[Bug 1940927] Re: LibClamAV Warning: Unsupported message format `global-headers'
Apologies for the mismatch between this report's title and description
("Unsupported message format `global-headers'" vs "...`global'").
clamscan throws the warning I mentioned in the title when scanning an
exim4 binary from Debian 11:
$ wget -q
http://ftp.debian.org/debian/pool/main/e/exim4/exim4-daemon-light_4.94.2-7_amd64.deb
$ ar x exim4-daemon-light_4.94.2-7_amd64.deb
$ tar xf data.tar.xz
$ clamscan ./usr/sbin/exim4
LibClamAV Warning: Unsupported message format `global-headers' - if you believe
this file contains a virus, submit it to www.clamav.net
(We are scanning Debian-based docker containers from Ubuntu-based docker
hosts)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1940927
Title:
LibClamAV Warning: Unsupported message format `global-headers'
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1940927/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1940927] [NEW] LibClamAV Warning: Unsupported message format `global-headers'
Public bug reported: clamscan throws "LibClamAV Warning: Unsupported message format `global- headers'" when scanning e.g. the exim4 binary from recent releases. When running clamscan as cronjob, such STDERR warnings produce disruptive rootmail noise. For example on my current Ubuntu Focal: $ apt download exim4-daemon-light Get:1 http://gb.archive.ubuntu.com/ubuntu focal-updates/main amd64 exim4-daemon-light amd64 4.93-13ubuntu1.5 [534 kB] Fetched 534 kB in 0s (3,220 kB/s) $ ar x exim4-daemon-light_4.93-13ubuntu1.5_amd64.deb $ tar xf data.tar.xz $ clamscan ./usr/sbin/exim4 LibClamAV Warning: Unsupported message format `global' - if you believe this file contains a virus, submit it to www.clamav.net Using clamav 0.103.2+dfsg-0ubuntu0.20.04 on Ubuntu 20.04.3 ** Affects: clamav (Ubuntu) Importance: Undecided Status: Confirmed ** Description changed: clamscan throws "LibClamAV Warning: Unsupported message format `global- headers'" when scanning e.g. the exim4 binary from recent releases. - When running clamscan as cronjob, and such STDERR warnings produce + When running clamscan as cronjob, such STDERR warnings produce disruptive rootmail noise. For example on my current Ubuntu Focal: $ apt download exim4-daemon-light - Get:1 http://gb.archive.ubuntu.com/ubuntu focal-updates/main amd64 exim4-daemon-light amd64 4.93-13ubuntu1.5 [534 kB] - Fetched 534 kB in 0s (3,220 kB/s) - $ ar x exim4-daemon-light_4.93-13ubuntu1.5_amd64.deb - $ tar xf data.tar.xz + Get:1 http://gb.archive.ubuntu.com/ubuntu focal-updates/main amd64 exim4-daemon-light amd64 4.93-13ubuntu1.5 [534 kB] + Fetched 534 kB in 0s (3,220 kB/s) + $ ar x exim4-daemon-light_4.93-13ubuntu1.5_amd64.deb + $ tar xf data.tar.xz $ clamscan ./usr/sbin/exim4 LibClamAV Warning: Unsupported message format `global' - if you believe this file contains a virus, submit it to www.clamav.net - Using clamav 0.103.2+dfsg-0ubuntu0.20.04 on Ubuntu 20.04.3 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940927 Title: LibClamAV Warning: Unsupported message format `global-headers' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1940927/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1940851] Re: False positive: "running_procs" incorrectly reports libkeyutils.so.1.9 as "Spam tool component"
According to some reports, this ought to help: RTKT_FILE_WHITELIST=/usr/lib/x86_64-linux-gnu/libkeyutils.so.1.9 However, in our use case the file in question does not exist on the host system, only inside the containers, so this yields me "Invalid RTKT_FILE_WHITELIST configuration option: Non-existent pathname: /lib/x86_64-linux-gnu/libkeyutils.so.1.9" The only workaround I have found so far is far from ideal: DISABLE_TESTS=running_procs :-( -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940851 Title: False positive: "running_procs" incorrectly reports libkeyutils.so.1.9 as "Spam tool component" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rkhunter/+bug/1940851/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1940851] Re: False positive: "running_procs" incorrectly reports libkeyutils.so.1.9 as "Spam tool component"
Fixed in Debian, see https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=951366 ** Bug watch added: Debian Bug tracker #951366 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951366 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940851 Title: False positive: "running_procs" incorrectly reports libkeyutils.so.1.9 as "Spam tool component" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rkhunter/+bug/1940851/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1940851] [NEW] False positive: "running_procs" incorrectly reports libkeyutils.so.1.9 as "Spam tool component"
Public bug reported: rkhunter incorrectly reports libkeyutils.so.1.9 as "Sniffer component" or (running_procs) as "Spam tool component". Unfortunately, the libkeyutils1 package that recent releases of Debian (>=11) and Ubuntu (>=20.10) ship contains /lib/x86_64-linux- gnu/libkeyutils.so.1.9, see e.g. https://packages.ubuntu.com/hirsute/amd64/libkeyutils1/filelist This is a known issue, see https://sourceforge.net/p/rkhunter/bugs/170/. There's a patch in the 'develop' branch, see https://sourceforge.net/p/rkhunter/rkh_code/ci/6c0675385cafe64ba218b53202b031f616046fe6/ . But the fix doesn't seem to have been released yet. I am using rkhunter 1.4.6-2~ubuntu18.04.1 on Ubuntu 18.04.5, scanning docker images that are based on Debian 11 and recent Ubuntu releases. ** Affects: rkhunter (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940851 Title: False positive: "running_procs" incorrectly reports libkeyutils.so.1.9 as "Spam tool component" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rkhunter/+bug/1940851/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1934781] [NEW] TCP socket backlog set too low ("request_sock_TCP: Possible SYN flooding on port ...")
Public bug reported:
See upstream bug reports:
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968942
- https://community.openvpn.net/openvpn/ticket/1208
Openvpn < 2.4.8 opens the TCP port with a too small backlog, and on kernels >
4.3 that leads to incoming connections being dropped. This kernel message is a
symptom:
TCP: request_sock_TCP: Possible SYN flooding on port 1194. Dropping
request. Check SNMP counters.
I experienced this on a Bionic 18.04.5 (after having upgraded from Xenial) with
openvpn 2.4.4-2ubuntu1.5
Fixed upstream.
** Affects: openvpn (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1934781
Title:
TCP socket backlog set too low ("request_sock_TCP: Possible SYN
flooding on port ...")
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1934781/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1815407] Re: nsca-ng fails under TLS 1.3 / openssl 1.1.1: "Cannot retrieve client identity" error
Is there a timeline for releasing the upstream fix, at least for 18.04 LTS? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1815407 Title: nsca-ng fails under TLS 1.3 / openssl 1.1.1: "Cannot retrieve client identity" error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nsca-ng/+bug/1815407/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872281] Re: collectd python plugin not working
We have this issue too. Ubuntu 20.04 x86_64, collectd 5.9.2.g-1ubuntu5 The LD_PRELOAD workaround @Mike Battersby (mib-8) suggested works for us. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872281 Title: collectd python plugin not working To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/collectd/+bug/1872281/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1815407] Re: nsca-ng fails under TLS 1.3 / openssl 1.1.1: "Cannot retrieve client identity" error
This also affects Bionic's nsca-ng-client=1.5-2build2. Oddly, the server-side seems to work fine with older clients: This works: nsca-ng-client=1.4-2 -> nsca-ng-server=1.5-2build2 This fails: nsca-ng-client=1.5-2build2 -> nsca-ng-server=1.5-2build2 ... with error message "Cannot retrieve client identity". On my Bionic, I have to downgrade nsca-ng-client to Xenial's version to make it work. Which will be EoL in a few days. Please fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1815407 Title: nsca-ng fails under TLS 1.3 / openssl 1.1.1: "Cannot retrieve client identity" error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nsca-ng/+bug/1815407/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926324] Re: Autogenerated freshclam.conf should not mention now-deprecated option SafeBrowsing
** Description changed: - The post install routing of clamav-freshclam generates + The post install routine of clamav-freshclam generates /etc/clamav/freshclam.conf that contains the option "SafeBrowsing" (either using the default "false", or "true", depending on user input) But that option is deprecated, and since 0.103.2+dfsg-0ubuntu0.18.04.1 "freshclam --quite" issues a noisy message - "WARNING: Ignoring deprecated option SafeBrowsing at + "WARNING: Ignoring deprecated option SafeBrowsing at /etc/clamav/freshclam.conf:22" - - The PostInst should generate a default freshclam.conf without "SafeBrowsing". And, on update, the "SafeBrowsing" should be remove from an untouched pre-existing default freshclam.conf. + The PostInst should generate a default freshclam.conf without + "SafeBrowsing". And, on update, the "SafeBrowsing" should be remove from + an untouched pre-existing default freshclam.conf. ** Description changed: The post install routine of clamav-freshclam generates /etc/clamav/freshclam.conf that contains the option "SafeBrowsing" (either using the default "false", or "true", depending on user input) But that option is deprecated, and since 0.103.2+dfsg-0ubuntu0.18.04.1 "freshclam --quite" issues a noisy message "WARNING: Ignoring deprecated option SafeBrowsing at /etc/clamav/freshclam.conf:22" The PostInst should generate a default freshclam.conf without - "SafeBrowsing". And, on update, the "SafeBrowsing" should be remove from - an untouched pre-existing default freshclam.conf. + "SafeBrowsing". And, on update, the "SafeBrowsing" should be removed + from an untouched pre-existing default freshclam.conf. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926324 Title: Autogenerated freshclam.conf should not mention now-deprecated option SafeBrowsing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1926324/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926324] [NEW] Autogenerated freshclam.conf should not mention now-deprecated option SafeBrowsing
Public bug reported: The post install routing of clamav-freshclam generates /etc/clamav/freshclam.conf that contains the option "SafeBrowsing" (either using the default "false", or "true", depending on user input) But that option is deprecated, and since 0.103.2+dfsg-0ubuntu0.18.04.1 "freshclam --quite" issues a noisy message "WARNING: Ignoring deprecated option SafeBrowsing at /etc/clamav/freshclam.conf:22" The PostInst should generate a default freshclam.conf without "SafeBrowsing". And, on update, the "SafeBrowsing" should be remove from an untouched pre-existing default freshclam.conf. ** Affects: clamav (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926324 Title: Autogenerated freshclam.conf should not mention now-deprecated option SafeBrowsing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1926324/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1922898] Re: SEGFAULT on upgrade to 0.102-0ubuntu1~20.04.1
Same here: Many machines with unattended-upgrade (UU). Some Focals upgraded both netplan.io & libnetplan0 in tandem to 0.102, others left both packages at 0.101, probably depending on when they ran UU and what state the APT mirrors where at at that time. All those machines were fine. One machine however upgraded only libnetplan0 to 0.102 and left netplan.io at 0.101, which broke netplan (segfault) and rendered the machine offline. Installing netplan.io 0.102 manually from focal- proposed fixed it. I wonder whether retracting 0.102 from focal-updates might have actually worsened the situation and left even more machines with different versions of netplan.io & libnetplan0. It definitely made it harder to rectify. Is it adviced to use Unattended-Upgrade::MinimalSteps "false"; or would that have its own pitfalls? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1922898 Title: SEGFAULT on upgrade to 0.102-0ubuntu1~20.04.1 To manage notifications about this bug go to: https://bugs.launchpad.net/netplan/+bug/1922898/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1913062] Re: netplan apply backtrace
This seems to affect any machine that has tun interfaces, which don't
have MAC addresses. E.g. anyone who runs OpenVPN. Please fix.
[SNIP]
$ sudo netplan apply
Traceback (most recent call last):
File "/usr/sbin/netplan", line 23, in
netplan.main()
File "/usr/share/netplan/netplan/cli/core.py", line 50, in main
self.run_command()
File "/usr/share/netplan/netplan/cli/utils.py", line 257, in run_command
self.func()
File "/usr/share/netplan/netplan/cli/commands/apply.py", line 55, in run
self.run_command()
File "/usr/share/netplan/netplan/cli/utils.py", line 257, in run_command
self.func()
File "/usr/share/netplan/netplan/cli/commands/apply.py", line 187, in
command_apply
changes = NetplanApply.process_link_changes(devices, config_manager)
File "/usr/share/netplan/netplan/cli/commands/apply.py", line 283, in
process_link_changes
current_iface_name = utils.find_matching_iface(interfaces, match)
File "/usr/share/netplan/netplan/cli/utils.py", line 199, in
find_matching_iface
matches = list(filter(lambda iface: is_interface_matching_macaddress(iface,
match.get('macaddress')), matches))
File "/usr/share/netplan/netplan/cli/utils.py", line 199, in
matches = list(filter(lambda iface: is_interface_matching_macaddress(iface,
match.get('macaddress')), matches))
File "/usr/share/netplan/netplan/cli/utils.py", line 185, in
is_interface_matching_macaddress
macaddress = get_interface_macaddress(interface)
File "/usr/share/netplan/netplan/cli/utils.py", line 169, in
get_interface_macaddress
link = netifaces.ifaddresses(interface)[netifaces.AF_LINK][0]
KeyError: 17
[SNAP]
I am pretty sure this happens on interface='tun0'. On python cli:
>>> import netifaces
>>> netifaces.ifaddresses('tun0')[netifaces.AF_LINK]
Traceback (most recent call last):
File "", line 1, in
KeyError: 17
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1913062
Title:
netplan apply backtrace
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/netplan.io/+bug/1913062/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1895294] Re: Fix Raccoon vulnerability (CVE-2020-1968)
Oh, indeed! > 1.0.2w moves the affected ciphersuites into the "weak-ssl-ciphers" list. [...] > This is unlikely to cause interoperability problems in most cases since use > of these ciphersuites is rare. Fair enough. Thank you for clarifying. (And apologies for this noise) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1895294 Title: Fix Raccoon vulnerability (CVE-2020-1968) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1895294/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1895294] Re: Fix Raccoon vulnerability (CVE-2020-1968)
Thank you very much for fixing swiftly! Please forgive me for pointing this out though: I note that rather than stopping the affected cipher suites from re- using secrets across connections, you chose to declare the suites as weak and disabled them altogether. I appreciate that this is an elegant way to close this vulnerability, in particular in the absence of an upstream patch. However, this solution introduces the risk that when trying to establish a connection with some legacy client or server, they can no longer agree on a shared cipher, and the TLS handshake fails. That is not in the spirit of a LTS, which is often elected and used precisely because it makes it easier to to support legacy products reliably. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1895294 Title: Fix Raccoon vulnerability (CVE-2020-1968) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1895294/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1895294] Re: Fix Raccoon vulnerability (CVE-2020-1968)
> "Please upgrade to bionic or focal?" Is this an official recommendation from Ubuntu, that users shall migrate off Xenial now, because of a security issue in a core library? And there I was, thinking we have until April 2021 ... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1895294 Title: Fix Raccoon vulnerability (CVE-2020-1968) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1895294/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1895294] Re: Fix Raccoon vulnerability (CVE-2020-1968)
** Description changed: Xenial's current OpenSSL (1.0.2g-1ubuntu4.16) seems to not have been - patched yet against the Racoon Attack (CVE-2020-1968): + patched yet against the Raccoon Attack (CVE-2020-1968): - https://www.openssl.org/news/secadv/20200909.txt - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1968 - https://raccoon-attack.com/ Ubuntu's CVE tracker still lists this as NEEDED for Xenial: - https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1968.html - https://people.canonical.com/~ubuntu-security/cve/pkg/openssl.html - - Other supported Ubuntu releases use versions of OpenSSL that are not affected. - + Other supported Ubuntu releases use versions of OpenSSL that are not + affected. Indeed: - $ apt-cache policy openssl - openssl: - Installed: 1.0.2g-1ubuntu4.16 + $ apt-cache policy openssl + openssl: + Installed: 1.0.2g-1ubuntu4.16 - $ apt-get changelog openssl | grep CVE-2020-1968 || echo "Not patched" - Not patched - + $ apt-get changelog openssl | grep CVE-2020-1968 || echo "Not patched" + Not patched What is the status? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1895294 Title: Fix Raccoon vulnerability (CVE-2020-1968) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1895294/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1895294] [NEW] Fix Raccoon vulnerability (CVE-2020-1968)
Public bug reported: Xenial's current OpenSSL (1.0.2g-1ubuntu4.16) seems to not have been patched yet against the Racoon Attack (CVE-2020-1968): - https://www.openssl.org/news/secadv/20200909.txt - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1968 - https://raccoon-attack.com/ Ubuntu's CVE tracker still lists this as NEEDED for Xenial: - https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1968.html - https://people.canonical.com/~ubuntu-security/cve/pkg/openssl.html Other supported Ubuntu releases use versions of OpenSSL that are not affected. Indeed: $ apt-cache policy openssl openssl: Installed: 1.0.2g-1ubuntu4.16 $ apt-get changelog openssl | grep CVE-2020-1968 || echo "Not patched" Not patched What is the status? ** Affects: openssl (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1895294 Title: Fix Raccoon vulnerability (CVE-2020-1968) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1895294/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1876442] Re: [snap] chromium causing many audit messages in syslog
Same here, flood of kernel/audit messages as below. Chromium 84.0.4147.105, snap rev 1244, Ubuntu 20.04.1 Aug 04 17:27:59 ole kernel: audit: type=1326 audit(1596558479.339:301): auid=1001 uid=1001 gid=1001 ses=3 subj==snap.chromium.chromium (enforce) pid=25861 comm="chrome" exe="/snap/chromium/1244/usr/lib/chromium-browser/chrome" sig=0 arch=c03e syscall=203 compat=0 ip=0x7faf1689db9f code=0x5 Aug 04 17:27:59 ole kernel: audit: type=1326 audit(1596558479.339:302): auid=1001 uid=1001 gid=1001 ses=3 subj==snap.chromium.chromium (enforce) pid=25861 comm="chrome" exe="/snap/chromium/1244/usr/lib/chromium-browser/chrome" sig=0 arch=c03e syscall=203 compat=0 ip=0x7faf1689db9f code=0x5 Aug 04 17:27:59 ole audit[25861]: SECCOMP auid=1001 uid=1001 gid=1001 ses=3 subj==snap.chromium.chromium (enforce) pid=25861 comm="chrome" exe="/snap/chromium/1244/usr/lib/chromium-browser/chrome" sig=0 arch=c03e syscall=203 compat=0 ip=0x7faf1689db9f code=0x5 Aug 04 17:27:59 ole audit[25861]: SECCOMP auid=1001 uid=1001 gid=1001 ses=3 subj==snap.chromium.chromium (enforce) pid=25861 comm="chrome" exe="/snap/chromium/1244/usr/lib/chromium-browser/chrome" sig=0 arch=c03e syscall=203 compat=0 ip=0x7faf1689db9f code=0x5 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1876442 Title: [snap] chromium causing many audit messages in syslog To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1876442/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1820614] Re: Mail notification's headlines do not mention autoremovals
FYI this is unattended-upgrades 0.90ubuntu0.10 on Ubuntu 16.04.4 LTS -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1820614 Title: Mail notification's headlines do not mention autoremovals To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1820614/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1820614] [NEW] Mail notification's headlines do not mention autoremovals
Public bug reported: We run unattended-upgrades happily with 'Unattended-Upgrade::Mail' active and 'Unattended-Upgrade::Remove-Unused-Dependencies' Sometimes a UU run would not install nor hold anything, but only autoremove packages that have become obsolete, typically old kernels. In such cases, UU's mail notification reads: """ Unattended upgrade returned: True Warning: A reboot is required to complete this upgrade. Packages that were upgraded: Package installation log: [...] """ Which is quite irritating. It would be very helpful if it also contained a line "Packages that were (auto-)removed:" ** Affects: unattended-upgrades (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1820614 Title: Mail notification's headlines do not mention autoremovals To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1820614/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1749959] [NEW] Upgrade of erlang-base left rabbitmq-server dead
Public bug reported: Last night, unattended-upgrades upgraded the erlang packages on our RabbitMQ server from 1:18.3-dfsg-1ubuntu3 to 1:18.3-dfsg-1ubuntu3.1. erlang-base's prerm script successfully found and stopped rabbitmq- server, and the postinst script tried to start it again: # From /var/log/apt/term.log, same in /var/log/unattended-upgrades/unattended-upgrades-dpkg.log #... Preparing to unpack .../erlang-base_1%3a18.3-dfsg-1ubuntu3.1_amd64.deb ... Searching for services which depend on erlang and should be stopped...found: rabbitmq-server. Stopping services which depend on erlang rabbitmq-server: stopping...done. Services stopped successfully. Killing epmd...it is not running. Unpacking erlang-base (1:18.3-dfsg-1ubuntu3.1) over (1:18.3-dfsg-1ubuntu3) ... Preparing to unpack .../erlang-nox_1%3a18.3-dfsg-1ubuntu3.1_all.deb ... Unpacking erlang-nox (1:18.3-dfsg-1ubuntu3.1) over (1:18.3-dfsg-1ubuntu3) ... Processing triggers for man-db (2.7.5-1) ... Setting up erlang-base (1:18.3-dfsg-1ubuntu3.1) ... Searching for services which depend on erlang and should be started...found: rabbitmq-server. Starting services which depend on erlang rabbitmq-server: starting...done. Services started successfully. #... I looked into erlang-base.prerm and erlang-base.postinst and ran the relevant snippets manually, and it looks like they would have used "invoke-rc.d": invoke-rc.d rabbitmq-server stop > /dev/null 2>&1 # from erlang-base.prerm invoke-rc.d rabbitmq-server start > /dev/null 2>&1 # from erlang-base.postinst But while the stop command succeeded, the start command did not, and there isn't any evidence in the logs that it was ever issued. This is the reason why I think this is a bug in the erlang package (or possibly invoke-rc.d/init-system-helpers?), and not in rabbitmq-server: # journalctl Feb 16 06:30:03 rabbit-b systemd[1]: Starting Daily apt upgrade and clean activities... Feb 16 06:30:48 rabbit-b systemd[1]: Reloading. Feb 16 06:30:49 rabbit-b systemd[1]: Started ACPI event daemon. Feb 16 06:30:49 rabbit-b systemd[1]: Stopping RabbitMQ Messaging Server... Feb 16 06:30:50 rabbit-b rabbitmq[6596]: Stopping and halting node 'rabbit@rabbit-b' ... Feb 16 06:30:51 rabbit-b systemd[1]: Stopped RabbitMQ Messaging Server. Feb 16 06:30:52 rabbit-b systemd[1]: Reloading. Feb 16 06:30:52 rabbit-b systemd[1]: Started ACPI event daemon. Feb 16 06:30:54 rabbit-b systemd[1]: Reloading. Feb 16 06:30:54 rabbit-b systemd[1]: Started ACPI event daemon. # ... and the next log entry is from after unattended-upgrades had ended at 06:30:56 # /var/log/rabbitmq/rab...@rabbit-b.log =INFO REPORT 16-Feb-2018::06:30:50 === Stopping RabbitMQ #... lots of AMQP connection closures =INFO REPORT 16-Feb-2018::06:30:51 === Halting Erlang VM # ... and the next log entry is from 2h later when we manually started RabbitMQ again This is Ubuntu 16.04.2 LTS with all security patches and the latest rabbitmq-server (3.5.7-1ubuntu0.16.04.2) PS: Where are the sources for erlang-base.prerm and erlang- base.postinst? https://packages.debian.org/source/stretch/erlang points to http://anonscm.debian.org/viewvc/pkg-erlang/erlang/trunk/, but that link is dead ** Affects: erlang (Ubuntu) Importance: Undecided Status: New ** Description changed: Last night, unattended-upgrades upgraded the erlang packages on our RabbitMQ server from 1:18.3-dfsg-1ubuntu3 to 1:18.3-dfsg-1ubuntu3.1. erlang-base's prerm script successfully found and stopped rabbitmq- server, and the postinst script tried to start it again: # From /var/log/apt/term.log, same in /var/log/unattended-upgrades/unattended-upgrades-dpkg.log #... Preparing to unpack .../erlang-base_1%3a18.3-dfsg-1ubuntu3.1_amd64.deb ... Searching for services which depend on erlang and should be stopped...found: rabbitmq-server. Stopping services which depend on erlang - rabbitmq-server: stopping...done. + rabbitmq-server: stopping...done. Services stopped successfully. Killing epmd...it is not running. Unpacking erlang-base (1:18.3-dfsg-1ubuntu3.1) over (1:18.3-dfsg-1ubuntu3) ... Preparing to unpack .../erlang-nox_1%3a18.3-dfsg-1ubuntu3.1_all.deb ... Unpacking erlang-nox (1:18.3-dfsg-1ubuntu3.1) over (1:18.3-dfsg-1ubuntu3) ... Processing triggers for man-db (2.7.5-1) ... Setting up erlang-base (1:18.3-dfsg-1ubuntu3.1) ... Searching for services which depend on erlang and should be started...found: rabbitmq-server. Starting services which depend on erlang - rabbitmq-server: starting...done. + rabbitmq-server: starting...done. Services started successfully. #... + I looked into erlang-base.prerm and erlang-base.postinst and ran the + relevant snippets manually, and it looks like they would have used + "invoke-rc.d": - I looked into erlang-base.prerm and erlang-base.postinst and ran the relevant snippets manually, and it looks like they would have used "invoke-rc.d": - -invoke-rc.d rabbitmq-server stop
[Bug 1624644] Re: By default settings unattended-upgrade does not automatically remove packages that become unused in conjunction with updating by other software
Observe #1267059 about 'Unattended-Upgrade::Remove-Unused-Dependencies' not working as expected for old versions of unattended-upgrades, also resulting e.g. in obsolete kernel packages not getting removed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1624644 Title: By default settings unattended-upgrade does not automatically remove packages that become unused in conjunction with updating by other software To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1624644/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1089195] Re: linux-headers will eat your inodes on LTS.
This report was marked being a duplicate of https://bugs.launchpad.net/ubuntu/+source/unattended- upgrades/+bug/1624644. But it is not specifically about unattended- upgrades; various upgrade mechanisms run into this same issue. Hence this bug report not a duplicate. ** This bug is no longer a duplicate of bug 1624644 By default settings unattended-upgrade does not automatically remove packages that become unused in conjunction with updating by other software -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1089195 Title: linux-headers will eat your inodes on LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1089195/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1637059] Re: rtl8812au-dkms 4.3.8.12175.20140902+dfsg-0ubuntu2: rtl8812au kernel module failed to build [error: implicit declaration of function ‘is_compat_task’]
Same here on Ubuntu 16.04:
$ sudo apt-get install rtl8812au-dkms
#...
Building for 4.10.0-40-generic and 4.10.0-42-generic
Building initial module for 4.10.0-40-generic
Error! Bad return status for module build on kernel: 4.10.0-40-generic (x86_64)
Consult /var/lib/dkms/rtl8812au/4.3.8.12175.20140902+dfsg/build/make.log for
more information.
$ cat /var/lib/dkms/rtl8812au/4.3.8.12175.20140902+dfsg/build/make.logDKMS
make.log for rtl8812au-4.3.8.12175.20140902+dfsg for kernel 4.10.0-40-generic
(x86_64)
Tue Dec 12 08:43:46 EST 2017
make ARCH=x86_64 CROSS_COMPILE= -C /lib/modules/4.10.0-40-generic/build
M=/var/lib/dkms/rtl8812au/4.3.8.12175.20140902+dfsg/build modules
# ...
/var/lib/dkms/rtl8812au/4.3.8.12175.20140902+dfsg/build/os_dep/linux/rtw_android.c:
In function ‘rtw_android_priv_cmd’:
/var/lib/dkms/rtl8812au/4.3.8.12175.20140902+dfsg/build/os_dep/linux/rtw_android.c:577:6:
error: implicit declaration of function ‘is_compat_task’
[-Werror=implicit-function-declaration]
if (is_compat_task()) {
^
cc1: some warnings being treated as errors
scripts/Makefile.build:294: recipe for target
'/var/lib/dkms/rtl8812au/4.3.8.12175.20140902+dfsg/build/os_dep/linux/rtw_android.o'
failed
make[2]: ***
[/var/lib/dkms/rtl8812au/4.3.8.12175.20140902+dfsg/build/os_dep/linux/rtw_android.o]
Error 1
Makefile:1524: recipe for target
'_module_/var/lib/dkms/rtl8812au/4.3.8.12175.20140902+dfsg/build' failed
make[1]: *** [_module_/var/lib/dkms/rtl8812au/4.3.8.12175.20140902+dfsg/build]
Error 2
make[1]: Leaving directory '/usr/src/linux-headers-4.10.0-40-generic'
Makefile:1459: recipe for target 'modules' failed
make: *** [modules] Error 2
$ uname -a
Linux dlogicvt 4.10.0-40-generic #44~16.04.1-Ubuntu SMP Thu Nov 9 15:37:44 UTC
2017 x86_64 x86_64 x86_64 GNU/Linux
$ sudo lsusb
#...
Bus 003 Device 003: ID 0bda:a811 Realtek Semiconductor Corp.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1637059
Title:
rtl8812au-dkms 4.3.8.12175.20140902+dfsg-0ubuntu2: rtl8812au kernel
module failed to build [error: implicit declaration of function
‘is_compat_task’]
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rtl8812au/+bug/1637059/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1737585] Re: ufw should not override procps' default of net.ipv4.tcp_syncookies=1
Sorry for only checking the latest LTS, didn't realize it had been fixed in >= 17.04. Thx. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1737585 Title: ufw should not override procps' default of net.ipv4.tcp_syncookies=1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1737585/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 189565] Re: ufw enables syncookies by default, which is not considered a great idea
Requesting to revert and leaving this to procps: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1737585 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/189565 Title: ufw enables syncookies by default, which is not considered a great idea To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/189565/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 57091] Re: proc/sys/net/ipv4/tcp_syncookies=1 should be seriously considered to permit SYN flood defense...
I filed a request for ufw not to override https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1737585 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/57091 Title: proc/sys/net/ipv4/tcp_syncookies=1 should be seriously considered to permit SYN flood defense... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/procps/+bug/57091/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1737585] [NEW] ufw should not override procps' default of net.ipv4.tcp_syncookies=1
Public bug reported:
2008 ufw decided to *disable* TCP SYN cookies by default in
/etc/ufw/sysctl.conf, see
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/189565
After a more detailed discussion that had started in 2006, procps
*enabled* TCP SYN cookies by default in /etc/sysctl.d/10-network-
security.conf in 2009, see
https://bugs.launchpad.net/ubuntu/+source/procps/+bug/57091
No two packages should try to set conflicting defaults on the same
sysctl without very good reason. This is a funny case where the base
package procps uses a more secure default (SYN cookies enabled), and the
firewall package ufw uses a less secure default (SYN cookies disabled) -
one would expect the other way round. At least I would expect ufw not to
*weaken* security settings.
Regarding the question whether or not SYN cookies should be enabled (as
opposed to the question which package should own this setting): I guess
that the are lots of systems without ufw, and all of those run happily
with procps' default net.ipv4.tcp_syncookies=1, or at least I could not
find any bug reports that complained. The kernel only activates the
mechanism once it thinks a syn flood is happening, so whatever the
disadvantages of SYN cookies are, they only kick in under these
circumstances.
For all the above reasons I suggest ufw should not touch
net.ipv4.tcp_syncookies and leave it however it is already set in
/etc/sysctl.{conf,d/}
** Affects: ufw (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1737585
Title:
ufw should not override procps' default of net.ipv4.tcp_syncookies=1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1737585/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1573959] Re: On-screen text disappears after suspend
Lenovo Thinkpad T430 affected $ lsb_release -r Release:16.04 $ uname -r 4.4.0-93-generic $ lspci -nn | grep VGA 00:02.0 VGA compatible controller [0300]: Intel Corporation 3rd Gen Core processor Graphics Controller [8086:0166] (rev 09) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1573959 Title: On-screen text disappears after suspend To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xserver-xorg-video-intel/+bug/1573959/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1706900] Re: CVE-2016-9877 RabbitMQ authentication vulnerability
Thanks for fixing so quickly once this ticket was raised!
I have questions though about the time before.
rabbitmq-server is in the Canonical-supported 'main' repo of two active
Ubuntu LTS releases. In Dec 2016, a security issue and a patch are
published upstream, rated 'critical'. Debian rates it as 'high' and
releases updates within a month. At some point in time (I can't way
when), the issue appears in Ubuntu's CVE tracker (see above) and gets
marked 'medium'. Other than that, nothing happens at Ubuntu until a
random user (me) stumbles upon it and files this very bug report.
- Why was this bug rated lower than upstream ('medium' rather than 'critical')?
- What is the CVE tracker for, if not triggering the process leading to
security updates where necessary?
- Are there targets defined/documented somewhere, how quickly upstream security
patches ought to be integrated into 'main' LTS packages?
- Assuming we agree that 7 month is too long (right?), what is being done to
make sure those targets are met?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1706900
Title:
CVE-2016-9877 RabbitMQ authentication vulnerability
To manage notifications about this bug go to:
https://bugs.launchpad.net/rabbitmq/+bug/1706900/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1706900] Re: CVE-2016-9877 RabbitMQ authentication vulnerability
Please bump the importance to "High". This is a trivially and remotely exploitable authentication bypass, and it's classified "Critical" upstream, and "High" over at Debian. This bug was raised and fixed upstream last year. Debian backported the fix in January. Since when are you aware of it? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1706900 Title: CVE-2016-9877 RabbitMQ authentication vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/rabbitmq/+bug/1706900/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1706900] Re: CVE-2016-9877 RabbitMQ authentication vulnerability
** Bug watch added: github.com/rabbitmq/rabbitmq-mqtt/issues #96 https://github.com/rabbitmq/rabbitmq-mqtt/issues/96 ** Also affects: rabbitmq via https://github.com/rabbitmq/rabbitmq-mqtt/issues/96 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1706900 Title: CVE-2016-9877 RabbitMQ authentication vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/rabbitmq/+bug/1706900/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1706900] [NEW] CVE-2016-9877 RabbitMQ authentication vulnerability
*** This bug is a security vulnerability *** Public security bug reported: https://pivotal.io/security/cve-2016-9877 "MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected." Affects RabbitMQ "3.x versions prior to 3.5.8" Ubuntu's Xenial repos are currently offering 3.5.7-1ubuntu0.16.04.1, and according to its changelog, Pivotal's fix for CVE-2016-9877 has not been included. ** Affects: rabbitmq Importance: Unknown Status: Unknown ** Affects: rabbitmq-server (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1706900 Title: CVE-2016-9877 RabbitMQ authentication vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/rabbitmq/+bug/1706900/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1528857] [NEW] lrzip freezes on low memory
Public bug reported: We use lrzip to compress large logs with an hourly cronjob. The server is sometimes short of memory. Occasionally lrzip freezes. Usually it just hangs doing nothing, "strace -p $PID" just showing "WAIT(...". Every now and then it's consuming 100% CPU doing this ad infinitum: -- mmap(NULL, 776081408, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) mmap(NULL, 775950336, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) mmap(NULL, 775950336, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) brk(0x2fb42000) = 0x1742000 -- Instead, lrzip should exit with a non-zero exit code so the situation can be dealt with properly. He would prefer to use lrzip to archive our data, but because of this bug we had to revert back to gzip/bzip2 :-( This is lrzip 0.608-1 on Ubuntu 12.04.5 (precise) ** Affects: lrzip (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528857 Title: lrzip freezes on low memory To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lrzip/+bug/1528857/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1267059] Re: "Unattended-Upgrade::Remove-Unused-Dependencies" does not work
Nice to see that a LTS-killing bug is taken seriously (after 2 years). What about Precise? It is affected and has still 1.5y to live. (Though one might argue that any affected Precise machine must be either dead or manually patched by now) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1267059 Title: "Unattended-Upgrade::Remove-Unused-Dependencies" does not work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1267059/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1467936] [NEW] Please provide s3cmd 1.5.2 as backport so that it can be used with newer AWS regions
Public bug reported: New AWS regions like eu-central-1 (Frankfurt) only support the most recent version of their authentication scheme AWS Signature V4 [1]. s3cmd supports V4 from 1.5.2 onwards [2]. Please provide s3cmd = 1.5.2 as backport, at least for Trusty, such that it can use the new S3 regions. Alternatively provide a PPA. [1] https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html [2] https://github.com/s3tools/s3cmd/issues/402 ** Affects: s3cmd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1467936 Title: Please provide s3cmd 1.5.2 as backport so that it can be used with newer AWS regions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/s3cmd/+bug/1467936/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1267059] Re: Unattended-Upgrade::Remove-Unused-Dependencies does not work
Each day this bug breaks more Ubuntu servers that do unattended- upgrades, in particular cloud servers with 100GB rootfs. I alone have a few dozens affected machines. And it's not totally trivial for Admin Average to diagnose the inode shortage, realize it's flooded with linux-headers packages, and to convince apt-get (potentially stuck in 'broken dependancies') to clean up. I think this is more impartant than medium, at least for Precise/LTS. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1267059 Title: Unattended-Upgrade::Remove-Unused-Dependencies does not work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1267059/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1267059] Re: Unattended-Upgrade::Remove-Unused-Dependencies does not work
Note that situation #1089195 is another possible outcome of this bug. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1267059 Title: Unattended-Upgrade::Remove-Unused-Dependencies does not work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1267059/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1089195] Re: linux-headers will eat your inodes on LTS.
This issue made an upgrade fail in the middle which left my system (12.04.5 LTS) with broken dependancies that are not trivial to solve: apt-get -f install fails due to lack of inodes. apt-get autoremove refuses to run due to broken deps, and so does apt-get remove -f $SOME_OLD_KERNEL_PACKGES. In my case, the depending packages were luckily meta-packages (linux- headers-server linux-server), so i could remove -f them, then autoremove worked again a threw away lots of old header packages, then re-install linux-headers-server linux-server and finally upgrade. Not sure how an unexperienced user is supposed to go about such a situation. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1089195 Title: linux-headers will eat your inodes on LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1089195/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1089195] Re: linux-headers will eat your inodes on LTS.
Note that automatic updates (e.g. unattended-upgrades) will even more likely bring you into this situation. And because of bug #1267059, even then you set 'Unattended-Upgrade::Remove-Unused-Dependencies true'. Not good for a LTS. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1089195 Title: linux-headers will eat your inodes on LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1089195/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1267059] Re: Unattended-Upgrade::Remove-Unused-Dependencies does not work
I had a quick glance at /usr/bin/unattended-upgrade, and it looks like that Unattended-Upgrade::Remove-Unused-Dependencies only autoremoves dependancies that have become auto-removeable during *this* very run of unattended-upgrade! Anything that had already been auto-removeable before invokation of /usr/bin/unattended-upgrade will not get autoremoved by unattended-upgrade. (See lists pkgs_auto_removable set in line 706, now_auto_removable set in line 817, and only their difference being autoremoved in line 819) Is that correct? If this is the intended functionality of Unattended-Upgrade::Remove-Unused-Dependencies, then this is not a bug with unattended-upgrade, but with its documentation. /etc/apt/apt.conf.d/50unattended-upgrades says // Do automatic removal of new unused dependencies after the upgrade // (equivalent to apt-get autoremove) Unattended-Upgrade::Remove-Unused-Dependencies true; But it's actually only equivalent to apt-get autoremove if there was nothing to be autoremoved beforehand. That should be clarified. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1267059 Title: Unattended-Upgrade::Remove-Unused-Dependencies does not work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1267059/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1267059] [NEW] Unattended-Upgrade::Remove-Unused-Dependencies does not work
Public bug reported: I have a system that runs unattended-upgrades just fine. Now i want to automate removal of old kernels and kernel header packages that are accumulating otherwise. So i set 'Unattended-Upgrade::Remove-Unused- Dependencies true;'. But it doesn't work. Details: Lots of stuff pending autoremoval: $ apt-get --assume-no autoremove Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED linux-headers-3.2.0-38 linux-headers-3.2.0-38-generic linux-headers-3.2.0-39 linux-headers-3.2.0-39-generic linux-headers-3.2.0-40 linux-headers-3.2.0-40-generic linux-headers-3.2.0-41 linux-headers-3.2.0-41-generic linux-headers-3.2.0-43 linux-headers-3.2.0-43-generic linux-headers-3.2.0-44 linux-headers-3.2.0-44-generic linux-headers-3.2.0-45 linux-headers-3.2.0-45-generic linux-headers-3.2.0-48 linux-headers-3.2.0-48-generic linux-headers-3.2.0-51 linux-headers-3.2.0-51-generic linux-headers-3.2.0-52 linux-headers-3.2.0-52-generic linux-headers-3.2.0-53 linux-headers-3.2.0-53-generic linux-headers-3.2.0-54 linux-headers-3.2.0-54-generic linux-headers-3.2.0-55 linux-headers-3.2.0-55-generic linux-headers-3.2.0-56 linux-headers-3.2.0-56-generic linux-image-3.2.0-39-generic linux-image-3.2.0-40-generic linux-image-3.2.0-41-generic linux-image-3.2.0-43-generic linux-image-3.2.0-44-generic linux-image-3.2.0-45-generic linux-image-3.2.0-48-generic linux-image-3.2.0-51-generic linux-im age-3.2.0-52-generic linux-image-3.2.0-53-generic linux-image-3.2.0-54-generic linux-image-3.2.0-55-generic linux-image-3.2.0-56-generic 0 upgraded, 0 newly installed, 41 to remove and 13 not upgraded. After this operation, 2,893 MB disk space will be freed. Do you want to continue [Y/n]? N Abort. Note that the majority of these packages have been installed by unattended-upgrades from precise-security. According to the comments within/etc/apt/apt.conf.d/50unattended- upgrades, this should automate autoremoval: // Do automatic removal of new unused dependencies after the upgrade // (equivalent to apt-get autoremove) Unattended-Upgrade::Remove-Unused-Dependencies true; but nothing happens (note the line Packages that are auto removed: '' : $ unattended-upgrades --debug --dry-run Initial blacklisted packages: Starting unattended upgrades script Allowed origins are: ['o=Ubuntu,a=precise-security'] adjusting candidate version: 'Version: package:'accountsservice' version:'0.6.15-2ubuntu9.6.1'' adjusting candidate version: 'Version: package:'libaccountsservice0' version:'0.6.15-2ubuntu9.6.1'' adjusting candidate version: 'Version: package:'libdrm-intel1' version:'2.4.43-0ubuntu0.0.3'' adjusting candidate version: 'Version: package:'libdrm-nouveau1a' version:'2.4.43-0ubuntu0.0.3'' adjusting candidate version: 'Version: package:'libdrm-radeon1' version:'2.4.43-0ubuntu0.0.3'' adjusting candidate version: 'Version: package:'libdrm2' version:'2.4.43-0ubuntu0.0.3'' Checking: bc ([Origin component:'main' archive:'precise-updates' origin:'Ubuntu' label:'Ubuntu' site:'gb.archive.ubuntu.com' isTrusted:True]) Checking: grub-common ([Origin component:'main' archive:'precise-updates' origin:'Ubuntu' label:'Ubuntu' site:'gb.archive.ubuntu.com' isTrusted:True]) Checking: grub-pc ([Origin component:'main' archive:'precise-updates' origin:'Ubuntu' label:'Ubuntu' site:'gb.archive.ubuntu.com' isTrusted:True]) Checking: grub-pc-bin ([Origin component:'main' archive:'precise-updates' origin:'Ubuntu' label:'Ubuntu' site:'gb.archive.ubuntu.com' isTrusted:True]) Checking: grub2-common ([Origin component:'main' archive:'precise-updates' origin:'Ubuntu' label:'Ubuntu' site:'gb.archive.ubuntu.com' isTrusted:True]) Checking: iproute ([Origin component:'main' archive:'precise-updates' origin:'Ubuntu' label:'Ubuntu' site:'gb.archive.ubuntu.com' isTrusted:True]) Checking: landscape-common ([Origin component:'main' archive:'precise-updates' origin:'Ubuntu' label:'Ubuntu' site:'gb.archive.ubuntu.com' isTrusted:True]) pkgs that look like they should be upgraded: Fetched 0 B in 0s (0 B/s) blacklist: [] Packages that are auto removed: '' InstCount=0 DelCount=0 BrokenCout=0 No packages found that can be upgraded unattended I am using unattended-upgrades-0.76ubuntu1 on Ubuntu 12.04.3 LTS ** Affects: unattended-upgrades (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1267059 Title: Unattended-Upgrade::Remove-Unused-Dependencies does not work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1267059/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com
[Bug 987212] Re: Wireless printer Processing - Unable to locate printer.
I have a similar issue on Raring: i cannot print on my HP OfficeJet 4500 after the machine was suspended at least once. Cups would say Unable to find printer. After restarting avahi i can print again: sudo restart avahi-daemon I am happy to assist debugging this, e.g. providing logs or network dumps. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/987212 Title: Wireless printer Processing - Unable to locate printer. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/987212/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 987212] Re: Wireless printer Processing - Unable to locate printer.
I have to correct my above last comment: there is only a very short duration after reboot that i can print. Effectively i have to restart avahi before each print (or to un-stuck a queued job). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/987212 Title: Wireless printer Processing - Unable to locate printer. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/987212/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1132555] Re: mission-control-5 crashed with SIGSEGV in g_slist_find()
It's not fixed for me either. Fully patched 13.04 with Gnome 3.8 from PPA. Seems to only happen when starting gnome shell, not in Unity. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1132555 Title: mission-control-5 crashed with SIGSEGV in g_slist_find() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/telepathy-mission-control-5/+bug/1132555/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1023360] Re: Comments longer than 1024 chars break sshd_config
Upstream provided a patch ( https://bugzilla.mindrot.org/attachment.cgi?id=2174 ). It will go into OpenSSH 6.1. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1023360 Title: Comments longer than 1024 chars break sshd_config To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1023360/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023360] Re: Comments longer than 1024 chars break sshd_config
Upstream provided a patch ( https://bugzilla.mindrot.org/attachment.cgi?id=2174 ). It will go into OpenSSH 6.1. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1023360 Title: Comments longer than 1024 chars break sshd_config To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1023360/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1023360] [NEW] Comments longer than 1024 chars break sshd_config
Public bug reported: When sshd_config contains a comment of more than 1023 chars, it treats char 1024+ as valid configuration. That usually breaks the config, or (in case there accidentally is valid sshd_config syntax) is unwanted. To verify the bug, apply appended patch to sshd_config (that prepends a long comment) and try to start ssh. You will see this: $ sudo /usr/sbin/sshd /etc/ssh/sshd_config: line 2: Bad configuration option: ThisIsAnInvalidOption /etc/ssh/sshd_config: terminating, 1 bad configuration options Note that it complains about line 2 though the offending comment is in line 1. It is worth mentioning that active configuration lines longer than 1023 chars work fine. (I discovered this bug when i commented out a long Match Address list) This bug strikes at on * openssh-server 1:5.3p1-3ubuntu7 (Ubuntu 10.04 LTS) * openssh-server 1:5.8p1-7ubuntu1 (Ubuntu 11.10) * openssh-server 1:5.9p1-5ubuntu1 (Ubuntu 12.04 LTS) ** Affects: openssh (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1023360 Title: Comments longer than 1024 chars break sshd_config To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1023360/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023360] Re: Comments longer than 1024 chars break sshd_config
** Patch added: Prepends a comment longer than 1024 chars to sshd_config https://bugs.launchpad.net/bugs/1023360/+attachment/3219642/+files/sshd_config-longcomment.patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1023360 Title: Comments longer than 1024 chars break sshd_config To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1023360/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023360] Re: Comments longer than 1024 chars break sshd_config
(Removed patch tag. It actually is a patch file, but only to illustrate the bug, not to be applied to the source, it doesn't need review) ** Tags removed: patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1023360 Title: Comments longer than 1024 chars break sshd_config To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1023360/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023360] Re: Comments longer than 1024 chars break sshd_config
The bug is present upstream as well, i filed it there too: https://bugzilla.mindrot.org/show_bug.cgi?id=2025 ** Bug watch added: OpenSSH Portable Bugzilla #2025 https://bugzilla.mindrot.org/show_bug.cgi?id=2025 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1023360 Title: Comments longer than 1024 chars break sshd_config To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1023360/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1023360] [NEW] Comments longer than 1024 chars break sshd_config
Public bug reported: When sshd_config contains a comment of more than 1023 chars, it treats char 1024+ as valid configuration. That usually breaks the config, or (in case there accidentally is valid sshd_config syntax) is unwanted. To verify the bug, apply appended patch to sshd_config (that prepends a long comment) and try to start ssh. You will see this: $ sudo /usr/sbin/sshd /etc/ssh/sshd_config: line 2: Bad configuration option: ThisIsAnInvalidOption /etc/ssh/sshd_config: terminating, 1 bad configuration options Note that it complains about line 2 though the offending comment is in line 1. It is worth mentioning that active configuration lines longer than 1023 chars work fine. (I discovered this bug when i commented out a long Match Address list) This bug strikes at on * openssh-server 1:5.3p1-3ubuntu7 (Ubuntu 10.04 LTS) * openssh-server 1:5.8p1-7ubuntu1 (Ubuntu 11.10) * openssh-server 1:5.9p1-5ubuntu1 (Ubuntu 12.04 LTS) ** Affects: openssh (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1023360 Title: Comments longer than 1024 chars break sshd_config To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1023360/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1023360] Re: Comments longer than 1024 chars break sshd_config
** Patch added: Prepends a comment longer than 1024 chars to sshd_config https://bugs.launchpad.net/bugs/1023360/+attachment/3219642/+files/sshd_config-longcomment.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1023360 Title: Comments longer than 1024 chars break sshd_config To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1023360/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1023360] Re: Comments longer than 1024 chars break sshd_config
(Removed patch tag. It actually is a patch file, but only to illustrate the bug, not to be applied to the source, it doesn't need review) ** Tags removed: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1023360 Title: Comments longer than 1024 chars break sshd_config To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1023360/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1023360] Re: Comments longer than 1024 chars break sshd_config
The bug is present upstream as well, i filed it there too: https://bugzilla.mindrot.org/show_bug.cgi?id=2025 ** Bug watch added: OpenSSH Portable Bugzilla #2025 https://bugzilla.mindrot.org/show_bug.cgi?id=2025 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1023360 Title: Comments longer than 1024 chars break sshd_config To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1023360/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 296867] Re: empathy needs to support OTR encryption
+1 I am tired of pidgin and very interested in Empathy. But i depend on OTR, so i cannot switch. I know 5 others in my local geekosphere who have the same. OTR is unaware of the layer below. That makes it clumsy or unelegant to implement for an individual protocol like XMPP. But at the same thime this is a strength: a multi-protocol IM client with OTR has end-to-end security with the same key pair on all protocols used. And that is elegant again :-) Calling that broken by design is a narrow view and missing the point of OTR. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/296867 Title: empathy needs to support OTR encryption To manage notifications about this bug go to: https://bugs.launchpad.net/empathy/+bug/296867/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 365300] Re: Randomly I get double clicks when I do a single click.
Me too: Lucid 10.04 x32 on a MacBook 1.1. The problem is heavy on the MacBook's touchpad (05ac:0218 Apple, Inc.), but is not present with a (very old) USB IBM mouse (04b3:3107 IBM Corp. ThinkPad 800dpi Optical Travel Mouse) I find the hypothesis quite convincing that it is common for mice to signal false double-events which then get filtered by the driver, but that Ubuntu's unintented-double-click-filter is bad or broken. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/365300 Title: Randomly I get double clicks when I do a single click. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xserver-xorg-input-evdev/+bug/365300/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 769213] [NEW] trac-accountmanager dies on login with AttributeError: 'NoneType' object has no attribute 'encode'
Public bug reported:
Binary package hint: trac-accountmanager
When trac-accountmanager is installed and enabled, login and password-
reset fail with
AttributeError: 'NoneType' object has no attribute 'encode'
This is a know bug which is fixed upstream, see http://trac-
hacks.org/ticket/6453. The patch described there works well for me when
applied to /usr/share/pyshared/acct_mgr/pwhash.py:
On line 45 of acct_mgr.pwhash change:
realm = Option('account-manager', 'htdigest_realm')
to
realm = Option('account-manager', 'htdigest_realm', '')
I am talking Lucid (x86_64) with trac-0.11.7-1 and
trac-accountmanager-0.2.1+r7163-1
** Affects: trac-accountmanager (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/769213
Title:
trac-accountmanager dies on login with AttributeError: 'NoneType'
object has no attribute 'encode'
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 769213] Re: trac-accountmanager dies on login with AttributeError: 'NoneType' object has no attribute 'encode'
The issue solved in Debian stable http://bugs.debian.org/cgi- bin/bugreport.cgi?bug=572167 and therefore probably also in Maverick and Natty which have already synced Debian's trac- accountmanager-0.2.1+r7731-1. Would be great if you could sync that down to lucid/universe or lucid- backports/universe too. ** Bug watch added: Debian Bug tracker #572167 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572167 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/769213 Title: trac-accountmanager dies on login with AttributeError: 'NoneType' object has no attribute 'encode' -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 716767] [NEW] clamav-daemon does not start because of Malformed database daily.cvd
Public bug reported:
Binary package hint: clamav
Tonight, two independent clamav-daemon installation died after clamav-
freshclam updated daily.cvd from 12660 to 12662. This currently stops
two MTAs from working.
* Ubuntu 8.04.4 LTS 32bit, fully updated
* clamav, clamav-{base,daemon,freshclam} 0.95.3+dfsg-1ubuntu0.09.04~hardy2.5
This happens if i try to start clamav-daemon:
admin-nt@scanner:~$ sudo /etc/init.d/clamav-daemon start
* Starting ClamAV daemon clamd
LibClamAV Warning: ***
LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
LibClamAV Warning: ***
LibClamAV Error: cli_hex2str(): Malformed hexstring: eb0668[4-4]c3 (length:
13)
LibClamAV Error: Problem parsing database at line 875
LibClamAV Error: Can't load
/tmp/clamav-a3833163ebf888ba6bf7fee338f86f86/daily.ndb: Malformed database
LibClamAV Error: Can't load /var/lib/clamav/daily.cvd: Malformed database
ERROR: Malformed database
I find this in /var/log/clamav/clamav.log :
Fri Feb 11 00:21:38 2011 - +++ Started at Fri Feb 11 00:21:38 2011
Fri Feb 11 00:21:38 2011 - clamd daemon 0.95.3 (OS: linux-gnu, ARCH: i386,
CPU: i486)
Fri Feb 11 00:21:38 2011 - Log file size limit disabled.
Fri Feb 11 00:21:38 2011 - Reading databases from /var/lib/clamav
Fri Feb 11 00:21:38 2011 - Not loading PUA signatures.
Fri Feb 11 00:21:38 2011 - ERROR: Malformed database
Another freshclam run updates daily.cvd further to 12663, but the issue
is the same.
When i remove /var/lib/clamav/daily.cvd i can start clamav-daemon again,
but i understand that it it then it only runs on the outdated main.cld
from 2010/11/14.
How do i revert to working daily.cvd ver. 12660?
** Affects: clamav (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to clamav in ubuntu.
https://bugs.launchpad.net/bugs/716767
Title:
clamav-daemon does not start because of Malformed database daily.cvd
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 716767] Re: clamav-daemon does not start because of Malformed database daily.cvd
http://lurker.clamav.net/thread/20110210.220142.cd1f5f0d.en.html -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to clamav in ubuntu. https://bugs.launchpad.net/bugs/716767 Title: clamav-daemon does not start because of Malformed database daily.cvd -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 716767] Re: clamav-daemon does not start because of Malformed database daily.cvd
I bet many MTAs die tonight. E.g. that one http://hup.hu/node/99147 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to clamav in ubuntu. https://bugs.launchpad.net/bugs/716767 Title: clamav-daemon does not start because of Malformed database daily.cvd -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 716767] Re: clamav-daemon does not start because of Malformed database daily.cvd
OK, they published daily.cvd 12664 which works now, clamav-daemon starts again. Seems to have been an upstream problem at ClamAV which they fixed. I assume you can close this ticket. Sorry for the noise. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to clamav in ubuntu. https://bugs.launchpad.net/bugs/716767 Title: clamav-daemon does not start because of Malformed database daily.cvd -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 716767] [NEW] clamav-daemon does not start because of Malformed database daily.cvd
Public bug reported:
Binary package hint: clamav
Tonight, two independent clamav-daemon installation died after clamav-
freshclam updated daily.cvd from 12660 to 12662. This currently stops
two MTAs from working.
* Ubuntu 8.04.4 LTS 32bit, fully updated
* clamav, clamav-{base,daemon,freshclam} 0.95.3+dfsg-1ubuntu0.09.04~hardy2.5
This happens if i try to start clamav-daemon:
admin-nt@scanner:~$ sudo /etc/init.d/clamav-daemon start
* Starting ClamAV daemon clamd
LibClamAV Warning: ***
LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
LibClamAV Warning: ***
LibClamAV Error: cli_hex2str(): Malformed hexstring: eb0668[4-4]c3 (length:
13)
LibClamAV Error: Problem parsing database at line 875
LibClamAV Error: Can't load
/tmp/clamav-a3833163ebf888ba6bf7fee338f86f86/daily.ndb: Malformed database
LibClamAV Error: Can't load /var/lib/clamav/daily.cvd: Malformed database
ERROR: Malformed database
I find this in /var/log/clamav/clamav.log :
Fri Feb 11 00:21:38 2011 - +++ Started at Fri Feb 11 00:21:38 2011
Fri Feb 11 00:21:38 2011 - clamd daemon 0.95.3 (OS: linux-gnu, ARCH: i386,
CPU: i486)
Fri Feb 11 00:21:38 2011 - Log file size limit disabled.
Fri Feb 11 00:21:38 2011 - Reading databases from /var/lib/clamav
Fri Feb 11 00:21:38 2011 - Not loading PUA signatures.
Fri Feb 11 00:21:38 2011 - ERROR: Malformed database
Another freshclam run updates daily.cvd further to 12663, but the issue
is the same.
When i remove /var/lib/clamav/daily.cvd i can start clamav-daemon again,
but i understand that it it then it only runs on the outdated main.cld
from 2010/11/14.
How do i revert to working daily.cvd ver. 12660?
** Affects: clamav (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/716767
Title:
clamav-daemon does not start because of Malformed database daily.cvd
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 716767] Re: clamav-daemon does not start because of Malformed database daily.cvd
I bet many MTAs die tonight. E.g. that one http://hup.hu/node/99147 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/716767 Title: clamav-daemon does not start because of Malformed database daily.cvd -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 716767] Re: clamav-daemon does not start because of Malformed database daily.cvd
http://lurker.clamav.net/thread/20110210.220142.cd1f5f0d.en.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/716767 Title: clamav-daemon does not start because of Malformed database daily.cvd -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 716767] Re: clamav-daemon does not start because of Malformed database daily.cvd
OK, they published daily.cvd 12664 which works now, clamav-daemon starts again. Seems to have been an upstream problem at ClamAV which they fixed. I assume you can close this ticket. Sorry for the noise. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/716767 Title: clamav-daemon does not start because of Malformed database daily.cvd -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 503467] Re: vmbuilder default account not well-documented
I ran into the same issue and only was lucky because i disable password based ssh login on my machines. This is a security issue, not wishlist, please change importance. Insecure defaults must be changed or at least very prominently warned about. Mentioning this behavior in the help page is not enough. One should ssh scan the cloud for this account ;-) -- vmbuilder default account not well-documented https://bugs.launchpad.net/bugs/503467 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to vm-builder in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 503467] Re: vmbuilder default account not well-documented
I ran into the same issue and only was lucky because i disable password based ssh login on my machines. This is a security issue, not wishlist, please change importance. Insecure defaults must be changed or at least very prominently warned about. Mentioning this behavior in the help page is not enough. One should ssh scan the cloud for this account ;-) -- vmbuilder default account not well-documented https://bugs.launchpad.net/bugs/503467 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 356702] Re: Tooltips stick when switching desktops (Compiz)
James Holland wrote on 2010-06-23: IMO tooltips here should be disabled completely as they give no useful information. +1 -- Tooltips stick when switching desktops (Compiz) https://bugs.launchpad.net/bugs/356702 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 570862] [NEW] No/misleading log messages when maxchild is hit
Public bug reported:
Binary package hint: cyrus-imapd-2.2
When imapd -s or pop3d -s hit maxchild, weird things happen:
* No warning about maxchild shows up in syslog's mail.debug;
* Clients do neither get a TCP reset nor a TLS error nor a IMAP error;
* After ages, the client gives up and throws a connection timeout message to
the user
* Eventually, mail.debug shows this:
Apr 26 13:49:23 mail2 cyrus/imaps[7287]: idle for too long, closing connection
Apr 26 13:49:23 mail2 cyrus/imaps[7287]: accepted connection
Apr 26 13:49:23 mail2 cyrus/imaps[7287]: imaps TLS negotiation failed:
[XX.XX.XX.XX]
Apr 26 13:49:23 mail2 cyrus/imaps[7287]: Fatal error: tls_start_servertls()
failed
Apr 26 13:49:23 mail2 cyrus/master[19824]: process 7287 exited, status 75
Apr 26 13:49:23 mail2 cyrus/master[19824]: service imaps pid 7287 in BUSY
state: terminated abnormally
or
Apr 27 11:40:15 mail2 cyrus/pop3s[24466]: pop3s failed: [XX.XX.XX.XX]
Apr 27 11:40:15 mail2 cyrus/pop3s[24466]: Fatal error: tls_start_servertls()
failed
Apr 27 11:40:15 mail2 cyrus/master[19824]: process 24466 exited, status 75
Apr 27 11:40:15 mail2 cyrus/master[19824]: service pop3s pid 24466 in BUSY
state: terminated abnormally
which is totally misleading because one starts debugging TLS. Instead, i
would expect cyrus-imapd to
* log a warning like maxchild=100 reached to make the admin aware that he
might want to increase some maxchild limits in /etc/cyrus.conf
* cut the connection to the client either on TCP level (reset), TLS level or
IMAP level
I am not the first one running into this issue, see
http://markmail.org/message/hfg6pag63bm23d5o
I am using cyrus-{imapd,pop3d}-2.2 version 2.2.13-13ubuntu3 on Ubuntu
8.04.4 LTS
** Affects: cyrus-imapd-2.2 (Ubuntu)
Importance: Undecided
Status: New
--
No/misleading log messages when maxchild is hit
https://bugs.launchpad.net/bugs/570862
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 570862] Re: No/misleading log messages when maxchild is hit
I filed it upstream too: https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3207 Hope that is the right thing to do ...? ** Bug watch added: bugzilla.andrew.cmu.edu/ #3207 https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3207 -- No/misleading log messages when maxchild is hit https://bugs.launchpad.net/bugs/570862 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 535029] [NEW] [LUCID] OpenSSH 5.4p1
Public bug reported: This is for the Lucid wishlist, i hope it's correct to do it here: Please upgrade Lucid's OpenSSH package to upstream's 5.4p1. It has some very useful new features, e.g. a minimal certificate format, a netcat mode and setting the umask for sftp-server (am waiting for a long time for the latter). See https://launchpad.net/openssh/+milestone/5.4p1 and http://www.openssh.com/txt/release-5.4 . ** Affects: openssh (Ubuntu) Importance: Undecided Status: New -- [LUCID] OpenSSH 5.4p1 https://bugs.launchpad.net/bugs/535029 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 535029] Re: Update to OpenSSH 5.4p1
Colin: understood. But that means that LTS will lack those features for another 2 years :( Particularly the certificate and the umask feature are interesting for server installations. -- Update to OpenSSH 5.4p1 https://bugs.launchpad.net/bugs/535029 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 535029] [NEW] [LUCID] OpenSSH 5.4p1
Public bug reported: This is for the Lucid wishlist, i hope it's correct to do it here: Please upgrade Lucid's OpenSSH package to upstream's 5.4p1. It has some very useful new features, e.g. a minimal certificate format, a netcat mode and setting the umask for sftp-server (am waiting for a long time for the latter). See https://launchpad.net/openssh/+milestone/5.4p1 and http://www.openssh.com/txt/release-5.4 . ** Affects: openssh (Ubuntu) Importance: Undecided Status: New -- [LUCID] OpenSSH 5.4p1 https://bugs.launchpad.net/bugs/535029 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 535029] Re: Update to OpenSSH 5.4p1
Colin: understood. But that means that LTS will lack those features for another 2 years :( Particularly the certificate and the umask feature are interesting for server installations. -- Update to OpenSSH 5.4p1 https://bugs.launchpad.net/bugs/535029 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
