[Bug 1550444] Re: Parole media player segfaults when seeking forward in a video file

[daniel CURTIS]

Hello.

Because 'Parole' is a part of an Universe section, it will be - probably
- not updated by Developers in Xenial/16.04 (please see rules about
updating packages, because I can be wrong). Of course, your method
Fixitman Arizona is okay.

By the way: please notice Gimp situation [1]: there are multiple
security issues fixed in various Gimp versions and Releases - even in
14.04/Trusty, which is older than Xenial, right? Never mind. I have no
idea why there is no security update for Gimp in Xenial.

Anyway, I solved problem with segfaults described by mikewhatever - an
original poster by using AppArmor. Because in the past I've created a
profile for Gimp, I decided to check what will happen when `mpris2.so`
library will be blocked. And it worked!

,[ AppArmor rule ]
| deny /usr/lib/@{multiarch}/parole-0/parole-mpris2.so mr,
`

With above rule in use, I can play any supported file/video and as
Original Poster wrote: "click or drag the slider to seek forward (...)"
and so on.

Thanks, best regards.

_
[1] https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1773561

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1550444

Title:
  Parole media player segfaults when seeking forward in a video file

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/parole/+bug/1550444/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1585434] Re: ecryptfs_decrypt_page: Error attempting to read lower page; rc = [-4]

[daniel CURTIS]

Hello.

Today, I've noticed two entries about 'ecryptfs_decrypt_page' and
'ecryptfs_readpage' errors in `/var/log/syslog` file. I have no idea if
there was/is more such entries. However, it looks this way:

,[ ✖ Error ]
| kernel: [25312.360714] ecryptfs_decrypt_page: Error attempting to read lower 
page; rc = [-4]
| kernel: [25312.360724] ecryptfs_readpage: Error decrypting page; rc = [-4]
`

There was not any system slowdowns, freezing etc. Anyway, `/home`
partition was encrypted during installation with eCryptfs (vide
`/home/.ecryptfs/t4/.Private`). Here are some technical informations
about system:

,[ ✖ lsb_release ]
| Distributor ID:   Ubuntu
| Description:  Ubuntu 16.04.6 LTS
| Release:  16.04
| Codename: xenial
| ---
| Linux:4.4.0-173-generic
| Architecture: i686/x86_32
`

It seems, that I'm not only one Xenial user who's seeing these errors (I
mean another comments, for example #16 by Stefan Wagner etc).

Thanks, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1585434

Title:
  ecryptfs_decrypt_page: Error attempting to read lower page; rc = [-4]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1585434/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1838090] Re: Ubuntu 16.04: read access incorrectly implies 'm' rule

[daniel CURTIS]

*** This bug is a duplicate of bug 1658219 ***
https://bugs.launchpad.net/bugs/1658219

Hello.

I would like to note, that when Linux kernel has been updated to
4.4.0-160.188 version[1] (with, among others, patches for LP:#1658219
and LP:#1838090), I've had to update a few profiles (such as Audacious,
Parole, Xorg, Logrotate etc.), because of a lot of "DENIED" entries in
system log files. If it's about access controls (vide
'requested{denied}_mask'): most new rules required 'm' (memory map as
executable), but some of them needed 'k' (file locking) etc.)

However, it seems everything is okay now and I hope, that there will be
no such issues anymore. Anyway, Mr Tyler Hicks was right: "users with
custom policy have some reasonable expectation that upgrading to the new
Ubuntu release or kernel version will require them to update their
custom policy".

By the way; what is an impact of these changes? (I mean LP:#1658219 and
LP:#1838090). Does it means, that now, use of 'm' and 'k' access is
secured/restricted/checked correctly by AppArmor? And one more thing:
this problem is related to v4.4 kernel only, right?


Thanks, best regards.
__
[1] https://launchpad.net/ubuntu/+source/linux/4.4.0-160.188

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1838090

Title:
  Ubuntu 16.04: read access incorrectly implies 'm' rule

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1838090/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1658219] Re: flock not mediated by 'k'

[daniel CURTIS]

Hello.

I would like to note, that when Linux kernel has been updated to
4.4.0-160.188 version[1] (with, among others, patches for LP:#1658219
and LP:#1838090), I've had to update a few profiles (such as Audacious,
Parole, Xorg, Logrotate etc.), because of a lot of "DENIED" entries in
system log files. If it's about access controls (vide
'requested{denied}_mask'): most new rules required 'm' (memory map as
executable), but some of them needed 'k' (file locking) etc.)

However, it seems everything is okay now and I hope, that there will be
no such issues anymore. Anyway, Mr Tyler Hicks was right: "users with
custom policy have some reasonable expectation that upgrading to the new
Ubuntu release or kernel version will require them to update their
custom policy".

By the way; what is an impact of these changes? (I mean LP:#1658219 and
LP:#1838090). Does it means, that now, use of 'm' and 'k' access is
secured/restricted/checked correctly by AppArmor? And one more thing:
this problem is related to v4.4 kernel only, right?


Thanks, best regards.
__
[1] https://launchpad.net/ubuntu/+source/linux/4.4.0-160.188

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1658219

Title:
  flock not mediated by 'k'

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1658219/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1617630] Re: Mousepad show the warning Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus -*

[daniel CURTIS]

Hello.

Sorry for writing post by post, but there still are problems with
Mousepad and 'connecting to accessibility bus' during editing any file.
Here is an example:

,[ $ mousepad /usr/bin/example ]
| ** (mousepad:14099): WARNING **: Couldn't connect to accessibility bus: 
| Failed to connect to socket /tmp/dbus-Z3dGTATnQK: Connection refused
`

Note: the same WARNING message is displayed no matter if 'sudo(8)'
command is being used. (However, it seems it is not a rule - if I
remember correctly, there wasn't such a message earlier. I mean a couple
months ago etc. But I could be wrong.) If it's about release, Mousepad
and Xfce4 version informations, everything is the same as above - in my
previous post.

By the way: because there is not any reaction on this issue/bug, maybe
it should be reported once again, but this time, choosing different
'Affects'? What do you think?

Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1617630

Title:
  Mousepad show the warning Couldn't connect to accessibility bus:
  Failed to connect to socket /tmp/dbus -*

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/at-spi2-core/+bug/1617630/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1790688] Re: x86/pti: 32-bit x86 systems support already available.

[daniel CURTIS]

Hello H Buus.

Thank You for a comment. According to BUGs with call traces from
'kern.log' file (I mean especially 'unable to handle kernel NULL pointer
dereference at 0008' messages etc.) I think you should report all
these informations on the linux-kernel mailing list (please see 1).
Also, I think, that the kernel-team mailing list is a good place -maybe
even better than 'lkml' - to report, because this mailing list is used
to coordinate and plan kernel uploads for Ubuntu (please see 2).

I hope, that 'PTI' will be backported soon, to the Linux kernel used in
16.04 LTS Release and x86_32/i386 architecture.


Thanks, best regards.
_
1.: https://lkml.org/
2.: https://lists.ubuntu.com/archives/kernel-team/

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1790688

Title:
  x86/pti: 32-bit x86 systems support already available.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1790688/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1835285] Re: PDF files don't open; "Failed to load backend for 'application/pdf': libpdfdocument.so" and "Invalid ELF header".

[daniel CURTIS]

Hello.

Sebastien, there is a good news. On Mon., Jul. 22, Evince has been
updated to 3.18.2-1ubuntu4.6 version to fix one security issue (buffer
overflow; CVE-2019-1010006)*. And now, I can open '.pdf' files again!

I think, that reinstalling Evince package, also could help - I mean with
problem I described, because `debsums(1)` showed, that MD5 sum for
'libpdfdocument.so' and 'libdvidocument.so' files does not match so
reinstall - probably - was a solution. However, I have not any
possibilities to check this.

Thank You and I apologize one more time for such a long time without my
answer.

Thanks, best regards.
_
* https://lists.ubuntu.com/archives/xenial-changes/2019-July/025019.html

** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2019-1010006

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835285

Title:
  PDF files don't open; "Failed to load backend for 'application/pdf':
  libpdfdocument.so" and "Invalid ELF header".

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1835285/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1835285] Re: PDF files don't open; "Failed to load backend for 'application/pdf': libpdfdocument.so" and "Invalid ELF header".

[daniel CURTIS]

Hi Sebastien.

Thank You for an answer. And I apologize for such a long time without my
answer. (An accident, nothing serious).

So Sebastien, please tell me, which informations exactly do you need?
I'm thinking about a `journalctl -b 0` command, of course. Is there
something specific, that you want or need to gather?

I'm asking, because there is not *any* informations about Evince or
loading backend for 'application/pdf' - for example - in system log
files, such as »/var/log/{syslog,kern.log}«, even right after trying to
open '.pdf' or 'djvu' files etc. (as you asked for it in your comment).
I mean nothing valuable, that can help to diagnose this problem.

Yes, there is the same problem with '.djvu' files - they cannot be
opened via Evince. Summarizing: I have problems not only with '.pdf',
but with '.djvu' files also. I have no idea what about other supported
file formats (please see 4. and Evince AppArmor profile), because I
can't test them, right now. And honestly, I don't know if I will be able
to do this. Sorry. (So, I updated the bug report and added this
information).

Sebastien, you also asked about the result of the `debsums(1)` for
'libevdocument3-4', right? I had to install `debsums` package first but
here it is:

,[ $ debsums libevdocument3-4 ]
| /usr/lib/i386-linux-gnu/evince/4/backends/comicsdocument.evince-backend   
OK
| /usr/lib/i386-linux-gnu/evince/4/backends/djvudocument.evince-backend 
OK
| /usr/lib/i386-linux-gnu/evince/4/backends/dvidocument.evince-backend  
OK
| /usr/lib/i386-linux-gnu/evince/4/backends/libcomicsdocument.so
OK
| /usr/lib/i386-linux-gnu/evince/4/backends/libdjvudocument.so  
OK
| /usr/lib/i386-linux-gnu/evince/4/backends/libdvidocument.so   
FAILED
| /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so   
FAILED
| /usr/lib/i386-linux-gnu/evince/4/backends/libpsdocument.so
OK
| /usr/lib/i386-linux-gnu/evince/4/backends/libtiffdocument.so  
OK
| /usr/lib/i386-linux-gnu/evince/4/backends/libxpsdocument.so   
OK
| /usr/lib/i386-linux-gnu/evince/4/backends/pdfdocument.evince-backend  
OK
| /usr/lib/i386-linux-gnu/evince/4/backends/psdocument.evince-backend   
OK
| /usr/lib/i386-linux-gnu/evince/4/backends/tiffdocument.evince-backend 
OK
| /usr/lib/i386-linux-gnu/evince/4/backends/xpsdocument.evince-backend  
OK
| /usr/lib/i386-linux-gnu/libevdocument3.so.4.0.0   
OK
| /usr/share/doc/libevdocument3-4/AUTHORS   
OK
| /usr/share/doc/libevdocument3-4/NEWS.gz   
OK
| /usr/share/doc/libevdocument3-4/README
OK
| /usr/share/doc/libevdocument3-4/TODO  
OK
| /usr/share/doc/libevdocument3-4/changelog.Debian.gz   
OK
| /usr/share/doc/libevdocument3-4/copyright 
OK
| /usr/share/lintian/overrides/libevdocument3-4 
OK
`

As We can see, there are two 'FAILED' results. So the file's MD5 sum
does not match, right? What do you think about this? Is this a bug or
something on my side went wrong?

Sebastien, I apologize You once again, for such a long time without
answer. Best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835285

Title:
  PDF files don't open; "Failed to load backend for 'application/pdf':
  libpdfdocument.so" and "Invalid ELF header".

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1835285/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1835285] Re: PDF files don't open; "Failed to load backend for 'application/pdf': libpdfdocument.so" and "Invalid ELF header".

[daniel CURTIS]

** Summary changed:

- PDF files do not open. 'Failed to load backend for 'application/pdf': 
libpdfdocument.so' and 'Invalid ELF header'.
+ PDF files don't open; "Failed to load backend for 'application/pdf': 
libpdfdocument.so" and "Invalid ELF header".

** Description changed:

  Hello.
  
  On Wed, Jun 19. 2019, Evince has been updated to version
  '3.18.2-1ubuntu4.5' [1]. This update added, among other things, some
  hardening from Ubuntu 18.10 Release. However, now, it is impossible to
  open any '.pdf' files. When I try to open such file, there is an
  information (on the red background) in the main Evince window. And It
  looks this way:
  
- 
- ,[ Evince .pdf issue ]
+ ,[ Opening '.pdf' error ]
  |
  | Cannot open document „file:///home/user/Docs/foo-bar.pdf”.
  | Failed to load backend for 'application/pdf': 
  | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF 
  | header
  |
  `
  
- 
- There is a reference to 
'/usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so'. According to 
dpkg(1) command this file is a part of the 'libevdocument3-4' package, which is 
already installed (version '3.18.2-1ubuntu4.5'). I also tried to open '.pdf' 
file via terminal, but nothing changed. Here are the results:
- 
+ There is a reference to »/usr/lib/i386-linux-
+ gnu/evince/4/backends/libpdfdocument.so«. According to `dpkg(1)` command
+ this file is a part of the 'libevdocument3-4' package, which is
+ installed already (version '3.18.2-1ubuntu4.5'). I also tried to open
+ '.pdf' file via terminal, but nothing changed. Here are the results:
  
  ,[ $ evince Docs/foo-bar.pdf ]
  |
  | (evince:26918): EvinceDocument-WARNING **:
  | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF 
  | header
  |
  | (evince:26918): EvinceDocument-WARNING **:
  | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF 
  | header
  |
  `
  
+ I think, that the whole problem is/could be related with AppArmor and
+ Evince profile changes in the latest update, because - for example - day
+ before, before update, everything was okay. Anyway, described
+ problem/issue started to happen right after Evince update. (To check
+ differences between AppArmor profile versions, please see 2. and 3.).
+ There is one more thing to notice: Evince profile, has never been
+ changed by the User.
  
- I think, that the whole problem is related with AppArmor changes in the 
latest update, because - for example - day before everything was okay. The 
described problem started right after Evince updated to the latest version. (To 
check differences between versions, please see 2. and 3.). The 'Evince' profile 
has never been changed by the Users. 
+ If it's about AppArmor: I've tried to change Evince profile mode from
+ 'enforce' to 'complain'. Unfortunately, nothing changed. There wasn't
+ any valuable entries in system log files etc. (I'm sorry, but for now, I
+ can not check other variants/solutions, such as: (a) disable Evince
+ profile via `aa-disable(8)` command or (b) make links between
+ »/etc/apparmor.d/usr.bin.evince« file and »/etc/apparmor.d/disable/«
+ directory, next use `apparmor_parser(8)` command to remove profile etc.)
  
- If it's about AppArmor: I've tried to change Evince profile mode form 
'enforce' to 'complain'. Unfortunately, nothing changed. There wasn't any 
valuable entries in system log files etc. (I'm sorry, but for now, I can not 
check other variants/solutions, such as: (a) disabling Evince profile with 
'aa-disable(8)' command or (b) making links between 
'/etc/apparmor.d/usr.bin.evince' and '/etc/apparmor.d/disable/' directory, next 
using 'apparmor_parser(8)' command to remove profile etc.)
-  
+ ✖ NOTE: to make some more tests, I've tried to open '.djvu' file, but
+ without success. It seems, that there is exactly the same informations
+ as with '.pdf' files. Of course, Evince
+ (»/etc/apparmor.d/usr.bin.evince«) profile contains rule to open such
+ file format etc. and many others, see 4. So, according to all of this,
+ maybe "Summary" should be changed to reflect this situation? Maybe
+ something like: "PDF and other files don't open; "Failed to load (...)".
+ 
+ Sebastien, what do You think?.
+ 
+ 
  Here are some additional informations: 
  
  ✗ Description: Ubuntu 16.04.6 LTS
  ✗ Release: 16.04
  ✗ Architecture:  x86_32/i386
- ✗ Linux: 4.4.0-154-generic (4.4.0-155-generic is already 
installed, but reboot is needed)
+ ✗ Linux: 4.4.0-155-generic
  
  ✓ AppArmor:  2.10.95-0ubuntu2.11
  ✓ Evince:   3.18.2-1ubuntu4.5
- 
  
  Best regards.
  __
  [1] https://lists.ubuntu.com/archives/xenial-changes/2019-June/024691.html
  [2] 
http://launchpadlibrarian.net/429511526/evince_3.18.2-1ubuntu4.4_3.18.2-1ubuntu4.5.diff.gz
  [3] 
http://launchpadlibrarian.net/429293224/evince_3.18.2-1ubuntu4.1_3.18.2-1ubuntu4.5.diff.gz
+ [4] 

[Bug 1835285] Re: PDF files do not open. 'Failed to load backend for 'application/pdf': libpdfdocument.so' and 'Invalid ELF header'.

[daniel CURTIS]

** Description changed:

  Hello.
  
  On Wed, Jun 19. 2019, Evince has been updated to version
  '3.18.2-1ubuntu4.5' [1]. This update added, among other things, some
- hardening from Ubuntu 18.10 Release. However, it seems to be impossible
- to open any '.pdf' files. After Evince update, I notices I can't open
- any '.pdf'. When I try to do it, Evince show this info:
+ hardening from Ubuntu 18.10 Release. However, now, it is impossible to
+ open any '.pdf' files. When I try to open such file, there is an
+ information (on the red background) in the main Evince window. And It
+ looks this way:
  
  
  ,[ Evince .pdf issue ]
  |
  | Cannot open document „file:///home/user/Docs/foo-bar.pdf”.
  | Failed to load backend for 'application/pdf': 
  | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF 
  | header
  |
  `
  
  
  There is a reference to 
'/usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so'. According to 
dpkg(1) command this file is a part of the 'libevdocument3-4' package, which is 
already installed (version '3.18.2-1ubuntu4.5'). I also tried to open '.pdf' 
file via terminal, but nothing changed. Here are the results:
  
  
  ,[ $ evince Docs/foo-bar.pdf ]
  |
  | (evince:26918): EvinceDocument-WARNING **:
  | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF 
  | header
  |
  | (evince:26918): EvinceDocument-WARNING **:
  | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF 
  | header
  |
  `
  
  
  I think, that the whole problem is related with AppArmor changes in the 
latest update, because - for example - day before everything was okay. The 
described problem started right after Evince updated to the latest version. (To 
check differences between versions, please see 2. and 3.). The 'Evince' profile 
has never been changed by the Users. 
  
  If it's about AppArmor: I've tried to change Evince profile mode form 
'enforce' to 'complain'. Unfortunately, nothing changed. There wasn't any 
valuable entries in system log files etc. (I'm sorry, but for now, I can not 
check other variants/solutions, such as: (a) disabling Evince profile with 
'aa-disable(8)' command or (b) making links between 
'/etc/apparmor.d/usr.bin.evince' and '/etc/apparmor.d/disable/' directory, next 
using 'apparmor_parser(8)' command to remove profile etc.)
   
+ Here are some additional informations: 
  
- Here are some technical informations:
+ ✗ Description: Ubuntu 16.04.6 LTS
+ ✗ Release: 16.04
+ ✗ Architecture:  x86_32/i386
+ ✗ Linux: 4.4.0-154-generic (4.4.0-155-generic is already 
installed, but reboot is needed)
  
- ✗ Description:Ubuntu 16.04.6 LTS
- ✗ Release:16.04
- ✗ Architecture: x86_32/i386
- ✗ Linux kernel: 4.4.0-154-generic (4.4.0-155-generic is already installed, 
but reboot is needed)
- 
- ✓ AppArmor: 2.10.95-0ubuntu2.11
- ✓ Evince:   3.18.2-1ubuntu4.5
+ ✓ AppArmor:  2.10.95-0ubuntu2.11
+ ✓ Evince:   3.18.2-1ubuntu4.5
  
  
  Best regards.
  __
  [1] https://lists.ubuntu.com/archives/xenial-changes/2019-June/024691.html
  [2] 
http://launchpadlibrarian.net/429511526/evince_3.18.2-1ubuntu4.4_3.18.2-1ubuntu4.5.diff.gz
  [3] 
http://launchpadlibrarian.net/429293224/evince_3.18.2-1ubuntu4.1_3.18.2-1ubuntu4.5.diff.gz

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835285

Title:
  PDF files do not open. 'Failed to load backend for 'application/pdf':
  libpdfdocument.so' and 'Invalid ELF header'.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1835285/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1835285] Re: PDF files do not open. 'Failed to load backend for 'application/pdf': libpdfdocument.so' and 'Invalid ELF header'.

[daniel CURTIS]

** Description changed:

  Hello.
  
  On Wed, Jun 19. 2019, Evince has been updated to version
  '3.18.2-1ubuntu4.5' [1]. This update added, among other things, some
  hardening from Ubuntu 18.10 Release. However, it seems to be impossible
  to open any '.pdf' files. After Evince update, I notices I can't open
  any '.pdf'. When I try to do it, Evince show this info:
  
  
  ,[ Evince .pdf issue ]
  |
  | Cannot open document „file:///home/user/Docs/foo-bar.pdf”.
- | Failed to load backend for 'application/pdf': 
/usr/lib/i386-linux-gnu/evince/4/backends
- | /libpdfdocument.so: Invalid ELF header
+ | Failed to load backend for 'application/pdf': 
+ | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF 
header
  |
  `
  
  
  There is a reference to 
'/usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so'. According to 
dpkg(1) command this file is a part of the 'libevdocument3-4' package, which is 
already installed (version '3.18.2-1ubuntu4.5'). I also tried to open '.pdf' 
file via terminal, but nothing changed. Here are the results:
  
  
  ,[ $ evince Docs/foo-bar.pdf ]
  |
- | (evince:26918): EvinceDocument-WARNING **: 
/usr/lib/i386-linux-gnu/evince/4/backends
- | /libpdfdocument.so: Invalid ELF header
+ | (evince:26918): EvinceDocument-WARNING **:
+ | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF 
header
  |
- | (evince:26918): EvinceDocument-WARNING **: 
/usr/lib/i386-linux-gnu/evince/4/backends
- | /libpdfdocument.so: Invalid ELF header
+ | (evince:26918): EvinceDocument-WARNING **:
+ | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF 
header
  |
  `
  
  
  I think, that the whole problem is related with AppArmor changes in the 
latest update, because - for example - day before everything was okay. The 
described problem started right after Evince updated to the latest version. (To 
check differences between versions, please see 2. and 3.). The 'Evince' profile 
has never been changed by the Users. 
  
  If it's about AppArmor: I've tried to change Evince profile mode form 
'enforce' to 'complain'. Unfortunately, nothing changed. There wasn't any 
valuable entries in system log files etc. (I'm sorry, but for now, I can not 
check other variants/solutions, such as: (a) disabling Evince profile with 
'aa-disable(8)' command or (b) making links between 
'/etc/apparmor.d/usr.bin.evince' and '/etc/apparmor.d/disable/' directory, next 
using 'apparmor_parser(8)' command to remove profile etc.)
   
  
  Here are some technical informations:
  
  ✗ Description:Ubuntu 16.04.6 LTS
  ✗ Release:16.04
  ✗ Architecture: x86_32/i386
  ✗ Linux kernel: 4.4.0-154-generic (4.4.0-155-generic is already installed, 
but reboot is needed)
  
  ✓ AppArmor: 2.10.95-0ubuntu2.11
  ✓ Evince:   3.18.2-1ubuntu4.5
  
  
  Best regards.
  __
  [1] https://lists.ubuntu.com/archives/xenial-changes/2019-June/024691.html
  [2] 
http://launchpadlibrarian.net/429511526/evince_3.18.2-1ubuntu4.4_3.18.2-1ubuntu4.5.diff.gz
  [3] 
http://launchpadlibrarian.net/429293224/evince_3.18.2-1ubuntu4.1_3.18.2-1ubuntu4.5.diff.gz

** Description changed:

  Hello.
  
  On Wed, Jun 19. 2019, Evince has been updated to version
  '3.18.2-1ubuntu4.5' [1]. This update added, among other things, some
  hardening from Ubuntu 18.10 Release. However, it seems to be impossible
  to open any '.pdf' files. After Evince update, I notices I can't open
  any '.pdf'. When I try to do it, Evince show this info:
  
  
  ,[ Evince .pdf issue ]
  |
  | Cannot open document „file:///home/user/Docs/foo-bar.pdf”.
  | Failed to load backend for 'application/pdf': 
- | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF 
header
+ | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF 
+ | header
  |
  `
  
  
  There is a reference to 
'/usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so'. According to 
dpkg(1) command this file is a part of the 'libevdocument3-4' package, which is 
already installed (version '3.18.2-1ubuntu4.5'). I also tried to open '.pdf' 
file via terminal, but nothing changed. Here are the results:
  
  
  ,[ $ evince Docs/foo-bar.pdf ]
  |
  | (evince:26918): EvinceDocument-WARNING **:
- | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF 
header
+ | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF 
+ | header
  |
  | (evince:26918): EvinceDocument-WARNING **:
- | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF 
header
+ | /usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so: Invalid ELF 
+ | header
  |
  `
  
  
  I think, that the whole problem is related with AppArmor changes in the 
latest update, because - for example - day before everything was okay. The 
described problem started right after Evince updated to the latest version. (To 
check differences between versions, please 

[Bug 1835285] [NEW] PDF files do not open. 'Failed to load backend for 'application/pdf': libpdfdocument.so' and 'Invalid ELF header'.

[daniel CURTIS]

Public bug reported:

Hello.

On Wed, Jun 19. 2019, Evince has been updated to version
'3.18.2-1ubuntu4.5' [1]. This update added, among other things, some
hardening from Ubuntu 18.10 Release. However, it seems to be impossible
to open any '.pdf' files. After Evince update, I notices I can't open
any '.pdf'. When I try to do it, Evince show this info:


,[ Evince .pdf issue ]
|
| Cannot open document „file:///home/user/Docs/foo-bar.pdf”.
| Failed to load backend for 'application/pdf': 
/usr/lib/i386-linux-gnu/evince/4/backends
| /libpdfdocument.so: Invalid ELF header
|
`


There is a reference to 
'/usr/lib/i386-linux-gnu/evince/4/backends/libpdfdocument.so'. According to 
dpkg(1) command this file is a part of the 'libevdocument3-4' package, which is 
already installed (version '3.18.2-1ubuntu4.5'). I also tried to open '.pdf' 
file via terminal, but nothing changed. Here are the results:


,[ $ evince Docs/foo-bar.pdf ]
|
| (evince:26918): EvinceDocument-WARNING **: 
/usr/lib/i386-linux-gnu/evince/4/backends
| /libpdfdocument.so: Invalid ELF header
|
| (evince:26918): EvinceDocument-WARNING **: 
/usr/lib/i386-linux-gnu/evince/4/backends
| /libpdfdocument.so: Invalid ELF header
|
`


I think, that the whole problem is related with AppArmor changes in the latest 
update, because - for example - day before everything was okay. The described 
problem started right after Evince updated to the latest version. (To check 
differences between versions, please see 2. and 3.). The 'Evince' profile has 
never been changed by the Users. 

If it's about AppArmor: I've tried to change Evince profile mode form 'enforce' 
to 'complain'. Unfortunately, nothing changed. There wasn't any valuable 
entries in system log files etc. (I'm sorry, but for now, I can not check other 
variants/solutions, such as: (a) disabling Evince profile with 'aa-disable(8)' 
command or (b) making links between '/etc/apparmor.d/usr.bin.evince' and 
'/etc/apparmor.d/disable/' directory, next using 'apparmor_parser(8)' command 
to remove profile etc.)
 

Here are some technical informations:

✗ Description:  Ubuntu 16.04.6 LTS
✗ Release:  16.04
✗ Architecture: x86_32/i386
✗ Linux kernel: 4.4.0-154-generic (4.4.0-155-generic is already installed, but 
reboot is needed)

✓ AppArmor: 2.10.95-0ubuntu2.11
✓ Evince:   3.18.2-1ubuntu4.5


Best regards.
__
[1] https://lists.ubuntu.com/archives/xenial-changes/2019-June/024691.html
[2] 
http://launchpadlibrarian.net/429511526/evince_3.18.2-1ubuntu4.4_3.18.2-1ubuntu4.5.diff.gz
[3] 
http://launchpadlibrarian.net/429293224/evince_3.18.2-1ubuntu4.1_3.18.2-1ubuntu4.5.diff.gz

** Affects: evince (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: elf evince header libpdfdocument.so pdf xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1835285

Title:
  PDF files do not open. 'Failed to load backend for 'application/pdf':
  libpdfdocument.so' and 'Invalid ELF header'.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1835285/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1815752] Re: nvidia-340 340.104-0ubuntu0.16.04.1: nvidia-340 kernel module failed to build

[daniel CURTIS]

Hello.

Once agains - I'm sorry for writing post by post, but there is a very
interesting comment I found, while checking patches/fixes in Linux
v4.4.0-143.169 version (see '1.'). This is excatly the same error, that
happened when I updated kernel to the latest '-proposed' release etc. In
both cases, it's about "Processing triggers for linux-
image-4.4.0-143-generic" and bad return status for 'nvidia' module
build.

So, maybe the whole problem with building 'nvidia' module is related
with "signing: only install a signed kernel (LP: #1764794)" (see '2.')?

Thanks, best regards.
_
[1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1764794/comments/6
[2] https://launchpad.net/ubuntu/+source/linux/4.4.0-143.169

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1815752

Title:
  nvidia-340 340.104-0ubuntu0.16.04.1: nvidia-340 kernel module failed
  to build

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-340/+bug/1815752/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1815776] Re: nvidia-384 384.130-0ubuntu0.16.04.1: nvidia-384 kernel module failed to build

[daniel CURTIS]

Hello.

Once agains - I'm sorry for writing post by post, but there is a very
interesting comment I found, while checking patches/fixes in Linux
v4.4.0-143.169 version (see '1.'). This is excatly the same error, that
happened when I updated kernel to the latest '-proposed' release etc. In
both cases, it's about "Processing triggers for linux-
image-4.4.0-143-generic" and bad return status for 'nvidia' module
build.

So, maybe the whole problem with building 'nvidia' module is related
with "signing: only install a signed kernel (LP: #1764794)" (see '2.')?

Thanks, best regards.
_
[1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1764794/comments/6
[2] https://launchpad.net/ubuntu/+source/linux/4.4.0-143.169

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1815776

Title:
  nvidia-384 384.130-0ubuntu0.16.04.1: nvidia-384 kernel module failed
  to build

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/+bug/1815776/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1815858] Re: nvidia-304 304.135-0ubuntu0.16.04.2: nvidia-304 kernel module failed to build

[daniel CURTIS]

Hello.

Once agains - I'm sorry for writing post by post, but there is a very
interesting comment I found, while checking patches/fixes in Linux
v4.4.0-143.169 version (see '1.'). This is excatly the same error, that
happened when I updated kernel to the latest '-proposed' release etc. In
both cases, it's about "Processing triggers for linux-
image-4.4.0-143-generic" and bad return status for 'nvidia' module
build.

So, maybe the whole problem with building 'nvidia' module is related
with "signing: only install a signed kernel (LP: #1764794)" (see '2.')?
In the last hours, two more more bug reports were created - all related
with 'nvidia' module build issues etc. (see '3.', '4.'). One difference
is nvidia driver version.

Thanks, best regards.

___
[1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1764794/comments/6
[2] https://launchpad.net/ubuntu/+source/linux/4.4.0-143.169
[3] 
https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-340/+bug/1815752
[4] 
https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/+bug/1815776

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1815858

Title:
  nvidia-304 304.135-0ubuntu0.16.04.2: nvidia-304 kernel module failed
  to build

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304/+bug/1815858/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1773561] Re: Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017: 17784-17789).

[daniel CURTIS]

** Changed in: gimp (Ubuntu Xenial)
   Status: Confirmed => New

** Information type changed from Public Security to Private Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1773561

Title:
  Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017:
  17784-17789).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1773561/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1815752] Re: nvidia-340 340.104-0ubuntu0.16.04.1: nvidia-340 kernel module failed to build

[daniel CURTIS]

Hello.

There is a similar raport about failed 'nvidia_304' module build on
latest '-proposed' v4.4.0-143-generic kernel:

✗ https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-
drivers-304/+bug/1815858

Mentioned issue happened on both: amd64 and i385/i686 architectures.

Best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1815752

Title:
  nvidia-340 340.104-0ubuntu0.16.04.1: nvidia-340 kernel module failed
  to build

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-340/+bug/1815752/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1815776] Re: nvidia-384 384.130-0ubuntu0.16.04.1: nvidia-384 kernel module failed to build

[daniel CURTIS]

Hello.

There is a similar raport about failed 'nvidia_304' module build on
latest '-proposed' v4.4.0-143-generic kernel:

✗ https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-
drivers-304/+bug/1815858

Mentioned issue happened on both: amd64 and i385/i686 architectures.

Best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1815776

Title:
  nvidia-384 384.130-0ubuntu0.16.04.1: nvidia-384 kernel module failed
  to build

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/+bug/1815776/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1815858] Re: nvidia-304 304.135-0ubuntu0.16.04.2: nvidia-304 kernel module failed to build

[daniel CURTIS]

Hello.

I'm sorry for writing post by post, but I forget to write, that - in my
case - architecture is i386/i686. There is also one more issue: I've
made a mistake during writing my post, in the last 'Makefile/make[1]'
informations (see exceptions from a build log): of course, there should
be "recipe for target 'module' failed".

Best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1815858

Title:
  nvidia-304 304.135-0ubuntu0.16.04.2: nvidia-304 kernel module failed
  to build

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-304/+bug/1815858/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1815858] Re: nvidia-304 304.135-0ubuntu0.16.04.2: nvidia-304 kernel module failed to build

[daniel CURTIS]

Hello.

It seems, that I'm experiencing exactly the same problem. During kernel
update process to v4.4.0-143.169 (from '-proposed') there was an error
message about some issues with 'nvidia' module etc.
'/var/lib/dkms/nvidia-304/304.135/build/make.log' file contains a full
build process informations. Here are some examples (I can paste it
somewhere):


[ NVIDIA Build log examples ]

In file included from ./arch/x86/include/asm/preempt.h:5:0,
 from include/linux/preempt.h:59,
 from include/linux/spinlock.h:50,
 from include/linux/seqlock.h:35,
 from include/linux/time.h:5,
 from include/uapi/linux/timex.h:56,
 from include/linux/timex.h:56,
 from include/linux/sched.h:19,
 from include/linux/utsname.h:5,
 from /var/lib/dkms/nvidia-304/304.135/build/nv-linux.h:40,
 from /var/lib/dkms/nvidia-304/304.135/build/nv.c:13:
include/linux/percpu-refcount.h: In function ‘percpu_ref_get_many’:
./arch/x86/include/asm/percpu.h:130:31: warning: comparison between signed and 
unsigned integer expressions [-Wsign-compare]
  ((val) == 1 || (val) == -1)) ?  \
   ^
(...)

include/linux/percpu-refcount.h: In function ‘percpu_ref_get_many’:
./arch/x86/include/asm/percpu.h:130:31: warning: comparison between signed and 
unsigned integer expressions [-Wsign-compare]
  ((val) == 1 || (val) == -1)) ?  \
   ^
(...)

include/linux/percpu-defs.h:394:11: note: in expansion of macro ‘this_cpu_add_1’
   case 1: stem##1(variable, __VA_ARGS__);break;  \
   ^
(...)

include/linux/percpu-refcount.h:276:3: note: in expansion of macro 
‘this_cpu_sub’
   this_cpu_sub(*percpu_count, nr);
   ^
(...)

include/linux/compiler.h:165:40: note: in definition of macro ‘likely’
 # define likely(x) __builtin_expect(!!(x), 1)
^
(...)

In file included from /var/lib/dkms/nvidia-304/304.135/build/nv-linux.h:82:0,
 from /var/lib/dkms/nvidia-304/304.135/build/nv-mlock.c:15:
include/linux/mm.h:1222:6: note: declared here
 long get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
  ^
(...)

make[2]: *** [_module_/var/lib/dkms/nvidia-304/304.135/build] Error 2
NVIDIA: left KBUILD.
nvidia.ko failed to build!
Makefile:257: commands for 'module' object failed
make[1]: *** [module] Error 1
makefile:59: commands for 'module' object failed
make: *** [module] Error 2


● NOTE: There is more definitions of, mentioned above, 'macros'. For example: 
‘__pcpu_size_call’, ‘this_cpu_add’, ‘percpu_add_op’, ‘this_cpu_add_4’ etc. 
Generally, they all are repeated in build log.

[ END of NVIDIA Build log example ]


That's is only an example (whole build log contains about ~1500 lines). Most 
interesting and strange part is that I'm not using 'nvidia' or 'nouveau' 
module, but I still can log to system via LightDM! Why is that? Shouldn't there 
be some graphics issues? Here are some more informations about 'nvidia' module 
(NOTE: I'm logged in and using v4.4.0-143-generic kernel - on which 'nvidia' 
module failed to build):

[~]$ modinfo nvidia
modinfo: ERROR: Module nvidia not found.

[~]$ sudo modprobe nvidia
modprobe: ERROR: ../libkmod/libkmod-module.c:832 kmod_module_insert_module() 
could not find module by name='nvidia_304'
modprobe: ERROR: could not insert 'nvidia_304': Unknown symbol in module, or 
unknown parameter (see dmesg)

[~]$ sudo modprobe nvidia_304
modprobe: FATAL: Module nvidia_304 not found in directory 
/lib/modules/4.4.0-143-generic

(NOTE: dmesg(1) is empty - there is no informations about 'nvidia'
issues).

[~]$ lsmod |grep nvidia
[~]$ lsmod |grep nouveau

By the way: there were some problems with graphics when monitor blacked
out (there should 'light-locker' show up), because of - for example - no
mouse movements or no reaction from user side and after resume colors
were bright, fonts thiner etc. If it's about X.org logs, there is
something like this in '/var/log/Xorg.0.log' file:

(II) LoadModule: "nvidia"
(II) Loading /usr/lib/i386-linux-gnu/xorg/extra-modules/nvidia_drv.so
(II) Module nvidia: vendor="NVIDIA Corporation"
compiled for 4.0.2, module version = 1.0.0
(...)
(EE) NVIDIA: Failed to load the NVIDIA kernel module. Please check your
(EE) NVIDIA: system's kernel log for additional error messages.
(II) UnloadModule: "nvidia"
(II) Unloading nvidia
(EE) Failed to load module "nvidia" (module-specific error, 0)
(II) LoadModule: "nouveau"
(II) Loading /usr/lib/xorg/modules/drivers/nouveau_drv.so

Now, some technical informations about versions etc.:

✗ Linux kernel: v4.4.0-143-generic
✗ Description:  Ubuntu 16.04.5 LTS
  Release:  16.04

✗ nvidia-304 304.135-0ubuntu0.16.04.2 
✗ nvidia-304-updates 304.135-0ubuntu0.16.04.2
✗ xserver-xorg-video-nouveau 1:1.0.12-1build2

✗ lspci(8) info: 00:10.0 

[Bug 1790688] Re: x86/pti: 32-bit x86 systems support already available.

[daniel CURTIS]

Hello. I would like to note, that "Meltdown" mitigation - for i386
architecture - among others improvements, is already available in
OpenBSD 6.4 release (see "Security improvements" section [in:]
https://www.openbsd.org/64.html).

Best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1790688

Title:
  x86/pti: 32-bit x86 systems support already available.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1790688/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1773561] Re: Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017: 17784-17789).

[daniel CURTIS]

** Changed in: gimp (Ubuntu)
   Status: Confirmed => Incomplete

** Changed in: gimp (Ubuntu Xenial)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1773561

Title:
  Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017:
  17784-17789).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1773561/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1790688] Re: x86/pti: 32-bit x86 systems support already available.

[daniel CURTIS]

** Summary changed:

- x86/pti: 32-Bit x86 systems support already available.
+ x86/pti: 32-bit x86 systems support already available.

** Description changed:

  Hello.
  
- Linux kernel v4.19 release candidate [1], finally have kernel page-table
- isolation ('PTI', previously known as 'KAISER') support for x86_32
- architecture. As we know, 'PTI' provides protection against attack,
- known as the "Meltdown" (CVE-2017-5754), that breaks isolation between
- user applications and the operating system etc. However, kernel page-
- table isolation wasn't available on 32-Bit x86 systems. Until now.
+ This is a very good news: 'PTI' support for x86-32 architecture is
+ available. Linux kernel v4.19 release candidate, finally have Kernel
+ Page-Table Isolation ('PTI', previously known as 'KAISER') support. As
+ we know, 'PTI' provides protection against attack, known as the
+ "Meltdown" (CVE-2017-5754), that breaks isolation between user
+ applications and the operating system etc. However, this protection -
+ needed for "Meltdown" mitigation - wasn't available on 32-bit x86
+ systems. Until now.
  
  So, I would like to ask a question: are there any plans to backport
- kernel page-table isolation patches for Linux kernels available in
- "Trusty"/14.04, "Xenial"/16.04 and "Bionic"/18.04 releases etc.? I mean
- x86_32 bit architecture, of course. I'm asking, because it seems, that
- pretty much no developers run 32-bit any more. However, there still are
- many 32-bit users out there.
+ Kernel Page-Table Isolation patches for Linux kernels available in
+ "Trusty"/14.04, "Xenial"/16.04 and "Bionic"/18.04 releases etc.? I'm
+ asking, because it seems, that pretty much no developers run 32-bit any
+ more. However, there still are many 32-bit users out there.
  
- For more informations about how 'PTI' was implementing on 32-Bit x86
- architecture, plase check - for example - commit '7757d607c6b31'
- ("x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32"). Here are
- messages about 'PTI' support (PATCH v7, v8) for x86_32 [1]. Next, 'PTI'
- fixes for x86-32 [2] and more patches related to 'x86/mm/pti' [3]. There
- is also a short report for the first half of the 4.19 kernel merge
- window [4].
+ For more informations about how 'PTI' was implemented, created for 32
+ bit x86 architecture, please check - for example - commit
+ '7757d607c6b31' ("x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for
+ x86_32") and these messages on lkml mailing list and lwn.net website
+ (which contains summary of the first half of the 4.19 kernel merge
+ window):
  
- I'm sorry for such a long message, but I'm very happy that 'PTI' support
- is already available for x86_32 architecture and I hope, that it will be
- backported to all Ubuntu LTS releases etc.
+ ✗ http://lkml.iu.edu/hypermail/linux/kernel/1807.2/02790.html ('PTI' on 
x86-32; PATCH v.8)
+ ✗ https://lwn.net/Articles/762566/ (See "Architecture-specific" changes)
+ 
+ I would like to send a big "Thank You" to Mr Joerg Roedel (and Others,
+ of course) for his amazing work - a whole raft of measures and patches
+ to make this possible - to enable 'PTI' mitigation on x86-32
+ architecture etc.
  
  Thanks, best regards.
- __
- 
- [1] http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03578.html (please see 
every next patches etc.)
- http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03181.html 
- http://lkml.iu.edu/hypermail/linux/kernel/1807.2/02790.html 
- [2] http://lkml.iu.edu/hypermail/linux/kernel/1808.0/05516.html
- [3] http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03161.html
- [4] https://lwn.net/Articles/762566/ (See "Architecture-specific" changes)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1790688

Title:
  x86/pti: 32-bit x86 systems support already available.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1790688/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1790688] Re: x86/pti: 32-Bit x86 systems support already available.

[daniel CURTIS]

Hello.

One more thing: since kernel page-table isolation is already available
on 32-Bit x86 systems (see Bug Description), maybe "SpectreAndMeltdown"
information page (see 1.) should be updated, because of such a statement
(see "Current Status"):

"No fix is currently available for Meltdown on 32-bit x86; moving to a
64-bit kernel is the currently recommended mitigation."

Maybe, it could be changed to note, that: "32-bit x86 finally have
kernel page-table isolation support to mitigate "Meltdown". It is
already available in Linux kernel v4.19". Or above statement, available
on "SpectreAndMeltdown" page, could be changed to:

"Fix/mitigation for Meltdown on 32-bit x86 is already available in Linux
v4.19 kernel".

But that's just my opinion.

Best regards.
__
1. 
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown#Current_Status

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1790688

Title:
  x86/pti: 32-Bit x86 systems support already available.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1790688/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1790688] Re: x86/pti: 32-Bit x86 systems support already available.

[daniel CURTIS]

** Changed in: linux (Ubuntu)
   Status: Incomplete => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1790688

Title:
  x86/pti: 32-Bit x86 systems support already available.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1790688/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1790688] [NEW] x86/pti: 32-Bit x86 systems support already available.

[daniel CURTIS]

Public bug reported:

Hello.

Linux kernel v4.19 release candidate [1], finally have kernel page-table
isolation ('PTI', previously known as 'KAISER') support for x86_32
architecture. As we know, 'PTI' provides protection against attack,
known as the "Meltdown" (CVE-2017-5754), that breaks isolation between
user applications and the operating system etc. However, kernel page-
table isolation wasn't available on 32-Bit x86 systems. Until now.

So, I would like to ask a question: are there any plans to backport
kernel page-table isolation patches for Linux kernels available in
"Trusty"/14.04, "Xenial"/16.04 and "Bionic"/18.04 releases etc.? I mean
x86_32 bit architecture, of course. I'm asking, because it seems, that
pretty much no developers run 32-bit any more. However, there still are
many 32-bit users out there.

For more informations about how 'PTI' was implementing on 32-Bit x86
architecture, plase check - for example - commit '7757d607c6b31'
("x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32"). Here are
messages about 'PTI' support (PATCH v7, v8) for x86_32 [1]. Next, 'PTI'
fixes for x86-32 [2] and more patches related to 'x86/mm/pti' [3]. There
is also a short report for the first half of the 4.19 kernel merge
window [4].

I'm sorry for such a long message, but I'm very happy that 'PTI' support
is already available for x86_32 architecture and I hope, that it will be
backported to all Ubuntu LTS releases etc.

Thanks, best regards.
__

[1] http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03578.html (please see 
every next patches etc.)
http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03181.html 
http://lkml.iu.edu/hypermail/linux/kernel/1807.2/02790.html 
[2] http://lkml.iu.edu/hypermail/linux/kernel/1808.0/05516.html
[3] http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03161.html
[4] https://lwn.net/Articles/762566/ (See "Architecture-specific" changes)

** Affects: linux (Ubuntu)
 Importance: Undecided
 Status: Incomplete


** Tags: i386 meltdown pti spectre x86-32

** Description changed:

  Hello.
  
  Linux kernel v4.19 release candidate [1], finally have kernel page-table
  isolation ('PTI', previously known as 'KAISER') support for x86_32
  architecture. As we know, 'PTI' provides protection against attack,
  known as the "Meltdown" (CVE-2017-5754), that breaks isolation between
  user applications and the operating system etc. However, kernel page-
  table isolation wasn't available on 32-Bit x86 systems. Until now.
  
  So, I would like to ask a question: are there any plans to backport
  kernel page-table isolation patches for Linux kernels available in
  "Trusty"/14.04, "Xenial"/16.04 and "Bionic"/18.04 releases etc.? I mean
  x86_32 bit architecture, of course. I'm asking, because it seems, that
  pretty much no developers run 32-bit any more. However, there still are
  many 32-bit users out there.
  
- For more informations about how 'PTI' implementing on 32-Bit x86
+ For more informations about how 'PTI' was implementing on 32-Bit x86
  architecture looks like, plase check - for example - commit
  '7757d607c6b31' ("x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for
  x86_32"). Here are messages about 'PTI' support (PATCH v7, v8) for
  x86_32 [1]. Next, 'PTI' fixes for x86-32 [2] and more patches related to
  'x86/mm/pti' [3]. There is also a short report for the first half of the
  4.19 kernel merge window [4].
  
  I'm sorry for such a long message, but I'm very happy that 'PTI' support
  is already available for x86_32 architecture and I hope, that it will be
  backported to all Ubuntu LTS releases etc.
  
  Thanks, best regards.
  __
  
  [1] http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03578.html (please see 
every next patches etc.)
  http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03181.html 
  http://lkml.iu.edu/hypermail/linux/kernel/1807.2/02790.html 
  [2] http://lkml.iu.edu/hypermail/linux/kernel/1808.0/05516.html
  [3] http://lkml.iu.edu/hypermail/linux/kernel/1807.1/03161.html
  [4] https://lwn.net/Articles/762566/ (See "Architecture-specific" changes)

** Description changed:

  Hello.
  
  Linux kernel v4.19 release candidate [1], finally have kernel page-table
  isolation ('PTI', previously known as 'KAISER') support for x86_32
  architecture. As we know, 'PTI' provides protection against attack,
  known as the "Meltdown" (CVE-2017-5754), that breaks isolation between
  user applications and the operating system etc. However, kernel page-
  table isolation wasn't available on 32-Bit x86 systems. Until now.
  
  So, I would like to ask a question: are there any plans to backport
  kernel page-table isolation patches for Linux kernels available in
  "Trusty"/14.04, "Xenial"/16.04 and "Bionic"/18.04 releases etc.? I mean
  x86_32 bit architecture, of course. I'm asking, because it seems, that
  pretty much no developers run 32-bit any more. However, there still are
  many 32-bit users out there.
  
  For more 

[Bug 1773561] Re: Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017: 17784-17789).

[daniel CURTIS]

** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1773561

Title:
  Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017:
  17784-17789).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1773561/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1773561] Re: Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017: 17784-17789).

[daniel CURTIS]

** Summary changed:

- Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017-*).
+ Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017: 
17784-17789).

** Description changed:

  Hello.
  
  GIMP package ('Universe/Security' section), available in "Xenial"/16.04
  LTS Release, contains unfixed security issues and is vulnerable to, for
  example, heap-buffer over-read, out of bounds read and stack-based
- buffer over-read etc. The whole this is pretty strange, because Ubuntu
+ buffer over-read etc. The whole thing is pretty strange, because Ubuntu
  Releases released before and after "Xenial", contains updated GIMP
- version!
+ package!
  
  Anyway, it looks this way: in "Trusty" the available version is:
  '2.8.10-0ubuntu1.2' (please see [1]). "Bionic" has '2.8.20-1.1' version
  (please see [2]). Both Releases contains fixes for mentioned security
  issues: CVE-2017-* etc. However, GIMP version in "Xenial" is
  '2.8.16-1ubuntu1.1' and does not contain any security updates from 2017.
  (The last one is from Thu, 30 Jun 2016.; please see [3]).
  
  Security updates with fixes for mentioned CVE's (please compare changes
  in 1. and 2. with 3.) were released on Thu., 18 Jan 2018 - for "Trusty"
  and Tue., 26 Dec 2017 - for "Bionic". In "Xenial", the last security
  update is from Thu., 30 Jun 2016 (fix for CVE-2016-4994) and there is no
  further updates!
  
- Here is a CVE list, which are not fixed in "Xenial", but in "Trusty" and
- "Bionic" only:
+ Here is a CVE list of security issues not fixed in "Xenial", but in
+ "Trusty" and "Bionic" etc.:
  
- 1/ CVE-2017-17786: Out of bounds read
- 2/ CVE-2017-17789: Heap-based buffer overflow in read_channel_data
- 3/ CVE-2017-17784: Heap-buffer over-read in load_image file-gbr.c
+ 1/ CVE-2017-17784: Heap-buffer over-read in load_image file-gbr.c
+ 2/ CVE-2017-17785: Heap-based buffer overflow in fli_read_brun function
+ 3/ CVE-2017-17786: Out of bounds read
  4/ CVE-2017-17787: Heap-based buffer over-read in read_creator_block
- 5/ CVE-2017-17785: Heap-based buffer overflow in fli_read_brun function
- 6/ CVE-2017-17788: Stack-based buffer over-read in xcf_load_stream
+ 5/ CVE-2017-17788: Stack-based buffer over-read in xcf_load_stream
+ 6/ CVE-2017-17789: Heap-based buffer overflow in read_channel_data
  
- I wanted to send an email an email to Mr Marc Deslauriers, because he
- made the last security update for GIMP in "Xenial" (fix for
- CVE-2016-4994). But I decided to report a bug on Launchpad. I hope that
- it's an acceptable way. If not, I'm sorry.
+ And the most important thing: if User had installed GIMP package in
+ "Xenial" Release, he is affected - since one year, at least - because of
+ a vulnerable version. Security issues, mentioned above, are from 2017.
+ So, maybe it's a good opportunity to update GIMP to v2.10.2 version,
+ released on 20., May 2018? (Version 2.8.X is very outdated).
  
- ✗✗✗ And the most important thing: if an User had installed GIMP package
- in "Xenial" Release, he is affected because he is using a vulnerable
- version since one year! Security issues, mentioned above, are from 2017.
- So, maybe it's a good opportunity to update GIMP to v2.10.2 version,
- released on 20., May 2018? At least in non-LTS Releases. Of course I'm
- not talking about "Cosmic" here. (Version 2.8.X is very outdated).
+ I wanted to send an email to Mr Marc Deslauriers, because he made the
+ last security update for GIMP in "Xenial" (fix for CVE-2016-4994). But I
+ decided to report a bug on Launchpad. I hope that it's an acceptable
+ way. If not, I'm sorry.
  
  By the way: similar problems with unfixed security issues, can be found
  e.g. in Audacious and Parole packages. But that's a different story,
  completely different story...
  
  Thanks, best regards.
  __
  1. 
http://changelogs.ubuntu.com/changelogs/pool/main/g/gimp/gimp_2.8.10-0ubuntu1.2/changelog
 
  2. 
http://changelogs.ubuntu.com/changelogs/pool/universe/g/gimp/gimp_2.8.20-2/changelog
 
  3. 
http://changelogs.ubuntu.com/changelogs/pool/universe/g/gimp/gimp_2.8.16-1ubuntu1.1/changelog

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1773561

Title:
  Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017:
  17784-17789).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1773561/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1773561] Re: Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017-*).

[daniel CURTIS]

** Description changed:

  Hello.
  
  GIMP package ('Universe/Security' section), available in "Xenial"/16.04
  LTS Release, contains unfixed security issues and is vulnerable to, for
  example, heap-buffer over-read, out of bounds read and stack-based
  buffer over-read etc. The whole this is pretty strange, because Ubuntu
  Releases released before and after "Xenial", contains updated GIMP
  version!
  
  Anyway, it looks this way: in "Trusty" the available version is:
  '2.8.10-0ubuntu1.2' (please see [1]). "Bionic" has '2.8.20-1.1' version
  (please see [2]). Both Releases contains fixes for mentioned security
  issues: CVE-2017-* etc. However, GIMP version in "Xenial" is
  '2.8.16-1ubuntu1.1' and does not contain any security updates from 2017.
  (The last one is from Thu, 30 Jun 2016.; please see [3]).
  
  Security updates with fixes for mentioned CVE's (please compare changes
  in 1. and 2. with 3.) were released on Thu., 18 Jan 2018 - for "Trusty"
  and Tue., 26 Dec 2017 - for "Bionic". In "Xenial", the last security
  update is from Thu., 30 Jun 2016 (fix for CVE-2016-4994) and there is no
  further updates!
  
  Here is a CVE list, which are not fixed in "Xenial", but in "Trusty" and
  "Bionic" only:
  
  1/ CVE-2017-17786: Out of bounds read
  2/ CVE-2017-17789: Heap-based buffer overflow in read_channel_data
  3/ CVE-2017-17784: Heap-buffer over-read in load_image file-gbr.c
  4/ CVE-2017-17787: Heap-based buffer over-read in read_creator_block
  5/ CVE-2017-17785: Heap-based buffer overflow in fli_read_brun function
  6/ CVE-2017-17788: Stack-based buffer over-read in xcf_load_stream
  
  I wanted to send an email an email to Mr Marc Deslauriers, because he
  made the last security update for GIMP in "Xenial" (fix for
  CVE-2016-4994). But I decided to report a bug on Launchpad. I hope that
  it's an acceptable way. If not, I'm sorry.
  
+ ✗✗✗ And the most important thing: if an User had installed GIMP package
+ in "Xenial" Release, he is affected because he is using a vulnerable
+ version since one year! Security issues, mentioned above, are from 2017.
+ So, maybe it's a good opportunity to update GIMP to v2.10.2 version,
+ released on 20., May 2018? At least in non-LTS Releases. Of course I'm
+ not talking about "Cosmic" here. (Version 2.8.X is very outdated).
+ 
  By the way: similar problems with unfixed security issues, can be found
  e.g. in Audacious and Parole packages. But that's a different story,
  completely different story...
  
  Thanks, best regards.
  __
  1. 
http://changelogs.ubuntu.com/changelogs/pool/main/g/gimp/gimp_2.8.10-0ubuntu1.2/changelog
 
  2. 
http://changelogs.ubuntu.com/changelogs/pool/universe/g/gimp/gimp_2.8.20-2/changelog
 
  3. 
http://changelogs.ubuntu.com/changelogs/pool/universe/g/gimp/gimp_2.8.16-1ubuntu1.1/changelog

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1773561

Title:
  Xenial/16.04: GIMP needs a security update - unfixed issues
  (CVE-2017-*).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1773561/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1773561] Re: Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017-*).

[daniel CURTIS]

I don't know why 'fglrx-installer' was chosen as an affected package.
During creating a report I've chosen 'gimp' package.

** Package changed: fglrx-installer (Ubuntu) => gimp (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1773561

Title:
  Xenial/16.04: GIMP needs a security update - unfixed issues
  (CVE-2017-*).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1773561/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1773561] [NEW] Xenial/16.04: GIMP needs a security update - unfixed issues (CVE-2017-*).

[daniel CURTIS]

Public bug reported:

Hello.

GIMP package ('Universe/Security' section), available in "Xenial"/16.04
LTS Release, contains unfixed security issues and is vulnerable to, for
example, heap-buffer over-read, out of bounds read and stack-based
buffer over-read etc. The whole this is pretty strange, because Ubuntu
Releases released before and after "Xenial", contains updated GIMP
version!

Anyway, it looks this way: in "Trusty" the available version is:
'2.8.10-0ubuntu1.2' (please see [1]). "Bionic" has '2.8.20-1.1' version
(please see [2]). Both Releases contains fixes for mentioned security
issues: CVE-2017-* etc. However, GIMP version in "Xenial" is
'2.8.16-1ubuntu1.1' and does not contain any security updates from 2017.
(The last one is from Thu, 30 Jun 2016.; please see [3]).

Security updates with fixes for mentioned CVE's (please compare changes
in 1. and 2. with 3.) were released on Thu., 18 Jan 2018 - for "Trusty"
and Tue., 26 Dec 2017 - for "Bionic". In "Xenial", the last security
update is from Thu., 30 Jun 2016 (fix for CVE-2016-4994) and there is no
further updates!

Here is a CVE list, which are not fixed in "Xenial", but in "Trusty" and
"Bionic" only:

1/ CVE-2017-17786: Out of bounds read
2/ CVE-2017-17789: Heap-based buffer overflow in read_channel_data
3/ CVE-2017-17784: Heap-buffer over-read in load_image file-gbr.c
4/ CVE-2017-17787: Heap-based buffer over-read in read_creator_block
5/ CVE-2017-17785: Heap-based buffer overflow in fli_read_brun function
6/ CVE-2017-17788: Stack-based buffer over-read in xcf_load_stream

I wanted to send an email an email to Mr Marc Deslauriers, because he
made the last security update for GIMP in "Xenial" (fix for
CVE-2016-4994). But I decided to report a bug on Launchpad. I hope that
it's an acceptable way. If not, I'm sorry.

By the way: similar problems with unfixed security issues, can be found
e.g. in Audacious and Parole packages. But that's a different story,
completely different story...

Thanks, best regards.
__
1. 
http://changelogs.ubuntu.com/changelogs/pool/main/g/gimp/gimp_2.8.10-0ubuntu1.2/changelog
 
2. 
http://changelogs.ubuntu.com/changelogs/pool/universe/g/gimp/gimp_2.8.20-2/changelog
 
3. 
http://changelogs.ubuntu.com/changelogs/pool/universe/g/gimp/gimp_2.8.16-1ubuntu1.1/changelog

** Affects: gimp (Ubuntu)
 Importance: Undecided
 Status: Confirmed


** Tags: cve gimp security upgrade-software-version xenial

** Changed in: fglrx-installer (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1773561

Title:
  Xenial/16.04: GIMP needs a security update - unfixed issues
  (CVE-2017-*).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1773561/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1773515] Re: apparmour fails after removal of snapd

[daniel CURTIS]

Hello Dale.

It seems, that I've had the same/similar problem with AppArmor and
'usr.lib.snapd.snap-confine.real' profile [1]. The strange thing was,
that I couldn't change the enforcement mode for any profile! For example
Firefox etc.

Please edit this profile and check if this line is commented. If it
isn't then You can do this by adding '#' etc.:

- include "/var/lib/snapd/apparmor/snap-confine"
+ #include "/var/lib/snapd/apparmor/snap-confine"

Next, reboot system or reload AppArmor service. In my case, commenting
an include '/var/lib/snapd/apparmor/snap-confine.d' line, fixed this
issue, which seems to be similar to your problem. However, it should be
fixed via 'snapd' package update but I don't remember if there was such
an update. Anyway, I hope it will help You.

Thanks, best regards.
_
[1] https://lists.ubuntu.com/archives/apparmor/2017-November/011330.html

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1773515

Title:
  apparmour fails after removal of snapd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1773515/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1770600] Re: Firefox v60: does not work after updating, many "DENIED" log entries.

[daniel CURTIS]

Hello Simon.

Thank You very much for an informations. Yes, there was some changes to
the Sandbox (vide 'about:support'), because after update there was one
new option with 'false' value (I have had similar issue in the past but
it's not important now) and levels for the "Content Separation" and
"Effective Content Separation" has changed to "4" (while in Firefox 59.0
version it was "3") etc.

I will also add an "owner" prefix to the '@{PROC}' rules. Thanks for
clarifications; I waited for something like this, because I had no idea
if "owner" should be used in such situation.

Anyway, if it's about the last rule in my report and this one mentioned
in my comment #2: it seems, that when everything is commented, there is
a problem with opening new tab (e.g. by clicking "+") - after ~2 hours
of Firefox using there is an error message that "this tab has failed",
"We can help!" etc. Everything else is working okay.

For now I decided to comment this rule, because I think it's a wrong
rule (see my post #2 for more informations). As I already mentioned,
"abstractions/X" file contains rule related with "/tmp/.X11-unix/X0" and
"connect" operation. However, there is also "type" and "peer" options
(see report; last rule) - which is not in the log entry! So, here is
what I've done for now:

# Here are a rules from an "abstractions/X" file. However I used "rw" access. 
Reason:
# "r" access added because of log entries with 'requested{,denied}_mask=r' (see 
bug report) 
#
/tmp/.X11-unix/* rw,

#unix (connect, receive, send)
#type=stream
#peer=(addr="@/tmp/.X11-unix/X[0-9]*"), 

And everything seems to work okay: just as before update to 60.0
version. Okay, so for now I will:

✗ add an "owner" prefix for all '@{PROC}' rules (thanks Simon!);
✗ use only "/tmp/.X11-unix/* rw," rule (until more information will be 
gathered);
✗ monitor the log files, journalctl(1) command etc. 

Once again: thank You Simon for an informations! I hope also that
someone else will confirm the correctness of all these rules.
(Especially these mentioned in bug report).

By the way: Simon, what about two rules: mentioned above "unix" and
"dbus" rule (see bug report and 7. rule) Have you seen such an entries
in your log files etc.? Did you have had a similar issues with firefox,
just before adding rules (see bug report)?

Thanks, best regards.

** Summary changed:

- Firefox v60: does not work after updating, many "DENIED" log entries.
+ Firefox v60: does not work after update, many "DENIED" log entries etc.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1770600

Title:
  Firefox v60: does not work after update, many "DENIED" log entries
  etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1770600/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1662501] Re: since the apparmor profile is disabled by default, please make the apparmor policy strict with option to make less strict

[daniel CURTIS]

Hello.

I think that the default Firefox profile can be made more restrictive,
stricter. It's pretty simple and can be done by removing a few default
rules (mentioned in bug report by Vlad K., for example) etc. Anyway,
here are some ideas (based on testing made in the past).

As an example, we can specify, mentions the rules that makes browsing
directories works. My tests made in the past, showed that Firefox needs
an access only to '/dev/' directory - not the whole and everything in
'/**/' folders! The same thing with rules providing an access to
documentation and other files (default rule: '/usr/** r,'). In my
testings, Firefox needed an access to '/usr/share/{glib-2.0,hunspell}/'
folders only! Not everything under '/usr/'.

If it's about '/etc/apparmor.d/abstractions/ubuntu-browsers.d/user-
files' file and rules to access everything in User home folder: by
default, Firefox profile contains rules that allows downloads to
'~/Downloads' and uploads from '~/Public' folders, right? Because, there
is also one rule related to the 'user-files' file: '' an access is unrestricted.

Changing/removing rules in the 'user-files' file and adding rules that
allows User to save files only in '~/Downloads' folder seems to fix such
issue - unrestricted access etc. The same thing with unnecessary - in my
opinion - rules mentioned above '/**/' and '/usr' and so on.

Additionally, there can be added a '' rule to deny
access to sensitive files and to provide a special attention to
(potentially) executable files. (However, during testings appeared a few
"DENIED" entries in the logs files and additional rules were needed.)

And that's not everything. For example, Users who don't use printers
doesn't need '' rule, right? There are many rules
in default Firefox profile that can be changed/removed etc. (Personally,
I'm using profile created from scratch, with more stricter policy).

By the way: it seems that with every next Firefox release, a new rules
needs to be added. It's happens very often. The latest Firefox version,
caused several problems: no menu bar, main window resize, errors with
tab, no website could be enabled by clicking on a bookmarks labels etc.
Really, the v60 version caused many issues, that required a few new
rules. Here are bug report:

● https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1770600

I hope, that it will help someone to fix problems, that may appear after
Firefox upgrade to the 60.0 version.

Thanks, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1662501

Title:
  since the apparmor profile is disabled by default, please make the
  apparmor policy strict  with option to make less strict

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1662501/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 418203] Re: "Mozilla Firefox for Ubuntu canonical - 1.0" doesn't make sense

[daniel CURTIS]

Hello.

"Mozilla Firefox for Ubuntu canonical - 1.0" (checked via "Help" menu
and "About Firefox") issue is still not fixed:

✗ Firefox: v60.0 (32-bit)
✗ Ubuntu: 16.04.4 LTS 

Thanks, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/418203

Title:
  "Mozilla Firefox for Ubuntu canonical - 1.0" doesn't make sense

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/418203/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1770600] Re: Firefox v60: does not work after updating, many "DENIED" log entries.

[daniel CURTIS]

Hello.

I apologize, once again, for such a bad bug report, but I'm in a hurry
(I just want to help, because there could be some issues with a new
Firefox version - problems, that could appear after update. Just like in
my case etc.) Anyway, there is a one entry in log files that makes me
confused, because there is not so many informations that could help
create a proper rule. Here is the log entry (appeared about 4, 5 times):

✗ apparmor="DENIED" operation="connect"
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/tmp/.X11-unix/X0"
pid=4643 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000
ouid=0

As I already mentioned, "abstractions/X" file contains rule related with
"/tmp/.X11-unix/X0" and "connect" operation. However, there is also
"type" and "peer" options (see report; last rule) - which is not in the
log entry! So, it seems, that such rule is wrong... but Firefox started
to work normally.

Anyway, I would like to ask if there can/should be used something like
this - instead of a rule in bug report:

# Explicitly allow 'connect' unix permission
unix (connect), 

(NOTE: chromium-browser profile also contains a few "unix" - but not
with 'connect' option - and "capability" rules) What do you think? Which
one solution is better:

- use the last rule mentioned in bug report (please note, that there is "rw" 
access for "/tmp/.X11-unix/X0" socket because of 'requested{,denied}_mask'); 
- allow only 'connect' unix permission (see this post); 
 
Or maybe it should be only something like this? But that is just an idea. Crazy 
idea: 

/tmp/.X11-unix/X[0-9]* r,

Thanks. I'm sorry once again.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1770600

Title:
  Firefox v60: does not work after updating, many "DENIED" log entries.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1770600/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1770600] Re: Firefox v60: does not work after updating, many "DENIED" log entries.

[daniel CURTIS]

I apologize for so much "description:updated", but I had some problems
with text formatting etc. If these "posts" can be removed, please do it.

Thanks.

** Description changed:

  Hello.
  
  Today, Firefox has been updated to v60. After first start there was so
  many problems: with new tab (errors), Sandbox option (one new option
  with 'false' value). There were so many issues. No website was working,
  I can not click on anything, there was no menu bar and so on. Firefox
  main windows has been resized etc.
  
- Anyway, there was also a lot of "DENIED" entries in a log files. These
+ Anyway, there was also a lot of "DENIED" entries in a log files. Here
  are the AppArmor rules, that helped and now Firefox works okay. Maybe it
  will help someone too?
  
  # apparmor="DENIED" operation="capable" 
  # profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21 
  # capname="sys_admin" 
  #
  capability sys_admin,
  
  # apparmor="DENIED" operation="capable" 
  # profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox" 
  # capability=19 capname="sys_ptrace" 
  #
  capability sys_ptrace, 
  
  # apparmor="DENIED" operation="capable" 
  # profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread" 
  # capability=18  capname="sys_chroot" 
  #
  capability sys_chroot, 
  
  # NOTE: what about an "owner" prefix?
  #
  # apparmor="DENIED" operation="open" 
  # profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map" 
  # comm="Gecko_IOThread" requested_mask="w" denied_mask="w" 
  # fsuid=1000 ouid=1000 
  #
  @{PROC}/@{pid}/uid_map w,
  
  # NOTE: what about an "owner" prefix?
  #
  # apparmor="DENIED" operation="open" 
  # profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map" 
  # comm="Gecko_IOThread" requested_mask="w" denied_mask="w" 
  # fsuid=1000 ouid=1000 
  #
  @{PROC}/@{pid}/gid_map w,
  
  # NOTE: what about an "owner" prefix?
  #
  # apparmor="DENIED" operation="open" 
  # profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups" 
  # comm="Gecko_IOThread" requested_mask="w" denied_mask="w" 
  # fsuid=1000 ouid=1000 
  #
  @{PROC}/@{pid}/setgroups w,
  
  # NOTE: what about an "owner" prefix?
  #
  # apparmor="DENIED" operation="dbus_bind"  bus="session" 
  # name="org.mozilla.firefox.WAJxENJayq__" mask="bind" 
  # label="/usr/lib/firefox/firefox{,*[^s][^h]}" 
  #
  dbus bind bus=session name=org.mozilla.firefox.*,
  
  # NOTE: this rule can be found, for example, in "abstractions/X" file. 
  # However, there is "r" in 'requested{,denied}_mask" - for '/tmp/.X11-unix/' 
  # - in log entries, so I added "r" - and now it's "rw".
  # 
  # apparmor="DENIED" operation="connect" 
  # profile="/usr/lib/firefox/firefox{,*[^s][^h]}" 
  # name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r" 
  # fsuid=1000 ouid=0
  #
  /tmp/.X11-unix/* rw,
  unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
  
  Can someone check if these rules are okay? With above rules, Firefox v60
  is working okay again: web browsing, new tabs etc. There are also some
  "segfaults" error in log files - together with "DENIED" rules. Here are
  some of them (there is a bug report on Launchpad about "libxul"):
  
  ✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 
error 6 in libxul.so[aebed000+66fd000]
  ✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in 
libxul.so[aebed000+66fd000]
  
  I hope, that above rules will help other users who will have an issues
  with a new Firefox release. Here are some technical informations:
  
  ● Firefox: v60.0 (32-bit)
  ● Linux kernel: 4.4.0-125-generic
  ● Release: 16.04 LTS 
  
  Thanks, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1770600

Title:
  Firefox v60: does not work after updating, many "DENIED" log entries.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1770600/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1770600] [NEW] Firefox v60: does not work after updating, many "DENIED" log entries.

[daniel CURTIS]

Public bug reported:

Hello.

Today, Firefox has been updated to v60. After first start there was so
many problems: with new tab (errors), Sandbox option (one new option
with 'false' value). There were so many issues. No website was working,
I can not click on anything, there was no menu bar and so on. Firefox
main windows has been resized etc.

Anyway, there was also a lot of "DENIED" entries in a log files. Here
are the AppArmor rules, that helped and now Firefox works okay. Maybe it
will help someone too?

# apparmor="DENIED" operation="capable" 
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"capability=21 
# capname="sys_admin" 
#
capability sys_admin,

# apparmor="DENIED" operation="capable" 
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox" 
# capability=19 capname="sys_ptrace" 
#
capability sys_ptrace, 

# apparmor="DENIED" operation="capable" 
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread" 
# capability=18  capname="sys_chroot" 
#
capability sys_chroot, 

# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open" 
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4137/uid_map" 
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w" 
# fsuid=1000 ouid=1000 
#
@{PROC}/@{pid}/uid_map w,

# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open" 
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/4282/gid_map" 
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w" 
# fsuid=1000 ouid=1000 
#
@{PROC}/@{pid}/gid_map w,

# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="open" 
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/pro /4282/setgroups" 
# comm="Gecko_IOThread" requested_mask="w" denied_mask="w" 
# fsuid=1000 ouid=1000 
#
@{PROC}/@{pid}/setgroups w,

# NOTE: what about an "owner" prefix?
#
# apparmor="DENIED" operation="dbus_bind"  bus="session" 
# name="org.mozilla.firefox.WAJxENJayq__" mask="bind" 
# label="/usr/lib/firefox/firefox{,*[^s][^h]}" 
#
dbus bind bus=session name=org.mozilla.firefox.*,

# NOTE: this rule can be found, for example, in "abstractions/X" file. 
# However, there is "r" in 'requested{,denied}_mask" - for '/tmp/.X11-unix/' 
# - in log entries, so I added "r" - and now it's "rw".
# 
# apparmor="DENIED" operation="connect" 
# profile="/usr/lib/firefox/firefox{,*[^s][^h]}" 
# name="/tmp/.X11-unix/X0" comm="firefox" requested_mask="r" denied_mask="r" 
# fsuid=1000 ouid=0
#
/tmp/.X11-unix/* rw,
unix (connect, receive, send)
  type=stream
  peer=(addr="@/tmp/.X11-unix/X[0-9]*"),

Can someone check if these rules are okay? With above rules, Firefox v60
is working okay again: web browsing, new tabs etc. There are also some
"segfaults" error in log files - together with "DENIED" rules. Here are
some of them (there is a bug report on Launchpad about "libxul"):

✗ [ 3051.788218] Gecko_IOThread[4770]: segfault at 0 ip aef1b0de sp aeb1a550 
error 6 in libxul.so[aebed000+66fd000]
✗ Gecko_IOThread[4795]: segfault at 0 ip aef1b0de sp aeb1a550 error 6 in 
libxul.so[aebed000+66fd000]

I hope, that above rules will help other users who will have an issues
with a new Firefox release. Here are some technical informations:

● Firefox: v60.0 (32-bit)
● Linux kernel: 4.4.0-125-generic
● Release: 16.04 LTS 

Thanks, best regards.

** Affects: firefox (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: 60 apparmor firefox i386 profile

** Description changed:

  Hello.
  
  Today, Firefox has been updated to v60. After first start there was so
  many problems: with new tab (errors), Sandbox option (one new with
  'false' option) etc. There were so many problems. No website was
  working, I can not click on anything, there was no menu bar and so on.
  
  Anyway, there was a lot of "DENIED" entries in a log files. These are
  the AppArmor rules, that helped and now Firefox works okay. Maybe it
  will help someone?
  
- # apparmor="DENIED" operation="capable" 
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" 
- # comm="firefox" capability=21  capname="sys_admin"
+ # apparmor="DENIED" operation="capable" 
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
+ # capability=21  capname="sys_admin" 
+ #
  capability sys_admin,
  
- # apparmor="DENIED" operation="capable" 
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" 
- # comm="firefox"  capability=19  capname="sys_ptrace"
+ # apparmor="DENIED" operation="capable" 
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="firefox"
+ #  capability=19  capname="sys_ptrace" 
+ #
  capability sys_ptrace, 
  
- # apparmor="DENIED" operation="capable" 
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" 
- # comm="Gecko_IOThread" capability=18  capname="sys_chroot"
+ # apparmor="DENIED" operation="capable" 
profile="/usr/lib/firefox/firefox{,*[^s][^h]}" comm="Gecko_IOThread"
+ # capability=18  capname="sys_chroot" 
+ #
  capability sys_chroot, 
  
  # NOTE: what about an "owner" prefix?
- # 

[Bug 1755627] Re: ibrs/ibpb fixes result in excessive kernel logging

[daniel CURTIS]

Hello.

I just wanto to confirm: everything seems to be okay after updating
Linux kernel to v4.4.0-123-generic. However, I would like to ask a
question about 'intel-microcode' and 'amd64-microcode' packages. During
system updating process via apt(8), there was an information that "The
following NEW packages will be installed" etc. and it was about two
mentioned 'microcode' packages.

I did not have these packages installed, until then. It's an Intel
processor, but it seems, that Intel Corporation will not publish any
microcode updates for some processor. Intel reveals (on Apr. 3., 2018)
list of processors that won't receive Meltdown and Spectre patches. It
seems, that some of older processors won't receive microcode updates
designed to mitigate the vulnerabilities: Bloomfield, Bloomfield Xeon,
Clarksfield, Gulftown etc.

So, I would like to ask if it was normal, that apt(8) installed such a
packages? And why both since it's an Intel processor? Can I remove both
packages (since there is no changes related to the microcode and
"Spectre & Meltdown" mitigation; just 'revision' change in
'/proc/cpuinfo' virtual file or/and dmesg(1) etc.)?

In sum two questions:

✗ why apt(8) installed two 'microcode' packages during Linux kernel 
v4.4.0-123-generic updates? 
✗ can 'intel/amd64-microcode' packages be removed (since there is no difference 
with "Spectre & Meltdown" mitigations)? 

I apologize for asking such a questions here, but this bug is about
'ibrs/ibpb' (a method to "Spectre & Meltdown" mitigation etc.) and Linux
kernel update (v4.4.0-123-generic) during which, two 'microcode'
packages were installed.

Thanks, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1755627

Title:
  ibrs/ibpb fixes result in excessive kernel logging

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1755627/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1765165] Re: nouveau module fails to load after switching from NVIDIA proprietary driver to Nouveau via Software & Updates > Additional Drivers

[daniel CURTIS]

Hello.

I know, that this bug report is about 'nouveau' module and so on. But
since Mr. Jackson Smith described "Settings -> Software & Updates ->
Additional Drivers" I would like to ask about one thing: do you still
see an option regarding 'intel-microcode' or 'amd64-microcode'? I'm
writing about this, because there always was an option to choose
microcode etc. (please see 1.)

A couple of weeks ago, about a month ago, I noticed, that there is no
microcode option in the "Additional Drivers" tab anymore. There is just
one NVIDIA option to choose. Maybe it's related with "Spectre &
Meltdown" patches, but I can be wrong. So, could someone check this on
his computer? I apologize for asking about such an issue here, but
really, I don't know what to do and I'm confused. Is this normal?

Thanks, best regards.
_
1. https://i.stack.imgur.com/8WAEw.png

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1765165

Title:
  nouveau module fails to load after switching from NVIDIA proprietary
  driver to Nouveau via Software & Updates > Additional Drivers

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xserver-xorg-video-nouveau/+bug/1765165/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1533232] Re: missing many apparmor rules on Xenial

[daniel CURTIS]

*** This bug is a duplicate of bug 1659988 ***
https://bugs.launchpad.net/bugs/1659988

Hello.

It seems, that 'member=' needs some new values. Today, I noticed a few
new entries in a log files, such as '/var/log/syslog'. Each entry had
icluded "/org/gtk/Private/RemoteVolumeMonitor" with a dbus "receive"
etc. Now, I'm using such a rule in a Firefox profile:

dbus (send)
 bus=session
 interface=org.gtk.Private.RemoteVolumeMonitor,

But according to a new log entries, above rule should be updated, at
least in my case, with a new values in 'member=' and there should be
added 'receive' to 'dbus (send)'. Mr. Simon Déziel rule (see post #2)
already contains two options: I saw both in log files. However, there
were also:

✗ VolumeChanged,
✗ DriveConnected,
✗ DriveDisconnected,
✗ MountChanged,
✗ MountAdded,
✗ MountRemoved,
✗ MountPreUnmount 

I hope, that I didn't miss any option. So, what do You think Mr. Déziel?
Should these new options be added to the Firefox profile? If yes, what
do You think about something like this:

- dbus (send)
+ dbus (send, receive) 

- member={VolumeAdded,VolumeRemoved}, 
+ 
member={VolumeAdded,VolumeRemoved,VolumeChanged,DriveConnected,DriveDisconnected,MountChanged,MountAdded,MountRemoved,MountPreUnmount},
 

I don't know if there should be 'dbus (send, receive)', but I already
have a rule with 'send' in Firefox profile (unfortunately, I do not
remember and I do not have any log entries. Sorry.) So, what to do? Here
are some technical informations:

● Firefox: v59.0.2 (i386)
● Release: 16.04.4 LTS 

Thanks, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1533232

Title:
  missing many apparmor rules on Xenial

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1533232/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1755627] Re: ibrs/ibpb fixes result in excessive kernel logging

[daniel CURTIS]

Hello.

Yes, Mr. Kamal Mostafa is right. Linux kernel v4.4.0-123.147 will
contain a fix for all of these issues with, for example,
'/var/log/syslog' flooding with 'ibrs_dump', 'use_ibrs/ibpb' and
'sysctl_ibrs{,ibpb}_enabled' entries. Now, a "proposed" kernel is
v4.4.0-122.146  with a fix for "Redpine: WiFi scan stopping issue
observed with BLE (LP: #1757435)".

Anyway, next kernel version, mentioned above will be updated, at last,
to the v4.4.128 stable release (current version, available e.g. in 16.04
LTS is v4.4.117) and will contain this patch, of course:

* ibrs/ibpb fixes result in excessive kernel logging  (LP: #1755627)
  - SAUCE: remove ibrs_dump sysctl interface 

So, we have to wait a little more, because so-called "master-next"
branch (with all needed patches for already mentioned v4.4.128 Stable
release) was updated only 24 hours ago. Additionally, there will be also
a couple of 'x86/spectre' and 'x86/retpoline' patches (mainly in
v4.4.118).

Thanks, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1755627

Title:
  ibrs/ibpb fixes result in excessive kernel logging

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1755627/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1755627] Re: ibrs/ibpb fixes result in excessive kernel logging

[daniel CURTIS]

Hello.

Today, I noticed the same entries in a log files such as
'/var/log/syslog' and via dmesg(1) on 16.04 LTS Release (i386/x86_32
arch) with v4.4.0-120-generic (4.4.117) Linux kernel. The one thing,
that is different is 'use_ibrs' value. In my case it's:

[~]$ sudo dmesg
[  464.877859] use_ibrs = 0, use_ibpb = 4
[  467.893757] sysctl_ibrs_enabled = 0, sysctl_ibpb_enabled = 0
[  467.893762] use_ibrs = 4, use_ibpb = 4
(...)

I'm writing about this, because I don't see '0' in any of the above
posts etc. Anyway, as Mr Kamal Mostafa wrote, I will wait for a
"-proposed" kernel.

Thanks, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1755627

Title:
  ibrs/ibpb fixes result in excessive kernel logging

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1755627/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[daniel CURTIS]

Hi Marc.

I apologize for not mentioning a release type. It's Xubuntu 16.04 LTS.
For now, I have no access to my other computer with Ubuntu 16.04 LTS so
I can not verify this issue. Sorry.

Is it a problem, that incorrect permission - in this case - are in
Xubuntu and not in Ubuntu? Will it be fixed?

Thanks and I apologize once again.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[daniel CURTIS]

Hello.

On 16.04 LTS (16.04.4) Release it looks this way:

[~]$ ls -ld .config/
drwxr-xr-x 24 user1 user1 4096 apr 14 18:21 .config/

[~]$ ls -ld .local/
drwx-- 3 user1 user1 4096 apr 30  2017 .local/

Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1441253] Re: hanging suspend job prevents shutdown

[daniel CURTIS]

Hello.

I'm having the same problems with shutdown. Yesterday, I've choosed
"menu/logout/halt" option instead of "menu/logout/shutdown". And
problems started to happen: I could not even reboot or shutdown
computer, because every time when I wanted to do this, there was a
window to unblock session (I have had to enter my user password and
there was not even internet connection - it could not be connected via
NetworkManager! etc.) For now, a solution is: press "RESET" and next
"POWER" button for a few seconds. That's the only way to shutdown
computer now. I've decided to try shutdown system via shutdown(8)
command but it did not work:

[~]$ shutdown now
Failed to power off system via logind: There's already a shutdown or sleep 
operation in progress

[~]$ systemctl list-jobs
No jobs running.

Anyway, there is not LightDM now! I have to login via "unblock" window
mentioned above. And when I want to edit e.g. 'rtkit-daemon.service'
file via 'mousepad', there is a WARNING message (** (mousepad:2869):
WARNING **: Couldn't connect to accessibility bus: Failed to connect to
socket /tmp/dbus-*: Connection refused). It happens with every file,
that I want to edit etc. Log files contains many entries related to the
'rtkit-daemon' (please see 1.) But this is not important here.

I apologize for such a comment, but shutdown issues, started to happen
after described situation. I have no idea if it's important, but it
started to happen when I choosed - by accident - 'halt' option instead
of 'shutdown' during logout.

● Release: 16.04.4 LTS 
● Xfce: 4.12 (according to 'xfce4-about' command)

Thanks, best regads.

1. https://bugs.launchpad.net/ubuntu/+source/rtkit/+bug/1547589 (comment #3)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1441253

Title:
  hanging suspend job prevents shutdown

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1441253/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1547589] Re: rtkit-daemon flooding syslog

[daniel CURTIS]

Hello.

I'm having the same problem with 'rtkit' and log files flooding.
Yesterday, I've choosed "menu/logout/halt" option instead of
"menu/logout/shutdown". And problems started to happen: I could not even
reboot or shutdown computer, because every time when I wanted to do
this, there was a window to unblock session (I have had to enter my user
password and there was not even internet connection - it could not be
connected via NetworkManager! etc.) The only one working solution to
shutdown computer was: press "RESET" and next "POWER" buttons. I've
decided to try shutdown system via shutdown(8) command but it did not
work:

[~]$ shutdown now
Failed to power off system via logind: There's already a shutdown or sleep 
operation in progress

Anyway, there is not LightDM now! I have to login via "unblock" window
mentioned above. And when I want to edit e.g. 'rtkit-daemon.service'
file via 'mousepad', there is a WARNING message (** (mousepad:2869):
WARNING **: Couldn't connect to accessibility bus: Failed to connect to
socket /tmp/dbus-*: Connection refused). It happens with every file,
that I want to edit etc. But this is not important here. Log files
contains many entries related to the 'rtkit-daemon'. For example:

✗✗ rtkit-daemon[1383]: Supervising 0 threads of 0 processes of 1 users.
✗✗ rtkit-daemon[1383]: Failed to look up client: No such file or directory
✗✗ rtkit-daemon[1364]: message repeated 10 times: [ Failed to look up client: 
No such file or directory]

There is about 30. such entries in '/var/log/syslog/' file etc. Anyway,
here are informations gathered via systemd's systemctl(1) command:

[~]$ systemctl status rtkit-daemon.service 
● rtkit-daemon.service - RealtimeKit Scheduling Policy Service
   Loaded: loaded (/lib/systemd/system/rtkit-daemon.service; disabled; vendor 
preset: enabled)
   Active: active (running) since sun 2018-03-25 11:44:47 CEST; 1h 26min ago
 Main PID: 1383
   CGroup: /system.slice/rtkit-daemon.service
   └─1383 n/a

mar 25 11:45:07 greendragon rtkit-daemon[1383]: Failed to look up client: No 
such file or directory
mar 25 11:45:07 greendragon rtkit-daemon[1383]: Failed to look up client: No 
such file or directory
mar 25 11:45:07 greendragon rtkit-daemon[1383]: Failed to look up client: No 
such file or directory
mar 25 11:45:07 greendragon rtkit-daemon[1383]: Failed to look up client: No 
such file or directory
mar 25 11:45:07 greendragon rtkit-daemon[1383]: Failed to look up client: No 
such file or directory
mar 25 11:45:07 greendragon rtkit-daemon[1383]: Failed to look up client: No 
such file or directory
mar 25 11:45:07 greendragon rtkit-daemon[1383]: Failed to look up client: No 
such file or directory

I apologize for such a long comment, but 'rtkit' issues, started to
happen after described situation. I have no idea if it's important, but
it started to happen when I choosed - by accident - 'halt' option
instead of 'shutdown' during logout.

● Release: 16.04.4 LTS
● rtkit: 0.11-4

Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1547589

Title:
  rtkit-daemon flooding syslog

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rtkit/+bug/1547589/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1617630] Re: Mousepad show the warning Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus -*

[daniel CURTIS]

Geez, I forgot to write an informations about system version etc. So:

● Release: 16.04 LTS
● Xfce: 4.12.1-3ubuntu1
● Mousepad: 0.4.0-3ubuntu1

Thanks, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1617630

Title:
  Mousepad show the warning Couldn't connect to accessibility bus:
  Failed to connect to socket /tmp/dbus -*

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/at-spi2-core/+bug/1617630/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1617630] Re: Mousepad show the warning Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus -*

[daniel CURTIS]

Hello.

I'm having the same problem with mousepad. Yesterday, I've choosed
"menu/logout/halt" option instead of "menu/logout/shutdown". And
problems started to happen: I could not even reboot or shutdown
computer, because every time when I wanted to do this, there was a
window to unblock session (I have had to enter my user password and
there was not internet connection - it could not be connected via
NetworkManager! etc.) The only one working solution to shutdown computer
was: press "RESET" and next "POWER" buttons.

I've decided to try shytdown system via shutdown(8) command but it did
not work:

[~]$ shutdown now
Failed to power off system via logind: There's already a shutdown or sleep 
operation in progress

Anyway, there is not LightDM now! I have to login via "unblock" window
mentioned above. And when I want to edit some file, there is a WARNING
message:

[~]$ mousepad /lib/systemd/system/rtkit-daemon.service

** (mousepad:2869): WARNING **: Couldn't connect to accessibility bus:
Failed to connect to socket /tmp/dbus-*: Connection refused

It happens with every file, that I want to edit etc. Log files contains
many entries related to the 'rtkit-daemon'. For example:

rtkit-daemon[1383]: Supervising 0 threads of 0 processes of 1 users.
rtkit-daemon[1383]: Failed to look up client: No such file or directory 

I apologize for such a long comment, but mousepad issues, started to
happen after described situation. I have no idea if it's important, but
it started to happen when I choosed - by accident - 'halt' option
instead of 'shutdown' during logout.

Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1617630

Title:
  Mousepad show the warning Couldn't connect to accessibility bus:
  Failed to connect to socket /tmp/dbus -*

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/at-spi2-core/+bug/1617630/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1751021] Re: retpoline abi files are empty on i386

[daniel CURTIS]

** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1751021

Title:
  retpoline abi files are empty on i386

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1751021/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1748936] Re: kASLR: unable to boot Linux v4.4.0-113.136 - v4.4.0-115.139 kernels ("Spectre & Meltdown" patches.)

[daniel CURTIS]

** Tags added: kernel-fixed-upstream

** Changed in: linux (Ubuntu)
   Status: Fix Released => Confirmed

** Summary changed:

- kASLR: unable to boot Linux v4.4.0-113.136 - v4.4.0-115.139 kernels ("Spectre 
& Meltdown" patches.)
+ kASLR: unable to boot Linux v4.4.0-113.136 - v4.4.0-115.139 kernels; 
i386/x86_32 ("Spectre & Meltdown")

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748936

Title:
  kASLR: unable to boot Linux v4.4.0-113.136 - v4.4.0-115.139 kernels;
  i386/x86_32 ("Spectre & Meltdown")

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748936/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1751021] Re: retpoline abi files are empty on i386

[daniel CURTIS]

Hello.

Retpoline file, is not empty now. After update Linux kernel to the
v4.4.0.117.123 (v4.4.114) version in 16.04 LTS Release (i386/x86_32
architecture), '/boot/retpoline-4.4.0-117-generic' file contains some
data etc. (2,0K size). Previous files (see post #4) are empty, of
course.

Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1751021

Title:
  retpoline abi files are empty on i386

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1751021/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1748710] Re: Linux 4.4.0-113.136 (i386/x86_32): failed to boot when 'kaslr' option is in use.

[daniel CURTIS]

** Summary changed:

- Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 
built-in shell (initramfs).
+ Linux 4.4.0-113.136 (i386/x86_32): failed to boot when 'kaslr' option is in 
use.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748710

Title:
  Linux 4.4.0-113.136 (i386/x86_32): failed to boot when 'kaslr' option
  is in use.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748710/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1748710] Re: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell (initramfs).

[daniel CURTIS]

Hello.

I apologize for not testing the latest v4.16 kernel, but I've decided to
wait for an update to the v4.4 kernel used in "Xenial". And it seems,
that everything is okay now and 'kaslr' option is working again. After
update Linux kernel to the v4.4.0-117-generic (v4.4.114) version, system
boots normally. I've done some tests:

● boot system via GRUB (add 'kaslr' option and press 'CTRL + X')
● edit '/etc/default/grub' file and add 'kaslr' option to the 
'GRUB_CMDLINE_LINUX_DEFAULT=' 

Everything is fine, system starts normally etc. There is no problem, as
I've described in my post #4. So, some of the patches (see 1.) fixed
this issue.

Thanks, best regards.
_
1. 
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/xenial/commit/?id=fc74a5c4a98418105b4b246b935e3be90d6a635c


** Tags added: kernel-fixed-upstream

** Changed in: linux (Ubuntu)
   Status: Incomplete => Confirmed

** Changed in: linux (Ubuntu Xenial)
   Status: Incomplete => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748710

Title:
  Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1
  built-in shell (initramfs).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748710/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1748936] Re: kASLR: unable to boot Linux v4.4.0-113.136 - v4.4.0-115.139 kernels ("Spectre & Meltdown" patches.)

[daniel CURTIS]

Hello. It seems, that everything is okay now and 'kaslr' option is
working again. After update Linux kernel to the v4.4.0-117-generic
(v4.4.114) version, system boots normally. So, some of the patches (see
1.) fixed this issue.

Thanks, best regards.
_
1. 
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/xenial/commit/?id=fc74a5c4a98418105b4b246b935e3be90d6a635c

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748936

Title:
  kASLR: unable to boot Linux v4.4.0-113.136 - v4.4.0-115.139 kernels
  ("Spectre & Meltdown" patches.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748936/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1748936] Re: kASLR: unable to boot Linux v4.4.0-113.136 - v4.4.0-115.139 kernels ("Spectre & Meltdown" patches.)

[daniel CURTIS]

Linux kernel v4.4.0-117-generic (v4.4.114) works okay and 'kaslr' option
can be used again.

** Changed in: linux (Ubuntu)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748936

Title:
  kASLR: unable to boot Linux v4.4.0-113.136 - v4.4.0-115.139 kernels
  ("Spectre & Meltdown" patches.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748936/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1751021] Re: retpoline abi files are empty on i386

[daniel CURTIS]

Hello.

I've noticed this issue with blank '/boot/retpoline-*' files in 16.04
LTS Release (i386/x86_32) after Linux kernel update to the v4.4.0-115
version. (Generally, I've started to seeing these files when
"Spectre_V12" patches were available for i386 architecture. I wanted to
ask a question or report a bug about it etc.) So, these files are empty
and it looks this way on 16.04 LTS Release:

[~]$ ls -al /boot/retpoline-4.4.0-11*
-rw-r--r-- 1 root root 0 lut 11 19:00 /boot/retpoline-4.4.0-115-generic
-rw-r--r-- 1 root root 0 lut 13 00:14 /boot/retpoline-4.4.0-116-generic

[~]$ uname -m
i686

Thanks, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1751021

Title:
  retpoline abi files are empty on i386

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1751021/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1752906] Re: Error in execution of

[daniel CURTIS]

Bleachbit v2.0 contains a fix for DatabaseError: "no such table:
moz_favicons for some Firefox profiles".

** Changed in: bleachbit (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1752906

Title:
  Error in execution of 

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bleachbit/+bug/1752906/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1752906] Re: Error in execution of

[daniel CURTIS]

Hello Andrew. Thanks for an answer and I'm sorry - I should check
blechabit.org website first. Yes, I know, that Ubuntu, especially an
"older" releases, often have an ancient versions etc. Anyway, "no such
table: moz_favicons for some Firefox profiles" error is fixed in
BleachBit v2.0, so there is one solution: install a new version directly
from website, because the latest version available in Ubuntu is v1.15-2
("Bionic").

Once again; thank You very much.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1752906

Title:
  Error in execution of 

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bleachbit/+bug/1752906/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1752906] Re: Error in execution of

[daniel CURTIS]

** Description changed:

  Hi.
  
  A couple of weeks ago, I've started to notice an error message during
  cleaning files (right after BleachBit scan result) etc. It's a red
  message, at the beginning of a removing process. I have no idea what is
  the reason and what could have had an impact on this issue. Error
  message is related to the Firefox v58.0.2 version (earlier also) and
  '@USER/.mozilla/firefox/*.default/places.sqlite' file.
  
  ● An error in a Bleachbit window:
  
  Error in execution of 
  Traceback (most recent call last):
File "/usr/share/bleachbit/bleachbit/Worker.py", line 84, in execute
  for ret in cmd.execute(self.really_delete):
File "/usr/share/bleachbit/bleachbit/Command.py", line 146, in execute
  self.func(self.path)
File "/usr/share/bleachbit/bleachbit/Special.py", line 280, in 
delete_mozilla_url_history
  FileUtilities.execute_sqlite3(path, cmds)
File "/usr/share/bleachbit/bleachbit/FileUtilities.py", line 307, in 
execute_sqlite3
  '%s: %s' % (Common.decode_str(exc), path))
  DatabaseError: no such table: moz_favicons: 
/home/test1/.mozilla/firefox/*.default/places.sqlite 
  
  ● A console error during Bleachbit work (`sudo bleachbit` command):
  
  debug: DeepScan.scan: searches= {'/home/test1': [u'^~wr[a-z][0-9]{4}\\.tmp$', 
u'^ppt[0-9]{4}\\.tmp$']}
  Error in execution of 
  Traceback (most recent call last):
File "/usr/share/bleachbit/bleachbit/Worker.py", line 84, in execute
  for ret in cmd.execute(self.really_delete):
File "/usr/share/bleachbit/bleachbit/Command.py", line 146, in execute
  self.func(self.path)
File "/usr/share/bleachbit/bleachbit/Special.py", line 280, in 
delete_mozilla_url_history
  FileUtilities.execute_sqlite3(path, cmds)
File "/usr/share/bleachbit/bleachbit/FileUtilities.py", line 307, in 
execute_sqlite3
  '%s: %s' % (Common.decode_str(exc), path))
  DatabaseError: no such table: moz_favicons: 
/home/test1/.mozilla/firefox/*.default/places.sqlite
  debug: DeepScan.scan: searches= {'/home/test1': [u'^~wr[a-z][0-9]{4}\\.tmp$', 
u'^ppt[0-9]{4}\\.tmp$']} 
  
  However, even with above error messages, Bleachbit continue to work and
- remove all the files etc. (If Bleachbit is running as a normal user, not
- via sudo(8) then not every file can be removed, because of a "permission
- denied" message, of course. In such a case, it's let say: 68/170 files
- deleted.) Here are some technical informations (if something more is
- needed, please let me know):
+ remove all the files etc. (Please note also, that not every file can be
+ and is removed, due to the "permission denied" message, when Bleachbit
+ is not running, executed as the superuser via sudo(8). In such a case,
+ it's let say: 68/170 files deleted.) Here are some technical
+ informations (if something more is needed, please let me know):
  
  ✗ Release (`lsb_release -rd` command):
Description:Ubuntu 16.04.4 LTS
Release:16.04 
- ✗ Linux: 4.4.0-116-generic (i386/x86)
+ ✗ Linux: 4.4.0-116-generic (i386/x86_32)
  ✗ Bleachbit: 1.10-1
  ✗ python3.5: 3.5.2-2ubuntu0~16.04.4 
  
  Thanks, best regards.

** Description changed:

  Hi.
  
  A couple of weeks ago, I've started to notice an error message during
- cleaning files (right after BleachBit scan result) etc. It's a red
- message, at the beginning of a removing process. I have no idea what is
- the reason and what could have had an impact on this issue. Error
- message is related to the Firefox v58.0.2 version (earlier also) and
+ cleaning files (right after BleachBit scan result) etc. It's a red font
+ message, at the beginning of the removing process. I have no idea what
+ is the reason and what could have had an impact on this issue. Error
+ message is related to the Firefox v58.0.2 (earlier versions also) and
  '@USER/.mozilla/firefox/*.default/places.sqlite' file.
  
- ● An error in a Bleachbit window:
+ ● An error in a BleachBit window:
  
  Error in execution of 
  Traceback (most recent call last):
File "/usr/share/bleachbit/bleachbit/Worker.py", line 84, in execute
  for ret in cmd.execute(self.really_delete):
File "/usr/share/bleachbit/bleachbit/Command.py", line 146, in execute
  self.func(self.path)
File "/usr/share/bleachbit/bleachbit/Special.py", line 280, in 
delete_mozilla_url_history
  FileUtilities.execute_sqlite3(path, cmds)
File "/usr/share/bleachbit/bleachbit/FileUtilities.py", line 307, in 
execute_sqlite3
  '%s: %s' % (Common.decode_str(exc), path))
  DatabaseError: no such table: moz_favicons: 
/home/test1/.mozilla/firefox/*.default/places.sqlite 
  
- ● A console error during Bleachbit work (`sudo bleachbit` command):
+ ● A console error - the same time as above message (`sudo bleachbit`
+ command):
  
  debug: DeepScan.scan: searches= {'/home/test1': [u'^~wr[a-z][0-9]{4}\\.tmp$', 
u'^ppt[0-9]{4}\\.tmp$']}
  Error in execution of 
  Traceback (most recent call last):
File 

[Bug 1752906] Re: Error in execution of

[daniel CURTIS]

** Description changed:

  Hi.
  
  A couple of weeks ago, I've started to notice an error message during
  cleaning files (right after BleachBit scan result) etc. It's a red
  message, at the beginning of a removing process. I have no idea what is
  the reason and what could have had an impact on this issue. Error
  message is related to the Firefox v58.0.2 version (earlier also) and
  '@USER/.mozilla/firefox/*.default/places.sqlite' file.
  
  ● An error in a Bleachbit window:
  
  Error in execution of 
  Traceback (most recent call last):
File "/usr/share/bleachbit/bleachbit/Worker.py", line 84, in execute
  for ret in cmd.execute(self.really_delete):
File "/usr/share/bleachbit/bleachbit/Command.py", line 146, in execute
  self.func(self.path)
File "/usr/share/bleachbit/bleachbit/Special.py", line 280, in 
delete_mozilla_url_history
  FileUtilities.execute_sqlite3(path, cmds)
File "/usr/share/bleachbit/bleachbit/FileUtilities.py", line 307, in 
execute_sqlite3
  '%s: %s' % (Common.decode_str(exc), path))
  DatabaseError: no such table: moz_favicons: 
/home/test1/.mozilla/firefox/*.default/places.sqlite 
  
  ● A console error during Bleachbit work (`sudo bleachbit` command):
  
  debug: DeepScan.scan: searches= {'/home/test1': [u'^~wr[a-z][0-9]{4}\\.tmp$', 
u'^ppt[0-9]{4}\\.tmp$']}
  Error in execution of 
  Traceback (most recent call last):
File "/usr/share/bleachbit/bleachbit/Worker.py", line 84, in execute
  for ret in cmd.execute(self.really_delete):
File "/usr/share/bleachbit/bleachbit/Command.py", line 146, in execute
  self.func(self.path)
File "/usr/share/bleachbit/bleachbit/Special.py", line 280, in 
delete_mozilla_url_history
  FileUtilities.execute_sqlite3(path, cmds)
File "/usr/share/bleachbit/bleachbit/FileUtilities.py", line 307, in 
execute_sqlite3
  '%s: %s' % (Common.decode_str(exc), path))
  DatabaseError: no such table: moz_favicons: 
/home/test1/.mozilla/firefox/*.default/places.sqlite
  debug: DeepScan.scan: searches= {'/home/test1': [u'^~wr[a-z][0-9]{4}\\.tmp$', 
u'^ppt[0-9]{4}\\.tmp$']} 
  
- Here are some technical informations (if something more is needed,
- please let me know):
+ However, even with above error messages, Bleachbit continue to work and
+ remove all the files etc. (If Bleachbit is running as a normal user, not
+ via sudo(8) then not every file can be removed, because of a "permission
+ denied" message, of course. In such a case, it's let say: 68/170 files
+ deleted.) Here are some technical informations (if something more is
+ needed, please let me know):
  
  ✗ Release (`lsb_release -rd` command):
Description:Ubuntu 16.04.4 LTS
Release:16.04 
  ✗ Linux: 4.4.0-116-generic (i386/x86)
  ✗ Bleachbit: 1.10-1
  ✗ python3.5: 3.5.2-2ubuntu0~16.04.4 
  
  Thanks, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1752906

Title:
  Error in execution of 

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bleachbit/+bug/1752906/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1752906] [NEW] Error in execution of

[daniel CURTIS]

Public bug reported:

Hi.

A couple of weeks ago, I've started to notice an error message during
cleaning files (right after BleachBit scan result) etc. It's a red
message, at the beginning of a removing process. I have no idea what is
the reason and what could have had an impact on this issue. Error
message is related to the Firefox v58.0.2 version (earlier also) and
'@USER/.mozilla/firefox/*.default/places.sqlite' file.

● An error in a Bleachbit window:

Error in execution of 
Traceback (most recent call last):
  File "/usr/share/bleachbit/bleachbit/Worker.py", line 84, in execute
for ret in cmd.execute(self.really_delete):
  File "/usr/share/bleachbit/bleachbit/Command.py", line 146, in execute
self.func(self.path)
  File "/usr/share/bleachbit/bleachbit/Special.py", line 280, in 
delete_mozilla_url_history
FileUtilities.execute_sqlite3(path, cmds)
  File "/usr/share/bleachbit/bleachbit/FileUtilities.py", line 307, in 
execute_sqlite3
'%s: %s' % (Common.decode_str(exc), path))
DatabaseError: no such table: moz_favicons: 
/home/test1/.mozilla/firefox/*.default/places.sqlite 

● A console error during Bleachbit work (`sudo bleachbit` command):

debug: DeepScan.scan: searches= {'/home/test1': [u'^~wr[a-z][0-9]{4}\\.tmp$', 
u'^ppt[0-9]{4}\\.tmp$']}
Error in execution of 
Traceback (most recent call last):
  File "/usr/share/bleachbit/bleachbit/Worker.py", line 84, in execute
for ret in cmd.execute(self.really_delete):
  File "/usr/share/bleachbit/bleachbit/Command.py", line 146, in execute
self.func(self.path)
  File "/usr/share/bleachbit/bleachbit/Special.py", line 280, in 
delete_mozilla_url_history
FileUtilities.execute_sqlite3(path, cmds)
  File "/usr/share/bleachbit/bleachbit/FileUtilities.py", line 307, in 
execute_sqlite3
'%s: %s' % (Common.decode_str(exc), path))
DatabaseError: no such table: moz_favicons: 
/home/test1/.mozilla/firefox/*.default/places.sqlite
debug: DeepScan.scan: searches= {'/home/test1': [u'^~wr[a-z][0-9]{4}\\.tmp$', 
u'^ppt[0-9]{4}\\.tmp$']} 

Here are some technical informations (if something more is needed,
please let me know):

✗ Release (`lsb_release -rd` command):
  Description:  Ubuntu 16.04.4 LTS
  Release:  16.04 
✗ Linux: 4.4.0-116-generic (i386/x86)
✗ Bleachbit: 1.10-1
✗ python3.5: 3.5.2-2ubuntu0~16.04.4 

Thanks, best regards.

** Affects: bleachbit (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: bleachbit databaseerror places.sqlite xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1752906

Title:
  Error in execution of 

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bleachbit/+bug/1752906/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1748710] Re: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell (initramfs).

[daniel CURTIS]

Here is a new, separate bug report about 'kASLR' and system booting
issues (v4.4.0-113.136 - v4.4.0-115-generic kernel versions):

● https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748936

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748710

Title:
  Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1
  built-in shell (initramfs).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748710/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1748710] Re: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell (initramfs).

[daniel CURTIS]

Good day, Mr Salisbury.

Yes, I can test the latest kernel, but I have a few very naive questions
(I just want to be sure for one hundred percent etc.) So, because it's
an i386/x86_32 architecture I should:

✗ download 
'linux-headers-4.16.0-041600rc1-generic_4.16.0-041600rc1.201802120030_i386.deb' 
and 
'linux-image-4.16.0-041600rc1-generic_4.16.0-041600rc1.201802120030_i386.deb' 
packages;
✗ use, for example, dpkg(1) command to install these two packages ($ sudo dpkg 
-i ...);
✗ add "kaslr" option to the '/etc/default/grub' file (in 
'GRUB_CMDLINE_LINUX_DEFAULT' option);
✗ update GRUB with update-grub(8) command to generate a grub2 config file etc.; 
✗ reboot. 

Once again: I apologize for such a naive questions. Mr Salisbury, can
You confirm if what I've wrote is okay? Generally: is it a proper way to
test the latest kernel? And what about dpkg(1) command: I should use
'-i, --install' action only, right? I'm asking, because there is - for
example - a 'gdebi' package, which is a simple tool to install deb files
etc.

Geez, what a shame...

Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748710

Title:
  Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1
  built-in shell (initramfs).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748710/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1748936] [NEW] kASLR: unable to boot Linux v4.4.0-113.136 - v4.4.0-115.139 kernels ("Spectre & Meltdown" patches.)

[daniel CURTIS]

Public bug reported:

Hello.

It seems, that 'kaslr' option is responsible for issues with system
booting. The latest working kernel is v4.4.0-112.135. Every next
release: v4.4.0-113.136 and v4.4.0-115.139 are unable to boot if 'kaslr'
option is in use etc. Everything is described in my previous bug report
(please see 1.), but I've decided to create a new one, because it seems,
that some of the "Spectre & Meltdown" patches are not compatible with
kASLR and are responsible for this regressions.

Thanks, best regards.

[1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748710

** Affects: linux (Ubuntu)
 Importance: Undecided
 Status: Confirmed


** Tags: i386 kaslr linux meltdown spectre

** Changed in: linux (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748936

Title:
  kASLR: unable to boot Linux v4.4.0-113.136 - v4.4.0-115.139 kernels
  ("Spectre & Meltdown" patches.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748936/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1748710] Re: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell (initramfs).

[daniel CURTIS]

** Description changed:

  Hello.
  
  On Thu Feb 8, Linux kernel for Ubuntu 16.04.3 LTS has been updated to
  the 4.4.0-113.136 version (xenial-proposed). However, after reboot,
  plymouth freezes during start, and keys on an USB keyboard were in-
  active. After several seconds, the BusyBox shell screen appeared. It
  looks this way:
  
  ,--
  | BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1) built-in shell (ash)
  | Enter 'help' for a list of built-in commands.
  |
  | (initramfs) _ 
  `--
  
  Unfortunately, the USB keyboard does not work and does not respond. The
  only way to solve this issue is a "hard reset" and in GRUB menu choosing
  an earlier kernel, which is linux 4.4.0-112.135. Now, everything works
  okay.
  
  Proposed update to the Linux 4.4.0-113.136 contains many new updates
  (please see 1.) It's an i386/x86_32 architecture, which does not contain
  PTI yet, right? I'm asking, because mentioned -proposed updates contains
  a couple of PTI-related patches and bugs in PTI can cause a few
  different signatures of crashes etc. For example:
  
- ✗ Crashes in early boot, especially around CPU bringup.  Bugs in the 
trampoline code or mappings cause these. 
- ✗ Userspace segfaults early in boot, sometimes manifesting as mount(8) 
failing to mount the rootfs.  These have tended to be TLB invalidation issues. 
Usually invalidating the wrong PCID, or otherwise missing an invalidation. 
+ → Crashes in early boot, especially around CPU bringup.  Bugs in the 
trampoline code or mappings cause these. 
+ → Userspace segfaults early in boot, sometimes manifesting as mount(8) 
failing to mount the rootfs.  These have tended to be TLB invalidation issues. 
Usually invalidating the wrong PCID, or otherwise missing an invalidation. 
  
  NOTE: if it's about PCID, which is mentioned in a second point, there is
  one patch in -proposed update: "x86/mm/32: Move
  setup_clear_cpu_cap(X86_FEATURE_PCID) earlier". Maybe that's is the
  cause of a boot failure? There are no errors in log files, such as
  '/var/log/syslog' or '/var/log/kern.log'. However, it's a Celeron, "E"
  series. So, I don't know if mentioned patches are good for this type of
  processor etc.? Especially on i386/x86_32 architecture.
  
- I hope, that all mitigations and fixes for "Metldown & Spectre_v1.2"
- atacks will be available for 32-bit x86 architecture. (OpenSUSE
- Developers are working on such a fixes/patches, right?) If I could
- provide some more informations, please let me know. Here are some
- technical informations:
+ ● UPDATE/WARNING: It seems, that 'kaslr' option is responsible for this
+ issue. After booting the latest v4.4.0-115.139 kernel, I've had the same
+ problems as described above. However, after removing 'kaslr' option from
+ a command line via GRUB menu, system started normally etc. The latest,
+ working kernel with 'kaslr' option is v4.4.0-112.135. According to all
+ of this I think, that 'kaslr' is not compatible with some "Spectre &
+ Meltdown" mitigation patches and fixes etc.
  
- ● Release ('/proc/version_signature'): Ubuntu 4.4.0-112.135-generic 4.4.98
- ● Architecture: i386/x86_32
- ● PCI ('lspci -vnvn'): 00:0a.0 PCI bridge [0604]: NVIDIA Corporation MCP73 
PCI Express bridge [10de:056d] (rev a1) (prog-if 01 [Subtractive decode]) 
Capabilities: [b8] Subsystem: Gigabyte Technology Co., Ltd MCP73 PCI Express 
bridge [1458:026f] 
+ ✗ Release ('/proc/version_signature'): Ubuntu 4.4.0-112.135-generic 4.4.98
+ ✗ Architecture: i386/x86_32
+ ✗ PCI ('lspci -vnvn'): 00:0a.0 PCI bridge [0604]: NVIDIA Corporation MCP73 
PCI Express bridge [10de:056d] (rev a1) (prog-if 01 [Subtractive decode]) 
Capabilities: [b8] Subsystem: Gigabyte Technology Co., Ltd MCP73 PCI Express 
bridge [1458:026f] 
  
  Thanks, regards.
  
  
  1. https://lists.ubuntu.com/archives/xenial-
  changes/2018-February/020108.html

** Tags added: kaslr

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748710

Title:
  Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1
  built-in shell (initramfs).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748710/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1748710] Re: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell (initramfs).

[daniel CURTIS]

Hello. There is the same problem with a new, latest Linux
4.4.0-115-generic kernel (updated today). I've tried to boot system with
'nosplash' option (set via GRUB etc.) and it seems, that there is a
problem with:

Gave up waiting for root device. Common problems:
 - Boot args (cat /proc/cmdline)
   - Check rootdelay= (did the system wait long enough?)
   - Check root= (did the system wait for the right device?)
 - Missing modules (cat /proc/modules; ls /dev)

ALERT! UUID=* does not exist. Dropping to a shell!

BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1) built-in shell (ash)
Enter 'help' for a lost of built-in commands.

(initramfs) _

However, I've decided try to boot v4.4.0-115-generic kernel once again,
because above 'ALERT!' message was very interesting for me, but this
time, without 'kaslr' option. So, in a GRUB menu I removed this option
and press CTRL + x. Everything was okay - system boot normally.

It seems, that there is a problem with a 'kaslr' in latest 16.04 LTS
Release kernels (I'm having this problem since update to the
v4.4.0-113.136 kernel version.

Should I create a new bug report about 'kaslr' and latest kernel
versions?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748710

Title:
  Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1
  built-in shell (initramfs).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748710/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1748710] Re: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell (initramfs).

[daniel CURTIS]

** Summary changed:

- Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 
built-in shell.
+ Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 
built-in shell (initramfs).

** Description changed:

  Hello.
  
  On Thu Feb 8, Linux kernel for Ubuntu 16.04.3 LTS has been updated to
  the 4.4.0-113.136 version (xenial-proposed). However, after reboot,
- plymouth freezes during start, and keys on a keyboard were in-active.
- After several seconds, the BusyBox screen appeared. It looks this way:
+ plymouth freezes during start, and keys on an USB keyboard were in-
+ active. After several seconds, the BusyBox shell screen appeared. It
+ looks this way:
  
  ,--
  | BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1) built-in shell (ash)
  | Enter 'help' for a list of built-in commands.
  |
  | (initramfs) _ 
  `--
  
- Unfortunately, the keyboard does not work and does not respond. The only
- way to solve this issue is a "hard reset" and in GRUB menu choosing an
- earlier kernel, which is linux 4.4.0-112.135. Now, everything works
+ Unfortunately, the USB keyboard does not work and does not respond. The
+ only way to solve this issue is a "hard reset" and in GRUB menu choosing
+ an earlier kernel, which is linux 4.4.0-112.135. Now, everything works
  okay.
  
  Proposed update to the Linux 4.4.0-113.136 contains many new updates
  (please see 1.) It's an i386/x86_32 architecture, which does not contain
  PTI yet, right? I'm asking, because mentioned -proposed updates contains
  a couple of PTI-related patches and bugs in PTI can cause a few
  different signatures of crashes etc. For example:
  
  ✗ Crashes in early boot, especially around CPU bringup.  Bugs in the 
trampoline code or mappings cause these. 
  ✗ Userspace segfaults early in boot, sometimes manifesting as mount(8) 
failing to mount the rootfs.  These have tended to be TLB invalidation issues. 
Usually invalidating the wrong PCID, or otherwise missing an invalidation. 
  
  NOTE: if it's about PCID, which is mentioned in a second point, there is
  one patch in -proposed update: "x86/mm/32: Move
  setup_clear_cpu_cap(X86_FEATURE_PCID) earlier". Maybe that's is the
  cause of a boot failure? There are no errors in log files, such as
- '/var/log/syslog' or '/var/log/kern.log'. Maybe only that one (but I
- have no idea if it's important)?
+ '/var/log/syslog' or '/var/log/kern.log'. However, it's a Celeron, "E"
+ series. So, I don't know if mentioned patches are good for this type of
+ processor etc.? Especially on i386/x86_32 architecture.
  
- ✗ PCI: Using host bridge windows from ACPI; if necessary, use
- "pci=nocrs" and report a bug
- 
- If I could provide some more informations, please let me know. Here are
- some technical informations:
+ I hope, that all mitigations and fixes for "Metldown & Spectre_v1.2"
+ atacks will be available for 32-bit x86 architecture. (OpenSUSE
+ Developers are working on such a fixes/patches, right?) If I could
+ provide some more informations, please let me know. Here are some
+ technical informations:
  
  ● Release ('/proc/version_signature'): Ubuntu 4.4.0-112.135-generic 4.4.98
  ● Architecture: i386/x86_32
  ● PCI ('lspci -vnvn'): 00:0a.0 PCI bridge [0604]: NVIDIA Corporation MCP73 
PCI Express bridge [10de:056d] (rev a1) (prog-if 01 [Subtractive decode]) 
Capabilities: [b8] Subsystem: Gigabyte Technology Co., Ltd MCP73 PCI Express 
bridge [1458:026f] 
  
  Thanks, regards.
  
  
  1. https://lists.ubuntu.com/archives/xenial-
  changes/2018-February/020108.html

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748710

Title:
  Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1
  built-in shell (initramfs).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748710/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1748710] Re: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell.

[daniel CURTIS]

Please see "Ubuntu Kernel Bot (ubuntu-kernel-bot)" comment and answer.

** Changed in: linux (Ubuntu)
   Status: Incomplete => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748710

Title:
  Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1
  built-in shell.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748710/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1748710] Re: Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell.

[daniel CURTIS]

Hi. I can not enter mentioned command, because during system boot
plymouth freezes and keyboard is unresponsive. After several seconds
plymouth disappears and BusyBox v1.22.1 "console" appears (here,
keyboard does not work and does not respond either). The only solution
is to use hard reboot and choose an earlier v4.4.0-112.135 Linux kernel
in GRUB menu etc.

Maybe I can execute 'apport-collect 1748710' command in v4.4.0-112.135
kernel? But this issue appeared after update to the "-proposed" kernel:
v4.4.0-112.135.

Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748710

Title:
  Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1
  built-in shell.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748710/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1748710] [NEW] Linux 4.4.0-113.136 (i386/x86_32): failed to boot and BusyBox v1.22.1 built-in shell.

[daniel CURTIS]

Public bug reported:

Hello.

On Thu Feb 8, Linux kernel for Ubuntu 16.04.3 LTS has been updated to
the 4.4.0-113.136 version (xenial-proposed). However, after reboot,
plymouth freezes during start, and keys on a keyboard were in-active.
After several seconds, the BusyBox screen appeared. It looks this way:

,--
| BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1) built-in shell (ash)
| Enter 'help' for a list of built-in commands.
|
| (initramfs) _ 
`--

Unfortunately, the keyboard does not work and does not respond. The only
way to solve this issue is a "hard reset" and in GRUB menu choosing an
earlier kernel, which is linux 4.4.0-112.135. Now, everything works
okay.

Proposed update to the Linux 4.4.0-113.136 contains many new updates
(please see 1.) It's an i386/x86_32 architecture, which does not contain
PTI yet, right? I'm asking, because mentioned -proposed updates contains
a couple of PTI-related patches and bugs in PTI can cause a few
different signatures of crashes etc. For example:

✗ Crashes in early boot, especially around CPU bringup.  Bugs in the trampoline 
code or mappings cause these. 
✗ Userspace segfaults early in boot, sometimes manifesting as mount(8) failing 
to mount the rootfs.  These have tended to be TLB invalidation issues. Usually 
invalidating the wrong PCID, or otherwise missing an invalidation. 

NOTE: if it's about PCID, which is mentioned in a second point, there is
one patch in -proposed update: "x86/mm/32: Move
setup_clear_cpu_cap(X86_FEATURE_PCID) earlier". Maybe that's is the
cause of a boot failure? There are no errors in log files, such as
'/var/log/syslog' or '/var/log/kern.log'. Maybe only that one (but I
have no idea if it's important)?

✗ PCI: Using host bridge windows from ACPI; if necessary, use
"pci=nocrs" and report a bug

If I could provide some more informations, please let me know. Here are
some technical informations:

● Release ('/proc/version_signature'): Ubuntu 4.4.0-112.135-generic 4.4.98
● Architecture: i386/x86_32
● PCI ('lspci -vnvn'): 00:0a.0 PCI bridge [0604]: NVIDIA Corporation MCP73 PCI 
Express bridge [10de:056d] (rev a1) (prog-if 01 [Subtractive decode]) 
Capabilities: [b8] Subsystem: Gigabyte Technology Co., Ltd MCP73 PCI Express 
bridge [1458:026f] 

Thanks, regards.


1. https://lists.ubuntu.com/archives/xenial-
changes/2018-February/020108.html

** Affects: linux (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: i386 linux meltdown spectre xenial

** Description changed:

  Hello.
  
  On Thu Feb 8, Linux kernel for Ubuntu 16.04.3 LTS has been updated to
  the 4.4.0-113.136 version (xenial-proposed). However, after reboot,
  plymouth freezes during start, and keys on a keyboard were in-active.
  After several seconds, the BusyBox screen appeared. It looks this way:
  
- ✗
  ✗ BusyBox v1.22.1 (Ubuntu 1:1.22.0-15ubuntu1) built-in shell (ash)
  ✗ Enter 'help' for a list of built-in commands.
  ✗
  ✗ (initramfs) _ 
- ✗
  
  Unfortunately, the keyboard does not work and does not respond. The only
  way to solve this issue is a "hard reset" and in GRUB menu choosing an
  earlier kernel, which is linux 4.4.0-112.135. Now, everything works
  okay.
  
  Proposed update to the Linux 4.4.0-113.136 contains many new updates
  (please see 1.) It's an i386/x86_32 architecture, which does not contain
  PTI yet, right? I'm asking, because mentioned -proposed updates contains
  a couple of PTI-related patches and bugs in PTI can cause a few
  different signatures of crashes etc. For example:
  
- ✓ Crashes in early boot, especially around CPU bringup.  Bugs in the 
trampoline code or mappings cause these. 
- ✓ Userspace segfaults early in boot, sometimes manifesting as mount(8) 
failing to mount the rootfs.  These have tended to be TLB invalidation issues. 
Usually invalidating the wrong PCID, or otherwise missing an invalidation. 
+ ● Crashes in early boot, especially around CPU bringup.  Bugs in the 
trampoline code or mappings cause these. 
+ ● Userspace segfaults early in boot, sometimes manifesting as mount(8) 
failing to mount the rootfs.  These have tended to be TLB invalidation issues. 
Usually invalidating the wrong PCID, or otherwise missing an invalidation. 
  
  NOTE: if it's about PCID, which is mentioned in a second point, there is
  one patch in -proposed update: "x86/mm/32: Move
  setup_clear_cpu_cap(X86_FEATURE_PCID) earlier". Maybe that's is the
  cause of a boot failure? There are no errors in log files, such as
  '/var/log/syslog' or '/var/log/kern.log'. Maybe only that one (but I
  have no idea if it's important)?
  
  ✗ PCI: Using host bridge windows from ACPI; if necessary, use
  "pci=nocrs" and report a bug
  
  If I could provide some more informations, please let me know. Here are
  some technical informations:
  
- ● Release ('/proc/version_signature'): Ubuntu 4.4.0-112.135-generic 4.4.98
- ● Architecture: i386/x86_32
- ● PCI ('lspci -vnvn'): 00:0a.0 PCI bridge [0604]: NVIDIA Corporation MCP73 

[Bug 1694115] Re: Parole (MPRIS2 plugin) segfault, error 4 in parole-mpris2.so

[daniel CURTIS]

** Summary changed:

- Parole segfault at 26 ip b39f47f4 sp bfe191b0 error 4 in parole-mpris2.so
+ Parole (MPRIS2 plugin) segfault, error 4 in parole-mpris2.so

** Description changed:

  Hello
  
  I noticed, that during listening an audio CD, Parole is closing every
  time when I'm trying to manually change song time, manually moving time
  bar (e.g. moving forwards a few seconds.) Today, it happened twice --
  one by one. Parole is confined with a working AppArmor profile. However,
  log files contains an entry about this issue:
  
  ✓ May 28 12:22:16 t1aa-test kernel: [ 6950.151393] parole[4512]:
- segfault at 26 ip b39f47f4 sp bfe191b0 error 4 in parole-
- mpris2.so[b39f+13000]
+ segfault at 26 ip * sp * error 4 in parole-mpris2.so[]
  
  But nothing related with AppArmor etc. Parole is working OK; I can
  change - for example- visualizations, use plugins and so on. The only
  one problem is with music listening and changing or better -- moving the
  song time. (Just as I wrote above.) Parole launched via terminal runs
  normally (for example: `$ parole song.mp3` command); there is not any
  errors, warnings etc. Everything is fine. (Log files are empty also.)
  
  I'll provide some technical informations gathered by ubuntu-bug(1)
  utility.
  
  ✗ Application: parole 0.8.1-1ubuntu4
  ✗ Architecture: i686
  ✗ Distro Release: 16.04.2 LTS
  ✗ Current DE: Xfce (ver. 4.12)
  ✗ Kernel version: Linux 4.4.0-79-generic
  
  ● NOTE: I've just found a very similar problem with Parole, but this
  involves playing video files. In my case it's about an audio CD etc.
  
  URL: https://bugs.launchpad.net/ubuntu/+source/parole/+bug/1550444
  
  Thanks, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1694115

Title:
  Parole (MPRIS2 plugin) segfault, error 4 in parole-mpris2.so

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/parole/+bug/1694115/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1656065] Re: Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip, sp error 6 in plugin-container/libxul.so

[daniel CURTIS]

** Changed in: firefox (Ubuntu)
   Status: Fix Released => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1656065

Title:
  Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip, sp
  error 6 in plugin-container/libxul.so

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1656065/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1656065] Re: Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip, sp error 6 in plugin-container/libxul.so

[daniel CURTIS]

Hello Robie.

Unfortunately, this problem appeared again. Today, I have had Firefox
enabled with just two tabs: YouTube and Google Translate. Suddenly,
system start to slow down, disk diode was... red all the time, mouse
cursor moved slowly etc. After a couple of minutes, I managed to start
terminal and used '$ killall firefox' command, which helped -- system
started to work faster again, clicking e.g. on a file, opened Mousepad
almost immediately, in milliseconds etc.

Log files (such as '/var/log/syslog' or '/var/log/kern.log') contains:

✓ Sep  4 13:46:00 holycross kernel: [10194.439105] Chrome_~dThread[3599]: 
segfault at 0 ip b03f6b24 sp afaa1040 error 6 in libxul.so[afb73000+570f000]
✓ Sep  4 13:46:00 holycross kernel: [10195.084439] Chrome_~dThread[4040]: 
segfault at 0 ip b042fb24 sp afada040 error 6 in libxul.so[afbac000+570f000] 

As we can see, there is a problem in 'libxul.so'. (See bug title.)
Firefox version: 55.0.2 (32-bit), e10s enabled (4. processes; changed
from 2. after update), four addons, no Flash. RAM memory checked with
memtest64 - no problems.

I will keep an eye on this, because of a couple of months without
problem. Maybe it was just an accident?

Thanks, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1656065

Title:
  Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip, sp
  error 6 in plugin-container/libxul.so

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1656065/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1656065] Re: Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip, sp error 6 in plugin-container/libxul.so

[daniel CURTIS]

Hello Robie. I understand your point of view. If it's about "Out of
memory: Kill process" etc. message: I wrote that my computer has only
1GB of RAM memory and there are some plans to add more. (By the way;
this is a computer for various tests.) And I've never wrote, that it's a
problem in Ubuntu. This rather a Firefox issue.

After a clean 16.04 LTS installation, I'd enabled an AppArmor profile,
added some dbus-related rules (please see:
 and
comment #45 etc.), installed three addons. When I noticed these problems
with Chrome_ChildThr (it looks like this is a known issue, see: [2], [3]
in my bug description and so on), I decided to disable flash-player -
but with no luck. In the mean time, there was a couple of Firefox
updates.

However, it seems, that this problem is really solved. I did not noticed
this segfaults since a couple of weeks. For now, I'm using Firefox v54.0
with e10s enabled and everything seems to be OK.

I'm sorry, that I cannot describe it the better way. But, I'd mentioned
every steps I'd done after 16.04 LTS Release installation.

Thanks Robie, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1656065

Title:
  Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip, sp
  error 6 in plugin-container/libxul.so

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1656065/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1656065] Re: Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip, sp error 6 in plugin-container/libxul.so

[daniel CURTIS]

** Summary changed:

- Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip b76df673 sp 
b1efe9f0 error 6 in plugin-container/libxul.so
+ Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip, sp error 6 
in plugin-container/libxul.so

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1656065

Title:
  Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip, sp
  error 6 in plugin-container/libxul.so

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1656065/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1659988] Re: Firefox apparmor profile: /usr/bin/python3: error while loading shared libraries: cannot apply additional memory protection after relocation: Permission denied

[daniel CURTIS]

Hello Thomas. Today, I noticed next entry - related with Firefox - in a
log files. I'm wondering whether to add this rule, because it's related
to the ScreenSaver, which seems to be pretty strange. However a log
entry looks this way;

✓ Jun 3 11:45:19 t1aa-kernel dbus[1473]: apparmor="DENIED"
operation="dbus_method_call"  bus="session" path="/ScreenSaver"
interface="org.freedesktop.ScreenSaver" member="Inhibit" mask="send"
name="org.freedesktop.ScreenSaver" pid=2149
label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=1612
peer_label="unconfined"

So, the appropriate rule should look like this;

dbus (send)
 bus=session
 interface=org.freedesktop.ScreenSaver
 member=Inhibit, 

Thomas, what do You think about; path="/ScreenSaver" entry? Do you
think, that "path=/org/freedesktop/ScreenSaver", also should be added,
or "interface=" is enough? But, as I wrote - I don't know if it should
be added to the Firefox profile. I will keep an eye, on this issue.

Thanks, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1659988

Title:
  Firefox apparmor profile: /usr/bin/python3: error while loading shared
  libraries: cannot apply additional memory protection after relocation:
  Permission denied

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1659988/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1550444] Re: Parole media player segfaults when seeking forward in a video file

[daniel CURTIS]

Hello. I'm having similar problem, but in my case it's about playing an
audio CD. (Trying to move a song time forward for a few seconds via
manually moving time bar, Parole is closing immediately.) Here's my bug
report: 

Best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1550444

Title:
  Parole media player segfaults when seeking forward in a video file

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/parole/+bug/1550444/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1694115] Re: Parole segfault at 26 ip b39f47f4 sp bfe191b0 error 4 in parole-mpris2.so

[daniel CURTIS]

** Description changed:

  Hello
  
  I noticed, that during listening an audio CD, Parole is closing every
  time when I'm trying to manually change song time, manually moving time
  bar (e.g. moving forwards a few seconds.) Today, it happened twice --
  one by one. Parole is confined with a working AppArmor profile. However,
  log files contains an entry about this issue:
  
  ✓ May 28 12:22:16 t1aa-test kernel: [ 6950.151393] parole[4512]:
  segfault at 26 ip b39f47f4 sp bfe191b0 error 4 in parole-
  mpris2.so[b39f+13000]
  
  But nothing related with AppArmor etc. Parole is working OK; I can
  change - for example- visualizations, use plugins and so on. The only
  one problem is with music listening and changing or better -- moving the
- song time (Just as I wrote above.) I'll provide some technical
- informations gathered by ubuntu-bug(1) utility.
+ song time. (Just as I wrote above.) Parole launched via terminal runs
+ normally (for example: `$ parole song.mp3` command); there is not any
+ errors, warnings etc. Everything is fine. (Log files are empty also.)
  
- ✗ Application: parole 0.8.1-1ubuntu4 
+ I'll provide some technical informations gathered by ubuntu-bug(1)
+ utility.
+ 
+ ✗ Application: parole 0.8.1-1ubuntu4
  ✗ Architecture: i686
  ✗ Distro Release: 16.04.2 LTS
  ✗ Current DE: Xfce (ver. 4.12)
  ✗ Kernel version: Linux 4.4.0-79-generic
  
+ ● NOTE: I've just found a very similar problem with Parole, but this
+ involves playing video files. In my case it's about an audio CD etc.
+ 
+ URL: https://bugs.launchpad.net/ubuntu/+source/parole/+bug/1550444
+ 
  Thanks, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1694115

Title:
  Parole segfault at 26 ip b39f47f4 sp bfe191b0 error 4 in parole-
  mpris2.so

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/parole/+bug/1694115/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1694115] [NEW] Parole segfault at 26 ip b39f47f4 sp bfe191b0 error 4 in parole-mpris2.so

[daniel CURTIS]

Public bug reported:

Hello

I noticed, that during listening an audio CD, Parole is closing every
time when I'm trying to manually change song time, manually moving time
bar (e.g. moving forwards a few seconds.) Today, it happened twice --
one by one. Parole is confined with a working AppArmor profile. However,
log files contains an entry about this issue:

✓ May 28 12:22:16 t1aa-test kernel: [ 6950.151393] parole[4512]:
segfault at 26 ip b39f47f4 sp bfe191b0 error 4 in parole-
mpris2.so[b39f+13000]

But nothing related with AppArmor etc. Parole is working OK; I can
change - for example- visualizations, use plugins and so on. The only
one problem is with music listening and changing or better -- moving the
song time (Just as I wrote above.) I'll provide some technical
informations gathered by ubuntu-bug(1) utility.

✗ Application: parole 0.8.1-1ubuntu4 
✗ Architecture: i686
✗ Distro Release: 16.04.2 LTS
✗ Current DE: Xfce (ver. 4.12)
✗ Kernel version: Linux 4.4.0-79-generic

Thanks, best regards.

** Affects: parole (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: audio parole segfault xfce4

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1694115

Title:
  Parole segfault at 26 ip b39f47f4 sp bfe191b0 error 4 in parole-
  mpris2.so

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/parole/+bug/1694115/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1656065] Re: Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip b76df673 sp b1efe9f0 error 6 in plugin-container/libxul.so

[daniel CURTIS]

Hello Thomas. Unfortunately, I can not give you a link to the website,
because it happens randomly. (But mostly during watching YouTube etc.) I
have to check this issue with AppArmor profile disabled or in a complain
mode. But it must wait for sometime. I will let you know, what will be
the result of this test.

And yes, I think you're right: Firefox seems to tolerate some of these
DENIED actions, vide "speech-dispatcher" and blocked "x" access. A
couple of weeks ago I've done a memory test with memtest86+ and
everything is OK.

Best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1656065

Title:
  Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip
  b76df673 sp b1efe9f0 error 6 in plugin-container/libxul.so

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1656065/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1659988] Re: Firefox apparmor profile: /usr/bin/python3: error while loading shared libraries: cannot apply additional memory protection after relocation: Permission denied

[daniel CURTIS]

Hello Thomas. Yes, I think you're right; "Apparmor log messages
sometimes occur for special tasks." By the way - today I have again an
issue (this is happening very often) with the plugin-container
(Chrome_ChildThr) segfault. Suddenly, Firefox started to slow down,
system also, audio was looping and a mouse moved slowly. After a long
while I managed to open terminal and kill Firefox process.

Log file - /var/log/syslog - was full of a known alsa-sink issue. There
was also plugin-container (Chrome_ChildThr) entry:

✓ kernel: [24658.609247] plugin-containe[4287]: segfault at 0 ip
800128a8 sp bfdc2430 error 6 in plugin-container[8000f000+1c000]

And... there was also - mentioned in my post #45 - a "/usr/bin/speech-
dispatcher" entry! It showed up once again. I was advised that I should
create a profile for "speech-dispatcher" and use "Px" rule in a Firefox
profile to address this DENIED entry.

However, here is a link to my bug report about plugin-container issues:
 All of
this is happening on 16.04.2 LTS Release and Firefox 53.0.2 version. I
would like to ask: does any of you experienced this problem? I mean:
Firefox, system, mouse freeze and a plugin-container segfault?

Thanks, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1659988

Title:
  Firefox apparmor profile: /usr/bin/python3: error while loading shared
  libraries: cannot apply additional memory protection after relocation:
  Permission denied

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1659988/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1656065] Re: Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip b76df673 sp b1efe9f0 error 6 in plugin-container/libxul.so

[daniel CURTIS]

Hello.

The last two days were full of the plugin-container segfault. However,
today I noticed that pulseaudio and known alsa-sink issue (see;
)
are related with this problem also. During watch e.g. YT video (with
only one tab opened), suddenly, system is no responsive (with very, very
slow mouse motion), audio is jamming etc. After a couple of minutes I
can enable terminal and slowly run `$ killall firefox` command and check
log files.

And /var/log/syslog file contains plugin-container segfault and alsa-
sink entries. While /var/log/kern.log file contains only plugin-
container entry.

✓ kernel: [24658.609247] plugin-containe[4287]: segfault at 0 ip
800128a8 sp bfdc2430 error 6 in plugin-container[8000f000+1c000]

If it's about pulseaudio/alsa-sink -- log entries are very similar with
these mentioned in above link. There is, of course, a known message:

✓ Most likely this is a bug in the ALSA driver 'snd_hda_intel'. Please
report this issue to the ALSA developers. (...)

Very similar problem:
 Same things in my
case: "The video stops, the audio loops the last second or so, and I get
the following errors."

So, another day, another segfault.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1656065

Title:
  Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip
  b76df673 sp b1efe9f0 error 6 in plugin-container/libxul.so

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1656065/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1522675] Re: Warning messages about unsandboxed downloads

[daniel CURTIS]

Hello. I'm sorry Luigi Espenlaub. I should write "chown" in my post. Or
at least mention, that it's just reference to the man pages etc. Sorry
once again. I'm very glad, that You understand it now :- )

Best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1522675

Title:
  Warning messages about unsandboxed downloads

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1522675/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1656065] Re: Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip b76df673 sp b1efe9f0 error 6 in plugin-container/libxul.so

[daniel CURTIS]

Hi. During five days (since my last post - #5) there was about three,
four segfaults in plugin-container. As always with the same log entry:

✓ May 16 18:19:42 my_linux kernel: [ 3000.656624] plugin-containe[2771]:
segfault at 0 ip 800ee8a8 sp bfbeffe0 error 6 in plugin-
container[800eb000+1c000]

There is a fix needed. Best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1656065

Title:
  Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip
  b76df673 sp b1efe9f0 error 6 in plugin-container/libxul.so

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1656065/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1522675] Re: Warning messages about unsandboxed downloads

[daniel CURTIS]

Hello. During flash player update (on 10., May) I have had this
error/message:

✓ W: Can't drop privileges for downloading as file '/var/lib/update-
notifier/package-data-downloads/partial/adobe-
flashplugin_20170509.1.orig.tar.gz' couldn't be accessed by user '_apt'.
- pkgAcquire::Run (13: Permission denied)

It was on a fresh 16.04 LTS Release install. It seems, that there is an
'apt' (ver. 1.2.20) user (vide '/etc/passwd' file.) But, it seems that
'/var/lib/update-notifier/package-data-downloads/' folder have bad
permission, however:

[~]$ ls -la /var/lib/update-notifier/package-data-downloads/ 
[...]
drwxr-xr-x 2 root root [...] partial 

Should I do something about this? I mean, for example, use CHOWN(1)
command to change an owner etc.?

Thank, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1522675

Title:
  Warning messages about unsandboxed downloads

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1522675/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1656065] Re: Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip b76df673 sp b1efe9f0 error 6.

[daniel CURTIS]

Hello. Firefox has crashed again - today, after entering 'about:support'
(in address bar) and pressing Enter key. Log files contain this entry:

✓ May 11 18:44:03 my_linux kernel: [25336.972878]
Chrome_ChildThr[14103]: segfault at 0 ip b3610140 sp b12fee30 error 6 in
libxul.so[b2f39000+44d1000]

However, this time it concerns Firefox 53.0.2 (update while ago) and
16.04 LTS Release. Definitely, something is wrong still.

Thanks, best regards.

** Tags added: libxul.so

** Summary changed:

- Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip b76df673 sp 
b1efe9f0 error 6.
+ Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip b76df673 sp 
b1efe9f0 error 6 in plugin-container/libxul.so

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1656065

Title:
  Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip
  b76df673 sp b1efe9f0 error 6 in plugin-container/libxul.so

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1656065/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1659988] Re: Firefox apparmor profile: /usr/bin/python3: error while loading shared libraries: cannot apply additional memory protection after relocation: Permission denied

[daniel CURTIS]

Hi Thomas.

Firstly; I would like to thank You for all your work. I've had the same
issues with Firefox 53. version running on 16.04 LTS Release (see:
).
There was many DENIED entries in log files, such as, /var/log/kern.log
and /var/log/syslog containing e.g.: "org.freedesktop.UPower" or
"org.gtk.vfs.MountTracker", which appeared always after the very first
Firefox start etc.

Unfortunately, I did not find your bug report earlier, but it helped me
a lot. So, once again; thank You very, very much :- ) By the way; I
think, that Firefox profile needs updates after every new release. There
are always some problems/issues with DENIED entries and so on. However,
I noticed that some of them do not appear for the second time. (For
example; I noticed, that there is "/usr/bin/speech-dispatcher" entry
with requested_mask="x" denied_mask="x" but I saw it only once and
AppArmor rule for this one, seems to be not necessary.)

Thanks, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1659988

Title:
  Firefox apparmor profile: /usr/bin/python3: error while loading shared
  libraries: cannot apply additional memory protection after relocation:
  Permission denied

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1659988/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1653347] Re: [profile] netstat(8): ptrace and many DENIED messages (target=*).

[daniel CURTIS]

Hi. It seems, that this "problem" is solved. After installing 16.04 LTS
Release and doing some tests with various AppArmor rules etc., it turned
out that these two rules fixed this issue;


deny capability sys_ptrace,
deny ptrace,

However, netstat(8) utility in 16.04 LTS Release used with '-p' option
produced different log entries. For example:

[ 2272.884332] audit: type=1400 audit(1494264517.023:78): apparmor="DENIED"
operation="ptrace" profile="/bin/netstat" pid=3544 comm="netstat"
requested_mask="trace" denied_mask="trace" peer="unconfined" 

And so on. More info can be found here:
 I
hope, that this issue is really solved/fixed.

Best regards.

** Summary changed:

- [profile] netstat(8): ptrace and many DENIED messages (target=*).
+ [profile] netstat(8): using '-p' option produces many ptrace-related DENIED 
entries in log files.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1653347

Title:
  [profile] netstat(8): using '-p' option produces many ptrace-related
  DENIED entries in log files.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1653347/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1556419] Re: nf_conntrack: automatic helper assignment is deprecated

[daniel CURTIS]

Hi. The same problem here. Release 16.04.2 LTS, iptables 1.6.0-2ubuntu3
etc. I noticed this one in dmesg entry:

$ sudo dmesg |grep iptables
[ 1168.282586] nf_conntrack: automatic helper assignment is deprecated and it 
will be removed soon. Use the iptables CT target to attach helpers instead. 

I have one more problem with this release; when iptables is in use (with
very simple rules) there is not internet connection. But using ufw
firewall, everything seems to work OK.

Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1556419

Title:
   nf_conntrack: automatic helper assignment is deprecated

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1556419/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1656065] Re: Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip b76df673 sp b1efe9f0 error 6.

[daniel CURTIS]

** Description changed:

  Hello.
  
  Some days ago, Firefox unexpectedly has been closed after a couple of
  hours (mostly viewed: YouTube and some other websites). Next, a dialog
  box related to the Mozilla Crash Reporter appeared - with message, that
  reporter is disabled (which I did earlier via 'about:config' and
  *datareporting.healthreport.service.enabled* key set to _false_) and no
- crash report is available even via 'about:crashes' etc. After this
- situation two entries appeared in the log files: first related to
- AppArmor and second plugin-container segfault. By the way: in the same
- time an update for flash-plugin was also available (see: 1).
+ crash report is available even via 'about:crashes' etc.
+ 
+ After this situation two entries appeared in the log files: first
+ related to the AppArmor and second: plugin-container segfault. By the
+ way: in the same time there was an update for flash-plugin available
+ (see: 1).
  
  Anyway, 'LastCrash' file (which can be found in ~/.mozilla/firefox/Crash
  Reports/ directory) contains only: 1484142985. Just like all the others
  files in this directory. There are also two folders called: 'events' and
- 'pending'. These directories are completely empty. However, system log
- files, such as '/var/log/kern.log' or '/var/log/syslog', contains an
+ 'pending'. But they are completely empty. However, system log files,
+ such as '/var/log/kern.log' or '/var/log/syslog', contains an
  interesting entries:
  
  ● Jan 11 14:56:25 t4 kernel: [ 4161.295639] type=1400
  audit(1484142985.517:46): apparmor="DENIED" operation="open" parent=2818
  profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/2818/task/"
  pid=3253 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000
  ouid=1000
  
  ● Jan 11 14:56:25 t4 kernel: [ 4161.540727] Chrome_ChildThr[2890]:
  segfault at 0 ip b76df673 sp b1efe9f0 error 6 in plugin-
  container[b76d8000+42000]
  
  As we know, thanks to the plugin-container, plugins are separated from
  the browser process, making it more stable, right? So now if a plugin
  crashes, Firefox should remains unharmed. It looks like this is a known
  problem (see: 2, 3).
  
  By the way; on Moday, 16 January, Firefox has been closed again - no
  action from my side. Log files contain the same entries as above:
  
  ● Jan 16 16:39:35 t4 kernel: [14373.711834] type=1400
  audit(1484581175.931:48): apparmor="DENIED" operation="open" parent=2532
  profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/2532/task/"
  pid=3389 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000
  ouid=1000
  
  ● Jan 16 16:39:36 t4 kernel: [14373.934394] Chrome_ChildThr[3041]:
  segfault at 0 ip b76f8673 sp b1efe9f0 error 6 in plugin-
  container[b76f1000+42000]
  
- Anyway, after adding these two rules to the Firefox profile everything
- seems to be OK and there is not DENIED message for "/proc/*/task/"
- entry:
+ Anyway, after adding these two rules to the Firefox profile, everything
+ seems to be OK and there is not DENIED message for "/proc/*/task/" entry
+ anymore (so the first issue is solved):
  
  owner @{PROC}/[0-9]*/task/ r,
  owner @{PROC}/[0-9]*/task/* r,
  
- NOTE: adobe-flash plugin is not activated and is permanently disabled.
- But it's not the second time when AppArmor logs "@{PROC}/*/task/" issue
- (see: 4). Here are some informations about versions:
+ NOTE: This problem occurs when adobe-flash plugin is not activated and
+ is permanently disabled and also when is used/enabled. But it's not the
+ second time when AppArmor logs "@{PROC}/*/task/" issue (see: 4). Here
+ are some informations about versions:
  
  ● Firefox: 50.1.0
  ● Flash: 24.0.0.194ubuntu0.12.04.1
  ● Linux: 3.2.0-120-generic-pae (3.2.79) i686
  ● AppArmor: 2.7.102-0ubuntu3.10
  ● Release: 12.04.5 LTS (via `lsb_release -a` command)
  
  Best regards.
  _
  [1] https://lists.ubuntu.com/archives/precise-changes/2017-January/026047.html
  [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1205199
  [3] https://bugzilla.redhat.com/show_bug.cgi?id=1253086
  [4] https://lists.ubuntu.com/archives/apparmor/2016-December/010422.html

** Description changed:

  Hello.
  
  Some days ago, Firefox unexpectedly has been closed after a couple of
  hours (mostly viewed: YouTube and some other websites). Next, a dialog
  box related to the Mozilla Crash Reporter appeared - with message, that
  reporter is disabled (which I did earlier via 'about:config' and
  *datareporting.healthreport.service.enabled* key set to _false_) and no
  crash report is available even via 'about:crashes' etc.
  
  After this situation two entries appeared in the log files: first
  related to the AppArmor and second: plugin-container segfault. By the
  way: in the same time there was an update for flash-plugin available
  (see: 1).
  
  Anyway, 'LastCrash' file (which can be found in ~/.mozilla/firefox/Crash
  Reports/ directory) contains only: 1484142985. Just like all the others
  files in 

[Bug 1656065] Re: Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip b76df673 sp b1efe9f0 error 6.

[daniel CURTIS]

Hi. Today Firefox has been closed again - only two tabs opened, no
reaction from my side. (No website with flash etc.) Anyway, log files
contains:

● kernel: [  327.337599] Chrome_ChildThr[2594]: segfault at 0 ip
b77812e5 sp b21fe9f0 error 6 in plugin-container[b777d000+1b000]

There was available an update for flash-plugin (ver.
25.0.0.127ubuntu0.12.04.1). Firefox version remains the same as above -
52.0.

Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1656065

Title:
  Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip
  b76df673 sp b1efe9f0 error 6.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1656065/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1656065] Re: Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip b76df673 sp b1efe9f0 error 6.

[daniel CURTIS]

** Description changed:

  Hello.
  
  Some days ago, Firefox unexpectedly has been closed after a couple of
  hours (mostly viewed: YouTube and some other websites). Next, a dialog
  box related to the Mozilla Crash Reporter appeared - with message, that
  reporter is disabled (which I did earlier via 'about:config' and
  *datareporting.healthreport.service.enabled* key set to _false_) and no
  crash report is available even via 'about:crashes' etc. After this
  situation two entries appeared in the log files: first related to
  AppArmor and second plugin-container segfault. By the way: in the same
  time an update for flash-plugin was also available (see: 1).
  
  Anyway, 'LastCrash' file (which can be found in ~/.mozilla/firefox/Crash
  Reports/ directory) contains only: 1484142985. Just like all the others
  files in this directory. There are also two folders called: 'events' and
  'pending'. These directories are completely empty. However, system log
  files, such as '/var/log/kern.log' or '/var/log/syslog', contains an
  interesting entries:
  
- ● /var/log/kern.log:
- 
- Jan 11 14:56:25 t4 kernel: [ 4161.295639] type=1400
+ ● Jan 11 14:56:25 t4 kernel: [ 4161.295639] type=1400
  audit(1484142985.517:46): apparmor="DENIED" operation="open" parent=2818
  profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/2818/task/"
  pid=3253 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000
  ouid=1000
  
- Jan 11 14:56:25 t4 kernel: [ 4161.540727] Chrome_ChildThr[2890]:
+ ● Jan 11 14:56:25 t4 kernel: [ 4161.540727] Chrome_ChildThr[2890]:
  segfault at 0 ip b76df673 sp b1efe9f0 error 6 in plugin-
  container[b76d8000+42000]
  
  As we know, thanks to the plugin-container, plugins are separated from
  the browser process, making it more stable, right? So now if a plugin
  crashes, Firefox should remains unharmed. It looks like this is a known
- problem (see: 2, 3). Anyway, after adding one rule to the Firefox
- profile everything should be okay, but it doesn't:
- 
- owner @{PROC}/[0-9]*/task/* r,
+ problem (see: 2, 3).
  
  By the way; on Moday, 16 January, Firefox has been closed again - no
  action from my side. Log files contain the same entries as above:
  
- Jan 16 16:39:35 t4 kernel: [14373.711834] type=1400
+ ● Jan 16 16:39:35 t4 kernel: [14373.711834] type=1400
  audit(1484581175.931:48): apparmor="DENIED" operation="open" parent=2532
  profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/proc/2532/task/"
  pid=3389 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000
  ouid=1000
  
- Jan 16 16:39:36 t4 kernel: [14373.934394] Chrome_ChildThr[3041]:
+ ● Jan 16 16:39:36 t4 kernel: [14373.934394] Chrome_ChildThr[3041]:
  segfault at 0 ip b76f8673 sp b1efe9f0 error 6 in plugin-
  container[b76f1000+42000]
+ 
+ Anyway, after adding these two rules to the Firefox profile everything
+ seems to be OK and there is not DENIED message for "/proc/*/task/"
+ entry:
+ 
+ owner @{PROC}/[0-9]*/task/ r,
+ owner @{PROC}/[0-9]*/task/* r,
  
  NOTE: adobe-flash plugin is not activated and is permanently disabled.
  But it's not the second time when AppArmor logs "@{PROC}/*/task/" issue
  (see: 4). Here are some informations about versions:
  
  ● Firefox: 50.1.0
  ● Flash: 24.0.0.194ubuntu0.12.04.1
  ● Linux: 3.2.0-120-generic-pae (3.2.79) i686
  ● AppArmor: 2.7.102-0ubuntu3.10
  ● Release: 12.04.5 LTS (via `lsb_release -a` command)
  
  Best regards.
  _
  [1] https://lists.ubuntu.com/archives/precise-changes/2017-January/026047.html
  [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1205199
  [3] https://bugzilla.redhat.com/show_bug.cgi?id=1253086
  [4] https://lists.ubuntu.com/archives/apparmor/2016-December/010422.html

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1656065

Title:
  Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip
  b76df673 sp b1efe9f0 error 6.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1656065/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1656065] Re: Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip b76df673 sp b1efe9f0 error 6.

[daniel CURTIS]

Hi. On Mar 11, Firefox has been closed again. After a couple of hours,
suddenly system began to slow down, mouse cursor moves very lazy etc.
RAM usage was full. (I have only 1GB - planned to add more.) Anyway,
there was YouTube and about 5, 6 other tabs opened. Additionally, a
second Firefox was also running with a couple of tabs opened. System log
files, such as, /var/log/kern.log and /var/log/syslog contained such
entry:

● Mar 11 19:46:53 t4 kernel: [31159.076986] Out of memory: Kill process
4316 (plugin-containe) score 641 or sacrifice child

● Mar 11 19:46:53 t4 kernel: [31159.076992] Killed process 4316 (plugin-
containe) total-vm:1865424kB, anon-rss:735720kB, file-rss:0kB

● Mar 11 19:47:33 t4 kernel: [31200.111636] Chrome_ChildThr[2619]:
segfault at 0 ip b77b72e5 sp b21fe9f0 error 6 in plugin-
container[b77b3000+1b000]

Generally, this log message is longer, but I think that it's appropriate
for another, new thread. One thing, which makes me wonder is (I skipped
the entry for date and kernel name):

● [31159.073984] Call Trace:
kernel: [31159.073993]  [] dump_header.isra.6+0x85/0xc0
kernel: [31159.073997]  [] oom_kill_process+0x5c/0x80
kernel: [31159.074001]  [] out_of_memory+0xc5/0x1c0
kernel: [31159.074006]  [] __alloc_pages_nodemask+0x72e/0x740
kernel: [31159.074010]  [] filemap_fault+0x1f8/0x370
kernel: [31159.074016]  [] __do_fault+0x6e/0x550
kernel: [31159.074020]  [] handle_pte_fault+0xa1/0x2d0
kernel: [31159.074024]  [] handle_mm_fault+0x21b/0x310
kernel: [31159.074029]  [] do_page_fault+0x158/0x4b0
kernel: [31159.074034]  [] ? getnstimeofday+0x55/0x120
kernel: [31159.074039]  [] ? copy_to_user+0x40/0x60
kernel: [31159.074043]  [] ? sys_gettimeofday+0x32/0x70
kernel: [31159.074047]  [] ? vmalloc_fault+0x195/0x195
kernel: [31159.074051]  [] error_code+0x67/0x6c

According to the above entries (and the whole log), I wonder if I should
create a new bug report, related to this issue. Here are some technical
informations:

● Firefox 52.0 (32 bit.)

The rest is the same as in bug report. Thanks, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1656065

Title:
  Firefox and plugin-container (Chrome_ChildThr): segfault at 0 ip
  b76df673 sp b1efe9f0 error 6.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1656065/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1668073] Re: Bleachbit: malformed database schema (collection_metadata) - near "WITHOUT": syntax error: kinto.sqlite.

[daniel CURTIS]

Hi Andrew. I've installed a new Bleachbit version - 1.12 via dpkg(1)
utility. There was some problem with dependencies (Bleachbit depends on
python:any (>= 2.7.5-5~) but there is 2.7.3-0ubuntu2.2 version installed
etc.) Anyway, everything went okay - I mean that I could open and use
Bleachbit. New Bleachbit was installed; I confirmed it with 'dpkg -l'
command and Bleachbit menu.

However, during cleaning files (Firefox was closed), an additional
problems appeared. Here they are:

● Error in execution of 
  Traceback (most recent call last):
File "/usr/share/bleachbit/bleachbit/Worker.py", line 84, in execute
  for ret in cmd.execute(self.really_delete):
File "/usr/share/bleachbit/bleachbit/Command.py", line 149, in execute
  self.func(self.path)
File "/usr/share/bleachbit/bleachbit/FileUtilities.py", line 751, in 
vacuum_sqlite3
  execute_sqlite3(path, 'vacuum')
File "/usr/share/bleachbit/bleachbit/FileUtilities.py", line 307, in 
execute_sqlite3
  '%s: %s' % (Common.decode_str(exc), path))

● DatabaseError: malformed database schema (collection_metadata) - near
"WITHOUT": syntax error:
/home/user/.mozilla/firefox/abcd.default/kinto.sqlite

As we can see, besides malformed database error there is one more
related with python, I guess. But, as I've already mentioned, everything
seems to work okay. But, for now, I decided to remove 1.12 version and
install Precise default, which is 0.9.

By the way; thank You very much for the Bleachbit. It's a very good
application :- )

Thanks, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1668073

Title:
  Bleachbit: malformed database schema (collection_metadata) - near
  "WITHOUT": syntax error: kinto.sqlite.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bleachbit/+bug/1668073/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1668073] [NEW] Bleachbit: malformed database schema (collection_metadata) - near "WITHOUT": syntax error: kinto.sqlite.

[daniel CURTIS]

Public bug reported:

Hi.

Bleachbit is an utility to delete unnecessary files from the system etc.
For a long time - I suppose, since Firefox update to the 48. version -
during cleaning files related to the web browser, I'm seeing such error
(it makes no difference if bleachbit is running via sudo(8) or as a
normal user):

● malformed database schema (collection_metadata) - near "WITHOUT":
syntax error: /home/user/.mozilla/firefox/abcd.default/kinto.sqlite

According to the file(1) utility, _kinto.sqlite_ is: "SQLite 3.x
database, user version 1". I've tried to edit this file, to check what
contains, and there is only one line:

● SQLite format 3

Nothing more, nothing less. Everything seems to work okay - no problems
with Firefox, bleachbit etc. I have no idea what's the reason of this
error. Here are some technical informations:

# Bleachbit: 0.9.1-1 (url: http://www.bleachbit.org/)
# Firefox: 51.0.1 (32 bit)
# Release: 12.04.5 LTS (according to the lsb_release(1) command). 

Thanks, best regards.

** Affects: bleachbit (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: bleachbit database kinto.sqlite malformed

** Summary changed:

- malformed database schema (collection_metadata) - near "WITHOUT": syntax 
error: kinto.sqlite.
+ Bleachbit: malformed database schema (collection_metadata) - near "WITHOUT": 
syntax error: kinto.sqlite.

** Description changed:

  Hi.
  
+ Bleachbit is an utility to delete unnecessary files from the system etc.
  For a long time - I suppose, since Firefox update to the 48. version -
  during cleaning files related to the web browser, I'm seeing such error
  (it makes no difference if bleachbit is running via sudo(8) or as a
  normal user):
  
  ● malformed database schema (collection_metadata) - near "WITHOUT":
  syntax error: /home/user/.mozilla/firefox/abcd.default/kinto.sqlite
  
  According to the file(1) utility, _kinto.sqlite_ is: "SQLite 3.x
  database, user version 1". I've tried to edit this file, to check what
  contains, and there is only one line:
  
  ● SQLite format 3
  
  Nothing more, nothing less. Everything seems to work okay - no problems
  with Firefox, bleachbit etc. I have no idea what's the reason of this
  error. Here are some technical informations:
  
  # Bleachbit: 0.9.1-1 (url: http://www.bleachbit.org/)
  # Firefox: 51.0.1 (32 bit)
  # Release: 12.04.5 LTS (according to the lsb_release(1) command). 
  
  Thanks, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1668073

Title:
  Bleachbit: malformed database schema (collection_metadata) - near
  "WITHOUT": syntax error: kinto.sqlite.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bleachbit/+bug/1668073/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1659922] Re: Firefox 51.0.1 does not display pages/shows blank pages.

[daniel CURTIS]

Hi William. I've had this problem last year (see:
)
and adding one rule - according to logs messages - fixed this issue. It
was:

owner /{dev,run}/shm/org.chromium.* rwk,

A rule, which was added by the latest Firefox update/build (mentioned by
You). So, honestly I have not nothing to do - I just have kept the
current version. During update there was a message about changes made by
the maintainer etc., and I had to decide what to do. Of course I've used
"N" or "O" option. That's all. Release: 12.04 LTS.

Best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1659922

Title:
  Firefox 51.0.1 does not display pages/shows blank pages.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1659922/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1659988] Re: Firefox apparmor profile: /usr/bin/python3: error while loading shared libraries: cannot apply additional memory protection after relocation: Permission denied

[daniel CURTIS]

Hi Thomas. Thanks for a patch, but as I mentioned it earlier; I'm using
12.04 LTS (but preparing to do an update, because of EoL etc.) so I
can't use this patch for now in view of, for example:

dbus (send)
   bus=session
   [...] 

rules and so on. (As already mentioned; post # 35.) Using these rules
will provide an error message during using apparmor_parser(8) to load a
"new" Firefox profile into the kernel. But, definitely I'll use your
patch after an update :- )

Thanks, best regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1659988

Title:
  Firefox apparmor profile: /usr/bin/python3: error while loading shared
  libraries: cannot apply additional memory protection after relocation:
  Permission denied

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1659988/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1659988] Re: Firefox apparmor profile: /usr/bin/python3: error while loading shared libraries: cannot apply additional memory protection after relocation: Permission denied

[daniel CURTIS]

Hi Thomas. This update was available yesterday (at least for 12.04 LTS
Release) and there was only one rule added:

owner /{dev,run}/shm/org.chromium.* rwk,

Which - as I already mentioned - added this a few months ago.
(Basically, last year.) So, for me, this update changes nothing. (See:
 and
post # 51.)

Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1659988

Title:
  Firefox apparmor profile: /usr/bin/python3: error while loading shared
  libraries: cannot apply additional memory protection after relocation:
  Permission denied

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1659988/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1659988] Re: Firefox apparmor profile: /usr/bin/python3: error while loading shared libraries: cannot apply additional memory protection after relocation: Permission denied

[daniel CURTIS]

Hi Thomas. Yes, you're right: "the apparmor profile shipped with ubuntu
12.04 is different from that version". I'm using 12.04 LTS Release and
after Firefox has been updated to the 49/50/51 versions, I've had to add
some rules to the existing Firefox profile (please see:
 and my
last comment # 51.) Everything was related to the e10s and a new Firefox
versions.

Anyway, it seems that 12.04 LTS Release have pretty old AppArmor version
and rules, such like:

dbus (send)
   bus=session
   peer=(name=org.a11y.Bus), 

and so on, mentioned by You (for example; your patch in post # 31 etc.)
are not compatible with 12.04 LTS. That's all.

Beat regards.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1659988

Title:
  Firefox apparmor profile: /usr/bin/python3: error while loading shared
  libraries: cannot apply additional memory protection after relocation:
  Permission denied

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1659988/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs