$ ./change-override -c main -S google-osconfig-agent
Override component to main
google-osconfig-agent 20210218.00-0ubuntu1 in hirsute: universe/devel -> main
google-osconfig-agent 20210218.00-0ubuntu1 in hirsute amd64:
universe/devel/optional/100% -> main
google-osconfig-agent 20210218.00-0ubuntu1
I've added the package to the supported-cloud seed at
https://code.launchpad.net/~ubuntu-core-dev/ubuntu-
seeds/+git/platform/+ref/hirsute
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891934
Title:
- Previous concerns were addressed
- Security team acked
Accepting thus the more and moving status to reflect this.
** Changed in: google-osconfig-agent (Ubuntu)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribe
** Changed in: google-osconfig-agent (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891934
Title:
[MIR] google-osconfig
I took another very quick look at the previous issues I reported and
most have been addressed; the extractZip, extractTar functions still
look quite likely to have all the usual problems associated with
handling archive files ("zip slip" and other very catchy names), so
please don't forget about th
For completeness, here's the Coverity output that we generated while
looking at this. The handful of FORWARD_NULL checks looks like Coverity
not understanding golang, but the handful of cases of: "Passing null
pointer "res" to "CheckResponse", which dereferences it." that I
inspected all looked lik
I've landed 20210218.00-0ubuntu1 in Hirsute in the meantime.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891934
Title:
[MIR] google-osconfig-agent
To manage notifications about this bug go to:
h
@Seth - this seems to be re-reviewed if the new state is now sufficient
to get your Ack.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891934
Title:
[MIR] google-osconfig-agent
To manage notificat
The package landed properly in Hirsute, as 20210209.00-0ubuntu1.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891934
Title:
[MIR] google-osconfig-agent
To manage notifications about this bug go t
I've just uploaded 20210209.00-1 to maybe I can reupload it with
-0ubuntu1, but the content will be the same.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891934
Title:
[MIR] google-osconfig-agent
I worked on addressing a number of the concerns in the "Software Recipe"
section of the agent, this included the File IO concerns as well as a number of
unchecked errors and other issues. We are currently testing a new stable
release containing these changes.
There was some concern around the ar
** Changed in: google-osconfig-agent (Ubuntu)
Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891934
Title:
[MIR] google-osconfig
@seth-arnold
Thank you for the preliminary review.
I've fixed the "$1" in the packaging repo, but I'm not uploading just
that change because dpkg always sets $1 for postrm.
The lintian errors and warnings are invalid, the package build-depends on
debhelper-compat
https://lintian.debian.org/tags
** Changed in: google-osconfig-agent (Ubuntu)
Assignee: Balint Reczey (rbalint) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891934
Title:
[MIR] google-osconfig-agent
To mana
I reviewed google-osconfig-agent 20200625.00-0ubuntu2 as checked into groovy.
This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
There's far too much code here to provide detailed feedback.
google-osconfig-agent is a cloud-specific operating system management
Hello Igor, the security team has not forgotten this. Thanks.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891934
Title:
[MIR] google-osconfig-agent
To manage notifications about this bug go to:
For the record this main inclusion request is waiting for the Security
Team to review the package.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891934
Title:
[MIR] google-osconfig-agent
To manage
Ping?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891934
Title:
[MIR] google-osconfig-agent
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/google-osconfi
> - was the change debian/patches/0001-Disable-false-negative-DeepEqual-
check.patch upstreamed? I think we should understand why this is a False
positive for us and not for them in their environment (or they would
have removed it). Making the patch DEP-3 compliant would be appreciated
It became o
[Summary]
There are two pending questions that needs to be answered before getting the
MIR team ack. As those are quite minor, happy to pass the baton on to the
security team, but please, answer them before getting the final ACK.
Those are:
- was the change
debian/patches/0001-Disable-false-nega
The debug endpoint is only exposed if the binary is invoked with
-profile, during normal use no httpserver is exposed.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891934
Title:
[MIR] google-oscon
Just answering to Seth as I am probably more familiar than Balint on this:
Yes, this pprof import without alias is only done for one purpose: exposing
/debug/pprof endpoint (with default port, no password)
Would be good to ensure that this main.go file is used in the final
binary or if this is ju
Hello, gosec has reported a debug tool is enabled that sounds dangerous:
google-osconfig-agent-20200625.00/main.go:42] - G108 (CWE-200): Profiling
endpoint is automatically exposed on /debug/pprof (Confidence: HIGH, Severity:
HIGH)
41:
> 42: _ "net/http/pprof"
43:
Is this cor
** Changed in: google-osconfig-agent (Ubuntu)
Assignee: (unassigned) => Didier Roche (didrocks)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891934
Title:
[MIR] google-osconfig-agent
To mana
@seth-arnold I did not want to subcribe ~ubuntu-mir before the package
is ready, but now it is and I've subscribed them.
** Description changed:
- WIP, the package is in -proposed only yet
-
[Availability]
Google-osconfig-agent is in universe and only depends on packages provided in
main or
Balint, should ~ubuntu-mir be subscribed to this bug yet? Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891934
Title:
[MIR] google-osconfig-agent
To manage notifications about this bug go t
26 matches
Mail list logo
