[Bug 1788321] Re: swapon failed: invalid argument
Maybe this is the fix: x86/speculation/l1tf: fix overflow on l1tf_pfn_limit() on 32bit https://lkml.org/lkml/2018/8/20/222 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1788321 Title: swapon failed: invalid argument To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1788321/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1788321] Re: swapon failed: invalid argument
On Xenial, update to "linux-image-4.4.0-135-generic 4.4.0-135.161" did not fix the problem, but I noticed a message, that might be related to the issue: [3.083083] Truncating oversized swap area, only using 0k out of 261116k -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1788321 Title: swapon failed: invalid argument To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1788321/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1788321] Re: swapon failed: invalid argument
This is the failing "swapon" sequence from updated Xenial i386 on vmware: 3915 open("/dev/sda2", O_RDONLY|O_LARGEFILE) = 3 3915 uname({sysname="Linux", nodename="v3ls1717", ...}) = 0 3915 ioctl(3, BLKGETSIZE64, [535822336]) = 0 3915 read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 65536) = 65536 3915 close(3) = 0 3915 swapon("/dev/sda2", 0)= -1 EINVAL (Invalid argument) Sequence is identical to other, native/amd64 system with same kernel version but without the problem where swapon() will return 0. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1788321 Title: swapon failed: invalid argument To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1788321/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481871] Re: apt-key del silently fails to delete keys due to limited understanding of GPG key ID formats
Just as a side note: 1) apt-key via debootstrap is currently broken on Bionic anyway (gpgv1 to gpgv2 side effects probably), see https://bugs.launchpad.net/ubuntu/+source/debootstrap/+bug/1767319 2) apt-key seems to be deprecated and should not be used any more on newer systems, so maybe the bug is a good starter for enforcing deprecation after bionic: https://lists.gnupg.org/pipermail/gnupg- users/2018-May/060428.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481871 Title: apt-key del silently fails to delete keys due to limited understanding of GPG key ID formats To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1481871/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1767319] [NEW] debootstrap on Xenial creates broken install for Bionic related to gnupg1/gnupg2 apt-key dependencies
Public bug reported: "debootstrap bionic" run on Ubuntu Xenial will create a bootstrap installation missing any gnupg (not gpgv) tools. Thus continuing installation from the bootstrapped installation using own debian package archives will fail, as that would require adding of public keys for the private repository. Due to "apt-key" needing gnupg for internal operation, adding keys and thus installation will fail. Reproduce: run debootstrap and check if "apt-key list" works or "gpg" is installed afterwards. Expected behaviour: Debootstrap installation can be used as template for further setup or as LXC guest without additional modifications. This bug could also be seen as a missing dependency on "apt" package, but not sure if it was omitted on purpose. $ lsb_release -rd Description:Ubuntu 16.04.4 LTS Release:16.04 $ apt-cache policy debootstrap debootstrap: Installed: 1.0.78+nmu1ubuntu1.5 Candidate: 1.0.78+nmu1ubuntu1.5 Version table: *** 1.0.78+nmu1ubuntu1.5 500 500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages 100 /var/lib/dpkg/status 1.0.78+nmu1ubuntu1 500 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages ** Affects: debootstrap (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767319 Title: debootstrap on Xenial creates broken install for Bionic related to gnupg1/gnupg2 apt-key dependencies To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debootstrap/+bug/1767319/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1589083] Re: crypsetup hangs when only cryptsetup-bin is installed
Preloading the attached shared library solves the hang on non-udev initrds. Compile with gcc -shared -fPIC -o no-udev.so UdevDisableLib.c -ldl Difference seems to be that /dev/mapper/ entries are created a s block devices, not symlinks any more. But that does not hurt in my usecase (kexec will kill the whole initrd immediately afterwards). ** Attachment added: "UdevDisableLib.c" https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1589083/+attachment/5044911/+files/UdevDisableLib.c -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1589083 Title: crypsetup hangs when only cryptsetup-bin is installed To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1589083/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1742695] Re: apt-get update silently fails fetching security updates
** Changed in: apt (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1742695 Title: apt-get update silently fails fetching security updates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1742695/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1742695] Re: apt-get update silently fails fetching security updates
See also https://unix.stackexchange.com/questions/175146/apt-get-update-exit-status -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1742695 Title: apt-get update silently fails fetching security updates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1742695/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1742695] Re: apt-get update silently fails fetching security updates
Here the output: # apt-get update Err:3 http://mirror.[domain]/ubuntu xenial-security InRelease Unable to connect to mirror.[domain]:80: Reading package lists... Done ... W: Failed to fetch http://mirror.[domain]/ubuntu/dists/xenial-security/InRelease Unable to connect to mirror.[domain]:80: W: Some index files failed to download. They have been ignored, or old ones used instead. # echo $? 0 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1742695 Title: apt-get update silently fails fetching security updates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1742695/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1742695] [NEW] apt-get update silently fails fetching security updates
Public bug reported: On Ubuntu Xenial, apt-get fails silently when security update server cannot be reached. This state could be detected by scanning the apt-get output afterwards. But manually adding workarounds to each apt-get invocation in production automation is prone to error, thus leaving machines without security updates. Expected behaviour (e.g.): * 0 - all OK * 1 - temporary failure (e.g. network) * 2 - permanent failure Test: * Change your update server IP in /etc/hosts to something unreachable * Run apt-get update (might take a while) * Check exit status $ lsb_release -r -d Description:Ubuntu 16.04.3 LTS Release:16.04 rfiedler@n3ahit1403:~$ ii apt 1.2.24 amd64commandline package manager ** Affects: apt (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1742695 Title: apt-get update silently fails fetching security updates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1742695/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1692845] [NEW] Adding hosts not working due to js/prototype.js version mismatch: "Incorrect arguments passed to function."
Public bug reported: When attempting to create a new host configuration in Zabbix, an error is reported: "Incorrect arguments passed to function." On Ubuntu Xenial, zabbix-frontend-php /usr/share/zabbix/js/prototype.js is a symlink to the generic Ubuntu javascripts: /usr/share/zabbix/js/prototype.js -> ../../javascript/prototype/prototype.js ii libjs-prototyp 1.7.1-3 all JavaScript Framework for dynamic Upstream reports, that Zabbix 2.4.7 does not work with 1.7.1, 1.6.1 has to be used instead. See https://support.zabbix.com/browse/ZBX-9784 By removing the symlink and using the file ./zabbix-2.4.8/frontends/php/js/prototype.js from http://prdownloads.sourceforge.net/zabbix/zabbix-2.4.8.tar.gz?download everything works as expected again. ** Affects: zabbix (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1692845 Title: Adding hosts not working due to js/prototype.js version mismatch: "Incorrect arguments passed to function." To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zabbix/+bug/1692845/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1670619] Re: "git merge -s ours --no-commit FETCH_HEAD" segfaults with NULL-dereference
Bug seems to be fixed in newer version of git, see chat http://colabti.org/irclogger/irclogger_log/git?date=2017-03-07 Current trunk reports: "fatal: FETCH_HEAD - not something we can merge" -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1670619 Title: "git merge -s ours --no-commit FETCH_HEAD" segfaults with NULL- dereference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/git/+bug/1670619/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1670619] [NEW] "git merge -s ours --no-commit FETCH_HEAD" segfaults with NULL-dereference
Public bug reported: Following steps cause a segfault on 32/64bit Ubuntu Xenial: mkdir x y git init x git init y cd x git remote add y ../y git fetch y git merge -s ours --no-commit FETCH_HEAD $ lsb_release -rd Description:Ubuntu 16.04.2 LTS Release:16.04 $ apt-cache policy git git: Installed: 1:2.7.4-0ubuntu1 Candidate: 1:2.7.4-0ubuntu1 Version table: *** 1:2.7.4-0ubuntu1 500 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status ** Affects: git (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1670619 Title: "git merge -s ours --no-commit FETCH_HEAD" segfaults with NULL- dereference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/git/+bug/1670619/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542258] Re: [needs-packaging] logdata-anomaly-miner -- lightweight tool for log checking, log analysis
Package now available in yakkety: http://packages.ubuntu.com/yakkety/logdata-anomaly-miner ** Changed in: ubuntu Status: In Progress => Fix Released ** Package changed: ubuntu => logdata-anomaly-miner (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542258 Title: [needs-packaging] logdata-anomaly-miner -- lightweight tool for log checking, log analysis To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/logdata-anomaly-miner/+bug/1542258/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542258] Re: [needs-packaging] logdata-anomaly-miner -- lightweight tool for log checking, log analysis
See also https://irclogs.ubuntu.com/2016/08/03/%23ubuntu-motu.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542258 Title: [needs-packaging] logdata-anomaly-miner -- lightweight tool for log checking, log analysis To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/logdata-anomaly-miner/+bug/1542258/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1565585] Re: Old debmirrors don't support any of xenial's Translation-* compressions
Package installed on our package mirror, fixes the bug and allows to mirror Xenial from here on. (Mirror already filled, working). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1565585 Title: Old debmirrors don't support any of xenial's Translation-* compressions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debmirror/+bug/1565585/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1508737] Re: unix domain socket bind causes kernel audit NULL pointer deference
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1508737 Title: unix domain socket bind causes kernel audit NULL pointer deference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1508737/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1508737] Re: unix domain socket bind causes kernel audit NULL pointer deference
Rediscovered also on our systems, then found this bug report. Reproducer for Ubuntu Trusty LTS: auditctl -a always,exit -F arch=b64 -S bind #!/usr/bin/python2 -BEsSt import socket testSocket=socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) testSocket.bind('sock') # dmesg -c [ 145.499064] BUG: unable to handle kernel NULL pointer dereference at 0060 [ 145.499522] IP: [] d_path+0x24/0x120 [ 145.499815] PGD 3bfe8067 PUD 3d080067 PMD 0 [ 145.500236] Oops: [#1] SMP [ 145.500539] Modules linked in: nf_conntrack_netlink xt_multiport ppdev xt_hashlimit ipt_REJECT xt_tcpudp xt_NFLOG nfnetlink_log xt_conntrack iptable_filter iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat serio_raw nf_conntrack iptable_mangle ip_tables x_tables parport_pc i2c_piix4 parport video nfnetlink_acct mac_hid nfnetlink psmouse ahci libahci pata_acpi [ 145.502264] CPU: 0 PID: 1128 Comm: crash Not tainted 3.13.0-86-generic #130-Ubuntu [ 145.502264] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 145.502264] task: 88003a0cc800 ti: 88003d0d4000 task.ti: 88003d0d4000 [ 145.502264] RIP: 0010:[] [] d_path+0x24/0x120 [ 145.502264] RSP: 0018:88003d0d5db8 EFLAGS: 00010286 [ 145.502264] RAX: 88003795d00b RBX: 88003b937660 RCX: 05b5 [ 145.502264] RDX: 100b RSI: 88003795c000 RDI: [ 145.502264] RBP: 88003d0d5de0 R08: 00016040 R09: 88003e001200 [ 145.502264] R10: 810fb1d6 R11: 88003d0d5c06 R12: 88003b6420c0 [ 145.502264] R13: 88003b937660 R14: 88003b937400 R15: [ 145.502264] FS: 7f0280520740() GS:88003fc0() knlGS: [ 145.502264] CS: 0010 DS: ES: CR0: 8005003b [ 145.502264] CR2: 0060 CR3: 3cf68000 CR4: 06f0 [ 145.502264] DR0: DR1: DR2: [ 145.502264] DR3: DR6: fffe0ff0 DR7: 0400 [ 145.502264] Stack: [ 145.502264] 100b3b6420c0 88003795d00b 88003b937660 88003b937400 [ 145.502264] 88003795c000 88003d0d5e08 810fb1ee 88003b6420c0 [ 145.502264] 88003b937460 88003d0d5e78 810fc658 [ 145.502264] Call Trace: [ 145.502264] [] audit_log_d_path+0x5e/0xd0 [ 145.502264] [] audit_log_name+0x1b8/0x320 [ 145.502264] [] ? audit_buffer_free+0x73/0xa0 [ 145.502264] [] audit_log_exit+0x3d7/0xb90 [ 145.502264] [] __audit_syscall_exit+0x277/0x2d0 [ 145.502264] [] sysret_audit+0x17/0x21 [ 145.502264] Code: ff ff 0f 1f 44 00 00 0f 1f 44 00 00 55 48 63 c2 48 01 f0 48 89 e5 53 48 89 fb 48 83 ec 20 48 8b 7f 08 89 54 24 04 48 89 44 24 08 <48> 8b 4f 60 48 85 c9 74 23 48 8b 49 40 48 85 c9 74 1a 48 3b 7f [ 145.502264] RIP [] d_path+0x24/0x120 [ 145.502264] RSP [ 145.502264] CR2: 0060 [ 145.527823] ---[ end trace 0c532c3c01bea0ff ]--- # lsb_release -rd Description:Ubuntu 14.04.4 LTS Release:14.04 # cat /proc/version Linux version 3.13.0-86-generic (buildd@lgw01-19) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #130-Ubuntu SMP Mon Apr 18 18:27:15 UTC 2016 root@localhost:~# apt-cache policy linux-image-3.13.0-86-generic linux-image-3.13.0-86-generic: Installed: 3.13.0-86.130 Candidate: 3.13.0-86.130 Version table: *** 3.13.0-86.130 0 500 http://ubuntu-proxy-ehealth.d03.arc.local/ubuntu/ trusty-updates/main amd64 Packages 500 http://ubuntu-proxy-ehealth.d03.arc.local/ubuntu/ trusty-security/main amd64 Packages 100 /var/lib/dpkg/status ** Changed in: linux (Ubuntu) Status: Expired => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1508737 Title: unix domain socket bind causes kernel audit NULL pointer deference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1508737/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542258] Re: [needs-packaging] logdata-anomaly-miner -- lightweight tool for log checking, log analysis
** Changed in: ubuntu Status: New => In Progress ** Changed in: ubuntu Assignee: (unassigned) => Roman Fiedler (roman-fiedler) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542258 Title: [needs-packaging] logdata-anomaly-miner -- lightweight tool for log checking, log analysis To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/1542258/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542258] Re: [needs-packaging] logdata-anomaly-miner -- lightweight tool for log checking, log analysis
* Package available at: https://launchpad.net/~roman- fiedler/+archive/ubuntu/ppa/+packages -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542258 Title: [needs-packaging] logdata-anomaly-miner -- lightweight tool for log checking, log analysis To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/1542258/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542258] Re: [needs-packaging] logdata-anomaly-miner -- lightweight tool for log checking, log analysis
* Debian ITP: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813096 * Debian Mentoring: https://lists.debian.org/debian-mentors/2016/02/msg00021.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542258 Title: [needs-packaging] logdata-anomaly-miner -- lightweight tool for log checking, log analysis To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/1542258/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1542258] [NEW] [needs-packaging] logdata-anomaly-miner -- lightweight tool for log checking, log analysis
Public bug reported: Package name: logdata-anomaly-miner Version: 0.0 Upstream Author: Roman Fiedler <roman.fied...@ait.ac.at> URL: FIXME (see below) Sources URL: Mentoring: Best location? GIT preferred. License: GPLv3 Programming Lang: Python Description: logdata-anomaly-miner is a GUI-less server component to analyze log lines and detect anomalies via various methods: Dependencies: python Long description: logdata-anomaly-miner allows to create log analysis pipelines to analyze log data streams and detect violations or anomalies in it. It can be run from console, as daemon with e-mail alerting or embedded as library into own programs. It was designed to run the analysis with limited resources and lowest possible permissions to make it suitable for production server use. Analysis methods include: . * static check patterns similar to logcheck but with extended syntax and options. * detection of new data elements (IPs, user names, MAC addresses) * statistical anomalies in log line frequencies * correlation rules between log lines as described in th AECID approach http://dx.doi.org/10.1016/j.cose.2014.09.006 . The tool is suitable to replace logcheck but also to operate as a sensor feeding a SIEM. ** Affects: ubuntu Importance: Undecided Status: New ** Tags: needs-packaging ** Tags added: needs-packaging ** Bug watch added: Debian Bug tracker #813096 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813096 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1542258 Title: [needs-packaging] logdata-anomaly-miner -- lightweight tool for log checking, log analysis To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/1542258/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1308183] Re: make_kpkg runs postinst scripts
Having same problem on Ubuntu Trusty. Executing the following within unpacked kernel directory and before starting build seems to fix it: cat < arch/x86/boot/install.sh #!/bin/sh cp -a -- "\$2" "\$4/vmlinuz-\$1" EOF -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1308183 Title: make_kpkg runs postinst scripts To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kernel-package/+bug/1308183/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1476662] Re: lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor
Does https://lists.linuxcontainers.org/pipermail/lxc- users/2015-September/010131.html point to the same problem? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1476662 Title: lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1476662] Re: lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor
Does https://lists.linuxcontainers.org/pipermail/lxc- users/2015-September/010131.html point to the same problem? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1476662 Title: lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1476662] Re: lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor
I'm not so deep in LXC to know how the design/specification is done for that. Discussion of "features" might therefore suite the lxc-users mailing list better. The other thing is, if Ubuntu would treat that part of new behaviour of LXC affecting some users as "regression" and hence might act on that. I do not know, who would be up to decide that. Perhaps someone from Ubuntu could comment on that. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1476662 Title: lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1476662] Re: lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor
I'm not so deep in LXC to know how the design/specification is done for that. Discussion of "features" might therefore suite the lxc-users mailing list better. The other thing is, if Ubuntu would treat that part of new behaviour of LXC affecting some users as "regression" and hence might act on that. I do not know, who would be up to decide that. Perhaps someone from Ubuntu could comment on that. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1476662 Title: lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1451360] [NEW] Kernel OOPS in 3.13.0-51 due to NULL pointer after kernel upgrade
Public bug reported: After update, desktop and production machines, both using i386 and amd64 kernels fail. The crash may only occur after loading of syscall audit rules, hence boot up to initrd is still possible. Login is still possible but many integral functions fail, e.g. sending signals to processes. Also sudo is not working any more [ 64.447838] BUG: unable to handle kernel NULL pointer dereference at 068f [ 64.448715] IP: [8136cb80] strlen+0x0/0x30 [ 64.449533] PGD 0 [ 64.450315] Oops: [#15] SMP [ 64.451069] Modules linked in: pci_stub vboxpci(OX) vboxnetadp(OX) vboxnetflt(OX) vboxdrv(OX) nf_conntrack_netlink snd_hda_codec_hdmi xt_multiport arc4 xt_hashlimit ipt_REJECT xt_tcpudp xt_NFLOG nfnetlink_log nfnetlink xt_conntrack iptable_filter iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle ip_tables x_tables dell_wmi sparse_keymap ppdev dell_laptop dcdbas cdc_mbim cdc_wdm cdc_ncm btusb bluetooth usbnet mii uvcvideo iwlmvm videobuf2_vmalloc videobuf2_memops videobuf2_core mac80211 videodev snd_hda_codec_realtek intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm joydev serio_raw i915 iwlwifi drm_kms_helper snd_hda_intel snd_hda_codec snd_hwdep snd_pcm cfg80211 snd_page_alloc lpc_ich mei_me mei shpchp drm i2c_algo_bit snd_timer snd soundcore wmi parport_pc parport video mac_hid dm_crypt hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helpe r cryptd psmouse ahci libahci sdhci_pci sdhci e1000e ptp pps_core [ 64.456682] CPU: 1 PID: 1506 Comm: sudo Tainted: G DOX 3.13.0-51-generic #84-Ubuntu [ 64.457483] Hardware name: Dell Inc. [ 64.458281] task: 880037251800 ti: 8800368c4000 task.ti: 8800368c4000 [ 64.459095] RIP: 0010:[8136cb80] [8136cb80] strlen+0x0/0x30 [ 64.459901] RSP: 0018:8800368c5df0 EFLAGS: 00010286 [ 64.460707] RAX: 8800368c5d40 RBX: 068f RCX: [ 64.461522] RDX: 0037 RSI: 068f RDI: 068f [ 64.462331] RBP: 8800368c5e08 R08: R09: fffe [ 64.463141] R10: R11: 8800368c5c06 R12: 8800379c6680 [ 64.463951] R13: R14: 8802121a8000 R15: [ 64.464753] FS: 7fa9c5d73840() GS:88021ea8() knlGS: [ 64.465558] CS: 0010 DS: ES: CR0: 80050033 [ 64.466367] CR2: 068f CR3: 379b8000 CR4: 001407e0 [ 64.467189] DR0: DR1: DR2: [ 64.468003] DR3: DR6: fffe0ff0 DR7: 0400 [ 64.468803] Stack: [ 64.469596] 810f7fda 8800379c6680 8802121a8060 8800368c5e78 [ 64.470410] 810f9581 0246 81c55740 8800368c5e60 [ 64.471217] 0246 8800368c5ef0 8800368c5e60 810f6b93 [ 64.472024] Call Trace: [ 64.472829] [810f7fda] ? audit_log_untrustedstring+0x1a/0x30 [ 64.473643] [810f9581] audit_log_name+0x281/0x320 [ 64.474454] [810f6b93] ? audit_buffer_free+0x73/0xa0 [ 64.475267] [810fbe37] audit_log_exit+0x3d7/0xb90 [ 64.476079] [810fe5bf] __audit_syscall_exit+0x27f/0x2e0 [ 64.476889] [817331e4] sysret_audit+0x17/0x21 [ 64.477680] Code: 89 f8 48 89 e5 f6 82 40 c7 84 81 20 74 15 0f 1f 44 00 00 48 83 c0 01 0f b6 10 f6 82 40 c7 84 81 20 75 f0 5d c3 66 0f 1f 44 00 00 80 3f 00 55 48 89 e5 74 15 48 89 f8 0f 1f 40 00 48 83 c0 01 80 [ 64.479363] RIP [8136cb80] strlen+0x0/0x30 [ 64.480169] RSP 8800368c5df0 [ 64.480975] CR2: 068f [ 64.481784] ---[ end trace 267143d269f88f24 ]--- # cat /proc/version_signature version.log failed, but should have reported latest Ubuntu Trusty kernel # lspci -v Completely different systems (vmware guest, vbox guest, various hardware). Quite likely not related $ lsb_release -rd Description:Ubuntu 14.04.2 LTS Release:14.04 $ apt-cache policy linux-image-3.13.0-51-generic linux-image-3.13.0-51-generic: Installed: 3.13.0-51.84 Candidate: 3.13.0-51.84 Version table: *** 3.13.0-51.84 0 500 http://archive.ubuntu.com/ubuntu/ trusty-updates/main i386 Packages 500 http://archive.ubuntu.com/ubuntu/ trusty-security/main i386 Packages 100 /var/lib/dpkg/status ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Tags: kernel-bug -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1451360 Title: Kernel OOPS in 3.13.0-51 due to NULL pointer after kernel upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1451360/+subscriptions
[Bug 1451360] Re: Kernel OOPS in 3.13.0-51 due to NULL pointer after kernel upgrade
Isn't apport for reporting of application crashes? Apart from that sudo fails also to get privileges to access logs. Network, X and many other command line utilities also failing, so I'm not sure how apport could succeed. Also syslog is crashed, the dmesg log was created manually since dmesg and filesystem write was OK, but sync/unmount/shutdown all fail. So at the moment I can only try to create file-piped log fragments on a corrupted filesystem and extract them after repair using another kernel. No log file information apart from that currently available. ** Changed in: linux (Ubuntu) Status: Incomplete = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1451360 Title: Kernel OOPS in 3.13.0-51 due to NULL pointer after kernel upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1451360/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1450442] Re: Kernel Oops - unable to handle kernel NULL pointer dereference at (null); Call Trace: [ffffffff810fb39b] ? audit_compare_dname_path+0x2b/0xa0
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1451360 is marked as duplicate. The fix from here changes the behaviour of the duplicate (SSH login now working again, but still kernel OOPS). So if both have common cause (very likely), then 3.13.0-52.85 is only incomplete fix. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1450442 Title: Kernel Oops - unable to handle kernel NULL pointer dereference at (null); Call Trace: [810fb39b] ? audit_compare_dname_path+0x2b/0xa0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1450442/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1451360] Re: Kernel OOPS in 3.13.0-51 due to NULL pointer after kernel upgrade
*** This bug is a duplicate of bug 1450442 *** https://bugs.launchpad.net/bugs/1450442 The fix from 3.13.0-52.85 changes behavior (now SSH login working also after first OOPS) but fix might be incomplete or there are two very similar bugs. New trace when using proposed: [ 31.077681] BUG: unable to handle kernel paging request at fffc [ 31.078064] IP: [c12ff732] strlen+0x12/0x20 [ 31.078382] *pdpt = 01aa1001 *pde = 01aa8067 *pte = [ 31.078996] Oops: [#10] SMP [ 31.079287] Modules linked in: nf_conntrack_netlink dm_crypt xt_hashlimit ppdev ipt_REJECT xt_tcpudp xt_NFLOG nfnetlink_log nfnetlink xt_conntrack iptable_filter iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle ip_tables x_tables serio_raw parport_pc i2c_piix4 parport mac_hid ahci psmouse libahci pata_acpi [ 31.081304] CPU: 0 PID: 1155 Comm: lesspipe Tainted: G D 3.13.0-52-generic #85-Ubuntu [ 31.081304] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 31.081304] task: df195b00 ti: dbfe6000 task.ti: dbfe6000 [ 31.081304] EIP: 0060:[c12ff732] EFLAGS: 00010246 CPU: 0 [ 31.081304] EIP is at strlen+0x12/0x20 [ 31.081304] EAX: EBX: fffc ECX: EDX: fffc [ 31.081304] ESI: dab4a9c0 EDI: fffc EBP: dbfe7e94 ESP: dbfe7e90 [ 31.081304] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 [ 31.081304] CR0: 8005003b CR2: fffc CR3: 1bacc000 CR4: 06f0 [ 31.081304] DR0: DR1: DR2: DR3: [ 31.081304] DR6: fffe0ff0 DR7: 0400 [ 31.081304] Stack: [ 31.081304] dbfe7ea4 c10d4ad5 dab4a9c0 dc3580e0 dbfe7eec c10d5f0c dab4a9c0 [ 31.081304] c1845731 0002 0008 0001 81ed [ 31.081304] dc358000 dbfe7eec dc3580e0 dc3581d4 0003 dbfe7f78 [ 31.081304] Call Trace: [ 31.081304] [c10d4ad5] audit_log_untrustedstring+0x15/0x30 [ 31.081304] [c10d5f0c] audit_log_name+0x24c/0x2d0 [ 31.081304] [c10d830b] audit_log_exit+0x3ab/0xb30 [ 31.081304] [c10d9424] ? audit_filter_rules.isra.5+0x6d4/0xd30 [ 31.081304] [c10d9afc] ? audit_filter_syscall+0x7c/0xc0 [ 31.081304] [c10da5cf] __audit_syscall_exit+0x21f/0x270 [ 31.081304] [c101a095] syscall_trace_leave+0x65/0xb0 [ 31.081304] [c1180f06] ? SyS_execve+0x36/0x50 [ 31.081304] [c165e15e] syscall_exit_work+0x1a/0x1f [ 31.081304] Code: f7 be 01 00 00 00 89 f0 48 5e 5d c3 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 89 e5 57 3e 8d 74 26 00 b9 ff ff ff ff 89 c7 31 c0 f2 ae b8 fe ff ff ff 29 c8 5f 5d c3 66 90 55 89 e5 57 3e 8d 74 [ 31.081304] EIP: [c12ff732] strlen+0x12/0x20 SS:ESP 0068:dbfe7e90 [ 31.081304] CR2: fffc [ 31.081304] ---[ end trace ff334322094381f6 ]--- -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1451360 Title: Kernel OOPS in 3.13.0-51 due to NULL pointer after kernel upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1451360/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1451360] Re: Kernel OOPS in 3.13.0-51 due to NULL pointer after kernel upgrade
*** This bug is a duplicate of bug 1450442 *** https://bugs.launchpad.net/bugs/1450442 Sorry, was too fast. The patch works with some audit rulesets, but not all. And here is also the new OOPS for amd64: [ 424.803949] BUG: unable to handle kernel NULL pointer dereference at 0030 [ 424.804735] IP: [8136cbb0] strlen+0x0/0x30 [ 424.804735] PGD 3905c067 PUD 3b49b067 PMD 0 [ 424.804735] Oops: [#1] SMP [ 424.804735] Modules linked in: dm_crypt xt_hashlimit xt_LOG ipt_REJECT xt_tcpudp xt_NFLOG nfnetlink_log nfnetlink xt_conntrack ppdev iptable_filter iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle ip_tables x_tables serio_raw parport_pc i2c_piix4 parport mac_hid psmouse ahci libahci pata_acpi [ 424.804735] CPU: 0 PID: 1343 Comm: augenrules Not tainted 3.13.0-52-generic #85-Ubuntu [ 424.804735] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 424.804735] task: 8800374b8000 ti: 880039206000 task.ti: 880039206000 [ 424.804735] RIP: 0010:[8136cbb0] [8136cbb0] strlen+0x0/0x30 [ 424.804735] RSP: 0018:880039207d90 EFLAGS: 00010286 [ 424.804735] RAX: 880039207d88 RBX: 0030 RCX: [ 424.804735] RDX: 0036 RSI: 0030 RDI: 0030 [ 424.804735] RBP: 880039207da8 R08: R09: fffe [ 424.804735] R10: R11: 880039207ba6 R12: 8800396ad0c0 [ 424.804735] R13: R14: 8800392f0c00 R15: 0001 [ 424.804735] FS: () GS:88003fc0() knlGS: [ 424.804735] CS: 0010 DS: ES: CR0: 8005003b [ 424.804735] CR2: 0030 CR3: 3751b000 CR4: 06f0 [ 424.804735] DR0: DR1: DR2: [ 424.804735] DR3: DR6: fffe0ff0 DR7: 0400 [ 424.804735] Stack: [ 424.804735] 810f7fda 8800396ad0c0 8800392f0cc0 880039207e18 [ 424.804735] 810f9581 8800 [ 424.804735] 880039207e90 880039207e00 810f6b93 [ 424.804735] Call Trace: [ 424.804735] [810f7fda] ? audit_log_untrustedstring+0x1a/0x30 [ 424.804735] [810f9581] audit_log_name+0x281/0x320 [ 424.804735] [810f6b93] ? audit_buffer_free+0x73/0xa0 [ 424.804735] [810fbe37] audit_log_exit+0x3d7/0xb90 [ 424.804735] [810fe5bf] __audit_syscall_exit+0x27f/0x2e0 [ 424.804735] [810212c2] syscall_trace_leave+0xb2/0x110 [ 424.804735] [8173339f] int_check_syscall_exit_work+0x34/0x3d [ 424.804735] Code: 89 f8 48 89 e5 f6 82 40 c7 84 81 20 74 15 0f 1f 44 00 00 48 83 c0 01 0f b6 10 f6 82 40 c7 84 81 20 75 f0 5d c3 66 0f 1f 44 00 00 80 3f 00 55 48 89 e5 74 15 48 89 f8 0f 1f 40 00 48 83 c0 01 80 [ 424.804735] RIP [8136cbb0] strlen+0x0/0x30 [ 424.804735] RSP 880039207d90 [ 424.804735] CR2: 0030 [ 424.833327] ---[ end trace b570aac2eeb41772 ]--- -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1451360 Title: Kernel OOPS in 3.13.0-51 due to NULL pointer after kernel upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1451360/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1434121] [NEW] if-up might fail when triggered before temporary directory available
Public bug reported: It seems that if-up.d is activated before any temporary directory is available. On affected setup that caused a bash here-tag to fail, thus security settings were not applied to the interface leaving it open to attacks. Documentation seems to be unclear, if any script should expect, that temporary directory would work. At least here it was quite unexpected that data processing in scripts without explicit request for disk operation failed due to that. In my opinion, a CAVEAT in the interfaces (5) documentation might be sufficient in most cases. A workaround for the affected setup was to create a separate temporary directory on /var/run (which is a tmpfs instance) and export it using TEMPDIR. To reproduce: cat OUTEREOF /etc/network/if-up.d/aaa-early #!/bin/bash echo mounts cat /proc/mounts echo touch touch /tmp/xxx cat EOF Here document test EOF echo mounts again cat /proc/mounts OUTEREOF chmod 0755 /etc/network/if-up.d/aaa-early touch /forcefsck reboot # cat /var/log/upstart/network-interface-eth0.log mounts ... tmpfs /run tmpfs rw,nosuid,noexec,relatime,size=24784k,mode=755 0 0 /dev/disk/by-uuid/19c0ddc6-c305-4a8a-86f2-fb470ae5b39c / ext4 ro,relatime,data=ordered 0 0 ... touch touch: cannot touch '/tmp/xxx': Read-only file system /etc/network/if-up.d/aaa-early: line 7: cannot create temp file for here-document: Read-only file system mounts again ... /dev/disk/by-uuid/19c0ddc6-c305-4a8a-86f2-fb470ae5b39c / ext4 ro,relatime,data=ordered 0 0 ... # lsb_release -rd Description:Ubuntu 14.04.2 LTS Release:14.04 # apt-cache policy ifupdown ifupdown: Installed: 0.7.47.2ubuntu4.1 Candidate: 0.7.47.2ubuntu4.1 Version table: *** 0.7.47.2ubuntu4.1 0 500 http://ubuntu-proxy-ehealth.d03.arc.local/ubuntu/ trusty-updates/main i386 Packages 100 /var/lib/dpkg/status 0.7.47.2ubuntu4 0 500 http://ubuntu-proxy-ehealth.d03.arc.local/ubuntu/ trusty/main i386 Packages ** Affects: ifupdown (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1434121 Title: if-up might fail when triggered before temporary directory available To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1434121/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1429778] [NEW] Ulogd crashes when pcap file has wrong permissions
Public bug reported: When ulogd2 has problems reopening the pcap file it will crash immediately or some seconds later - most likely due to first attempt to flush packets to dump file after reopen (file NULL-ptr?). Reproduce: chown root.root /var/log/ulog/ulogd.pcap chmod 0644 /var/log/ulog/ulogd.pcap # Invoke command similar to logrotate: invoke-rc.d ulogd2 reload Mar 9 00:15:43 localhost ulogd[3567]: can't open pcap file /var/log/ulog/ulogd.pcap: Permission denied Mar 9 00:15:44 localhost kernel: [210247.584746] ulogd[3567]: segfault at 0 ip 7fbd8379fda0 sp 730e8ed0 error 4 in libc-2.19.so[7fbd83731000+1bb000] # lsb_release -rd Description:Ubuntu 14.04.2 LTS Release:14.04 # apt-cache policy ulogd2-pcap ulogd2-pcap: Installed: 2.0.3-1ubuntu2 Candidate: 2.0.3-1ubuntu2 Version table: *** 2.0.3-1ubuntu2 0 500 http://debarchive-ehealth.d03.arc.local/ubuntu/ trusty/universe amd64 Packages 100 /var/lib/dpkg/status # apt-cache policy ulogd2 ulogd2: Installed: 2.0.3-1ubuntu2 Candidate: 2.0.3-1ubuntu2 Version table: *** 2.0.3-1ubuntu2 0 500 http://debarchive-ehealth.d03.arc.local/ubuntu/ trusty/universe amd64 Packages 100 /var/lib/dpkg/status ** Affects: ulogd2 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1429778 Title: Ulogd crashes when pcap file has wrong permissions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ulogd2/+bug/1429778/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1304004] Re: transmission-gtk crashed with SIGSEGV in gnutls_x509_crt_import()
I have no simple reproducer, the only one really working here is: * Setup Ubuntu Trusty machine (mine is a i386 guest, but amd64 should have same bug) * Install Zabbix Monitoring system * Configuration-Hosts: Create host test * Configuration-Hosts: Click on Applications in host test, create application test * Configuration-Hosts: Click on web in host test, add a web scenario. Create a test step for e.g. https://www.google.at/ Run the test and see if latest data contains, e.g. response time measurements for google. When OK, add an /etc/hosts entry for www.google.at to point to an Apache 2.4 server with SSL/SNI. (I can supply you with an IP off-list). Afterwards tail -f /var/log/syslog should show you zabbix server crash reports every some seconds. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1304004 Title: transmission-gtk crashed with SIGSEGV in gnutls_x509_crt_import() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/transmission/+bug/1304004/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1368099] [NEW] libcurl3-gnutls application crashes with NULL-pointer deref
Public bug reported: Bug occurs when interacting with some but not all SSL-webservers, so it seems to be triggered by the remote side, crashing a zabbix monitoring system when connecting to a problematic Apache 2.4 server in my case. Program received signal SIGSEGV, Segmentation fault. gnutls_x509_crt_import (cert=0xb8c9bc30, data=0x0, format=GNUTLS_X509_FMT_DER) at x509.c:176 176 x509.c: No such file or directory. (gdb) bt #0 gnutls_x509_crt_import (cert=0xb8c9bc30, data=0x0, format=GNUTLS_X509_FMT_DER) at x509.c:176 #1 0xb6ea253a in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4 #2 0xb6ea3209 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4 #3 0xb6ea3e18 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4 #4 0xb6e6511c in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4 #5 0xb6e74328 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4 #6 0xb6e87b7a in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4 #7 0xb6e888a0 in curl_multi_perform () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4 #8 0xb6e7f6fb in curl_easy_perform () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4 #9 0xb76be6aa in process_httptests () #10 0xb76bca56 in main_httppoller_loop () #11 0xb76979a9 in MAIN_ZABBIX_ENTRY () #12 0xb76ef49b in daemon_start () #13 0xb7690abf in main () According to [1], calling the function with data=NULL seems forbidden. It seems, that [2] is a similar report for curl. The upstream patch seems to be announced in [3] as gtls: fix NULL pointer dereference, date Fixed in 7.37.0 - May 21 2014. Also the packages in Unicorn should already include the patch but adding it on Trusty (production) seems not a good idea due to change in package dependencies. # lsb_release -rd Description:Ubuntu 14.04.1 LTS Release:14.04 # apt-cache policy libcurl3-gnutls libcurl3-gnutls: Installed: 7.35.0-1ubuntu2 Candidate: 7.35.0-1ubuntu2 Version table: *** 7.35.0-1ubuntu2 0 500 http://debarchive-ehealth.d03.arc.local/ubuntu/ trusty/main i386 Packages 100 /var/lib/dpkg/status [1] http://manned.org/gnutls_x509_crt_import/a0fb5c1f [2] http://curl.haxx.se/mail/lib-2014-04/0145.html [3] http://curl.haxx.se/changes.html ** Affects: curl (Ubuntu) Importance: Undecided Status: New ** Affects: transmission (Ubuntu) Importance: Undecided Status: New ** Affects: zabbix (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1368099 Title: libcurl3-gnutls application crashes with NULL-pointer deref To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1368099/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1368099] Re: libcurl3-gnutls application crashes with NULL-pointer deref
Seems to be similar to [1], although cause in [1] to end up at the very same position might due to another problem also in transmission. [1] https://bugs.launchpad.net/ubuntu/+source/transmission/+bug/1304004 ** Also affects: curl (Ubuntu) Importance: Undecided Status: New ** Also affects: zabbix (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1368099 Title: libcurl3-gnutls application crashes with NULL-pointer deref To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1368099/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1304004] Re: transmission-gtk crashed with SIGSEGV in gnutls_x509_crt_import()
I might have observed the same bug, affecting libgnutls.so.26 or libcurl-gnutls.so.4 or the combination of both, and seems to be triggered by the remote side, crashing a zabbix monitoring system when connecting to a single server. Program received signal SIGSEGV, Segmentation fault. gnutls_x509_crt_import (cert=0xb8c9bc30, data=0x0, format=GNUTLS_X509_FMT_DER) at x509.c:176 176 x509.c: No such file or directory. (gdb) bt #0 gnutls_x509_crt_import (cert=0xb8c9bc30, data=0x0, format=GNUTLS_X509_FMT_DER) at x509.c:176 #1 0xb6ea253a in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4 #2 0xb6ea3209 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4 #3 0xb6ea3e18 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4 #4 0xb6e6511c in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4 #5 0xb6e74328 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4 #6 0xb6e87b7a in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4 #7 0xb6e888a0 in curl_multi_perform () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4 #8 0xb6e7f6fb in curl_easy_perform () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4 #9 0xb76be6aa in process_httptests () #10 0xb76bca56 in main_httppoller_loop () #11 0xb76979a9 in MAIN_ZABBIX_ENTRY () #12 0xb76ef49b in daemon_start () #13 0xb7690abf in main () According to [1], calling the function with data=NULL seems forbidden. It seems, that [2] is a similar report for curl. The upstream patch seems to be announced in [3] as gtls: fix NULL pointer dereference, date Fixed in 7.37.0 - May 21 2014 [1] http://manned.org/gnutls_x509_crt_import/a0fb5c1f [2] http://curl.haxx.se/mail/lib-2014-04/0145.html [3] http://curl.haxx.se/changes.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1304004 Title: transmission-gtk crashed with SIGSEGV in gnutls_x509_crt_import() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/transmission/+bug/1304004/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1158500] Re: auditd fails to add rules when used in precise with -lts-quantal kernel
Just noticed, that [1] is most likely a duplicate of this. [1] https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1317188 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1158500 Title: auditd fails to add rules when used in precise with -lts-quantal kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1158500/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1321383] [NEW] strace fails to attach to child when parent calls exit too fast
Public bug reported: There is a known issue in strace, where attaching to children fails due to races in strace code. See [1] for description of the bug on strace developer mailing list. A patch [2] was created 2013-07-08 to fix the problem. The problem might also occur when debugging real-world applications, thus obscuring the real cause of a problem, e.g. in [3]. # lsb_release -rd Description:Ubuntu 14.04 LTS Release:14.04 # apt-cache policy strace strace: Installed: 4.8-1ubuntu5 Candidate: 4.8-1ubuntu5 Version table: *** 4.8-1ubuntu5 0 500 http://debarchive-ehealth.d03.arc.local/ubuntu/ trusty/main i386 Packages 100 /var/lib/dpkg/status [1] https://www.mail-archive.com/strace-devel@lists.sourceforge.net/msg03273.html [2] http://sourceforge.net/p/strace/code/ci/d2e1f42d8a28486484f00739e561a58be4808b03/ [3] http://sourceforge.net/p/zabbix/mailman/message/32359321/ ** Affects: strace (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1321383 Title: strace fails to attach to child when parent calls exit too fast To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strace/+bug/1321383/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1316991] Re: Shutdown hangs waiting for plymouth-shutdown
** Attachment added: ProcessesDuringShutdown-WithoutPlymouthDisabler https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/1316991/+attachment/4107077/+files/ProcessesDuringShutdown-WithoutPlymouthDisabler -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1316991 Title: Shutdown hangs waiting for plymouth-shutdown To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/1316991/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1316991] Re: Shutdown hangs waiting for plymouth-shutdown
** Attachment added: ProcessesDuringShutdown-WithPlymouthDisablerInstalled https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/1316991/+attachment/4107078/+files/ProcessesDuringShutdown-WithPlymouthDisablerInstalled -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1316991 Title: Shutdown hangs waiting for plymouth-shutdown To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/1316991/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1316991] Re: Shutdown hangs waiting for plymouth-shutdown
** Attachment added: ProcessesBeforeShutdown https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/1316991/+attachment/4107076/+files/ProcessesBeforeShutdown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1316991 Title: Shutdown hangs waiting for plymouth-shutdown To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/1316991/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1316991] [NEW] Shutdown hangs waiting for plymouth-shutdown
Public bug reported: This issue occurs with Ubuntu Trusty and xdm installed. The system reacts on [Ctrl]-[Alt]-[Del], which triggers exec shutdown -h now Control-Alt-Delete pressed without any additional checks via /etc/init/control-alt-delete.conf. An open SSH connection will then also report the system is going down for halt NOW! message, so shutdown initialization works as expected. After that, the system stays in that state forever Procedure: * Boot ubuntu-minimal with X/xdm installed * Terminate xdm before logging in using [Ctrl]-R * Send [Ctrl]-[Alt]-[Del] * Wait ... I've tried the reboot with both plymouth-disabler missing/installed, but result is the same. See the list of running processes during shutdown, It looks like some deadlock waiting for events. I failed to verify if the problem is specific to having xdm installed, the upstart package or some other component, so the bug/misconfiguration might be in some other package. $ lsb_release -rd Description:Ubuntu 14.04 LTS Release:14.04 $ apt-cache policy plymouth plymouth: Installed: 0.8.8-0ubuntu17 Candidate: 0.8.8-0ubuntu17 Version table: *** 0.8.8-0ubuntu17 0 500 http://archive.ubuntu.com/ubuntu/ trusty/main i386 Packages 100 /var/lib/dpkg/status ** Affects: plymouth (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1316991 Title: Shutdown hangs waiting for plymouth-shutdown To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/1316991/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1317188] [NEW] auditctl in Precise 1204 uses syscall API deprecated since 2006, fails to work with kernels after 2013-04-30
Public bug reported: It seems, that auditctl as packaged with Ubuntu Precise 1204 uses an old syscall API control to add rules: #define AUDIT_ADD 1003 /* Add syscall rule -- deprecated */ The new value should be #define AUDIT_ADD_RULE 1011 /* Add syscall filtering rule */ The value is deprecated, the audit_netlink_ok function after 2013-04-30 will refuse to accept it, see commit [1] Since the value is declared deprecated since 2006-03-20 (see [2]), it would be nice, that Ubuntu Precise would use the new syscall API, otherwise it cannot be used on kernels more than one year newer than the initial Precise release, which might be problematic with kernel development strategies, that are more dependent on trunk kernels, e.g. linux vserver virtualization. See [3] # lsb_release -rd Description:Ubuntu 12.04.4 LTS Release:12.04 # apt-cache policy auditd auditd: Installed: 1.7.18-1ubuntu1 Candidate: 1.7.18-1ubuntu1 Version table: *** 1.7.18-1ubuntu1 0 100 /var/lib/dpkg/status [1] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=18900909163758baf2152c9102b1a0953f7f1c30 [2] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93315ed6dd12dacfc941f9eb8ca0293aadf99793 [3] http://archives.linux-vserver.org/201405/0004.html ** Affects: audit (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1317188 Title: auditctl in Precise 1204 uses syscall API deprecated since 2006, fails to work with kernels after 2013-04-30 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1317188/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1295142] [NEW] git clone fails when server uses basic authentication
Public bug reported: # lsb_release -rd Description:Ubuntu 12.04.4 LTS Release:12.04 # apt-cache policy git git: Installed: 1:1.7.9.5-1 Candidate: 1:1.7.9.5-1 Version table: *** 1:1.7.9.5-1 0 500 http://ubuntu-proxy-ehealth.d03.arc.local/ubuntu/ precise/main amd64 Packages 100 /var/lib/dpkg/status Expected behavior: git clone asks for username, password, then performs clone Observed behavior: $ git clone https://somehost/SomeRepository/ Cloning into 'SomeRepository'... Username for 'https://somehost': somename Password for 'https://somename@somehost': error: The requested URL returned error: 401 (curl_result = 22, http_code = 401, sha1 = 9241248f5349ca187c9d0d7027d74e5da6d40447) error: Unable to find 9241248f5349ca187c9d0d7027d74e5da6d40447 under https://somehost/AdminRepo Cannot obtain needed object 9241248f5349ca187c9d0d7027d74e5da6d40447 while processing commit fdb37cc312687e69581871b8b8b33f9bc5f0725d. error: Fetch failed. The error is a known issue, a short and simple patch is available for version 1.7.9.6, see patch [1] or other report of same issue [2] [1] http://lists-archives.com/git/767523-fix-http-auth-with-multiple-curl-handles.html [2] http://git.661346.n2.nabble.com/git-clone-over-http-with-basic-auth-bug-td7567702.html ** Affects: git (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1295142 Title: git clone fails when server uses basic authentication To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/git/+bug/1295142/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1295142] Re: git clone fails when server uses basic authentication
Workaround: make git clone single-threaded (and slower): $ export GIT_HTTP_MAX_REQUESTS=1 See https://www.kernel.org/pub/software/scm/git/docs/git-config.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1295142 Title: git clone fails when server uses basic authentication To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/git/+bug/1295142/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1204795] [NEW] socat applies settings to wrong fd when accepting connection
Public bug reported: After accept socket options are applied to the listening socket again, but not to the accepted connection's socket. This can be seen when e.g. requesting TCP-keepalives to be sent: When connecting with socat to a non-keepalive listener everything works as expected: socat TCP4:[IP]:1234,keepalive=1,keepidle=1,keepintvl=1,keepcnt=3 - setsockopt(3, SOL_TCP, TCP_KEEPIDLE, [1], 4) = 0 setsockopt(3, SOL_TCP, TCP_KEEPINTVL, [1], 4) = 0 setsockopt(3, SOL_TCP, TCP_KEEPCNT, [3], 4) = 0 setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0 and keepalives are sent each second. When using a keepalive-listener and non-keepalive sender, no keepalives are sent. With socat TCP4-LISTEN:1234,reuseaddr=1,keepalive=1,keepidle=1,keepintvl=1,keepcnt=3 - following trace can be captured: setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 sets keep alive on listening socket setsockopt(3, SOL_TCP, TCP_KEEPIDLE, [1], 4) = 0 setsockopt(3, SOL_TCP, TCP_KEEPINTVL, [1], 4) = 0 setsockopt(3, SOL_TCP, TCP_KEEPCNT, [3], 4) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 bind(3, {sa_family=AF_INET, sin_port=htons(1234), sin_addr=inet_addr(0.0.0.0)}, 16) = 0 listen(3, 5)= 0 accept(3, {sa_family=AF_INET, sin_port=htons(57251), sin_addr=inet_addr([IP])}, [16]) = 5 setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0 so the keep-alive is set again on the server socket before bind and after accept, but not on the accepted socket (5). I haven't checked the kernel specs if keepalive should be inherited with accept, but at least it seems, that this is not the case. The bug has little to no security implications unless security-relevant options in socat are applied that way to new sockets. On our systems, that bug lead only to a memory starvation DOS on two small virtual machines that could not cope with the high number of socat processes due to abandoned TCP-connections when statefull firewalls in between were frequently restarted. The following !UNTESTED! patch to the socat trunk should fix it. --- xio-listen.c 2013-03-22 06:43:41.0 + +++ xio-listen.c2013-07-19 08:34:09.644931068 + @@ -277,8 +277,8 @@ sockaddr_info((struct sockaddr *)pa, pas, infobuff, sizeof(infobuff))); - applyopts(xfd-fd, opts, PH_FD); - applyopts(xfd-fd, opts, PH_CONNECTED); + applyopts(ps, opts, PH_FD); + applyopts(ps, opts, PH_CONNECTED); if (dofork) { pid_t pid; /* mostly int; only used with fork */ Maintainer has confirmed the bug in trunk and plans to release a patch also. Affected version: 1.7.1.3-1.2 multipurpose relay for bidirectional data transfer ** Affects: socat (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to socat in Ubuntu. https://bugs.launchpad.net/bugs/1204795 Title: socat applies settings to wrong fd when accepting connection To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/socat/+bug/1204795/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1204795] [NEW] socat applies settings to wrong fd when accepting connection
Public bug reported: After accept socket options are applied to the listening socket again, but not to the accepted connection's socket. This can be seen when e.g. requesting TCP-keepalives to be sent: When connecting with socat to a non-keepalive listener everything works as expected: socat TCP4:[IP]:1234,keepalive=1,keepidle=1,keepintvl=1,keepcnt=3 - setsockopt(3, SOL_TCP, TCP_KEEPIDLE, [1], 4) = 0 setsockopt(3, SOL_TCP, TCP_KEEPINTVL, [1], 4) = 0 setsockopt(3, SOL_TCP, TCP_KEEPCNT, [3], 4) = 0 setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0 and keepalives are sent each second. When using a keepalive-listener and non-keepalive sender, no keepalives are sent. With socat TCP4-LISTEN:1234,reuseaddr=1,keepalive=1,keepidle=1,keepintvl=1,keepcnt=3 - following trace can be captured: setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 sets keep alive on listening socket setsockopt(3, SOL_TCP, TCP_KEEPIDLE, [1], 4) = 0 setsockopt(3, SOL_TCP, TCP_KEEPINTVL, [1], 4) = 0 setsockopt(3, SOL_TCP, TCP_KEEPCNT, [3], 4) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 bind(3, {sa_family=AF_INET, sin_port=htons(1234), sin_addr=inet_addr(0.0.0.0)}, 16) = 0 listen(3, 5)= 0 accept(3, {sa_family=AF_INET, sin_port=htons(57251), sin_addr=inet_addr([IP])}, [16]) = 5 setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0 so the keep-alive is set again on the server socket before bind and after accept, but not on the accepted socket (5). I haven't checked the kernel specs if keepalive should be inherited with accept, but at least it seems, that this is not the case. The bug has little to no security implications unless security-relevant options in socat are applied that way to new sockets. On our systems, that bug lead only to a memory starvation DOS on two small virtual machines that could not cope with the high number of socat processes due to abandoned TCP-connections when statefull firewalls in between were frequently restarted. The following !UNTESTED! patch to the socat trunk should fix it. --- xio-listen.c 2013-03-22 06:43:41.0 + +++ xio-listen.c2013-07-19 08:34:09.644931068 + @@ -277,8 +277,8 @@ sockaddr_info((struct sockaddr *)pa, pas, infobuff, sizeof(infobuff))); - applyopts(xfd-fd, opts, PH_FD); - applyopts(xfd-fd, opts, PH_CONNECTED); + applyopts(ps, opts, PH_FD); + applyopts(ps, opts, PH_CONNECTED); if (dofork) { pid_t pid; /* mostly int; only used with fork */ Maintainer has confirmed the bug in trunk and plans to release a patch also. Affected version: 1.7.1.3-1.2 multipurpose relay for bidirectional data transfer ** Affects: socat (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1204795 Title: socat applies settings to wrong fd when accepting connection To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/socat/+bug/1204795/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1180810] [NEW] Connect fails randomly with error verify: false
Public bug reported: Happening on Precise with ii libjsch-java 0.1.42-2fakesync1pure Java implementation of the SSH2 protocol The issue is already fixed in jsch, see http://www.jcraft.com/jsch/ChangeLog Changes since version 0.1.49: - bugfix: verify: false error on Java7u6(and later). FIXED. http://stackoverflow.com/questions/12279836/ssh-using-jschexception-verify-false-sometimes-fails https://issues.apache.org/jira/browse/IVY-1374 Is replacement of Ubuntu package 0.1.42 with 0.1.50 an option? ** Affects: jsch (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1180810 Title: Connect fails randomly with error verify: false To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jsch/+bug/1180810/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1048974] [NEW] 32-bit ulogd running on 64-bit kernel writes garbage to syslogemu
Public bug reported: After upgrading the kernel from 32 to 64 bit WITHOUT upgrading the system to 64 bit, everything worked fine except that the ulogd (1.24-3ubuntu1) messages written to syslogemu were complete garbage, e.g. Jan 1 00:00:00 localhost 0 0 20 0 1 IN= [unprintable bytes] R OUT= [unprintable bytes] MAC=50:54:2d:49:4e:46:4f:00:00:00:00:00:00:00:00:00:00:00:00:0e:00:50:56:9c:3c:a6:00:50:56:9c:00:a2:08:00:34:35:37:36:36:31:32:20:34:32:38:37:38:35:39:38:34:30:20:34:32:38:37:38:35:38:31:30:34:20:34:31:35:31:32 SRC=32.48.32.48 DST=32.49.55.32 LEN=13112 TOS=10 PREC=0x20 TTL=57 ID=12340 MF FRAG:5940 PROTO=53 (I guess, this was a TCP4 SYN) All other iptables tools seem to work correctly, e.g. iptables-save shows correct interface names, rules and also the ruleset works as expected. From that I would expect, that the error should reside in the netlink handover of captured packets to ulogd or the ulogd handling of those messages. * I asked about problem on netfilter-devel (upstream), but no replies so far: http://marc.info/?l=netfilter-develm=134725936925109w=2 * Not clear, if 32-bit ulogd can really work on 64-bit kernel System info: # lsb_release -rd Description:Ubuntu 11.04 Release:11.04 # dpkg --print-architecture i386 # apt-cache policy ulogd ulogd: Installed: 1.24-3ubuntu1 Candidate: 1.24-3ubuntu1 Version table: *** 1.24-3ubuntu1 0 500 http://ubuntu-proxy-ehealth.d03.arc.local/ubuntu/ natty/universe i386 Packages 100 /var/lib/dpkg/status # cat /proc/version Linux version 3.3.2-vs2.3.3.2 (root@v3ls1202) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu4) ) #1 SMP Tue Apr 17 16:37:51 UTC 2012 ** Affects: ulogd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1048974 Title: 32-bit ulogd running on 64-bit kernel writes garbage to syslogemu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ulogd/+bug/1048974/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1026478] Re: CIFS: Files not shown in mount.smbfs directory listings
Due to note 3, I assume, that note 4 is irrelevant and just a byproduct of marking the issue duplicate/invalid. According to note 3 and if applicable, please add reference to the kernel bug report after creation, so that I can start tracking that one instead. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1026478 Title: CIFS: Files not shown in mount.smbfs directory listings To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1026478/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1026478] Re: CIFS: Files not shown in mount.smbfs directory listings
OK, seems that apport-collect needs network access. # apport-collect 1026478 ERROR: connecting to Launchpad failed: [Errno 110] Connection timed out I'll look at it with the man-pages in hand when there is a little more time. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1026478 Title: CIFS: Files not shown in mount.smbfs directory listings To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1026478/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1026478] Re: CIFS: Files not shown in mount.smbfs directory listings
Due to note 3, I assume, that note 4 is irrelevant and just a byproduct of marking the issue duplicate/invalid. According to note 3 and if applicable, please add reference to the kernel bug report after creation, so that I can start tracking that one instead. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1026478 Title: CIFS: Files not shown in mount.smbfs directory listings To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1026478/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1026478] Re: CIFS: Files not shown in mount.smbfs directory listings
OK, seems that apport-collect needs network access. # apport-collect 1026478 ERROR: connecting to Launchpad failed: [Errno 110] Connection timed out I'll look at it with the man-pages in hand when there is a little more time. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1026478 Title: CIFS: Files not shown in mount.smbfs directory listings To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1026478/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1026478] [NEW] CIFS: Files not shown in mount.smbfs directory listings
Public bug reported: The listing (dirread) of a CIFS-mounted share does not contain one file, but which is really available on the share. When accessing the file directly (stat or open call), the file can be accessed. The consequence of this issue is: * file is not included in copy/backup, since the directory listing fails to show it * attacker could hide arbitrary data from linux system. To reproduce: * Create files in a way, that you know, which files should be on the share. It is not clear, if this has to be done in a special way to trigger the problem (e.g. name length fill up buffers in a way to trigger +-1). On our system, pairs of files were created, so that it was obvious, that one of the pair was missing. * Run some ls tests: ** List all files in directory starting with one name (diropen/dirread): # ls -al log | grep '2007-08-23-syslog.1.' -rwxr-xr-x 1 root root 36 Oct 30 2009 2007-08-23-syslog.1.gz-lta.gpg.checksum ** List two named files (stat): # ls -al log/2007-08-23-syslog.1.gz-lta.gpg log/2007-08-23-syslog.1.gz-lta.gpg.checksum | grep '2007-08-23-syslog.1.' -rwxr-xr-x 1 root root 2148 Oct 30 2009 log/2007-08-23-syslog.1.gz-lta.gpg -rwxr-xr-x 1 root root 36 Oct 30 2009 og/2007-08-23-syslog.1.gz-lta.gpg.checksum * With additional echo 1 /proc/fs/cifs/cifsFYI Both files show up in dmsg log: Jul 19 07:15:23 v3ls1203 kernel: [161751.469012] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: new entry cabaa1f0 old entry cabaa160 Jul 19 07:15:23 v3ls1203 kernel: [161751.469017] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: For 2007-08-22-syslog.2.gz-lta.gpg.checksum Jul 19 07:15:23 v3ls1203 kernel: [161751.469023] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: new entry cabaa290 old entry cabaa1f0 Jul 19 07:15:23 v3ls1203 kernel: [161751.469028] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: For 2007-08-23-syslog.1.gz-lta.gpg Jul 19 07:15:23 v3ls1203 kernel: [161751.469035] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: new entry cabaa320 old entry cabaa290 Jul 19 07:15:23 v3ls1203 kernel: [161751.469041] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: For 2007-08-23-syslog.1.gz-lta.gpg.checksum Jul 19 07:15:23 v3ls1203 kernel: [161751.469047] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: new entry cabaa3c0 old entry cabaa320 Jul 19 07:15:23 v3ls1203 kernel: [161751.469052] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: For 2007-08-24-daemon.log-lta.gpg But 2007-08-23-syslog.1.gz-lta.gp does not show up in the strace dump strace -s256 -f ls log Affects: === * Ubuntu precise 32bit, fully updated # cat /proc/version Linux version 3.2.0-26-generic (buildd@lamiak) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) 041-Ubuntu SMP Thu Jun 14 16:26:01 UTC 2012 # lsb_release -rd Description: Ubuntu 12.04 LTS Release: 12.04 References: == * Might be similar bug from karmic: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/406466 * Possible other encounter: http://unix.stackexchange.com/questions/42140/weird-samba-and-gvfs-behavior-half-of-directories-files-randomly-appears-to-b/43454#43454 ** Affects: samba (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1026478 Title: CIFS: Files not shown in mount.smbfs directory listings To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1026478/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1026478] Re: CIFS: Files not shown in mount.smbfs directory listings
I tried the noserverino workaround now and it worked. Since without knowing that workaround, severe dataloss or more unlikely malicious data hiding could occur on those machines, I would mandate to make that option more prominent, e.g. to force mounts to have one of noserverino or serverino, but users not knowing about this option will fail to mount and hence fail to suffer from data loss. Other option would be, that if noserverino is always safe, that this should be the default for mount.smbfs -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1026478 Title: CIFS: Files not shown in mount.smbfs directory listings To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1026478/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1026478] [NEW] CIFS: Files not shown in mount.smbfs directory listings
Public bug reported: The listing (dirread) of a CIFS-mounted share does not contain one file, but which is really available on the share. When accessing the file directly (stat or open call), the file can be accessed. The consequence of this issue is: * file is not included in copy/backup, since the directory listing fails to show it * attacker could hide arbitrary data from linux system. To reproduce: * Create files in a way, that you know, which files should be on the share. It is not clear, if this has to be done in a special way to trigger the problem (e.g. name length fill up buffers in a way to trigger +-1). On our system, pairs of files were created, so that it was obvious, that one of the pair was missing. * Run some ls tests: ** List all files in directory starting with one name (diropen/dirread): # ls -al log | grep '2007-08-23-syslog.1.' -rwxr-xr-x 1 root root 36 Oct 30 2009 2007-08-23-syslog.1.gz-lta.gpg.checksum ** List two named files (stat): # ls -al log/2007-08-23-syslog.1.gz-lta.gpg log/2007-08-23-syslog.1.gz-lta.gpg.checksum | grep '2007-08-23-syslog.1.' -rwxr-xr-x 1 root root 2148 Oct 30 2009 log/2007-08-23-syslog.1.gz-lta.gpg -rwxr-xr-x 1 root root 36 Oct 30 2009 og/2007-08-23-syslog.1.gz-lta.gpg.checksum * With additional echo 1 /proc/fs/cifs/cifsFYI Both files show up in dmsg log: Jul 19 07:15:23 v3ls1203 kernel: [161751.469012] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: new entry cabaa1f0 old entry cabaa160 Jul 19 07:15:23 v3ls1203 kernel: [161751.469017] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: For 2007-08-22-syslog.2.gz-lta.gpg.checksum Jul 19 07:15:23 v3ls1203 kernel: [161751.469023] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: new entry cabaa290 old entry cabaa1f0 Jul 19 07:15:23 v3ls1203 kernel: [161751.469028] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: For 2007-08-23-syslog.1.gz-lta.gpg Jul 19 07:15:23 v3ls1203 kernel: [161751.469035] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: new entry cabaa320 old entry cabaa290 Jul 19 07:15:23 v3ls1203 kernel: [161751.469041] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: For 2007-08-23-syslog.1.gz-lta.gpg.checksum Jul 19 07:15:23 v3ls1203 kernel: [161751.469047] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: new entry cabaa3c0 old entry cabaa320 Jul 19 07:15:23 v3ls1203 kernel: [161751.469052] /build/buildd/linux-3.2.0/fs/cifs/readdir.c: For 2007-08-24-daemon.log-lta.gpg But 2007-08-23-syslog.1.gz-lta.gp does not show up in the strace dump strace -s256 -f ls log Affects: === * Ubuntu precise 32bit, fully updated # cat /proc/version Linux version 3.2.0-26-generic (buildd@lamiak) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) 041-Ubuntu SMP Thu Jun 14 16:26:01 UTC 2012 # lsb_release -rd Description: Ubuntu 12.04 LTS Release: 12.04 References: == * Might be similar bug from karmic: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/406466 * Possible other encounter: http://unix.stackexchange.com/questions/42140/weird-samba-and-gvfs-behavior-half-of-directories-files-randomly-appears-to-b/43454#43454 ** Affects: samba (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1026478 Title: CIFS: Files not shown in mount.smbfs directory listings To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1026478/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1026478] Re: CIFS: Files not shown in mount.smbfs directory listings
I tried the noserverino workaround now and it worked. Since without knowing that workaround, severe dataloss or more unlikely malicious data hiding could occur on those machines, I would mandate to make that option more prominent, e.g. to force mounts to have one of noserverino or serverino, but users not knowing about this option will fail to mount and hence fail to suffer from data loss. Other option would be, that if noserverino is always safe, that this should be the default for mount.smbfs -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1026478 Title: CIFS: Files not shown in mount.smbfs directory listings To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1026478/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 899200] [NEW] iptables-save fails to store network prefix length in dump
*** This bug is a security vulnerability *** Public security bug reported: With kernel 2.6.32-35-generic and lucid iptables iptables-save does not save the real iptables entries currently active in nat table, at least the conntrack match entries --ctorigdst with network are corrupted. From my opinion, this should have only mild security implications and might only be observed on machines with paranoid rulesets, as conntrack in nat might not be a common usecase. As soon as broken source code was found, impact on other rules should be reevaluated. In worst case, this bug might lead to service interruption (our case) or bypass of access restrictions when restoring rules exported with broken iptables-save How to detect: iptables -t nat -A POSTROUTING -p tcp -m conntrack --ctorigdst 192.168.0.0/24 -j SNAT --to-source 192.168.1.1 # iptables-save -t nat | grep POSTR :POSTROUTING ACCEPT [87:5264] -A POSTROUTING -p tcp -m conntrack --ctorigdst 192.168.0.0 -j SNAT --to-source 192.168.1.1 As one can see, the network prefix in the ctorigdst was lost during save, so rule is not the same after save, restore will restore broken rule. On kernel version 2.6.38-12-generic and Ubuntu oneiric iptables, everything works as expected, so bug must already be fixed in oneiric. Bug on lucid: # lsb_release -rd Description:Ubuntu 10.04.3 LTS Release:10.04 # apt-cache policy iptables iptables: Installed: 1.4.4-2ubuntu2 Candidate: 1.4.4-2ubuntu2 Version table: *** 1.4.4-2ubuntu2 0 500 http://archive.ubuntu.com/ubuntu/ lucid/main Packages 100 /var/lib/dpkg/status ** Affects: iptables (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/899200 Title: iptables-save fails to store network prefix length in dump To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/899200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 899200] Re: iptables-save fails to store network prefix length in dump
Issue already public via netfilter-devel, but no responses so far: http://www.spinics.net/lists/netfilter-devel/msg20076.html Other netfilter-devel archives to not show the posts from 28/29.11, e.g. http://marc.info/?l=netfilter-develr=1b=20w=2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/899200 Title: iptables-save fails to store network prefix length in dump To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/899200/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 782171] Re: Keyboard input processed twice, both on vt1 and vt7
This is getting really problematic: I also observed the issue on the base machine, not only within virtualbox guest. The effect there is in most cases that an open login session remains on tty1, that contains the passwords in plaintext in some .vim file. Cause: During double command execution, quite some commands work even when executed twice, e.g. ls. Since graphical desktop contains multiple xterms, but all commands on tty1 are executed in one shell, thus some combinations do not make sense any more (e.g. the GUI combination xterm1: cd tmp; xterm2: su -s /bin/bash \n dhclient eth0\n cd \; xterm1: rm -rf -- * might be the most lethal leading to complete data loss). On my machine, quite some events ended with vim open on tty1 in some exotic mode. When I lock the graphical desktop and leave the machine, tty1 will be still open to anyone who knows about the problem and vim might contain username/password or sudo/ssh-keypassphrases in plaintext in vim edit mode. Workaround (has worked so far): Press [Ctrl]-C on xdm login screen, this restarts xdm. Afterwards tty1/tty7 are uncoupled. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/782171 Title: Keyboard input processed twice, both on vt1 and vt7 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/virtualbox-ose/+bug/782171/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 782201] Re: iptables segfault on emtpy source address
Update to --destination empty: If empty, destination is filled with bytes from heap or stack, most likely on the user-side and not in kernel. The example below uses 4 bytes of -j target as netmask. iptables -N TEST iptables -N A iptables -A TEST --destination -p tcp -m tcp --dport 65535 -j A iptables-save | grep TEST -A TEST -d 0.0.0.0/65.65.65.65 -p tcp -m tcp --dport 65535 -j A -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/782201 Title: iptables segfault on emtpy source address To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/782201/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 803525] [NEW] Endless loop in balance_dirty_pages.clone.9 on cryptoloop
Public bug reported: On a hardened, but empty system, where only few other processes are running, maximum speed IO output to cryptoloop causeD kernel to get stuck multiple times (~5x), e.g. echo x | losetup -e aes-cbc-essiv:sha256 -k 256 --pass-fd 0 /dev/loop0 /dev/sda2 dd if=/dev/zero of=/dev/loop0 dd process cannot be terminated, also kill from other session does not stop it. Process is stuck in # cat /proc/11296/stack [c10eaa64] balance_dirty_pages.clone.9+0x1e4/0x390 [c10eac71] balance_dirty_pages_ratelimited_nr+0x61/0x70 [c10e190a] generic_perform_write+0x14a/0x1b0 [c10e19c4] generic_file_buffered_write+0x54/0x90 [c10e3910] __generic_file_aio_write+0x220/0x4e0 [c115389c] blkdev_aio_write+0x3c/0xa0 [c11269e4] do_sync_write+0xa4/0xe0 [c11271a2] vfs_write+0xa2/0x170 [c1127482] sys_write+0x42/0x70 [c1509bf4] syscall_call+0x7/0xb [] 0x CPU load reaches rather exactly 1 afterwards. top - 13:09:21 up 2:41, 2 users, load average: 1.00, 0.99, 0.95 Tasks: 66 total, 1 running, 65 sleeping, 0 stopped, 0 zombie Cpu(s): 0.0%us, 0.0%sy, 0.0%ni, 24.9%id, 75.1%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 1025224k total, 680820k used, 344404k free, 312772k buffers Swap:0k total,0k used,0k free, 240680k cached PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 1 root 20 0 2896 796 384 S 0.0 0.1 0:01.45 init The loop can be broken by power off/hard reboot BUT ALSO WITH kill -KILL [pid]; echo t /proc/sysrq-trigger. The task listing does not contain the terminated process. Since I tried the echo for the first time (echo 5h after hang), I do not know, if this could be used to kill or fix the task in any case. I will try to do further analysis when hang occurs again. # lsb_release -rd Description:Ubuntu 11.04 Release:11.04 # apt-cache policy linux-image-2.6.38-8-generic linux-image-2.6.38-8-generic: Installed: 2.6.38-8.42 Candidate: 2.6.38-8.42 Version table: *** 2.6.38-8.42 0 500 http://archive.ubuntu.com/ubuntu/ natty/main i386 Packages 100 /var/lib/dpkg/status ** Affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/803525 Title: Endless loop in balance_dirty_pages.clone.9 on cryptoloop To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/803525/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 787551] [NEW] ntpdate 4.2.6p2@1.2194-o: no server suitable for synchronization found - works with 4.2.4p8@1.1612-o
Public bug reported: Binary package hint: ntpdate ntpdate on natty (4.2.6p2@1.2194-o) fails to sync with server, while lucid server ntpdate works Issue seems to be identical to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599793 http://bugs.ntp.org/show_bug.cgi?id=1709 Bug was introduced in 4.2.6p2, should be fixed in 4.2.6p3 (see links) Please note also, that ntp.org is deprecating ntpdate (see http://support.ntp.org/bin/view/Dev/DeprecatingNtpdate )). # lsb_release -rd Description:Ubuntu 11.04 Release:11.04 # apt-cache policy ntpdate ntpdate: Installed: 1:4.2.6.p2+dfsg-1ubuntu5 Candidate: 1:4.2.6.p2+dfsg-1ubuntu5 Version table: *** 1:4.2.6.p2+dfsg-1ubuntu5 0 500 http://ubuntu-proxy-ehealth.d03.arc.local/ubuntu/ natty/main i386 Packages 100 /var/lib/dpkg/status ** Affects: ntp (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/787551 Title: ntpdate 4.2.6p2@1.2194-o: no server suitable for synchronization found - works with 4.2.4p8@1.1612-o -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 787551] [NEW] ntpdate 4.2.6p2@1.2194-o: no server suitable for synchronization found - works with 4.2.4p8@1.1612-o
Public bug reported: Binary package hint: ntpdate ntpdate on natty (4.2.6p2@1.2194-o) fails to sync with server, while lucid server ntpdate works Issue seems to be identical to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599793 http://bugs.ntp.org/show_bug.cgi?id=1709 Bug was introduced in 4.2.6p2, should be fixed in 4.2.6p3 (see links) Please note also, that ntp.org is deprecating ntpdate (see http://support.ntp.org/bin/view/Dev/DeprecatingNtpdate )). # lsb_release -rd Description:Ubuntu 11.04 Release:11.04 # apt-cache policy ntpdate ntpdate: Installed: 1:4.2.6.p2+dfsg-1ubuntu5 Candidate: 1:4.2.6.p2+dfsg-1ubuntu5 Version table: *** 1:4.2.6.p2+dfsg-1ubuntu5 0 500 http://ubuntu-proxy-ehealth.d03.arc.local/ubuntu/ natty/main i386 Packages 100 /var/lib/dpkg/status ** Affects: ntp (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/787551 Title: ntpdate 4.2.6p2@1.2194-o: no server suitable for synchronization found - works with 4.2.4p8@1.1612-o -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 784443] [NEW] /etc/X11/xdm/Xservers uses old /usr/bin/X not Xorg
Public bug reported: Binary package hint: xdm After a minimal install of xserver and xdm, xdm does not start because X binary cannot be started. It is possible, that this is not a bug of xdm itself, please see note of workaround below: Cause: File /etc/X11/xdm/Xservers refers to X via /usr/bin/X :0 local /usr/bin/X :0 vt7 -nolisten tcp No such file or symbolic link exists, but /usr/bin/Xorg exists. # WORKAROUND: Might be bug in ubuntu xdm or xserver package, # reported launchpad #?NOTYET. Not clear, if xdm base config is # broken, xorg install failed to create symlink or our install instructions # broke it. if ! test -e /usr/bin/X; then sed -i -r -e 's/ \/usr\/bin\/X / \/usr\/bin\/Xorg /' /etc/X11/xdm/Xservers fi ** Affects: xdm (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/784443 Title: /etc/X11/xdm/Xservers uses old /usr/bin/X not Xorg -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 784443] Re: /etc/X11/xdm/Xservers uses old /usr/bin/X not Xorg
So the lightweighted xserver-xorg-core package, which is sufficient to work with fvwm and other window manager is not sufficient for xdm, which just displays a banner? A full xserver installation is needed instead? What is the difference between the /usr/bin/X binary and the /usr/bin/Xorg binary? It seems that the second can fully replace the first one, at least for xdm. Is there a security problem using Xorg directly? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/784443 Title: /etc/X11/xdm/Xservers uses old /usr/bin/X not Xorg -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 782171] [NEW] Keyboard input processed twice, both on vt1 and vt7
Public bug reported: Binary package hint: xserver-xorg-core When booting a minimal natty x desktop with xdm and fvwm, the keyboard input is sent both to the X server running on vt7 and tty1. The result is, that the following xdm login occurs both on X and tty1. Since tty1 is faster, x keyboard input causes quite funny behavior of commands, e.g. $ touch file; rm file rm: cannot remove `file': No such file or directory Example: ps aux executed twice in two sessions (737 is tty1 login, 790 bash in xterm) root 701 0.8 3.8 14676 9560 tty7 Ss+ 11:54 0:03 /usr/bin/Xorg :0 vt7 -nolisten tcp -auth /var/lib/xdm/authdir/authfiles/A:0-ElV5qU root 711 0.0 0.5 2784 1392 tty1 Ss 11:54 0:00 /bin/login -- root 714 0.0 1.5 8124 3864 ?Ss 11:54 0:00 -:0 user 732 0.0 1.6 13816 4172 ?Ss 11:54 0:00 x-window-manager user 737 0.0 0.8 4800 2004 tty1 S11:54 0:00 -bash user 778 0.0 0.0 3368 188 ?Ss 11:54 0:00 /usr/bin/ssh-agent x-window-manager user 788 0.0 2.5 11368 6380 ?S11:54 0:00 xterm user 790 0.0 0.7 4788 1964 pts/0Ss 11:54 0:00 bash user 1007 0.0 0.4 4156 1200 tty1 R+ 12:00 0:00 ps aux user 1008 0.0 0.4 4156 1200 pts/0R+ 12:00 0:00 ps aux To issue an exit in only xterm or tty1, one may use two xterms and combination of letters and delkey to produce incomplete/invalid When connecting via ssh, X is running on vt7, active console is 1 root 710 0.1 3.7 14544 9440 tty7 Ss+ 10:49 0:03 /usr/bin/Xorg :0 vt7 -nolisten tcp -auth /var/lib/xdm/authdir/authfiles/A:0-mXcrL2 ssh# fgconsole 1 At logoff or when using chvt 7 via ssh, X server aborts without specific error message [ 3491.811] (EE) VBoxVideo(0): Unable to determine whether the virtual machine supports mouse pointer integration - request initialization failed with return code -4 [ 3523.678] Backtrace: [ 3523.678] 0: /usr/bin/Xorg (xorg_backtrace+0x3b) [0x80eab1b] [ 3523.678] 1: /usr/bin/Xorg (0x8048000+0x5fac8) [0x80a7ac8] [ 3523.678] 2: (vdso) (__kernel_rt_sigreturn+0x0) [0x72040c] [ 3523.678] 3: /usr/bin/Xorg (0x8048000+0x27f1e) [0x806ff1e] [ 3523.678] 4: /usr/bin/Xorg (0x8048000+0x1a81c) [0x806281c] [ 3523.679] 5: /lib/i386-linux-gnu/libc.so.6 (__libc_start_main+0xe7) [0x562e37] [ 3523.679] 6: /usr/bin/Xorg (0x8048000+0x1a411) [0x8062411] [ 3523.679] Caught signal 3 (Quit). Server aborting [ 3523.679] This leaves random garbage in all 16 vga-colors on vt1 to vt7, sometimes with font also distorted. Afterwards, xserver on vt7 and tty1 are independent, no keyboard input duplication any more I am not sure, if the error occurs in the vt-initialization, in xserver core or in virtualbox graphics adapter, so I start with a report here. A similar setup on lucid worked without problems, maverick was not tested. # cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=11.04 DISTRIB_CODENAME=natty DISTRIB_DESCRIPTION=Ubuntu 11.04 # apt-cache policy xserver-xorg-core xserver-xorg-core: Installed: 2:1.10.1-1ubuntu1 Candidate: 2:1.10.1-1ubuntu1 Version table: *** 2:1.10.1-1ubuntu1 0 500 http://archive.ubuntu.com/ubuntu/ natty/main i386 Packages 100 /var/lib/dpkg/status ** Affects: xorg-server (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/782171 Title: Keyboard input processed twice, both on vt1 and vt7 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 782201] [NEW] iptables segfault on emtpy source address
Public bug reported: Binary package hint: iptables Iptables segfaults if called with an empty source address, e.g. from a broken script (see upstream http://marc.info/?l=netfilterm=130529014111611w=2) # iptables -A OUTPUT --source ${NoSuchVar} -j ACCEPT May 13 12:47:55 n309eh001 kernel: [ 3311.378554] iptables[1948]: segfault at 8e65000 ip 00ddfd18 sp bfe2b6e0 error 4 in libxtables.so.5.0.0[ddc000+6000] Segmentation fault Also problematic is # iptables -A OUTPUT --destination ${NoSuchVar} -j ACCEPT It does not fail, but adds an wildcard rule instead instead of an single IP rule. The same occurs with # iptables -A INPUT -i ${NoSuchInterfaceName} -j ACCEPT , which allows input from any interface, not only the one intended. This issue was already reported upstream, see http://marc.info/?l=netfilterm=129439862903487w=2 , but did not make it to the ubuntu packages. This might also be a security risk, if another program (e.g. shorewall) calling iptables could end up with empty strings, e.g. due to malconfiguration or due to invalid results from another scripts (DNS- query) # cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=11.04 DISTRIB_CODENAME=natty DISTRIB_DESCRIPTION=Ubuntu 11.04 # apt-cache policy iptables iptables: Installed: 1.4.10-1ubuntu1 Candidate: 1.4.10-1ubuntu1 Version table: *** 1.4.10-1ubuntu1 0 500 http://archive.ubuntu.com/ubuntu/ natty/main i386 Packages 100 /var/lib/dpkg/status ** Affects: iptables (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/782201 Title: iptables segfault on emtpy source address -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 782201] Re: iptables segfault on emtpy source address
Segfault confirmed by upstream, fix available: http://git.netfilter.org /cgi- bin/gitweb.cgi?p=iptables.git;a=commitdiff_plain;h=4b110b426df7bf486a3e7884c56ebb3487023601 ** Bug watch added: Debian Bug tracker #611990 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611990 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/782201 Title: iptables segfault on emtpy source address -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 782201] Re: iptables segfault on emtpy source address
Also at debian http://bugs.debian.org/611990 Still to decide: what does --source mean: no host has access or all of them? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/782201 Title: iptables segfault on emtpy source address -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 754495] [NEW] jfs filesystem corruption after power failure, fast reboot sequences (stale NFS lock)
Public bug reported: Binary package hint: jfsutils Power failure leads to file system corruption and data loss, probably because fsck.jfs does not correctly detect the damages in the first run. See als jfs mailing list discussion http://www.mail-archive.com/jfs- discuss...@lists.sourceforge.net/msg01682.html The problem has good reproducibility on a minimal ubuntu lucid install in vmware. Corruption can be detected using ls -alR, which reports a stale NFS lock on the jfs filesystem. I haven't found a pattern, which directory or file inodes are usually affected. It seems, that even unmodified files can be lost also and are sometimes reconnected to /lost+found (e.g. /etc/resolv.conf or /usr/local/share vanished without trace, other show up in /lost+found, others show up as stale NFS lock inodes in /lost+found), so one knows that an inode was lost but not its content. It is not clear a reboot triggers the corruption, fsck fails to detect it, mount therefore OK and error can be detected or if the sequence is: corruption - fsck invalid repair - modifications cause secondary corruption - fsck invalid repair makes corruption visible To verify this, one would have to run the reproducer on a completely sane (fresh) filesystem quite often to find the minimal number of successive reboots to trigger the problem. To reproduce it on lucid: * Create init script to trigger test on each reboot: # cat /etc/init/DiskTest.conf description Start Disktest start on filesystem task script /root/DiskTest/DiskTest.sh /root/DiskTest/DiskTest.log 21 end script * Format a small disk partition I just did this step to produce a smaller 20MB corrupted image with 60% diskuse, but corruption does also occur on root partition, so you have to run multiple test runs to get a result with non-root but data corruption dd if=/dev/zero of=/dev/sdb1 mkfs.jfs -f /dev/sdb1 mkdir /data mount /dev/sdb1 /data # fill data approx 60%, create a dump of this data, adjust tar name in DiskTest.sh umount /data * Add the test script # cat /root/DiskTest/DiskTest.sh #!/bin/bash -e echo $(date): Starting disktest 2 mountDev=/dev/sdb1 if ! fsck.jfs ${mountDev} || ! jfs_fsck -n ${mountDev}; then echo Fsck failed! 2 exit 1 fi mount ${mountDev} /data if ls -alR / 21 | grep -E -e '(\?|stale )'; then echo Damage marker found 2 exit 1 fi rm -rf /data/usr/bin/*d* tar -C /data -xf /root/DiskTest/2011-04-08-ContentOriginal.tar umount /data echo Killing system with hard reboot echo b /proc/sysrq-trigger * Start test start DiskTest The problem does also occur after replacing fsck.jfs and jfs_fsck with version 1.1.15 from jfsutils trunk. The problem seems to be unrelated to a jfs root node corruption, which does not produce stale nfs locks but destroys the root directory just using mount/unmount multiple times. $ lsb_release -rd Description:Ubuntu 10.04.2 LTS Release:10.04 $ apt-cache policy jfsutils jfsutils: Installed: 1.1.12-2.1 Candidate: 1.1.12-2.1 Version table: *** 1.1.12-2.1 0 500 http://archive.ubuntu.com/ubuntu/ lucid/main Packages 100 /var/lib/dpkg/status ** Affects: jfsutils (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/754495 Title: jfs filesystem corruption after power failure, fast reboot sequences (stale NFS lock) -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 754495] Re: jfs filesystem corruption after power failure, fast reboot sequences (stale NFS lock)
** Attachment added: Dump of a broken filesystem after running reproducer https://bugs.launchpad.net/bugs/754495/+attachment/1999258/+files/2011-04-08-BrokenJfsVolume.bz2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/754495 Title: jfs filesystem corruption after power failure, fast reboot sequences (stale NFS lock) -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 477149] Re: Failsafe X support added in proposed upload still doesn't work
I see. Just for the records, my issue was fixed by: cat EOF /var/cache/debconf/config.dat Name: xserver-xorg/config/device/bus_id Template: xserver-xorg/config/device/bus_id Value: Owners: xserver-xorg EOF -- Failsafe X support added in proposed upload still doesn't work https://bugs.launchpad.net/bugs/477149 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 477149] Re: Failsafe X support added in proposed upload still doesn't work
At least dexconf still cannot generate a xorg.conf file, error similar to one in first post: [pid 17251] ... read resumed GET xserver-xorg/config/device/bus_id\n, 4096) = 38 [pid 17251] write(7, 10 xserver-xorg/config/device/bus_id doesn't exist\n, 51) = 51 repo proposed activated, versions: ii xserver-xorg 1:7.4+3ubuntu10 ii xserver-xorg-core2:1.6.4-2ubuntu4 -- Failsafe X support added in proposed upload still doesn't work https://bugs.launchpad.net/bugs/477149 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 477149] Re: Failsafe X support added in proposed upload still doesn't work
Didn't know that, thought because of + exec /usr/share/debconf/frontend /etc/gdm/failsafeDexconf vesa xorg.conf (see initial post) that both are linked. Will retry to generate failsafe xorg.conf. -- Failsafe X support added in proposed upload still doesn't work https://bugs.launchpad.net/bugs/477149 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 252567] Re: Forwarding an old message causes SEGV
Seems that something with centerim build on jaunty is completely broken. The application is just a collection of memory corruptions, errors Only simplest test results are reproducable, all other functions are instable due to memory problems, e.g. it starts with the first DNS-name resolution of localhost: 12:28:09.588284 IP 127.0.0.1.55448 127.0.0.1.53: 20426+ A? @M-lM-^C^HXM-nM-^C^H^XM-;M-^C^H^Q^B. (32) 0x: 4500 003c 5eae 4000 4011 de00 7f00 0001 E..^...@.@... 0x0010: 7f00 0001 d898 0035 0028 fe3b 4fca 0100 ...5.(.;O... 0x0020: 0001 0e40 ec83 0858 ee83 .@...x.. 0x0030: 0818 bb83 0811 0200 0001 0001 If you add 50 spaces to localhost you will resolve [garbage]+30 spaces, so the value seems to be copied but is corrupted before request is sent. It would be interesting if this error can also be triggered using the peer2peer communication services and if the resulting SEGV can be used for remote code execution. -- Forwarding an old message causes SEGV https://bugs.launchpad.net/bugs/252567 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 252567] Re: Forwarding an old message causes SEGV
Tried test on ubuntu-minimal + centerim + jabber (at localhost), but centerim segfaulted already during registration, so test not successful: Steps: apt-get --assume-yes install centerim jabber /dev/null gdb centerim # run #0 0xb7cea2f5 in std::basic_stringchar, std::char_traitschar, std::allocatorchar ::basic_string () from /usr/lib/libstdc++.so.6 #1 0x081037e8 in ?? () #2 0x08103f45 in ?? () #3 0x080f2524 in ?? () #4 0x080a54a1 in ?? () #5 0x080a6b0d in ?? () #6 0x0809ac42 in ?? () #7 0x0805cb69 in ?? () #8 0x080ec2bd in ?? () #9 0xb7ad1775 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6 #10 0x0804fa71 in ?? () Registration: Just filled nick, passwd1, passwd2 server=localhost:5222 all other fields empty Button Register triggers SEGV -- Forwarding an old message causes SEGV https://bugs.launchpad.net/bugs/252567 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 252567] Re: Forwarding an old message causes SEGV
Correction: Button name Go ahead Segfault also if all register fields filled The segfault occurs only if register action is used with first startup. To reproduce it after successful startup: rm -rf ~/.centerim centerim -- Forwarding an old message causes SEGV https://bugs.launchpad.net/bugs/252567 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 252567] Re: Forwarding an old message causes SEGV
Register mystery: Order of form fields filled seems important * fill in order listed in registry form: Failed (Disconnected) * fill server name first (localhost:5222) * fill user name/password afterwards * use register OK -- Forwarding an old message causes SEGV https://bugs.launchpad.net/bugs/252567 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 345918] [NEW] stunnel source option (-S) not working
Public bug reported: Binary package hint: stunnel4 The -S (source) option is mentioned in the man pages of stunnel4, but is not available on the command line. The -S option exists in stunnel from the standard stunnel package on hardy, but was removed or renamed in stunnel4. Tested on hardy ** Affects: stunnel4 (Ubuntu) Importance: Undecided Status: New -- stunnel source option (-S) not working https://bugs.launchpad.net/bugs/345918 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 345918] Re: stunnel source option (-S) not working
It seems that /usr/bin/stunnel is just a compatibility perl-script, that does not know about the -S option, probably because it cannot map it to any option in stunnel4. Since -S 0 can be used to suppress reading of any other certificate files for validation of remote server/client certs, it would be interesting to know, how the CA-validation process has changed from version 3 to 4. If the new default is to read only certificates from the specified file/path, then everything is ok. If new version does include default CA-files, I'm not sure about the consequences. Could it find the default CA-list installed on some machines, so that other clients that use e.g. thawte-signed key/cert to connect while I expected that only client certificates signed by my company's root-CA are accepted? What about latest attacks on md5-signed root CAs? -- stunnel source option (-S) not working https://bugs.launchpad.net/bugs/345918 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 345918] Re: stunnel source option (-S) not working
I found a workaround for the perl file to ignore the -S option, so that calls from old scripts still work, but I haven't looked at the security consequences for cert-checks. ** Attachment added: Workaround patch for installed package http://launchpadlibrarian.net/24151061/patch -- stunnel source option (-S) not working https://bugs.launchpad.net/bugs/345918 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 345945] [NEW] stunnel v4 splits command line arguments, v3 does not
Public bug reported: Binary package hint: stunnel4 The program /usr/bin/stunnel behaves differently when installed from stunnel4 compared to stunnel. When executing stunnel -c -f -A ${_send_serverCert} -p ${_send_clientCert} -r ${_send_remoteAddress} -l /bin/bash -- tester -c touch \aaa bbb\ with stunnel package, this will create a file aaa bbb in the current working directory Same call with stunnel4 package gives error message, because string touch \aaa bbb\ is splitted and so bash -c just takes touch without argument, and aaa and bbb are first/second argument to bash process, not touch. touch: missing file operand Try `touch --help' for more information. This is rather annoying, because that makes it impossible to use the same calls to /usr/bin/stunnel depending on platform and installed packages. ** Affects: stunnel4 (Ubuntu) Importance: Undecided Status: New -- stunnel v4 splits command line arguments, v3 does not https://bugs.launchpad.net/bugs/345945 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 345945] Re: stunnel v4 splits command line arguments, v3 does not
The handling of all other command line arguments has changed also, e.g. mv server.cert $'server.cert\nsomeopt = yyy' stunnel -c -f -D 4 -v 3 -A 'server.cert someoption = yyy' -r ${_send_remoteAddress} -l cat -- cat file descriptor line 6: Specified option name is not valid here Since I hope that no one will execute stunnel with certificate file supplied by lower privileged user or remote system, this cannot be used in any malicious way. -- stunnel v4 splits command line arguments, v3 does not https://bugs.launchpad.net/bugs/345945 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 340571] [NEW] Bash PPID is wrong when parent terminates
Public bug reported: Binary package hint: bash When parent of bash terminates, the PPID variable is not updated. One might also change the documentation to say that PPID will no be updated, which would make this behavior a feature Testscript as attachment, execute SleepTest.sh parent and look at log after 10 seconds: Outer bash: pid 3217, parent 2711 Inner bash: vars 3218 3217 vs ps 3218 3217 Inner bash: vars 3218 3217 vs ps 3218 3217 Inner bash: vars 3218 3217 vs ps 3218 3217 Inner bash: vars 3218 3217 vs ps 3218 3217 Inner bash: vars 3218 3217 vs ps 3218 3217 Inner bash: vars 3218 3217 vs ps 3218 1 Inner bash: vars 3218 3217 vs ps 3218 1 Inner bash: vars 3218 3217 vs ps 3218 1 ** Affects: bash (Ubuntu) Importance: Undecided Status: New -- Bash PPID is wrong when parent terminates https://bugs.launchpad.net/bugs/340571 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 340571] Re: Bash PPID is wrong when parent terminates
** Attachment added: SleepTest.sh http://launchpadlibrarian.net/23723854/SleepTest.sh -- Bash PPID is wrong when parent terminates https://bugs.launchpad.net/bugs/340571 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 327222] Re: Simple stunnel DOS when opening and closing connections
It seems that this package/version is the standard with ubuntu-hardy. I found that there is already a new package in the pool/universe (http://archive.ubuntu.com/ubuntu/pool/universe/s/stunnel4/stunnel4_4.22-2_i386.deb) which seems to be working on hardy without problems. I'll try to stop it using the scripts above. If stunnel4 keeps functional, is it possible to update the package lists, so that this package is included in hardy? -- Simple stunnel DOS when opening and closing connections https://bugs.launchpad.net/bugs/327222 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 327222] [NEW] Simple stunnel DOS when opening and closing connections
Public bug reported: Binary package hint: stunnel4 Usually the stunnel4 process main process with lowest IP consumes 100% of CPU, TCP connections are accepted, but SSL handshake is not started. The test scenario below will make 1 tests, but usually the test can be suspended after 500-1000 tests, stunnel is broken by then. stunnel4 on hardy x86: Description:Ubuntu 8.04.2 Release:8.04 # apt-cache policy stunnel4 stunnel4: Installed: 3:4.21-1 Candidate: 3:4.21-1 Version table: *** 3:4.21-1 0 500 http://security.ubuntu.com hardy/universe Packages 100 /var/lib/dpkg/status # stunnel4 -version stunnel 4.21 on i486-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP Global options debug = 5 pid = /var/run/stunnel4.pid RNDbytes= 64 RNDfile = /dev/urandom RNDoverwrite= yes Service-level options cert= /etc/stunnel/stunnel.pem ciphers = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH key = /etc/stunnel/stunnel.pem session = 300 seconds sslVersion = SSLv3 for client, all for server TIMEOUTbusy = 300 seconds TIMEOUTclose= 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none Test Scenario: * Generate keys: openssl req -new -newkey rsa:1024 -nodes -keyout server.key -days 3653 -x509 -out server.cert -subj /CN=server openssl req -new -newkey rsa:1024 -nodes -keyout client.key -days 3653 -x509 -out client.cert -subj /CN=client * Create config: service = test tunnel foreground = yes # Debug warnings only debug = 4 pid = /home/[username]/tmp/tunnel/tunnel.pid cert = server.cert key = server.key verify = 3 [testany] accept = 1234 exec = /home/[username]/tmp/tunnel/testcmd.sh execargs = testcmd.sh CAfile = client.cert * Create testcmd.sh script: #!/bin/bash cat /tmp/dump * Start tunnel in one shell stunnel4 tunnel.cfg * Start testscript in other: #!/bin/bash procCount=0 while [ ${procCount} != 1 ] ; do openssl s_client -key client.key -cert client.cert -connect localhost:1234 /dev/null /dev/null 21 let procCount=procCount+1 if [ ${procCount#*00} = ] ; then echo Test: ${procCount} fi done pkill -KILL -f openssl s_client * When dead: openssl s_client -key client.key -cert client.cert -connect localhost:1234 CONNECTED(0003) But no handshake ** Affects: stunnel4 (Ubuntu) Importance: Undecided Status: New -- Simple stunnel DOS when opening and closing connections https://bugs.launchpad.net/bugs/327222 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 327222] Re: Simple stunnel DOS when opening and closing connections
When broken: # ps aux | grep stunnel rfiedler 14247 58.1 13.0 57592 33324 pts/2Sl+ 16:21 18:05 stunnel4 tunnel.cfg rfiedler 14248 0.0 0.2 3692 628 pts/2S+ 16:21 0:00 stunnel4 tunnel.cfg rfiedler 14249 0.0 0.2 3692 632 pts/2S+ 16:21 0:00 stunnel4 tunnel.cfg rfiedler 14250 0.0 0.2 3692 632 pts/2S+ 16:21 0:00 stunnel4 tunnel.cfg rfiedler 14251 0.0 0.2 3692 632 pts/2S+ 16:21 0:00 stunnel4 tunnel.cfg rfiedler 14252 0.0 0.2 3692 632 pts/2S+ 16:21 0:00 stunnel4 tunnel.cfg # ps auxH | grep stunnel | head rfiedler 14247 0.0 13.0 57592 33324 pts/2Sl+ 16:21 0:01 stunnel4 tunnel.cfg rfiedler 14247 0.0 13.0 57592 33324 pts/2Sl+ 16:33 0:00 stunnel4 tunnel.cfg rfiedler 14247 89.8 13.0 57592 33324 pts/2Rl+ 16:33 18:10 stunnel4 tunnel.cfg rfiedler 14247 0.0 13.0 57592 33324 pts/2Sl+ 16:33 0:00 stunnel4 tunnel.cfg rfiedler 14247 0.0 13.0 57592 33324 pts/2Sl+ 16:33 0:00 stunnel4 tunnel.cfg rfiedler 14247 0.0 13.0 57592 33324 pts/2Sl+ 16:33 0:00 stunnel4 tunnel.cfg rfiedler 14247 0.0 13.0 57592 33324 pts/2Sl+ 16:33 0:00 stunnel4 tunnel.cfg rfiedler 14247 0.0 13.0 57592 33324 pts/2Sl+ 16:33 0:00 stunnel4 tunnel.cfg rfiedler 14247 0.0 13.0 57592 33324 pts/2Sl+ 16:33 0:00 stunnel4 tunnel.cfg rfiedler 14247 0.0 13.0 57592 33324 pts/2Sl+ 16:33 0:00 stunnel4 tunnel.cfg total 287 procs+threads # netstat -tnp |head Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp1 0 127.0.0.1:63822 127.0.0.1:51305 CLOSE_WAIT 14247/stunnel4 tcp1 0 127.0.0.1:63822 127.0.0.1:51655 CLOSE_WAIT 14247/stunnel4 tcp1 0 127.0.0.1:63822 127.0.0.1:51632 CLOSE_WAIT 14247/stunnel4 tcp 119 0 127.0.0.1:63822 127.0.0.1:51626 CLOSE_WAIT 14247/stunnel4 tcp1 0 127.0.0.1:63822 127.0.0.1:51615 CLOSE_WAIT 14247/stunnel4 tcp 119 0 127.0.0.1:63822 127.0.0.1:51665 CLOSE_WAIT 14247/stunnel4 tcp 119 0 127.0.0.1:63822 127.0.0.1:51468 CLOSE_WAIT 14247/stunnel4 280 entries # gdb --pid 14247 .. (gdb) bt #0 0xb7f8e410 in __kernel_vsyscall () #1 0xb7d59c07 in poll () from /lib/tls/i686/cmov/libc.so.6 #2 0x0805445f in ?? () #3 0x08057dbf in ?? () #4 0x080582e4 in ?? () #5 0xb7ca3450 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6 #6 0x0804c5b1 in ?? () -- Simple stunnel DOS when opening and closing connections https://bugs.launchpad.net/bugs/327222 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 318703] [NEW] nagios check_smtp expects integer instead of double
Public bug reported: Binary package hint: nagios-plugins-basic Command execution returns error with double value: # /usr/lib/nagios/plugins/check_smtp -H localhost -w 0.2 check_smtp: Warning time must be a positive integer Usage:check_smtp -H host [-p port] [-e expect] [-C command] [-f from addr][-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-S] [-D days] [-n] [-v] [-4|-6] But docu ( /usr/lib/nagios/plugins/check_smtp -h) says: -w, --warning=DOUBLE Response time to result in warning status (seconds) -c, --critical=DOUBLE Response time to result in critical status (seconds) I think, that the integer check is done on error, since all other commands with -w / -c option take double arguments and sub second response time checks are really useful. - Current package: Status: install ok installed Priority: extra Section: net Installed-Size: 1252 Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com Architecture: i386 Source: nagios-plugins Version: 1.4.11-1ubuntu5 Patch vs nagios-plugins-1.4.12 source (untested): --- check_smtp.orig 2009-01-19 10:57:05.0 +0100 +++ check_smtp.c2009-01-19 11:34:04.0 +0100 @@ -103,9 +103,9 @@ char *authtype = NULL; char *authuser = NULL; char *authpass = NULL; -int warning_time = 0; +double warning_time = 0; int check_warning_time = FALSE; -int critical_time = 0; +double critical_time = 0; int check_critical_time = FALSE; int verbose = 0; int use_ssl = FALSE; @@ -432,9 +432,9 @@ elapsed_time = (double)microsec / 1.0e6; if (result == STATE_OK) { - if (check_critical_time elapsed_time (double) critical_time) + if (check_critical_time elapsed_time critical_time) result = STATE_CRITICAL; - else if (check_warning_time elapsed_time (double) warning_time) + else if (check_warning_time elapsed_time warning_time) result = STATE_WARNING; } @@ -565,21 +565,19 @@ nresponses++; break; case 'c': /* critical time threshold */ - if (is_intnonneg (optarg)) { - critical_time = atoi (optarg); - check_critical_time = TRUE; - } + if (!is_nonnegative (optarg)) + usage4 (_(Critical time must be a positive)); else { - usage4 (_(Critical time must be a positive integer)); + critical_time = strtod (optarg, NULL); + check_critical_time = TRUE; } break; case 'w': /* warning time threshold */ - if (is_intnonneg (optarg)) { - warning_time = atoi (optarg); - check_warning_time = TRUE; - } + if (!is_nonnegative (optarg)) + usage4 (_(Warning time must be a positive)); else { - usage4 (_(Warning time must be a positive integer)); + warning_time = strtod (optarg, NULL); + check_warning_time = TRUE; } break; case 'v': /* verbose */ Cross comparison with other files (e.g. check_http.c) showed that there might be more of these issues, e.g. wrong message outputs/conversions case 'w': /* warning time threshold */ if (!is_nonnegative (optarg)) usage2 (_(Warning threshold must be integer), optarg); else { warning_time = strtod (optarg, NULL); check_warning_time = TRUE; } break; ** Affects: nagios-plugins (Ubuntu) Importance: Undecided Status: New -- nagios check_smtp expects integer instead of double https://bugs.launchpad.net/bugs/318703 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nagios-plugins in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 318703] Re: nagios check_smtp expects integer instead of double
** Attachment added: Untested patch for check_smtp http://launchpadlibrarian.net/21351361/patch-nagios-plugins-1.4.12 -- nagios check_smtp expects integer instead of double https://bugs.launchpad.net/bugs/318703 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nagios-plugins in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 318703] [NEW] nagios check_smtp expects integer instead of double
Public bug reported: Binary package hint: nagios-plugins-basic Command execution returns error with double value: # /usr/lib/nagios/plugins/check_smtp -H localhost -w 0.2 check_smtp: Warning time must be a positive integer Usage:check_smtp -H host [-p port] [-e expect] [-C command] [-f from addr][-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-S] [-D days] [-n] [-v] [-4|-6] But docu ( /usr/lib/nagios/plugins/check_smtp -h) says: -w, --warning=DOUBLE Response time to result in warning status (seconds) -c, --critical=DOUBLE Response time to result in critical status (seconds) I think, that the integer check is done on error, since all other commands with -w / -c option take double arguments and sub second response time checks are really useful. - Current package: Status: install ok installed Priority: extra Section: net Installed-Size: 1252 Maintainer: Ubuntu Core Developers ubuntu-devel-disc...@lists.ubuntu.com Architecture: i386 Source: nagios-plugins Version: 1.4.11-1ubuntu5 Patch vs nagios-plugins-1.4.12 source (untested): --- check_smtp.orig 2009-01-19 10:57:05.0 +0100 +++ check_smtp.c2009-01-19 11:34:04.0 +0100 @@ -103,9 +103,9 @@ char *authtype = NULL; char *authuser = NULL; char *authpass = NULL; -int warning_time = 0; +double warning_time = 0; int check_warning_time = FALSE; -int critical_time = 0; +double critical_time = 0; int check_critical_time = FALSE; int verbose = 0; int use_ssl = FALSE; @@ -432,9 +432,9 @@ elapsed_time = (double)microsec / 1.0e6; if (result == STATE_OK) { - if (check_critical_time elapsed_time (double) critical_time) + if (check_critical_time elapsed_time critical_time) result = STATE_CRITICAL; - else if (check_warning_time elapsed_time (double) warning_time) + else if (check_warning_time elapsed_time warning_time) result = STATE_WARNING; } @@ -565,21 +565,19 @@ nresponses++; break; case 'c': /* critical time threshold */ - if (is_intnonneg (optarg)) { - critical_time = atoi (optarg); - check_critical_time = TRUE; - } + if (!is_nonnegative (optarg)) + usage4 (_(Critical time must be a positive)); else { - usage4 (_(Critical time must be a positive integer)); + critical_time = strtod (optarg, NULL); + check_critical_time = TRUE; } break; case 'w': /* warning time threshold */ - if (is_intnonneg (optarg)) { - warning_time = atoi (optarg); - check_warning_time = TRUE; - } + if (!is_nonnegative (optarg)) + usage4 (_(Warning time must be a positive)); else { - usage4 (_(Warning time must be a positive integer)); + warning_time = strtod (optarg, NULL); + check_warning_time = TRUE; } break; case 'v': /* verbose */ Cross comparison with other files (e.g. check_http.c) showed that there might be more of these issues, e.g. wrong message outputs/conversions case 'w': /* warning time threshold */ if (!is_nonnegative (optarg)) usage2 (_(Warning threshold must be integer), optarg); else { warning_time = strtod (optarg, NULL); check_warning_time = TRUE; } break; ** Affects: nagios-plugins (Ubuntu) Importance: Undecided Status: New -- nagios check_smtp expects integer instead of double https://bugs.launchpad.net/bugs/318703 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 318703] Re: nagios check_smtp expects integer instead of double
** Attachment added: Untested patch for check_smtp http://launchpadlibrarian.net/21351361/patch-nagios-plugins-1.4.12 -- nagios check_smtp expects integer instead of double https://bugs.launchpad.net/bugs/318703 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 252567] [NEW] Forwarding an old message causes SEGV
Public bug reported: Binary package hint: centerim Client segfaults when sending? forwarded message (event) Steps to reproduce: * One other user is online, select user and press Ctrl-O (view message history) * Select a message from this user * Select Fwd * Mark the sender itself as recipient * Press return (shows Outgoing message screen) * Press return again: segfaults #0 0x080ba1d5 in ?? () #1 0x080fe4b7 in ?? () #2 0x081b21f2 in ?? () #3 0x08101a3c in ?? () #4 0x08055f12 in ?? () #5 0x0805654b in ?? () #6 0x0805753d in ?? () #7 0x0805766f in ?? () #8 0x080fe67f in ?? () #9 0x081b23e0 in ?? () #10 0x080fbdbc in ?? () #11 0x0805b978 in ?? () #12 0x0805d82f in ?? () #13 0x08107f07 in ?? () #14 0xb7be0450 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6 #15 0x0804e631 in ?? () (gdb) info registers eax0x8323340137507648 ecx0x0 0 edx0x8384e58137907800 ebx0xd 13 esp0xbff6b428 0xbff6b428 ebp0xbff6b428 0xbff6b428 esi0xbff6b52c -1074350804 edi0x8396e61137981537 eip0x80ba1d50x80ba1d5 eflags 0x210246 [ PF ZF IF RF ID ] cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0x7b 123 fs 0x0 0 gs 0x33 51 (gdb) x/64b 0x080ba1b0 0x80ba1b0: 0x550x080x0f0xb60x440x100x4d0x5d 0x80ba1b8: 0xc30x900x550x890xe50x8b0x4d0x10 0x80ba1c0: 0x8b0x550x080x8b0x450x0c0x880x4c 0x80ba1c8: 0x020x4d0x5d0xc30x550x890xe50x8b 0x80ba1d0: 0x450x080x8b0x550x0c0x0f0xb60x44 0x80ba1d8: 0x100x610x5d0xc30x550x890xe50x8b 0x80ba1e0: 0x4d0x100x8b0x550x080x8b0x450x0c 0x80ba1e8: 0x880x4c0x020x610x5d0xc30x550x89 0x080ba1b8: ret 0x080ba1b9: nop 0x080ba1ba: push %ebp 0x080ba1bb: mov%esp,%ebp 0x080ba1bd: mov0x10(%ebp),%ecx 0x080ba1c0: mov0x8(%ebp),%edx 0x080ba1c3: mov0xc(%ebp),%eax 0x080ba1c6: mov%cl,0x4d(%edx,%eax,1) 0x080ba1ca: pop%ebp 0x080ba1cb: ret 0x080ba1cc: push %ebp 0x080ba1cd: mov%esp,%ebp 0x080ba1cf: mov0x8(%ebp),%eax 0x080ba1d2: mov0xc(%ebp),%edx 0x080ba1d5: movzbl 0x61(%eax,%edx,1),%eax 0x080ba1da: pop%ebp 0x080ba1db: ret 0x080ba1dc: push %ebp 0x080ba1dd: mov%esp,%ebp 0x080ba1df: mov0x10(%ebp),%ecx 0x080ba1e2: mov0x8(%ebp),%edx Code from centerim binary: xxd /usr/bin/centerim | grep -5 c390 5589 e58b 4d10 0072160: 5589 e58b 550c 8b45 0888 5042 5dc3 5589 U...U..E..PB].U. 0072170: e58b 550c 8b45 0888 5043 5dc3 5589 e58b ..U..E..PC].U... 0072180: 550c 8b45 0888 5035 5dc3 5589 e58b 550c U..E..P5].U...U. 0072190: 8b45 0888 5038 5dc3 5589 e58b 450c 83f8 .E..P8].U...E... 00721a0: 0674 0583 f809 7507 b800 00eb 088b .tu. 00721b0: 5508 0fb6 4410 4d5d c390 5589 e58b 4d10 U...D.M]..U...M. 00721c0: 8b55 088b 450c 884c 024d 5dc3 5589 e58b .U..E..L.M].U... 00721d0: 4508 8b55 0c0f b644 1061 5dc3 5589 e58b E..U...D.a].U... 00721e0: 4d10 8b55 088b 450c 884c 0261 5dc3 5589 M..U..E..L.a].U. 00721f0: e58b 4508 8b55 0c0f b644 106b 5dc3 5589 ..E..U...D.k].U. 0072200: e58b 4d10 8b55 088b 450c 884c 026b 5dc3 ..M..U..E..L.k]. The forwarded message did not contain any special characters. Package: 4.22.2-1ubuntu2 ** Affects: centerim (Ubuntu) Importance: Undecided Status: New -- Forwarding an old message causes SEGV https://bugs.launchpad.net/bugs/252567 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 129661] savelog cannot handle absolute pathname for rollover directory
Public bug reported: Binary package hint: debianutils Rolldir is always used relative to the log-file to be rotated but the man page does not mention anything like that: -r use rolldir instead of . to roll files Fixes: * allow absolute rolldir path or * write error message when absolute path is encountered Output: host:~/Tmp$ pwd /home/fiedler/Tmp host:~/Tmp$ savelog -r /tmp/ log Rotated `log' at Wed Aug 1 12:26:31 CEST 2007. host:~/Tmp$ ls -al tmp/log.0 -rw-r--r-- 1 fiedler users 0 Aug 1 12:27 tmp/log.0 System: ubuntu feisty, patched ** Affects: debianutils (Ubuntu) Importance: Undecided Status: New -- savelog cannot handle absolute pathname for rollover directory https://bugs.launchpad.net/bugs/129661 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 129661] Re: savelog cannot handle absolute pathname for rollover directory
Possible patch?? host:~/Tmp$ diff -U 3 /tmp/savelog /usr/bin/savelog --- /tmp/savelog2007-08-01 12:54:33.0 +0200 +++ /usr/bin/savelog2007-03-05 06:43:41.0 +0100 @@ -194,11 +194,7 @@ if [ -z $savedir ]; then savedir=. fi - if [ ${rolldir%%/*} = ] ; then - savedir=$rolldir - else - savedir=$savedir/$rolldir - fi + savedir=$savedir/$rolldir if [ ! -d $savedir ]; then mkdir -p -- $savedir if [ $? -ne 0 ]; then -- savelog cannot handle absolute pathname for rollover directory https://bugs.launchpad.net/bugs/129661 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs