[Group.of.nepali.translators] [Bug 1716613] Re: linux: 4.4.0-96.119 -proposed tracker
Hardware Certification have completed testing this -proposed kernel. No regressions were observed, results are available here: http://people.canonical.com/~hwcert/sru-testing/xenial/4.4.0-96.119 /xenial-proposed-published.html ** Tags added: certification-testing-passed ** Changed in: kernel-sru-workflow/certification-testing Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1716613 Title: linux: 4.4.0-96.119 -proposed tracker Status in Kernel SRU Workflow: In Progress Status in Kernel SRU Workflow automated-testing series: Fix Released Status in Kernel SRU Workflow certification-testing series: Fix Released Status in Kernel SRU Workflow prepare-package series: Fix Released Status in Kernel SRU Workflow prepare-package-meta series: Fix Released Status in Kernel SRU Workflow prepare-package-signed series: Fix Released Status in Kernel SRU Workflow promote-to-proposed series: Fix Released Status in Kernel SRU Workflow promote-to-security series: New Status in Kernel SRU Workflow promote-to-updates series: New Status in Kernel SRU Workflow regression-testing series: Confirmed Status in Kernel SRU Workflow security-signoff series: Fix Released Status in Kernel SRU Workflow upload-to-ppa series: Invalid Status in Kernel SRU Workflow verification-testing series: Confirmed Status in linux package in Ubuntu: Invalid Status in linux source package in Xenial: Confirmed Bug description: This bug is for tracking the upload package. This bug will contain status and testing results related to that upload. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow backports: 1716614,1716616 derivatives: 1716618,1716619,1716620,1716621,1716622 -- swm properties -- boot-testing-requested: true phase: Promoted to proposed proposed-announcement-sent: true proposed-testing-requested: true To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1716613/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1716618] Re: linux-raspi2: 4.4.0-1074.82 -proposed tracker
Hardware Certification have completed testing this -proposed kernel. No regressions were observed, results are available here: http://people.canonical.com/~hwcert/sru- testing/raspi2/4.4.0-1074.82/raspi2-4.4-proposed-published.html ** Tags added: certification-testing-passed ** Changed in: kernel-sru-workflow/certification-testing Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1716618 Title: linux-raspi2: 4.4.0-1074.82 -proposed tracker Status in Kernel SRU Workflow: In Progress Status in Kernel SRU Workflow automated-testing series: Fix Released Status in Kernel SRU Workflow certification-testing series: Fix Released Status in Kernel SRU Workflow prepare-package series: Fix Released Status in Kernel SRU Workflow prepare-package-meta series: Fix Released Status in Kernel SRU Workflow promote-to-proposed series: Fix Released Status in Kernel SRU Workflow promote-to-security series: New Status in Kernel SRU Workflow promote-to-updates series: New Status in Kernel SRU Workflow regression-testing series: Invalid Status in Kernel SRU Workflow security-signoff series: Fix Released Status in Kernel SRU Workflow upload-to-ppa series: New Status in Kernel SRU Workflow verification-testing series: Invalid Status in linux-raspi2 package in Ubuntu: Invalid Status in linux-raspi2 source package in Xenial: Confirmed Bug description: This bug is for tracking the upload package. This bug will contain status and testing results related to that upload. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- boot-testing-requested: true kernel-stable-master-bug: 1716613 phase: Promoted to proposed proposed-announcement-sent: true proposed-testing-requested: true To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1716618/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1714185] Re: flashcache is not usable on kernel version 4.8 and later
** Changed in: flashcache (Debian) Status: New => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1714185 Title: flashcache is not usable on kernel version 4.8 and later Status in flashcache package in Ubuntu: Fix Released Status in flashcache source package in Xenial: Fix Committed Status in flashcache source package in Zesty: Fix Released Status in flashcache package in Debian: Fix Released Bug description: SRU justification: Impact: The flashcache DKMS module is building but due to an incomplete adaptation for the bi_op/bi_opf split the resulting device-mapper logical volume is not properly writing back data to the backing device. !!! It is possible to write to the volume but the data is LOST !!! Fix: When setting up internal device-mapper IO structures we *must* also initialize bi_op_flags. At least when the structure is on the stack and is set up with individual assignments. Maybe it would not be required for the { ... } form but better be explicit in all cases. Testcase: - prereq: two block devices (disks or partitions), for testing this can also be loop devices. also need flashcache-utils and flashcache-dkms - run "sudo flashcache-create -p back " - run "sudo mkfs.ext4 /dev/mapper/" - run "sudo fsck -f /dev/mapper/" - run "sudo dmsetup remove " (this can take a bit) - run "sudo fsck -f " Regression Potential: None. The fix is only properly initializing otherwise uninitialized struct fields. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/flashcache/+bug/1714185/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1710993] Re: PulseAudio requirement breaks Firefox on ALSA-only systems after 55.0.1 update
Modified the bug description for lubuntu-default-settings and indicator- sound-gtk2 (indicator-sound-gtk2 needs the same fix as Zesty and Artful, bug 1708619 for reference). ** Description changed: [Impact] - - Users of Lubuntu 16.04 LTS are left with no sound in the default web - browser, Firefox. This is a regression. For users with no knowledge of - what PulseAudio even is (and even for people who *do* know what it is), - this is not good. + Users of Lubuntu 16.04 LTS are left with no sound in the default web browser, Firefox. This is a regression. For users with no knowledge of what PulseAudio even is (and even for people who *do* know what it is), this is not good. [Test Case] - - 1. Go to a website that plays sound in Firefox on Lubuntu 16.04. This, - for example: https://www.youtube.com/watch?v=_QfHhFlTUN8 + 1. Go to a website that plays sound in Firefox on Lubuntu 16.04. This, for example: https://www.youtube.com/watch?v=_QfHhFlTUN8 Expected: Sound should play without having to install any additional software. Result: No sound is played, and the user is given a message that they need to install PulseAudio. [Regression Potential] - - People might get mad that PulseAudio is now installed, without them - asking (but it adds functionality, so in my opinion this update is - needed, regardless). I see no technical regression potential, as it is - simply adding a dependency. + People might get mad that PulseAudio is now installed, without them asking (but it adds functionality, so in my opinion this update is needed, regardless). I see no technical regression potential, as it is simply adding a dependency. [Original Description] - - I am on Lubuntu, an ALSA-only system, after update Firefox to version - 55.0.1 it started to ask for PulseAudio when playing media. + I am on Lubuntu, an ALSA-only system, after update Firefox to version 55.0.1 it started to ask for PulseAudio when playing media. Reference: https://i.imgur.com/5gEnaYv.png I have initially stated the bug here: https://askubuntu.com/q/946568 This bug also happened with Firefox 52 and were fixed on 52.0.2, it seems it have had returned: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1671273 + + For lubuntu-default-settings and indicator-sound-gtk2: + + [Impact] + Without this fix, users are still using alsamixer after the migration to PulseAudio, this isn't intended as they should be using pavucontrol. + + [Test Case] + Go to the panel after installing the above lubuntu-meta fix, and right click on the volume icon, then select Volume Settings, and it goes to alsamixer. After installing these fixes, clicking the icon should display a Sound icon and Sound Settings should go to pavucontrol. + + [Regression Potential] + Little to none, as this has been applied in all releases after Lubuntu 16.04 LTS. The only regression would occur when launching pavucontrol (as shown and fixed in bug 1708619, the fix is in indicator-sound-gtk2). ** No longer affects: lubuntu-meta (Ubuntu Xenial) ** No longer affects: lubuntu-default-settings (Ubuntu Xenial) ** Also affects: indicator-sound-gtk2 (Ubuntu) Importance: Undecided Status: New ** Also affects: lubuntu-meta (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: lubuntu-default-settings (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: indicator-sound-gtk2 (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: lubuntu-default-settings (Ubuntu) Status: New => Fix Released ** Changed in: indicator-sound-gtk2 (Ubuntu) Status: New => Fix Released ** Changed in: indicator-sound-gtk2 (Ubuntu Xenial) Status: New => Fix Committed ** Changed in: lubuntu-meta (Ubuntu Xenial) Status: New => Fix Committed ** Changed in: lubuntu-default-settings (Ubuntu Xenial) Status: New => Fix Committed ** Changed in: indicator-sound-gtk2 (Ubuntu) Importance: Undecided => Critical ** Changed in: indicator-sound-gtk2 (Ubuntu Xenial) Importance: Undecided => Critical ** Changed in: lubuntu-default-settings (Ubuntu Xenial) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** Changed in: indicator-sound-gtk2 (Ubuntu Xenial) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** Changed in: lubuntu-meta (Ubuntu Xenial) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** Changed in: lubuntu-default-settings (Ubuntu Xenial) Importance: Undecided => Critical ** Changed in: lubuntu-meta (Ubuntu Xenial) Importance: Undecided => Critical -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1710993 Title: PulseAudio requirement breaks Firefox on ALSA-only systems after 55.0.1 update Status in indicator-sound-gtk2 package in Ubuntu: Fix Released Status in
[Group.of.nepali.translators] [Bug 1710993] Re: PulseAudio requirement breaks Firefox on ALSA-only systems after 55.0.1 update
Apologies for the delay on this, but I think I know why Tiago was having those issues... There seems to be other pulse things pulled in when upgrading completely from -proposed, and so it seems there might be a regression there, but after updating *only* lubuntu-desktop, it works fine. I would consider this a working lubuntu-meta, and I'll update the tags as such. But, they do raise a good point about the volume icon still using alsamixer. I'll work to figure that out. ** Tags removed: verification-needed verification-needed-xenial ** Tags added: verification-done verification-done-xenial ** Also affects: lubuntu-default-settings (Ubuntu) Importance: Undecided Status: New ** No longer affects: lubuntu-meta (Ubuntu Xenial) ** Also affects: lubuntu-meta (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: lubuntu-default-settings (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: lubuntu-meta (Ubuntu Xenial) Importance: Undecided => Critical ** Changed in: lubuntu-default-settings (Ubuntu) Importance: Undecided => Critical ** Changed in: lubuntu-default-settings (Ubuntu Xenial) Importance: Undecided => Critical ** Changed in: lubuntu-default-settings (Ubuntu Xenial) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** Changed in: lubuntu-meta (Ubuntu Xenial) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** Changed in: lubuntu-meta (Ubuntu Xenial) Status: New => Fix Committed ** Changed in: lubuntu-default-settings (Ubuntu Xenial) Status: New => In Progress -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1710993 Title: PulseAudio requirement breaks Firefox on ALSA-only systems after 55.0.1 update Status in lubuntu-default-settings package in Ubuntu: New Status in lubuntu-meta package in Ubuntu: Fix Released Status in lubuntu-default-settings source package in Xenial: In Progress Status in lubuntu-meta source package in Xenial: Fix Committed Bug description: [Impact] Users of Lubuntu 16.04 LTS are left with no sound in the default web browser, Firefox. This is a regression. For users with no knowledge of what PulseAudio even is (and even for people who *do* know what it is), this is not good. [Test Case] 1. Go to a website that plays sound in Firefox on Lubuntu 16.04. This, for example: https://www.youtube.com/watch?v=_QfHhFlTUN8 Expected: Sound should play without having to install any additional software. Result: No sound is played, and the user is given a message that they need to install PulseAudio. [Regression Potential] People might get mad that PulseAudio is now installed, without them asking (but it adds functionality, so in my opinion this update is needed, regardless). I see no technical regression potential, as it is simply adding a dependency. [Original Description] I am on Lubuntu, an ALSA-only system, after update Firefox to version 55.0.1 it started to ask for PulseAudio when playing media. Reference: https://i.imgur.com/5gEnaYv.png I have initially stated the bug here: https://askubuntu.com/q/946568 This bug also happened with Firefox 52 and were fixed on 52.0.2, it seems it have had returned: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1671273 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lubuntu-default-settings/+bug/1710993/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1714505] Re: systemd kmod builtin uses out of date kmod context
I think we should fix .udeb installation and the d-i to call `udevadm control --reload` after .udeb installation and before (re-)triggering udev. ** Also affects: debian-installer (Ubuntu) Importance: Undecided Status: New ** Changed in: systemd (Ubuntu Artful) Status: In Progress => Won't Fix ** No longer affects: systemd (Ubuntu Zesty) ** No longer affects: systemd (Ubuntu Trusty) ** No longer affects: systemd (Ubuntu Xenial) ** Changed in: systemd (Ubuntu) Status: In Progress => Won't Fix ** No longer affects: systemd (Ubuntu Artful) ** Also affects: debian-installer-utils (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1714505 Title: systemd kmod builtin uses out of date kmod context Status in systemd: Fix Released Status in debian-installer package in Ubuntu: New Status in debian-installer-utils package in Ubuntu: New Status in systemd package in Ubuntu: Won't Fix Status in debian-installer source package in Trusty: New Status in debian-installer source package in Xenial: New Status in debian-installer source package in Zesty: New Status in debian-installer source package in Artful: New Bug description: [Impact] udev's rules use a built-in 'kmod' instead of the system modprobe/insmod, and this built-in kmod only validates/refreshes its kmod 'context' every 3 seconds (or longer) during event processing. However, because other parts of the system rely on udev to load modules correctly, it is not acceptable for it to use an out of date module context. For example, during a system installation: -the system boots with kernel and initrd with a reduced set of modules, not including nvme module -udevd starts, and creates its kmod module context, which does not include nvme module -system installer adds 'block-modules' udeb, which adds nvme module to system -system installer immediately calls hw-detect->update-dev->udevadm trigger -udevd sees its kmod module context is not more than 3 seconds old, and does not update it -udevd rule 80-drivers.rules finds NVMe pci modalias and asks kmod builtin to load matching driver -udevd kmod builtin does not find NVMe pci modalias because its context is out of date this results in the system installer complaining to the user that it found no disks, even though there is a NVMe drive in the system, and the nvme module is installed in the system. [Test Case] This is reproducable when trying to install using debian-installer and a preseed file that skips all questions, although not on all systems, since other events can cause udevd to reload all its builtins, or the installer may take longer than 3 seconds to call udevadm trigger after installing the nvme module udeb. However, the bug is easily reproducable on any system with a nvme drive using this script: #!/bin/bash MOD_DIR=/lib/modules/$( uname -r )/kernel/drivers/nvme/host modprobe -rq nvme mv $MOD_DIR/nvme.ko . depmod -a sleep 3 udevadm trigger sleep 1 mv nvme.ko $MOD_DIR/ depmod -a udevadm trigger sleep 3 grep -q nvme /proc/partitions && echo PASS || echo FAIL that script does: 1) remove nvme module from the system, reproducing situation where nvme module had not yet been installed 2) waits 3 seconds, because the udev kmod validation timeout is 3 seconds 3) triggers udev, which forces it to reload its kmod context (this could be done with udevadm control -R instead) 4) waits 1 second for the udev trigger to finish, then puts the nvme module back into the system, reproducing the initial installation of the deb/udeb containing the nvme module 5) immediately triggers udev, which should load the nvme module when it sees the nvme pci device 6) wait 3 seconds for udev trigger to finish (plenty of time), and check if the nvme module was loaded this script reproduces the error every time, due to the stale kmod context. With a fixed udev, this should succeed in loading the nvme module. [Regression Potential] The most potential for regression with a fix to this involves slowing down udev due to validating the kmod context for every kmod load call. However, slightly higher performance does not make up for broken operation. [Other Info] This needs fixing upstream, which I'm in progress on. To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1714505/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1715576] Re: Fix crash when clicking cancel button, which may cause data loss
This is fixed in Artful already. ** Changed in: partitionmanager (Ubuntu) Status: Fix Committed => Fix Released ** Changed in: partitionmanager (Ubuntu) Importance: Undecided => Critical -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1715576 Title: Fix crash when clicking cancel button, which may cause data loss Status in partitionmanager package in Ubuntu: Fix Released Status in partitionmanager source package in Xenial: Fix Committed Status in partitionmanager source package in Zesty: Fix Committed Bug description: [Impact] Without these fixes, partitionmanager can cause severe data loss (in the KDE bug linked, someone lost an 890 GB LUKS partition. [Test Case] Try moving a partition and then pressing Cancel while it is running. It should display a dialog box asking if that is, in fact, what you would like to do, but instead it will crash, corrupting data. [Regression Potential] While extremely unlikely, a regression could occur when another framework (that this depends on) is updated, and that could cause the dialog box to not function as intended, possibly circumventing this. Like I wrote earlier, this is extremely unlikely, but it is still a possibility. [Original Description] Upstream bug: https://bugs.kde.org/show_bug.cgi?id=384348 Severity High or Critical, as can cause data loss. Fixed in version 3.1.2 with commit: https://cgit.kde.org/partitionmanager.git/commit/?id=feb2e374e496c65011e036f2a611fa7cc5b4e940 Affected versions and releases: 3.0.0-1 in Zesty 17.04 1.2.1-0ubuntu1 in Xenial 16.04 Cause is as error in the porting to Qt5/KF5, so the commit should be backportable as indicated by the upstream maintainer. However, contrary to commit bf38d67e1bef0e8901b6fff75a1f968f6985c4ae which states the post version 3.0.0 version bump is for intended for implementing new features, again upstream confirmed that these did not actually happen and changes 3.0.0 -> 3.1.2 are just bugfixes. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/partitionmanager/+bug/1715576/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1698180] Re: [CVE] Send Later with Delay bypasses OpenPGP
** Changed in: kf5-messagelib (Ubuntu) Status: Fix Committed => Fix Released ** Changed in: kmail (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1698180 Title: [CVE] Send Later with Delay bypasses OpenPGP Status in kdepim package in Ubuntu: Invalid Status in kf5-messagelib package in Ubuntu: Fix Released Status in kmail package in Ubuntu: Fix Released Status in kdepim source package in Trusty: New Status in kdepim source package in Xenial: New Status in kdepim source package in Zesty: New Status in kdepim source package in Artful: Invalid Bug description: KDE Project Security Advisory = Title: KMail: Send Later with Delay bypasses OpenPGP Risk Rating:Medium CVE:CVE-2017-9604 Versions: kmail, messagelib < 5.5.2 Date: 15 June 2017 Overview KMail’s Send Later with Delay function bypasses OpenPGP signing and encryption, causing the message to be sent unsigned and in plain-text. Solution Update to kmail, messagelib >= 5.5.2 (Released as part of KDE Applications 17.04.2) Or apply the following patches: kmail: https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39386522fca70a8 messagelib: https://commits.kde.org/messagelib/c54706e990bbd6498e7b1597ec7900bc809e8197 Credits === Thanks to Daniel Aleksandersen for the report and to Laurent Montel for the fix. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1698180/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1714505] Re: systemd kmod builtin uses out of date kmod context
** Changed in: systemd Status: New => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1714505 Title: systemd kmod builtin uses out of date kmod context Status in systemd: Fix Released Status in systemd package in Ubuntu: In Progress Status in systemd source package in Trusty: New Status in systemd source package in Xenial: In Progress Status in systemd source package in Zesty: In Progress Status in systemd source package in Artful: In Progress Bug description: [Impact] udev's rules use a built-in 'kmod' instead of the system modprobe/insmod, and this built-in kmod only validates/refreshes its kmod 'context' every 3 seconds (or longer) during event processing. However, because other parts of the system rely on udev to load modules correctly, it is not acceptable for it to use an out of date module context. For example, during a system installation: -the system boots with kernel and initrd with a reduced set of modules, not including nvme module -udevd starts, and creates its kmod module context, which does not include nvme module -system installer adds 'block-modules' udeb, which adds nvme module to system -system installer immediately calls hw-detect->update-dev->udevadm trigger -udevd sees its kmod module context is not more than 3 seconds old, and does not update it -udevd rule 80-drivers.rules finds NVMe pci modalias and asks kmod builtin to load matching driver -udevd kmod builtin does not find NVMe pci modalias because its context is out of date this results in the system installer complaining to the user that it found no disks, even though there is a NVMe drive in the system, and the nvme module is installed in the system. [Test Case] This is reproducable when trying to install using debian-installer and a preseed file that skips all questions, although not on all systems, since other events can cause udevd to reload all its builtins, or the installer may take longer than 3 seconds to call udevadm trigger after installing the nvme module udeb. However, the bug is easily reproducable on any system with a nvme drive using this script: #!/bin/bash MOD_DIR=/lib/modules/$( uname -r )/kernel/drivers/nvme/host modprobe -rq nvme mv $MOD_DIR/nvme.ko . depmod -a sleep 3 udevadm trigger sleep 1 mv nvme.ko $MOD_DIR/ depmod -a udevadm trigger sleep 3 grep -q nvme /proc/partitions && echo PASS || echo FAIL that script does: 1) remove nvme module from the system, reproducing situation where nvme module had not yet been installed 2) waits 3 seconds, because the udev kmod validation timeout is 3 seconds 3) triggers udev, which forces it to reload its kmod context (this could be done with udevadm control -R instead) 4) waits 1 second for the udev trigger to finish, then puts the nvme module back into the system, reproducing the initial installation of the deb/udeb containing the nvme module 5) immediately triggers udev, which should load the nvme module when it sees the nvme pci device 6) wait 3 seconds for udev trigger to finish (plenty of time), and check if the nvme module was loaded this script reproduces the error every time, due to the stale kmod context. With a fixed udev, this should succeed in loading the nvme module. [Regression Potential] The most potential for regression with a fix to this involves slowing down udev due to validating the kmod context for every kmod load call. However, slightly higher performance does not make up for broken operation. [Other Info] This needs fixing upstream, which I'm in progress on. To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1714505/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1717666] Re: borgbackup: multiple security issues
** Changed in: borgbackup (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1717666 Title: borgbackup: multiple security issues Status in borgbackup package in Ubuntu: Fix Released Status in borgbackup source package in Xenial: New Status in borgbackup source package in Zesty: New Bug description: [Impact] * Security issues before borg 1.0.9 CVE-2016-10100 CVE-2016-10099 [Test Case] * such CVEs might lead to archive overwrite, and a backup loss. [Regression Potential] * None, we have a testsuite to catch such issues. This release has been in debian testing and artful since a month or two, and no regressions have been found. 1.0.x branches are just for bug-fixes, and the testsuite is run during build and autopkgtesting. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/borgbackup/+bug/1717666/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp