[09:03] <lordievader> Good morning.
[10:52] <BluesKaj> Hiyas all
[11:51] <BluesKaj> had 3 bash update/upgrades thru proposed, but the vulnerability check still shows my system still tests positive
[11:51] <BluesKaj> some patch that is
[11:52] <elfy> not sure what's going on there - but it works here - what check are you using?
[11:53] <BluesKaj> elfy, this one,  env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"
[11:55] <BluesKaj> and this one, env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"
[11:56] <BluesKaj> both show "vulnerable"
[11:56] <lordievader> BluesKaj: Could you post those commands with their output?
[11:56] <elfy> http://pastebin.com/JRYFrVxz
[11:56] <elfy> working here
[11:58] <BluesKaj> lordievader, http://paste.kde.org/p2frrd02g
[12:00] <lordievader> Hmm, what version of bash are you running?
[12:00]  * lordievader reboots to Utopic to mess with stuff.
[12:05] <BluesKaj> lordievader, bash 4.3-9ubuntu4 in muon , bash --version the terminal shows: http://paste.kde.org/pdgglrqxj
[12:06] <lordievader> 4.3.0? My Trusty install notes 4.3.11. elfy what version of bash do you have on Utopic? (My Utopic is outdated)
[12:08] <lordievader> Ah I think he has just updated Bash, my version on Utopic reads: 4.3.24
[12:08] <lordievader> While I do have the same package version number...
[12:13] <elfy> Installed: 4.3-9ubuntu4
[12:14] <lordievader> elfy: And the 'bash --version' version?
[12:14] <elfy> version 4.3.24(1)-release
[12:15] <lordievader> Right, BluesKaj I think that is the problem.
[12:18] <BluesKaj> obviously the patches aren't properly installed, but why?
[12:19] <lordievader> BluesKaj: Have you reinstalled bash?
[12:19] <elfy> did you restart terminal
[12:19] <lordievader> Also what is the output of "apt-cache policy bash"?
[12:20] <elfy> it'll be bash 4.3-9ubuntu4
[12:20] <BluesKaj> it shows as installed in muon
[12:21] <BluesKaj> apt-cache policy bash shows : Installed: 4.3-9ubuntu4
[12:22] <lordievader> BluesKaj: I'd like to see the full output, please.
[12:23] <BluesKaj> http://paste.kde.org/pogk8eevm
[12:23] <BluesKaj> it's all there
[12:24] <BluesKaj> looks properly installed
[12:24] <lordievader> Hmm, should be fine indeed. Have you reinstalled bash? That might solve it...
[12:25] <elfy> the kubuntu daily is right
[12:26] <lordievader> Hehe, some gtk thing is trying to tell me my installation is broken...
[12:26] <BluesKaj> installed --reinstalled bash , but the vulnerability test still shows "vulnerable" :/
[12:27] <Daekdroom> No test shows vulnerable for me o.o
[12:33] <BluesKaj> rebooting didn't help
[12:33] <BluesKaj> something must be blocking it
[12:44] <lordievader> Yayy, my Utopic is revived :D
[13:05] <BluesKaj> I must have the wrong proposed repos, because this makes no sense, I just purged and then reinstalled bash, but I still get the GNU bash, version 4.3.0(1)-release
[13:07] <BluesKaj> can someone with proposed pastebin the debs from their sources.list please
[13:18] <lordievader> BluesKaj: Err, having proposed with a high priority is a really bad idea.
[13:21] <BluesKaj> lordievader, I know that =, but what choice do i have if the only repos that has the correct bash patches are in porposed?
[13:22] <lordievader> Main has it too. I don't have proposed enabled and bash is the newest version. (Not vunerable)
[13:23] <BluesKaj> ok so the advice got was wrong then about adding proposed
[13:23] <BluesKaj> I'll dump them
[13:23] <lordievader> Maybe at that time it was still in proposed.
[13:23] <elfy> I've not updated from proposed today either, only did that the first upgrade of bash
[13:24] <elfy> when I did it thursday or friday they were proposed
[13:25] <Daekdroom> BluesKaj, are you using a mirror?
[13:25] <Daekdroom> I mean, a repository mirror.
[13:25] <Daekdroom> Or are you connecting to the main one?
[13:25] <elfy> there are only grub and usb-modeswitch in proposed currently
[13:26] <BluesKaj> using a .ca mirror , Daekdroom
[13:26] <Daekdroom> The mirror might not be up to date
[13:26] <Daekdroom> There's a Launchpad page to check for that, but I don't remember how to access it.
[13:26] <elfy> https://launchpad.net/ubuntu/+archivemirrors
[13:28] <BluesKaj> Daekdroom yeah <I've been searching launch pad for the bash patches, but it's sorely lacking in info about such an important package ...as if they don't take it seriously
[13:28] <elfy> BluesKaj: they've released the updates
[13:29] <BluesKaj> I'm using the U of Waterloo mirror in Canada which is listed as up to date
[13:29] <lordievader> BluesKaj: https://launchpad.net/ubuntu/+source/bash/4.3-9ubuntu4
[13:29] <lordievader> See the first bit of the changelog...
[13:30] <lordievader> LP is quite sufficient in the info it gives.
[13:33] <BluesKaj> lordievader, already have the 4.3-9ubuntu4 installed
[13:33] <BluesKaj> but my bash version is old
[13:34] <BluesKaj> so the patch isn't applied.  That's what it looks like to me
[13:34] <lordievader> BluesKaj: What is the output of: which bash
[13:35] <BluesKaj>  /usr/local/bin/bash
[13:36] <lordievader> Not /bin/bash? Wut? Here it is /bin/bash
[13:37] <lordievader> Likely that /usr/local/bin/bash is an old version. Does /bin/bash exist?
[13:38] <BluesKaj> heh /usr/local/bin/bash is empty
[13:39] <BluesKaj> and so is /bin/bash
[13:39] <BluesKaj> both are empty
[13:40] <lordievader> Empty?
[13:40] <BluesKaj> yes , nothing there
[13:40] <maxb> That seems highly implausible
[13:40] <lordievader> This is getting wierder and wierder...
[13:41] <maxb> BluesKaj: Please paste the output of 'md5sum /bin/bash /usr/local/bin/bash' because I'm having a hard time believing "empty" :-)
[13:42] <elfy> whereis bash
[13:42] <BluesKaj> bash is in /bin tho
[13:42] <elfy> ok
[13:45] <BluesKaj> lordievader, http://paste.kde.org/pgw2x2yka
[13:45] <lordievader> So they do exist... both of them.
[13:46] <BluesKaj>  the md5 sums are different
[13:46] <maxb> Those are not the md5sums of an empty file
[13:46] <lordievader> maxb: ^
[13:46] <maxb> So, now we've proved they are not empty..... :-)
[13:47] <elfy> BluesKaj: you must have done something to have /usr/local/bin/bash
[13:47] <BluesKaj> yeah, I know they're installed , but not working
[13:48] <lordievader> BluesKaj: what does /bin/bash --version give?
[13:48] <BluesKaj> yeah i compiled a patch that someone gave me a couple days ago. it may have ended up in usr/local then
[13:49] <lordievader> Would've been helpfull if you mentioned that sooner.
[13:49] <BluesKaj> lordievader, aha , it's the correct version GNU bash, version 4.3.24(1)-release
[13:50] <BluesKaj> lordievader, i deleted it, but as usual there were leftovers
[13:51] <lordievader> Hence the "don't compile" policy of Ubuntu ;)
[13:52] <elfy> chsh -s /bin/bash I think
[13:52] <lordievader> Or ofcourse have a proper package manager if you do compile (portage :D)
[13:53] <lordievader> BluesKaj: Also if you do find the need to compile stuff, let it put its files in /opt. Keeps a good overview.
[13:54] <BluesKaj> yeah I haven't compiled for a long time
[14:00] <BluesKaj> or in a long time rather
[14:03] <BluesKaj> it's still looking for bash in /usr/local
[14:04] <lordievader> BluesKaj: Do you remember how you compiled/removed it?
[14:18] <maxb>  /usr/local is a perfectly reasonable place to put self-compiled stuff - it's exactly what it's there for
[14:18] <maxb> Of course, it helps if you remember what you've put there
[14:22] <BluesKaj> ok thanks gents, bash problem solved, no longer vulnerable
[14:23] <lordievader> BluesKaj: Congratulations.
[14:25] <BluesKaj> heh, don't understand why compiling in the current dir didn't place the bash patch in /usr/bin tho. One would think that would be default
[14:26] <lordievader> It is placed in whatever you tell it to place it in. Or if it is unset the default is used. And the default may not be Ubuntu's location.
[14:28] <BluesKaj> that's what I meant, if bash itself is by default installed in /usr/bin on ubuntu then it should follow that make install would point it to /usr/bin ..just makes sense to me
[14:30] <BluesKaj> I assumed , but it's been a long time since i compiled anything so I suffered the consequences, but thanks to your help all seems fine now, lordievader :)
[14:31] <maxb> BluesKaj: Not at all, that makes no sense
[14:31] <maxb> Well behaved source tarballs will always default to installing in /usr/local because that's the proper place for locally compiled stuff to go
[14:32] <maxb> The /usr tree excepting /usr/local is reserved for the system package manager, i.e. official .deb packages
[14:32] <lordievader> Besides that, different distro's have different ideas of where things need to go.
[14:32] <BluesKaj> maxb, ok well I'll refrain from compiling in the future
[14:32] <maxb> That's true, but the essence of /usr/local is specified in the Filesystem Hierarchy Standard, a codification of cross-distro practices
[14:33] <BluesKaj> maxb, never mind the codification blah blah ...who reads that anyway :)
[14:33] <maxb> Sensible people
[14:34] <lordievader> Hehe ;)
[14:34] <BluesKaj> if you know that it's sensible only
[14:35] <BluesKaj> another geek troll calling people names
[14:35] <BluesKaj> anywayntime to fix the desktop
[15:04] <BluesKaj> ok, desktop is fixed now as well... learned my lesson about compiling ...one can't assume the installation will follow the same path as apt-get or the package manager
[15:29] <BluesKaj> hey penguin42
[15:32] <penguin42> Hey BK
[15:46] <BluesKaj> debating openwrt for the router, dunno if it's worth the trouble
[15:50] <penguin42> it depends how much your existing firmware annoys you
[15:58] <BluesKaj> it really doesn't, but it was recommended to me by ppl I respect, but I've never flashed a device other than my pc BIOS before
[16:02] <penguin42> ok, so the only thing to be aware of is you can really brick it; make very sure that the firmware you download is really for exactly the model of device you have (not the one from the previous year with the same name etc)
[16:11] <BluesKaj> yeah, that's exactly what concerns me ..hence the reluctance
[16:12] <BluesKaj> TP-Link WDR-3600/N600 router
[18:24] <ESource5> CAN I USE THE BETA VERSION AS EVERYDAY USE?
[18:42] <Nothing_Much> Hi everyone
[18:47] <penguin42> hey
[21:49] <twirm> I'm having some trouble with apparmor profiles when launching docker containers after upgrading to utopic
[21:50] <twirm> Can anyone give me a hand with this?
[21:51] <jtaylor> depends whats the issue?
[21:54] <twirm> https://gist.github.com/twermund/8766e68bd0c1aadfbe2e
[21:54] <twirm> I get that error when I run `sudo docker run ubuntu`
[21:55] <jtaylor> anything interesting in the system logs?
[21:56] <twirm> Is there a specific log I should look at?
[21:56] <twirm> I don't really know if the problem is coming from docker or apparmor
[21:56] <jtaylor> dmesg is a start
[21:58] <twirm> it looks like the docker daemon (docker0) switches from a forwarding mode to diabled mode
[21:59] <twirm> https://gist.github.com/twermund/e57fea46cd101f14b260
[22:00] <jtaylor> hm no idea, I don't know docker well
[22:00] <twirm> okay, thanks for lending a hand
[22:00] <twirm> I'm trying to get this stuff answered in #docker