Thanks for added info and to Lucas for the initiall report. I plan to look
at this in the coming days.
On January 15, 2025 5:06:08 PM s3v wrote:
Dear Maintainer,
After applying this commit [1], I was able to build your package in
a sid chroot environment and autopkgtests pass as well.
Kind
On Tue, 23 May 2023, Paul Gevers wrote:
> > Bug fixes and translations will not be available in bookworm (I am upstream
> > ufw
> > and I cut 0.36.2 specifically for bookworm users).
>
> Please elaborate. It's Full Freeze time. A new upstream needs a lot of
> defending to be considered a targete
Package: release.debian.org
This has additional information:
https://alioth-lists.debian.net/pipermail/piuparts-devel/2023-May/009566.html
On May 18, 2023 10:33:36 PM Jamie Strandboge wrote:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags
args (LP: #1965462)
+ * src/backend.py: add get_rules_ipv4() and get_rules_ipv6() (LP: #1951018)
+ * tests/check-requirements: update for python 3.10+
+ * tests/root: normalize 'ACCEPT {all,tcp}' and 'ACCEPT N' for newer systems
+
+ -- Jamie Strandboge Thu, 18 May 2023 08:45
Hi,
Thank you for your report.
By default, ufw adds rules for icmp echo-request to the host *before*
'user rules' in /etc/ufw/before.rules and /etc/ufw/before6.rules. This
is why the 'ufw route deny' rules aren't affecting the ping request
behavior. This is expected behavior.
However, modifying
On Tue, 02 May 2023, Marek Küthe wrote:
> Hello,
>
> thank you for the answer.
>
> I must admit that I was a bit hasty in reporting this error. This error
> occurred when I tried to automate my ufw firewall rules with ansible.
> In doing so, I had unfortunately run several scripts which inserted
On Mon, 01 May 2023, Jamie Strandboge wrote:
> Thank you for the report. If you update hex_decode() in
> /usr/lib/python3/dist-packages/ufw/util.py to use this:
>
> return binascii.unhexlify('%2s' % h).decode("utf-8")
>
> instead of:
>
>
On Tue, 02 May 2023, Jamie Strandboge wrote:
> Don't worry about the above, I have a better mitigation to avoid tracing
> back:
> https://git.launchpad.net/ufw/commit/?id=a14ab9777cde6308724164f5c42d368d2a823b3a
Sorry, this is the correct commit:
https://git.launchpad.net/
Thanks for this! I plan to add this in the next ufw release and then
push that to Debian with the next upload.
--
Email: ja...@strandboge.com
IRC: jdstrand
Thanks for this! It will be in the next upload.
--
Email: ja...@strandboge.com
IRC: jdstrand
Thank you for the report. If you update hex_decode() in
/usr/lib/python3/dist-packages/ufw/util.py to use this:
return binascii.unhexlify('%2s' % h).decode("utf-8")
instead of:
return binascii.unhexlify(h).decode("utf-8")
Does it resolve the issue for you?
--
Email: ja...@strandboge.c
Thanks for the report and patch. Your fix will be in the next upload of
ufw.
--
Email: ja...@strandboge.com
IRC: jdstrand
Thank you for reporting a bug and sorry for only seeing it now.
You mentioned: "From time to time, it hangs on startup so, if you are a
normal user, it is no easy to find the problem." What is hanging on
startup, the ufw oneshot service? This should not be happening. Can you
provide more info on t
Thanks for the report and sorry that I only just now saw it.
ufw uses the iptables compat packages and does not use nftables. This
line:
Starting firewall: ufw...
iptables-restore v1.8.7 (nf_tables):
simply means that the 'iptables-restore' command is using the nf_tables
backend. This bug looks
On Tue, 29 Dec 2020, Jamie Strandboge wrote:
> On Tue, 29 Dec 2020, Energo Koder wrote:
> > Anywhere on enp0s25LIMIT Anywhere
> > Anywhere on wlx08beac034eef LIMIT Anywhere
>
> I suspect it is these two lines that are
On Tue, 29 Dec 2020, Energo Koder wrote:
> Package: ufw
> Version: 0.36-1
> Severity: important
>
> Dear Maintainer,
>
> *** Reporter, please consider answering these questions, where appropriate ***
>
>* What led up to the situation?
>
> I run these commands on ufw protected Debian 10:
am kernel (perhaps 5.11).
--
Jamie Strandboge | http://www.canonical.com
On Mon, 02 Mar 2020, Алексей Шилин wrote:
> On Tue, 23 Jul 2019 14:09:52 -0500 Jamie Strandboge <
> ja...@canonical.com> wrote:
> > The 'core' snap is one such runtime that is on all systems with snaps
> > installed and the 'core' snap contains '
On Wed, 26 Feb 2020, Jamie Strandboge wrote:
> Thanks for the report! Yes, this is known and the fix queued. I was
> recently approved for Debian Maintainer and will do this as soon as I'm
> given upload permissions (key added, in process of getting someone to
> run dcut for me).
On Fri, 13 Dec 2019, Jamie Strandboge wrote:
> On Thu, 10 Oct 2019, Jonathan Dowland wrote:
>
> > Package: ufw
> > Version: 0.36-1
> > Severity: important
> >
> > Dear Maintainer,
> >
> > Post-buster upgrade, and ufw is no longer functioning cor
Package: iptables
Version: 1.8.4-3
Followup-For: Bug #949576
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu focal ubuntu-patch
Dear Maintainer,
The Breaks/Replaces added to fix this bug were not quite correct (we saw this
in Ubuntu: https://launchpad.net/bugs/1865055). I've adjusted
ld
> on amd64.
Thanks for the report! Yes, this is known and the fix queued. I was
recently approved for Debian Maintainer and will do this as soon as I'm
given upload permissions (key added, in process of getting someone to
run dcut for me).
--
Jamie Strandboge | http://www.canonical.com
gt; PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
> > 64 bytes from 8.8.8.8: icmp_seq=1 ttl=51 time=9.00 ms
> > 64 bytes from 8.8.8.8: icmp_seq=2 ttl=51 time=9.01 ms
> > ^C
> > --- 8.8.8.8 ping statistics ---
> > 2 packets transmitted, 2 received, 0% packet loss, time 1001ms
&
On Tue, 21 Jan 2020, Vitaly Potyarkin wrote:
>
> Package: ufw
> Severity: wishlist
>
> Hello,
>
> I've been using ufw for a long time to configure firewall rules on Debian 8
> and
> Debian 9. Current stable (Debian 10) has switched default firewall engine to
> nftables.
>
> If I understand co
On Tue, 07 Jan 2020, Jamie Strandboge wrote:
> On Thu, 26 Dec 2019, Valentin Vidić wrote:
>
> > Since iptables 1.8.4-1 compat symlink /sbin/iptables does
> > not exist any more, so the ufw always fails:
> >
> > # strace -e trace=execve -ff ufw status
> > exe
On Wed, 22 Jan 2020, Jamie Strandboge wrote:
> There are two cases (outlined in the upstream bug) that is causing ufw
> trouble when using iptables-nft-restore with stdin:
I forgot to mention, pkg-netfilter-team, ufw 0.36-2 adds (among other
things) autopkgtest tests that will hopefully u
On Tue, 21 Jan 2020, Paul Aurich wrote:
> Package: ufw
> Version: 0.36-1
> Severity: grave
> Justification: renders package unusable
>
> ufw fails to start with iptables 1.8.4-2, even after #946289 is fixed.
> Downgrading to iptables 1.8.3-2 fixes this. iptables-restore
> (iptables-nft-restore)
On Thu, 26 Dec 2019, Valentin Vidić wrote:
> Since iptables 1.8.4-1 compat symlink /sbin/iptables does
> not exist any more, so the ufw always fails:
>
> # strace -e trace=execve -ff ufw status
> execve("/usr/sbin/ufw", ["ufw", "status"], 0x7fff9d7faa10 /* 9 vars */) = 0
> strace: Process 5805 at
ou can also remove the old socket path and then "ibus (<< 1.5.21-5)" should
> be
> added to Breaks.
FYI, this is:
https://salsa.debian.org/apparmor-team/apparmor/commit/8c11bb9f2744555cc9c79447b5adb4dedfd36d2b
I didn't upstream it yet because of the referenced bug, but there is no
reason this couldn't be included in Debian until that bug is fixed.
--
Jamie Strandboge | http://www.canonical.com
On Fri, 13 Dec 2019, Jamie Strandboge wrote:
> I can confirm this. It looks like iptables-restore and iptables6-restore
> in 1.8.4 has broken -n behavior with the nft varieties.
This is https://bugzilla.netfilter.org/show_bug.cgi?id=1394
--
Email: ja...@strandboge.com
IRC: jdstrand
On Thu, 10 Oct 2019, Jonathan Dowland wrote:
> Package: ufw
> Version: 0.36-1
> Severity: important
>
> Dear Maintainer,
>
> Post-buster upgrade, and ufw is no longer functioning correctly. I'm using
> ip(6)tables-legacy, rather than the newer xtables stuff, for interoperability
> with docker. M
On Fri, 06 Dec 2019, Antonio Terceiro wrote:
> Package: ufw
> Version: 0.36-1
> Severity: grave
> Justification: renders package unusable
>
> This started since the latest upgrade of iptables (1.8.4). Reverting to
> 1.8.3 (testing) makes it work again.
>
> This is the contents of the journal for
On Sun, 08 Sep 2019, intrig...@debian.org wrote:
> Package: mutter
> Version: 3.33.92-1
> Severity: important
> X-Debbugs-Cc: Jamie Strandboge
>
> Hi,
>
> the AppArmor policy included in the apparmor package, up to and
> including 2.13.3-4, breaks Xwayland apps
hile other stayed when 'ufw app update all' was
> triggered. I cannot unfortunately tell you precisely which apps were
> deleted; my logs seem to indicate that it was in majority outgoing rules for
> 'Nginx Full', 'DNS' and 'Mail'.
>
> Sorry if
However there isn't enough information in this bug report to be sure.
Can you provide the full list of ufw app rules in the order you add them
for any rules that reference Nginx Full, DNS and Mail? You can send that
to me privately if you prefer.
Thanks!
--
Jamie Strandboge | http://www.canonical.com
signature.asc
Description: PGP signature
armor.d/abstractions/wayland, thus reassigning. I'll prepare
> a merge request upstream and will fix this in Debian ASAP.
>
IME this should be fixed in the X abstraction since the path is for
Xwayland, an X server (that talks to wayland).
--
Jamie Strandboge | http://www.canonical.com
signature.asc
Description: PGP signature
On Tue, 23 Jul 2019, intrig...@debian.org wrote:
> Package: snapd
> Version: 2.37.4-1
> Severity: normal
> X-Debbugs-Cc: Jamie Strandboge
>
> Hi,
>
> One of the Ubuntu maintainers for src:apparmor (Jamie, Cc'ed) has
> recently added a "Breaks: snapd (<&
Package: evince
Version: 3.32.0-1
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu eoan ubuntu-patch
Dear Maintainer,
In Ubuntu, the attached patch was applied to achieve the following:
* debian/apparmor-profile:
- allow 'rk' on @{HOME}/.config/encha
Package: apparmor-profiles-extra
Version: 1.26
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu disco ubuntu-patch
In Ubuntu, the attached patch was applied to achieve the following:
* debian/tests/control:
- try to pull in linux-image-generic for Ubu
gt; ii iptables 1.8.2-3
> ii lsb-base 10.2018112800
> ii python33.7.2-1
> ii ucf3.0038+nmu1
>
> ufw recommends no packages.
>
> Versions of packages ufw suggests:
> ii rsyslog 8.40.0-1+b1
>
> -- debconf information:
> ufw/existing_configuration:
> ufw/allow_known_ports:
> ufw/enable: false
> ufw/allow_custom_ports:
--
Jamie Strandboge | http://www.canonical.com
signature.asc
Description: PGP signature
> +++ /etc/apparmor.d/tunables/alias2019-01-16 00:20:42.868356851 +0100
> @@ -14,3 +14,5 @@
> #
> # Or if mysql databases are stored in /home:
> # alias /var/lib/mysql/ -> /home/mysql/,
> +
> +alias /bin/sh -> /bin/dash,
>
This isn't going to be true on all distributions and is probably not a
reasonable default for AppArmor upstream (but indeed might be for the distro of
your choice). Ie, it is possibly ok as a Debian distro patch (needs
discussion).
--
Jamie Strandboge | http://www.canonical.com
signature.asc
Description: PGP signature
on by default and the current upstream mechanisms have proved 'ok enough'.
I'll speculate and say this probably has something to do with the fact that the
@{XDG_*_DIR} variables aren't widely used in system-shipped policy and what is
left is sysadmin created policy and if the sysadmin is writing the policy, the
man page is likely consulted.
--
Jamie Strandboge | http://www.canonical.com
signature.asc
Description: PGP signature
ables, so reassigning to there for now.
Seems either iptables 1.8 has kernel version requirements that need to be
expressed in iptables' Debian packaging or iptables nft needs to be updated to
work with older kernels.
--
Jamie Strandboge | http://www.canonical.com
signature.asc
Description: PGP signature
; empty directories. The code is covered with code like (setup.py)
ufw is now maintained in git[1] and this directory is no longer empty. I didn't
try gbp, so a failure there would indicate a new bug. Thanks again for filing
this issue.
[1]https://git.launchpad.net/ufw/
--
Jamie
On Thu, 13 Dec 2018, Jamie Strandboge wrote:
> I can confirm this. What is happening is that ufw is trying to interrogate the
> kernel to see if it has some functionality and that fails because the
> installer
> kernel doesn't have the necessary kernel modules loaded (or avail
early and the rules aren't added. When you
reboot, this kernel has everything needed, but the rules are missing.
I'm exploring a fix that will turn this error condition into a warning when ufw
is not enabled. Preliminary testing shows this fixes the preseeding problem.
--
Jamie Strandboge | http://www.canonical.com
signature.asc
Description: PGP signature
Fyi, I reopened this since it was accidentally closed. I plan on looking at
this bug, so hopefully we can close it for real soon. :)
--
Jamie Strandboge | http://www.canonical.com
signature.asc
Description: PGP signature
reopen 909163 =
signature.asc
Description: PGP signature
This issue is caused be a regression in iptables 1.8.1:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912610
This is now addressed in iptables. Please upgrade to iptables 1.8.2-2 and ufw
should start work again. If not, please file a new bug.
Thanks!
--
Jamie Strandboge | http
will keep this bug open for the
> > incompatibility. I'll file a new bug against iptables for the (possible)
> > regression. As a temporary workaround, feel free to downgrade to iptables
> > 1.6.
FYI, I filed this bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?b
On Thu, 01 Nov 2018, Karlheinz Geyer wrote:
> Hi Jamie,
> thx vm for ur reply...
>
> Jamie Strandboge [01.11.2018 13.34.36 -0500]:
>
> > What is the output of:
> >
> > $ sudo /usr/share/ufw/check-requirements
>
> # /usr/share/ufw/check-requirement
Package: iptables
Version: 1.8.1-2
Severity: normal
Dear Maintainer,
I am the maintainer of ufw in Debian and received bug report #911986 with a
preliminary analysis here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911986#35
In short, the nf_tables variety of iptables differs in how it h
ible)
regression. As a temporary workaround, feel free to downgrade to iptables 1.6.
With preliminary testing, it seems that ufw can work with the nf_tables variety
of iptables/ip6tables except for this -Z issue.
--
Jamie Strandboge | http://www.canonical.com
signature.asc
Description: PGP signature
log rotation that would do that, but it is possible that you have
something else installed that flushing the firewall configuration as part of
its log rotation. What is the output of:
$ ls /etc/logrotate.d
--
Jamie Strandboge | http://www.canonical.com
signature.asc
Description: PGP signature
What is the output of:
$ sudo /usr/share/ufw/check-requirements
--
Jamie Strandboge | http://www.canonical.com
signature.asc
Description: PGP signature
What is the output of:
$ sudo /usr/share/ufw/check-requirements
--
Jamie Strandboge | http://www.canonical.com
signature.asc
Description: PGP signature
Package: evince
Version: 3.30.1-1
Followup-For: Bug #911161
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu disco ubuntu-patch
In Ubuntu, we updated the patch or old non-bubblewrap and new with-bubblewrap
compatible rules.
-- System Information:
Debian Release: buster/sid
APT prefer
rotate rsyslog-managed logs. Could it be that your rsyslogd is not
properly restarting for some reason? If so, this would be a bug in rsyslog. It
also seems like you removed /etc/logrotate.d/ufw (see above).
--
Jamie Strandboge | http://www.canonical.com
signature.asc
Description: PGP signature
Package: evince
Version: 3.30.1-1
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu cosmic ubuntu-patch
Dear Maintainer,
In Ubuntu, the attached patch was applied to achieve the following:
* debian/apparmor-profile: adjust thumbnailer policy for updated t
On Tue, 02 Oct 2018, Jeremy Bicha wrote:
> Control: user -1 pkg-apparmor-t...@lists.alioth.debian.org
> Control: usertags -1 + modify-profile
>
> On Sat, Sep 29, 2018 at 10:15 AM Jamie Strandboge wrote:
> > In Ubuntu, the attached patch was applied to achieve the following:
0
-0500
@@ -1,6 +1,15 @@
# vim:syntax=apparmor
-# Author: Kees Cook
-# Jamie Strandboge
+
+# evince is not written with application confinement in mind and is designed to
+# operate within a trusted desktop session where anything running within the
+# user's session is trusted. T
Package: gnome-shell-extension-system-monitor
Version: 35-1
Followup-For: Bug #904442
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu cosmic ubuntu-patch
Dear Maintainer,
https://github.com/paradoxxxzero/gnome-shell-system-monitor-applet/issues/449
is the upstream bug for this issue,
On Sat, 2018-07-28 at 06:53 +0200, Michael Jahn wrote:
Your bug report lacks detail to triage the issue, though I suspect the
issue is not a bug in ufw because the ufw command does not output '[UFW
BLOCK]' -- these messages from from the kernel.
--
Jamie Strandboge
Package: squashfs-tools
Version: 1:4.3-6
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu cosmic ubuntu-patch
Dear Maintainer,
In Ubuntu, the attached patch was applied to achieve the following:
* debian/patches/0010-use-macros-not-raw-octal-with-chmod.p
ue to
>
> python3.6 (3.6.5~rc1-2) unstable; urgency=medium
>
> * python3.6: Drop dependency on python3-distutils.
> ...
> -- Matthias Klose Tue, 20 Mar 2018 14:29:58 +0800
Thanks for reporting this issue. I've prepared 0.35-6 to address this
issue and it should
n/usr.sbin.tcpdump
--- tcpdump-4.9.2/debian/usr.sbin.tcpdump 2017-12-31 08:48:36.0
-0600
+++ tcpdump-4.9.2/debian/usr.sbin.tcpdump 2018-03-26 15:28:20.0
-0500
@@ -1,6 +1,4 @@
# vim:syntax=apparmor
-# Last Modified: Wed Feb 3 07:58:30 2009
-# Author: Jamie Strandboge
#inc
it formatted patch attached.
>
Thanks! Fix in bionic.
> Have a good day,
You too :)
> Vincent
--
Jamie Strandboge | http://www.canonical.com
signature.asc
Description: This is a digitally signed message part
On Mon, 2018-01-22 at 22:55 +0100, Vincent Blut wrote:
> Hi Jamie,
>
> On Mon, Jan 22, 2018 at 02:17:26PM -0600, Jamie Strandboge wrote:
> > Package: chrony
> > Version: 3.2-1
> > Severity: wishlist
> > Tags: patch
> > User: ubuntu-de...@lists.ubuntu.com
&g
Package: chrony
Version: 3.2-1
Severity: wishlist
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu bionic ubuntu-patch
Dear Maintainer,
In Ubuntu, the attached patch was applied to achieve the following:
* add AppArmor profile for /usr/sbin/chronyd:
- add debian/usr.
Package: usbguard
Version: 0.7.0+ds1-1
Followup-For: Bug #875808
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu artful ubuntu-patch
Dear Maintainer,
In Ubuntu, the attached patch was applied to achieve the following:
* debian/patches/bug875808.patch: fix UEventDeviceManager to wor
reproduce this in an up to date sid chroot:
test_get_netfilter_capabilities (tests.unit.test_util.UtilTestCase)
Test get_netfilter_capabilities() ... ok
Can you provide more details (eg, how you fetched the source, changes you made,
exact command used to lead to the error, etc).
Thanks!
--
Jamie Strandboge | http://www.canonical.com
signature.asc
Description: This is a digitally signed message part
Package: usbguard
Version: 0.7.0+ds1-1
Severity: normal
Dear Maintainer,
I tried usbguard in Ubuntu 17.10 with the proposed 4.13 kernel and found
'usbguard generate-policy' didn't work:
ERROR: UEventDeviceManager: present devices: enumeration timeout
I then found:
https://github.com/dkopecek/us
;t without its problems, but wanted to clarify this point wrt
Ubuntu at least.
--
Jamie Strandboge | http://www.canonical.com
signature.asc
Description: This is a digitally signed message part
On Thu, 2017-04-27 at 14:52 +0200, Christian Ehrhardt wrote:
>
> @Marc / Jamie - if you could ack publicly to the re-licensing here that
> would be great.
Feel free to relicense to GPLv2+.
--
Jamie Strandboge | http://www.canonical.com
signature.asc
Description:
Package: cups
Version: 2.2.2-1
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu zesty ubuntu-patch
Dear Maintainer,
In Ubuntu, the attached patch was applied to achieve the following:
* debian/local/apparmor-profile:
- allow cupsd and cups-pdf to com
On Sun, 2017-01-08 at 07:39 -0600, Jamie Strandboge wrote:
> On Thu, 2016-12-29 at 09:10 +, Chris Lamb wrote:
> > Command '--dry-run allow ssh/udp' exited with '1', but expected '0'
> > ** FAIL **
FYI, this is now fixed in trunk and this w
rom /etc/services for ssh/udp. Before:
$ grep ssh /etc/services
ssh 22/tcp # SSH Remote Login
Protocol
ssh 22/udp
Now:
$ grep ssh /etc/services.dpkg-new
ssh 22/tcp # SSH Remote Login
Protocol
--
Jamie Strandboge | http://www.canonical.com
signature.asc
Description: This is a digitally signed message part
ell me if I
> should delay it longer.
>
> Regards.
Thanks! This looks good to me.
--
Jamie Strandboge | http://www.canonical.com
signature.asc
Description: This is a digitally signed message part
rmor
security policy. I haven't looked at qemu:///session in ages, but back when I
did, a separate libvirtd ran as the user was used for 'session' (as opposed to
the root running one for 'system') and as a result it should not be trying to
modify the policy at all (it doe
er a profile (even if it is super strict or lenient), you can replace that
profile and have it apply to the running process. The man page is not at all
clear on this point and that is a bug in the man page.
--
Jamie Strandboge | http://www.canonical.com
signature.asc
Description: This is a digitally signed message part
retitle 829269 dmesg: ip6_tables: disagrees about version of symbol
xt_compat_match_from_user in a fresh install
reassign 829269 iptables
thanks
I can't reproduce this on testing either but based on the report it seems this
would be better reported against iptables since that is the package that i
n33.5.1-2
> pn python3:any
> ii ucf3.0035
>
> ufw recommends no packages.
>
> Versions of packages ufw suggests:
> ii rsyslog 8.16.0-1
>
> -- debconf information excluded
--
Jamie Strandboge | http://www.canonical.com
signature.asc
Description: This is a digitally signed message part
Thanks for filing the bug and submitting the patch. This will be fixed in 0.34-3
--
Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
cible.debian.net/logs/unstable/amd64/ufw_0.34-1.build1.log.gz
>
>
Huh, this worked in a sid schroot and in the Ubuntu sync to wily. I'll take a
look and get this fixed up. Thanks for the report!
--
Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
Thank you for reporting this bug. This is a feature request and is being
tracked in:
https://bugs.launchpad.net/ufw/+bug/1204579
--
Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
On 07/20/2015 03:01 PM, Jamie Strandboge wrote:
> On 07/17/2015 03:27 PM, Quentin Berling wrote:
>> Hi,
>> I'm still having the problem.
>> I just did :
>> # ufw disable
>> # reboot
>> # ufw status
>> ERROR: problem running ip6tables
>
> I
log, syslog and other
details).
Thanks
--
Jamie Strandboge http://www.ubuntu.com/
getinfo.sh
Description: application/shellscript
signature.asc
Description: OpenPGP digital signature
minor patch just permits igmp.
>
> Note if you add a port to igmp ufw tries to add the rule but iptables
> complains. This is the same problem/feature as for protocols such as
> ESP.
>
Thanks for the bug. FYI, this was fixed in r875 a few days ago and will be in
u
I'm sorry for responding to this now. http://privatepaste.com/97f2611c62 is no
longer available. Are you still having the problem? If so, can you provide the
output of:
# /usr/share/ufw/check-requirements
Thank you
--
Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
On 06/16/2015 12:38 PM, Kees Cook wrote:
> On Fri, Jun 12, 2015 at 04:01:39PM -0500, Jamie Strandboge wrote:
>> In Ubuntu, the attached patch was applied to achieve the following:
>>
>> - add autopkgtests
>>
>> Thanks for considering the patch.
>
> H
Package: libseccomp
Version: 2.2.1-1
Severity: wishlist
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu wily ubuntu-patch
Dear Maintainer,
In Ubuntu, the attached patch was applied to achieve the following:
- add autopkgtests
Thanks for considering the patch.
-- Syst
it doesn't
exist and then leave it alone thereafter (this way the admin can modify this
file rather than the profile in /etc/apparmor.d, which is a conffile). That
said, purge should remove them and if it doesn't it should be fixed.
--
Jamie Strandboge | http://www.ubuntu.com
signature.asc
Description: OpenPGP digital signature
Thank you for the translation. This has been added to bzr and will be in the
next upload.
--
Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
Thanks for the bug report. What is the output of:
# /usr/share/ufw/check-requirements
--
Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
source-country KR,CN,IN,RU,TR,VN,UA,BR,VE,JP
ufw-user-input all -- 0.0.0.0/00.0.0.0/0
Note, I was thinking you might need to add xt_geoip to IPT_MODULES in
/etc/default/ufw, but they seemed to have autoloaded fine on boot.
--
Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
On 12/18/2014 11:32 PM, Tianon Gravi wrote:
> On 7 October 2014 at 13:45, Jamie Strandboge wrote:
>> Now, Ubuntu had dbus, signal, ptrace and unix mediation whereas Debian does
>> not yet (this is is part of the upcoming AppArmor 2.9 and the corresponding
>> kernel patches
k empty, try 'dmesg | grep
DEN')
Thanks!
--
Jamie Strandboge | http://www.ubuntu.com
signature.asc
Description: OpenPGP digital signature
Package: cups-filters
Version: 1.0.57-1
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu ubuntu-patch
Dear Maintainer,
In Ubuntu, the attached patch was applied to achieve the following:
* debian/apparmor/usr.sbin.cups-browsed: allow read on /etc/cups/l
bian/patches/sync-apparmor-with-lxc.patch
--- docker.io-1.2.0~dfsg1/debian/patches/sync-apparmor-with-lxc.patch 1969-12-31 18:00:00.0 -0600
+++ docker.io-1.2.0~dfsg1/debian/patches/sync-apparmor-with-lxc.patch 2014-10-01 13:23:40.00000 -0500
@@ -0,0 +1,173 @@
+Author: Jamie Strandboge
+
Package: openjdk-6
Version: 6b30-1.13.1-1
Severity: serious
Tags: patch
Justification: fails to build from source (but built successfully in the past)
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu trusty ubuntu-patch
Dear Maintainer,
In preparing security updates for older releases
1 - 100 of 195 matches
Mail list logo
