[Group.of.nepali.translators] [Bug 1718149] Re: linux: 4.4.0-97.120 -proposed tracker

[Taihsiang Ho]

Hardware Certification have completed testing this -proposed kernel. No
regressions were observed, results are available here:
http://people.canonical.com/~hwcert/sru-testing/xenial/4.4.0-97.120
/xenial-proposed-published.html

** Tags added: certification-testing-passed

** Changed in: kernel-sru-workflow/certification-testing
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1718149

Title:
  linux: 4.4.0-97.120 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Fix Released
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-signed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Fix Released
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow upload-to-ppa series:
  Invalid
Status in Kernel SRU Workflow verification-testing series:
  Confirmed
Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Xenial:
  Confirmed

Bug description:
  This bug is for tracking the  upload package.
  This bug will contain status and testing results related to that
  upload.

  For an explanation of the tasks and the associated workflow see:
  https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  backports: 1718150,1718151
  derivatives: 1718153,1718154,1718155,1718156,1718157
  -- swm properties --
  boot-testing-requested: true
  phase: Promoted to proposed
  proposed-announcement-sent: true
  proposed-testing-requested: true

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1718149/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1721676] [NEW] implement errno action logging in seccomp for strict mode with snaps

[Tyler Hicks]

Public bug reported:

A requirement for snappy is that security sandbox violations against
policy are logged. In this manner learning tools can be written to parse
the logs, etc and make developing on snappy easier.

The current default seccomp action, in strict mode. is to kill the
snap's thread that violated the policy but this is unfriendly to the
developer and to the user. The desired action is to block the illegal
system call and return an error with errno set to EPERM. However,
seccomp does not emit log events when it takes that action. Seccomp
should be updated to emit log events when taking the SECCOMP_RET_ERRNO
action and then snappy can switch to the using that action when blocking
illegal system calls.

[Impact]

Snapd needs a way to log SECCOMP_RET_ERRNO seccomp actions in order to
have a more friendly strict mode. Such functionality has been merged
upstream into 4.14-rc2.

No libseccomp changes are needed at this time since snap-confine loads
the BPF filter directly into the kernel without using libseccomp.

[Test Case]

Running the libseccomp "live" tests will exercise the kernel's seccomp
enforcement and help to help catch any regressions. Note that on Artful,
there's an existing test failure (20-live-basic_die%%002-1):

$ sudo apt build-dep -y libseccomp
$ sudo apt install -y cython
$ apt source libseccomp
$ cd libseccomp-*
$ autoreconf -ivf && ./configure --enable-python && make check-build
$ (cd tests && ./regression -T live)

All tests should pass on zesty (12 tests) and xenial (10 tests). On artful, 
you'll see one pre-existing failure:
...
Test 20-live-basic_die%%002-1 result: FAILURE 20-live-basic_die TRAP rc=159
...
Regression Test Summary
 tests run: 12
 tests skipped: 0
 tests passed: 11
 tests failed: 1
 tests errored: 0


[Regression Potential]

The kernel patches received a lot of review between Kees and some others
interested in improved seccomp logging. I authored the patches and feel
comfortable/confident with my backported versions. They do not change
the behavior of seccomp logging by default but offer ways applications
to opt into more logging and, on the flipside, ways for the
administrator to quite any additional logging.

** Affects: snappy
 Importance: Medium
 Assignee: Tyler Hicks (tyhicks)
 Status: In Progress

** Affects: linux (Ubuntu)
 Importance: Undecided
 Assignee: Tyler Hicks (tyhicks)
 Status: Fix Released

** Affects: linux (Ubuntu Xenial)
 Importance: Undecided
 Assignee: Tyler Hicks (tyhicks)
 Status: In Progress

** Affects: linux (Ubuntu Zesty)
 Importance: Undecided
 Assignee: Tyler Hicks (tyhicks)
 Status: In Progress

** Affects: linux (Ubuntu Artful)
 Importance: Undecided
 Assignee: Tyler Hicks (tyhicks)
 Status: Fix Released

** Also affects: linux (Ubuntu)
   Importance: Undecided
   Status: New

** Also affects: linux (Ubuntu Artful)
   Importance: Undecided
   Status: New

** Also affects: linux (Ubuntu Zesty)
   Importance: Undecided
   Status: New

** Also affects: linux (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: linux (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: linux (Ubuntu Xenial)
 Assignee: (unassigned) => Tyler Hicks (tyhicks)

** Changed in: linux (Ubuntu Zesty)
   Status: New => In Progress

** Changed in: linux (Ubuntu Zesty)
 Assignee: (unassigned) => Tyler Hicks (tyhicks)

** Changed in: linux (Ubuntu Artful)
   Status: New => Fix Released

** Changed in: linux (Ubuntu Artful)
 Assignee: (unassigned) => Tyler Hicks (tyhicks)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1721676

Title:
  implement errno action logging in seccomp for strict mode with snaps

Status in Snappy:
  In Progress
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  In Progress
Status in linux source package in Zesty:
  In Progress
Status in linux source package in Artful:
  Fix Released

Bug description:
  A requirement for snappy is that security sandbox violations against
  policy are logged. In this manner learning tools can be written to
  parse the logs, etc and make developing on snappy easier.

  The current default seccomp action, in strict mode. is to kill the
  snap's thread that violated the policy but this is unfriendly to the
  developer and to the user. The desired action is to block the illegal
  system call and return an error with errno set to EPERM. However,
  seccomp does not emit log events when it takes that action. Seccomp
  should be updated to emit log events when taking the SECCOMP_RET_ERRNO
  action and then snappy can switch to the using that action when
  blocking illegal system calls.

  [Impact]

  

[Group.of.nepali.translators] [Bug 1718213] Re: [SRU] Juju 2.2.4

[Michael Hudson-Doyle]

** Also affects: juju-core (Ubuntu Zesty)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1718213

Title:
  [SRU] Juju 2.2.4

Status in juju-core package in Ubuntu:
  Invalid
Status in juju-core source package in Xenial:
  Triaged
Status in juju-core source package in Zesty:
  New

Bug description:
  This syncs juju with the upstream release bringing the latest bugfixes
  and enhancements.

  [SRU Information]
  juju-core has a stable release exception, including for major version 
updates, https://wiki.ubuntu.com/JujuUpdates.

  [Impact]
  A full list of targeted bugs can be seen against the milestone, and the 
intervening milestones:

  https://launchpad.net/juju/+milestone/2.0.3
  https://launchpad.net/juju/+milestone/2.0.4
  https://launchpad.net/juju/+milestone/2.1.0
  https://launchpad.net/juju/+milestone/2.1.1
  https://launchpad.net/juju/+milestone/2.1.2
  https://launchpad.net/juju/+milestone/2.1.3
  https://launchpad.net/juju/+milestone/2.2.0
  https://launchpad.net/juju/+milestone/2.2.1
  https://launchpad.net/juju/+milestone/2.2.2
  https://launchpad.net/juju/+milestone/2.2.3
  https://launchpad.net/juju/+milestone/2.2.4

  [QA/Testing]
  Juju practices continuous integration and testing of the juju source tree. 
The results for this release can be seen here:

  http://qa.jujucharms.com/releases/5729

  In addition, juju has adt test coverage for all supported archs,
  http://autopkgtest.ubuntu.com/packages/j/juju-core/.

  Finally, manual verification and testing of the package has been done
  per https://wiki.ubuntu.com/JujuUpdates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/juju-core/+bug/1718213/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1713537] Re: iscsi-targets don't quit session on shutdown

[Scott Moser]

** No longer affects: open-iscsi (Ubuntu Xenial)

** No longer affects: open-iscsi (Ubuntu Zesty)

** No longer affects: open-iscsi (Ubuntu Artful)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1713537

Title:
  iscsi-targets don't quit session on shutdown

Status in curtin:
  Fix Committed
Status in curtin package in Ubuntu:
  In Progress
Status in curtin source package in Xenial:
  Confirmed
Status in curtin source package in Zesty:
  Confirmed
Status in curtin source package in Artful:
  In Progress

Bug description:
  1. Artful (MAAS Image)[a]
  2. open-iscsi 2.0.874-4ubuntu1
  3. On shutdown, all iscsi sessions to be stopped and unmounted
  4. Iscsi stops but does not stop sessions and shutdown is blocked/hung

  [^[[0;32m  OK  ^[[0m] Reached target Shutdown.
  [  125.666350]  connection4:0: ping timeout of 5 secs expired, recv timeout 
5, last rx 4294921130, last ping 4294922432, now 4294923712
  [  125.922334]  connection3:0: ping timeout of 5 secs expired, recv timeout 
5, last rx 4294921211, last ping 4294922496, now 4294923776
  [  126.178553]  connection2:0: ping timeout of 5 secs expired, recv timeout 
5, last rx 4294921292, last ping 4294922560, now 4294923840
  [  126.434334]  connection1:0: ping timeout of 5 secs expired, recv timeout 
5, last rx 4294921371, last ping 4294922624, now 4294923904

  Note, previously released Artful MAAS images work fine:
  http://images.maas.io/ephemeral-v2/daily/artful/amd64/20170721/
  which contain 

  open-iscsi  2.0.873+git0.3b4b4500-14ubuntu17

  a. http://images.maas.io/ephemeral-v2/daily/artful/amd64/20170826/

To manage notifications about this bug go to:
https://bugs.launchpad.net/curtin/+bug/1713537/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1713537] Re: iscsi-targets don't quit session on shutdown

[Scott Moser]

** Also affects: curtin
   Importance: Undecided
   Status: New

** Changed in: curtin
   Status: New => Fix Committed

** Changed in: curtin
   Importance: Undecided => Medium

** Changed in: curtin (Ubuntu)
   Importance: Undecided => Medium

** Also affects: open-iscsi (Ubuntu Artful)
   Importance: Undecided
   Status: Invalid

** Also affects: curtin (Ubuntu Artful)
   Importance: Medium
   Status: In Progress

** Also affects: open-iscsi (Ubuntu Zesty)
   Importance: Undecided
   Status: New

** Also affects: curtin (Ubuntu Zesty)
   Importance: Undecided
   Status: New

** Also affects: open-iscsi (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: curtin (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: curtin (Ubuntu Xenial)
   Status: New => Confirmed

** Changed in: curtin (Ubuntu Zesty)
   Status: New => Confirmed

** Changed in: curtin (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: curtin (Ubuntu Zesty)
   Importance: Undecided => Medium

** No longer affects: open-iscsi (Ubuntu)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1713537

Title:
  iscsi-targets don't quit session on shutdown

Status in curtin:
  Fix Committed
Status in curtin package in Ubuntu:
  In Progress
Status in curtin source package in Xenial:
  Confirmed
Status in curtin source package in Zesty:
  Confirmed
Status in curtin source package in Artful:
  In Progress

Bug description:
  1. Artful (MAAS Image)[a]
  2. open-iscsi 2.0.874-4ubuntu1
  3. On shutdown, all iscsi sessions to be stopped and unmounted
  4. Iscsi stops but does not stop sessions and shutdown is blocked/hung

  [^[[0;32m  OK  ^[[0m] Reached target Shutdown.
  [  125.666350]  connection4:0: ping timeout of 5 secs expired, recv timeout 
5, last rx 4294921130, last ping 4294922432, now 4294923712
  [  125.922334]  connection3:0: ping timeout of 5 secs expired, recv timeout 
5, last rx 4294921211, last ping 4294922496, now 4294923776
  [  126.178553]  connection2:0: ping timeout of 5 secs expired, recv timeout 
5, last rx 4294921292, last ping 4294922560, now 4294923840
  [  126.434334]  connection1:0: ping timeout of 5 secs expired, recv timeout 
5, last rx 4294921371, last ping 4294922624, now 4294923904

  Note, previously released Artful MAAS images work fine:
  http://images.maas.io/ephemeral-v2/daily/artful/amd64/20170721/
  which contain 

  open-iscsi  2.0.873+git0.3b4b4500-14ubuntu17

  a. http://images.maas.io/ephemeral-v2/daily/artful/amd64/20170826/

To manage notifications about this bug go to:
https://bugs.launchpad.net/curtin/+bug/1713537/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1515513] Re: /boot/initrd.img-*.old-dkms files left behind

[Brian Murray]

** Changed in: dkms (Ubuntu)
   Status: Fix Released => In Progress

** Tags removed: verification-needed-xenial verification-needed-zesty
** Tags added: verification-failed-xenial verification-failed-zesty

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1515513

Title:
  /boot/initrd.img-*.old-dkms files left behind

Status in dkms package in Ubuntu:
  In Progress
Status in initramfs-tools package in Ubuntu:
  Confirmed
Status in dkms source package in Xenial:
  Fix Committed
Status in initramfs-tools source package in Xenial:
  New
Status in dkms source package in Zesty:
  Fix Committed
Status in initramfs-tools source package in Zesty:
  New
Status in dkms package in Debian:
  New

Bug description:
  [Impact]
  If a dkms package is installed which has REMAKE_INITRD or the same setting 
has be manually configured by a user then when a kernel is removed its possible 
for an ".old-dkms" file to be left in /boot with no associated kernel.

  [Test Case]
  On a system with two old kernels and one new kernel available in -updates:
  1) install r8168-dkms
  2) install the dkms module for the old kernel e.g. 'sudo dkms install -m 
r8168 -v 8.041.00 -k 4.4.0-31-generic'
  3) upgrade your kernel e.g. "sudo apt install linux-image-generic'
  4) sudo apt autoremove
  5) observe something like "initrd.img-4.4.0-31-generic.old-dkms" in /boot 
without a corresponding "initrd.img-4.4.0-31-generic"

  With the version of dkms in -proposed, the .old-dkms file will be
  removed when the kernel is auto removed.

  [Regression Potential]
  Somebody out there might expect the .old-dkms file to be kept, but that seems 
like an odd expectation.

  One notices *.old-dkms files being left behind still sitting on the
  disk after purging the related kernel. This can cause /boot to become
  full, and when it gets really bad, even sudo apt-get autoremove won't
  fix the problem - only deleting the old-dkms files manually solves the
  problem.

  Note:  Filling up the /boot partition causes updates to fail.

  ProblemType: BugDistroRelease: Ubuntu 15.04
  Package: dkms 2.2.0.3-2ubuntu3.3
  ProcVersionSignature: Ubuntu 3.19.0-28.30-generic 3.19.8-ckt5
  Uname: Linux 3.19.0-28-generic x86_64
  ApportVersion: 2.17.2-0ubuntu1.7
  Architecture: amd64
  CurrentDesktop: KDE
  Date: Thu Nov 12 08:17:10 2015
  InstallationDate: Installed on 2015-05-05 (190 days ago)
  InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
  PackageArchitecture: allSourcePackage: dkms
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dkms/+bug/1515513/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1721626] [NEW] Remove obsolete versioned dependency on initramfs-tools Edit

[Steve Langasek]

Public bug reported:

[SRU Justification]
Up until artful, console-setup declares a versioned dependency on 
initramfs-tools. This was an Ubuntu-specific dependency only needed for 
upgrades, and the version referenced is ancient (ca. 2008). In artful and 
later, the dependency has now been removed.

Since this is no longer relevant for upgrades and we would not otherwise
have a dependency on initramfs-tools, we should drop this dependency to
support building of images with initramfs-tools removed for systems that
we know don't require an initramfs.

[Test case]
1. On a xenial default cloud image install, try to run 'sudo apt purge 
initramfs-tools'.
2. Verify that this tries to remove console-setup, console-setup-linux, and kbd.
3. Cancel the removal.
4. Install console-setup from xenial-proposed.
5. Run 'sudo apt purge initramfs-tools' again.
6. Verify that console-setup, console-setup-linux, and kbd are not removed.
7. Run 'sudo apt install --reinstall console-setup' and confirm that the 
package can be installed successfully without initramfs-tools installed.

[Regression Potential]
If a user needs an initramfs in order to mount their root device, and 
console-setup is the only package on their system which depends on 
initramfs-tools, it is possible that the user may remove initramfs-tools and 
render their system unbootable.

This is unlikely because initramfs-tools is still part of the 'minimal'
seed and is therefore a dependency of ubuntu-minimal; and it remains a
dependency of the generic kernel image.

** Affects: console-setup (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: console-setup (Ubuntu Xenial)
 Importance: Undecided
 Assignee: Steve Langasek (vorlon)
 Status: In Progress

** Changed in: console-setup (Ubuntu)
   Status: New => Fix Released

** Also affects: console-setup (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: console-setup (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: console-setup (Ubuntu Xenial)
 Assignee: (unassigned) => Steve Langasek (vorlon)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1721626

Title:
  Remove obsolete versioned dependency on initramfs-tools Edit

Status in console-setup package in Ubuntu:
  Fix Released
Status in console-setup source package in Xenial:
  In Progress

Bug description:
  [SRU Justification]
  Up until artful, console-setup declares a versioned dependency on 
initramfs-tools. This was an Ubuntu-specific dependency only needed for 
upgrades, and the version referenced is ancient (ca. 2008). In artful and 
later, the dependency has now been removed.

  Since this is no longer relevant for upgrades and we would not
  otherwise have a dependency on initramfs-tools, we should drop this
  dependency to support building of images with initramfs-tools removed
  for systems that we know don't require an initramfs.

  [Test case]
  1. On a xenial default cloud image install, try to run 'sudo apt purge 
initramfs-tools'.
  2. Verify that this tries to remove console-setup, console-setup-linux, and 
kbd.
  3. Cancel the removal.
  4. Install console-setup from xenial-proposed.
  5. Run 'sudo apt purge initramfs-tools' again.
  6. Verify that console-setup, console-setup-linux, and kbd are not removed.
  7. Run 'sudo apt install --reinstall console-setup' and confirm that the 
package can be installed successfully without initramfs-tools installed.

  [Regression Potential]
  If a user needs an initramfs in order to mount their root device, and 
console-setup is the only package on their system which depends on 
initramfs-tools, it is possible that the user may remove initramfs-tools and 
render their system unbootable.

  This is unlikely because initramfs-tools is still part of the
  'minimal' seed and is therefore a dependency of ubuntu-minimal; and it
  remains a dependency of the generic kernel image.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/console-setup/+bug/1721626/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1703742] Re: Transparent hugepages should default to enabled=madvise

[Kamal Mostafa]

** Also affects: linux-gke (Ubuntu)
   Importance: Undecided
   Status: New

** No longer affects: linux-gke (Ubuntu Yakkety)

** No longer affects: linux-gke (Ubuntu Zesty)

** No longer affects: linux-gke (Ubuntu Artful)

** Changed in: linux-gke (Ubuntu Xenial)
   Status: New => Fix Committed

** Changed in: linux-gke (Ubuntu Xenial)
 Assignee: (unassigned) => Kamal Mostafa (kamalmostafa)

** Changed in: linux-gke (Ubuntu)
   Status: New => Fix Committed

** Changed in: linux-gke (Ubuntu)
 Assignee: (unassigned) => Kamal Mostafa (kamalmostafa)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1703742

Title:
  Transparent hugepages should default to enabled=madvise

Status in linux package in Ubuntu:
  Fix Released
Status in linux-gke package in Ubuntu:
  Fix Committed
Status in linux source package in Xenial:
  In Progress
Status in linux-gke source package in Xenial:
  Fix Committed
Status in linux source package in Yakkety:
  Won't Fix
Status in linux source package in Zesty:
  In Progress
Status in linux source package in Artful:
  Fix Released

Bug description:
  Ubuntu kernels should default transparent_hugepages to
  enabled=madvise, not enabled=always

  (this corresponds to TRANSPARENT_HUGEPAGE_MADVISE=y in .config).

  I've blogged about this at some length here:
  https://blog.nelhage.com/post/transparent-hugepages/ but here is a
  summary:

  Transparent Hugepages are a feature that allows the kernel to attempt
  to automatically back any anonymous maps with "huge" 2MiB page tables,
  instead of the normal 4k entries. It can produce small net performance
  gains in certain benchmarks, but also has numerous downsides, in the
  form of apparent memory leaks and 30% slowdowns or worse for some
  applications. Many popular pieces of software now refuse to run with
  hugepages enabled because of known performance issues.

  Examples of problem reports:
  MongoDB: https://docs.mongodb.com/manual/tutorial/transparent-huge-pages/
  Oracle: 
https://blogs.oracle.com/linux/entry/performance_issues_with_transparent_huge
  Splunk: 
https://docs.splunk.com/Documentation/Splunk/6.5.2/ReleaseNotes/SplunkandTHP
  Go runtime: https://github.com/golang/go/issues/8832
  jemalloc: 
https://blog.digitalocean.com/transparent-huge-pages-and-alternative-memory-allocators/
  node.js: https://github.com/nodejs/node/issues/11077

  Setting `enabled=madvise` enables applications that know they benefit
  from transparent huge pages to opt-in to this feature, while
  eliminating all the problematic behavior for other applications. Note
  also that transparent hugepage settings don't affect the use of
  explicit hugepages via hugetlbfs or mmap(…, MAP_HUGETLB, …)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1703742/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1692334] Re: neutron bash completion helper is not installed

[Ryan Beisner]

This bug was fixed in the package python-neutronclient - 1:6.1.0-0ubuntu3~cloud0
---

 python-neutronclient (1:6.1.0-0ubuntu3~cloud0) xenial-ocata; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 python-neutronclient (1:6.1.0-0ubuntu3) zesty; urgency=medium
 .
   * d/rules: include neutron bash completion helper in python-neutronclient
 package (LP: #1692334).


** Changed in: cloud-archive/ocata
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1692334

Title:
  neutron bash completion helper is not installed

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive mitaka series:
  New
Status in Ubuntu Cloud Archive newton series:
  New
Status in Ubuntu Cloud Archive ocata series:
  Fix Released
Status in python-neutronclient package in Ubuntu:
  Fix Released
Status in python-neutronclient source package in Xenial:
  Fix Committed
Status in python-neutronclient source package in Zesty:
  Fix Released

Bug description:
  [Impact]

  Upstream's bash completion helper ( https://github.com/openstack
  /python-neutronclient/blob/master/tools/neutron.bash_completion ) is
  not installed.

  debian/rules copies neutron.bash_completion file to $(CURDIR)/debian
  /python-neutronclient-doc/usr/share/bash-
  completion/completions/neutron , but python-neutronclient-doc package
  is not defined in debian/control

  [Test Case]

  * apt install python-neutronclient
  * source novarc
  * neutron net-

  Expected result:

  The following list of available commands is printed
  net-createnet-external-list net-gateway-create
net-gateway-disconnectnet-gateway-show  net-ip-availability-list  
net-list  net-show
  net-deletenet-gateway-connect   net-gateway-delete
net-gateway-list  net-gateway-updatenet-ip-availability-show  
net-list-on-dhcp-agentnet-update

  Actual Result:

  Nothing is printed.

  [Regression Potential]

  This patch does not change the source code, it only installs a new
  file that currently is being discarded during the building process.

  A potential regression is that users who installed the neutron client
  completion helper manually and when they install this package it will
  overwrite it, because this is not a configuration file. But even in
  that case the user shouldn't notice any difference as "neutron "
  will still bring up a list of commands.

  Additional note:

  About the following autopkgtest failures :

  --
  Xenial
  Regression in autopkgtest for nova (s390x): test log

  Zesty
  Regression in autopkgtest for magnum (s390x): test log
  --

  The failures are not related to this change, nova autopkgtest failure
  is being analyzed at
  https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1713059

  [Other info]
  N/A

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1692334/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1717615] Re: encoded slashes being blocked by Apache

[Corey Bryant]

** Also affects: cloud-archive
   Importance: Undecided
   Status: New

** Also affects: cloud-archive/mitaka
   Importance: Undecided
   Status: New

** Also affects: cloud-archive/newton
   Importance: Undecided
   Status: New

** Also affects: cloud-archive/ocata
   Importance: Undecided
   Status: New

** Also affects: cloud-archive/pike
   Importance: Undecided
   Status: New

** No longer affects: cloud-archive/pike

** Changed in: cloud-archive
   Status: New => Invalid

** Changed in: cloud-archive
   Status: Invalid => Fix Released

** Changed in: charm-helpers
   Status: New => Invalid

** Changed in: heat
   Status: New => Invalid

** Changed in: charm-heat
   Status: Triaged => Invalid

** Changed in: charm-heat
   Importance: High => Undecided

** Changed in: cloud-archive
   Importance: Undecided => High

** Changed in: cloud-archive/mitaka
   Importance: Undecided => High

** Changed in: cloud-archive/newton
   Importance: Undecided => High

** Changed in: cloud-archive/ocata
   Importance: Undecided => High

** Changed in: cloud-archive/mitaka
   Status: New => Triaged

** Changed in: cloud-archive/newton
   Status: New => Triaged

** Changed in: cloud-archive/ocata
   Status: New => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1717615

Title:
  encoded slashes being blocked by Apache

Status in OpenStack heat charm:
  Invalid
Status in Charm Helpers:
  Invalid
Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive mitaka series:
  Triaged
Status in Ubuntu Cloud Archive newton series:
  Triaged
Status in Ubuntu Cloud Archive ocata series:
  Triaged
Status in OpenStack Heat:
  Invalid
Status in python-heatclient package in Ubuntu:
  Fix Released
Status in python-heatclient source package in Xenial:
  Triaged
Status in python-heatclient source package in Zesty:
  New

Bug description:
  We came across a situation where we were unable to view resources in a
  stack inside Horizon. We traced it down to a communication problem
  with the Heat Apache frontend and Heat. After adjusting the log level
  for Apache, we came across the following error in the logs:

  [client 213.173.193.177:33920] AH00026: found %2f (encoded '/') in URI
  
(decoded='/v1/c064a39d602d4f42bc49e09057c97683/stacks/heat_test_foo/b5c125a3-d452-49a1-
  a12e-03e098fbb38c/resources/foo_vm-01'), returning 404

  As a workaround, we currently added the following line to the
  /etc/apache/sites-enabled/openstack-https_frontend.conf on our Heat
  instance:

  AllowEncodedSlashes On

  It is worth noting we tried to use the NoDecode option as well and
  that is didn't resolve the problem.

To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-heat/+bug/1717615/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Launchpad Bug Tracker]

This bug was fixed in the package vlan - 1.9-3.2ubuntu2.17.04.3

---
vlan (1.9-3.2ubuntu2.17.04.3) zesty; urgency=medium

  * Allow ip-rp-filter to be 0, 1, or 2 instead of only 0 or 1
(LP: #1716964)

 -- Dan Streetman   Wed, 20 Sep 2017
09:30:21 -0400

** Changed in: vlan (Ubuntu Zesty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

Status in vlan package in Ubuntu:
  Fix Released
Status in vlan source package in Trusty:
  Fix Released
Status in vlan source package in Xenial:
  Fix Released
Status in vlan source package in Zesty:
  Fix Released
Status in vlan source package in Artful:
  Fix Released
Status in vlan package in Debian:
  New

Bug description:
  [impact]

  Using ifupdown, vlan supported setting an interface's rp-filter value,
  but that can only set 0 or 1, but it cannot be set to 2.

  [test case]

  On any system using ifupdown to manage interfaces, add to an
  interface's config:

  if-rp-filter 2

  When the interface is brought up, its 
/proc/sys/net/ipv4/conf/$IFACE/rp_filter value will be set to 1 instead of 2.  
With the fixed vlan package, its value will correctly be set to 2.
  See also c#9 for a test example

  [regression potential]

  problems with this change could affect the value of an interface's
  rp_filter value.

  [other]

  the upstream debian bug for this has been open for 3 years without
  change, so it is unlikely debian will fix this.

  As outlined in c#4 and c#13 this setting is vlan not generally
  required for vlans (but often used with them). So it in question if
  eventually it should be added elsewhere and removed here, but for the
  SRU the bug is where it is (in the vlan package) and there it has to
  be fixed.

  ---

  [original description]

  When configuring a VLAN interface on /etc/network/interfaces, setting
  the ip-rp-filter value to 2 (loose mode reverse filtering) gets
  overridden by the /etc/network/if-up.d/ip script, which only allows
  for values 0 and 1.

  This is the relevant configuration in /etc/network/interfaces

  # The primary network interface
  auto eno1
  iface eno1 inet static
   address 10.1.2.36
   netmask 255.255.0.0
   gateway 10.1.1.2
   dns-search xxx.yy
   dns-nameservers 10.1.2.22 10.1.2.24

  # The administrative network
  auto eno1.2
  iface eno1.2 inet static
   address 172.16.1.8
   netmask 255.255.0.0
   ip-rp-filter 2
   vlan-raw-device eno1

  But it does not get correctly set

  ~# cat /proc/sys/net/ipv4/conf/eno1.2/rp_filter
  1

  And this is the script overriding the configuration

  ~# cat /etc/network/if-up.d/ip
  #!/bin/sh
  # This should probably go into ifupdown
  # But usually only those with lots of interfaces (vlans) need these
  if [ -d "/proc/sys/net/ipv4/conf/$IFACE" ]
  then
   if [ -n "$IF_IP_PROXY_ARP" ]; then
    if [ "$IF_IP_PROXY_ARP" -eq "1" ]; then
     echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
    else
     echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
    fi
   fi
   if [ -n "$IF_IP_RP_FILTER" ]; then
    if [ "$IF_IP_RP_FILTER" -eq "0" ]; then
     echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
    else
     echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
    fi
   fi
  fi

  It checks if $IF_IP_RP_FILTER is 0 and sets it as 0, otherwise sets it
  as 1, so it never allows to set is to 2 (loose mode).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1717477] Re: cloud-init generates ordering cycle via After=cloud-init in systemd-fsck

[Launchpad Bug Tracker]

This bug was fixed in the package cloud-init -
0.7.9-233-ge586fe35-0ubuntu1~16.04.2

---
cloud-init (0.7.9-233-ge586fe35-0ubuntu1~16.04.2) xenial-proposed; 
urgency=medium

  * cherry-pick a2f8ce9c: Do not provide systemd-fsck drop-in which
could cause systemd ordering loops (LP: #1717477).

 -- Scott Moser   Fri, 15 Sep 2017 15:23:38 -0400

** Changed in: cloud-init (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1717477

Title:
  cloud-init generates ordering cycle via After=cloud-init in systemd-
  fsck

Status in cloud-init:
  Fix Released
Status in cloud-init package in Ubuntu:
  Fix Released
Status in cloud-init source package in Xenial:
  Fix Released
Status in cloud-init source package in Zesty:
  Fix Released
Status in cloud-init source package in Artful:
  Fix Released

Bug description:
  http://pad.lv/1717477
  https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1717477

  === Begin SRU Template ===
  [Impact]
  Cloud-init's inclusion of a systemd drop-in file
/lib/systemd/system/systemd-fsck@.service.d/cloud-init.conf
  Caused a regression on systems that had entries in /etc/fstab
  that were not authored by cloud-init (specifically that did not have
  something like 'x-systemd.requires=cloud-init.service' in their
  filesystem options.

  [Test Case]
  The test can be done on any cloud that has space to put a non-root
  filesystem.

  a.) launch instance
  b.) upgrade to cloud-init to -updates pocket
  c.) create a filesystem and put it in /etc/fstab
  bdev="/dev/sdb1"
  mkdir -p /mnt
  mkfs.ext4 -F "$bdev"
  echo "$bdev /mnt auto defaults 0 2" >> /etc/fstab

  reboot
  d.) see mention of 'ordering cycle' in journal

  $ journalctl -o short-precise  | grep -i ordering.cycle
  Sep 15 14:08:48.331033 xenial-20170911-174122 systemd[1]: 
local-fs.target: Found ordering cycle on local-fs.target/start
  Sep 15 14:08:48.331097 xenial-20170911-174122 systemd[1]: 
local-fs.target: Breaking ordering cycle by deleting job mnt.mount/start
  Sep 15 14:08:48.331108 xenial-20170911-174122 systemd[1]: mnt.mount: Job 
mnt.mount/start deleted to break ordering cycle starting with 
local-fs.target/start

  e.) upgrade to proposed
  f.) reboot
  g.) expect no mention of ordering cycle as seen in 'd'
  $ journalctl -o short-precise  | grep -i ordering.cycle || echo "no 
cycles"
  no cycles

  [Regression Potential]
  This change will mean that bug 1691489 is present again.
  That bug is much less severe and affects a much smaller set of users.

  [Other Info]
  Upstream commit at
https://git.launchpad.net/cloud-init/commit/?id=a2f8ce9c80

  === End SRU Template ===


  We're running several machines with

    cloud-init_0.7.9-153-g16a7302f-0ubuntu1~16.04.2

  without problems.

  Just upgraded all machines to

    cloud-init_0.7.9-233-ge586fe35-0ubuntu1~16.04.1

  and rebooted them all.

  All machines report ordering cycles in their dmesg, resulting in systemd 
breaking the
  loop by NOT starting some important services, e.g. mouting local filesystems:

  Sep 14 15:43:52.487945 noname systemd[1]: networking.service: Found ordering 
cycle on networking.service/start
  Sep 14 15:43:52.487952 noname systemd[1]: networking.service: Found 
dependency on local-fs.target/start
  Sep 14 15:43:52.487960 noname systemd[1]: networking.service: Found 
dependency on home.mount/start
  Sep 14 15:43:52.487968 noname systemd[1]: networking.service: Found 
dependency on systemd-fsck@dev-disk-by\x2dlabel-Home.service/start
  Sep 14 15:43:52.487975 noname systemd[1]: networking.service: Found 
dependency on cloud-init.service/start
  Sep 14 15:43:52.487982 noname systemd[1]: networking.service: Found 
dependency on networking.service/start
  Sep 14 15:43:52.488297 noname systemd[1]: networking.service: Breaking 
ordering cycle by deleting job local-fs.target/start
  Sep 14 15:43:52.488306 noname systemd[1]: local-fs.target: Job 
local-fs.target/start deleted to break ordering cycle starting with 
networking.service/start

  % cat /etc/fstab
  LABEL=cloudimg-rootfs /ext4   defaults,discard0 1
  LABEL=Home/homexfsdefaults,logbufs=8  0 2

  In this case /home isn't mounted as a result of systemd breaking the
  loop, resulting in services depending on /home not being started.

  1. Tell us your cloud provider

  AWS

  2. dpkg-query -W -f='${Version}' cloud-init

  0.7.9-233-ge586fe35-0ubuntu1~16.04.1

  3. Any appropriate cloud-init configuration you can provide us

  Nothing special - worked with 0.7.9-153-g16a7302f-0ubuntu1~16.04.2 on
  all machines without hassle.

  The problem is this change:

  diff -uaNr 153/lib/systemd/system/systemd-fsck@.service.d/cloud-init.conf 

[Group.of.nepali.translators] [Bug 1571209] Re: Sockfile check retries too short for a busy system boot

[Launchpad Bug Tracker]

This bug was fixed in the package libvirt - 1.2.2-0ubuntu13.1.23

---
libvirt (1.2.2-0ubuntu13.1.23) trusty; urgency=medium

  * d/libvirt-bin.init, d/libvirt-bin.upstart: fix waiting for the libvirt
socket (LP: #1571209)
- avoid timing out on slow systems (only stop when service is stopped)
- fix whitespace damage formerly added to d/libvirt-bin.init
- no more long sleep without announcing to log
- check socket and service status more often for lower latency on changes
- fix check if unix_sock_dir path is set in /etc/libvirt/libvirtd.conf
- fix the upstart service name that is checked

 -- Christian Ehrhardt   Thu, 07 Sep
2017 14:22:45 +0200

** Changed in: libvirt (Ubuntu Trusty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1571209

Title:
  Sockfile check retries too short for a busy system boot

Status in libvirt package in Ubuntu:
  Fix Released
Status in libvirt source package in Precise:
  Won't Fix
Status in libvirt source package in Trusty:
  Fix Released
Status in libvirt source package in Wily:
  Won't Fix
Status in libvirt source package in Xenial:
  Fix Released
Status in libvirt source package in Zesty:
  Fix Released
Status in libvirt source package in Artful:
  Fix Released

Bug description:
  [Impact]

   * Libvirt service reports to be ready, but it has not spawned the libvirt 
 socket yet. Depending services fail. There was an SRU (#1455608) meant 
 to fix that but it has many deficiencies (not considering config, 
 giving up after 10 seconds, being an unconditional sleep 2, taking up 
 to 2 seconds to a service stop while in pist-start).

   * This is the backport and improvement of a change that was brought to 
 Yakkety already, but there due to systemd it doesn't matter too much.

  [Test Case]

   * There are two very different ways to "test" this due to the overload 
 based scenario where this really becomes important.

   * Version #1 - being lame
 One can just modify the upstart script and exchange the check for the 
 socket with /bin/true.
 That way it waits forever which allows you to check the log entries, 
 the abort responsiveness and similar.

   * Version #2 - recreating the case
 - This mostly means the system has to be very slow and overloaded.
   You can either just slow down the system (e.g. run a qemu with nice 
   MAX). Stress your host with other things burning CPU/memory/disk.
 - we worked with adding autostart guests (see comment #35) but that 
   actually takes place after the socket is created. The reported acse 
   had a raid rebuilding.
 - TL;DR get your system slow enough so that libvirt exceeds 10 seconds 
   to start properly (the old limit is 5*2 seconds)

  [Regression Potential]

   * I'd think that there might exist (super rare) cases were the post-start 
 now does spin forever. But by the definition 
 http://upstart.ubuntu.com/cookbook/#post-start this is correct. It is 
 started (yes) but not yet ready. Yet this might appear as a regression 
 to some.
   * Other than that clearly this should fix more issues than it (hopefully 
 not) causes.

  [Other Info]
   
   * n/a

  
  --- END SRU Template ---


  [ problem description ]

  sockfile_check_retries is first introduced by #1455608, for preventing
  the failure case of sockfile not ready, but it was default to a hard-
  coded value "5", it might be too short for a busy system boot.

  #1455608 -
  https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1455608

  [ step to reproduce ]

  setup a clean install system (Ubuntu Server 14.04.4 LTS), and assemble
  os disk as RAID-1, boot up some guest instances (count > 10, start-at-
  boot), force shutdown host by pressing power-button for 3s ~ 5s, or
  via IPMI command, then power-on afterward. it may sometimes failed to
  get sockfile ready after in "post-start" script, with an line of error
  in /var/log/syslog,

  ==> kernel: [ 313.059830] init: libvirt-bin post-start process (2430)
  terminated with status 1 <==

  since there's multiple VMs Read/Write before a non-graceful shutdown,
  RAID devices need to re-sync after boot, and lead to a slow response,
  but start-up script for libvirt-bin can only wait 5 cycles, 2 seconds
  wait for each cycle, so it will timed-out after 10s, and exit with
  "1".

  [ possible solution ]

  extend the retry times for sockfile waiting, and make it possible to
  change via editing `/etc/default/libvirt-bin` file.

  

  [ sysinfo ]

  $ lsb_release -a
  No LSB modules are available.
  Distributor ID: Ubuntu
  Description: Ubuntu 14.04.4 LTS
  Release: 14.04
  Codename: trusty

  $ uname -a
  Linux host2 4.2.0-35-generic #40~14.04.1-Ubuntu SMP Fri Mar 

[Group.of.nepali.translators] [Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Launchpad Bug Tracker]

This bug was fixed in the package vlan - 1.9-3ubuntu10.5

---
vlan (1.9-3ubuntu10.5) trusty; urgency=medium

  * Allow ip-rp-filter to be 0, 1, or 2 instead of only 0 or 1
(LP: #1716964)

 -- Dan Streetman   Wed, 20 Sep 2017
09:30:21 -0400

** Changed in: vlan (Ubuntu Trusty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

Status in vlan package in Ubuntu:
  Fix Released
Status in vlan source package in Trusty:
  Fix Released
Status in vlan source package in Xenial:
  Fix Released
Status in vlan source package in Zesty:
  Fix Committed
Status in vlan source package in Artful:
  Fix Released
Status in vlan package in Debian:
  New

Bug description:
  [impact]

  Using ifupdown, vlan supported setting an interface's rp-filter value,
  but that can only set 0 or 1, but it cannot be set to 2.

  [test case]

  On any system using ifupdown to manage interfaces, add to an
  interface's config:

  if-rp-filter 2

  When the interface is brought up, its 
/proc/sys/net/ipv4/conf/$IFACE/rp_filter value will be set to 1 instead of 2.  
With the fixed vlan package, its value will correctly be set to 2.
  See also c#9 for a test example

  [regression potential]

  problems with this change could affect the value of an interface's
  rp_filter value.

  [other]

  the upstream debian bug for this has been open for 3 years without
  change, so it is unlikely debian will fix this.

  As outlined in c#4 and c#13 this setting is vlan not generally
  required for vlans (but often used with them). So it in question if
  eventually it should be added elsewhere and removed here, but for the
  SRU the bug is where it is (in the vlan package) and there it has to
  be fixed.

  ---

  [original description]

  When configuring a VLAN interface on /etc/network/interfaces, setting
  the ip-rp-filter value to 2 (loose mode reverse filtering) gets
  overridden by the /etc/network/if-up.d/ip script, which only allows
  for values 0 and 1.

  This is the relevant configuration in /etc/network/interfaces

  # The primary network interface
  auto eno1
  iface eno1 inet static
   address 10.1.2.36
   netmask 255.255.0.0
   gateway 10.1.1.2
   dns-search xxx.yy
   dns-nameservers 10.1.2.22 10.1.2.24

  # The administrative network
  auto eno1.2
  iface eno1.2 inet static
   address 172.16.1.8
   netmask 255.255.0.0
   ip-rp-filter 2
   vlan-raw-device eno1

  But it does not get correctly set

  ~# cat /proc/sys/net/ipv4/conf/eno1.2/rp_filter
  1

  And this is the script overriding the configuration

  ~# cat /etc/network/if-up.d/ip
  #!/bin/sh
  # This should probably go into ifupdown
  # But usually only those with lots of interfaces (vlans) need these
  if [ -d "/proc/sys/net/ipv4/conf/$IFACE" ]
  then
   if [ -n "$IF_IP_PROXY_ARP" ]; then
    if [ "$IF_IP_PROXY_ARP" -eq "1" ]; then
     echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
    else
     echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
    fi
   fi
   if [ -n "$IF_IP_RP_FILTER" ]; then
    if [ "$IF_IP_RP_FILTER" -eq "0" ]; then
     echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
    else
     echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
    fi
   fi
  fi

  It checks if $IF_IP_RP_FILTER is 0 and sets it as 0, otherwise sets it
  as 1, so it never allows to set is to 2 (loose mode).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1716964] Re: VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

[Launchpad Bug Tracker]

This bug was fixed in the package vlan - 1.9-3.2ubuntu1.16.04.4

---
vlan (1.9-3.2ubuntu1.16.04.4) xenial; urgency=medium

  * Allow ip-rp-filter to be 0, 1, or 2 instead of only 0 or 1
(LP: #1716964)

 -- Dan Streetman   Wed, 20 Sep 2017
09:30:21 -0400

** Changed in: vlan (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1716964

Title:
  VLAN network script if-up.d/ip limits rp_filter value to 0 or 1

Status in vlan package in Ubuntu:
  Fix Released
Status in vlan source package in Trusty:
  Fix Released
Status in vlan source package in Xenial:
  Fix Released
Status in vlan source package in Zesty:
  Fix Committed
Status in vlan source package in Artful:
  Fix Released
Status in vlan package in Debian:
  New

Bug description:
  [impact]

  Using ifupdown, vlan supported setting an interface's rp-filter value,
  but that can only set 0 or 1, but it cannot be set to 2.

  [test case]

  On any system using ifupdown to manage interfaces, add to an
  interface's config:

  if-rp-filter 2

  When the interface is brought up, its 
/proc/sys/net/ipv4/conf/$IFACE/rp_filter value will be set to 1 instead of 2.  
With the fixed vlan package, its value will correctly be set to 2.
  See also c#9 for a test example

  [regression potential]

  problems with this change could affect the value of an interface's
  rp_filter value.

  [other]

  the upstream debian bug for this has been open for 3 years without
  change, so it is unlikely debian will fix this.

  As outlined in c#4 and c#13 this setting is vlan not generally
  required for vlans (but often used with them). So it in question if
  eventually it should be added elsewhere and removed here, but for the
  SRU the bug is where it is (in the vlan package) and there it has to
  be fixed.

  ---

  [original description]

  When configuring a VLAN interface on /etc/network/interfaces, setting
  the ip-rp-filter value to 2 (loose mode reverse filtering) gets
  overridden by the /etc/network/if-up.d/ip script, which only allows
  for values 0 and 1.

  This is the relevant configuration in /etc/network/interfaces

  # The primary network interface
  auto eno1
  iface eno1 inet static
   address 10.1.2.36
   netmask 255.255.0.0
   gateway 10.1.1.2
   dns-search xxx.yy
   dns-nameservers 10.1.2.22 10.1.2.24

  # The administrative network
  auto eno1.2
  iface eno1.2 inet static
   address 172.16.1.8
   netmask 255.255.0.0
   ip-rp-filter 2
   vlan-raw-device eno1

  But it does not get correctly set

  ~# cat /proc/sys/net/ipv4/conf/eno1.2/rp_filter
  1

  And this is the script overriding the configuration

  ~# cat /etc/network/if-up.d/ip
  #!/bin/sh
  # This should probably go into ifupdown
  # But usually only those with lots of interfaces (vlans) need these
  if [ -d "/proc/sys/net/ipv4/conf/$IFACE" ]
  then
   if [ -n "$IF_IP_PROXY_ARP" ]; then
    if [ "$IF_IP_PROXY_ARP" -eq "1" ]; then
     echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
    else
     echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/proxy_arp"
    fi
   fi
   if [ -n "$IF_IP_RP_FILTER" ]; then
    if [ "$IF_IP_RP_FILTER" -eq "0" ]; then
     echo 0 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
    else
     echo 1 > "/proc/sys/net/ipv4/conf/$IFACE/rp_filter"
    fi
   fi
  fi

  It checks if $IF_IP_RP_FILTER is 0 and sets it as 0, otherwise sets it
  as 1, so it never allows to set is to 2 (loose mode).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlan/+bug/1716964/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1717477] Re: cloud-init generates ordering cycle via After=cloud-init in systemd-fsck

[Launchpad Bug Tracker]

This bug was fixed in the package cloud-init -
0.7.9-233-ge586fe35-0ubuntu1~17.04.2

---
cloud-init (0.7.9-233-ge586fe35-0ubuntu1~17.04.2) zesty; urgency=medium

  * cherry-pick a2f8ce9c: Do not provide systemd-fsck drop-in which
could cause systemd ordering cycles (LP: #1717477).

 -- Scott Moser   Fri, 15 Sep 2017 15:30:01 -0400

** Changed in: cloud-init (Ubuntu Zesty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1717477

Title:
  cloud-init generates ordering cycle via After=cloud-init in systemd-
  fsck

Status in cloud-init:
  Fix Released
Status in cloud-init package in Ubuntu:
  Fix Released
Status in cloud-init source package in Xenial:
  Fix Committed
Status in cloud-init source package in Zesty:
  Fix Released
Status in cloud-init source package in Artful:
  Fix Released

Bug description:
  http://pad.lv/1717477
  https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1717477

  === Begin SRU Template ===
  [Impact]
  Cloud-init's inclusion of a systemd drop-in file
/lib/systemd/system/systemd-fsck@.service.d/cloud-init.conf
  Caused a regression on systems that had entries in /etc/fstab
  that were not authored by cloud-init (specifically that did not have
  something like 'x-systemd.requires=cloud-init.service' in their
  filesystem options.

  [Test Case]
  The test can be done on any cloud that has space to put a non-root
  filesystem.

  a.) launch instance
  b.) upgrade to cloud-init to -updates pocket
  c.) create a filesystem and put it in /etc/fstab
  bdev="/dev/sdb1"
  mkdir -p /mnt
  mkfs.ext4 -F "$bdev"
  echo "$bdev /mnt auto defaults 0 2" >> /etc/fstab

  reboot
  d.) see mention of 'ordering cycle' in journal

  $ journalctl -o short-precise  | grep -i ordering.cycle
  Sep 15 14:08:48.331033 xenial-20170911-174122 systemd[1]: 
local-fs.target: Found ordering cycle on local-fs.target/start
  Sep 15 14:08:48.331097 xenial-20170911-174122 systemd[1]: 
local-fs.target: Breaking ordering cycle by deleting job mnt.mount/start
  Sep 15 14:08:48.331108 xenial-20170911-174122 systemd[1]: mnt.mount: Job 
mnt.mount/start deleted to break ordering cycle starting with 
local-fs.target/start

  e.) upgrade to proposed
  f.) reboot
  g.) expect no mention of ordering cycle as seen in 'd'
  $ journalctl -o short-precise  | grep -i ordering.cycle || echo "no 
cycles"
  no cycles

  [Regression Potential]
  This change will mean that bug 1691489 is present again.
  That bug is much less severe and affects a much smaller set of users.

  [Other Info]
  Upstream commit at
https://git.launchpad.net/cloud-init/commit/?id=a2f8ce9c80

  === End SRU Template ===


  We're running several machines with

    cloud-init_0.7.9-153-g16a7302f-0ubuntu1~16.04.2

  without problems.

  Just upgraded all machines to

    cloud-init_0.7.9-233-ge586fe35-0ubuntu1~16.04.1

  and rebooted them all.

  All machines report ordering cycles in their dmesg, resulting in systemd 
breaking the
  loop by NOT starting some important services, e.g. mouting local filesystems:

  Sep 14 15:43:52.487945 noname systemd[1]: networking.service: Found ordering 
cycle on networking.service/start
  Sep 14 15:43:52.487952 noname systemd[1]: networking.service: Found 
dependency on local-fs.target/start
  Sep 14 15:43:52.487960 noname systemd[1]: networking.service: Found 
dependency on home.mount/start
  Sep 14 15:43:52.487968 noname systemd[1]: networking.service: Found 
dependency on systemd-fsck@dev-disk-by\x2dlabel-Home.service/start
  Sep 14 15:43:52.487975 noname systemd[1]: networking.service: Found 
dependency on cloud-init.service/start
  Sep 14 15:43:52.487982 noname systemd[1]: networking.service: Found 
dependency on networking.service/start
  Sep 14 15:43:52.488297 noname systemd[1]: networking.service: Breaking 
ordering cycle by deleting job local-fs.target/start
  Sep 14 15:43:52.488306 noname systemd[1]: local-fs.target: Job 
local-fs.target/start deleted to break ordering cycle starting with 
networking.service/start

  % cat /etc/fstab
  LABEL=cloudimg-rootfs /ext4   defaults,discard0 1
  LABEL=Home/homexfsdefaults,logbufs=8  0 2

  In this case /home isn't mounted as a result of systemd breaking the
  loop, resulting in services depending on /home not being started.

  1. Tell us your cloud provider

  AWS

  2. dpkg-query -W -f='${Version}' cloud-init

  0.7.9-233-ge586fe35-0ubuntu1~16.04.1

  3. Any appropriate cloud-init configuration you can provide us

  Nothing special - worked with 0.7.9-153-g16a7302f-0ubuntu1~16.04.2 on
  all machines without hassle.

  The problem is this change:

  diff -uaNr 153/lib/systemd/system/systemd-fsck@.service.d/cloud-init.conf 

[Group.of.nepali.translators] [Bug 1692334] Re: neutron bash completion helper is not installed

[Launchpad Bug Tracker]

This bug was fixed in the package python-neutronclient -
1:6.1.0-0ubuntu3

---
python-neutronclient (1:6.1.0-0ubuntu3) zesty; urgency=medium

  * d/rules: include neutron bash completion helper in python-neutronclient
package (LP: #1692334).

 -- Felipe Reyes   Mon, 04 Sep 2017 16:07:58
-0300

** Changed in: python-neutronclient (Ubuntu Zesty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1692334

Title:
  neutron bash completion helper is not installed

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive mitaka series:
  New
Status in Ubuntu Cloud Archive newton series:
  New
Status in Ubuntu Cloud Archive ocata series:
  New
Status in python-neutronclient package in Ubuntu:
  Fix Released
Status in python-neutronclient source package in Xenial:
  Fix Committed
Status in python-neutronclient source package in Zesty:
  Fix Released

Bug description:
  [Impact]

  Upstream's bash completion helper ( https://github.com/openstack
  /python-neutronclient/blob/master/tools/neutron.bash_completion ) is
  not installed.

  debian/rules copies neutron.bash_completion file to $(CURDIR)/debian
  /python-neutronclient-doc/usr/share/bash-
  completion/completions/neutron , but python-neutronclient-doc package
  is not defined in debian/control

  [Test Case]

  * apt install python-neutronclient
  * source novarc
  * neutron net-

  Expected result:

  The following list of available commands is printed
  net-createnet-external-list net-gateway-create
net-gateway-disconnectnet-gateway-show  net-ip-availability-list  
net-list  net-show
  net-deletenet-gateway-connect   net-gateway-delete
net-gateway-list  net-gateway-updatenet-ip-availability-show  
net-list-on-dhcp-agentnet-update

  Actual Result:

  Nothing is printed.

  [Regression Potential]

  This patch does not change the source code, it only installs a new
  file that currently is being discarded during the building process.

  A potential regression is that users who installed the neutron client
  completion helper manually and when they install this package it will
  overwrite it, because this is not a configuration file. But even in
  that case the user shouldn't notice any difference as "neutron "
  will still bring up a list of commands.

  Additional note:

  About the following autopkgtest failures :

  --
  Xenial
  Regression in autopkgtest for nova (s390x): test log

  Zesty
  Regression in autopkgtest for magnum (s390x): test log
  --

  The failures are not related to this change, nova autopkgtest failure
  is being analyzed at
  https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1713059

  [Other info]
  N/A

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1692334/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1721556] [NEW] ADT tests are broken in xenial

[Dimitri John Ledkov]

Public bug reported:

It seems like the open-iscsi ADT tests are broken in xenial.

A fix for them should be SRUed into xenial

http://autopkgtest.ubuntu.com/packages/open-iscsi/xenial/amd64

The logs are all:

==
ERROR: test_tgt_boot (__main__.MAASEphemeralTest)
--
Traceback (most recent call last):
  File 
"/tmp/autopkgtest.NIuI0U/build.0RZ/open-iscsi-2.0.873+git0.3b4b4500/debian/tests/test-open-iscsi.py",
 line 181, in setUp
self.patch_image()
  File 
"/tmp/autopkgtest.NIuI0U/build.0RZ/open-iscsi-2.0.873+git0.3b4b4500/debian/tests/test-open-iscsi.py",
 line 204, in patch_image
open_iscsi_deb = open(open_iscsi_deb_path)
IOError: [Errno 2] No such file or directory: 
'/tmp/autopkgtest.NIuI0U/build.0RZ/open-iscsi-2.0.873+git0.3b4b4500/debian/tests/../../../../binaries/open-iscsi.deb'

** Affects: open-iscsi (Ubuntu)
 Importance: Undecided
 Status: New

** Affects: open-iscsi (Ubuntu Xenial)
 Importance: Undecided
 Status: New


** Tags: adt-fail

** Also affects: open-iscsi (Ubuntu Xenial)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1721556

Title:
  ADT tests are broken in xenial

Status in open-iscsi package in Ubuntu:
  New
Status in open-iscsi source package in Xenial:
  New

Bug description:
  It seems like the open-iscsi ADT tests are broken in xenial.

  A fix for them should be SRUed into xenial

  http://autopkgtest.ubuntu.com/packages/open-iscsi/xenial/amd64

  The logs are all:

  ==
  ERROR: test_tgt_boot (__main__.MAASEphemeralTest)
  --
  Traceback (most recent call last):
File 
"/tmp/autopkgtest.NIuI0U/build.0RZ/open-iscsi-2.0.873+git0.3b4b4500/debian/tests/test-open-iscsi.py",
 line 181, in setUp
  self.patch_image()
File 
"/tmp/autopkgtest.NIuI0U/build.0RZ/open-iscsi-2.0.873+git0.3b4b4500/debian/tests/test-open-iscsi.py",
 line 204, in patch_image
  open_iscsi_deb = open(open_iscsi_deb_path)
  IOError: [Errno 2] No such file or directory: 
'/tmp/autopkgtest.NIuI0U/build.0RZ/open-iscsi-2.0.873+git0.3b4b4500/debian/tests/../../../../binaries/open-iscsi.deb'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/open-iscsi/+bug/1721556/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1721558] [NEW] ubuntu-regression-suite fails in xenial

[Dimitri John Ledkov]

Public bug reported:

ubuntu-regression-suite fails in xenial

autopkgtest [22:34:48]: test ubuntu-regression-suite: [---
Source Package Version: 4.4.0-1035.44
Running Kernel Version: 4.4.0-96.119
ERROR: running version does not match source package

Please note autopkgtests have quite elaborate setup for the kernels,
thus I'm guessing that some of the setup is not done right, and the VMs
are still running generic kernel instead of customized kernel.

Maybe a reboot mark is needed in the ubuntu-regression-suite case to
reboot the system if Source != Running. And if that doesn't help either,
then fail the test?

This affects a few packages which all trip up ADT testing whenever I SRU
systemd.

** Affects: linux-aws (Ubuntu)
 Importance: Undecided
 Status: New

** Affects: linux-azure (Ubuntu)
 Importance: Undecided
 Status: New

** Affects: linux-gcp (Ubuntu)
 Importance: Undecided
 Status: New

** Affects: linux-gke (Ubuntu)
 Importance: Undecided
 Status: New

** Affects: linux-hwe (Ubuntu)
 Importance: Undecided
 Status: New

** Affects: linux-hwe-edge (Ubuntu)
 Importance: Undecided
 Status: New

** Affects: linux-kvm (Ubuntu)
 Importance: Undecided
 Status: New

** Affects: linux-aws (Ubuntu Xenial)
 Importance: Undecided
 Status: New

** Affects: linux-azure (Ubuntu Xenial)
 Importance: Undecided
 Status: New

** Affects: linux-gcp (Ubuntu Xenial)
 Importance: Undecided
 Status: New

** Affects: linux-gke (Ubuntu Xenial)
 Importance: Undecided
 Status: New

** Affects: linux-hwe (Ubuntu Xenial)
 Importance: Undecided
 Status: New

** Affects: linux-hwe-edge (Ubuntu Xenial)
 Importance: Undecided
 Status: New

** Affects: linux-kvm (Ubuntu Xenial)
 Importance: Undecided
 Status: New


** Tags: adt-fail xenial

** Also affects: linux-aws (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: linux-azure (Ubuntu)
   Importance: Undecided
   Status: New

** Also affects: linux-gcp (Ubuntu)
   Importance: Undecided
   Status: New

** Also affects: linux-gke (Ubuntu)
   Importance: Undecided
   Status: New

** Also affects: linux-hwe (Ubuntu)
   Importance: Undecided
   Status: New

** Also affects: linux-hwe-edge (Ubuntu)
   Importance: Undecided
   Status: New

** Also affects: linux-kvm (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1721558

Title:
  ubuntu-regression-suite fails in xenial

Status in linux-aws package in Ubuntu:
  New
Status in linux-azure package in Ubuntu:
  New
Status in linux-gcp package in Ubuntu:
  New
Status in linux-gke package in Ubuntu:
  New
Status in linux-hwe package in Ubuntu:
  New
Status in linux-hwe-edge package in Ubuntu:
  New
Status in linux-kvm package in Ubuntu:
  New
Status in linux-aws source package in Xenial:
  New
Status in linux-azure source package in Xenial:
  New
Status in linux-gcp source package in Xenial:
  New
Status in linux-gke source package in Xenial:
  New
Status in linux-hwe source package in Xenial:
  New
Status in linux-hwe-edge source package in Xenial:
  New
Status in linux-kvm source package in Xenial:
  New

Bug description:
  ubuntu-regression-suite fails in xenial

  autopkgtest [22:34:48]: test ubuntu-regression-suite: [---
  Source Package Version: 4.4.0-1035.44
  Running Kernel Version: 4.4.0-96.119
  ERROR: running version does not match source package

  Please note autopkgtests have quite elaborate setup for the kernels,
  thus I'm guessing that some of the setup is not done right, and the
  VMs are still running generic kernel instead of customized kernel.

  Maybe a reboot mark is needed in the ubuntu-regression-suite case to
  reboot the system if Source != Running. And if that doesn't help
  either, then fail the test?

  This affects a few packages which all trip up ADT testing whenever I
  SRU systemd.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1721558/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1713747] Re: missing DOMAINSEARCH in initramfs output files if the DHCP server doesn't provide one

[Mathieu Trudel-Lapierre]

Turns out this is something directly in klibc in the case of xenial:
since xenial is not yet using isc-dhcp for IPv4 DHCP, since that was
deemed too intrusive a change for xenial.

In other words, while DHCPv6 is done via isc-dhcp, DHCPv4 is done via
ipconfig (klibc); which will need to be fixed to follow the same logic
as isc-dhcp w.r.t DOMAINSEARCH handling.

In general, I think having DOMAINSEARCH contain the existing DNS domain
if it's not otherwise set by the DHCP server is sensible.

I set the xenial task to High since it might actually impact a lot of
people, but it's not as high for artful/zesty given that isc-dhcp is
used instead (still ought to land there since people might want to use
ipconfig on their own, etc.).

** Changed in: isc-dhcp (Ubuntu Xenial)
   Status: Invalid => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1713747

Title:
  missing DOMAINSEARCH in initramfs output files if the DHCP server
  doesn't provide one

Status in isc-dhcp package in Ubuntu:
  Fix Released
Status in klibc package in Ubuntu:
  Triaged
Status in isc-dhcp source package in Xenial:
  Triaged
Status in klibc source package in Xenial:
  Triaged
Status in isc-dhcp source package in Zesty:
  Fix Committed
Status in klibc source package in Zesty:
  Triaged

Bug description:
  [Impact]
  Systems booted off the network where the DHCP server provides a domain name 
but no search domains may wish to rely on the domain name as a search value (as 
is done in isc-dhcp in userland, outside the initramfs), to be able to use 
short names for resolving hosts.

  [Test cases]
  1) Boot a system with a remote root over the network
   - Typically this requires adding ip=(some IP settings) or ip=dhcp on the 
kernel command-line, and is better done automatically.
  One good setup for this is to use MaaS to configure the system; where it will 
require a remote root over iSCSI.
  2) Break boot in the initramfs (adding 'break=bottom' or 'break=premount' to 
stop in the initramfs at its end, or just before it mounts filesystems)
  3) Validate the contents of /etc/resolv.conf

  [Regression potential]
  Potential regressions would include incorrectly resolving names, bad 
configuration of /etc/resolv.conf (invalid values for the fields, or missing 
fields), or even failure to mount the remote root in the cases where name 
resolution is required to find the remote server.

  --

  For networked systems, for instance booting with an iSCSI root,
  dhclient writes an output file in the form of /run/net-.conf
  that contains data for other programs to consume. This allows, for
  instance, open-iscsi to get the right information and properly connect
  to the server to mount the root filesystem.

  It is common for DHCP servers to only provide a domain name value, and
  no search domains. In this case, isc-dhcp doesn't currently write
  DOMAINSEARCH, but people may wish to use short names to resolve things
  (such as in iSCSI server).

  In the not-initramfs dhclient-script, when domain_search isn't
  provided but domain_name is, domain_name is written to the search
  string. If both are provided, domain_search is written. The initramfs
  enter hook should do the same.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1713747/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1713747] Re: missing DOMAINSEARCH in initramfs output files if the DHCP server doesn't provide one

[Mathieu Trudel-Lapierre]

** Description changed:

+ [Impact]
+ Systems booted off the network where the DHCP server provides a domain name 
but no search domains may wish to rely on the domain name as a search value (as 
is done in isc-dhcp in userland, outside the initramfs), to be able to use 
short names for resolving hosts.
+ 
+ [Test cases]
+ 1) Boot a system with a remote root over the network
+  - Typically this requires adding ip=(some IP settings) or ip=dhcp on the 
kernel command-line, and is better done automatically.
+ One good setup for this is to use MaaS to configure the system; where it will 
require a remote root over iSCSI.
+ 2) Break boot in the initramfs (adding 'break=bottom' or 'break=premount' to 
stop in the initramfs at its end, or just before it mounts filesystems)
+ 3) Validate the contents of /etc/resolv.conf
+ 
+ [Regression potential]
+ Potential regressions would include incorrectly resolving names, bad 
configuration of /etc/resolv.conf (invalid values for the fields, or missing 
fields), or even failure to mount the remote root in the cases where name 
resolution is required to find the remote server.
+ 
+ --
+ 
  For networked systems, for instance booting with an iSCSI root, dhclient
  writes an output file in the form of /run/net-.conf that contains
  data for other programs to consume. This allows, for instance, open-
  iscsi to get the right information and properly connect to the server to
  mount the root filesystem.
  
  It is common for DHCP servers to only provide a domain name value, and
  no search domains. In this case, isc-dhcp doesn't currently write
  DOMAINSEARCH, but people may wish to use short names to resolve things
  (such as in iSCSI server).
  
  In the not-initramfs dhclient-script, when domain_search isn't provided
  but domain_name is, domain_name is written to the search string. If both
  are provided, domain_search is written. The initramfs enter hook should
  do the same.

** Changed in: isc-dhcp (Ubuntu Xenial)
   Status: In Progress => Invalid

** Also affects: klibc (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: klibc (Ubuntu)
   Status: New => Triaged

** Changed in: klibc (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: klibc (Ubuntu Zesty)
   Status: New => Triaged

** Changed in: klibc (Ubuntu)
 Assignee: (unassigned) => Mathieu Trudel-Lapierre (cyphermox)

** Changed in: klibc (Ubuntu Xenial)
 Assignee: (unassigned) => Mathieu Trudel-Lapierre (cyphermox)

** Changed in: klibc (Ubuntu Zesty)
 Assignee: (unassigned) => Mathieu Trudel-Lapierre (cyphermox)

** Changed in: klibc (Ubuntu)
   Importance: Undecided => Medium

** Changed in: klibc (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: klibc (Ubuntu Zesty)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1713747

Title:
  missing DOMAINSEARCH in initramfs output files if the DHCP server
  doesn't provide one

Status in isc-dhcp package in Ubuntu:
  Fix Released
Status in klibc package in Ubuntu:
  Triaged
Status in isc-dhcp source package in Xenial:
  Triaged
Status in klibc source package in Xenial:
  Triaged
Status in isc-dhcp source package in Zesty:
  Fix Committed
Status in klibc source package in Zesty:
  Triaged

Bug description:
  [Impact]
  Systems booted off the network where the DHCP server provides a domain name 
but no search domains may wish to rely on the domain name as a search value (as 
is done in isc-dhcp in userland, outside the initramfs), to be able to use 
short names for resolving hosts.

  [Test cases]
  1) Boot a system with a remote root over the network
   - Typically this requires adding ip=(some IP settings) or ip=dhcp on the 
kernel command-line, and is better done automatically.
  One good setup for this is to use MaaS to configure the system; where it will 
require a remote root over iSCSI.
  2) Break boot in the initramfs (adding 'break=bottom' or 'break=premount' to 
stop in the initramfs at its end, or just before it mounts filesystems)
  3) Validate the contents of /etc/resolv.conf

  [Regression potential]
  Potential regressions would include incorrectly resolving names, bad 
configuration of /etc/resolv.conf (invalid values for the fields, or missing 
fields), or even failure to mount the remote root in the cases where name 
resolution is required to find the remote server.

  --

  For networked systems, for instance booting with an iSCSI root,
  dhclient writes an output file in the form of /run/net-.conf
  that contains data for other programs to consume. This allows, for
  instance, open-iscsi to get the right information and properly connect
  to the server to mount the root filesystem.

  It is common for DHCP servers to only provide a domain name value, and
  no search domains. In this case, isc-dhcp 

[Group.of.nepali.translators] [Bug 1634609] Proposed package removed from archive

[Łukasz Zemczak]

The version of golang-go.crypto in the proposed pocket of Xenial that
was purported to fix this bug report has been removed because the bugs
that were to be fixed by the upload were not verified in a timely (105
days) fashion.

** Changed in: golang-go.crypto (Ubuntu Xenial)
   Status: Fix Committed => Won't Fix

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1634609

Title:
  de-vendorize golang-go.crypto from juju-core

Status in golang-go.crypto package in Ubuntu:
  Fix Released
Status in juju-core package in Ubuntu:
  New
Status in golang-go.crypto source package in Xenial:
  Won't Fix
Status in juju-core source package in Xenial:
  New
Status in golang-go.crypto source package in Yakkety:
  Fix Committed
Status in juju-core source package in Yakkety:
  New
Status in golang-go.crypto source package in Zesty:
  Fix Released
Status in juju-core source package in Zesty:
  New

Bug description:
  [Impact]
  Go software using crypto modules. Juju-core was accepted in the archive with 
a vendorized version of golang-go.crypto at the last minute, but it should be 
removed and the archive version used instead.

  [Test case]
  - building Juju -
  build juju-core, make sure it uses golang-golang-x-crypto-dev.

  - rebuild tests for reverse dependencies -
  rebuild r-deps for golang-go.crypto.

  [Regression Potential]
  New failure modes in building reverse-dependencies of crypto, or to build/run 
juju would constitute a regression of this update.

  

  juju-core currently ships a copy of golang-go.crypto with itself. It
  shouldn't, and should instead use the copy of golang-go.crypto from
  the archive by Build-Depending on golang-golang-x-crypto.

  This requires a newer snapshot of golang-go.crypto as juju-core or
  golang-go.net require the acme package from crypto, which is not
  properly exported in golang-go.crypto 1:0.0~git20160824.0.351dc6a-
  1ubuntu1.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/golang-go.crypto/+bug/1634609/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1721550] [NEW] Xenial update to 4.4.90 stable release

[Stefan Bader]

Public bug reported:


SRU Justification

Impact:
   The upstream process for stable tree updates is quite similar
   in scope to the Ubuntu SRU process, e.g., each patch has to
   demonstrably fix a bug, and each patch is vetted by upstream
   by originating either directly from a mainline/stable Linux tree or
   a minimally backported form of that patch. The 4.4.90 upstream stable
   patch set is now available. It should be included in the Ubuntu
   kernel as well.

   git://git.kernel.org/

TEST CASE: TBD

   The following patches from the 4.4.90 stable release shall be
applied:

** Affects: linux (Ubuntu)
 Importance: Undecided
 Status: Invalid

** Affects: linux (Ubuntu Xenial)
 Importance: Medium
 Assignee: Stefan Bader (smb)
 Status: In Progress


** Tags: kernel-stable-tracking-bug

** Tags added: kernel-stable-tracking-bug

** Also affects: linux (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: linux (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: linux (Ubuntu Xenial)
 Assignee: (unassigned) => Stefan Bader (smb)

** Changed in: linux (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1721550

Title:
  Xenial update to 4.4.90 stable release

Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Xenial:
  In Progress

Bug description:
  
  SRU Justification

  Impact:
 The upstream process for stable tree updates is quite similar
 in scope to the Ubuntu SRU process, e.g., each patch has to
 demonstrably fix a bug, and each patch is vetted by upstream
 by originating either directly from a mainline/stable Linux tree or
 a minimally backported form of that patch. The 4.4.90 upstream stable
 patch set is now available. It should be included in the Ubuntu
 kernel as well.

 git://git.kernel.org/

  TEST CASE: TBD

 The following patches from the 4.4.90 stable release shall be
  applied:

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1721550/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1719624] Re: [Hyper-V] linux-azure cifs mount error caused by missing nls_utf8.ko module

[Seth Forshee]

** Also affects: linux-azure (Ubuntu Xenial)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1719624

Title:
  [Hyper-V] linux-azure cifs mount error caused by missing  nls_utf8.ko
  module

Status in linux-azure package in Ubuntu:
  Fix Committed
Status in linux-azure source package in Xenial:
  Fix Committed

Bug description:
  While mounting the share with CIFS/version=2.1/charset=utf8 ansible
  breaks with an error.

  Error "Can not access a needed shared library"...

  Testing with ISO-8859 charset works. utf8 does not.

  ls -ltr /lib/modules/4.11.0-1011-azure/kernel/fs/nls/ 
  total 12
  -rw-r--r-- 1 root root 9094 Sep 19 19:49 nls_iso8859-1.ko

  It looks like the nls_utf8.ko module was not included in this kernel.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/1719624/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1721538] Re: Remove vmbus-rdma driver from Xenial kernel

[Stefan Bader]

** Also affects: linux (Ubuntu Xenial)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1721538

Title:
  Remove vmbus-rdma driver from Xenial kernel

Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Xenial:
  In Progress

Bug description:
  SRU Justification:

  Impact: in order to properly support infiniband for Azure A8/A9,
  H-series, and NC24/NV24 instances, multiple versions of the driver
  must be maintained and userspace must be responsible for selecting the
  correct version of the driver.

  That's already supported in the linux-azure kernel with the userspace
  logic implemented in the Windows Azure Linux Agent. The Xenial kernel
  is carrying a single version of the RDMA which might cause problems if
  the host OS requires a different version of the driver.

  Fix: remove the driver located at "drivers/infiniband/hw/vmbus-rdma/"
  from the Xenial kernel and keep support to it only in linux-azure.

  Testcase: the module "hv_network_direct.ko" should not be included in
  the linux-image or linux-image-extra packages.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1721538/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

[Launchpad Bug Tracker]

This bug was fixed in the package git - 1:2.11.0-2ubuntu0.3

---
git (1:2.11.0-2ubuntu0.3) zesty-security; urgency=high

  * SECURITY UPDATE: Git cvsserver OS Command Injection (LP: #1719740)
- shell-drop-git-cvsserver-support-by-default.diff
- cvsserver-use-safe_pipe_capture.diff
- cvsimport-shell-quote-variable-used-in-backticks.diff
- archimport-use-safe_pipe_capture-for-user-input.diff
- CVE-2017-14867

 -- Simon Quigley   Tue, 03 Oct 2017 13:02:47 -0500

** Changed in: git (Ubuntu Zesty)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1719740

Title:
  [CVE] Git cvsserver OS Command Injection

Status in git package in Ubuntu:
  Fix Released
Status in git source package in Trusty:
  Fix Released
Status in git source package in Xenial:
  Fix Released
Status in git source package in Zesty:
  Fix Released
Status in git source package in Artful:
  Fix Released
Status in git package in Debian:
  Fix Released

Bug description:
  From oss-security[1]:

  [ Authors ]
  joernchen   

  Phenoelit Group (http://www.phenoelit.de)

  [ Affected Products ]
  Git before 2.14.2, 2.13.6, 2.12.5, 2.11.4 and 2.10.5 (git-cvsserver)
  https://git-scm.com

  [ Vendor communication ]
  2017-09-08 Sent vulnerability details to the git-security list
  2017-09-09 Acknowledgement of the issue, git maintainers ask if
     a patch could be provided
  2017-09-10 Patch is provided
  2017-09-11 Further backtick operations are patched by the git
     maintainers, corrections on the provided patch
  2017-09-11 Revised patch is sent out
  2017-09-11 Jeff King proposes to drop `git-cvsserver`'s default
     invocation from `git-shell`
  2017-09-22 Draft release for git 2.14.2 is created including the
     fixes
  2017-09-26 Release of this advisory, release of fixed git versions

  [ Description ]
   The `git` subcommand `cvsserver` is a Perl script which makes excessive
   use of the backtick operator to invoke `git`. Unfortunately user input
  is used within some of those invocations.

   It should be noted, that `git-cvsserver` will be invoked by `git-shell`
  by default without further configuration.

  [ Example ]
   Below a example of a OS Command Injection within `git-cvsserver`
  triggered via `git-shell`:

  =8<=
  [git@...t ~]$ cat .ssh/authorized_keys
  command="git-shell -c \"$SSH_ORIGINAL_COMMAND\"" ssh-rsa B3NzaC 

  [joernchen@...t ~]$ ssh git@...alhost cvs server
  Root /tmp
  E /tmp/ does not seem to be a valid GIT repository
  E
  error 1 /tmp/ is not a valid repository
  Directory .
  `id>foo`
  add
  fatal: Not a git repository: '/tmp/'
  Invalid module '`id>foo`' at /usr/lib/git-core/git-cvsserver line 3807, 
 line 4.
  [joernchen@...t ~]$

  [git@...t ~]$ cat foo
  uid=619(git) gid=618(git) groups=618(git)
  [git@...t ~]$
  =>8=

  [ Solution ]
  Upgrade to one of the following git versions:
  * 2.14.2
  * 2.13.6
  * 2.12.5
  * 2.11.4
  * 2.10.5

  [ end of file ]

  ---

  No CVE has been assigned yet, but a fix has been released upstream and
  as seen above, the fixes are already in Debian.

  The following upstream commits claim to fix the issue:
   - 985f59c042320ddf0a506e553d5eef9689ef4c32
   - 31add46823fe926e85efbfeab865e366018b33b4
   - 6d6e2f812d366789fb6f4f9ea8decb4777f6f862
   - dca89d4e56dde4b9b48d6f2ec093886a6fa46575

  [1] http://www.openwall.com/lists/oss-security/2017/09/26/9

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1719740/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1721383] Re: Update landscape-client with upstream fixes

[Eric Desrochers]

** Changed in: landscape-client (Ubuntu Trusty)
   Status: New => Confirmed

** Changed in: landscape-client (Ubuntu Xenial)
   Status: New => Confirmed

** Changed in: landscape-client (Ubuntu)
   Status: New => Confirmed

** Changed in: landscape-client (Ubuntu)
   Importance: Undecided => Medium

** Also affects: landscape-client (Ubuntu Artful)
   Importance: Medium
 Assignee: Simon Poirier (simpoir)
   Status: Confirmed

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1721383

Title:
  Update landscape-client with upstream fixes

Status in landscape-client package in Ubuntu:
  Confirmed
Status in landscape-client source package in Trusty:
  Confirmed
Status in landscape-client source package in Xenial:
  Confirmed
Status in landscape-client source package in Artful:
  Confirmed

Bug description:
  [Impact]

  Reference:
  https://wiki.ubuntu.com/StableReleaseUpdates#New_upstream_microreleases

  This SRU contains minor updates for landscape-client as follow :

   - Fix regression in configuration hook under install-cd chroot (LP: #1699789)
   - Report autoremovable packages (LP: #1208393)
   - Don't re-register client by default (LP: #1618483)

  [Test Case]

  There is unfortunately no specific test cases since this is a bunch of
  bugfixes to improve landscape-client for Xenial and trusty users.

  General dogfooding and all tests as outlined by the QA procedures here will 
have to be covered:
  https://wiki.ubuntu.com/LandscapeUpdates

  [Regression Potential]

   - The debdiff has been provided by the Canonical Landscape team,
  which IMHO should bring even more confidence (CI verifications, ...)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/landscape-client/+bug/1721383/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

[Launchpad Bug Tracker]

This bug was fixed in the package git - 1:2.7.4-0ubuntu1.3

---
git (1:2.7.4-0ubuntu1.3) xenial-security; urgency=high

  * SECURITY UPDATE: Git cvsserver OS Command Injection (LP: #1719740)
- shell-drop-git-cvsserver-support-by-default.diff
- cvsserver-use-safe_pipe_capture.diff
- cvsimport-shell-quote-variable-used-in-backticks.diff
- archimport-use-safe_pipe_capture-for-user-input.diff
- CVE-2017-14867

 -- Simon Quigley   Tue, 03 Oct 2017 13:14:37 -0500

** Changed in: git (Ubuntu Xenial)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1719740

Title:
  [CVE] Git cvsserver OS Command Injection

Status in git package in Ubuntu:
  Fix Released
Status in git source package in Trusty:
  Fix Released
Status in git source package in Xenial:
  Fix Released
Status in git source package in Zesty:
  In Progress
Status in git source package in Artful:
  Fix Released
Status in git package in Debian:
  Fix Released

Bug description:
  From oss-security[1]:

  [ Authors ]
  joernchen   

  Phenoelit Group (http://www.phenoelit.de)

  [ Affected Products ]
  Git before 2.14.2, 2.13.6, 2.12.5, 2.11.4 and 2.10.5 (git-cvsserver)
  https://git-scm.com

  [ Vendor communication ]
  2017-09-08 Sent vulnerability details to the git-security list
  2017-09-09 Acknowledgement of the issue, git maintainers ask if
     a patch could be provided
  2017-09-10 Patch is provided
  2017-09-11 Further backtick operations are patched by the git
     maintainers, corrections on the provided patch
  2017-09-11 Revised patch is sent out
  2017-09-11 Jeff King proposes to drop `git-cvsserver`'s default
     invocation from `git-shell`
  2017-09-22 Draft release for git 2.14.2 is created including the
     fixes
  2017-09-26 Release of this advisory, release of fixed git versions

  [ Description ]
   The `git` subcommand `cvsserver` is a Perl script which makes excessive
   use of the backtick operator to invoke `git`. Unfortunately user input
  is used within some of those invocations.

   It should be noted, that `git-cvsserver` will be invoked by `git-shell`
  by default without further configuration.

  [ Example ]
   Below a example of a OS Command Injection within `git-cvsserver`
  triggered via `git-shell`:

  =8<=
  [git@...t ~]$ cat .ssh/authorized_keys
  command="git-shell -c \"$SSH_ORIGINAL_COMMAND\"" ssh-rsa B3NzaC 

  [joernchen@...t ~]$ ssh git@...alhost cvs server
  Root /tmp
  E /tmp/ does not seem to be a valid GIT repository
  E
  error 1 /tmp/ is not a valid repository
  Directory .
  `id>foo`
  add
  fatal: Not a git repository: '/tmp/'
  Invalid module '`id>foo`' at /usr/lib/git-core/git-cvsserver line 3807, 
 line 4.
  [joernchen@...t ~]$

  [git@...t ~]$ cat foo
  uid=619(git) gid=618(git) groups=618(git)
  [git@...t ~]$
  =>8=

  [ Solution ]
  Upgrade to one of the following git versions:
  * 2.14.2
  * 2.13.6
  * 2.12.5
  * 2.11.4
  * 2.10.5

  [ end of file ]

  ---

  No CVE has been assigned yet, but a fix has been released upstream and
  as seen above, the fixes are already in Debian.

  The following upstream commits claim to fix the issue:
   - 985f59c042320ddf0a506e553d5eef9689ef4c32
   - 31add46823fe926e85efbfeab865e366018b33b4
   - 6d6e2f812d366789fb6f4f9ea8decb4777f6f862
   - dca89d4e56dde4b9b48d6f2ec093886a6fa46575

  [1] http://www.openwall.com/lists/oss-security/2017/09/26/9

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1719740/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1719740] Re: [CVE] Git cvsserver OS Command Injection

[Launchpad Bug Tracker]

This bug was fixed in the package git - 1:1.9.1-1ubuntu0.7

---
git (1:1.9.1-1ubuntu0.7) trusty-security; urgency=high

  * SECURITY UPDATE: Git cvsserver OS Command Injection (LP: #1719740)
- shell-drop-git-cvsserver-support-by-default.diff
- cvsserver-use-safe_pipe_capture.diff
- cvsimport-shell-quote-variable-used-in-backticks.diff
- archimport-use-safe_pipe_capture-for-user-input.diff
- CVE-2017-14867

 -- Simon Quigley   Tue, 03 Oct 2017 13:20:58 -0500

** Changed in: git (Ubuntu Trusty)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1719740

Title:
  [CVE] Git cvsserver OS Command Injection

Status in git package in Ubuntu:
  Fix Released
Status in git source package in Trusty:
  Fix Released
Status in git source package in Xenial:
  In Progress
Status in git source package in Zesty:
  In Progress
Status in git source package in Artful:
  Fix Released
Status in git package in Debian:
  Fix Released

Bug description:
  From oss-security[1]:

  [ Authors ]
  joernchen   

  Phenoelit Group (http://www.phenoelit.de)

  [ Affected Products ]
  Git before 2.14.2, 2.13.6, 2.12.5, 2.11.4 and 2.10.5 (git-cvsserver)
  https://git-scm.com

  [ Vendor communication ]
  2017-09-08 Sent vulnerability details to the git-security list
  2017-09-09 Acknowledgement of the issue, git maintainers ask if
     a patch could be provided
  2017-09-10 Patch is provided
  2017-09-11 Further backtick operations are patched by the git
     maintainers, corrections on the provided patch
  2017-09-11 Revised patch is sent out
  2017-09-11 Jeff King proposes to drop `git-cvsserver`'s default
     invocation from `git-shell`
  2017-09-22 Draft release for git 2.14.2 is created including the
     fixes
  2017-09-26 Release of this advisory, release of fixed git versions

  [ Description ]
   The `git` subcommand `cvsserver` is a Perl script which makes excessive
   use of the backtick operator to invoke `git`. Unfortunately user input
  is used within some of those invocations.

   It should be noted, that `git-cvsserver` will be invoked by `git-shell`
  by default without further configuration.

  [ Example ]
   Below a example of a OS Command Injection within `git-cvsserver`
  triggered via `git-shell`:

  =8<=
  [git@...t ~]$ cat .ssh/authorized_keys
  command="git-shell -c \"$SSH_ORIGINAL_COMMAND\"" ssh-rsa B3NzaC 

  [joernchen@...t ~]$ ssh git@...alhost cvs server
  Root /tmp
  E /tmp/ does not seem to be a valid GIT repository
  E
  error 1 /tmp/ is not a valid repository
  Directory .
  `id>foo`
  add
  fatal: Not a git repository: '/tmp/'
  Invalid module '`id>foo`' at /usr/lib/git-core/git-cvsserver line 3807, 
 line 4.
  [joernchen@...t ~]$

  [git@...t ~]$ cat foo
  uid=619(git) gid=618(git) groups=618(git)
  [git@...t ~]$
  =>8=

  [ Solution ]
  Upgrade to one of the following git versions:
  * 2.14.2
  * 2.13.6
  * 2.12.5
  * 2.11.4
  * 2.10.5

  [ end of file ]

  ---

  No CVE has been assigned yet, but a fix has been released upstream and
  as seen above, the fixes are already in Debian.

  The following upstream commits claim to fix the issue:
   - 985f59c042320ddf0a506e553d5eef9689ef4c32
   - 31add46823fe926e85efbfeab865e366018b33b4
   - 6d6e2f812d366789fb6f4f9ea8decb4777f6f862
   - dca89d4e56dde4b9b48d6f2ec093886a6fa46575

  [1] http://www.openwall.com/lists/oss-security/2017/09/26/9

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1719740/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1721477] [NEW] Xenial update to 4.4.89 stable release

[Stefan Bader]

Public bug reported:

SRU Justification

Impact:
   The upstream process for stable tree updates is quite similar
   in scope to the Ubuntu SRU process, e.g., each patch has to
   demonstrably fix a bug, and each patch is vetted by upstream
   by originating either directly from a mainline/stable Linux tree or
   a minimally backported form of that patch. The 4.4.89 upstream stable
   patch set is now available. It should be included in the Ubuntu
   kernel as well.

   git://git.kernel.org/

TEST CASE: TBD

The following patches from the 4.4.89 stable release shall be applied:
* ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()
* ipv6: add rcu grace period before freeing fib6_node
* ipv6: fix sparse warning on rt6i_node
* qlge: avoid memcpy buffer overflow
* Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()"
* Revert "net: use lib/percpu_counter API for fragmentation mem accounting"
* Revert "net: fix percpu memory leaks"
* gianfar: Fix Tx flow control deactivation
* ipv6: fix memory leak with multiple tables during netns destruction
* ipv6: fix typo in fib6_net_exit()
* f2fs: check hot_data for roll-forward recovery
* x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps
* md/raid5: release/flush io in raid5_do_work()
* nfsd: Fix general protection fault in release_lock_stateid()
* mm: prevent double decrease of nr_reserved_highatomic
* tty: improve tty_insert_flip_char() fast path
* tty: improve tty_insert_flip_char() slow path
* tty: fix __tty_insert_flip_char regression
* Input: i8042 - add Gigabyte P57 to the keyboard reset table
* MIPS: math-emu: .: Fix quiet NaN propagation
* MIPS: math-emu: .: Fix cases of both inputs zero
* MIPS: math-emu: .: Fix cases of both inputs negative
* MIPS: math-emu: .: Fix cases of input values with opposite
  signs
* MIPS: math-emu: .: Fix cases of both infinite inputs
* MIPS: math-emu: MINA.: Fix some cases of infinity and zero inputs
* crypto: AF_ALG - remove SGL terminator indicator when chaining
* ext4: fix incorrect quotaoff if the quota feature is enabled
* ext4: fix quota inconsistency during orphan cleanup for read-only mounts
* powerpc: Fix DAR reporting when alignment handler faults
* block: Relax a check in blk_start_queue()
* md/bitmap: disable bitmap_resize for file-backed bitmaps.
* skd: Avoid that module unloading triggers a use-after-free
* skd: Submit requests to firmware before triggering the doorbell
* scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled
* scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path
* scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records
* scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA
* scsi: zfcp: fix missing trace records for early returns in TMF eh handlers
* scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records
* scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late
  response
* scsi: zfcp: trace high part of "new" 64 bit SCSI LUN
* scsi: megaraid_sas: Check valid aen class range to avoid kernel panic
* scsi: megaraid_sas: Return pended IOCTLs with cmd_status
  MFI_STAT_WRONG_STATE in case adapter is dead
* scsi: storvsc: fix memory leak on ring buffer busy
* scsi: sg: remove 'save_scat_len'
* scsi: sg: use standard lists for sg_requests
* scsi: sg: off by one in sg_ioctl()
* scsi: sg: factor out sg_fill_request_table()
* scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE
* scsi: qla2xxx: Fix an integer overflow in sysfs code
* ftrace: Fix selftest goto location on error
* tracing: Apply trace_clock changes to instance max buffer
* ARC: Re-enable MMU upon Machine Check exception
* PCI: shpchp: Enable bridge bus mastering if MSI is enabled
* media: v4l2-compat-ioctl32: Fix timespec conversion
* media: uvcvideo: Prevent heap overflow when accessing mapped controls
* bcache: initialize dirty stripes in flash_dev_run()
* bcache: Fix leak of bdev reference
* bcache: do not subtract sectors_to_gc for bypassed IO
* bcache: correct cache_dirty_target in __update_writeback_rate()
* bcache: Correct return value for sysfs attach errors
* bcache: fix for gc and write-back race
* bcache: fix bch_hprint crash and improve output
* ftrace: Fix memleak when unregistering dynamic ops when tracing disabled
* Linux 4.4.89

** Affects: linux (Ubuntu)
 Importance: Undecided
 Status: Invalid

** Affects: linux (Ubuntu Xenial)
 Importance: Medium
 Assignee: Stefan Bader (smb)
 Status: In Progress


** Tags: kernel-stable-tracking-bug

** Tags added: kernel-stable-tracking-bug

** Also affects: linux (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: linux (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: linux 

[Group.of.nepali.translators] [Bug 1720042] Re: linux-aws: 4.4.0-1038.47 -proposed tracker

[Taihsiang Ho]

** Changed in: kernel-sru-workflow/certification-testing
   Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1720042

Title:
  linux-aws: 4.4.0-1038.47 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Confirmed
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Confirmed
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow snap-publish series:
  Invalid
Status in Kernel SRU Workflow snap-qa-testing series:
  Invalid
Status in Kernel SRU Workflow snap-release-to-beta series:
  Invalid
Status in Kernel SRU Workflow snap-release-to-candidate series:
  Invalid
Status in Kernel SRU Workflow snap-release-to-edge series:
  Invalid
Status in Kernel SRU Workflow snap-release-to-stable series:
  Invalid
Status in Kernel SRU Workflow upload-to-ppa series:
  New
Status in Kernel SRU Workflow verification-testing series:
  Confirmed
Status in linux-aws package in Ubuntu:
  Confirmed
Status in linux-aws source package in Xenial:
  Confirmed

Bug description:
  This bug is for tracking the 4.4.0-1038.47 upload package. This bug
  will contain status and testing results related to that upload.

  For an explanation of the tasks and the associated workflow see: 
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow
  -- swm properties --
  boot-testing-requested: true
  kernel-stable-master-bug: 1718149
  phase: Promoted to proposed
  proposed-announcement-sent: true
  proposed-testing-requested: true

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1720042/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1718154] Re: linux-snapdragon: 4.4.0-1077.82 -proposed tracker

[Daniel Manrique]

Hardware Certification have completed testing this -proposed kernel. No
regressions were observed, results are available here:
http://people.canonical.com/~hwcert/sru-
testing/snapdragon/4.4.0-1077.82/snapdragon-4.4-proposed-published.html

** Tags added: certification-testing-passed

** Changed in: kernel-sru-workflow/certification-testing
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1718154

Title:
  linux-snapdragon: 4.4.0-1077.82 -proposed tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Fix Released
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Invalid
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow upload-to-ppa series:
  New
Status in Kernel SRU Workflow verification-testing series:
  Confirmed
Status in linux-snapdragon package in Ubuntu:
  Invalid
Status in linux-snapdragon source package in Xenial:
  Confirmed

Bug description:
  This bug is for tracking the  upload package.
  This bug will contain status and testing results related to that
  upload.

  For an explanation of the tasks and the associated workflow see: 
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow
  -- swm properties --
  boot-testing-requested: true
  kernel-stable-master-bug: 1718149
  phase: Promoted to proposed
  proposed-announcement-sent: true
  proposed-testing-requested: true

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1718154/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp