[Touch-packages] [Bug 1683884] Re: openresolv is less crippled than debian-resolvconf for security-focused configurations
Well no, Ubuntu is not undecided. We use the systemd implementation of the resolvconf interfaces now, which works directly with resolved. If there are features missing there, a task should be opened against systemd to discuss. ** Changed in: resolvconf (Ubuntu) Status: Confirmed => Invalid ** Changed in: resolvconf (Ubuntu) Status: Invalid => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to resolvconf in Ubuntu. https://bugs.launchpad.net/bugs/1683884 Title: openresolv is less crippled than debian-resolvconf for security- focused configurations Status in resolvconf package in Ubuntu: Won't Fix Bug description: Ubuntu relies on Debian's own "resolvconf" which is vastly inferior to Openresolv and makes it impossible to securely set up DNS servers for ephemeral secure tunnel interfaces. Specifically, Debian's "resolvconf" relies on a hard coded list of interface templates. For virtual interfaces or renamed interfaces -- such as those used for creating secure tunnels -- the DNS entries will be lowest priority. This means it's not possible to override the current DNS with a DNS bound to particular arbitrarily-named interface. In other words, Debian's "resolvconf" explicitly ties interface naming templates to interface metrics. Openresolv has the `-m` option for this. Using `-m 0` will give an interface's DNS servers top priority. Secondly, and importantly, Debian's "resolvconf" does not support the `-x` option, which specifies that a DNS servers of an interface should be the _exclusive_ servers in use. This option is necessary to prevent leaking DNS queries over another interface. Even with the aforementioned `-m 0` option, an attacker could DoS the top priority DNS server in order to leak queries to the second priority DNS server. Openresolv's `-x` option fixes this, by allowing marking an interface as having "exclusive" control over DNS. Therefore, I'd suggest that either: a) Ubuntu switch to using Openresolv by default instead of its own "resolvconf". The openresolv package already "Provides: resolvconf",so it should be a drop-in replacement; or b) Debian's "resolvconf" backport these useful and necessary features from Openresolv. For my specific usage, the recommendation in https://bugs.launchpad.net/ubuntu/+source/resolvconf/+bug/1680811 might work as a fix for the `-m 0` issue, but it is less than ideal and does accomplish `-x`. Therefore, I recommend doing either (a) or (b), preferably (a). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/resolvconf/+bug/1683884/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2035009] [NEW] gdb internal error sect_index_text not initialized when examining teamviewer
Public bug reported: TeamViewer is unstable and exits with a coredump on Jammy. When trying to analyze the core file using GDB 12 (debuginfod client enabled), after downloading symbols for libGL.so.1 GDB throws an internal error sect_index_text. Affected GDB version Ubuntu 12.1-0ubuntu1~22.04, TeamViewer version is 15.45.3. Sorry that I cannot provide core file (it contain my account info), but you can try to reproduce yourself on a Jammy system. Backtrace: $ gdb -e /opt/teamviewer/tv_bin/TeamViewer -c /path/to/corefile Downloading 0.21 MB separate debug info for /lib/x86_64-linux-gnu/libGL.so.1 /build/gdb-ZgDh0V/gdb-12.1/gdb/objfiles.h:462: internal-error: sect_index_text not initialized A problem internal to GDB has been detected, further debugging may prove unreliable. - Backtrace - 0x564b9ca36077 ??? 0x564b9cd9aa64 ??? 0x564b9cd9aca0 ??? 0x564b9ceea0e4 ??? 0x564b9caf26a7 ??? 0x564b9cb265cd ??? 0x564b9cb26df1 ??? 0x564b9cd1202a ??? 0x564b9cd18c2a ??? 0x564b9ccee154 ??? 0x564b9ccefabb ??? 0x564b9cb9234b ??? 0x564b9caa53de ??? 0x564b9cbf59f5 ??? 0x564b9cbf7415 ??? 0x564b9cbf804e ??? 0x564b9c98e15f ??? 0x7fa884b60d8f __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 0x7fa884b60e3f __libc_start_main_impl ../csu/libc-start.c:392 0x564b9c993bf4 ??? 0x ??? - /build/gdb-ZgDh0V/gdb-12.1/gdb/objfiles.h:462: internal-error: sect_index_text not initialized Repeated for several times, sometimes GDB just throws an internal error after downloading debuginfo for something else, but the error message is the same. Tried to generate a more complete backtrace, no good. There isn't a debuginfo package for this particular GDB version! Help wanted on generating backtraces for GDB. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: gdb 12.1-0ubuntu1~22.04 Uname: Linux 6.1.52-x64v4-xanmod1 x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: ubuntu:GNOME Date: Sun Sep 10 06:08:58 2023 SourcePackage: gdb UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.logrotate.d.apport: 2023-09-06T01:56:55.105957 ** Affects: gdb (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 devel jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdb in Ubuntu. https://bugs.launchpad.net/bugs/2035009 Title: gdb internal error sect_index_text not initialized when examining teamviewer Status in gdb package in Ubuntu: New Bug description: TeamViewer is unstable and exits with a coredump on Jammy. When trying to analyze the core file using GDB 12 (debuginfod client enabled), after downloading symbols for libGL.so.1 GDB throws an internal error sect_index_text. Affected GDB version Ubuntu 12.1-0ubuntu1~22.04, TeamViewer version is 15.45.3. Sorry that I cannot provide core file (it contain my account info), but you can try to reproduce yourself on a Jammy system. Backtrace: $ gdb -e /opt/teamviewer/tv_bin/TeamViewer -c /path/to/corefile Downloading 0.21 MB separate debug info for /lib/x86_64-linux-gnu/libGL.so.1 /build/gdb-ZgDh0V/gdb-12.1/gdb/objfiles.h:462: internal-error: sect_index_text not initialized A problem internal to GDB has been detected, further debugging may prove unreliable. - Backtrace - 0x564b9ca36077 ??? 0x564b9cd9aa64 ??? 0x564b9cd9aca0 ??? 0x564b9ceea0e4 ??? 0x564b9caf26a7 ??? 0x564b9cb265cd ??? 0x564b9cb26df1 ??? 0x564b9cd1202a ??? 0x564b9cd18c2a ??? 0x564b9ccee154 ??? 0x564b9ccefabb ??? 0x564b9cb9234b ??? 0x564b9caa53de ??? 0x564b9cbf59f5 ??? 0x564b9cbf7415 ??? 0x564b9cbf804e ??? 0x564b9c98e15f ??? 0x7fa884b60d8f __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 0x7fa884b60e3f __libc_start_main_impl ../csu/libc-start.c:392 0x564b9c993bf4 ??? 0x ??? - /build/gdb-ZgDh0V/gdb-12.1/gdb/objfiles.h:462: internal-error: sect_index_text not initialized Repeated for several times, sometimes GDB just throws an internal error after downloading debuginfo for something else, but the error message is the same. Tried to generate a more complete backtrace, no good. There isn't a debuginfo package for this particular GDB version! Help wanted on generating backtraces for GDB. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: gdb 12.1-0ubuntu1~22.04 Uname: Linux 6.1.52-x64v4-xanmod1 x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: ubuntu:GNOME Date: Sun Sep 10 06:08:58 2023 SourcePackage: gdb
[Touch-packages] [Bug 1683884] Re: openresolv is less crippled than debian-resolvconf for security-focused configurations
Wow, it's been 6yrs and Ubuntu is still undecided? =) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to resolvconf in Ubuntu. https://bugs.launchpad.net/bugs/1683884 Title: openresolv is less crippled than debian-resolvconf for security- focused configurations Status in resolvconf package in Ubuntu: Confirmed Bug description: Ubuntu relies on Debian's own "resolvconf" which is vastly inferior to Openresolv and makes it impossible to securely set up DNS servers for ephemeral secure tunnel interfaces. Specifically, Debian's "resolvconf" relies on a hard coded list of interface templates. For virtual interfaces or renamed interfaces -- such as those used for creating secure tunnels -- the DNS entries will be lowest priority. This means it's not possible to override the current DNS with a DNS bound to particular arbitrarily-named interface. In other words, Debian's "resolvconf" explicitly ties interface naming templates to interface metrics. Openresolv has the `-m` option for this. Using `-m 0` will give an interface's DNS servers top priority. Secondly, and importantly, Debian's "resolvconf" does not support the `-x` option, which specifies that a DNS servers of an interface should be the _exclusive_ servers in use. This option is necessary to prevent leaking DNS queries over another interface. Even with the aforementioned `-m 0` option, an attacker could DoS the top priority DNS server in order to leak queries to the second priority DNS server. Openresolv's `-x` option fixes this, by allowing marking an interface as having "exclusive" control over DNS. Therefore, I'd suggest that either: a) Ubuntu switch to using Openresolv by default instead of its own "resolvconf". The openresolv package already "Provides: resolvconf",so it should be a drop-in replacement; or b) Debian's "resolvconf" backport these useful and necessary features from Openresolv. For my specific usage, the recommendation in https://bugs.launchpad.net/ubuntu/+source/resolvconf/+bug/1680811 might work as a fix for the `-m 0` issue, but it is less than ideal and does accomplish `-x`. Therefore, I recommend doing either (a) or (b), preferably (a). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/resolvconf/+bug/1683884/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1837537] Re: FTBFS since lxc has different version numbers in Debian and Ubuntu
The epoch was added to lxc. lxc-lua seems to have built successfully. And since then the delta was dropped when a new version of lxc-lua was synced from Debian (https://bugs.launchpad.net/ubuntu/+source/lua-lxc/1:3.0.2-2) ** Changed in: lua-lxc (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1837537 Title: FTBFS since lxc has different version numbers in Debian and Ubuntu Status in lua-lxc package in Ubuntu: Fix Released Status in lxc package in Ubuntu: Fix Released Bug description: The lua-lxc [1] package currently fails to build since it cannot satisfy the build dependency: lxc-dev (>= 1:3.0.2-1~exp+1). Looks like this is caused by different version numbers in Debian and Ubuntu. The latest version in Debian unstable is 1:3.1.0+really3.0.3-8 while Ubuntu eoan has 3.0.3-0ubuntu1. I believe the 1: epoch (?) is causing this issue. Presumably lua-lxc needs to be patched to allow the Ubuntu package to fulfill the build requirements. [1] https://bugs.launchpad.net/ubuntu/+source/lua-lxc/1:3.0.2-1 [2] https://bugs.launchpad.net/ubuntu/+source/lua-lxc/1:3.0.2-1/+build/16664061 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lua-lxc/+bug/1837537/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1956126] Re: xorg metapackage depends on x11-apps and xorg-docs-core
** Also affects: ubuntu-meta (Ubuntu) Importance: Undecided Status: New ** Summary changed: - xorg metapackage depends on x11-apps and xorg-docs-core + Why is the full xorg package being installed in Mantic? ** Tags removed: ubuntu-22.04 ** Tags added: bloat lunar mantic ** Description changed: - xorg, a required dependency of ubuntu-desktop and ubuntu-desktop-minimal - requires the package x11-apps. Currently Ubuntu 22.04 Jammy defaults to - Wayland. These applications are ancient and now most people won't even - be using X11, much less these example applications. Why are x11-apps - going to be required in April of 2022? + xorg is a required dependency of ubuntu-desktop and ubuntu-desktop- + minimal. It requires the package x11-apps and xorg-docs-core. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubuntu. https://bugs.launchpad.net/bugs/1956126 Title: Why is the full xorg package being installed in Mantic? Status in ubuntu-meta package in Ubuntu: New Status in xorg package in Ubuntu: Triaged Bug description: xorg is a required dependency of ubuntu-desktop and ubuntu-desktop- minimal. It requires the package x11-apps and xorg-docs-core. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/1956126/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2034996] [NEW] Mantic amd64 daily ISO also installs i386 packages
Public bug reported: Mantic amd64 daily ISO installed these i386 packages libgcc-s1:i386 gcc-13-base:i386 libc6:i386 libcap2:i386 libcom-err2:i386 libdbus-1-3:i386 libgamemode0:i386 libgamemodeauto0:i386 libgcrypt20:i386 libgpg-error0:i386 libgssapi-krb5-2:i386 libidn2-0:i386 libk5crypto3:i386 libkeyutils1:i386 libkrb5-3:i386 libkrb5support0:i386 liblz4-1:i386 liblzma5:i386 libnsl2:i386 libnss-nis:i386 libnss- nisplus:i386 libssl3:i386 libsystemd0:i386 libtirpc3:i386 libunistring2:i386 libzstd1:i386 ** Affects: ubuntu-meta (Ubuntu) Importance: Undecided Status: New ** Tags: bloat mantic packaging -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/2034996 Title: Mantic amd64 daily ISO also installs i386 packages Status in ubuntu-meta package in Ubuntu: New Bug description: Mantic amd64 daily ISO installed these i386 packages libgcc-s1:i386 gcc-13-base:i386 libc6:i386 libcap2:i386 libcom- err2:i386 libdbus-1-3:i386 libgamemode0:i386 libgamemodeauto0:i386 libgcrypt20:i386 libgpg-error0:i386 libgssapi-krb5-2:i386 libidn2-0:i386 libk5crypto3:i386 libkeyutils1:i386 libkrb5-3:i386 libkrb5support0:i386 liblz4-1:i386 liblzma5:i386 libnsl2:i386 libnss- nis:i386 libnss-nisplus:i386 libssl3:i386 libsystemd0:i386 libtirpc3:i386 libunistring2:i386 libzstd1:i386 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/2034996/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2006669] Re: Asynchronous wait on fence ... timed out (hint:intel_atomic_commit_ready [i915])
Hi julien, the issue was already fixed, make sure to use Ubuntu 22.04 or 23.04 and apply all updates. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mesa in Ubuntu. https://bugs.launchpad.net/bugs/2006669 Title: Asynchronous wait on fence ... timed out (hint:intel_atomic_commit_ready [i915]) Status in mesa package in Ubuntu: Fix Released Status in mesa source package in Jammy: Fix Released Status in mesa source package in Kinetic: Won't Fix Status in mesa source package in Lunar: Fix Released Bug description: GUI hard lock during zoom session and gnome-terminal kern.log shows a mix of errors __ kernel: [ 3627.948545] Asynchronous wait on fence :00:02.0:gnome-shell[4236]:40810 timed out (hint:intel_atomic_commit_ready [i915]) kernel: [ 3631.063832] i915 :00:02.0: [drm] GPU HANG: ecode 12:1:85db, in chrome [5521] kernel: [ 3631.064218] i915 :00:02.0: [drm] Resetting chip for stopped heartbeat on rcs0 kernel: [ 3631.165642] i915 :00:02.0: [drm] chrome[5521] context reset due to GPU hang kernel: [ 3631.165719] i915 :00:02.0: [drm] GuC firmware i915/adlp_guc_70.1.1.bin version 70.1 kernel: [ 3631.165725] i915 :00:02.0: [drm] HuC firmware i915/tgl_huc_7.9.3.bin version 7.9 kernel: [ 3631.187377] i915 :00:02.0: [drm] HuC authenticated kernel: [ 3631.187670] i915 :00:02.0: [drm] GuC submission enabled kernel: [ 3631.187672] i915 :00:02.0: [drm] GuC SLPC enabled ___ I suspect this issue to be upstream: https://gitlab.freedesktop.org/mesa/mesa/-/issues/7755 upstream commit: https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/20169/commits?commit_id=b9403b1c477e7af04114ae6a4e16ca370e22253c#d6ffde011ad32c6371611e7d64affaeb21b6b217 Reproducer: Although I don't have my own reproducer, the upstream mesa reproducer does trigger a hang on my machine. Upstream Reproducer: Open https://kartikmandhang.netlify.app/ when it loads, you will see pikachu. Press "S", he will go back. My whole system freezes from this in Wayland, regardless of the browser. Kernel: 6.0.0-1008-oem Mesa: 22.2.5-0ubuntu0.1~22.04.1 ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: libgl1-mesa-dri 22.2.5-0ubuntu0.1~22.04.1 ProcVersionSignature: Ubuntu 6.0.0-1008.8-oem 6.0.9 Uname: Linux 6.0.0-1008-oem x86_64 ApportVersion: 2.20.11-0ubuntu82.3 Architecture: amd64 BootLog: Error: [Errno 13] Permission denied: '/var/log/boot.log' CasperMD5CheckResult: pass CompositorRunning: None CurrentDesktop: ubuntu:GNOME Date: Wed Feb 8 21:40:19 2023 DistUpgraded: Fresh install DistroCodename: jammy DistroVariant: ubuntu ExtraDebuggingInterest: Yes, including running git bisection searches GraphicsCard: Intel Corporation Alder Lake-P Integrated Graphics Controller [8086:46a6] (rev 0c) (prog-if 00 [VGA controller]) Subsystem: Dell Device [1028:0b1a] Subsystem: Dell Device [1028:0b1a] InstallationDate: Installed on 2022-07-13 (211 days ago) InstallationMedia: Ubuntu-Server 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220421) MachineType: Dell Inc. Precision 5570 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-6.0.0-1008-oem root=/dev/mapper/ubuntu--vg-ubuntu--lv ro pcie_aspm=force quiet splash mem_sleep_default=deep vt.handoff=7 SourcePackage: mesa UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 11/21/2022 dmi.bios.release: 1.9 dmi.bios.vendor: Dell Inc. dmi.bios.version: 1.9.1 dmi.board.name: 03M8N5 dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 10 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvr1.9.1:bd11/21/2022:br1.9:svnDellInc.:pnPrecision5570:pvr:rvnDellInc.:rn03M8N5:rvrA00:cvnDellInc.:ct10:cvr:sku0B1A: dmi.product.family: Precision dmi.product.name: Precision 5570 dmi.product.sku: 0B1A dmi.sys.vendor: Dell Inc. version.compiz: compiz N/A version.libdrm2: libdrm2 2.4.113-2~ubuntu0.22.04.1 version.libgl1-mesa-dri: libgl1-mesa-dri 22.2.5-0ubuntu0.1~22.04.1 version.libgl1-mesa-glx: libgl1-mesa-glx 22.2.5-0ubuntu0.1~22.04.1 version.xserver-xorg-core: xserver-xorg-core 2:21.1.3-2ubuntu2.7 version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-2ubuntu1 version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.917+git20210115-1 version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.17-2build1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mesa/+bug/2006669/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post