Emanuele Gentili | 1 Feb 04:50 2008

ubuSecurity bot for paste advisory in realtime.


hello there,

in #ubuntu-hardened (alias #ubuntu-security) is avaiable a bot (nick
ubuSecurity) that paste in realtime CVE advisory, bugtraq advisory and
milw0rm POC.

USEGE: ubuSecurity paste in realtime CVE/bugtraq/milw0rm advisory. for
request old (3 post) use !cve, !bugtraq, !milw0rm

if someone is interested please join.  :)

I talked with Kees Cook about that, it's ok for all people?
If ok, please ask to freenode staff to put /ubuntu/bot/ubuSecurity
virtual host.

Cheers,

Emanuele 'emgent' Gentili
Justin M. Wray | 1 Feb 05:14 2008
Picon

Re: ubuSecurity bot for paste advisory in realtime.

You have my vote.

Thanks,
Justin M. Wray

Sent via BlackBerry by AT&T

-----Original Message-----
From: Emanuele Gentili <emgent@...>

Date: Fri, 01 Feb 2008 04:50:02 
To:ubuntu-motu <ubuntu-motu@...>
Cc:ubuntu-hardened@..., ubuntu-dev@...
Subject: ubuSecurity bot for paste advisory in realtime.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hello there,

in #ubuntu-hardened (alias #ubuntu-security) is avaiable a bot (nick
ubuSecurity) that paste in realtime CVE advisory, bugtraq advisory and
milw0rm POC.

USEGE: ubuSecurity paste in realtime CVE/bugtraq/milw0rm advisory. for
request old (3 post) use !cve, !bugtraq, !milw0rm

if someone is interested please join.  :)

I talked with Kees Cook about that, it's ok for all people?
(Continue reading)

Ubuntu Installer | 1 Feb 06:15 2008
Picon

New: wxformbuilder 3.0.54-0ubuntu1 (source)

NEW: wxformbuilder_3.0.54.orig.tar.gz
NEW: wxformbuilder_3.0.54-0ubuntu1.diff.gz
NEW: wxformbuilder_3.0.54-0ubuntu1.dsc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon,  2 Apr 2007 20:06:25 -0400
Source: wxformbuilder
Binary: wxformbuilder
Architecture: source
Version: 3.0.54-0ubuntu1
Distribution: hardy
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu@...>
Changed-By: Ryan Mulder <rjmyst3@...>
Description: 
 wxformbuilder - WYSIWYG GUI Designer and Code Generator for wxWidgets
Launchpad-Bugs-Fixed: 181412
Changes: 
 wxformbuilder (3.0.54-0ubuntu1) hardy; urgency=low
 .
   * Initial Release. (LP: #181412)
Files: 
 e90a04d298feb50dbcb62d0b00bcb06b 737 contrib/devel optional wxformbuilder_3.0.54-0ubuntu1.dsc
 9e2f505278cd9fca52f293e34b1eac5a 2338289 contrib/devel optional wxformbuilder_3.0.54.orig.tar.gz
 7d183e598ab06964b8bb223bb7d9d2fc 20 contrib/devel optional wxformbuilder_3.0.54-0ubuntu1.diff.gz
Original-Maintainer: Ryan Mulder <rjmyst3@...>

(Continue reading)

Ubuntu Installer | 1 Feb 02:25 2008
Picon

New: falconpl 0.8.8-0ubuntu1 (source)

NEW: falconpl_0.8.8.orig.tar.gz
NEW: falconpl_0.8.8-0ubuntu1.diff.gz
NEW: falconpl_0.8.8-0ubuntu1.dsc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 19 Jan 2008 00:06:23 +0100
Source: falconpl
Binary: libfalcon-engine1-dbg libfalcon-engine1 falconpl-dev falconpl-dbg falconpl
Architecture: source
Version: 0.8.8-0ubuntu1
Distribution: hardy
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu@...>
Changed-By: Giancarlo Niccolai <gc@...>
Description: 
 falconpl   - The Falcon P. L. - command line tools
 falconpl-dbg - The Falcon P. L. - debugging symbols
 falconpl-dev - The Falcon PL - development files
 libfalcon-engine1 - The Falcon Programming Language engine
 libfalcon-engine1-dbg - The Falcon P.L. engine - debugging symbols
Launchpad-Bugs-Fixed: 174470
Changes: 
 falconpl (0.8.8-0ubuntu1) hardy; urgency=low
 .
    * Initial release (LP: #174470)
Files: 
 0f1601aee5f376c3b12927a3c2cf47a6 825 interpreters optional falconpl_0.8.8-0ubuntu1.dsc
(Continue reading)

Ubuntu Installer | 1 Feb 01:05 2008
Picon

New: libnb-javaparser-java 6.0-0ubuntu1 (source)

NEW: libnb-javaparser-java_6.0.orig.tar.gz
NEW: libnb-javaparser-java_6.0-0ubuntu1.diff.gz
NEW: libnb-javaparser-java_6.0-0ubuntu1.dsc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 22 Jan 2008 10:00:00 +0100
Source: libnb-javaparser-java
Binary: libnb-javaparser-java
Architecture: source
Version: 6.0-0ubuntu1
Distribution: hardy
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu@...>
Changed-By: Marek Slama <marek.slama@...>
Description: 
 libnb-javaparser-java - Parser for the Java language which is good for use in tools
Launchpad-Bugs-Fixed: 185982
Changes: 
 libnb-javaparser-java (6.0-0ubuntu1) hardy; urgency=low
 .
   * Initial version. (LP: #185982)
Files: 
 555db598e99729cd4252311f1beb632b 811 libs optional libnb-javaparser-java_6.0-0ubuntu1.dsc
 c61307312ffe1d2e1f7273d63d7b43e5 986346 libs optional libnb-javaparser-java_6.0.orig.tar.gz
 f05b561327fc7f13ba922d57c601a1b3 2395 libs optional libnb-javaparser-java_6.0-0ubuntu1.diff.gz
Original-Maintainer: Marek Slama <marek.slama@...>

(Continue reading)

Mark Pierce | 1 Feb 11:23 2008
Picon

Problems with Tomcat, JDBC in Ubuntu

Hello,

In Ubuntu 6.10, kernel 2.6.17-10-server, java-1.5.0-sun, tomcat5.5, 5.5.17-1ubuntu1, postgresql-8.1 8.1.11-0ubuntu0.6.10.1, apache2  2.0.55-4ubuntu4.1, libapache2-mod-jk 1.2.18-1ubuntu1.1. This machine is a mirror of our production machine, thus the older versions.

When the service is called Tomcat throws an exception and refused to connect to Postgres at tcp/5432.

geoservices.database.library.LibraryDataException: SQLException Cannot create PoolableConnectionFactory (Something unusual has occured to cause the driver to fail. Please report this exception.)

However this only happens with the Ubuntu deb version of the Tomcat server and libraries. It works just fine on a version that we compile of the same version of Tomcat acquired from the Apache site.

A similar unsolved problem was reported at http://ubuntuforums.org/showthread.php?t=430133

If you want me to fill out an bug report/issue or to help in anyway in tracking down this problem, just let me know.

Mark Pierce
Blom SG
Valladolid, Spain
tel: +34 610 298 960

tail -50 /var/log/tomcat5.5/catalina_2008-01-30.log
______________________________________________________________________
QUERY GETLIBRARYDATA:select id_library, code, description, default_srid, xmin(box3d(Transform(libraries.geom,libraries.default_srid))) as minx, ymin(box3d(Transform(libraries.geom,libraries.default_srid))) as miny, xmax(box3d(Transform(libraries.geom,libraries.default_srid))) as maxx, ymax(box3d(Transform(libraries.geom,libraries.default_srid))) as maxy from libraries where (year >= 2005 and year <= 2007) and active = true and flight = 'demo' and dtm='default' and id_country=3 order by description
geoservices.database.library.LibraryDataException: SQLException Cannot create PoolableConnectionFactory (Something unusual has occured to cause the driver to fail. Please report this exception.)
        at geoservices.database.library.GetLibraryData.getLibraryPool(GetLibraryData.java:122)
        at geoservices.servlet.LibraryService.processRequest(LibraryService.java:105)
        at geoservices.servlet.LibraryService.doGet(LibraryService.java:40)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:275)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:245)
        at org.apache.catalina.core.ApplicationFilterChain.access$0(ApplicationFilterChain.java:177)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:152)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
        at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:199)
        at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:282)
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:754)
        at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:684)
        at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:876)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
        at java.lang.Thread.run(Thread.java:595)

<div><p>Hello,<br><br>In Ubuntu 6.10, kernel 2.6.17-10-server, java-1.5.0-sun, tomcat5.5, 5.5.17-1ubuntu1, postgresql-8.1 8.1.11-0ubuntu0.6.10.1, apache2&nbsp; 2.0.55-4ubuntu4.1, libapache2-mod-jk 1.2.18-1ubuntu1.1. This machine is a mirror of our production machine, thus the older versions.<br><br>When the service is called Tomcat throws an exception and refused to connect to Postgres at tcp/5432.<br><br>geoservices.database.library.LibraryDataException: SQLException Cannot
create PoolableConnectionFactory (Something unusual has occured to
cause the driver to fail. Please report this exception.)<br><br>However this only happens with the Ubuntu deb version of the Tomcat server and libraries. It works just fine on a version that we compile of the same version of Tomcat acquired from the Apache site.<br><br>A similar unsolved problem was reported at <a href="http://ubuntuforums.org/showthread.php?t=430133">http://ubuntuforums.org/showthread.php?t=430133</a><br><br>If you want me to fill out an bug report/issue or to help in anyway in tracking down this problem, just let me know.<br><br>Mark Pierce<br>Blom SG <br>Valladolid, Spain<br>tel: +34 610 298 960<br><br>tail -50 /var/log/tomcat5.5/catalina_2008-01-30.log<br>______________________________________________________________________<br>QUERY GETLIBRARYDATA:select id_library, code, description, default_srid, xmin(box3d(Transform(libraries.geom,libraries.default_srid))) as minx, ymin(box3d(Transform(libraries.geom,libraries.default_srid))) as miny, xmax(box3d(Transform(libraries.geom,libraries.default_srid))) as maxx, ymax(box3d(Transform(libraries.geom,libraries.default_srid))) as maxy from libraries where (year &gt;= 2005 and year &lt;= 2007) and active = true and flight = 'demo' and dtm='default' and id_country=3 order by description<br>
geoservices.database.library.LibraryDataException: SQLException Cannot create PoolableConnectionFactory (Something unusual has occured to cause the driver to fail. Please report this exception.)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at geoservices.database.library.GetLibraryData.getLibraryPool(GetLibraryData.java:122)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at geoservices.servlet.LibraryService.processRequest(LibraryService.java:105)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at geoservices.servlet.LibraryService.doGet(LibraryService.java:40)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at java.lang.reflect.Method.invoke(Method.java:585)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at java.security.AccessController.doPrivileged(Native Method)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:275)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:245)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.ApplicationFilterChain.access$0(ApplicationFilterChain.java:177)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at java.security.AccessController.doPrivileged(Native Method)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:152)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:199)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:282)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:754)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:684)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:876)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at java.lang.Thread.run(Thread.java:595)<br></p></div>
Daniel Holbach | 1 Feb 12:00 2008

Ubuntu Developer Week - Preparation


Hello everybody,

I'm pleased to let you know we're going to have an Ubuntu Developer
Week. We've planned it for Feb 18th to Feb 22nd.

In the spirit of Ubuntu Open Week we'll have 5x6 IRC sessions about
Ubuntu Development and how to get involved. Naturally this involves
Packaging 101 sessions, sessions about patching, how to do library
transitions, about everything on our TODO list, etc. etc.

It's our chance to very prominently and with great exposure talk about
what our team does, how people can involved and directly liaise with new
contributors that we so desperately need to get our work done. :-)

https://wiki.ubuntu.com/UbuntuDeveloperWeek/Prep is the current plan for
it and I'd appreciate if a lot of slots are taken soon. Let me know if
you need more information about it or if you need help scheduling your
session.

I hope you are as thrilled as I am and find this as useful as I do!

Have a nice day,
 Daniel
Vid Ayer | 1 Feb 13:31 2008
Picon

Re: Ubuntu Developer Week - Preparation

Hi,

On Feb 1, 2008 4:30 PM, Daniel Holbach <daniel.holbach@...> wrote:
>
> I'm pleased to let you know we're going to have an Ubuntu Developer
> Week. We've planned it for Feb 18th to Feb 22nd.

wow, great idea :)

[snip]

> I hope you are as thrilled as I am and find this as useful as I do!

:-D
/me hopes the irc timings dont clash and i miss interesting sessions

--

-- 
Vid
|| http://www.svaksha.com ||

Onkar Shinde | 1 Feb 14:56 2008
Picon

Phasing out redundant java compilers/runtimes

Hi all,

As per my discussion with ´persia´ on #ubuntu-motu channel I am
proposing here removal of redundant java compilers/runtimes. The focus
of this mail is sun-java5-* packages and kaffe.
Reasons for phasing out sun-java5-* and kaffe.
1. sun-java5-* packages are superceeded by sun-java6-* and any program
that runs with sun-java5-jre shgould also run with sun-java6-jre.
2. kaffe is quite outdated (correct me if I am wrong). The Free java
compiler of choice these days is GCJ, since icedtea is yet work in
progress and GCJ is quite mature.

The path to achive this should be as follows.
1. Find packages that have ´Build-Depends' or ´Build-Depends-Indep´ on
kaffee or sun-java5-jdk.
2. Try to build the packages with one of the GCJ
(java-gcj-compat-dev), sun-java6-jdk, icedtea-java7-jdk.
3. Once all the packages are migrated remove both kaffe and
sun-java5-* packages.

I am planning to complete this process in Hardy release cycle itself.

Please let me know your comments and suggestions.

Onkar
-- 
Passion - Some people climb mountains - others write Free software.
Don't ask why - the reason is the same.
--

-- 
Ubuntu-motu mailing list
Ubuntu-motu <at> lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu
Matt Zimmerman | 1 Feb 15:47 2008

Re: Security Team IRC Meeting 2007-01-30 20:00 UTC

On Tue, Jan 29, 2008 at 10:58:52AM -0800, Kees Cook wrote:
> Given all the updates that the MOTU-SWAT[1] team have been doing, the
> testing I'd like to help coordinate for hardened compiler options[2],
> the SELinux development work[3], new kernel features[4], and new projects
> that propose formally organizing a pentesting sub-team, there is clearly
> enough things going on specific to Ubuntu Security that I'd like to
> hold an official Security Team meeting on Wed 2007-01-30 at 20:00 UTC
> in #ubuntu-meeting.
> 
> I realize this is rather short notice, but I'd like to at least generate
> a roadmap and TODO list for future meetings.  :)

I didn't hear about this meeting until it had already happened...are there
minutes or logs available (MootBot perhaps?)?

--

-- 
 - mdz


Gmane