR/swapfile: insecure permissions 0644, 0600 suggested. running sd_flags running setattr running symlink running syscall running tcp
[Group.of.nepali.translators] [Bug 1660849] Re: apparmor refcount leak of profile namespace when removing profiles
** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1660849 Title: apparmor refcount leak of profile namespace when removing profiles Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Status in linux source package in Zesty: Fix Released Bug description: When doing profile removal, the parent ns of the profiles is taken, but the reference isn't being put, resulting in the ns never being freed even after it is removed. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660849/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1660846] Re: apparmor leaking securityfs pin count
** Changed in: linux (Ubuntu Yakkety) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1660846 Title: apparmor leaking securityfs pin count Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Triaged Status in linux source package in Yakkety: Triaged Status in linux source package in Zesty: Fix Released Bug description: apparmor is leaking pinfs refcoutn when inode setup fails. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1660846/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1642679] Re: The OpenStack network_config.json implementation fails on Hyper-V compute nodes
** Changed in: nova Status: Fix Released => Incomplete -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1642679 Title: The OpenStack network_config.json implementation fails on Hyper-V compute nodes Status in cloud-init: Fix Released Status in OpenStack Compute (nova): Incomplete Status in cloud-init package in Ubuntu: Fix Released Status in cloud-init source package in Xenial: Fix Released Status in cloud-init source package in Yakkety: Fix Released Bug description: === Begin SRU Template === [Impact] When a config drive provides network_data.json on Azure OpenStack, cloud-init will fail to configure networking. Console log and /var/log/cloud-init.log will show: ValueError: Unknown network_data link type: hyperv This woudl also occur when the type of the network device as declared to cloud-init was 'hw_veb', 'hyperv', or 'vhostuser'. [Test Case] Launch an instance with config drive on hyperv cloud. [Regression Potential] Low to none. cloud-init is relaxing requirements and will accept things now that it previously complained were invalid. === End SRU Template === We have discovered an issue when booting Xenial instances on OpenStack environments (Liberty or newer) and Hyper-V compute nodes using config drive as metadata source. When applying the network_config.json, cloud-init fails with this error: http://paste.openstack.org/show/RvHZJqn48JBb0TO9QznL/ The fix would be to add 'hyperv' as a link type here: /usr/lib/python3/dist-packages/cloudinit/sources/helpers/openstack.py, line 587 Related bugs: * bug 1674946: cloud-init fails with "Unknown network_data link type: dvs * bug 1642679: OpenStack network_config.json implementation fails on Hyper-V compute nodes To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/1642679/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1564778] Re: package libsane-common 1.0.25+git20150528-1ubuntu2 failed to install/upgrade: trying to overwrite '/etc/sane.d/hp.conf', which is also in package libsan
This bug was fixed in the package sane-backends - 1.0.25+git20150528-1ubuntu3 --- sane-backends (1.0.25+git20150528-1ubuntu3) zesty; urgency=medium * control: add breaks/replaces between libsane and libsane-common to fix earlier packaging mistake. LP: #1564778 The changes is safe to drop from z+1. -- Rolf LeggewieThu, 09 Feb 2017 17:29:27 +0800 ** Changed in: sane-backends (Ubuntu Zesty) Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1564778 Title: package libsane-common 1.0.25+git20150528-1ubuntu2 failed to install/upgrade: trying to overwrite '/etc/sane.d/hp.conf', which is also in package libsane:i386 1.0.23-3ubuntu3.1 Status in sane-backends package in Ubuntu: Fix Released Status in sane-backends source package in Xenial: New Status in sane-backends source package in Yakkety: New Status in sane-backends source package in Zesty: Fix Released Bug description: [ Impact ] This is a packaging error when upgrading from trusty to xenial. You may see a file conflict error because a file moved from libsane to libsane-common. This is fairly common, as you can see from the dupes and affect-count. As described in comment #4, only xenial really needs to be patched. But since it shares the same version of sane-backends as yakkety and zesty, it's nice to update both of those so that upgraders get a clean path. [ Test Case ] Install libsane and libsane-common on trusty. Upgrade to xenial. [ Regression Potential ] Tiny. This is just a Breaks/Conflict packaging error. No code changes. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sane-backends/+bug/1564778/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1513529] Re: cloud images should be built with the same /etc/apt/sources.list as server images
This bug was fixed in the package livecd-rootfs - 2.408.9 --- livecd-rootfs (2.408.9) xenial; urgency=medium [ Daniel Watkins ] * Don't overwrite the default sources.list in cloud images. * Replace sources.list generated using COMPONENTS with the sources.list from an Ubuntu Server installation (i.e. with all components enabled, and all deb-src lines commented). LP: #1513529. [ Chris Glass ] * Fix the manifest generation in OVA files so that ovf files don't have double extensions. (LP: #1627931) * Fix the OVF's metadata to include Ubuntu specific identifiers and descriptions instead of the generic Linux ones. (LP: #1656293) [ Daniel Watkins ] * Add replace_grub_root_with_label function thereby consolidating multiple uses of the same calls to sed. [ Robert C Jennings ] * ubuntu-cpc: Remove redundant copy of grub files. (LP: #1637290) -- Robert C JenningsThu, 23 Mar 2017 14:40:59 -0400 ** Changed in: livecd-rootfs (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1513529 Title: cloud images should be built with the same /etc/apt/sources.list as server images Status in cloud-images: Fix Released Status in livecd-rootfs package in Ubuntu: Fix Released Status in livecd-rootfs source package in Xenial: Fix Released Bug description: [Impact] In systems created from cloud images where cloud-init does not run (or has not yet run), /etc/apt/sources.list does not have the same contents as it has in a server install. This inconsistency can cause image modification/bootstrap to fail. [Test Case] Examine the cloud image built from livecd-rootfs, and confirm that the sources.list matches that in a server ISO install. [Regression Potential] Limited; the majority of cloud image usage does invoke cloud-init, which already writes out a source.list that matches the server ISO. This change aligns non-cloud-init usage to the existing norm. [Original Report] When we were poking around under bug 1177432 we found that /etc/apt/sources.list that is built into the image does not match that of an installed system. This /etc/apt/sources.list is used if cloud- init did not re-write the file (such as woudl be used if you mounted the image directly and ran apt-get update). Example showing the problem: $ qemu-img create -f qcow2 -b wily/release-20151029/ubuntu-15.10-server-cloudimg-amd64-disk1.img /tmp/disk.img $ sudo mount-image-callback /tmp/disk.img --read-only chroot _MOUNTPOINT_ cat /etc/apt/sources.list deb http://archive.ubuntu.com/ubuntu/ wily main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu/ wily-updates main restricted universe multiverse deb http://security.ubuntu.com/ubuntu/ wily-security main restricted universe multiverse What we'd like to see here is exactly what we just added to cloud-init. For reference, as attached to bug 1177432, see trusty [1] and wily [2] examples. For reference, MAAS installed systems end up getting the built-in /etc/apt/sources.list with the ubuntu mirrors updated. So this change after making it all the way through will result in maas images having the same list as ISO installed systems also. -- [1] https://launchpadlibrarian.net/224142290/trusty-sources.list [2] https://launchpadlibrarian.net/224142308/wily-sources.list Related bugs: * bug 1177432 [SRU] Enable backports in cloud-init archive template To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/1513529/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1627931] Re: SHA256 checksum for ovf in xenial-server-cloudimg-amd64.ova has incorrect path
This bug was fixed in the package livecd-rootfs - 2.408.9 --- livecd-rootfs (2.408.9) xenial; urgency=medium [ Daniel Watkins ] * Don't overwrite the default sources.list in cloud images. * Replace sources.list generated using COMPONENTS with the sources.list from an Ubuntu Server installation (i.e. with all components enabled, and all deb-src lines commented). LP: #1513529. [ Chris Glass ] * Fix the manifest generation in OVA files so that ovf files don't have double extensions. (LP: #1627931) * Fix the OVF's metadata to include Ubuntu specific identifiers and descriptions instead of the generic Linux ones. (LP: #1656293) [ Daniel Watkins ] * Add replace_grub_root_with_label function thereby consolidating multiple uses of the same calls to sed. [ Robert C Jennings ] * ubuntu-cpc: Remove redundant copy of grub files. (LP: #1637290) -- Robert C JenningsThu, 23 Mar 2017 14:40:59 -0400 ** Changed in: livecd-rootfs (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1627931 Title: SHA256 checksum for ovf in xenial-server-cloudimg-amd64.ova has incorrect path Status in cloud-images: In Progress Status in livecd-rootfs package in Ubuntu: Fix Released Status in livecd-rootfs source package in Xenial: Fix Released Status in livecd-rootfs source package in Yakkety: Fix Committed Bug description: [Impact] * Users will be unable to import OVA disk images with tools that check the manifest to verify file checksums [Test Case] $ apt-get install virtualbox $ wget http://cloud-images.ubuntu.com/xenial/current/xenial-server- cloudimg-amd64.ova ## Requires version newer than 5.0.32_Ubuntur112930 in zesty) $ vboxmanage -version 5.1.18_Ubuntur114002 $ vboxmanage import xenial-server-cloudimg-amd64.ova 0%...10%...20%...30%...40%...50%...60%...70%...80%...90%... Progress state: VBOX_E_FILE_ERROR VBoxManage: error: Appliance import failed VBoxManage: error: Digest mismatch (VERR_NOT_EQUAL): 'ubuntu-xenial-16.04-cloudimg.ovf.ovf' not found in the 2nd manifest VBoxManage: error: Details: code VBOX_E_FILE_ERROR (0x80bb0004), component ApplianceWrap, interface IAppliance VBoxManage: error: Context: "RTEXITCODE handleImportAppliance(HandlerArg*)" at line 886 of file VBoxManageAppliance.cpp ## Expecting import success "Successfully imported the appliance." [Regression Potential] * Very low: If a tool is checking the manifest and has been modified to strip a duplicate ".ovf" from the name to allow the current image to work but also removed handing for valid files it would fail (but we know this is not true as there exists in the manifest a file that is already specified with the correct filename). [Original Description] Opening the current "xenial-server-cloudimg-amd64.ova" file from cloud-images.ubuntu.com in VirtualBox produces this error: Failed to import appliance C:/Users/Jesse/Downloads/xenial-server- cloudimg-amd64.ova. Digest mismatch (VERR_NOT_EQUAL): 'ubuntu- xenial-16.04-cloudimg.ovf.ovf' not found in the 2nd manifest. Result Code: VBOX_E_FILE_ERROR (0x80BB0004) Component: ApplianceWrap Interface: IAppliance {8398f026-4add-4474-5bc3-2f9f2140b23e} The ubuntu-xenial-16.04-cloudimg.mf inside the .ova has this contents: SHA256(ubuntu-xenial-16.04-cloudimg.vmdk)= 1a9d4ebadf89aa3a12a20f9933b5f88e3b0edcb00fa286c653356bc2ff9d4a29 SHA256(ubuntu-xenial-16.04-cloudimg.ovf.ovf)= eaca73e5217e0d12f1b5bfbbec039f445c89b807d0c5aba11f842639abb40d35 After changing ".ovf.ovf" to ".ovf" and saving the file inside the .ova, importing the .ova works. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/1627931/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1637290] Re: Update to the signed 0.9+1474479173.6c180c6-1ubuntu1 shim binary from Microsoft
This bug was fixed in the package livecd-rootfs - 2.408.9 --- livecd-rootfs (2.408.9) xenial; urgency=medium [ Daniel Watkins ] * Don't overwrite the default sources.list in cloud images. * Replace sources.list generated using COMPONENTS with the sources.list from an Ubuntu Server installation (i.e. with all components enabled, and all deb-src lines commented). LP: #1513529. [ Chris Glass ] * Fix the manifest generation in OVA files so that ovf files don't have double extensions. (LP: #1627931) * Fix the OVF's metadata to include Ubuntu specific identifiers and descriptions instead of the generic Linux ones. (LP: #1656293) [ Daniel Watkins ] * Add replace_grub_root_with_label function thereby consolidating multiple uses of the same calls to sed. [ Robert C Jennings ] * ubuntu-cpc: Remove redundant copy of grub files. (LP: #1637290) -- Robert C JenningsThu, 23 Mar 2017 14:40:59 -0400 ** Changed in: livecd-rootfs (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1637290 Title: Update to the signed 0.9+1474479173.6c180c6-1ubuntu1 shim binary from Microsoft Status in grub2 package in Ubuntu: Fix Released Status in grub2-signed package in Ubuntu: Fix Released Status in livecd-rootfs package in Ubuntu: Fix Released Status in shim package in Ubuntu: Fix Released Status in shim-signed package in Ubuntu: Fix Released Status in grub2 source package in Precise: New Status in grub2-signed source package in Precise: New Status in livecd-rootfs source package in Precise: Invalid Status in shim source package in Precise: New Status in shim-signed source package in Precise: New Status in grub2 source package in Trusty: In Progress Status in grub2-signed source package in Trusty: In Progress Status in livecd-rootfs source package in Trusty: Invalid Status in shim source package in Trusty: In Progress Status in shim-signed source package in Trusty: In Progress Status in grub2 source package in Xenial: Fix Committed Status in grub2-signed source package in Xenial: Fix Committed Status in livecd-rootfs source package in Xenial: Fix Released Status in shim source package in Xenial: Fix Committed Status in shim-signed source package in Xenial: Fix Committed Status in grub2 source package in Yakkety: Fix Committed Status in grub2-signed source package in Yakkety: Fix Committed Status in livecd-rootfs source package in Yakkety: Fix Released Status in shim source package in Yakkety: In Progress Status in shim-signed source package in Yakkety: Fix Committed Bug description: [Impact] We might want to boot securely one of these days. [Test case] 1) Upgrading - Update to new shim, shim-signed, grub2, grub2-signed on an UEFI system. - Verify that the new shimx64.efi file is under /boot/efi/EFI/ubuntu, along with mmx64.efi and fbx64.efi. - Verify that /boot/efi/EFI/ubuntu/MokManager.efi no longer exists. - Verify that trying to apt install grub alone, or apt install shim alone, pulls in the correct matching versions of packages and gives the same results. 2) Booting normally - Update to new shim, shim-signed, grub2, grub2-signed on an UEFI system, with Secure Boot enabled. - Verify it boots successfully to the login prompt. - There should be no messages about "Verification failure" or other errors before the kernel is loaded. 3) Network boot. - Update to shim signed and grub2 signed EFI binaries on the TFTP server used. - Verify that a network booting system still boots normally through shim and grub, reaching a login prompt. 4) BootEntry options - Update to new shim, shim-signed, grub2, grub2-signed on an UEFI system. - Update or install fwupdate. - Verify that new updates can be applied via fwupdate, that when an update is available, fwupdate will correctly start, apply the update, and reboot to shim normally, leading to a working system. 5) live builds - confirm that the new version of livecd-rootfs has been published to -updates first, and that a daily build of the UEFI-enabled cloud images succeeds with the new shim filenames. [Regression Potential] Any failure to load the kernel from grub, or for shim to load grub, or for the system firmware to load shim (such as "Verification failure" messages) or failure to retrieve or parse BootEntry extended options (such as necessary to load MokManager or fwupdate) should be considered regressions. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1637290/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to :
[Group.of.nepali.translators] [Bug 1656293] Re: OVF metadata for Ubuntu is wrong
This bug was fixed in the package livecd-rootfs - 2.408.9 --- livecd-rootfs (2.408.9) xenial; urgency=medium [ Daniel Watkins ] * Don't overwrite the default sources.list in cloud images. * Replace sources.list generated using COMPONENTS with the sources.list from an Ubuntu Server installation (i.e. with all components enabled, and all deb-src lines commented). LP: #1513529. [ Chris Glass ] * Fix the manifest generation in OVA files so that ovf files don't have double extensions. (LP: #1627931) * Fix the OVF's metadata to include Ubuntu specific identifiers and descriptions instead of the generic Linux ones. (LP: #1656293) [ Daniel Watkins ] * Add replace_grub_root_with_label function thereby consolidating multiple uses of the same calls to sed. [ Robert C Jennings ] * ubuntu-cpc: Remove redundant copy of grub files. (LP: #1637290) -- Robert C JenningsThu, 23 Mar 2017 14:40:59 -0400 ** Changed in: livecd-rootfs (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1656293 Title: OVF metadata for Ubuntu is wrong Status in cloud-images: In Progress Status in livecd-rootfs package in Ubuntu: Fix Released Status in livecd-rootfs source package in Xenial: Fix Released Status in livecd-rootfs source package in Yakkety: Fix Committed Bug description: [Impact] * Ubuntu images are identified generically as 32- or 64-bit Linux with a 2.6 kernel rather than Ubuntu 32-/64-bit images. Tools that consume the images can not perform OS-specific actions based on the current metadata. [Test Case] $ apt-get install virtualbox $ wget http://cloud-images.ubuntu.com/xenial/current/xenial-server- cloudimg-amd64.ova $ vboxmanage import --dry-run xenial-server-cloudimg-amd64.ova ... Virtual system 0: 0: Suggested OS type: "Linux26_64" (change with "--vsys 0 --ostype "; use "list ostypes" to list all possible values) ... We would expect the following after the fix: Virtual system 0: 0: Suggested OS type: "Ubuntu_64" [Regression Potential] * Low: A user downloads the image with the change and checks the OS type field to see that Ubuntu is a marked as a generic 2.6 kernel Linux image and now we will have changed "Linux26_*" to "Ubuntu_*". [Original Description] The OVF files produced by cloud-images currently contain: The kind of installed guest operating system The OVF specification has entries for Ubuntu, and that usually allows client machines to customize the host using whatever their method is. The specific entries for Ubuntu 64 bits are: - ovf:id: 94 - ovf:osType: ubuntu64Guest The specific entries for Ubuntu 32 bits are: - ovf:id: 93 - ovf:osType: ubuntu32Guest To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/1656293/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp