[Touch-packages] [Bug 1649657] Re: OpenSSL version is not dependable

Thanks for your feedback Michael, We're not going to be updating to mainline OpenSSL in Ubuntu on their release schedule. Every minor point release from OpenSSL invariably includes either ABI changes that would require recompiling all software that links against OpenSSL or other regressions that

[Touch-packages] [Bug 1649657] Re: OpenSSL version is not dependable

** Changed in: openssl (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1649657 Title: OpenSSL version is not dependable Status in

[Touch-packages] [Bug 1649097] Re: any source package signature is not valid

Vyacheslav, as long as your APT is properly configured, sources downloaded with apt-get source are trusted via the same mechanism used for binary packages. If you attempt to download modified contents you'll get error messages like this: $ apt-get source dash Reading package lists... Done

[Touch-packages] [Bug 1649097] Re: 'linux' source package signature is not valid

Julian, do you have any ideas how this could be handled better? I'm short on ideas here. The gpgv output seems useful but it's also potentially misleading. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in

[Touch-packages] [Bug 1649097] Re: 'linux' source package signature is not valid

Thanks for the bug report. This isn't as dire as it looks: APT's security model is based on signed InRelease files that have sha256sums of all archive contents. In this case, the InRelease file will have a sha256sum for one of the Sources files, and that file will have a sha256sum for the linux

[Touch-packages] [Bug 1649097] Re: 'linux' source package signature is not valid

** Information type changed from Private Security to Public Security ** Package changed: ubuntu => apt (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1649097 Title:

[Touch-packages] [Bug 1649352] [NEW] http direct to terminals?

*** This bug is a security vulnerability *** Public security bug reported: Hi Dustin, Some recent changes introduced what looks to be a serious problem: http://launchpadlibrarian.net/296647523/base- files_9.6ubuntu7_9.6ubuntu8.diff.gz -SERVER="https://motd.ubuntu.com; +# White space separated

[Touch-packages] [Bug 1646015] Re: update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults

Niraj, it looks like work was done to make running auditd in containers actually make sense: https://bugzilla.redhat.com/show_bug.cgi?id=893751 What parts of the work are we missing, if any? Thanks ** Bug watch added: Red Hat Bugzilla #893751

[Touch-packages] [Bug 1648477] Re: package initramfs-tools 0.122ubuntu8.1 failed to install/upgrade: podproces instalovaný post-installation skript vrátil chybový status 1

Incidentally your kernel is nearly five months old; I strongly recommend installing updates as they address both security and reliability issues. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in

[Touch-packages] [Bug 1648477] Re: package initramfs-tools 0.122ubuntu8.1 failed to install/upgrade: podproces instalovaný post-installation skript vrátil chybový status 1

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1105493] Re: network manager runs dnsmasq as user nobody

nivlac, 'nobody' is a poor choice: the intended use of user 'nobody' (and group 'nogroup') is for NFS. If daemons start using 'nobody' (or 'nogroup') then they can interfere with the proper operation of NFS or other daemons that also use 'nobody' (or 'nogroup'). Thanks -- You received this bug

[Touch-packages] [Bug 1646015] Re: update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults

** Changed in: audit (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to audit in Ubuntu. https://bugs.launchpad.net/bugs/1646015 Title: update-rc.d: warning: start and stop actions

[Touch-packages] [Bug 1646015] Re: update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults

Does it make sense to install auditd in a container? Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to audit in Ubuntu. https://bugs.launchpad.net/bugs/1646015 Title: update-rc.d: warning: start and stop actions are

[Touch-packages] [Bug 1647142] Re: usr.bin.chromium-browser terribly outdated

Hello Hadmut, thanks for the feedback. This is a tricky situation -- chromium-browser's new sandboxing code requests a large number of system capabilities inside a user namespace. The current AppArmor profile language and enforcement engine has no way to describe "these capabilities are only

[Touch-packages] [Bug 1647142] Re: usr.bin.chromium-browser terribly outdated

** Changed in: apparmor (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1647142 Title: usr.bin.chromium-browser terribly outdated

[Touch-packages] [Bug 1647209] Re: package kaccounts-providers (not installed) failed to install/upgrade: Versuch, »/etc/signon-ui/webkit-options.d/api.twitter.com.conf« zu überschreiben, welches auch

By the way you may also have hardware errors: [ 312.837872] ata1.00: failed command: READ FPDMA QUEUED [ 312.837891] ata1.00: cmd 60/08:e8:70:20:80/00:00:0f:00:00/40 tag 29 ncq 4096 in res 41/04:00:38:20:80/00:00:0f:00:00/40 Emask 0x1 (device error) [ 312.837901]

[Touch-packages] [Bug 1647209] Re: package kaccounts-providers (not installed) failed to install/upgrade: Versuch, »/etc/signon-ui/webkit-options.d/api.twitter.com.conf« zu überschreiben, welches auch

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1646936] Re: Error

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1646911] Re: AppArmor does not work with audit ausearch

Thanks Vincas, I thought for sure we already had a bug for this but I can't find it now. ** Also affects: ubuntu Importance: Undecided Status: New ** Package changed: ubuntu => apparmor (Ubuntu) ** Changed in: apparmor Status: New => Confirmed ** Changed in: apparmor (Ubuntu)

[Touch-packages] [Bug 1507469] Re: Evince's Apparmour profile prevents opening docs from other apps under Wayland

Thanks Simon, Committed revision 3590. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1507469 Title: Evince's Apparmour profile prevents opening docs from other apps

[Touch-packages] [Bug 1380480] Re: network disabled after suspend - resume

Michalje, Kristijian, note that this bug was opened before systemd was used as a system init. If you're still having trouble please file a new bug. Thanks. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in

[Touch-packages] [Bug 1579580] Re: ureadahead reports relative path errors in journalctl output

xb5i70, ureadahead gets a list of files accessed during boot using the debugfs filesystem and the linux kernel's tracing mechanism. You can see the sources at http://bazaar.launchpad.net/~canonical- scott/ureadahead/trunk/view/head:/src/trace.c#L115 for the raw details. Thanks -- You received

[Touch-packages] [Bug 1638689] Re: package libnss3 2:3.23-0ubuntu0.14.04.1 [modified: usr/share/doc/libnss3/changelog.Debian.gz] failed to install/upgrade: trying to overwrite shared '/usr/share/doc/l

Nish, the trouble with this bug is these lines: DuplicateSignature: package:libnss3:2:3.23-0ubuntu0.14.04.1 [modified: usr/share/doc/libnss3/changelog.Debian.gz]:trying to overwrite shared '/usr/share/doc/libnss3/changelog.Debian.gz', which is different from other instances of package

[Touch-packages] [Bug 1642386] Re: At least one invalid signature was encountered.

Julian, I modified the script.sh to include the following line: sudo LD_LIBRARY_PATH=$PWD/build/bin/ ./build/bin/apt-get update -o Dir::Bin::Apt-Key="$PWD/build/bin/apt-key" -o Dir::Bin::Methods="$PWD/build/bin/methods/" 2>&1 | tee update.log When run from remotes/julian/for-1.2/apt-key I get

[Touch-packages] [Bug 1642386] Re: At least one invalid signature was encountered.

Julian, looks like you win this year's remote-debugging-via-crystal-ball award! $ find /etc/apt -ls | grep sarnold 2572875 4 -rw--- 1 sarnold sarnold 1740 Mar 23 2016 /etc/apt/trusted.gpg.d/ddebs.gpg Well done :D Thanks -- You received this bug notification because you

[Touch-packages] [Bug 1642386] Re: At least one invalid signature was encountered.

Julian, thanks for your patience. I'm not able to offer a shell on the affected machine, so debugging this is just going to have to go at a snail's pace. I read strace and ltrace logs from both 1.2.12-ish and 1.2.15 apt packages and narrowed it down to /usr/bin/apt-key. When I use the

[Touch-packages] [Bug 1642386] Re: At least one invalid signature was encountered.

Turns out the valgrind messages aren't regressions either. Here's the older apt packages again which seemed to work okay: ==25043== ==25043== HEAP SUMMARY: ==25043== in use at exit: 13,118,211 bytes in 170,033 blocks ==25043== total heap usage: 626,066 allocs, 456,033 frees, 69,255,845

[Touch-packages] [Bug 1642386] Re: At least one invalid signature was encountered.

On a whim I ran apt-get update through valgrind: ==22064== ==22064== HEAP SUMMARY: ==22064== in use at exit: 695,606 bytes in 7,018 blocks ==22064== total heap usage: 67,584 allocs, 60,566 frees, 18,503,180 bytes allocated ==22064== ==22064== LEAK SUMMARY: ==22064==definitely lost: 0

[Touch-packages] [Bug 1642386] Re: At least one invalid signature was encountered.

The files in partial/ don't look too damning: root@hunt:/var/lib/apt/lists/partial# file * ftp.debian.org_debian_dists_jessie-updates_contrib_source_Sources: empty ftp.debian.org_debian_dists_wheezy-updates_contrib_source_Sources: empty

[Touch-packages] [Bug 1642386] Re: At least one invalid signature was encountered.

Based on the funny git results, I re-installed the packages: 3243aa899fcf2f09b910b7429eeae6205a71c379a45c0e8e31723836bb094163 apt_1.2.12~ubuntu16.04.1_amd64.deb 5b9a82b1dc1f82fc3655038336d099410d643d5188629aba475050d7f9bd99c3 apt-transport-https_1.2.12~ubuntu16.04.1_amd64.deb

[Touch-packages] [Bug 1642386] Re: At least one invalid signature was encountered.

I reinstalled the latest xenial packages: ii apt 1.2.15 amd64commandline package manager ii apt-transport-https 1.2.15 amd64https download transport for APT ii libapt-inst2.0:amd64 1.2.15 amd64deb

[Touch-packages] [Bug 1642386] Re: At least one invalid signature was encountered.

I'm skeptical of the git bisect results: $ git checkout cde5b485c9cdf0bfd5b6ea8e4973abe378270e60^ Previous HEAD position was cde5b48... fail instead of segfault on unreadable config files HEAD is now at 235347e... Release 1.2.12 $ make fast Compiling cachefile.cc to

[Touch-packages] [Bug 1642386] Re: At least one invalid signature was encountered.

And the results of git bisect, thanks for the excellent instruction and script! cde5b485c9cdf0bfd5b6ea8e4973abe378270e60 is the first bad commit commit cde5b485c9cdf0bfd5b6ea8e4973abe378270e60 Author: David Kalnischkies Date: Fri May 20 09:37:24 2016 +0200 fail

[Touch-packages] [Bug 1642386] Re: At least one invalid signature was encountered.

sarnold@hunt:/var/lib/apt$ sudo mv lists lists.old sarnold@hunt:/var/lib/apt$ sudo apt-get update Get:1 http://mirrors.kernel.org/ubuntu xenial InRelease [247 kB] Get:2 http://mirrors.kernel.org/ubuntu xenial-updates InRelease [95.7 kB] Get:3

[Touch-packages] [Bug 1642386] Re: At least one invalid signature was encountered.

393c61b8e29bd1923a5fe8abf4690c24e7f498aa8a4f5954a6a87da7d05a0bef apt- etc-and-var.tar.xz -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid

[Touch-packages] [Bug 1642386] Re: At least one invalid signature was encountered.

Tarball of /etc/apt and /var/lib/apt ** Attachment added: "Tarball of /etc/apt and /var/lib/apt" https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+attachment/4778362/+files/apt-etc-and-var.tar.xz -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1642386] Re: At least one invalid signature was encountered.

apt-get update -o Debug::Acquire::gpgv=1 ** Attachment added: "apt-get update -o Debug::Acquire::gpgv=1" https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+attachment/4778350/+files/debug-gpgv -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1642386] Re: At least one invalid signature was encountered.

I was too hasty -- apt appears to still function (e.g. apt-get install expat, apt-get purge expat, installed an expat from the -updates pocket and removed it again). It's just insanely ugly warnings on the apt-get update step, and maybe(?) new lists can't be downloaded. Anyway it's more nuanced

[Touch-packages] [Bug 1642386] Re: At least one invalid signature was encountered.

The full run, showing apt working a few seconds before it fails, and no errors in dmesg. ** Attachment added: "terminal-log" https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+attachment/4778315/+files/terminal-log -- You received this bug notification because you are a member of

[Touch-packages] [Bug 1642386] [NEW] At least one invalid signature was encountered.

Public bug reported: Hello, a recent apt update appears to have broken apt entirely. A coworker reported seeing troubles: http://paste.ubuntu.com/23487135/ To test, I upgraded my laptop then immediately re-ran apt-get update && apt-get -u dist-upgrade: sarnold@hunt:~/Downloads$ sudo apt-get

[Touch-packages] [Bug 1638873] Re: package dbus 1.10.6-1ubuntu3.1 failed to install/upgrade: 子进程 已安装 post-installation 脚本 返回错误状态 1

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1638666] Re: package libffi6:i386 3.1~rc1+r3.0.13-12ubuntu0.1 failed to install/upgrade: package libffi6:i386 is already installed and configured

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1638561] Re: unattended-upgrade fails to apply security updates if the update is also in another suite suffix component, such as yakkety-updates

** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1638561 Title: unattended-upgrade fails to

[Touch-packages] [Bug 1297800] Re: During upgrades, new certificates will be added. Please choose those you trust.

reason: sudo dpkg-reconfigure ca-certificates Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1297800 Title: During upgrades, new certificates will be

[Touch-packages] [Bug 1638135] Re: package libdbus-glib-1-2 0.106-1 [modified: usr/share/doc/libdbus-glib-1-2/NEWS.gz usr/share/doc/libdbus-glib-1-2/README usr/share/doc/libdbus-glib-1-2/changelog.Deb

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1637815] Re: compiz error

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1636124] Re: openssl lacks support for TLSv1 and TLSv1.1

It may be worth trying Mozilla's recommendations for e.g. Intermediate Compatibility if you need some clients with older crypto toolkits to be able to connect: https://mozilla.github.io/server-side-tls/ssl-config-generator/ Thanks -- You received this bug notification because you are a member

[Touch-packages] [Bug 1446448] Re: ssh-agent terminates

Sorry Andrej; you may be the only one experiencing this issue, and it sounds extremely frustrating. But I don't know what to suggest next to debug why it's happening. About all I can suggest is that I gave up on the keychain script myself ~five years ago, but I can't recall why. You may

[Touch-packages] [Bug 1635456] Re: [P17G, SigmaTel STAC9221 A2, Green Headphone Out, Front, Docking station] No sound at all

This computer may have hardware problems; please install the mcelog package and see what the /var/log/mcelog file reports: [ 1800.75] mce: [Hardware Error]: Machine check events logged [ 1840.847894] CPU0: Core temperature/speed normal [ 1950.41] mce: [Hardware Error]: Machine check

[Touch-packages] [Bug 1635456] Re: [P17G, SigmaTel STAC9221 A2, Green Headphone Out, Front, Docking station] No sound at all

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1635303] Re: GnuTLS bug in https method from apt-1.0.1ubuntu2.15 package

** Information type changed from Private Security to Public ** Package changed: git (Ubuntu) => apt (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1635303 Title:

[Touch-packages] [Bug 1634988] Re: fffff

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1634418] Re: In 16.10, several apps want write access to /run/systemd/journal/socket

** This bug is no longer a duplicate of bug 1598759 AppArmor nameservice abstraction doesn't allow communication with systemd-resolved -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1634418] Re: In 16.10, several apps want write access to /run/systemd/journal/socket

dino99, please note, this bug is for writing to the journald socket, which is unrelated to the dbus system socket that is referenced in the other bug. Thanks ** This bug is no longer a duplicate of bug 1598759 AppArmor nameservice abstraction doesn't allow communication with systemd-resolved

[Touch-packages] [Bug 1634419] Re: In 16.10, several apps want write access to /run/systemd/journal/socket

*** This bug is a duplicate of bug 1634418 *** https://bugs.launchpad.net/bugs/1634418 ** This bug has been marked a duplicate of bug 1634418 In 16.10, several apps want write access to /run/systemd/journal/socket -- You received this bug notification because you are a member of Ubuntu

[Touch-packages] [Bug 1634419] Re: In 16.10, several apps want write access to /run/systemd/journal/socket

** This bug is no longer a duplicate of bug 1598759 AppArmor nameservice abstraction doesn't allow communication with systemd-resolved -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1380480] Re: network disabled after suspend - resume

Hans, note that this bug was opened before systemd was used as a system init. A quick skim of this bug's history suggests that it's been polluted beyond use. If you're having trouble, please file a new bug. With luck, it'll be focused on one thing and therefor fixable. Thanks -- You received

[Touch-packages] [Bug 1633794] Re: package tzdata 2016g-0ubuntu0.16.04 failed to install/upgrade: sub-processo script post-installation instalado retornou estado de saída de erro 1

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1575438] Re: usr.sbin.nscd needs r/w access to nslcd socket

I think you're right that adding the nslcd socket to the abstractions/nameservice probably makes sense; I didn't see anything in the nslcd manpages that suggested nscd was the only way to use the module. Thanks -- You received this bug notification because you are a member of Ubuntu Touch

[Touch-packages] [Bug 1630877] Re: 1:4.2.6.p3+dfsg-1ubuntu3.11 - OPENSSL_1.0.0 not defined in file libcrypto.so.1.0.0

Dixon, I think the apt configuration needs to be debugged: ntp version 1:4.2.6.p3+dfsg-1ubuntu3.11 is built for 12.04 LTS; apt shouldn't have selected it for install on 14.04 LTS release. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1630702] Re: CVE-2016-8332 allows an out-of-bound heap write to occur resulting in heap corruption and arbitrary code execution

Hi Nikita, it's always nice when you can test directly if a known bad input has been handled correctly, but not all security fixes come with sample inputs to see the issue. So when you can find them, that's always welcome, but not necessary. But it is necessary to make sure that programs that use

[Touch-packages] [Bug 1631137] Re: dove-lda apparmor profile prevents lda indexing from working

Hasse, could you please share the rules you add to your profiles, once you're finished? Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1631137 Title: dove-lda

[Touch-packages] [Bug 1630702] Re: CVE-2016-8332 allows an out-of-bound heap write to occur resulting in heap corruption and arbitrary code execution

Our openjpeg and openjpeg2 packages have far more than this one flaw unaccounted for: http://people.canonical.com/~ubuntu-security/cve/pkg/openjpeg.html http://people.canonical.com/~ubuntu-security/cve/pkg/openjpeg2.html (I suspect that most issues that apply to one also apply to the other;

[Touch-packages] [Bug 1630702] Re: CVE-2016-8332 allows an out-of-bound heap write to occur resulting in heap corruption and arbitrary code execution

Nikita, if you have time and care for OpenJPEG, please consider reviewing the crashing inputs I reported to the OpenJPEG team: https://bugs.launchpad.net/ubuntu/+source/openjpeg2/+bug/711061/+attachment/4586223/+files/openjpeg-crashers.tar.gz

[Touch-packages] [Bug 1629203] Re: aa-logprof does not include #include in profiles

sles, thanks for the excellent reproducer. Christian, I'd love the 'magic' version: > b) when adding an include, check if all variables are defined. Of course the user interface might be a bit awkward, especially if the intended use of the abstraction is for the profile author to provide the

[Touch-packages] [Bug 1628926] Re: Postpone login attempts if X successive attempts have failed

The ufw frontend to iptables has an easy 'limit' command that automates much of the tedium of installing firewall rulesets by hand. This will address specific IPs doing brute-force login attempts but distributed brute-force login attempts won't be affected. There's also a pam_faildelay(8) module

[Touch-packages] [Bug 706011] Re: gpg --key-gen doesn't have enough entropy and rng-tools install/start fails

Pheeble, this bug is ancient and grown far too many complaints to be usefully addressed. Please file a new bug with ubuntu-bug gnupg2. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gnupg in Ubuntu.

[Touch-packages] [Bug 1628687] Re: Assertion failure when PID 1 receives a zero-length message over notify socket

** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1628687 Title: Assertion failure when PID 1 receives a

[Touch-packages] [Bug 1367551] Re: [MIR] capnproto

I reviewed capnproto version 0.5.3-2ubuntu1 as checked into xenial. This should not be considered a full security audit but rather a quick gauge of maintainability. - There are four CVEs: CVE-2015-2310 CVE-2015-2311 CVE-2015-2312 CVE-2015-2313 These were handled in what is perhaps the finest

[Touch-packages] [Bug 1626817] Re: package ifupdown 0.8.10ubuntu1.1 failed to install/upgrade: el subproceso instalado el script post-installation devolvió el código de salida de error 1

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1617005] Re: [MIR] zmqpp

Please upload a new zmqpp soon; 3.2.0-0ubuntu4 fails to build from source for me. I fixed the first mistake with this patch: --- a/src/tests/test_socket.cpp +++ b/src/tests/test_socket.cpp @@ -45,7 +45,7 @@ BOOST_AUTO_TEST_CASE( socket_creation_bad_type ) { zmqpp::context context; -

[Touch-packages] [Bug 1626773] Re: CVE-2016-2182.patch has broken BN_bn2dec broken in 1.0.1

Can you provide some more details? USN-3087-1 was released just a few hours ago; if your software stopped working last week, it'd be worth investigating what packages changed last week, rather than today. Thanks ** Changed in: openssl (Ubuntu) Status: New => Incomplete -- You received

[Touch-packages] [Bug 1626676] Re: build openssl upstream update for number of CVEs from 2016-09-22

Hello, fixed packages are currently being copied to the mirrors. A USN will be released shortly, it will be at http://www.ubuntu.com/usn/ and the ubuntu-security-announce mail list when the mirror network shows the updated packages are widely available. Thanks ** Information type changed from

[Touch-packages] [Bug 1625372] Re: NTP security issues on Precise and Trusty

Hello Bryan, thanks for contacting us; the ntp fixes are in our queue but currently behind other higher-priority fixes. We track CVEs in the Ubuntu CVE Tree, a web front-end is available: http://people.canonical.com/~ubuntu-security/cve/pkg/ntp.html Thanks -- You received this bug notification

[Touch-packages] [Bug 1624641] Re: security updates with a new dependency don't get installed

Is it possible to relax these rules without also bringing in apt-get dist-upgrade's unfortunate ability to uninstall packages when it thinks that's the shortest solution? We've seen cases where dist-upgrade sometimes tries to remove sudo or the signed shim. Thanks -- You received this bug

[Touch-packages] [Bug 1626335] Re: "Trying to install preload gave error while updating systemd" package systemd 225-1ubuntu9.1 [modified: usr/share/dbus-1/system-services/org.freedesktop.systemd1.ser

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1626220] [NEW] please remove openjpeg

Public bug reported: It looks like openjpeg packages openjpeg 1.5.2, while openjpeg2 packages openjpeg 2.1.1. I don't think we want both packaged. It looks like Debian has removed openjpeg from testing and unstable. Thanks ** Affects: openjpeg (Ubuntu) Importance: Undecided

[Touch-packages] [Bug 1625319] Re: [LTCTest] SR-IOV VF hotplug failing: cannot limit locked memory of process

Shivaprasad reported this last week in the #apparmor irc channel. What I think we figured out at the time: - The 4.7.0-based kernel may or may not be missing fixes from Ubuntu kernels - 9663676416 is suspiciously larger than 32 bit integer - the profile didn't mention rlimits, so they should not

[Touch-packages] [Bug 1624729] Re: package fontconfig 2.11.94-0ubuntu1.1 failed to install/upgrade: triggers looping, abandoned

Here's the bit from the logs about the looping triggers, this is the longest chain I recall seeing recently: dpkg: cycle found while processing triggers: chain of packages whose triggers are or may be responsible: gnome-menus -> ca-certificates packages' pending triggers which are or may be

[Touch-packages] [Bug 1624729] Re: package fontconfig 2.11.94-0ubuntu1.1 failed to install/upgrade: triggers looping, abandoned

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1597439] Re: [MIR] zeromq3

I reviewed zeromq3 version 4.1.5-2 as checked into yakkety. This shouldn't be considered a full audit but rather a quick check of maintainability. zmq is a networking and related utilities library. However, it has a broad, almost obsessive, vision of how the sockets API should look; calling it a

[Touch-packages] [Bug 1623792] [NEW] possible sigbus

Public bug reported: The following function looks like it will access a 32-bit data element that is improperly aligned: void zmq::socket_base_t::monitor_event (int event_, int value_, const std::string _) { if (monitor_socket) { // Send event in first frame zmq_msg_t msg;

[Touch-packages] [Bug 1623638] Re: package libssl1.0.0:i386 1.0.2g-1ubuntu4.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 29

>From the terminal log: Can't locate object method "new" via package "Text::Iconv" (perhaps you forgot to load "Text::Iconv"?) at /usr/share/perl5/Debconf/Encoding.pm line 65. ** Also affects: debconf (Ubuntu) Importance: Undecided Status: New -- You received this bug notification

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Jamie, note that we added /etc/ld.so.preload to in the upstream project: http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3497 It's a pity AppArmor SRUs take so much effort. :( Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1622073] [NEW] zmq::mechanism_t::socket_type_string off-by-one

Public bug reported: Hello, the zmq::mechanism_t::socket_type_string function in ./src/mechanism.cpp appears to have an off-by-one mistake: const char *zmq::mechanism_t::socket_type_string (int socket_type) const { static const char *names [] = {"PAIR", "PUB", "SUB", "REQ", "REP",

[Touch-packages] [Bug 1186662] Re: isc-dhcp-server fails to renew lease file

eproust, could you run dmesg | grep DENIED to see if there are AppArmor denials blocking your server? Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu. https://bugs.launchpad.net/bugs/1186662 Title:

[Touch-packages] [Bug 1620345] Re: Slow startup due to FIPS selftest if openssl loaded

*** This bug is a duplicate of bug 1591797 *** https://bugs.launchpad.net/bugs/1591797 Nikita, thanks for the report; there's an openssl update currently in the -proposed pocket that removes this fledgling FIPS support, including the slow startup tests. Please see

[Touch-packages] [Bug 1620345] Re: Slow startup due to FIPS selftest if openssl loaded

*** This bug is a duplicate of bug 1591797 *** https://bugs.launchpad.net/bugs/1591797 ** This bug has been marked a duplicate of bug 1591797 Only run FIPS self tests when FIPS is enabled -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1618715] [NEW] individual task display changes memory units between RES and VIRT columns

Public bug reported: Hello; I have a process that uses enough memory that the 'RES' column picks an unfortunate display mode: PID USER PR NIVIRTRESSHR S %CPU %MEM TIME+ COMMAND 11279 libvirt+ 20 0 36.080g 0.011t 3060 S 0.0 8.8 76036:51 qemu-system-x86

[Touch-packages] [Bug 1594695] Re: apparmor service not started on fresh install

** Information type changed from Private Security to Public Security ** Package changed: ubuntu => apparmor (Ubuntu) ** Changed in: apparmor (Ubuntu) Status: Expired => Won't Fix ** Changed in: apparmor (Ubuntu) Status: Won't Fix => New -- You received this bug notification

[Touch-packages] [Bug 1618537] Re: Apparmor update breaks Ctrl-ALt-L

Could you run apport-collect 1618537 to add some system logs to this report? Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1618537 Title: Apparmor update breaks

[Touch-packages] [Bug 1618229] Re: rsyslogd terminal escape sequences injection

This is a problem with using cat(1) or tail(1) to inspect potentially malicious files; less(1) does not interpret the control chars by default, so it's safer to use. Something like: less +F /path/to/file will behave similar to: tail -f /path/to/file For more information, see:

[Touch-packages] [Bug 1618229] Re: rsyslogd terminal escape sequences injection

** Information type changed from Private Security to Public Security ** Package changed: policykit-1 (Ubuntu) => rsyslog (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to policykit-1 in Ubuntu.

[Touch-packages] [Bug 1617624] Re: Xorg freeze

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1617507] Re: je ne sais rien

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1616614] Re: package openssh-server 1:7.2p2-4ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 102

I suggest something like: sudo dpkg --purge openssh-server sudo rm -f /etc/rc*/*02ssh /etc/init.d/ssh sudo apt-get install openssh-server With the release of 16.04 LTS, some packages, including openssh-server, are started via systemd unit files rather than the sysv-init compatibility scripts.

[Touch-packages] [Bug 1615052] Re: package gconf2 3.2.6-3ubuntu6 failed to install/upgrade: dependency problems - leaving triggers unprocessed

*** This bug is a duplicate of bug 1605950 *** https://bugs.launchpad.net/bugs/1605950 Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as

[Touch-packages] [Bug 1528230] Re: [ADT test failure] linux: ubuntu_qrt_apparmor.test-apparmor.py -- ONEXEC - check current 'unconfined' != expected

Brian, is the dmesg output from the machine in question captured anywhere? Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1528230 Title: [ADT test failure]

[Touch-packages] [Bug 1611700] Re: package rsyslog 8.16.0-1ubuntu3 failed to install/upgrade: le sous-processus script post-installation installé a retourné une erreur de sortie d'état 1

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1611742] Re: package libapt-inst2.0:amd64 1.2.10ubuntu1 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting configu

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

<    5   6   7   8   9   10   11   12   13   14   >