From me at halfdog.net Sat Feb 13 05:21:02 2016 From: me at halfdog.net (halfdog) Date: Sat, 13 Feb 2016 05:21:02 +0000 Subject: Bugsquad membership Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello List, As fixing of security bugs might be quite laborious thus inducing delays, bugs believed to be minor security issues might backfire later on, e.g. like with [0] resulting in [1] later on. As the whole process of detection of security bugs to fixing often takes month, sometimes even years, I would like to join bugsquad to coordinate and create fixes for at least some of the bugs I reported, e.g. [2]. Bugsquad membership should make it easier then to have a clean bug state after triage to start with [3], thus for the Ubuntu Security team just to review the updated package diffs and take over the package. As I do not have deep insights into the bugsquad team management daily operations, does this make sense or is this contribution too minor to accept the membership-associated overhead for bugsquad management? If membership has a net gain, could someone please subscribe me to the team? If you wonder, why e.g. [0], [1] were reported to Ubuntu via e-mail but not via Launchpad: As it would be the most natural thing for e.g. NSA, China, ... (those with capabilities to monitor large amount of network traffic) to just record all mails from large-scale Linux distribution issue tracking systems containing the keyword "security", and as this is very cheap way to get to near-zero day material, I would assume, that this is already done. Hence really critical security material perhaps should not go to Launchpad or Launchpad could be modified to send security issues only in encrypted mails without talkative title, members without key should get only message "Bug [Number]: Info changed" including the HTTPS link to the issue. Kind regards, hd [0] http://www.halfdog.net/Security/2015/SetgidDirectoryPrivilegeEscalation/ [1] http://www.halfdog.net/Security/2015/UserNamespaceOverlayfsSetuidWriteExec/ [2] https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1528050 - -- http://www.halfdog.net/ PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAla+vTIACgkQxFmThv7tq+6DRACfWcFN8rmnL/L9lh6eWz86EfZF c4cAnA7LO1tzDPQwSbFbzQKbUeFxczDQ =hfyN -----END PGP SIGNATURE----- From stuart at itburns.me Wed Feb 17 13:29:43 2016 From: stuart at itburns.me (Stuart Burns) Date: Wed, 17 Feb 2016 13:29:43 +0000 Subject: Bug preventing booting with an encrypted system drive Message-ID: <56C475C7.5090107@itburns.me> Hi Everyone, I have found a bug and could do with some help . I did check to see if it exists but as far as I can see it does not. I also tried using the automated bug reporting tool but that didn't seem to have the required options. I have installed Xubuntu 15 on my HP ProDesk 405 G2 MT tower from DVD media. During installation I chose to use the encrypt disk option during setup using the wizard. The system installation completed without issue. Once this was done I manually ran the update tool. It installed a kernel update as well as other updates such as Firefox. On reboot however I am no longer able to enter my encryption key. I am presented with the splash screen that invites me to type in the key and instead of being entered in the decryption key screen it writes the text to the upper left hand screen and even if I enter the password it will not accept it and boot. I was using a Bluetooth keyboard (Logitech MK700) but on repeating the test with a directly plugged in USB keyboard I get the same issue. The only was to fix the issue and being able to to boot is to choose the 4.2.0-16 kernel and doing that works fine with no issue with both of the keyboards. This setup has 2 monitors attached. One is DisplayPort to VGA and one is standard VGA connectors. Current kernel: stuart at ProDesk:~$ uname -a Linux ProDesk 4.2.0-16-generic #19-Ubuntu SMP Thu Oct 8 15:35:06 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux The current list of installed kernels is below stuart at ProDesk:~$ sudo dpkg --list | grep linux-image ii linux-image-4.2.0-16-generic 4.2.0-16.19 amd64 Linux kernel image for version 4.2.0 on 64 bit x86 SMP ii linux-image-4.2.0-27-generic 4.2.0-27.32 amd64 Linux kernel image for version 4.2.0 on 64 bit x86 SMP ii linux-image-extra-4.2.0-16-generic 4.2.0-16.19 amd64 Linux kernel extra modules for version 4.2.0 on 64 bit x86 SMP ii linux-image-extra-4.2.0-27-generic 4.2.0-27.32 amd64 Linux kernel extra modules for version 4.2.0 on 64 bit x86 SMP ii linux-image-generic 4.2.0.27.30 The lscpu output is below if that helps. stuart at ProDesk:~$ lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian CPU(s): 4 On-line CPU(s) list: 0-3 Thread(s) per core: 1 Core(s) per socket: 4 Socket(s): 1 NUMA node(s): 1 Vendor ID: AuthenticAMD CPU family: 22 Model: 48 Model name: AMD A8-6410 APU with AMD Radeon R5 Graphics Stepping: 1 CPU MHz: 1000.000 CPU max MHz: 2000.0000 CPU min MHz: 1000.0000 BogoMIPS: 3992.48 Virtualisation: AMD-V L1d cache: 32K L1i cache: 32K L2 cache: 2048K NUMA node0 CPU(s): 0-3 From es20490446e at gmail.com Wed Feb 17 16:21:13 2016 From: es20490446e at gmail.com (Alberto Salvia Novella) Date: Wed, 17 Feb 2016 17:21:13 +0100 Subject: Bug preventing booting with an encrypted system drive In-Reply-To: <56C475C7.5090107@itburns.me> References: <56C475C7.5090107@itburns.me> Message-ID: <56C49DF9.1060806@gmail.com> Stuart Burns: > I have found a bug and could do with some help . Please report it using the following procedure: (https://help.ubuntu.com/community/ReportingBugs#Reporting_non-crash_hardware_and_desktop_application_bugs) -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6472 bytes Desc: S/MIME Cryptographic Signature URL: From hggdh2 at ubuntu.com Wed Feb 17 20:06:23 2016 From: hggdh2 at ubuntu.com (C de-Avillez) Date: Wed, 17 Feb 2016 14:06:23 -0600 Subject: Bugsquad membership In-Reply-To: References: Message-ID: <20160217140623.13272c8f.hggdh2@ubuntu.com> On Sat, 13 Feb 2016 05:21:02 +0000 halfdog wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello List, > > As fixing of security bugs might be quite laborious thus inducing > delays, bugs believed to be minor security issues might backfire later > on, e.g. like with [0] resulting in [1] later on. As the whole process > of detection of security bugs to fixing often takes month, sometimes > even years, I would like to join bugsquad to coordinate and create > fixes for at least some of the bugs I reported, e.g. [2]. Bugsquad > membership should make it easier then to have a clean bug state after > triage to start with [3], thus for the Ubuntu Security team just to > review the updated package diffs and take over the package. Membership in the BugSquad team is open to all, with the following caveats: * you must have a Launchpad account; * you must sign the Code of Conduct [1] (link to signing in you LP home page); * you *should* subscribe to the BugSquad mailing list [2]; * you yourself should then apply for membership in the BugSquad [3] > As I do not have deep insights into the bugsquad team management daily > operations, does this make sense or is this contribution too minor to > accept the membership-associated overhead for bugsquad management? As related to security bugs, there is not much done by the BugSquad team itself. Security bugs are dealt with by the Ubuntu Security team [4]. Security bugs can still be reported on LP, but set as either public or private security bugs (see a reported bug, near the top right corner "this report contains ... information." These bugs are reviewed by the Security team. Security issues can also be directly passed to the Security team via email to ecurity at ubuntu.com. This email can be GPG-encryted to individual members of the team; teir public keys are available [5]. Additional contact may be pursued via IRC (freenode.net, channel #ubuntu-hardened). > If membership has a net gain, could someone please subscribe me to the > team? As I pointed up above, you yourself must subscribe to the team, if you want. > > If you wonder, why e.g. [0], [1] were reported to Ubuntu via e-mail > but not via Launchpad: As it would be the most natural thing for e.g. > NSA, China, ... (those with capabilities to monitor large amount of > network traffic) to just record all mails from large-scale Linux > distribution issue tracking systems containing the keyword "security", > and as this is very cheap way to get to near-zero day material, I > would assume, that this is already done. Hence really critical > security material perhaps should not go to Launchpad or Launchpad > could be modified to send security issues only in encrypted mails > without talkative title, members without key should get only message > "Bug [Number]: Info changed" including the HTTPS link to the issue. > > Kind regards, > hd Cheers, ..C.. [1] http://www.ubuntu.com/about/about-ubuntu/conduct [2] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugsquad [3] https://launchpad.net/~bugsquad [4] https://wiki.ubuntu.com/SecurityTeam [5] https://wiki.ubuntu.com/SecurityTeam/FAQ#Contact -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From noreply at ubuntu.com Mon Feb 22 22:35:55 2016 From: noreply at ubuntu.com (Ubuntu Wiki) Date: Mon, 22 Feb 2016 22:35:55 -0000 Subject: =?utf-8?q?=5BUbuntu_Wiki=5D_Update_of_=22LibreOfficeBugWrangling=22_by_pe?= =?utf-8?q?nalvch?= Message-ID: <20160222223555.27338.45357@mangaba.canonical.com> Dear Wiki user, You have subscribed to a wiki page or wiki category on "Ubuntu Wiki" for change notification. The "LibreOfficeBugWrangling" page has been changed by penalvch: http://wiki.ubuntu.com/LibreOfficeBugWrangling?action=diff&rev1=29&rev2=30 Comment: In response to LP#1548451 et. el. added information on openoffice-debian-menus. <> ||'''Contents'''<
><>|| + = Introduction = + + * Please do not report a LibreOffice bug without first reading this wiki article and performing all the relevant actions mentioned here. Failure to do so may waste your time in filing a frivolous report, or delay your bug getting addressed as quickly as possible. + + = What is not considered a bug? = + + == package libreoffice-common (not installed) failed to install/upgrade: trying to overwrite '/usr/bin/soffice', which is also in package openoffice-debian-menus == + + If you have a crash, and a window pops up asking to report to Launchpad something like: <
><
> '''package libreoffice-common (not installed) failed to install/upgrade: trying to overwrite '/usr/bin/soffice', which is also in package openoffice-debian-menus''' <
><
> + Please do not file this as a bug report. It's not a bug, and will be marked Invalid. Instead, please remove the package openoffice-debian-menus first before upgrading. + + == Apache OpenOffice / OpenOffice.org bugs == + + The Ubuntu project no longer supports Apache OpenOffice (AOO) / OpenOffice.org (OOo), in favor of LibreOffice. This is an important distinction for original reporters of AOO/OOo bugs, as AOO/OOo 4.1.1 was released on August 21, 2014, and just the announcement of the next version (4.1.2) coming soon didn't come out until September 27, 2015 (over a year). This indicates a long lag in security and bug fixes, in comparison to LibreOffice's fast, and timely maintenance cadence as noted [[https://wiki.documentfoundation.org/ReleasePlan|here]]. + + Hence, an appropriate triaging response is: + || Thank you for reporting this and helping make Ubuntu. <
> <
> However, there are no new official Apache OpenOffice/OpenOffice.org releases in Ubuntu, as the Ubuntu project has transitioned to LibreOffice. Hence, the status of this report is being marked as Won't Fix. <
><
> You are welcome to test for this problem in LibreOffice. If reproducible, please click the button: <
> Also affects distribution <
><
> Distribution: Ubuntu <
> Source Package Name: (Optional) libreoffice <
><
> For more on installing LibreOffice please see [[https://wiki.ubuntu.com/LibreOffice]]. <
><
> Thank you for your understanding.|| + = How to file a bug = - * Please do not report a LibreOffice bug without first reading this wiki article and performing all the relevant actions mentioned here. Failure to do so may delay your bug getting addressed as quickly as possible. - * First, before filing a bug report, please make sure you remove all openoffice.org packages first, then install the full LibreOffice suite to avoid [[https://blueprints.launchpad.net/ubuntu/+spec/desktop-q-libreoffice-split|package split collateral damage]], by executing at a terminal: + * First, please make sure you remove all openoffice.org packages first, then install the full LibreOffice suite to avoid [[https://blueprints.launchpad.net/ubuntu/+spec/desktop-q-libreoffice-split|package split collateral damage]], by executing at a terminal: || {{{sudo apt-get -y install libreoffice}}}|| * Please file all your LibreOffice bugs by executing at the Terminal: <
> {{{ubuntu-bug }}} <
> <
> where is the specific package you found the problem in. For example, if you have a document import issue with Writer: <
> {{{ubuntu-bug libreoffice-writer}}} @@ -84, +101 @@ ||Thank you for reporting this and helping make Ubuntu better. Regarding this report:<
>- This is a clearcut upstream issue. Could you please send this to the developers of the software by following the instructions at [[http://wiki.documentfoundation.org/BugReport]]? Please provide a URL of the upstream bug, so a bugwatch may be added that will advise about its status.<
>- Marking LibreOffice Packaging and libreoffice (Ubuntu) => Won't Fix Wishlist. This does not mean the issue will not be cared about, but if it is cared about (even by Ubuntu/Canonical contributors), it is done upstream at LibreOffice. <
><
> Thank you for your understanding.|| - == Apache OpenOffice / OpenOffice.org bugs == - - The Ubuntu project no longer supports Apache OpenOffice (AOO) / OpenOffice.org (OOo), in favor of LibreOffice. This is an important distinction for original reporters of AOO/OOo bugs, as AOO/OOo 4.1.1 was released on August 21, 2014, and just the announcement of the next version (4.1.2) coming soon didn't come out until September 27, 2015 (over a year). This indicates a long lag in security and bug fixes, in comparison to LibreOffice's fast, and timely maintenance cadence as noted [[https://wiki.documentfoundation.org/ReleasePlan|here]]. - - Hence, an appropriate triaging response is: - || Thank you for reporting this and helping make Ubuntu. <
> <
> However, there are no new official Apache OpenOffice/OpenOffice.org releases in Ubuntu, as the Ubuntu project has transitioned to LibreOffice. Hence, the status of this report is being marked as Won't Fix. <
><
> You are welcome to test for this problem in LibreOffice. If reproducible, please click the button: <
> Also affects distribution <
><
> Distribution: Ubuntu <
> Source Package Name: (Optional) libreoffice <
><
> For more on installing LibreOffice please see [[https://wiki.ubuntu.com/LibreOffice]]. <
><
> Thank you for your understanding.|| - == How to forward bugs Upstream == * Once marked Triaged, a bug that is reproducible in the upstream release would want to be filed upstream using the [[https://www.libreoffice.org/get-help/bug/|LibreOffice Bug Submission Assistant]], or in the old fashioned way at https://bugs.freedesktop.org/enter_bug.cgi?product=LibreOffice.