[Bug 1556308] Re: Please merge unbound 1.58-1 from Debian unstable
@nacc, we are past the cutoff date and there has been no movement on the Debian side. Nothing on the 2 bugs I reported ([1] and [2]) nor the git trees of the corresponding packages. So I think you shouldn't hold the release of your package for that. If you feel like it, you could include the upstream patch I attached above but otherwise, those who care can always setup the root.hints themselves. Regards, Simon 1: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818292 (proposing a patch) 2: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818291 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to unbound in Ubuntu. https://bugs.launchpad.net/bugs/1556308 Title: Please merge unbound 1.58-1 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1556308/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 216847] Re: sshd will not start at boot if ListenAddress is set, because network interface is not yet up
Under systemd, if the ListenAddress is on an interface that is manually brought up, the ifup script doesn't help. In that situation, the invoke- rc.d reload/restart fails because the initial startup of sshd wasn't successful. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/216847 Title: sshd will not start at boot if ListenAddress is set, because network interface is not yet up To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/216847/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1460228] Re: neutron-lbaas-agent package does not provide neutron_lbaas.conf file
This also concerns the Ubuntu Cloud Archive (Kilo version) ** Also affects: cloud-archive Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to neutron-lbaas in Ubuntu. https://bugs.launchpad.net/bugs/1460228 Title: neutron-lbaas-agent package does not provide neutron_lbaas.conf file To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1460228/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1556308] Re: Please merge unbound 1.58-1 from Debian unstable
@nacc, we are past the cutoff date and there has been no movement on the Debian side. Nothing on the 2 bugs I reported ([1] and [2]) nor the git trees of the corresponding packages. So I think you shouldn't hold the release of your package for that. If you feel like it, you could include the upstream patch I attached above but otherwise, those who care can always setup the root.hints themselves. Regards, Simon 1: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818292 (proposing a patch) 2: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818291 ** Bug watch added: Debian Bug tracker #818292 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818292 ** Bug watch added: Debian Bug tracker #818291 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818291 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to unbound in Ubuntu. https://bugs.launchpad.net/bugs/1556308 Title: Please merge unbound 1.58-1 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1556308/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1561553] [NEW] unable to create a ZFS pool
Public bug reported: libvirt is supposed to be able to create ZFS pool but I'm unable make use of it: 1) Create some free space to be used as the backing device lvcreate -n libvirt-pool -L 8G vg0 2) Import a pool definition virsh pool-define-as --type zfs --name zfspool --source-name libvirt-pool --source-dev /dev/vg0/libvirt-pool The above command returns this: error: Failed to define pool zfspool error: internal error: missing backend for pool type 11 (zfs) So unless I'm doing something wrong, it seems that the ZFS support is non-functional. P.S: Upstream ZFS support was added to 1.3.2 but this was cherry picked in Ubuntu's libvirt (1.3.1) as part of LP: #1553023 ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: libvirt-bin 1.3.1-1ubuntu6 ProcVersionSignature: Ubuntu 4.4.0-15.31-generic 4.4.6 Uname: Linux 4.4.0-15-generic x86_64 NonfreeKernelModules: zfs zunicode zcommon znvpair zavl ApportVersion: 2.20-0ubuntu3 Architecture: amd64 CurrentDesktop: Unity Date: Thu Mar 24 09:41:02 2016 KernLog: SourcePackage: libvirt UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/qemu.conf'] modified.conffile..etc.libvirt.qemu.networks.default.xml: [deleted] ** Affects: libvirt (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug xenial -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1561553 Title: unable to create a ZFS pool To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1561553/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1560149] Re: missing seccomp whitelist for qemu-kvm
I believe the seccomp whitelist is provided by qemu itself, not libvirt. ** Also affects: qemu (Ubuntu) Importance: Undecided Status: New ** Changed in: libvirt (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1560149 Title: missing seccomp whitelist for qemu-kvm To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1560149/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1560149] [NEW] missing seccomp whitelist for qemu-kvm
Public bug reported: Steps to reproduce: 1) set "seccomp_sandbox = 1" in /etc/libvirt/qemu.conf 2) restart libvirt-bin 3) create a guest using the attached .xml file 4) start the guest Current behavior: the guest will remain in the "paused" state and fail to start because of this: audit: type=1326 audit(1458582324.294:87): auid=4294967295 uid=114 gid=123 ses=4294967295 pid=17695 comm="qemu-system-x86" exe="/usr/bin /qemu-system-x86_64" sig=31 arch=c03e syscall=99 compat=0 ip=0x7fc47c3557d7 code=0x0 Expected behavior: the guest would start normally ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: libvirt-bin 1.3.1-1ubuntu6 ProcVersionSignature: Ubuntu 4.4.0-15.31-generic 4.4.6 Uname: Linux 4.4.0-15-generic x86_64 NonfreeKernelModules: zfs zunicode zcommon znvpair zavl ApportVersion: 2.20-0ubuntu3 Architecture: amd64 CurrentDesktop: Unity Date: Mon Mar 21 13:40:41 2016 KernLog: SourcePackage: libvirt UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/qemu.conf'] modified.conffile..etc.libvirt.qemu.networks.default.xml: [deleted] ** Affects: libvirt (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug xenial ** Attachment added: "guest definition" https://bugs.launchpad.net/bugs/1560149/+attachment/4606623/+files/ubuntu16.04.xml ** Description changed: Steps to reproduce: 1) set "seccomp_sandbox = 1" in /etc/libvirt/qemu.conf 2) restart libvirt-bin - 3) create a guest using the spice display type + 3) create a guest using the attached .xml file + 4) start the guest Current behavior: the guest will remain in the "paused" state and fail to start because of this: audit: type=1326 audit(1458582324.294:87): auid=4294967295 uid=114 gid=123 ses=4294967295 pid=17695 comm="qemu-system-x86" exe="/usr/bin /qemu-system-x86_64" sig=31 arch=c03e syscall=99 compat=0 ip=0x7fc47c3557d7 code=0x0 Expected behavior: the guest would start normally ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: libvirt-bin 1.3.1-1ubuntu6 ProcVersionSignature: Ubuntu 4.4.0-15.31-generic 4.4.6 Uname: Linux 4.4.0-15-generic x86_64 NonfreeKernelModules: zfs zunicode zcommon znvpair zavl ApportVersion: 2.20-0ubuntu3 Architecture: amd64 CurrentDesktop: Unity Date: Mon Mar 21 13:40:41 2016 KernLog: - + SourcePackage: libvirt UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/qemu.conf'] modified.conffile..etc.libvirt.qemu.networks.default.xml: [deleted] ** Attachment removed: "guest definition" https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1560149/+attachment/4606623/+files/ubuntu16.04.xml -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1560149 Title: missing seccomp whitelist for qemu-kvm To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1560149/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1460228] Re: neutron-lbaas-agent package does not provide neutron_lbaas.conf file
Any chance to get this backported to the Ubuntu Cloud Archive (Kilo version) for trusty? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to neutron-lbaas in Ubuntu. https://bugs.launchpad.net/bugs/1460228 Title: neutron-lbaas-agent package does not provide neutron_lbaas.conf file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/neutron-lbaas/+bug/1460228/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1556308] Re: Please merge unbound 1.58-1 from Debian unstable
On 2016-03-12 01:49 PM, Nish Aravamudan wrote: > On 12.03.2016 [14:53:00 -], Simon Déziel wrote: >> @nacc, your test build works really well, thanks for providing it. > > Thank you for testing so quickly! I was keeping an eye on Unbound because this new version will allow simplifying the Apparmor profile [1]. If 1.5.8 makes it into Xenial, I'll take care of updating [1]. >> Before this officially lands in Xenial, I believe it would be a good >> idea to include the new L-root IPv6 address [1] that is already >> operational. >> >> This change is in upstream's SVN but not yet in Debian. March 23rd being >> really close, I suspect the Debian maintainer will soon cut a new >> release so you might want to delay the sync a little bit. If delaying >> isn't an option, I'd be glad to provide you the upstream commit with the >> IP change. > > That would be good to see, just for reference. Sure, SVN commit attached. Thanks, Simon 1: https://bazaar.launchpad.net/~apparmor-dev/apparmor-profiles/master/view/head:/ubuntu/16.04/usr.sbin.unbound ** Patch added: "L-root-updated-ipv6-address.patch" https://bugs.launchpad.net/bugs/1556308/+attachment/4597234/+files/L-root-updated-ipv6-address.patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to unbound in Ubuntu. https://bugs.launchpad.net/bugs/1556308 Title: Please merge unbound 1.58-1 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1556308/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1556308] Re: Please merge unbound 1.58-1 from Debian unstable
@nacc, your test build works really well, thanks for providing it. Before this officially lands in Xenial, I believe it would be a good idea to include the new L-root IPv6 address [1] that is already operational. This change is in upstream's SVN but not yet in Debian. March 23rd being really close, I suspect the Debian maintainer will soon cut a new release so you might want to delay the sync a little bit. If delaying isn't an option, I'd be glad to provide you the upstream commit with the IP change. 1: https://unbound.nlnetlabs.nl/pipermail/unbound- users/2016-March/004262.html -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to unbound in Ubuntu. https://bugs.launchpad.net/bugs/1556308 Title: Please merge unbound 1.58-1 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1556308/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1556308] Re: Please merge unbound 1.58-1 from Debian unstable
@nacc, if you have a test build available let me know. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to unbound in Ubuntu. https://bugs.launchpad.net/bugs/1556308 Title: Please merge unbound 1.58-1 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1556308/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1553378] Re: recursive sftp transfers abort when destination dir exists
Thank you Colin for 7.2p1-1, I really appreciate it! ** Changed in: openssh (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1553378 Title: recursive sftp transfers abort when destination dir exists To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1553378/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 920636] Re: Clearing up language in man page of ssh-keygen
Trusty and later have the correct wording so marking as fix released. ** Changed in: openssh (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/920636 Title: Clearing up language in man page of ssh-keygen To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/920636/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1553378] [NEW] recursive sftp transfers abort when destination dir exists
Public bug reported: Since I moved from Trusty to Xenial, my sftp backup script stopped working. After a bit of investigation it seems to be exactly https://bugzilla.mindrot.org/show_bug.cgi?id=2528. Fortunately it was fixed in OpenSSH 7.2. I know 7.2 is pretty recent and not yet in Debian but I would appreciate if Xenial could have a fix for this annoying bug. If upgrading to 7.2 is not possible, a backport of the specific commit would also be appreciated. Thanks in advance. $ lsb_release -rd Description:Ubuntu Xenial Xerus (development branch) Release:16.04 $ apt-cache policy openssh-client openssh-client: Installed: 1:7.1p2-2 Candidate: 1:7.1p2-2 Version table: *** 1:7.1p2-2 500 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: openssh-client 1:7.1p2-2 ProcVersionSignature: Ubuntu 4.4.0-10.25-generic 4.4.3 Uname: Linux 4.4.0-10-generic x86_64 NonfreeKernelModules: zfs zunicode zcommon znvpair zavl ApportVersion: 2.20-0ubuntu3 Architecture: amd64 CurrentDesktop: Unity Date: Fri Mar 4 16:46:45 2016 RelatedPackageVersions: ssh-askpass N/A libpam-sshN/A keychain N/A ssh-askpass-gnome 1:7.1p2-2 SSHClientVersion: OpenSSH_7.1p2 Ubuntu-2, OpenSSL 1.0.2g 1 Mar 2016 SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: openssh (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug xenial -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1553378 Title: recursive sftp transfers abort when destination dir exists To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1553378/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: Fwd: Re: [Bug 1514794] Re: package:strongswan-plugin-farp may need apparmor config change
Hi Steven, Thanks for the thorough analysis. On 2016-02-29 05:58 AM, Steven Bishop wrote: > Hi there, > > > Sending again as message didn't show up in the thread. > > > Forwarded Message > > Subject: Re: [Bug 1514794] Re: package:strongswan-plugin-farp may need > apparmor config change > Date: Thu, 28 Jan 2016 20:26:48 + > From: Steven Bishop <x@xx> > To: Bug 1514794 <1514...@bugs.launchpad.net> > > > Hi Simon, > > > Thanks for your email. > > Had a quick look back at the details. > > I've attached the complete copy of "/etc/apparmor.d/usr.lib.ipsec.charon" > that I've got installed and running (post-the-patch). > > The excerpt I took from "/var/log/syslog" at the time of the bug-report > showed that apparmor was blocking the dgram packets that the strongswan farp > plugin > was trying to generate when I had a Road-Warrior client connected to the VPN > and pinging a LAN-side client. > > > Until I put in the patch to "/etc/apparmor.d/usr.lib.ipsec.charon" of : > > network packet dgram, > > the ping wasn't getting any reply as apparmor was preventing the farp plugin > from generating the correct traffic for the ping to travel back from the > LAN-side client > andacross the VPN boundary. > > > Doing a quick : > > $ dpkg -S /etc/apparmor.d/usr.lib.ipsec.charon > > returns : > > strongswan-ike: /etc/apparmor.d/usr.lib.ipsec.charon > > > Looking in /var/log/auth.log, I can see that I installed : > > $ sudo apt-get install strongswan-ikev2 > > On Oct-17-2015 @ 17:30pm (BST = GMT + 1hr) > > > Looking at the current Trusty repo, the date on their copy is from 15-Nov-2015 > so that working copy is actually newer than my bug-report. > > I've pulled down a copy that particular .deb and looked at > it's copy of /etc/apparmor.d/usr.lib.ipsec.charon. > > Looking at the version I've got installed I can see some noteable style > differences > in the layout of the file. > The ordering of the '#include' statements are grouped all together. > > I'm guessing that the package that I "apt-get install"ed on 17-Oct-2015 > has been updated on the Trusty repo since that time. > > By the way, the version currently available in the current Trusty repo > has the 2 lines: > > line-24: > network, > line-25: > network raw, > > > If I'm reading this correctly, wouldn't line-24 mean that all network traffic > is allowed. > and makes line-25 unnecessary. That is also my understanding of those 2 rules. Even if the more specific one is IMHO not necessary, it is causing no harm either. > As long as the current version of the Strongswan package with farp-plugin > installed > will permit a road-warrior client connected to the VPN to 'ping' a LAN-side > client > then I would be 100% happy. Now that you are using the up to date profile from Trusty's repo, do you still get Apparmor denials? And is the plugin working as it should? Regards, Simon -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1514794 Title: package:strongswan-plugin-farp may need apparmor config change To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1514794/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1549436] Re: AppArmor kills StronSwan daemon 'charon'
Ruslan, upstream mentions that lowering the amount of socket used for RADIUS a possible workaround: https://wiki.strongswan.org/issues/757#note-7 Also, you might want to give a try to Ubuntu Xenial that ships Strongswan 5.3.5 which has the fix included. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1549436 Title: AppArmor kills StronSwan daemon 'charon' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1549436/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1549436] Re: AppArmor kills StronSwan daemon 'charon'
The crash signature looks a lot like this one: https://wiki.strongswan.org/issues/757 ** Changed in: strongswan (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1549436 Title: AppArmor kills StronSwan daemon 'charon' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1549436/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1549436] Re: AppArmor kills StronSwan daemon 'charon'
On 2016-02-26 01:11 PM, ruslan_ka wrote: >> I have no idea what can cause this access to /dev/tty. I never ran into >> this problem on my own server which is similar minus the EAP/RADIUS >> part, I use xauth-generic only. > xauth-eap works in a different way. It takes clear text password from client > and makes EAP request to a radius server (in my case EAP-MSCHAPv2). It allows > to store user passwords encrypted. > > Quick look through the code gives many uses for stdout (as example), but > I'm not an expert to analyze them > (https://git.strongswan.org/?p=strongswan.git=search=ddf1fc7692889298e04a4c799bf0c2f67b61ebe9=grep=stdout). Maybe you have some log output configured to go to stdout/stderr? >> Again, not related but aren't the 2 rightsourceip= overlapping? > it is a StrongSwan feature. It manages ip pool as shared in such case. You > can either use >rightsourceip=%poolname > or just use identical definition in rightsourceip and StrongSwan will share > the same pool implicitly. It's what I assumed you were doing but your 2 CIDRs are not identical: ikev1-psk-xauth uses a /9 and ikev2-with-eap a /16. >> I honestly don't know why charon tries to access /dev/tty. Are you able >> to see that message on the console or the upstart log when the Apparmor >> profile is disabled? > With disabled Apparmor profile everything work pretty good. When doing the load testing, do you get something logged or displayed on the console with the Apparmor profile disabled? > I can provide any additional information about this system or can do > some tests. Well, at this point you demonstrated that you can have charon access /dev/tty when you fully control the 2 sides of the connections (with your load tester setup). This means that those access to /dev/tty are quite probably not the result of an attack of some kind. They are more likely the result of normal operations carried by charon. As such, I feel the proper fix would be to update the Apparmor profile to grant access to /dev/tty and avoid causing a crash. Regards, Simon -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1549436 Title: AppArmor kills StronSwan daemon 'charon' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1549436/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1549436] Re: AppArmor kills StronSwan daemon 'charon'
On 2016-02-25 10:50 AM, ruslan_ka wrote: > The server serves only incoming VPN requests, it is for mobile road- > warriors. And the error does not occur right after starting a > strongswan or bringing tunnels up. So it makes no sense to run it with > auto=add or not. I somehow assumed it was an initiator (client) and not a responder (server), sorry. > Strongswan is serving clients ok. It is working for a long time until a > first DENIAL. It looks like it is somehow related to reauthentication of > xauth iOS client, but I can't reproduce it. Sometimes client can reauth > ok, as I can see at logs, but sometimes right after successful reauth I > see this error. There are about 5 active clients right now with 20-30 > connections per/day, and server gives me an error once/twice per day. I > would not even note it, if it'd not break accounting at radius. I have no idea what can cause this access to /dev/tty. I never ran into this problem on my own server which is similar minus the EAP/RADIUS part, I use xauth-generic only. > $ sudo cat /etc/ipsec.conf > # ipsec.conf - strongSwan IPsec configuration file > > # basic configuration > > config setup > strictcrlpolicy=yes > # uniqueids = no > > # default options > > conn %default > ikelifetime=60m > keylife=20m > rekeymargin=3m > keyingtries=1 > inactivity = 60s > dpdaction = clear > dpdtimeout = 5s > dpddelay = 5s Not related to the problem at hand but you generally don't want dpdtimeout to be equal to dpddelay. Having them equal means that loosing a single DPD packet will kill the tunnel and have the client reconnect. With mobile client, occasional packet loss shouldn’t force the connection to be re-established. You usually want to redial only after loosing say 3 DPD packets. This better detects peers going offline or being affected by more severe connectivity problems. As such, I'd recommend something like this: dpdtimeout=15s dpddelay=5s Also, keep in mind that a low dpddelay drains the clients' battery as it keeps the radio transmitter active more often. > # Add connections here. > > conn ikev1-psk-xauth > leftsubnet=0.0.0.0/0 > leftfirewall=yes > leftid=@vpn.server.name > leftauth=psk > right=%any > rightsourceip=10.0.0.0/9 > rightauth=psk > rightauth2=xauth-eap > auto=add > > conn ikev2-with-eap > keyexchange=ikev2 > leftsubnet=0.0.0.0/0 > leftfirewall=yes > leftid="C=US, O=Server.name.co, OU=VPN Dept, CN=vpn.server.name, > E=ad...@server.name" > leftauth=pubkey > leftcert=vpn.server.name.pem > right=%any > rightsourceip=10.0.0.0/16 > rightsendcert=never > rightauth=eap-radius > eap_identity=%identity > auto=add Again, not related but aren't the 2 rightsourceip= overlapping? > $ sudo cat /etc/strongswan.conf > # strongswan.conf - strongSwan configuration file > > charon { > load_modular = yes > plugins { > include strongswan.d/charon/*.conf > } > dns1 = 8.8.8.8 > } > > include strongswan.d/*.conf > > > $ sudo cat /etc/strongswan.d/charon.conf | grep -v '^[[:space:]]*#'| grep . > charon { > crypto_test { > } > host_resolver { > } > leak_detective { > } > processor { > priority_threads { > } > } > tls { > } > x509 { > } > } > > > $ sudo cat /etc/strongswan.d/charon/xauth-eap.conf | grep -v > '^[[:space:]]*#'| grep . > xauth-eap { > backend = radius > load = yes > } > > $ sudo cat /etc/strongswan.d/charon/eap-radius.conf | grep -v > '^[[:space:]]*#'| grep . > eap-radius { > accounting = yes > load = yes > port = 1812 > secret = secret > server = 127.0.0.1 > sockets = 1000 > dae { > enable = yes > listen = 0.0.0.0 > port = 3799 > secret = dae_secret > } > forward { > } > servers { > } > xauth { > } > } > I honestly don't know why charon tries to access /dev/tty. Are you able to see that message on the console or the upstart log when the Apparmor profile is disabled? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1549436 Title: AppArmor kills StronSwan daemon 'charon' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1549436/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1549436] Re: AppArmor kills StronSwan daemon 'charon'
If you re-enable the Apparmor profile and set your connection to not auto start (use "auto=add") when do you get the access denial on /dev/tty? Is it after restarting the strongswan service or when you call "ipsec up $conn"? Lastly, would you mind providing an obfuscated version of your ipsec.secrets and ipsec.conf? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1549436 Title: AppArmor kills StronSwan daemon 'charon' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1549436/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1330486] Re: strongSwan AppArmor profile doesn't allow smartcard configuration
@caramba696, smartcard should be improved in Xenial so you might want to re-test. The Apparmor profile allows charon to access /run/pcscd/pcscd.comm and also include other rules related to smartcards. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1330486 Title: strongSwan AppArmor profile doesn't allow smartcard configuration To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1330486/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1549436] Re: AppArmor kills StronSwan daemon 'charon'
@ruslan_ka, after disabling the Apparmor profiles, did you receive a prompt for a user/password or something when starting Strongswan? ** Changed in: strongswan (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1549436 Title: AppArmor kills StronSwan daemon 'charon' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1549436/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1548497] Re: Cross-Container ARP Poisoning
With a recent kernel, libvirt can manage the MAC table [*] of the bridge so maybe this is something that can be done by LXC/LXD as well? *: see the "bridge" section of https://libvirt.org/formatnetwork.html#elementsConnect -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1548497 Title: Cross-Container ARP Poisoning To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1548497/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1302925] Re: sldns_str2wire_rr_buf unittest fails with: pos 69: Syntax error, could not parse the RR
Fixed upstream by 1.5.0. Marking as fix released now that Xenial has 1.5.7. ** Changed in: unbound (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to unbound in Ubuntu. https://bugs.launchpad.net/bugs/1302925 Title: sldns_str2wire_rr_buf unittest fails with: pos 69: Syntax error, could not parse the RR To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1302925/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1547052] Re: bind9-host 9.10.X should not depend on bind9 (named)
Fixed confirmed with version 9.10.3.dfsg.P2-3ubuntu3. Thanks for the quick turnaround. ** Changed in: bind9 (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/1547052 Title: bind9-host 9.10.X should not depend on bind9 (named) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1547052/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1547052] [NEW] bind9-host 9.10.X should not depend on bind9 (named)
Public bug reported: In Xenial -proposed, bind9-host 9.10.3.dfsg.P2-3~ubuntu1 depends on bind9. It wasn't the case with version 9.9.5.dfsg-12.1ubuntu1 and I believe the old behavior is better. Here is the apt history.log: Start-Date: 2016-02-17 16:08:47 Commandline: apt-get --assume-yes dist-upgrade Requested-By: aptdater (119) Install: libisccfg140:amd64 (9.10.3.dfsg.P2-3~build3, automatic), libirs141:amd64 (9.10.3.dfsg.P2-3~build3, automatic), libisc160:amd64 (9.10.3.dfsg.P2-3~build3, automatic), bind9utils:amd64 (9.10.3.dfsg.P2-3~build3, automatic), liblwres141:amd64 (9.10.3.dfsg.P2-3~build3, automatic), bind9:amd64 (9.10.3.dfsg.P2-3~build3, automatic), libdns162:amd64 (9.10.3.dfsg.P2-3~build3, automatic), libisccc140:amd64 (9.10.3.dfsg.P2-3~build3, automatic), libbind9-140:amd64 (9.10.3.dfsg.P2-3~build3, automatic) Upgrade: bind9-host:amd64 (9.9.5.dfsg-12.1ubuntu1, 9.10.3.dfsg.P2-3~build3), dnsutils:amd64 (9.9.5.dfsg-12.1ubuntu1, 9.10.3.dfsg.P2-3~build3) End-Date: 2016-02-17 16:08:59 $ lsb_release -rd Description:Ubuntu Xenial Xerus (development branch) Release:16.04 ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: bind9-host 1:9.10.3.dfsg.P2-3~ubuntu1 ProcVersionSignature: Ubuntu 4.4.0-6.21-generic 4.4.1 Uname: Linux 4.4.0-6-generic x86_64 NonfreeKernelModules: zfs zunicode zcommon znvpair zavl ApportVersion: 2.20-0ubuntu3 Architecture: amd64 CurrentDesktop: Unity Date: Thu Feb 18 09:52:39 2016 SourcePackage: bind9 UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: bind9 (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug package-from-proposed xenial -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/1547052 Title: bind9-host 9.10.X should not depend on bind9 (named) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1547052/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1546674] [NEW] virt-aa-helper Apparmor profile missing rules for name resolution
Public bug reported: With libvirt-bin 1.3.1, starting a QEMU guest results in those AA denials: Feb 17 12:06:23 simon-laptop kernel: [15734.513696] audit: type=1400 audit(1455728783.639:73): apparmor="DENIED" operation="open" profile="/usr/lib/libvirt/virt-aa-helper" name="/etc/nsswitch.conf" pid=23156 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Feb 17 12:06:23 simon-laptop kernel: [15734.513718] audit: type=1400 audit(1455728783.639:74): apparmor="DENIED" operation="open" profile="/usr/lib/libvirt/virt-aa-helper" name="/etc/host.conf" pid=23156 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Feb 17 12:06:23 simon-laptop kernel: [15734.513734] audit: type=1400 audit(1455728783.639:75): apparmor="DENIED" operation="open" profile="/usr/lib/libvirt/virt-aa-helper" name="/run/resolvconf/resolv.conf" pid=23156 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Feb 17 12:06:23 simon-laptop kernel: [15734.513885] audit: type=1400 audit(1455728783.639:76): apparmor="DENIED" operation="open" profile="/usr/lib/libvirt/virt-aa-helper" name="/run/resolvconf/resolv.conf" pid=23156 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 virt-aa-helper's AA profile hasn't changed recently so it seems like the helper is doing more in this release. Additional information: $ lsb_release -rd Description:Ubuntu Xenial Xerus (development branch) Release:16.04 $ apt-cache policy apparmor libvirt-bin apparmor: Installed: 2.10-3ubuntu1 Candidate: 2.10-3ubuntu1 Version table: *** 2.10-3ubuntu1 500 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status libvirt-bin: Installed: 1.3.1-1ubuntu1 Candidate: 1.3.1-1ubuntu1 Version table: *** 1.3.1-1ubuntu1 500 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: libvirt-bin 1.3.1-1ubuntu1 ProcVersionSignature: Ubuntu 4.4.0-5.20-generic 4.4.1 Uname: Linux 4.4.0-5-generic x86_64 NonfreeKernelModules: zfs zunicode zcommon znvpair zavl ApportVersion: 2.20-0ubuntu3 Architecture: amd64 CurrentDesktop: Unity Date: Wed Feb 17 13:08:04 2016 KernLog: SourcePackage: libvirt UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/qemu.conf'] modified.conffile..etc.libvirt.qemu.networks.default.xml: [deleted] ** Affects: libvirt (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug xenial -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1546674 Title: virt-aa-helper Apparmor profile missing rules for name resolution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1546674/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1535951] Re: Please merge strongswan 5.3.5-1 (main) from Debian unstable (main)
On 2016-02-16 09:46 AM, mrq1 wrote: > it looks like strongswan is faking a nat situation if the kernel-libipsec > is used This is by design as kernel-libipsec requires ESPinUDP. As Tobias (Strongswan upstream) said, it's best to not have this on by default. > btw: did you get this audit entries too? > > # grep audit /var/log/syslog > Feb 16 07:56:31 kvm-xenial kernel: [240771.376037] audit: type=1400 > audit(1455605791.501:866): apparmor="DENIED" operation="open" > profile="/usr/lib/ipsec/charon" name="/proc/31139/fd/" pid=31139 > comm="charon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 > Feb 16 08:20:30 kvm-xenial kernel: [242210.398331] audit: type=1400 > audit(1455607230.525:867): apparmor="DENIED" operation="open" > profile="/usr/lib/ipsec/charon" name="/proc/31165/fd/" pid=31165 > comm="charon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 > Feb 16 08:37:04 kvm-xenial kernel: [243204.311072] audit: type=1400 > audit(1455608224.480:868): apparmor="DENIED" operation="open" > profile="/usr/lib/ipsec/charon" name="/proc/31720/fd/" pid=31720 > comm="charon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 > Feb 16 08:41:09 kvm-xenial kernel: [243449.474502] audit: type=1400 > audit(1455608469.642:869): apparmor="DENIED" operation="open" > profile="/usr/lib/ipsec/charon" name="/proc/31743/fd/" pid=31743 > comm="charon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 > Feb 16 08:41:30 kvm-xenial kernel: [243470.304749] audit: type=1400 > audit(1455608490.474:870): apparmor="DENIED" operation="open" > profile="/usr/lib/ipsec/charon" name="/proc/31836/fd/" pid=31836 > comm="charon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 I don't get those but I only tested libipsec in a container where there is no Apparmor. Maybe it's libipsec specific? Can you add this to the profile and see if it helps: owner @{PROC}/@{pid}/fd/ r, -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1535951 Title: Please merge strongswan 5.3.5-1 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1535951] Re: Please merge strongswan 5.3.5-1 (main) from Debian unstable (main)
On 2016-02-14 09:00 AM, Simon Deziel wrote: > On 2016-02-13 10:03 PM, Ryan Harper wrote: >> On Sat, Feb 13, 2016 at 7:51 PM, Simon Déziel <1535...@bugs.launchpad.net> >>> libipsec support is very cool (thanks for enabling it!) as it should >>> allow running a IPsec in containers. >>> >>> >> Please do confirm if that's working. I suspect they'll need to be >> privileged containers >> or will need some additional permissions/configs for unprivileged since >> it'll want access to >> /dev/net/tun which won't be present by default. Correct, for unprivileged containers, one has to make the tun device available using: lxc config device add $CTNAME tun unix-char path=/dev/net/tun Then it works. Thanks, Simon -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1535951 Title: Please merge strongswan 5.3.5-1 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1101779] Re: autofs "lookup_mount: exports lookup" fails on IPv6-only hosts
There have been various upstream ipv6 related fixes in the debian/ubuntu changelogs,, imported from upstream and otherwise. Is this bug still present in debian stretch and ubuntu xenial with newer autofs packages ? I'd suggest testing ubuntu-xenial in particular as the next LTS release (underpinning mint 18 LTS) to come out? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to autofs in Ubuntu. https://bugs.launchpad.net/bugs/1101779 Title: autofs "lookup_mount: exports lookup" fails on IPv6-only hosts To manage notifications about this bug go to: https://bugs.launchpad.net/linuxmint/+bug/1101779/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1535951] Re: Please merge strongswan 5.3.5-1 (main) from Debian unstable (main)
On 2016-02-13 10:03 PM, Ryan Harper wrote: > On Sat, Feb 13, 2016 at 7:51 PM, Simon Déziel <1535...@bugs.launchpad.net> > wrote: > >> On 2016-02-13 05:09 PM, Ryan Harper wrote: >>> On Sat, Feb 13, 2016 at 12:27 PM, mrq1 <tempusfugit...@gmail.com> wrote: >>> >>>> great! starts now :-) >>>> >>>> what about the chapoly plugin? can you enable it in the extra package? >>>> it would be very important for me! >>>> >>> >>> I can look at enabling it. It's new in 5.3.5. >> >> +1 >> >> ChaCha20/Poly1305 actually made it in 5.3.3 [1] and I haven't heard of >> any problem on the mailing list. >> >>> If enabled, can you test and confirm it works? >> >> I too would be glad to give it a spin and report about it. >> >>> Looks like something quite interesting. >>> https://en.wikipedia.org/wiki/Poly1305 >> >> Indeed! Chacha20 and Poly1305 are cool and getting quite some traction >> these days [2]. >> > > Excellent! I've just uploaded a new version to the PPA; should be ready in > a bit with the new plugin > and updated apparmor profiles from your repo. Thanks, will try it out. > One question, the profile included /dev/tun, and in my Xenial setups, I > need > /dev/net/tun so I've both allowed in the profile. Not clear to me if it's > useful/needed > to have both, or if only one is sufficient. Good catch. The path always have been /dev/net/tun even in previous releases so please drop the erroneous /dev/tun rule I added. >>> Comments here in the Debian bug indicate that this requires at least 4.2 >>> kernel. >> >> For the IKE part, the kernel version shouldn't matter. For the ESP part, >> you indeed need a recent kernel or you can always use the userspace >> implementation (libipsec). >> >> > OK > > >> libipsec support is very cool (thanks for enabling it!) as it should >> allow running a IPsec in containers. >> >> > Please do confirm if that's working. I suspect they'll need to be > privileged containers > or will need some additional permissions/configs for unprivileged since > it'll want access to > /dev/net/tun which won't be present by default. > > I'd like to capture how to run strongswan in containers like LXD so if > you've any experience I'd expect it to be pretty close to running OpenVPN in a container. I'll check that out on LXD and let you know. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1535951 Title: Please merge strongswan 5.3.5-1 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1535951] Re: Please merge strongswan 5.3.5-1 (main) from Debian unstable (main)
On 2016-02-13 12:39 PM, Ryan Harper wrote: > The extra-plugins package need some more privs for the charon binary > in the apparmor profile. Ryan, please take a look at [1] for refreshed AA profiles that could address many more LP bugs (all mentioned in debian/changelog). Thanks. Regards, Simon 1: https://github.com/simondeziel/ubuntu-strongswan/commit/9f414ee4e04d6d88810c85029cc0dcbaed58fba8 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1535951 Title: Please merge strongswan 5.3.5-1 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1535951] Re: Please merge strongswan 5.3.5-1 (main) from Debian unstable (main)
On 2016-02-13 05:09 PM, Ryan Harper wrote: > On Sat, Feb 13, 2016 at 12:27 PM, mrq1 <tempusfugit...@gmail.com> wrote: > >> great! starts now :-) >> >> what about the chapoly plugin? can you enable it in the extra package? >> it would be very important for me! >> > > I can look at enabling it. It's new in 5.3.5. +1 ChaCha20/Poly1305 actually made it in 5.3.3 [1] and I haven't heard of any problem on the mailing list. > If enabled, can you test and confirm it works? I too would be glad to give it a spin and report about it. > Looks like something quite interesting. > https://en.wikipedia.org/wiki/Poly1305 Indeed! Chacha20 and Poly1305 are cool and getting quite some traction these days [2]. > Comments here in the Debian bug indicate that this requires at least 4.2 > kernel. For the IKE part, the kernel version shouldn't matter. For the ESP part, you indeed need a recent kernel or you can always use the userspace implementation (libipsec). libipsec support is very cool (thanks for enabling it!) as it should allow running a IPsec in containers. > For Xenial, this will be sufficient I suppose. > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803787 The reporter was looking for NTRU (enabled in your PPA build IIRC) and BLISS. That said, I'm sure the reporter would welcome having another AEAD cipher available because they are well regarded [3] in terms of security. Thanks, Simon 1: https://wiki.strongswan.org/versions/58 2: https://en.wikipedia.org/w/index.php?title=Salsa20=no#ChaCha20_adoption 3: https://www.imperialviolet.org/2015/05/16/aeads.html -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1535951 Title: Please merge strongswan 5.3.5-1 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1454725] Re: openvpn no longer called with "--script-security 2"
It works, thanks Martin. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1454725 Title: openvpn no longer called with "--script-security 2" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1454725/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1535951] Re: Please merge strongswan 5.3.5-1 (main) from Debian unstable (main)
** Attachment removed: "Refreshed logcheck rules" https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+attachment/4558391/+files/strongswan.logcheck ** Attachment added: "Refreshed logcheck rules" https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+attachment/4562410/+files/strongswan.logcheck -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1535951 Title: Please merge strongswan 5.3.5-1 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1454725] Re: openvpn no longer called with "--script-security 2"
Thanks for the feedback Nicolas. This is likely going to bite many users upgrading. It's fairly common to push DNS resolvers from the VPN server. For those to be usable on the client side, "script-security 2" is needed otherwise the up/down script update-resolv-conf won't be called. Since Ubuntu tweaks the init script to add "--script-security 2" for backward compatibility, I believe the same should be done by the systemd file. @pitti, would that make sense? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1454725 Title: openvpn no longer called with "--script-security 2" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1454725/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1454725] Re: openvpn does not use OPTARGS from /etc/default/openvpn
** Changed in: openvpn (Ubuntu) Status: Incomplete => Confirmed ** Summary changed: - openvpn does not use OPTARGS from /etc/default/openvpn + openvpn no longer called with "--script-security 2" -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1454725 Title: openvpn no longer called with "--script-security 2" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1454725/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1454725] Re: openvpn fails after upgrade from 14.10 to 15.04
Nicolas, the journal log shows that the VPN server hostname was not resolvable and eventually when it finally connected, it failed after calling a --up script. Could you provide this --up script and maybe the sanitized configuration of your VPN client? ** Changed in: openvpn (Ubuntu) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1454725 Title: openvpn fails after upgrade from 14.10 to 15.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1454725/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1016744] Re: OpenVPN example easy-rsa 2.0 issues
The easy-rsa component now ship as a separated package in Trusty. The released version contains the fix. ** Changed in: openvpn (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1016744 Title: OpenVPN example easy-rsa 2.0 issues To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1016744/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1511524] Re: OpenVPN PAM authentication broken on 15.10 Server
This was fixed in Debian in openvpn 2.3.10-1. This has already made it into Xenial 16.04. ** Bug watch added: Debian Bug tracker #795313 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795313 ** Also affects: openvpn (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795313 Importance: Unknown Status: Unknown ** Changed in: openvpn (Ubuntu) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1511524 Title: OpenVPN PAM authentication broken on 15.10 Server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1511524/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1319840] Re: Wrong plugins path.
The man page says : --plugin module-pathname [init-string] Load plug-in module from the file module-pathname, passing init-string as an argument to the module initialization function. So given the proper path it should work. On Trusty, the following works well: plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so openvpn ** Changed in: openvpn (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1319840 Title: Wrong plugins path. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1319840/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1511524] Re: OpenVPN PAM authentication broken on 15.10 Server
Thanks Martin. I didn't know we could use fix released until the official release was made. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1511524 Title: OpenVPN PAM authentication broken on 15.10 Server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1511524/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1454725] Re: openvpn does not use OPTARGS from /etc/default/openvpn
I just check on 14.04 and 16.04 and the init script automatically adds "--script-security 2" unless the VPN config contains a script-security directive. Problem is that since the switch to systemd, the init script is no longer used and the daemon is used like this: $ systemctl cat openvpn@.service | grep ^ExecStart ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid This probably breaks setups relying on "--script-security 2" like yours. Could you try adding "script-security 2" to /etc/openvpn/infra.conf and see if it helps? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1454725 Title: openvpn does not use OPTARGS from /etc/default/openvpn To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1454725/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1535951] Re: Please merge strongswan 5.3.5-1 (main) from Debian unstable (main)
** Attachment removed: "Refreshed logcheck rules" https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+attachment/4558011/+files/strongswan.logcheck ** Attachment added: "Refreshed logcheck rules" https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+attachment/4558391/+files/strongswan.logcheck -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1535951 Title: Please merge strongswan 5.3.5-1 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1538902] Re: package openvpn 2.3.7-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
You have installed some third party startup/init script named "fruhod" that is broken. You will need to correct or remove it. ** Changed in: openvpn (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1538902 Title: package openvpn 2.3.7-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1538902/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1165841] Re: package openvpn 2.2.1-8ubuntu1.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 7
** Changed in: openvpn (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1165841 Title: package openvpn 2.2.1-8ubuntu1.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 7 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1165841/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1165841] Re: package openvpn 2.2.1-8ubuntu1.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 7
@Sinix, your modification to the init script are probably at fault since they are not doing proper checking/error handling and the script is configured to abort on the first error (!/bin/sh -e). -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1165841 Title: package openvpn 2.2.1-8ubuntu1.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 7 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1165841/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1535951] Re: Please merge strongswan 5.3.5-1 (main) from Debian unstable (main)
The attached logcheck rules should cover all the normal logs generated by Strongswan using the stock default config. If Debian integrates this ruleset, bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787156 could be closed. ** Bug watch added: Debian Bug tracker #787156 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787156 ** Attachment added: "Refreshed logcheck rules" https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+attachment/4558011/+files/strongswan.logcheck -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1535951 Title: Please merge strongswan 5.3.5-1 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1534340] Re: openssh server 6.6 does not report max auth failures
Works well, thank you! ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1534340 Title: openssh server 6.6 does not report max auth failures To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1534340/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1092249] Re: Feature request: Add scripts similar to Apache's a2ensite/a2dissite
The "ngx-conf" command was added to 1.9.1-1. Marking as fix released since Wily shipped with 1.9.3-1ubuntu1. ** Changed in: nginx (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1092249 Title: Feature request: Add scripts similar to Apache's a2ensite/a2dissite To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1092249/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1287339] Re: Using "ipsec start|stop" confuses upstart
With Strongswan 5.1.2-0ubuntu8 on Ubuntu Xenial, things have improved slightly. systemd will notice if one runs "ipsec stop". Previously, upstart was unable to figure it out and would re-spawn the service. One problem remains with systemd: If you "ipsec start" while the systemd service is not running, the resulting daemons will not be tracked by systemd. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1287339 Title: Using "ipsec start|stop" confuses upstart To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1287339/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1514794] Re: package:strongswan-plugin-farp may need apparmor config change
@Steven, is this still an issue? The diff you showed includes "# network all," but this is not in the released version of charon's profile. Maybe you had a locally modified profile when you ran into the issue? Since the charon's profile in Trusty allows all networking, I don't think that adding "network packet dgram," makes sense. Would you mind confirm if the problem happened with the stock profile or not? ** Changed in: strongswan (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1514794 Title: package:strongswan-plugin-farp may need apparmor config change To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1514794/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1536568] Re: please merge openvpn from debian
This upgrade caused a regression. When manually starting a VPN with "systemctl start openvpn@foo", the VPN foo connects fine but the call to systemctl never returns. I need to Ctrl-C it to get back at the console. This was working well with 2.3.8-1ubuntu1. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1536568 Title: please merge openvpn from debian To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1536568/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1536568] Re: please merge openvpn from debian
No matter if I Ctrl-C or not, the start job always times out after 90 seconds killing the VPN connection. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1536568 Title: please merge openvpn from debian To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1536568/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1536568] Re: please merge openvpn from debian
Somehow, this problem was caused by my override.conf file: [Service] # change status update interval from 10 to 600 seconds ExecStart= ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 600 --cd /etc/openvpn --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid Recreating /etc/systemd/system/openvpn@.service.d/override.conf with the same content made it work again. Very weird. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1536568 Title: please merge openvpn from debian To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1536568/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1451091] Re: new upstream version 5.2.2
*** This bug is a duplicate of bug 1535951 *** https://bugs.launchpad.net/bugs/1535951 Marking this bug as a duplicate of LP: #1535951 since Strongswan 5.3.5 should land in Xenial thus addressing the issues mentioned here. ** This bug has been marked a duplicate of bug 1535951 Please merge strongswan 5.3.5-1 (main) from Debian unstable (main) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1451091 Title: new upstream version 5.2.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1451091/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1357098] Re: StrongSwan incorrectly generating esp packets
@Joe, as mentioned by Robie, the ESP packets are generated by your kernel using the key information provided and negociated by Strongswan. There can be many reasons for the remote node to not reply to your ESP packets. Most of the time, IPsec issues boil down to configuration/setup problems. Assuming you are still affected by this problem, could you better describe your setup by including the IP addresses involved as well as the configuration files from both sides? If you obfuscate the IPs, please keep the first digits intact to ease debugging. Please also include "iptables -nvL" from both sides as this could well be a firewall issue. ** Changed in: strongswan (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1357098 Title: StrongSwan incorrectly generating esp packets To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1357098/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 745958] Re: charon crashed with SIGABRT in start_thread()
Natty has long been out of support. Derek, are you still seeing this crash? ** Changed in: strongswan (Ubuntu) Status: Triaged => Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/745958 Title: charon crashed with SIGABRT in start_thread() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/745958/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1448870] Re: Certificate policies cause rejections
This is upstream bug https://wiki.strongswan.org/issues/453 which was fixed with the 5.2.2 release. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1448870 Title: Certificate policies cause rejections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1448870/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1531191] Re: qemu-kvm-init script called with undefined $KVM_HUGEPAGES
** Patch added: "qemu-kvm-init-fix-comparison.patch" https://bugs.launchpad.net/bugs/1531191/+attachment/4544985/+files/qemu-kvm-init-fix-comparison.patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1531191 Title: qemu-kvm-init script called with undefined $KVM_HUGEPAGES To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1531191/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1531191] Re: qemu-kvm-init script called with undefined $KVM_HUGEPAGES
On 2016-01-05 06:51 PM, Serge Hallyn wrote: > Thanks. I'm fixing this during the 2.5 qemu merge. I just saw your new update, thanks! The comparison operator needs to be changed for the fix to work (see patch). Lastly, the changelog mentions the default file should be installed but I don't see any. Regards, Simon -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1531191 Title: qemu-kvm-init script called with undefined $KVM_HUGEPAGES To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1531191/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1531564] [NEW] missing apparmor rule to read /sys/module/vhost/parameters/max_mem_regions
Public bug reported: With QEMU 2.5, I noticed this error when starting a VM: apparmor="DENIED" operation="open" profile="libvirt-a856b198-b559-44c2 -af9d-9a6205993213" name="/sys/module/vhost/parameters/max_mem_regions" pid=13646 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=114 ouid=0 ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: libvirt-bin 1.2.21-2ubuntu4 ProcVersionSignature: Ubuntu 4.3.0-5.16-generic 4.3.3 Uname: Linux 4.3.0-5-generic x86_64 ApportVersion: 2.19.3-0ubuntu2 Architecture: amd64 CurrentDesktop: Unity Date: Wed Jan 6 12:05:42 2016 KernLog: SourcePackage: libvirt UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/qemu.conf'] modified.conffile..etc.libvirt.qemu.networks.default.xml: [deleted] ** Affects: libvirt (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug xenial -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1531564 Title: missing apparmor rule to read /sys/module/vhost/parameters/max_mem_regions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1531564/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1531191] [NEW] qemu-kvm-init script called with undefined $KVM_HUGEPAGES
Public bug reported: $ grep qemu-kvm /var/log/syslog Jan 5 10:23:24 simon-laptop qemu-kvm[497]: * Configuring kvm qemu-kvm Jan 5 10:23:24 simon-laptop qemu-kvm[497]: /usr/share/qemu/init/qemu-kvm-init: 82: [: Illegal number: Jan 5 10:23:24 simon-laptop qemu-kvm[497]: ...done. Line 82 of /usr/share/qemu/init/qemu-kvm-init is: if [ "$KVM_HUGEPAGES" -eq "1" ]; then This script sources /etc/default/qemu-kvm which is where the huge page variable was set in prior releases. With Xenial, the default file is not shipped by any package. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: qemu-system-common 1:2.4+dfsg-5ubuntu3 ProcVersionSignature: Ubuntu 4.3.0-5.16-generic 4.3.3 Uname: Linux 4.3.0-5-generic x86_64 ApportVersion: 2.19.3-0ubuntu2 Architecture: amd64 CurrentDesktop: Unity CurrentDmesg: Error: command ['dmesg'] failed with exit code 1: dmesg: read kernel buffer failed: Operation not permitted Date: Tue Jan 5 10:34:58 2016 KvmCmdLine: COMMAND STAT EUID RUID PID PPID %CPU COMMAND kvm-irqfd-clean S< 0 0 641 2 0.0 [kvm-irqfd-clean] MachineType: LENOVO 2516CTO ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.3.0-5-generic root=/dev/mapper/crypt-xroot ro quiet splash cryptopts=target=crypt,source=/dev/sda1,lvm=crypt-xroot possible_cpus=4 nmi_watchdog=0 vt.handoff=7 SourcePackage: qemu UdevLog: Error: [Errno 2] No such file or directory: '/var/log/udev' UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 02/14/2013 dmi.bios.vendor: LENOVO dmi.bios.version: 6IET85WW (1.45 ) dmi.board.name: 2516CTO dmi.board.vendor: LENOVO dmi.board.version: Not Available dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: Not Available dmi.modalias: dmi:bvnLENOVO:bvr6IET85WW(1.45):bd02/14/2013:svnLENOVO:pn2516CTO:pvrThinkPadT410:rvnLENOVO:rn2516CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable: dmi.product.name: 2516CTO dmi.product.version: ThinkPad T410 dmi.sys.vendor: LENOVO ** Affects: qemu (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug xenial -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1531191 Title: qemu-kvm-init script called with undefined $KVM_HUGEPAGES To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1531191/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1530674] Re: Trouble unlocking a password-locked private key
It turned out that I was missing "askpass" in my VPN config. This was not required before but now is. With this new option in place, things work well and the password prompt is broadcast to all the consoles thanks to systemd-ask-password-wall. Since I don't wanted the "wall" like behaviour, I changed it to only the invoking console using those commands: systemctl disable systemd-ask-password-wall.service systemctl disable systemd-ask-password-wall.path systemctl stop systemd-ask-password-wall.service systemctl stop systemd-ask-password-wall.path systemctl enable systemd-ask-password-console.service systemctl start systemd-ask-password-console.service ** Changed in: openvpn (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1530674 Title: Trouble unlocking a password-locked private key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1530674/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1531184] [NEW] dnsmasq doesn't start on boot because its interface isn't up yet
Public bug reported: My dnsmasq instance uses "interface=br-vz0" and the interface br-vz0 is managed manually in /etc/network/interfaces. During boot, dnsmasq is started before br-vz0 is created and this causes dnsmasq to exit: Jan 5 08:56:16 simon-laptop dnsmasq[1008]: dnsmasq: unknown interface br-vz0 Jan 5 08:56:16 simon-laptop dnsmasq[1008]: unknown interface br-vz0 Jan 5 08:56:16 simon-laptop dnsmasq[1008]: FAILED to start up Jan 5 08:56:17 simon-laptop NetworkManager[937]: NetworkManager (version 1.0.4) is starting... ... Jan 5 08:56:18 simon-laptop NetworkManager[937]: interface-parser: parsing file /etc/network/interfaces ... Jan 5 08:56:18 simon-laptop NetworkManager[937]: found bridge ports none for br-vz0 Jan 5 08:56:18 simon-laptop NetworkManager[937]: adding bridge port none to eni_ifaces Jan 5 08:56:18 simon-laptop NetworkManager[937]: management mode: unmanaged ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: dnsmasq 2.75-1 ProcVersionSignature: Ubuntu 4.3.0-5.16-generic 4.3.3 Uname: Linux 4.3.0-5-generic x86_64 ApportVersion: 2.19.3-0ubuntu2 Architecture: amd64 CurrentDesktop: Unity Date: Tue Jan 5 09:53:30 2016 PackageArchitecture: all SourcePackage: dnsmasq UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: dnsmasq (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug xenial -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1531184 Title: dnsmasq doesn't start on boot because its interface isn't up yet To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1531184/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1531184] Re: dnsmasq doesn't start on boot because its interface isn't up yet
Adding the following to the [Unit] section of dnsmasq.service fixes the problem: After=network-online.target Wants=network-online.target -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1531184 Title: dnsmasq doesn't start on boot because its interface isn't up yet To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1531184/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1418287] Re: Vivid Unbound package is old
If at all possible, aiming for 1.5.7 into Xenial would be very appreciated. This version comes with qname minimisation support which is a good thing for privacy and performance. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to unbound in Ubuntu. https://bugs.launchpad.net/bugs/1418287 Title: Vivid Unbound package is old To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1418287/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1530674] [NEW] Trouble unlocking a password-locked private key
Public bug reported: My VPN configuration references a RSA private key that is password locked. When I manually start the VPN connection, the systemd wrapper doesn't properly prompt for the password: $ sudo systemctl start openvpn@cameleon Broadcast message from root@simon-laptop (Sun 2016-01-03 11:58:00 EST): Password entry required for 'Enter Private Key Password:' (PID 26390). Please enter password with the systemd-tty-ask-password-agent tool! Then the command returns preventing from entering any password. However, on the second attempt *in the same terminal*, the prompt is working properly: $ sudo systemctl start openvpn@cameleon Enter Private Key Password: ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: openvpn 2.3.7-2ubuntu1 ProcVersionSignature: Ubuntu 4.3.0-5.16-generic 4.3.3 Uname: Linux 4.3.0-5-generic x86_64 ApportVersion: 2.19.3-0ubuntu2 Architecture: amd64 CurrentDesktop: Unity Date: Sun Jan 3 11:58:59 2016 SourcePackage: openvpn UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.default.openvpn: 2016-01-02T15:59:59.437928 ** Affects: openvpn (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug xenial ** Description changed: My VPN configuration references a RSA private key that is password locked. When I manually start the VPN connection, the systemd wrapper doesn't properly prompt for the password: - $ sudo systemctl start openvpn@cameleon.service + $ sudo systemctl start openvpn@cameleon - Broadcast message from root@simon-laptop (Sun 2016-01-03 11:58:00 EST): + Broadcast message from root@simon-laptop (Sun 2016-01-03 11:58:00 EST): - Password entry required for 'Enter Private Key Password:' (PID 26390). - Please enter password with the systemd-tty-ask-password-agent tool! + Password entry required for 'Enter Private Key Password:' (PID 26390). + Please enter password with the systemd-tty-ask-password-agent tool! + Then the command returns preventing from entering any password. However, + on the second attempt *in the same terminal*, the prompt is working + properly: - Entering anything here will appear in clear on the console and will NOT unlock the key. However, on the second attempt, the prompt is working properly: - - $ sudo systemctl start openvpn@cameleon.service + $ sudo systemctl start openvpn@cameleon Enter Private Key Password: ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: openvpn 2.3.7-2ubuntu1 ProcVersionSignature: Ubuntu 4.3.0-5.16-generic 4.3.3 Uname: Linux 4.3.0-5-generic x86_64 ApportVersion: 2.19.3-0ubuntu2 Architecture: amd64 CurrentDesktop: Unity Date: Sun Jan 3 11:58:59 2016 SourcePackage: openvpn UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.default.openvpn: 2016-01-02T15:59:59.437928 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1530674 Title: Trouble unlocking a password-locked private key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1530674/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1403730] Re: Add support for OpenVZ simfs
is the any update on this fix? i can monitor simfs in 12.04 perfectly fine, but not in 14.04 :( -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to net-snmp in Ubuntu. https://bugs.launchpad.net/bugs/1403730 Title: Add support for OpenVZ simfs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1403730/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1523970] Re: [needs-packaging] boto3 package
I was actually referring to boto version 3 in addition to Python version 3. Regardless, I have learned that it has recently been added to Debian unstable https://packages.debian.org/sid/main/python3-boto3 On Sunday, December 20, 2015, Hans Joachim Desserud < 1523...@bugs.launchpad.net> wrote: > Thanks for reporting. > > >From what I can see from the changelog [1], python3 support was added in > version 2.32.1-1.1 and python3-boto is available in Ubuntu 15.04 and > later releases [2]. > > Are you perhaps running an older Ubuntu release, like the 14.04 LTS? > When a bug has been fixed in the development (or a newer release) of > Ubuntu, the bug is usually considered fixed. In some cases, it is > relevant to get the fix into older, supported releases though. I am not > sure how much work adding python3-support would mean for older releases, > whether it is simply a matter of building the packages or if it would > require lots of changes. > > [1] > http://changelogs.ubuntu.com/changelogs/pool/main/p/python-boto/python-boto_2.34.0-2ubuntu1/changelog > [2] http://packages.ubuntu.com/vivid/python3-boto > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1523970 > > Title: > [needs-packaging] boto3 package > > Status in python-boto package in Ubuntu: > New > > Bug description: > URL: https://github.com/boto/boto3 > License: Apache > Notes: boto3 is now stable and the recommended boto major version. > > Would it be possible to have python-boto3 and python3-boto3 packages? > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/python-boto/+bug/1523970/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-boto in Ubuntu. https://bugs.launchpad.net/bugs/1523970 Title: [needs-packaging] boto3 package To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-boto/+bug/1523970/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1523970] Re: [needs-packaging] boto3 package
Sounds good to me. On Sun, Dec 20, 2015 at 7:05 AM Hans Joachim Desserud < 1523...@bugs.launchpad.net> wrote: > >I was actually referring to boto version 3 in addition to Python > version 3. > > Oh, I wasn't aware of that. > > >Regardless, I have learned that it has recently been added to Debian > unstable > > It has also been synced to Ubuntu Xenial, so it will be in the next > release. I believe this can be closed as Fix Released then, what do you > think? > > ** Also affects: python-boto3 (Ubuntu) >Importance: Undecided >Status: New > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1523970 > > Title: > [needs-packaging] boto3 package > > Status in python-boto package in Ubuntu: > New > Status in python-boto3 package in Ubuntu: > New > > Bug description: > URL: https://github.com/boto/boto3 > License: Apache > Notes: boto3 is now stable and the recommended boto major version. > > Would it be possible to have python-boto3 and python3-boto3 packages? > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/python-boto/+bug/1523970/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-boto in Ubuntu. https://bugs.launchpad.net/bugs/1523970 Title: [needs-packaging] boto3 package To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-boto/+bug/1523970/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1525457] [NEW] QEMU seccomp_sandbox prevents local SDL graphic from working
Public bug reported: Steps to reproduce: 1) Set "seccomp_sandbox = 1" in /etc/libvirt/qemu.conf 2) stop libvirt-bin; start libvirt-bin 3) Define a VM using SDL graphic. Example XML extract: 4) xhost +SI:localgroup:kvm 5) Start the VM Expected behavior: should display a usable SDL window Problematic behavior: displays an empty SDL window Workaround: don't use QEMU's seccomp_sandbox ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: libvirt-bin 1.2.2-0ubuntu13.1.15 ProcVersionSignature: Ubuntu 3.13.0-73.116-generic 3.13.11-ckt30 Uname: Linux 3.13.0-73-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.19 Architecture: amd64 CurrentDesktop: Unity Date: Fri Dec 11 20:39:00 2015 InstallationDate: Installed on 2014-01-26 (684 days ago) InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140124) KernLog: SourcePackage: libvirt UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/qemu.conf'] ** Affects: libvirt (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug package-from-proposed trusty -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1525457 Title: QEMU seccomp_sandbox prevents local SDL graphic from working To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1525457/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1523133] Re: strongswan vpn does not work
volker, it's in 4.3.0-4.13: http://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_4.3.0-4.13/changelog -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1523133 Title: strongswan vpn does not work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1523133/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1523970] [NEW] [needs-packaging] boto3 package
Public bug reported: URL: https://github.com/boto/boto3 License: Apache Notes: boto3 is now stable and the recommended boto major version. Would it be possible to have python-boto3 and python3-boto3 packages? ** Affects: python-boto (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-boto in Ubuntu. https://bugs.launchpad.net/bugs/1523970 Title: [needs-packaging] boto3 package To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-boto/+bug/1523970/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1523133] Re: strongswan vpn does not work
The problem is with the kernel itself and a fix was committed upstream: https://www.spinics.net/lists/stable/msg110748.html ** Changed in: strongswan (Ubuntu) Status: New => Invalid ** Also affects: linux (Ubuntu) Importance: Undecided Status: New ** Changed in: linux (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1523133 Title: strongswan vpn does not work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1523133/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1273462] Re: Users can mistakenly run init.d scripts and cause problems if an equivalent upstart job already exists
Marking as verified on Trusty since I was able to do more testing. ** Tags added: verification-done-trusty -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1273462 Title: Users can mistakenly run init.d scripts and cause problems if an equivalent upstart job already exists To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lsb/+bug/1273462/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
I've been using the -proposed package on 15 Trusty machines since it was published. Again, I never was able to reproduce the original problem but I saw no regression either. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1404396] Re: [regression] vgabios -> seabios breaks (my) 16-bit applications
Hi Richard, were you able to test the proposed package? Thanks -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to seabios in Ubuntu. https://bugs.launchpad.net/bugs/1404396 Title: [regression] vgabios -> seabios breaks (my) 16-bit applications To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/seabios/+bug/1404396/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Eric, I've been running the proposed version on many systems and haven't found any regression. Do you think this would be ready to move on to -updates now? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1273462] Re: Users can mistakenly run init.d scripts and cause problems if an equivalent upstart job already exists
I couldn't find any regression in my testing but since it wasn't that extensive, I'm not marking it a verified just yet. I really like the behavior improvement. Now, a regular user has a convenient way to check service statuses: /etc/init.d/acpid status Instead of the obtuse old way: env -u UPSTART_SESSION status acpid Note: "service acpid status" still operates on the session upstart. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1273462 Title: Users can mistakenly run init.d scripts and cause problems if an equivalent upstart job already exists To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lsb/+bug/1273462/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
Sorry folks, but as part of the bug clean up ahead of 16.04 LTS I'm marking this as invalid because it affects an Ubuntu release which is now unsupported. If you can still recreate this bug in a supported release please do open a new bug and we can triage it for consideration in the 16.04 LTS development cycle. ** Changed in: openssh (Ubuntu) Status: Triaged => Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1501189] Re: DNS breaks when port=0 is used in dnsmasq.conf
*** This bug is a duplicate of bug 1042275 *** https://bugs.launchpad.net/bugs/1042275 On 06/10/15 11:08, Alkis Georgopoulos wrote: > Hi Robie, > > while this also happens in Debian, the use case is more common in Ubuntu, > because NetworkManager is patched to use a spawned dnsmasq instance as a > local resolver, and mixing the two DNS servers is problematic (neither > bind-dynamic nor bind-interfaces work very well). > In Debian they more frequently use the normal dnsmasq/DNS service as it was > designed, because NM doesn't spawn a local resolver there. > > For upstream report, Simon (the upstream dnsmasq developer and Debian > maintainer) already answered here, Simon would you like me to file a > debian bug as well? It's easy to work around this issue, so we can even > close it with won't fix if you prefer. > > Thank you. > No need to file a Debian bug, whatever fix goes in will go into upstream and Debian anyway. Cheers, Simon. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1501189 Title: DNS breaks when port=0 is used in dnsmasq.conf To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1501189/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1501189] [NEW] Don't put 127.0.0.1 in resolvconf when port=0
I'm sympathetic to aim, but this solution is rather fragile, there are plenty of ways to get dnsmasq to read configuration from places other than /etc/dnsmasq.conf and /etc/dnsmasq.d/*, for instance adding conf-file=/path/to/more/configuration to the existing config files. It's also possible to override things in /etc/default/dnsmasq. A better solution might be to extend the IGNORE_RESOLVCONF setting in /etc/default/dnsmasq so that it inhibits adding 127.0.0.1 to resolvconf, as well as stopping dnsmasq from using the resolvconf output as upstream. Simon. On 30/09/15 07:38, Alkis Georgopoulos wrote: > Public bug reported: > > The following function is defined in /etc/init.d/dnsmasq: > > start_resolvconf() > { > # If interface "lo" is explicitly disabled in /etc/default/dnsmasq > # Then dnsmasq won't be providing local DNS, so don't add it to > # the resolvconf server set. > for interface in $DNSMASQ_EXCEPT > do > [ $interface = lo ] && return > done > > if [ -x /sbin/resolvconf ] ; then > echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.$NAME > fi > return 0 > } > > When someone puts port=0 in dnsmasq.conf, because e.g. he wants to use it > only as a (proxy)DHCP/TFTP server, > 127.0.0.1 is added to resolvconf, and DNS is broken because nothing listens > there. > > One workaround is to put DNSMASQ_EXCEPT=lo in /etc/default/dnsmasq. > But that doesn't make much sense, we don't want to exclude some interface, > we're not running a DNS server at all. > > So it would be nice if dnsmasq checked if port=0 is defined in its > configuration, and didn't add 127.0.0.1 to resolvconf then. > > Sample implementation code, to be inserted before `if [ -x /sbin/resolvconf > ]`: > grep -qr port=0 /etc/dnsmasq.d/ /etc/dnsmasq.conf && return > > ** Affects: dnsmasq (Ubuntu) > Importance: Undecided > Status: New > > > ** Tags: patch > -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1501189 Title: Don't put 127.0.0.1 in resolvconf when port=0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1501189/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1502226] [NEW] error message "dnsmasq: failed to create listening socket for 0.0.0.0: Address already in use" doesn't explain which port number it refers to
What configuration was in use to get that exact error message. If dnsmasq is binding the wildcard address (0.0.0.0), I'd expect to see a message like dnsmasq: failed to create listening socket for port 53 Whilst if dnsmasq is configured to bind the hosts addresses, I'd expect to see something like dnsmasq: failed to create listening socket for 192.168.151.1 So I'm confused how you're getting the message with an IP address, but for the 0.0.0.0 wildcard address. Cheers, Simon On 02/10/15 17:24, Karl-Philipp Richter wrote: > Public bug reported: > > The error message "dnsmasq: failed to create listening socket for > 0.0.0.0: Address already in use" doesn't explain which port number it > refers to. In case it's an OS message it needs to be catched and > enhanced with necessary information (in order to get any use of the > message). > > ProblemType: Bug > DistroRelease: Ubuntu 15.04 > Package: dnsmasq 2.72-3ubuntu0.1 > ProcVersionSignature: Ubuntu 3.19.0-30.33-generic 3.19.8-ckt6 > Uname: Linux 3.19.0-30-generic x86_64 > NonfreeKernelModules: zfs zunicode zcommon znvpair zavl fglrx > ApportVersion: 2.17.2-0ubuntu1.5 > Architecture: amd64 > Date: Fri Oct 2 18:22:22 2015 > InstallationDate: Installed on 2015-04-20 (165 days ago) > InstallationMedia: Ubuntu-Server 14.10 "Utopic Unicorn" - Release amd64 > (20141022.2)a > PackageArchitecture: all > ProcEnviron: > TERM=screen > PATH=(custom, no user)dig @172.17.42.1 > d8607ce495db.node.aws-us-east-1.consul > XDG_RUNTIME_DIR= > LANG=de_DE.UTF-8 > SHELL=/bin/bash > SourcePackage: dnsmasq > UpgradeStatus: Upgraded to vivid on 2015-04-24 (160 days ago) > mtime.conffile..etc.dnsmasq.conf: 2015-06-13T18:46:46.597888 > > ** Affects: dnsmasq (Ubuntu)dig @172.17.42.1 > d8607ce495db.node.aws-us-east-1.consul > Importance: Undecided > Status: New > > > ** Tags: amd64 apport-bug vivid > > ** Description changed: > > - error message "dnsmasq: failed to create listening socket for 0.0.0.0: > - Address already in use" doesn't explain which port number it refers to > + The error message "dnsmasq: failed to create listening socket for > + 0.0.0.0: Address already in use" doesn't explain which port number it > + refers to. In case it's an OS message it needs to be catched and > + enhanced with necessary information (in order to get any use of the > + message). > > ProblemType: Bug > DistroRelease: Ubuntu 15.04 > Package: dnsmasq 2.72-3ubuntu0.1 > ProcVersionSignature: Ubuntu 3.19.0-30.33-generic 3.19.8-ckt6 > Uname: Linux 3.19.0-30-generic x86_64 > NonfreeKernelModules: zfs zunicode zcommon znvpair zavl fglrx > ApportVersion: 2.17.2-0ubuntu1.5 > Architecture: amd64 > Date: Fri Oct 2 18:22:22 2015 > InstallationDate: Installed on 2015-04-20 (165 days ago) > InstallationMedia: Ubuntu-Server 14.10 "Utopic Unicorn" - Release amd64 > (20141022.2) > PackageArchitecture: all > ProcEnviron: > - TERM=screendig @172.17.42.1 > d8607ce495db.node.aws-us-east-1.consul > - PATH=(custom, no user) > - XDG_RUNTIME_DIR= > - LANG=de_DE.UTF-8 > - SHELL=/bin/bash > + TERM=screen > + PATH=(custom, no user) > + XDG_RUNTIME_DIR= > + LANG=de_DE.UTF-8 > + SHELL=/bin/bash > SourcePackage: dnsmasq > UpgradeStatus: Upgraded to vivid on 2015-04-24 (160 days ago) > mtime.conffile..etc.dnsmasq.conf: 2015-06-13T18:46:46.597888 > -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1502226 Title: error message "dnsmasq: failed to create listening socket for 0.0.0.0: Address already in use" doesn't explain which port number it refers to To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1502226/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1501966] [NEW] support changing Apparmor hats
Public bug reported: Some older versions of OpenSSH had a patch allowing the daemon to change Apparmor hats to apply different containment profiles to different code paths (AUTHENTICATED, EXEC, PRIVSEP, etc). This feature would need to be ported to recent OpenSSH versions and sent upstream for inclusion in the portable branch. ** Affects: openssh (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1501966 Title: support changing Apparmor hats To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1501966/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1485380] Re: package mysql-server-5.6 5.6.25-0ubuntu0.15.04.1 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurück
Affects me too after upgrading to 15.04. When installing the packages, apt-get dist-upgrade terminated with an error processing mysql-server. I repeatead dist-upgrade, it installed mysql-server and another sql-related package I don't remember flawlessly. The 'report this' window popped up when logging in at the first reboot after that install of the mysql-server 5.6.25-0ubuntu0.15.04.1. I have no idea what exactly went wrong and afaik did not use or change mysql at all. ** Attachment added: "mysql-server-5.6.0.crash" https://bugs.launchpad.net/ubuntu/+source/mysql-5.6/+bug/1485380/+attachment/4472084/+files/mysql-server-5.6.0.crash -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1485380 Title: package mysql-server-5.6 5.6.25-0ubuntu0.15.04.1 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurück To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.6/+bug/1485380/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Err, I meant I couldn't reproduce the issue with and without the patch. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
I tried to reproduce the problem by lowering {r,w}mem_max on Precise and Trusty's *unpatched* version to no avail. On the up side, I couldn't find any regression with the update version. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Eric, I don't know if that's a good test case but on my patched Trusty box: root@xeon:~# uname -a Linux xeon 3.13.0-63-generic #103-Ubuntu SMP Fri Aug 14 21:42:59 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux root@xeon:~# sysctl net.core.wmem_max=4650 net.core.wmem_max = 4700 root@xeon:~# sysctl net.core.rmem_max=2400 net.core.rmem_max = 2400 root@xeon:~# (ip -4 ro ; ip -6 ro) | wc -l 43 root@xeon:~# (ip -4 a; ip -6 a) | grep -c inet 34 root@xeon:~# ip link | grep -c link 23 root@xeon:~# dpkg -l | awk '{if ($2 == "ntp") print $3}' 1:4.2.6.p5+dfsg-3ubuntu2.14.04.4 root@xeon:~# /etc/init.d/ntp restart root@xeon:~# netstat -puant | grep -c ntpd 36 Then syslog shows nothing abnormal. It says "Listen normally on {2..35}". FYI, many of those interfaces a vnetX interfaces belonging to VMs so I don't know if they really count. Trying to lower {r,w}mem_max even more result in "Invalid argument". Please let me know if I'm doing something wrong. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1467716] Re: "gem install" fetches packages from unencrypted HTTP URL
Indeed, the gemrc way is much cleaner. Thanks -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ruby1.9.1 in Ubuntu. https://bugs.launchpad.net/bugs/1467716 Title: "gem install" fetches packages from unencrypted HTTP URL To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby1.9.1/+bug/1467716/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1321425] Re: irqbalance spams syslog about affinity_hint subset empty
The version in trusty-proposed works fine, thanks a lot! ** Tags removed: verification-needed ** Tags added: verification-done ** Tags removed: verification-done ** Tags added: verification-done-trusty -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1321425 Title: irqbalance spams syslog about affinity_hint subset empty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1321425/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1385851] Re: OpenVPN only supports TLS v1.0
OpenVPN 2.3.7 made it into Wily ** Changed in: openvpn (Ubuntu) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1385851 Title: OpenVPN only supports TLS v1.0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1385851/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1315426] Re: nginx not built as Position Independent; does not use BIND_NOW
Thomas, would you consider a SRU to Trusty now? If yes, I could work on providing a debdiff if you'd like. Thanks in advance -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1315426 Title: nginx not built as Position Independent; does not use BIND_NOW To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1315426/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1375275] Re: drbd-utils has replaced drbd8-utils
With new kernels coming to Trusty with new point releases, the drbd- utils (8.9.X) should be SRU'ed to Trusty, IMHO. Thanks in advance -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to drbd8 in Ubuntu. https://bugs.launchpad.net/bugs/1375275 Title: drbd-utils has replaced drbd8-utils To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/drbd8/+bug/1375275/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1484682] Re: memory leak in xl
Piotr, Xen 4.4.2 made it into trusty-proposed (https://bugs.launchpad.net/bugs/147) so maybe you'd like to give it a try? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to xen in Ubuntu. https://bugs.launchpad.net/bugs/1484682 Title: memory leak in xl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1484682/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1279825] Re: CVE-2013-7106
** Also affects: nagios3 (Ubuntu) Importance: Undecided Status: New ** No longer affects: nagios3 (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nagios3 in Ubuntu. https://bugs.launchpad.net/bugs/1279825 Title: CVE-2013-7106 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/icinga/+bug/1279825/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1279826] Re: CVE-2013-7108
Seems like there was some confusion here. CVE-2013-7106 affected Icinga only but CVE-2013-7108 affects both Icinga and Nagios3. CVE-2013-7108 is still unpatched for Nagios3 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-7106 ** Also affects: nagios3 (Ubuntu) Importance: Undecided Status: New ** Description changed: - Seems like the version shipped in Ubuntu Precise suffers from CVE-2013-7106 (buffer overflows) + Seems like the version shipped in Ubuntu Precise suffers from CVE-2013-7108 (buffer overflows) 1) Description: Ubuntu 12.04.4 LTS Release: 12.04 2) apt-cache policy icinga icinga: - Installed: 1.6.1-2 - Candidate: 1.6.1-2 - Version table: - *** 1.6.1-2 0 - 500 http://archive.ubuntu.com/ubuntu/ precise/universe amd64 Packages - 100 /var/lib/dpkg/status + Installed: 1.6.1-2 + Candidate: 1.6.1-2 + Version table: + *** 1.6.1-2 0 + 500 http://archive.ubuntu.com/ubuntu/ precise/universe amd64 Packages + 100 /var/lib/dpkg/status A lot of info plus patches exist here: https://dev.icinga.org/issues/5251 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nagios3 in Ubuntu. https://bugs.launchpad.net/bugs/1279826 Title: CVE-2013-7108 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/icinga/+bug/1279826/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1464770] Re: initscript doesn't preserve return code
Thomas, now that the fix made it to Wily, would there be any chance to get this to Trusty via an SRU? Thanks in advance ** Changed in: nginx (Ubuntu Wily) Status: Triaged = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1464770 Title: initscript doesn't preserve return code To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1464770/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1287222] Re: openssh-client 6.5 regression bug with certain servers
This was fixed upstream according to the changelog. http://www.openssh.com/txt/release-6.9: * ssh(1), sshd(8): cap DH-GEX group size at 4Kbits for Cisco implementations as some would fail when attempting to use group sizes 4K; bz#2209 HTH, Simon ** Bug watch added: OpenSSH Portable Bugzilla #2209 https://bugzilla.mindrot.org/show_bug.cgi?id=2209 ** Also affects: openssh via https://bugzilla.mindrot.org/show_bug.cgi?id=2209 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1287222 Title: openssh-client 6.5 regression bug with certain servers To manage notifications about this bug go to: https://bugs.launchpad.net/openssh/+bug/1287222/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1472510] Re: Unbound returns SERVFAIL for specific query on dual stacked machine
The Trusty proposed version (1.4.22-1ubuntu4.14.04.2) works well, thanks! ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1472510 Title: Unbound returns SERVFAIL for specific query on dual stacked machine To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1472510/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs