[Bug 1917292] Re: Lubuntu Hirsute daily install failed due to grub packaging errors
We just checked with cjwatson and vorlon, it looks like this might be a stuck sync and mirror process. They're killing that and manually syncing it now, so the mismatch might go away in the next ISO build. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1917292 Title: Lubuntu Hirsute daily install failed due to grub packaging errors To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/calamares/+bug/1917292/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1867198] Re: MIR: bin:libnginx-mod-http-geoip2 from src:nginx
Discussed via IRC, but libmaxminddb is a dependency that needs to be in Main if we're going to get this third-party module (shipped inside src:nginx) binary-included in Main. The module is still actively reviewed by the third party developer but has not had any code changes to the underlying C modules in 16 months. (https://github.com/leev/ngx_http_geoip2_module) which shows that it's still got attention from its developer. This MIR still needs to be done for us to enable the geoip2 support in nginx - so it still needs started for the nginx module. libmaxminddb was just the dependency since it needs the maxmind db libs for runtime. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1867198 Title: MIR: bin:libnginx-mod-http-geoip2 from src:nginx To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1867198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1917500] [NEW] pastebin.com as a fallback errors with HTTP 405s
Public bug reported: The pastebin.com fallback (in the event the distro can't be determined by `distro` module) does not function. While this does not block any functionality for distro-specific pastebins such as paste.u.c or Debian's paste, it DOES break pastebin.com functionality, making pastebin.com as the fallback no longer feasible as long as every POST triggers an HTTP 405 error. Verbose data from an example where I intentionally force it to use pastebin.com can be seen here: https://paste.ubuntu.com/p/YtDqgtHfNS/ (NOTE: Python version in this case is user-space Python 3.9.0 compiled myself using pyenv to handle multiple versions, however this is tested and confirmed on the system-shipped Python 3.8 series in Focal as well.) ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: pastebinit 1.5.1-1 ProcVersionSignature: Ubuntu 5.4.0-66.74-generic 5.4.86 Uname: Linux 5.4.0-66-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset nvidia ApportVersion: 2.20.11-0ubuntu27.16 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: ubuntu:GNOME Date: Tue Mar 2 12:09:50 2021 InstallationDate: Installed on 2018-11-21 (832 days ago) InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725) PackageArchitecture: all ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: pastebinit UpgradeStatus: Upgraded to focal on 2020-08-23 (190 days ago) ** Affects: pastebinit (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1917500 Title: pastebin.com as a fallback errors with HTTP 405s To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pastebinit/+bug/1917500/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1917292] Re: Lubuntu Hirsute daily install failed due to grub packaging errors
This issue was resolved by cjwatson and vorlon addressing the mismatching versions between what's in the repos and what was being put on the ISO (caused by a desync in the local ftp mirror the builder was using). This is not a Cala bug nor a Grub bug, this was an ISO builder issue. ** Changed in: calamares (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1917292 Title: Lubuntu Hirsute daily install failed due to grub packaging errors To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/calamares/+bug/1917292/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1929878] Re: package nginx 1.18.0-0ubuntu1.2 failed to install/upgrade: vereistenproblemen - blijft ongeconfigureerd
Your configuration is pointing to a nonexistent certificate somewhere in
the configuration.
This is the relevant section in your logs:
mei 27 10:26:01 Kernoitje2 nginx[12175]: nginx: [emerg] cannot load
certificate "/etc/ssl/meet.jit.si.crt": BIO_new_file() failed (SSL:
error:02001002:system library:fopen:No such file or
directory:fopen('/etc/ssl/meet.jit.si.crt','r') error:2006D080:BIO
routines:BIO_new_file:no such file)
Not a bug.
** Changed in: nginx (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1929878
Title:
package nginx 1.18.0-0ubuntu1.2 failed to install/upgrade:
vereistenproblemen - blijft ongeconfigureerd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1929878/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1929878] Re: package nginx 1.18.0-0ubuntu1.2 failed to install/upgrade: vereistenproblemen - blijft ongeconfigureerd
That is something you have to discuss with NGINX and their developers upstream. And is not something that we can do at the Ubuntu level. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1929878 Title: package nginx 1.18.0-0ubuntu1.2 failed to install/upgrade: vereistenproblemen - blijft ongeconfigureerd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1929878/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1928087] Re: Please remove src:jack-rack
** Changed in: jack-rack (Ubuntu) Assignee: Ubuntu Studio Development (ubuntustudio-dev) => (unassigned) ** Changed in: jack-rack (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928087 Title: Please remove src:jack-rack To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jack-rack/+bug/1928087/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1933886] Re: tor browser not launching in impish
ERR:NOREPRO Test environment: Ubuntu 21.10, fresh install. Wayland is the environment (because Wayland is default) ** Changed in: torbrowser-launcher (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1933886 Title: tor browser not launching in impish To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/torbrowser-launcher/+bug/1933886/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1933886] Re: tor browser not launching in impish
Okay, so, I did some heavy hardcore digging. The core execution string at the deepest level is something like this: `$HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en- US/Browser/firefox --class "Tor Browser" -profile $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en- US/Browser/TorBrowser'profile.default "http://cnn.com"` With this in mind, I tested this on Ubuntu 21.04 direct which has Wayland and it worked. However, the same Firefox executable failed on Lubuntu 21.04. I have crash data (attached). However, this is not an issue with torbrowser-launcher's package, because all it does is start and execute the `start-tor-browser` shell file that Tor Browser upstream has provided, which in turn executes its flavor of Firefox, and that flavor of Firefox crashes. This is not necessarily an issue in the *package* torbrowser-launcher but an upstream Tor Browser problem, so I'm going to leave this bug as Incomplete unless someone can prove it's an issue with the torbrowser- launcher package. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1933886 Title: tor browser not launching in impish To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/torbrowser-launcher/+bug/1933886/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1933886] Re: tor browser not launching in impish
More development chaos: I downloaded Tor Browser from upstream directly. This issue is not reproducible on Upstream Tor Browser, which doesn't use a launcher mechanism like torbrowser-launcher does. More digging for me, now... ** Changed in: torbrowser-launcher (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1933886 Title: tor browser not launching in impish To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/torbrowser-launcher/+bug/1933886/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1933886] Re: tor browser not launching in impish (flavors; l/x/kubuntu)
** Attachment added: "Crash stderr output." https://bugs.launchpad.net/ubuntu/+source/torbrowser-launcher/+bug/1933886/+attachment/5507948/+files/torbrowser-crash-error.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1933886 Title: tor browser not launching in impish (flavors; l/x/kubuntu) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/torbrowser-launcher/+bug/1933886/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1933886] Re: tor browser not launching in impish (flavors; l/x/kubuntu)
Did some more tracing. Narrowed this down to some kind of AppArmor issue in the Lubuntu environment possibly, but more importantly, this error shows up: " Gtk-WARNING **: 01:33:02.634: cannot open display: :0" This suggests that apparmor might be blocking things? ** Attachment added: "apparmor denies in logs" https://bugs.launchpad.net/ubuntu/+source/torbrowser-launcher/+bug/1933886/+attachment/5507949/+files/torbrowser-apparmor-restricted.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1933886 Title: tor browser not launching in impish (flavors; l/x/kubuntu) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/torbrowser-launcher/+bug/1933886/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1933886] Re: tor browser not launching in impish (flavors; l/x/kubuntu)
Core problem traced back to what LOOKS to be a regression in AppArmor owned by the Security team. For all intents and purposes, `/etc/apparmor.d/abstractions/X` should give read-write to the display sockets. HOWEVER, this has changed in AppArmor. Even if we include the abstractions if they exist to make sure things are read/write, it errors hard, lending itself to this AppArmor deny which causes the segfault once we handle the dbus whining with `#include ` in the apparmor rules for Tor Browser: Jun 29 14:31:10 lubuntu-impish-testing kernel: [ 5332.955288] audit: type=1400 audit(1624991470.229:1961): apparmor="DENIED" operation="connect" profile="torbrowser_firefox" name="/tmp/.X11-unix/X0" pid=5234 comm="MainThread" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0 This is a regression in AppArmor because in focal and such it was "rw" in the rules. This may be the display launch problem. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1933886 Title: tor browser not launching in impish (flavors; l/x/kubuntu) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/torbrowser-launcher/+bug/1933886/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1934005] [NEW] abstractions/X: Possible regression of X session functionality by removing 'w' from /tmp/.X11-unix/* line?
Public bug reported: In Focal, abstractions/X has the following section in it: # the unix socket to use to connect to the display /tmp/.X11-unix/* rw, unix (connect, receive, send) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*"), unix (connect, receive, send) type=stream peer=(addr="@/tmp/.ICE-unix/[0-9]*"), However, in Impish, this seems to have changed: # the unix socket to use to connect to the display /tmp/.X11-unix/* r, unix (connect, receive, send) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*"), unix (connect, receive, send) type=stream peer=(addr="@/tmp/.ICE-unix/[0-9]*"), This in turn breaks torbrowser-launcher's Firefox from launching, even if we include the X abstractions, because the display sockets in /tmp/.X11-unix/* (X0 for Display :0 for example) are not read/write. This looks like a MAJOR regression by removing the permissions. Or has Impish apparmor not been updated for any Ubuntu specific changes? ProblemType: Bug DistroRelease: Ubuntu 21.10 Package: apparmor 3.0.0-0ubuntu8 ProcVersionSignature: Ubuntu 5.11.0-20.21+21.10.1-generic 5.11.21 Uname: Linux 5.11.0-20-generic x86_64 ApportVersion: 2.20.11-0ubuntu67 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: LXQt Date: Tue Jun 29 14:39:00 2021 InstallationDate: Installed on 2021-06-29 (0 days ago) InstallationMedia: Lubuntu 21.10 "Impish Indri" - Alpha amd64 (20210628) ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-5.11.0-20-generic root=UUID=d042602b-0900-4b2e-acb1-f67436e9805f ro quiet splash vt.handoff=7 SourcePackage: apparmor UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: apparmor (Ubuntu) Importance: High Status: New ** Tags: amd64 apport-bug impish ** Summary changed: - abstractions/X: Possible regression by removing 'w' from /tmp/.X11-unix/* line + abstractions/X: Possible regression of X session functionality by removing 'w' from /tmp/.X11-unix/* line? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1934005 Title: abstractions/X: Possible regression of X session functionality by removing 'w' from /tmp/.X11-unix/* line? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1934005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1933886] Re: tor browser not launching in impish (flavors; l/x/kubuntu)
Related Security Team bug for the apparmor regression: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1934005 Related Upstream bug because there'll need to be some abstractions included in the apparmor rules: https://github.com/micahflee/torbrowser-launcher/issues/588 ** Bug watch added: github.com/micahflee/torbrowser-launcher/issues #588 https://github.com/micahflee/torbrowser-launcher/issues/588 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1933886 Title: tor browser not launching in impish (flavors; l/x/kubuntu) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/torbrowser-launcher/+bug/1933886/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1933886] Re: tor browser not launching in impish (flavors; l/x/kubuntu)
NOTE: The AppArmor profiles are **brand new** in Impish, and as such are incomplete. This plus the X abstractions regression explains why this is broken. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1933886 Title: tor browser not launching in impish (flavors; l/x/kubuntu) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/torbrowser-launcher/+bug/1933886/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1934005] Re: abstractions/X: Possible regression of X session functionality by removing 'w' from /tmp/.X11-unix/* line?
So, fixed upstream, but not present in Hirsute or Impish... guess its patching time. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1934005 Title: abstractions/X: Possible regression of X session functionality by removing 'w' from /tmp/.X11-unix/* line? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1934005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1934005] Re: abstractions/X: Possible regression of X session functionality by removing 'w' from /tmp/.X11-unix/* line?
** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Thomas Ward (teward) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1934005 Title: abstractions/X: Possible regression of X session functionality by removing 'w' from /tmp/.X11-unix/* line? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1934005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1932331] Re: ubuntu_qrt_apparmor: i18n test fails on arm64 Hirsute / Impish
** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => Thomas Ward (teward) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1932331 Title: ubuntu_qrt_apparmor: i18n test fails on arm64 Hirsute / Impish To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1932331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1932331] Re: ubuntu_qrt_apparmor: i18n test fails on arm64 Hirsute / Impish
Has the fidelity of the patch attached here been vetted by anyone? (Seth Arnold asked me to take a look @ this while I'm pushing hard for 1934005 to fix some major chaos so this gets in with that update / SRU) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1932331 Title: ubuntu_qrt_apparmor: i18n test fails on arm64 Hirsute / Impish To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1932331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1934005] Re: abstractions/X: Possible regression of X session functionality by removing 'w' from /tmp/.X11-unix/* line?
** Also affects: apparmor (Ubuntu Impish) Importance: High Assignee: Thomas Ward (teward) Status: New ** Also affects: apparmor (Ubuntu Hirsute) Importance: Undecided Status: New ** Changed in: apparmor (Ubuntu Hirsute) Importance: Undecided => High ** Changed in: apparmor (Ubuntu Hirsute) Assignee: (unassigned) => Thomas Ward (teward) ** Changed in: apparmor (Ubuntu Hirsute) Status: New => In Progress ** Changed in: apparmor (Ubuntu Impish) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1934005 Title: abstractions/X: Possible regression of X session functionality by removing 'w' from /tmp/.X11-unix/* line? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1934005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1934005] Re: abstractions/X: Possible regression of X session functionality by removing 'w' from /tmp/.X11-unix/* line?
SRU template applied because this'll need SRU'd as well, after this lands in Impish. ** Description changed: + [Impact] + Any application that requires access to X11 sockets for the Display may want to include abstractions/X in the AppArmor rules, which usually will include rules that we would want for access to the Display socket for X. + + However, an upstream regression was made by changes to the + abstractions/X to remove the 'w' and leave it read only. This doesn't + work - X11 needs readwrite on the sockets for it to properly interact + with X11. + + This is a fundamental regression that has been fixed upstream. + + + [Test Plan] + + Any application that needs X11 integration with apparmor rules should + `#include ` + + This is the problem with https://bugs.launchpad.net/ubuntu/+source + /torbrowser-launcher/+bug/1933886 - while the fix for that would be to + add `#include ` in the ruleset, it will not function + with the existing abstractions. This is our test case in Impish: + + - add `#include ` into `/etc/apparmor.d/torbrowser.Browser.firefox` and the apparmor rule. + - `sudo systemctl restart apparmor.service` + - Attempt to run torbrowser with torbrowser-launcher, which should now properly work with the revisions. Without, torbrowser-launcher 'starts' Tor Browser but then it just segfaults and stops running. + + We don't have a full test case for Hirsute at this time. + + + [Where problems could occur] + + Based on my understanding of X11 and the upstream AppArmor bugs on this + (refer to comments), there is no breakage introduced by this, in fact + the breakage was already introduced upstream, so this simply fixes and + removes the breakage when an apparmor rule includes these X abstractions + and need to write to the socket but can't. + + Therefore, I don't believe there are any 'problems' that can occur with + this change. + + + [Original Description] + In Focal, abstractions/X has the following section in it: - # the unix socket to use to connect to the display - /tmp/.X11-unix/* rw, - unix (connect, receive, send) -type=stream -peer=(addr="@/tmp/.X11-unix/X[0-9]*"), - unix (connect, receive, send) -type=stream -peer=(addr="@/tmp/.ICE-unix/[0-9]*"), - + # the unix socket to use to connect to the display + /tmp/.X11-unix/* rw, + unix (connect, receive, send) + type=stream + peer=(addr="@/tmp/.X11-unix/X[0-9]*"), + unix (connect, receive, send) + type=stream + peer=(addr="@/tmp/.ICE-unix/[0-9]*"), However, in Impish, this seems to have changed: - # the unix socket to use to connect to the display - /tmp/.X11-unix/* r, - unix (connect, receive, send) -type=stream -peer=(addr="@/tmp/.X11-unix/X[0-9]*"), - unix (connect, receive, send) -type=stream -peer=(addr="@/tmp/.ICE-unix/[0-9]*"), + # the unix socket to use to connect to the display + /tmp/.X11-unix/* r, + unix (connect, receive, send) + type=stream + peer=(addr="@/tmp/.X11-unix/X[0-9]*"), + unix (connect, receive, send) + type=stream + peer=(addr="@/tmp/.ICE-unix/[0-9]*"), This in turn breaks torbrowser-launcher's Firefox from launching, even if we include the X abstractions, because the display sockets in /tmp/.X11-unix/* (X0 for Display :0 for example) are not read/write. This looks like a MAJOR regression by removing the permissions. Or has Impish apparmor not been updated for any Ubuntu specific changes? ProblemType: Bug DistroRelease: Ubuntu 21.10 Package: apparmor 3.0.0-0ubuntu8 ProcVersionSignature: Ubuntu 5.11.0-20.21+21.10.1-generic 5.11.21 Uname: Linux 5.11.0-20-generic x86_64 ApportVersion: 2.20.11-0ubuntu67 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: LXQt Date: Tue Jun 29 14:39:00 2021 InstallationDate: Installed on 2021-06-29 (0 days ago) InstallationMedia: Lubuntu 21.10 "Impish Indri" - Alpha amd64 (20210628) ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-5.11.0-20-generic root=UUID=d042602b-0900-4b2e-acb1-f67436e9805f ro quiet splash vt.handoff=7 SourcePackage: apparmor UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1934005 Title: abstractions/X: Possible regression of X session functionality by removing 'w' from /tmp/.X11-unix/* line? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1934005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1932331] Re: ubuntu_qrt_apparmor: i18n test fails on arm64 Hirsute / Impish
Seth Arnold has affirmed the patch is going to fix things, so it's been reviewed by Seth. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1932331 Title: ubuntu_qrt_apparmor: i18n test fails on arm64 Hirsute / Impish To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1932331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1932331] Re: ubuntu_qrt_apparmor: i18n test fails on arm64 Hirsute / Impish
Thanks for the confirm, Steve. However, these may be 'upstream' but aren't yet in Ubuntu, so. The two issues on my radar are the one I discovered needs fixed for something to properly WORK for torbrowser- launcher, and the other is this one Seth poked at me to include on any SRU for HIrsute. (Or uploads for Impish, they're incoming) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1932331 Title: ubuntu_qrt_apparmor: i18n test fails on arm64 Hirsute / Impish To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1932331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1932331] Re: ubuntu_qrt_apparmor: i18n test fails on arm64 Hirsute / Impish
** Also affects: apparmor (Ubuntu Hirsute) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1932331 Title: ubuntu_qrt_apparmor: i18n test fails on arm64 Hirsute / Impish To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1932331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1932331] Re: ubuntu_qrt_apparmor: i18n test fails on arm64 Hirsute / Impish
** Changed in: apparmor (Ubuntu Hirsute) Status: New => In Progress ** Changed in: apparmor (Ubuntu Hirsute) Assignee: (unassigned) => Thomas Ward (teward) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1932331 Title: ubuntu_qrt_apparmor: i18n test fails on arm64 Hirsute / Impish To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1932331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1932331] Re: ubuntu_qrt_apparmor: i18n test fails on arm64 Hirsute / Impish
** Changed in: apparmor Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1932331 Title: ubuntu_qrt_apparmor: i18n test fails on arm64 Hirsute / Impish To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1932331/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1933886] Re: tor browser not launching in impish (flavors; l/x/kubuntu)
** Changed in: torbrowser-launcher (Ubuntu) Status: Confirmed => In Progress ** Changed in: torbrowser-launcher (Ubuntu) Importance: Undecided => Medium ** Changed in: torbrowser-launcher (Ubuntu) Assignee: (unassigned) => Thomas Ward (teward) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1933886 Title: tor browser not launching in impish (flavors; l/x/kubuntu) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/torbrowser-launcher/+bug/1933886/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1934005] Re: abstractions/X: Possible regression of X session functionality by removing 'w' from /tmp/.X11-unix/* line?
I did some testing with the adjusted X abstractions, and porting the torbrowser-launcher apparmor rules back as part of testing. With the X abstractions added, and the adjusted X abstractions working, all looks good there. The other component of the SRU is a tests fix, that will only show in the autopkgtests. ** Tags removed: verification-needed verification-needed-hirsute ** Tags added: verification-done verification-done-hirsute -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1934005 Title: abstractions/X: Possible regression of X session functionality by removing 'w' from /tmp/.X11-unix/* line? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1934005/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1893753] Re: libnginx-mod-http-lua 0.10.11 not compatible with NGINX 1.18/1.17
Viktor: No, not all buggy modules are going to get removed, especially if there's patches. However, to *fix* the issue with the Lua module, and because it has **future** requisite dependencies on OpenResty Core, the Lua module was removed. This also was not removed in *older* releases, it was only removed in Hirsute+. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1893753 Title: libnginx-mod-http-lua 0.10.11 not compatible with NGINX 1.18/1.17 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1893753/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1933378] Re: Unable to build from source mongodb-server-core - focal
Does mongodb still need the requests library, but in Python 3? If so the removal here without inclusion of the python3 requests library will break things. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1933378 Title: Unable to build from source mongodb-server-core - focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mongodb/+bug/1933378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1933378] Re: Unable to build from source mongodb-server-core - focal
Also verify whether Hirsute and later are also affected. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1933378 Title: Unable to build from source mongodb-server-core - focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mongodb/+bug/1933378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1933378] Re: Unable to build from source mongodb-server-core - focal
Confirmed, removed from Groovy onwards, see https://bugs.launchpad.net/ubuntu/+source/mongodb/+bug/1879494 Removing the hirsute+ tasks because of license incompatibility blocks. ** Changed in: mongodb (Ubuntu Groovy) Status: New => Won't Fix ** Changed in: mongodb (Ubuntu Hirsute) Status: New => Won't Fix ** Changed in: mongodb (Ubuntu Impish) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1933378 Title: Unable to build from source mongodb-server-core - focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mongodb/+bug/1933378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1933378] Re: Unable to build from source mongodb-server-core - focal
** Changed in: mongodb (Ubuntu Focal) Assignee: (unassigned) => Heather Lemon (hypothetical-lemon) ** Changed in: mongodb (Ubuntu Impish) Assignee: Heather Lemon (hypothetical-lemon) => (unassigned) ** Changed in: mongodb (Ubuntu Impish) Importance: High => Undecided ** Changed in: mongodb (Ubuntu Focal) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1933378 Title: Unable to build from source mongodb-server-core - focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mongodb/+bug/1933378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1934891] Re: squid: build failure for Impish RISC-V
I'll handle the updating and pushing to Impish later today after my errands, which will be when I'm in front of a computer. ** Changed in: squid (Ubuntu) Status: In Progress => Confirmed ** Changed in: squid (Ubuntu) Assignee: Heinrich Schuchardt (xypron) => (unassigned) ** Changed in: squid (Ubuntu) Assignee: (unassigned) => Thomas Ward (teward) ** Changed in: squid (Ubuntu) Status: Confirmed => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1934891 Title: squid: build failure for Impish RISC-V To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid/+bug/1934891/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1934891] Re: squid: build failure for Impish RISC-V
** Changed in: squid (Ubuntu) Status: Triaged => In Progress ** Changed in: squid (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1934891 Title: squid: build failure for Impish RISC-V To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid/+bug/1934891/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1934891] Re: squid: build failure for Impish RISC-V
Uploaded to impish-proposed. Should be building, and provided no autopkgtests fail it should migrate to impish repos on its own. ** Changed in: squid (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1934891 Title: squid: build failure for Impish RISC-V To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid/+bug/1934891/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1934891] Re: squid: build failure for Impish RISC-V
Unsubscribing sponsors as I've sponsored this. Server Team: do me a solid and keep an eye out for any autopkgtest failures in case I miss them - I have a lot of mail so sometimes I don't see the failure notices :P -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1934891 Title: squid: build failure for Impish RISC-V To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid/+bug/1934891/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1935673] Re: Certain Nginx requests cause a Bus error (18.04 only)
** Also affects: libmaxminddb (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: libmaxminddb (Ubuntu Bionic) Status: New => Incomplete ** Changed in: libmaxminddb (Ubuntu) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1935673 Title: Certain Nginx requests cause a Bus error (18.04 only) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmaxminddb/+bug/1935673/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1918137] Re: Ubuntu 21.04 Hirsute: i386 package cleaning process
This is not a bug in Ubuntu, in fact this should instead be submitted to the mirrors team as a ticket at r...@ubuntu.com and *not* via the Ubuntu bug system. Closing as "invalid" as it's not a bug in Ubuntu, rather a separate issue not related to a bug in Ubuntu. ** Changed in: ubuntu Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1918137 Title: Ubuntu 21.04 Hirsute: i386 package cleaning process To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/1918137/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1918137] Re: Ubuntu 21.04 Hirsute: i386 package cleaning process
** Changed in: ubuntu Status: Invalid => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1918137 Title: Ubuntu 21.04 Hirsute: i386 package cleaning process To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/1918137/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926311] [NEW] "TPM PCR0 differs from reconstruction" for device firmware errors - not fixed in all releases (1.3.11 in Focal for example)
Public bug reported: `fwupd` has an internal logging mechanism, and during firmware updates attempts to rebuild TPM PCRs based off event logs. Unfortunately, this has known bugs in versions before 1.3.12, 1.4.7, 1.5.0. Per their wiki on this (https://github.com/fwupd/fwupd/wiki/TPM-PCR0 -differs-from-reconstruction): Starting with fwupd 1.3.8, the daemon will attempt to reconstruct the TPM PCR0 value using the firmware's TPM event log. If the calculation leads to a different value than stored in the PCR it means one of four things: 1. An error in the firmware TPM event log. 2. An error in the fwupd reconstruction of the TPM PCR0 3. A hardware failure 4. Presence of malware on the system Upstream admits there are known bugs with the reconstruction: https://github.com/fwupd/fwupd/pull/2183 and https://github.com/fwupd/fwupd/pull/2394 Focal has 1.3.11. This does NOT include the fixes for the TPM PCR0 reconstruction, and is possibly giving false information for the TPM reconstruction. Getting 1.3.12 into Focal would be beneficial where possible as that would allow us to see whether we actually ARE having firmware updates / reconstruction issues with TPM. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: fwupd 1.3.11-1~focal1 ProcVersionSignature: Ubuntu 5.4.0-72.80-generic 5.4.101 Uname: Linux 5.4.0-72-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset nvidia ApportVersion: 2.20.11-0ubuntu27.16 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: ubuntu:GNOME Date: Tue Apr 27 11:22:12 2021 InstallationDate: Installed on 2018-11-21 (887 days ago) InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: fwupd UpgradeStatus: Upgraded to focal on 2020-08-23 (246 days ago) ** Affects: fwupd (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug focal third-party-packages -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926311 Title: "TPM PCR0 differs from reconstruction" for device firmware errors - not fixed in all releases (1.3.11 in Focal for example) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/1926311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926311] Re: "TPM PCR0 differs from reconstruction" for device firmware
** Attachment added: "Example logs with TPM PCR0 failures." https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/1926311/+attachment/5492799/+files/fwupd_logs_focal.log -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926311 Title: "TPM PCR0 differs from reconstruction" for device firmware errors - not fixed in all releases (1.3.11 in Focal for example) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/1926311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926311] Re: "TPM PCR0 differs from reconstruction" for device firmware
https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/1883568 is related, but 1.3.11 does NOT properly fix the TPM PCR0 calculation, per fwupd upstream. ** Summary changed: - "TPM PCR0 differs from reconstruction" for device firmware + "TPM PCR0 differs from reconstruction" for device firmware errors - not fixed in all releases (1.3.11 in Focal for example) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926311 Title: "TPM PCR0 differs from reconstruction" for device firmware errors - not fixed in all releases (1.3.11 in Focal for example) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/1926311/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1754431] Re: multiple urls not opening on commandline
In 0.3.2, we know that the torbrowser-launcher does not actually launch the URLs. When executed on the command line directly we see this on a Focal system: $ torbrowser-launcher https://cnn.com Tor Browser Launcher By Micah Lee, licensed under MIT version 0.3.2 https://github.com/micahflee/torbrowser-launcher Launching Tor Browser. Running /home/teward/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/start-tor-browser.desktop Launching './Browser/start-tor-browser --detach'... Based on this, you can see that it's loading *exactly* those commands, and not passing arguments. This makes me believe the Launcher is outdated in a way that it's not designed to pass URLs anymore. This is an upstream issue that needs raised at https://github.com/micahflee/torbrowser-launcher for fixing, ultimately. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754431 Title: multiple urls not opening on commandline To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/torbrowser-launcher/+bug/1754431/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1754431] Re: URLs not opening in Tor Browser when passed as command line arguments
** Summary changed: - multiple urls not opening on commandline + URLs not opening in Tor Browser when passed as command line arguments -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1754431 Title: URLs not opening in Tor Browser when passed as command line arguments To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/torbrowser-launcher/+bug/1754431/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1933886] Re: tor browser not launching in impish (flavors; l/x/kubuntu)
** Changed in: torbrowser-launcher (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1933886 Title: tor browser not launching in impish (flavors; l/x/kubuntu) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/torbrowser-launcher/+bug/1933886/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1893753] Re: libnginx-mod-http-lua 0.10.11 not compatible with NGINX 1.18/1.17
** Changed in: nginx (Ubuntu) Assignee: (unassigned) => Thomas Ward (teward) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1893753 Title: libnginx-mod-http-lua 0.10.11 not compatible with NGINX 1.18/1.17 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1893753/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1905613] Re: Please backport v4l2loopback 0.12.5-1 (universe) from hirsute
You need to verify the rdepends as well. This will not move until this gets the rdeps tested. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905613 Title: Please backport v4l2loopback 0.12.5-1 (universe) from hirsute To manage notifications about this bug go to: https://bugs.launchpad.net/focal-backports/+bug/1905613/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1905613] Re: Please backport v4l2loopback 0.12.5-1 (universe) from hirsute
I misread - Reverse-Suggests don't need tested, they're listed for completeness sake. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905613 Title: Please backport v4l2loopback 0.12.5-1 (universe) from hirsute To manage notifications about this bug go to: https://bugs.launchpad.net/focal-backports/+bug/1905613/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1779919] Re: package nginx-core 1.10.3-0ubuntu0.16.04.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
>From your logs, something else is already listening on Port 80. Find that process and shut it down, then attempt installation and configuration of NGINX again. ** Changed in: nginx (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1779919 Title: package nginx-core 1.10.3-0ubuntu0.16.04.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1779919/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1790149] Re: [FFe needed] Update NGINX in Cosmic to 1.15.3 for bugfixes
Upload in progress, it should land in the queue shortly. Thanks, Lukasz. ** Changed in: nginx (Ubuntu) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1790149 Title: [FFe needed] Update NGINX in Cosmic to 1.15.3 for bugfixes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1790149/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782226] Re: [SRU] Allow NGINX to install but not start during postinst if another process is bound to port 80
Tested and confirmed working in Bionic. ** Tags removed: verification-needed verification-needed-bionic ** Tags added: verification-done verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782226 Title: [SRU] Allow NGINX to install but not start during postinst if another process is bound to port 80 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1782226/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1797897] [NEW] Add --with-compat to NGINX packages
Public bug reported: Adding --with-compat would allow for those compiling dynamic modules separately to include them in the NGINX packages. This should be considered for Ubuntu and Debian as well. ** Affects: nginx Importance: Wishlist Assignee: Thomas Ward (teward) Status: In Progress ** Affects: nginx (Ubuntu) Importance: Wishlist Status: Triaged ** Changed in: nginx Status: Triaged => In Progress ** Also affects: nginx (Ubuntu) Importance: Undecided Status: New ** Changed in: nginx (Ubuntu) Status: New => Triaged ** Changed in: nginx (Ubuntu) Importance: Undecided => Wishlist ** Summary changed: - Add --with-compat to PPA packages + Add --with-compat to NGINX packages -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797897 Title: Add --with-compat to NGINX packages To manage notifications about this bug go to: https://bugs.launchpad.net/nginx/+bug/1797897/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1797897] Re: Add --with-compat to NGINX packages
Note that for Ubuntu, this will not be done for Cosmic - we are too late in the dev cycle to do this for Cosmic, so any changes to this which would add this to the Ubuntu packages will be for D-series (whatever it is named). This needs discussed first, however, before it gets included in the Ubuntu Repositories' versions of NGINX. The PPAs operate independently and will have the fix whenever the next 'upload' to the PPAs happens. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797897 Title: Add --with-compat to NGINX packages To manage notifications about this bug go to: https://bugs.launchpad.net/nginx/+bug/1797897/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1797897] Re: Add --with-compat to NGINX packages
I realized in IRC I failed to explain properly what happens here. Related: https://forum.nginx.org/read.php?29,270210,270213#msg-270213 and http://mailman.nginx.org/pipermail/nginx-devel/2018-May/09.html IN a nut-shell, what --with-compat does is allow people who build NGINX dynamic modules against NGINX in a separate compilation to take their compiled .so modules and include them in the NGINX versions on Ubuntu on their local machine. It would allow someone who, say, built modsecurity for NGINX dynamically and separately to `include` the configuration to enable the modsecurity module for NGINX without having to recompile and install manually alongside it the entire NGINX binary and all the other modules. >From a Security perspective, the only concern would be that third-party modules could be built dynamically then included and activated in individual users' NGINX builds on their own systems. As that happens separately from the NGINX package in Ubuntu, any issues stemming from such inclusions are "End User Problems" and not directly related to the NGINX packages in Ubuntu. This has some considerations before it gets inserted, as to whether we want users to be able to dynamically compile and include extra modules outside of the binaries we ship already. However, this bug and the request was prompted thanks to an uptick in requests (10 over 2 days from 10 separate individuals) in my email to enable this functionality both for the PPAs and for Ubuntu. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797897 Title: Add --with-compat to NGINX packages To manage notifications about this bug go to: https://bugs.launchpad.net/nginx/+bug/1797897/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1797897] Re: Add --with-compat to NGINX packages
We are too close to Cosmic release to get this into Cosmic (Won't Fix'd
for Cosmic). This will be included in the D-series cycle for Ubuntu.
** Changed in: nginx (Ubuntu)
Assignee: (unassigned) => Thomas Ward (teward)
** Also affects: nginx (Ubuntu Dd-series)
Importance: Undecided
Status: New
** Also affects: nginx (Ubuntu Cosmic)
Importance: Wishlist
Assignee: Thomas Ward (teward)
Status: Triaged
** Changed in: nginx (Ubuntu Dd-series)
Status: New => Won't Fix
** Changed in: nginx (Ubuntu Dd-series)
Status: Won't Fix => Triaged
** Changed in: nginx (Ubuntu Dd-series)
Importance: Undecided => Wishlist
** Changed in: nginx (Ubuntu Cosmic)
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1797897
Title:
Add --with-compat to NGINX packages
To manage notifications about this bug go to:
https://bugs.launchpad.net/nginx/+bug/1797897/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1797897] Re: Add --with-compat to NGINX packages
Mainline PPA packages are building with --with-compat in the staging PPA, if all goes well I'll copy it over to the actual Mainline PPA. Stable PPA is in progress but more slowly due to other work requirements. ** Changed in: nginx (Ubuntu Dd-series) Assignee: (unassigned) => Thomas Ward (teward) ** Also affects: nginx/mainline Importance: Undecided Status: New ** Also affects: nginx/stable Importance: Undecided Status: New ** Changed in: nginx/mainline Status: New => Fix Committed ** Changed in: nginx/mainline Importance: Undecided => Wishlist ** Changed in: nginx/stable Importance: Undecided => Wishlist ** Changed in: nginx/mainline Assignee: (unassigned) => Thomas Ward (teward) ** Changed in: nginx/stable Assignee: (unassigned) => Thomas Ward (teward) ** Changed in: nginx/stable Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797897 Title: Add --with-compat to NGINX packages To manage notifications about this bug go to: https://bugs.launchpad.net/nginx/+bug/1797897/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1797897] Re: Add --with-compat to NGINX packages
Stable PPA packages are now building with --with-compat in the staging PPA, they'll be copied over if all goes well to the main Stable PPA as well. Ubuntu changes are on hold until D-series cycle opens. ** Changed in: nginx/stable Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797897 Title: Add --with-compat to NGINX packages To manage notifications about this bug go to: https://bugs.launchpad.net/nginx/+bug/1797897/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1797897] Re: Add --with-compat to NGINX packages
PPAs now have --with-compat enabled. Updated packages are copying in from the staging PPAs now. ** Changed in: nginx/mainline Status: Fix Committed => Fix Released ** Changed in: nginx/stable Status: Fix Committed => Fix Released ** Changed in: nginx Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797897 Title: Add --with-compat to NGINX packages To manage notifications about this bug go to: https://bugs.launchpad.net/nginx/+bug/1797897/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1797897] Re: Add --with-compat to NGINX packages
** Bug watch added: Debian Bug tracker #897926 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897926 ** Also affects: nginx (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897926 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797897 Title: Add --with-compat to NGINX packages To manage notifications about this bug go to: https://bugs.launchpad.net/nginx/+bug/1797897/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1800214] [NEW] Enable TLS 1.3 by default in NGINX configs for Cosmic
Public bug reported: [Reason for SRU] Ubuntu Cosmic 18.10 ships with OpenSSL 1.1.1, which has TLS 1.3 support. It was intended to enable TLS 1.3 in the default nginx.conf so that TLS v1.3 support would be "enabled by default" if you enabled SSL, however it did not get included due to my own schedule and issues. TLS 1.3 is the newest TLS protocol version and is available in OpenSSL 1.1.1. Behind the scenes, if TLS 1.3 support is available in OpenSSL, it's available to NGINX when compiled against that version of OpenSSL. Enabling this by default in the NGINX configuration file is trivial to do, simply add TLSv1.3 to the `ssl_protocols` list. Doing this in the default config is probably a good idea since we have TLS v1.3 support available. This would be specifically for Cosmic. [Regression Potential] OpenSSL 1.1.1 is the latest stable release of OpenSSL as of September. TLS 1.3 is the latest TLS protocol. The TLS 1.3 protocol is the latest and 'more robust' TLS protocol version and should be used where possible. Regression potential for the change to enable TLSv1.3 by default for NGINX in Cosmic would be minimal, as OpenSSL already has this protocol available. Should this cause any regressions, reverting is very simple as we just remove TLSv1.3 from the ssl_protocols line in the nginx.conf file. [Other Info] It was completely intended prior to Cosmic's release that I would enable TLSv1.3 as a 'default' supported TLS protocol in nginx.conf. Unfortunately, things got a little bit busy for me and that change was not included. It would be beneficial to include TLSv1.3 in NGINX default protocols due to the additional security advantages that come with TLSv1.3. ** Affects: nginx (Ubuntu) Importance: Wishlist Status: In Progress ** Tags: cosmic ** Description changed: [Reason for SRU] Ubuntu Cosmic 18.10 ships with OpenSSL 1.1.1, which has TLS 1.3 support. It was intended to enable TLS 1.3 in the default nginx.conf so that TLS v1.3 support would be "enabled by default" if you enabled SSL, however it did not get included due to my own schedule and issues. TLS 1.3 is the newest TLS protocol version and is available in OpenSSL 1.1.1. Behind the scenes, if TLS 1.3 support is available in OpenSSL, it's available to NGINX when compiled against that version of OpenSSL. Enabling this by default in the NGINX configuration file is trivial to do, simply add TLSv1.3 to the `ssl_protocols` list. Doing this in the default config is probably a good idea since we have TLS v1.3 support available. This would be specifically for Cosmic. - [Regression Potential] OpenSSL 1.1.1 is the latest stable release of OpenSSL as of September. TLS 1.3 is the latest TLS protocol. The TLS 1.3 protocol is the latest and 'more robust' TLS protocol version and should be used where possible. Regression potential for the change to enable TLSv1.3 by default for NGINX in Cosmic would be minimal, as OpenSSL already has this protocol available. Should this cause any regressions, reverting is very simple as we just remove TLSv1.3 from the ssl_protocols line in the nginx.conf file. - [Other Info] - It was completely intended prior to release that I would enable TLSv1.3 - as a 'default' supported TLS protocol in nginx.conf. Unfortunately, - things got a little bit busy for me and that change was not included. + It was completely intended prior to Cosmic's release that I would enable + TLSv1.3 as a 'default' supported TLS protocol in nginx.conf. + Unfortunately, things got a little bit busy for me and that change was + not included. It would be beneficial to include TLSv1.3 in NGINX default protocols due to the additional security advantages that come with TLSv1.3. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1800214 Title: Enable TLS 1.3 by default in NGINX configs for Cosmic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1800214/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1800214] Re: Enable TLS 1.3 by default in NGINX configs for Cosmic
** Changed in: nginx (Ubuntu) Status: New => Incomplete ** Changed in: nginx (Ubuntu) Status: Incomplete => In Progress ** Description changed: [Reason for SRU] Ubuntu Cosmic 18.10 ships with OpenSSL 1.1.1, which has TLS 1.3 support. It was intended to enable TLS 1.3 in the default nginx.conf so that TLS v1.3 support would be "enabled by default" if you enabled SSL, however it did not get included due to my own schedule and issues. TLS 1.3 is the newest TLS protocol version and is available in OpenSSL 1.1.1. Behind the scenes, if TLS 1.3 support is available in OpenSSL, it's available to NGINX when compiled against that version of OpenSSL. Enabling this by default in the NGINX configuration file is trivial to do, simply add TLSv1.3 to the `ssl_protocols` list. Doing this in the default config is probably a good idea since we have TLS v1.3 support available. This would be specifically for Cosmic. [Regression Potential] OpenSSL 1.1.1 is the latest stable release of OpenSSL as of September. TLS 1.3 is the latest TLS protocol. The TLS 1.3 protocol is the latest and 'more robust' TLS protocol version and should be used where possible. Regression potential for the change to enable TLSv1.3 by default for NGINX in Cosmic would be minimal, as OpenSSL already has this protocol available. Should this cause any regressions, reverting is very simple as we just remove TLSv1.3 from the ssl_protocols line in the nginx.conf file. + There is a regression risk for *browsers and clients* accessing things + running on NGINX - TLS 1.3 could have some rollout pains and some + browsers and endpoint clients might barf as TLS 1.3 becomes a 'thing'. + However, this is more or less on those clients to be a failure case, and + if we get too many things breaking from this enabling TLS1.3 in addition + to TLS 1.2, 1.1, and 1.0, we can just revert this change with the simple + revision change indicated above (remove TLS1.3 from the ssl_protocols in + nginx.conf) + [Other Info] It was completely intended prior to Cosmic's release that I would enable TLSv1.3 as a 'default' supported TLS protocol in nginx.conf. Unfortunately, things got a little bit busy for me and that change was not included. It would be beneficial to include TLSv1.3 in NGINX default protocols due to the additional security advantages that come with TLSv1.3. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1800214 Title: Enable TLS 1.3 by default in NGINX configs for Cosmic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1800214/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1797897] Re: Add --with-compat to NGINX packages
** Changed in: nginx (Ubuntu Disco) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797897 Title: Add --with-compat to NGINX packages To manage notifications about this bug go to: https://bugs.launchpad.net/nginx/+bug/1797897/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1795690] [NEW] Update NGINX in Cosmic go 1.15.5 for segfault bugfixes
Public bug reported: NGINX has released 1.15.5 which contains bugfixes for a segmentation fault: Changes with nginx 1.15.502 Oct 2018 *) Bugfix: a segmentation fault might occur in a worker process when using OpenSSL 1.1.0h or newer; the bug had appeared in 1.15.4. *) Bugfix: of minor potential bugs. This should be included in Ubuntu as the flaw was introduced in 1.15.4, which is already in the repositories. As this is upstream-originating fixes, regression risk is low. As there are no feature changes, this is a bugfix-only upload and should be OK under the current freeze of the archives. ** Affects: nginx (Ubuntu) Importance: Medium Assignee: Thomas Ward (teward) Status: In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1795690 Title: Update NGINX in Cosmic go 1.15.5 for segfault bugfixes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1795690/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1795690] Re: Update NGINX in Cosmic go 1.15.5 for segfault bugfixes
Build tests are underway in https://launchpad.net/~teward/+archive/ubuntu/cosmic- buildtests/+packages -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1795690 Title: Update NGINX in Cosmic go 1.15.5 for segfault bugfixes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1795690/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1794325] Re: Errors were encountered while processing: nginx-core
As Steve Beattie indicated, something else is already listening on port 80, so NGINX can't bind to the port. This is not a package bug. Check to see if you have any other processes listening in Port 80 and disable them before attempting to start NGINX. ** Changed in: nginx (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1794325 Title: Errors were encountered while processing: nginx-core To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1794325/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1795690] Re: Update NGINX in Cosmic go 1.15.5 for segfault bugfixes
** Changed in: nginx (Ubuntu) Status: In Progress => Fix Committed ** Summary changed: - Update NGINX in Cosmic go 1.15.5 for segfault bugfixes + SSL worker process bugfixes in 1.15.5, please put into Cosmic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1795690 Title: SSL worker process bugfixes in 1.15.5, please put into Cosmic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1795690/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1803590] Re: package nginx-core 1.14.0-0ubuntu1.2 failed to install/upgrade: instalado nginx-core paquete post-installation guión el subproceso devolvió un error con estado de salida 1
Note also bug reports are not for support requests, please use another medium to get help with your issues. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1803590 Title: package nginx-core 1.14.0-0ubuntu1.2 failed to install/upgrade: instalado nginx-core paquete post-installation guión el subproceso devolvió un error con estado de salida 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1803590/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1794235] Re: pysimplesoap broken with python-httplib2 >= 0.10
Per the request of Logan Rosen on #ubuntu-devel on IRC, I was able to follow the test case as written and confirmed the proposed SRU fix does in fact solve this issue. It was noted by Logan however on IRC that another issue had been identified while looking at the source code, but it is not an SRU regression. (Chances are the fix for that might get built on top of this one, since the verification has completed). ** Tags removed: cosmic verification-needed verification-needed-cosmic ** Tags added: verification-done verification-done-cosmic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1794235 Title: pysimplesoap broken with python-httplib2 >= 0.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pysimplesoap/+bug/1794235/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1800214] Re: Enable TLS 1.3 by default in NGINX configs for Cosmic
Confirmed in testing with a Cosmic container that this enables TLS 1.3 as well as 1.2, 1.1, and 1.0 in the default configuration change. TESTERS: (0) Start with the NGINX in main, not in proposed, for this test. (`sudo apt install nginx-core nginx`) (1) In /etc/nginx/sites-available/default, uncomment these lines: # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # include snippets/snakeoil.conf; (2) Install the `ssl-cert` package which creates local dummy certs that you can use for testing. (3) Once installed, restart the NGINX process `sudo systemctl restart nginx` (4) Using a browser with TLS 1.3 enabled and available (I used Chrome so I can see advanced data even on a 16.04 machine, and an OpenSSL binary as well), open the test nginx site in HTTPS mode. Accept any warnings about self-signed certificates, they're not relevant for this test, the protocols are. You will see the negotiated protocol being TLS 1.2/ (5) Run the apt-get commands to install from proposed. (`sudo apt install -t cosmic-proposed nginx-core nginx`). (6) Check your /etc/nginx/nginx.conf for the "ssl_protocols" line - it should look like this now: ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE (7) Refresh the connection in your browser (purge cache if necessary), and connect to the NGINX site again. TLS 1.3 should show as the negotiated protocol instead of TLS 1.2. This worked with a pure NGINX installation without any revisions to nginx.conf, including during the upgrade process. This should enable TLS 1.3 by default as a supported protocol for other users who are using NGINX in Cosmic Proposed. ***Please test if you can to confirm this works or doesn't work for you.*** If I don't hear back after a while, I'll mark this as verification-done myself. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1800214 Title: Enable TLS 1.3 by default in NGINX configs for Cosmic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1800214/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1801982] [NEW] Security Advisory - Nov. 6, 2018 - CVE-2018-16843, CVE-2018-16844
*** This bug is a security vulnerability *** Public security bug reported: The following was put out in a security advisory notice over nginx- announce's mailing list today: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html Hello! Two security issues were identified in nginx HTTP/2 implementation, which might cause excessive memory consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844). The issues affect nginx compiled with the ngx_http_v2_module (not compiled by default) if the "http2" option of the "listen" directive is used in a configuration file. The issues affect nginx 1.9.5 - 1.15.5. The issues are fixed in nginx 1.15.6, 1.14.1. Thanks to Gal Goldshtein from F5 Networks for initial report of the CPU usage issue. - Based on the version strings specified, the following Ubuntu versions of nginx are affected: * Xenial (1.9.15-0ubuntu1, 1.10.3-0ubuntu0.16.04.2) * Bionic (1.14.0-0ubuntu1, 1.14.0-0ubuntu1.1) * Cosmic (1.15.0-0ubuntu1, 1.15.0-0ubuntu2) * Disco (1.15.0-0ubuntu1, 1.15.0-0ubuntu3) ** Affects: nginx (Ubuntu) Importance: Undecided Status: Confirmed ** Affects: nginx (Ubuntu Xenial) Importance: Undecided Status: Confirmed ** Affects: nginx (Ubuntu Bionic) Importance: Undecided Status: Confirmed ** Affects: nginx (Ubuntu Cosmic) Importance: Undecided Status: Confirmed ** Affects: nginx (Ubuntu Disco) Importance: Undecided Status: Confirmed ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16843 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16844 ** Also affects: nginx (Ubuntu Disco) Importance: Undecided Status: Confirmed ** Also affects: nginx (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: nginx (Ubuntu Cosmic) Importance: Undecided Status: New ** Also affects: nginx (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: nginx (Ubuntu Bionic) Status: New => Confirmed ** Changed in: nginx (Ubuntu Cosmic) Status: New => Confirmed ** Changed in: nginx (Ubuntu Xenial) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1801982 Title: Security Advisory - Nov. 6, 2018 - CVE-2018-16843, CVE-2018-16844 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1801982/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1801983] [NEW] Security Advisory - Nov. 6, 2018 - CVE-2018-16845
*** This bug is a security vulnerability *** Public security bug reported: The following was put out in a security advisory notice over nginx- announce's mailing list today: http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html Hello! A security issue was identified in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file (CVE-2018-16845). The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the "mp4" directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. The issue affects nginx 1.1.3+, 1.0.7+. The issue is fixed in 1.15.6, 1.14.1. Patch for the issue can be found here: http://nginx.org/download/patch.2018.mp4.txt -- Based on the version strings specified, the following Ubuntu versions of nginx are affected: * Trusty (1.4.6-1ubuntu3, 1.4.6-1ubuntu3.8) * Xenial (1.9.15-0ubuntu1, 1.10.3-0ubuntu0.16.04.2) * Bionic (1.14.0-0ubuntu1, 1.14.0-0ubuntu1.1) * Cosmic (1.15.0-0ubuntu1, 1.15.0-0ubuntu2) * Disco (1.15.0-0ubuntu1, 1.15.0-0ubuntu3) ** Affects: nginx (Ubuntu) Importance: Medium Assignee: Thomas Ward (teward) Status: Confirmed ** Affects: nginx (Ubuntu Trusty) Importance: Medium Status: Confirmed ** Affects: nginx (Ubuntu Xenial) Importance: Medium Status: Confirmed ** Affects: nginx (Ubuntu Bionic) Importance: Medium Status: Confirmed ** Affects: nginx (Ubuntu Cosmic) Importance: Medium Status: Confirmed ** Affects: nginx (Ubuntu Disco) Importance: Medium Assignee: Thomas Ward (teward) Status: Confirmed ** Changed in: nginx (Ubuntu) Status: New => Confirmed ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16845 ** Also affects: nginx (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: nginx (Ubuntu Disco) Importance: Undecided Status: Confirmed ** Also affects: nginx (Ubuntu Cosmic) Importance: Undecided Status: New ** Also affects: nginx (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: nginx (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: nginx (Ubuntu Cosmic) Status: New => Confirmed ** Changed in: nginx (Ubuntu Bionic) Status: New => Confirmed ** Changed in: nginx (Ubuntu Xenial) Status: New => Confirmed ** Changed in: nginx (Ubuntu Trusty) Status: New => Confirmed ** Description changed: The following was put out in a security advisory notice over nginx- announce's mailing list today: + + http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html Hello! A security issue was identified in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file (CVE-2018-16845). The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the "mp4" directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. The issue affects nginx 1.1.3+, 1.0.7+. The issue is fixed in 1.15.6, 1.14.1. Patch for the issue can be found here: http://nginx.org/download/patch.2018.mp4.txt -- Based on the version strings specified, the following Ubuntu versions of nginx are affected: * Trusty (1.4.6-1ubuntu3, 1.4.6-1ubuntu3.8) * Xenial (1.9.15-0ubuntu1, 1.10.3-0ubuntu0.16.04.2) * Bionic (1.14.0-0ubuntu1, 1.14.0-0ubuntu1.1) * Cosmic (1.15.0-0ubuntu1, 1.15.0-0ubuntu2) * Disco (1.15.0-0ubuntu1, 1.15.0-0ubuntu3) ** Changed in: nginx (Ubuntu Trusty) Importance: Undecided => Medium ** Changed in: nginx (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: nginx (Ubuntu Bionic) Importance: Undecided => Medium ** Changed in: nginx (Ubuntu Disco) Importance: Undecided => Medium ** Changed in: nginx (Ubuntu Cosmic) Importance: Undecided => Medium ** Changed in: nginx (Ubuntu Disco) Assignee: (unassigned) => Thomas Ward (teward) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1801983 Title: Security Advisory - Nov. 6, 2018 - CVE-2018-16845 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1801983/+subscriptions -- ubuntu-bugs mailing lis
[Bug 1801982] Re: Security Advisory - Nov. 6, 2018 - CVE-2018-16843, CVE-2018-16844
** Description changed: The following was put out in a security advisory notice over nginx- announce's mailing list today: + + http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html Hello! Two security issues were identified in nginx HTTP/2 implementation, which might cause excessive memory consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844). The issues affect nginx compiled with the ngx_http_v2_module (not compiled by default) if the "http2" option of the "listen" directive is used in a configuration file. The issues affect nginx 1.9.5 - 1.15.5. The issues are fixed in nginx 1.15.6, 1.14.1. Thanks to Gal Goldshtein from F5 Networks for initial report of the CPU usage issue. - Based on the version strings specified, the following Ubuntu versions of nginx are affected: * Xenial (1.9.15-0ubuntu1, 1.10.3-0ubuntu0.16.04.2) * Bionic (1.14.0-0ubuntu1, 1.14.0-0ubuntu1.1) * Cosmic (1.15.0-0ubuntu1, 1.15.0-0ubuntu2) * Disco (1.15.0-0ubuntu1, 1.15.0-0ubuntu3) ** Changed in: nginx (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: nginx (Ubuntu Bionic) Importance: Undecided => Medium ** Changed in: nginx (Ubuntu Cosmic) Importance: Undecided => Medium ** Changed in: nginx (Ubuntu Disco) Importance: Undecided => Medium ** Changed in: nginx (Ubuntu Disco) Assignee: (unassigned) => Thomas Ward (teward) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1801982 Title: Security Advisory - Nov. 6, 2018 - CVE-2018-16843, CVE-2018-16844 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1801982/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1604434] Re: NGINX 1.10.x Fail to Build in OpenSSL 1.1.0, switch to Mainline for Yakkety and future non-LTS (until next LTS)
** Changed in: nginx (Ubuntu) Status: Triaged => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1604434 Title: NGINX 1.10.x Fail to Build in OpenSSL 1.1.0, switch to Mainline for Yakkety and future non-LTS (until next LTS) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1604434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1800214] Re: Enable TLS 1.3 by default in NGINX configs for Cosmic
Looks like Adam Conrad included the SRU within Disco's no change rebuild for perl, marking as Fix Committed for Disco as that hasn't landed out of proposed yet. ** Also affects: nginx (Ubuntu Disco) Importance: Wishlist Status: In Progress ** Changed in: nginx (Ubuntu Disco) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1800214 Title: Enable TLS 1.3 by default in NGINX configs for Cosmic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1800214/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1800214] Re: Enable TLS 1.3 by default in NGINX configs for Cosmic
Additional testing was completed by myself and I haven't seen any TLS related regressions (running this on two production sites currently for my business and my personal). I'm marking this as verification-done. ** Tags removed: verification-needed verification-needed-cosmic ** Tags added: verification-done verification-done-cosmic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1800214 Title: Enable TLS 1.3 by default in NGINX configs for Cosmic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1800214/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1801983] Re: Security Advisory - Nov. 6, 2018 - CVE-2018-16845
** Changed in: nginx (Ubuntu Trusty) Status: Confirmed => Fix Released ** Changed in: nginx (Ubuntu Xenial) Status: Confirmed => Fix Released ** Changed in: nginx (Ubuntu Bionic) Status: Confirmed => Fix Released ** Changed in: nginx (Ubuntu Cosmic) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1801983 Title: Security Advisory - Nov. 6, 2018 - CVE-2018-16845 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1801983/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1801982] Re: Security Advisory - Nov. 6, 2018 - CVE-2018-16843, CVE-2018-16844
** Changed in: nginx (Ubuntu Xenial) Status: Confirmed => Fix Released ** Changed in: nginx (Ubuntu Bionic) Status: Confirmed => Fix Released ** Changed in: nginx (Ubuntu Cosmic) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1801982 Title: Security Advisory - Nov. 6, 2018 - CVE-2018-16843, CVE-2018-16844 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1801982/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1800214] Re: Enable TLS 1.3 by default in NGINX configs for Cosmic
Released by the security team while handing USN-3812-1 and three CVEs into Cosmic. Marking "Fix Released" for Cosmic as this is now in the repositories. ** Changed in: nginx (Ubuntu Cosmic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1800214 Title: Enable TLS 1.3 by default in NGINX configs for Cosmic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1800214/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1802330] [NEW] "Not enough memory" error when trying to work with large images with partclone
Public bug reported: Partclone is capable of working with images that're fragmented into tiny bits, and then reconstructing them and cloning partitions. However, with extremely large disks, the version of partclone in Xenial has a major flaw: it wants you to have memory equal to the 'disk size'. This means that it can't work properly with creating a raw image file from fragmented disk bits. This is fixed in later releases, and Bionic and up have 0.3.11 which includes a large number of memory improvements which gets rid of these 'not enough memory' problems. This supposedly is also fixed in 0.2.89 per my looking online. Note that because of this bug, partclone in Xenial is unusable for restoring files or creating raw images from segmented images (such as that which Clonezilla takes) when trying to reconstruct the partition image. (Because of this, I am setting "Medium" as the bug importance). Bionic and later are not affected. ** Affects: partclone (Ubuntu) Importance: Medium Status: New ** Tags: xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1802330 Title: "Not enough memory" error when trying to work with large images with partclone To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/partclone/+bug/1802330/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1802330] Re: "Not enough memory" error when trying to work with large images with partclone
** Changed in: partclone (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: partclone (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1802330 Title: "Not enough memory" error when trying to work with large images with partclone To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/partclone/+bug/1802330/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1802330] Re: "Not enough memory" error when trying to work with large images with partclone
Correction, the backported version was using Disco as a base, however in this case the actual versions of partclone are still the same, the only difference is the version string (as the changes in Bionic, COsmic, and Disco are just no-change rebuilds as far as I can tell) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1802330 Title: "Not enough memory" error when trying to work with large images with partclone To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/partclone/+bug/1802330/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1802330] Re: "Not enough memory" error when trying to work with large images with partclone
Note that I was able to successfully backport the Bionic 0.3.11 version into Xenial with one change to the build dependencies (a very minor change) in a PPA, and this works without issues (and is not affected by this bug). The PPA is available at https://launchpad.net/~teward/+archive/ubuntu/partclone/+packages however it does not conform to Ubuntu changelog revision standards as this was a quick-and-dirty backport rather than one intended to fit within Ubuntu repository policy neatly. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1802330 Title: "Not enough memory" error when trying to work with large images with partclone To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/partclone/+bug/1802330/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1801982] Re: Security Advisory - Nov. 6, 2018 - CVE-2018-16843, CVE-2018-16844
** Changed in: nginx (Ubuntu Disco) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1801982 Title: Security Advisory - Nov. 6, 2018 - CVE-2018-16843, CVE-2018-16844 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1801982/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1801983] Re: Security Advisory - Nov. 6, 2018 - CVE-2018-16845
** Changed in: nginx (Ubuntu Disco) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1801983 Title: Security Advisory - Nov. 6, 2018 - CVE-2018-16845 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1801983/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1797897] Re: Add --with-compat to NGINX packages
A packaging change containing the --with-compat change has been committed to disco-proposed, along with security patch fixes via the newer nginx version for bugs #1801982 and #1801983. ** Changed in: nginx (Ubuntu Disco) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797897 Title: Add --with-compat to NGINX packages To manage notifications about this bug go to: https://bugs.launchpad.net/nginx/+bug/1797897/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1792544] Re: demotion of pcre3 in favor of pcre2
** Description changed: demotion of pcre3 in favor of pcre2. These packages need analysis what needs to be done for the demotion of pcre3: Packages which are ready to build with pcre2 should be marked as 'Triaged', packages which are not ready should be marked as 'Incomplete'. aide apache2 apr-util clamav exim4 freeradius git glib2.0 grep haproxy libpam-mount libselinux nginx nmap php7.2 postfix python-pyscss quagga rasqal slang2 sssd wget zsh + + -- + + For clarification: pcre2 is actually newer than pcre3. pcre3 is just + poorly named (according to jbicha). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1792544 Title: demotion of pcre3 in favor of pcre2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/aide/+bug/1792544/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1792544] Re: demotion of pcre3 in favor of pcre2
Nginx properly builds with pcre2 ** Changed in: nginx (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1792544 Title: demotion of pcre3 in favor of pcre2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/aide/+bug/1792544/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782226] Re: [SRU] Allow NGINX to install but not start during postinst if another process is bound to port 80
1.14.0-0ubuntu1.1. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782226 Title: [SRU] Allow NGINX to install but not start during postinst if another process is bound to port 80 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1782226/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1792544] Re: demotion of pcre3 in favor of pcre2
Nice find, I looked in trac but must have missed that... Sent from my Sprint Samsung Galaxy S9+. Original message From: Anders Kaseorg Date: 9/18/18 06:22 (GMT-05:00) To: tew...@thomas-ward.net Subject: [Bug 1792544] Re: demotion of pcre3 in favor of pcre2 Likewise, nginx does not support PCRE2: https://trac.nginx.org/nginx/ticket/720 ** Bug watch added: trac.nginx.org/nginx/ #720 http://trac.nginx.org/nginx/ticket/720 ** Changed in: nginx (Ubuntu) Status: Triaged => Incomplete -- You received this bug notification because you are subscribed to nginx in Ubuntu. Matching subscriptions: nginx https://bugs.launchpad.net/bugs/1792544 Title: demotion of pcre3 in favor of pcre2 Status in aide package in Ubuntu: Incomplete Status in apache2 package in Ubuntu: New Status in apr-util package in Ubuntu: New Status in clamav package in Ubuntu: Triaged Status in exim4 package in Ubuntu: Incomplete Status in freeradius package in Ubuntu: Incomplete Status in git package in Ubuntu: Triaged Status in glib2.0 package in Ubuntu: Incomplete Status in grep package in Ubuntu: Incomplete Status in haproxy package in Ubuntu: New Status in libpam-mount package in Ubuntu: Incomplete Status in libselinux package in Ubuntu: New Status in nginx package in Ubuntu: Incomplete Status in nmap package in Ubuntu: Incomplete Status in pcre3 package in Ubuntu: Confirmed Status in php7.2 package in Ubuntu: Triaged Status in postfix package in Ubuntu: Incomplete Status in python-pyscss package in Ubuntu: Incomplete Status in quagga package in Ubuntu: Incomplete Status in rasqal package in Ubuntu: Incomplete Status in slang2 package in Ubuntu: Incomplete Status in sssd package in Ubuntu: Incomplete Status in wget package in Ubuntu: Incomplete Status in zsh package in Ubuntu: Incomplete Bug description: demotion of pcre3 in favor of pcre2. These packages need analysis what needs to be done for the demotion of pcre3: Packages which are ready to build with pcre2 should be marked as 'Triaged', packages which are not ready should be marked as 'Incomplete'. aide apache2 apr-util clamav exim4 freeradius git glib2.0 grep haproxy libpam-mount libselinux nginx nmap php7.2 postfix python-pyscss quagga rasqal slang2 sssd wget zsh -- For clarification: pcre2 is actually newer than pcre3. pcre3 is just poorly named (according to jbicha). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/aide/+bug/1792544/+subscriptions -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1792544 Title: demotion of pcre3 in favor of pcre2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/aide/+bug/1792544/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1792544] Re: demotion of pcre3 in favor of pcre2
NGINX has technically said this is won't fix: >From a response to my inquiry: http://mailman.nginx.org/pipermail/nginx- devel/2018-September/011448.html -- Hello! On Tue, Sep 18, 2018 at 08:12:20AM -0400, Thomas Ward wrote: > Downstream in Ubuntu, it has been proposed to demote pcre3 and > use pcre2 instead as it is newer. > https://trac.nginx.org/nginx/ticket/720 shows it was marked 4 > years ago that NGINX does not support pcre2. Are there any > plans to use pcre2 instead of pcre3? There are no immediate plans. When we last checked, there were no problems with PCRE, but PCRE2 wasn't available in most distributions we support, making the switch mostly meaningless. Also, it looks like PCRE2 is still not supported even by Exim, which is the parent project of PCRE and PCRE2: https://bugs.exim.org/show_bug.cgi?id=1878 As such, adding PCRE2 support to nginx looks premature. -- Maxim Dounin http://mdounin.ru/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1792544 Title: demotion of pcre3 in favor of pcre2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/aide/+bug/1792544/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1793762] Re: package nginx-core 1.14.0-0ubuntu1.1 failed to install/upgrade: installed nginx-core package post-installation script subprocess returned error exit status 1
Sep 21 09:41:43 ajax nginx[4764]: nginx: [emerg]
BIO_new_file("/etc/letsencrypt/live/w9qbj.duckdns.org/fullchain.pem")
failed (SSL: error:02001002:system library:fopen:No such file or
directory:fopen('/etc/letsencrypt/live/w9qbj.duckdns.org/fullchain.pem','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
Your SSL certificate is unreadable by NGINX.
This is not a bug, but a system permissions issue on your system and
with your SSL certs and config.
** Changed in: nginx (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1793762
Title:
package nginx-core 1.14.0-0ubuntu1.1 failed to install/upgrade:
installed nginx-core package post-installation script subprocess
returned error exit status 1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1793762/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1793762] Re: package nginx-core 1.14.0-0ubuntu1.1 failed to install/upgrade: installed nginx-core package post-installation script subprocess returned error exit status 1
That's beyond the scope of the bug. NGINX can't read or see the file, why that is the case is beyond the scope of this bug. (You may wish to seek support for this problem from Let's Encrypt or some other support mechanism, as bugs are not a support method for solving issues). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1793762 Title: package nginx-core 1.14.0-0ubuntu1.1 failed to install/upgrade: installed nginx-core package post-installation script subprocess returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1793762/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1794321] [NEW] [FFe Needed] Update NGINX in Cosmic to 1.15.4 for bugfixes
Public bug reported: NGINX Upstream recently released 1.15.4. This is the following from its changelog: Changes with nginx 1.15.425 Sep 2018 *) Feature: now the "ssl_early_data" directive can be used with OpenSSL. *) Bugfix: in the ngx_http_uwsgi_module. Thanks to Chris Caputo. *) Bugfix: connections with some gRPC backends might not be cached when using the "keepalive" directive. *) Bugfix: a socket leak might occur when using the "error_page" directive to redirect early request processing errors, notably errors with code 400. *) Bugfix: the "return" directive did not change the response code when returning errors if the request was redirected by the "error_page" directive. *) Bugfix: standard error pages and responses of the ngx_http_autoindex_module module used the "bgcolor" attribute, and might be displayed incorrectly when using custom color settings in browsers. Thanks to Nova DasSarma. *) Change: the logging level of the "no suitable key share" and "no suitable signature algorithm" SSL errors has been lowered from "crit" to "info". The only feature here being added will only be available if https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1793092 passes and is accepted into Cosmic. Until such time, however, TLS1.3 extensions such as ssl_early_data won't work at the moment. The remaining bugfixes are more important. Socket leaks, connections to gRPC backends, return directive not working, etc. should all be fixed with these bugfixes. The only other change is to the logging importance for certain types of errors. This is an Upstream originating point release. Regression risk from this is minimal. Test builds will take place in a PPA, link to be posted shortly. ** Affects: nginx (Ubuntu) Importance: Undecided Status: New ** Tags: cosmic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1794321 Title: [FFe Needed] Update NGINX in Cosmic to 1.15.4 for bugfixes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1794321/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1794321] Re: [FFe Needed] Update NGINX in Cosmic to 1.15.4 for bugfixes
PPA builds uploaded, location will be at https://launchpad.net/~teward/+archive/ubuntu/nginx-1794321 Once it builds, I'll run the upgrade sanity tests. (Thanks for the quick response, sil2100!) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1794321 Title: [FFe Needed] Update NGINX in Cosmic to 1.15.4 for bugfixes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1794321/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1794321] Re: [FFe Needed] Update NGINX in Cosmic to 1.15.4 for bugfixes
Just realized I didn't enable all the archs on the PPA. WIll reupload to the PPA if necessary to regenerate the other archs. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1794321 Title: [FFe Needed] Update NGINX in Cosmic to 1.15.4 for bugfixes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1794321/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1794321] Re: [FFe Needed] Update NGINX in Cosmic to 1.15.4 for bugfixes
All other arch builds beyond amd64 and i386 have been spun and are in progress on the PPA - thanks to cjwatson for showing me the sneaky way to build the other archs. (Builds in progress, once amd64 finishes and shows up I'll do testing) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1794321 Title: [FFe Needed] Update NGINX in Cosmic to 1.15.4 for bugfixes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1794321/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1794321] Re: [FFe Needed] Update NGINX in Cosmic to 1.15.4 for bugfixes
Basic upgrade and installation tests were completed in a Cosmic container. Both upgrading to 1.15.4 from 1.15.3 which is currently in the repos and clean-installing 1.15.4 work without issue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1794321 Title: [FFe Needed] Update NGINX in Cosmic to 1.15.4 for bugfixes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1794321/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1794321] Re: [FFe Needed] Update NGINX in Cosmic to 1.15.4 for bugfixes
Uploaded and awaiting approval. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1794321 Title: [FFe Needed] Update NGINX in Cosmic to 1.15.4 for bugfixes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1794321/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
