@nacc, we are past the cutoff date and there has been no movement on the
Debian side. Nothing on the 2 bugs I reported ([1] and [2]) nor the git
trees of the corresponding packages.
So I think you shouldn't hold the release of your package for that. If
you feel like it, you could include the upstr
Under systemd, if the ListenAddress is on an interface that is manually
brought up, the ifup script doesn't help. In that situation, the invoke-
rc.d reload/restart fails because the initial startup of sshd wasn't
successful.
--
You received this bug notification because you are a member of Ubunt
@nacc, we are past the cutoff date and there has been no movement on the
Debian side. Nothing on the 2 bugs I reported ([1] and [2]) nor the git
trees of the corresponding packages.
So I think you shouldn't hold the release of your package for that. If
you feel like it, you could include the upstr
Public bug reported:
libvirt is supposed to be able to create ZFS pool but I'm unable make
use of it:
1) Create some free space to be used as the backing device
lvcreate -n libvirt-pool -L 8G vg0
2) Import a pool definition
virsh pool-define-as --type zfs --name zfspool --source-name libvirt-po
I believe the seccomp whitelist is provided by qemu itself, not libvirt.
** Also affects: qemu (Ubuntu)
Importance: Undecided
Status: New
** Changed in: libvirt (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Server Team,
Public bug reported:
Steps to reproduce:
1) set "seccomp_sandbox = 1" in /etc/libvirt/qemu.conf
2) restart libvirt-bin
3) create a guest using the attached .xml file
4) start the guest
Current behavior: the guest will remain in the "paused" state and fail
to start because of this:
audit: type=1
On 2016-03-12 01:49 PM, Nish Aravamudan wrote:
> On 12.03.2016 [14:53:00 -], Simon Déziel wrote:
>> @nacc, your test build works really well, thanks for providing it.
>
> Thank you for testing so quickly!
I was keeping an eye on Unbound because this new version will allow
@nacc, your test build works really well, thanks for providing it.
Before this officially lands in Xenial, I believe it would be a good
idea to include the new L-root IPv6 address [1] that is already
operational.
This change is in upstream's SVN but not yet in Debian. March 23rd being
really clos
@nacc, if you have a test build available let me know.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to unbound in Ubuntu.
https://bugs.launchpad.net/bugs/1556308
Title:
Please merge unbound 1.58-1 from Debian unstable
To manage noti
Thank you Colin for 7.2p1-1, I really appreciate it!
** Changed in: openssh (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1553378
Title:
Trusty and later have the correct wording so marking as fix released.
** Changed in: openssh (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.ne
Public bug reported:
Since I moved from Trusty to Xenial, my sftp backup script stopped
working. After a bit of investigation it seems to be exactly
https://bugzilla.mindrot.org/show_bug.cgi?id=2528. Fortunately it was
fixed in OpenSSH 7.2.
I know 7.2 is pretty recent and not yet in Debian but I
Hi Steven,
Thanks for the thorough analysis.
On 2016-02-29 05:58 AM, Steven Bishop wrote:
> Hi there,
>
>
> Sending again as message didn't show up in the thread.
>
>
> Forwarded Message
>
> Subject: Re: [Bug 1514794] Re: package:strongswan-plugin-farp may need
> apparmor
Ruslan, upstream mentions that lowering the amount of socket used for
RADIUS a possible workaround:
https://wiki.strongswan.org/issues/757#note-7
Also, you might want to give a try to Ubuntu Xenial that ships
Strongswan 5.3.5 which has the fix included.
--
You received this bug notification beca
The crash signature looks a lot like this one:
https://wiki.strongswan.org/issues/757
** Changed in: strongswan (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
https
On 2016-02-26 01:11 PM, ruslan_ka wrote:
>> I have no idea what can cause this access to /dev/tty. I never ran into
>> this problem on my own server which is similar minus the EAP/RADIUS
>> part, I use xauth-generic only.
> xauth-eap works in a different way. It takes clear text password from clien
On 2016-02-25 10:50 AM, ruslan_ka wrote:
> The server serves only incoming VPN requests, it is for mobile road-
> warriors. And the error does not occur right after starting a
> strongswan or bringing tunnels up. So it makes no sense to run it with
> auto=add or not.
I somehow assumed it was an i
If you re-enable the Apparmor profile and set your connection to not
auto start (use "auto=add") when do you get the access denial on
/dev/tty? Is it after restarting the strongswan service or when you call
"ipsec up $conn"?
Lastly, would you mind providing an obfuscated version of your
ipsec.secr
@caramba696, smartcard should be improved in Xenial so you might want to
re-test.
The Apparmor profile allows charon to access /run/pcscd/pcscd.comm and
also include other rules related to smartcards.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
@ruslan_ka, after disabling the Apparmor profiles, did you receive a
prompt for a user/password or something when starting Strongswan?
** Changed in: strongswan (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Server Team, which i
With a recent kernel, libvirt can manage the MAC table [*] of the bridge
so maybe this is something that can be done by LXC/LXD as well?
*: see the "bridge" section of
https://libvirt.org/formatnetwork.html#elementsConnect
--
You received this bug notification because you are a member of Ubuntu
Fixed upstream by 1.5.0. Marking as fix released now that Xenial has
1.5.7.
** Changed in: unbound (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to unbound in Ubuntu.
https://bugs.la
Fixed confirmed with version 9.10.3.dfsg.P2-3ubuntu3. Thanks for the
quick turnaround.
** Changed in: bind9 (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in Ubuntu.
https://
Public bug reported:
In Xenial -proposed, bind9-host 9.10.3.dfsg.P2-3~ubuntu1 depends on
bind9. It wasn't the case with version 9.9.5.dfsg-12.1ubuntu1 and I
believe the old behavior is better.
Here is the apt history.log:
Start-Date: 2016-02-17 16:08:47
Commandline: apt-get --assume-yes dist-u
Public bug reported:
With libvirt-bin 1.3.1, starting a QEMU guest results in those AA
denials:
Feb 17 12:06:23 simon-laptop kernel: [15734.513696] audit: type=1400
audit(1455728783.639:73): apparmor="DENIED" operation="open"
profile="/usr/lib/libvirt/virt-aa-helper" name="/etc/nsswitch.conf" p
On 2016-02-16 09:46 AM, mrq1 wrote:
> it looks like strongswan is faking a nat situation if the kernel-libipsec
> is used
This is by design as kernel-libipsec requires ESPinUDP.
As Tobias (Strongswan upstream) said, it's best to not have this on by
default.
> btw: did you get this audit entries
On 2016-02-14 09:00 AM, Simon Deziel wrote:
> On 2016-02-13 10:03 PM, Ryan Harper wrote:
>> On Sat, Feb 13, 2016 at 7:51 PM, Simon Déziel <1535...@bugs.launchpad.net>
>>> libipsec support is very cool (thanks for enabling it!) as it should
>>> allow running a IPsec
On 2016-02-13 10:03 PM, Ryan Harper wrote:
> On Sat, Feb 13, 2016 at 7:51 PM, Simon Déziel <1535...@bugs.launchpad.net>
> wrote:
>
>> On 2016-02-13 05:09 PM, Ryan Harper wrote:
>>> On Sat, Feb 13, 2016 at 12:27 PM, mrq1 wrote:
>>>
>>>> gre
On 2016-02-13 05:09 PM, Ryan Harper wrote:
> On Sat, Feb 13, 2016 at 12:27 PM, mrq1 wrote:
>
>> great! starts now :-)
>>
>> what about the chapoly plugin? can you enable it in the extra package?
>> it would be very important for me!
>>
>
> I can look at enabling it. It's new in 5.3.5.
+1
ChaC
On 2016-02-13 12:39 PM, Ryan Harper wrote:
> The extra-plugins package need some more privs for the charon binary
> in the apparmor profile.
Ryan, please take a look at [1] for refreshed AA profiles that could
address many more LP bugs (all mentioned in debian/changelog). Thanks.
Regards,
Simon
** Attachment removed: "Refreshed logcheck rules"
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+attachment/4558391/+files/strongswan.logcheck
** Attachment added: "Refreshed logcheck rules"
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+attachment/4
It works, thanks Martin.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1454725
Title:
openvpn no longer called with "--script-security 2"
To manage notifications about this bug go to
Thanks for the feedback Nicolas.
This is likely going to bite many users upgrading. It's fairly common to
push DNS resolvers from the VPN server. For those to be usable on the
client side, "script-security 2" is needed otherwise the up/down script
update-resolv-conf won't be called.
Since Ubuntu
** Changed in: openvpn (Ubuntu)
Status: Incomplete => Confirmed
** Summary changed:
- openvpn does not use OPTARGS from /etc/default/openvpn
+ openvpn no longer called with "--script-security 2"
--
You received this bug notification because you are a member of Ubuntu
Server Team, which i
I just check on 14.04 and 16.04 and the init script automatically adds
"--script-security 2" unless the VPN config contains a script-security
directive.
Problem is that since the switch to systemd, the init script is no
longer used and the daemon is used like this:
$ systemctl cat openvpn@.serv
Thanks Martin. I didn't know we could use fix released until the
official release was made.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1511524
Title:
OpenVPN PAM authentication bro
The man page says :
--plugin module-pathname [init-string]
Load plug-in module from the file module-pathname, passing init-string
as an argument to
the module initialization function.
So given the proper path it should work.
On Trusty, the following works well:
plugin /usr/li
This was fixed in Debian in openvpn 2.3.10-1. This has already made it
into Xenial 16.04.
** Bug watch added: Debian Bug tracker #795313
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795313
** Also affects: openvpn (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795313
I
Nicolas, the journal log shows that the VPN server hostname was not
resolvable and eventually when it finally connected, it failed after
calling a --up script. Could you provide this --up script and maybe the
sanitized configuration of your VPN client?
** Changed in: openvpn (Ubuntu)
Status
The easy-rsa component now ship as a separated package in Trusty. The
released version contains the fix.
** Changed in: openvpn (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openv
@Sinix, your modification to the init script are probably at fault since
they are not doing proper checking/error handling and the script is
configured to abort on the first error (!/bin/sh -e).
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscri
** Changed in: openvpn (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openvpn in Ubuntu.
https://bugs.launchpad.net/bugs/1165841
Title:
package openvpn 2.2.1-8ubuntu1.1 failed to install/
You have installed some third party startup/init script named "fruhod"
that is broken. You will need to correct or remove it.
** Changed in: openvpn (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to
** Attachment removed: "Refreshed logcheck rules"
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+attachment/4558011/+files/strongswan.logcheck
** Attachment added: "Refreshed logcheck rules"
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1535951/+attachment/4
The attached logcheck rules should cover all the normal logs generated
by Strongswan using the stock default config. If Debian integrates this
ruleset, bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787156
could be closed.
** Bug watch added: Debian Bug tracker #787156
http://bugs.debian
The "ngx-conf" command was added to 1.9.1-1. Marking as fix released
since Wily shipped with 1.9.3-1ubuntu1.
** Changed in: nginx (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in
Works well, thank you!
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1534340
Title:
openssh server 6.6 does n
@Steven, is this still an issue? The diff you showed includes "# network
all," but this is not in the released version of charon's profile. Maybe
you had a locally modified profile when you ran into the issue?
Since the charon's profile in Trusty allows all networking, I don't
think that adding "n
With Strongswan 5.1.2-0ubuntu8 on Ubuntu Xenial, things have improved
slightly. systemd will notice if one runs "ipsec stop". Previously,
upstart was unable to figure it out and would re-spawn the service.
One problem remains with systemd: If you "ipsec start" while the systemd
service is not runn
Somehow, this problem was caused by my override.conf file:
[Service]
# change status update interval from 10 to 600 seconds
ExecStart=
ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status
600 --cd /etc/openvpn --config /etc/openvpn/%i.conf --writepid
/run/openvpn/%i.p
No matter if I Ctrl-C or not, the start job always times out after 90
seconds killing the VPN connection.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openvpn in Ubuntu.
https://bugs.launchpad.net/bugs/1536568
Title:
please merge
This upgrade caused a regression. When manually starting a VPN with
"systemctl start openvpn@foo", the VPN foo connects fine but the call to
systemctl never returns. I need to Ctrl-C it to get back at the console.
This was working well with 2.3.8-1ubuntu1.
--
You received this bug notification b
*** This bug is a duplicate of bug 1535951 ***
https://bugs.launchpad.net/bugs/1535951
Marking this bug as a duplicate of LP: #1535951 since Strongswan 5.3.5
should land in Xenial thus addressing the issues mentioned here.
** This bug has been marked a duplicate of bug 1535951
Please merge
@Joe, as mentioned by Robie, the ESP packets are generated by your
kernel using the key information provided and negociated by Strongswan.
There can be many reasons for the remote node to not reply to your ESP
packets. Most of the time, IPsec issues boil down to configuration/setup
problems.
Assum
Natty has long been out of support. Derek, are you still seeing this
crash?
** Changed in: strongswan (Ubuntu)
Status: Triaged => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
https://bugs.laun
This is upstream bug https://wiki.strongswan.org/issues/453 which was
fixed with the 5.2.2 release.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
https://bugs.launchpad.net/bugs/1448870
Title:
Certificate poli
Public bug reported:
With QEMU 2.5, I noticed this error when starting a VM:
apparmor="DENIED" operation="open" profile="libvirt-a856b198-b559-44c2
-af9d-9a6205993213" name="/sys/module/vhost/parameters/max_mem_regions"
pid=13646 comm="qemu-system-x86" requested_mask="r" denied_mask="r"
fsuid=114
** Patch added: "qemu-kvm-init-fix-comparison.patch"
https://bugs.launchpad.net/bugs/1531191/+attachment/4544985/+files/qemu-kvm-init-fix-comparison.patch
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to qemu in Ubuntu.
https://bugs.
On 2016-01-05 06:51 PM, Serge Hallyn wrote:
> Thanks. I'm fixing this during the 2.5 qemu merge.
I just saw your new update, thanks! The comparison operator needs to be
changed for the fix to work (see patch).
Lastly, the changelog mentions the default file should be installed but
I don't see an
If at all possible, aiming for 1.5.7 into Xenial would be very
appreciated. This version comes with qname minimisation support which is
a good thing for privacy and performance.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to unbound in
It turned out that I was missing "askpass" in my VPN config. This was
not required before but now is.
With this new option in place, things work well and the password prompt
is broadcast to all the consoles thanks to systemd-ask-password-wall.
Since I don't wanted the "wall" like behaviour, I cha
Public bug reported:
$ grep qemu-kvm /var/log/syslog
Jan 5 10:23:24 simon-laptop qemu-kvm[497]: * Configuring kvm qemu-kvm
Jan 5 10:23:24 simon-laptop qemu-kvm[497]: /usr/share/qemu/init/qemu-kvm-init:
82: [: Illegal number:
Jan 5 10:23:24 simon-laptop qemu-kvm[497]: ...done.
Line 82 of /usr/
Adding the following to the [Unit] section of dnsmasq.service fixes the
problem:
After=network-online.target
Wants=network-online.target
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bu
Public bug reported:
My dnsmasq instance uses "interface=br-vz0" and the interface br-vz0 is
managed manually in /etc/network/interfaces.
During boot, dnsmasq is started before br-vz0 is created and this causes
dnsmasq to exit:
Jan 5 08:56:16 simon-laptop dnsmasq[1008]: dnsmasq: unknown interfa
Public bug reported:
My VPN configuration references a RSA private key that is password
locked. When I manually start the VPN connection, the systemd wrapper
doesn't properly prompt for the password:
$ sudo systemctl start openvpn@cameleon
Broadcast message from root@simon-laptop (Sun 2016-01-0
Public bug reported:
Steps to reproduce:
1) Set "seccomp_sandbox = 1" in /etc/libvirt/qemu.conf
2) stop libvirt-bin; start libvirt-bin
3) Define a VM using SDL graphic. Example XML extract:
4) xhost +SI:localgroup:kvm
5) Start the VM
Expected behavior: should display a usab
volker, it's in 4.3.0-4.13:
http://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_4.3.0-4.13/changelog
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
https://bugs.launchpad.net/bugs/1523133
Title:
str
The problem is with the kernel itself and a fix was committed upstream:
https://www.spinics.net/lists/stable/msg110748.html
** Changed in: strongswan (Ubuntu)
Status: New => Invalid
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu)
Marking as verified on Trusty since I was able to do more testing.
** Tags added: verification-done-trusty
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1273462
Title:
Users can mist
I've been using the -proposed package on 15 Trusty machines since it was
published. Again, I never was able to reproduce the original problem but
I saw no regression either.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report
Eric, I've been running the proposed version on many systems and haven't
found any regression. Do you think this would be ready to move on to
-updates now?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.lau
Hi Richard, were you able to test the proposed package? Thanks
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to seabios in Ubuntu.
https://bugs.launchpad.net/bugs/1404396
Title:
[regression] vgabios -> seabios breaks (my) 16-bit appli
I couldn't find any regression in my testing but since it wasn't that
extensive, I'm not marking it a verified just yet.
I really like the behavior improvement. Now, a regular user has a convenient
way to check service statuses:
/etc/init.d/acpid status
Instead of the obtuse old way:
env -
Public bug reported:
Some older versions of OpenSSH had a patch allowing the daemon to change
Apparmor hats to apply different containment profiles to different code
paths (AUTHENTICATED, EXEC, PRIVSEP, etc).
This feature would need to be ported to recent OpenSSH versions and sent
upstream for in
Eric, I don't know if that's a good test case but on my patched Trusty
box:
root@xeon:~# uname -a
Linux xeon 3.13.0-63-generic #103-Ubuntu SMP Fri Aug 14 21:42:59 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
root@xeon:~# sysctl net.core.wmem_max=4650
net.core.wmem_max = 4700
root@xeon:~# sys
Err, I meant I couldn't reproduce the issue with and without the patch.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-free in routing socket code after
I tried to reproduce the problem by lowering {r,w}mem_max on Precise and
Trusty's *unpatched* version to no avail. On the up side, I couldn't
find any regression with the update version.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to t
Indeed, the gemrc way is much cleaner. Thanks
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ruby1.9.1 in Ubuntu.
https://bugs.launchpad.net/bugs/1467716
Title:
"gem install" fetches packages from unencrypted HTTP URL
To manage not
The version in trusty-proposed works fine, thanks a lot!
** Tags removed: verification-needed
** Tags added: verification-done
** Tags removed: verification-done
** Tags added: verification-done-trusty
--
You received this bug notification because you are a member of Ubuntu
Server Team, which i
Thomas, would you consider a SRU to Trusty now? If yes, I could work on
providing a debdiff if you'd like. Thanks in advance
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
https://bugs.launchpad.net/bugs/1315426
Title
With new kernels coming to Trusty with new point releases, the drbd-
utils (8.9.X) should be SRU'ed to Trusty, IMHO. Thanks in advance
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to drbd8 in Ubuntu.
https://bugs.launchpad.net/bugs/1375
OpenVPN 2.3.7 made it into Wily
** Changed in: openvpn (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openvpn in Ubuntu.
https://bugs.launchpad.net/bugs/1385851
Title:
OpenVPN only
Piotr, Xen 4.4.2 made it into trusty-proposed
(https://bugs.launchpad.net/bugs/147) so maybe you'd like to give it
a try?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to xen in Ubuntu.
https://bugs.launchpad.net/bugs/1484682
Title:
Seems like there was some confusion here. CVE-2013-7106 affected Icinga
only but CVE-2013-7108 affects both Icinga and Nagios3.
CVE-2013-7108 is still unpatched for Nagios3
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-7106
** Also affects: nagios3 (Ubuntu)
Importance:
** Also affects: nagios3 (Ubuntu)
Importance: Undecided
Status: New
** No longer affects: nagios3 (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nagios3 in Ubuntu.
https://bugs.launchpad.net/bugs/1279825
Title:
C
Thomas, now that the fix made it to Wily, would there be any chance to
get this to Trusty via an SRU? Thanks in advance
** Changed in: nginx (Ubuntu Wily)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscri
This was fixed upstream according to the changelog.
http://www.openssh.com/txt/release-6.9:
* ssh(1), sshd(8): cap DH-GEX group size at 4Kbits for Cisco
implementations as some would fail when attempting to use group
sizes >4K; bz#2209
HTH,
Simon
** Bug watch added: OpenSSH Portable Bugz
The Trusty proposed version (1.4.22-1ubuntu4.14.04.2) works well,
thanks!
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/
Amavisd-new 2.10.1 was released on 2014-10-26. This version is also in
Debian jessie and Ubuntu Wily isn't frozen yet.
So it seems that we have all the conditions to ask for a merge. The
automatic merge fails because of an apparently trivial conflict on
debian/control (see https://merges.ubuntu.co
Seems to be related/duplicated to/of LP: 1382118. As suggested, running
"ssh-keygen -A" should probably be the only thing needed.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cloud-init in Ubuntu.
https://bugs.launchpad.net/bugs/1461
I can indeed reproduce the failure on a dual-stacked machine. As you
said, using -4/-6 doesn't exceed the max sent count.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to unbound in Ubuntu.
https://bugs.launchpad.net/bugs/1472510
Title:
The stale file was apparently left by /etc/dhcp/dhclient-exit-
hooks.d/ntp. Since this dhclient script updates the ntp.conf.dhcp file
when a new NTP server is advertised via DHCP, it should be OK to always
use the most recent file between /var/lib/ntp/ntp.conf.dhcp and
/etc/ntp.conf.
The attached
Public bug reported:
Today, I noticed that my laptop's time was ~4s ahead of my home NTP
server. Looking at 'ntpdc -sn localhost' I noticed that my laptop was
trying to sync with an unknown and unreachable server. Surprisingly,
this server was not in /etc/ntp.conf.
After some debugging, I found a
This works for me on Trusty with Apache 2.4.7:
Header edit Set-Cookie "^(JSESSIONID=.*; Path=^/itrax/irates/)(.*)$"
"$1/$2"
# apt-cache policy apache2
apache2:
Installed: 2.4.7-1ubuntu4.4
Candidate: 2.4.7-1ubuntu4.4
Version table:
*** 2.4.7-1ubuntu4.4 0
500 http://archive.ubuntu.
On 06/23/2015 05:36 AM, Robie Basak wrote:
> I know that years ago "gem install" was horribly insecure, but I believe
> this has been improved upstream? So is this a bug in Ubuntu's packaging,
> or is it that it is fixed in a newer upstream (and/or Ubuntu) release,
> or is what you're reporting sti
*** This bug is a security vulnerability ***
Public security bug reported:
Running "gem install $FOO" fetches $FOO using unencrypted HTTP which is
insecure.
Steps to reproduce:
1. apt-get install ruby
2. echo 'source "https://rubygems.org";' > Gemfile
3. gem install bundler
One would expect th
On 06/16/2015 11:57 AM, Simon Déziel wrote:
> ** Changed in: nginx (Ubuntu Wily)
>Status: Triaged => Fix Committed
Oops, I might have been wrong as the fix was commit in Debian but have
yet to make it to Wily. Sorry about that :(
--
You received this bug notification because
** Changed in: nginx (Ubuntu Wily)
Status: Triaged => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
https://bugs.launchpad.net/bugs/1464770
Title:
initscript doesn't preserve return code
To ma
Public bug reported:
Copied from the Debian bug (https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=788573):
Many actions offered by the initscript do not preserve or give the
proper return code. One notable example is the "configtest" that always
returns 0 even when problems are detected:
echo
Wouldn't it be possible to have sshd use "IP_FREEBIND" so that it can
bind an IP that has not materialized yet?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/216847
Title:
sshd will n
1 - 100 of 305 matches
Mail list logo
