[Bug 1823074] Re: Adjust xenial d-i builds to only used signed kernel image
I see that this is a result of LP #1764794, I've adjusted my copy debian-installer source package to compensate (using bionic version as a template). This however, should be fixed for xenial if there is going to be another point release. ** Summary changed: - xenial 4.4.0-145 image udeb overwrites unsigned image + Adjust xenial d-i builds to only used signed kernel image ** Package changed: linux-signed (Ubuntu) => debian-installer (Ubuntu) ** Summary changed: - Adjust xenial d-i builds to only used signed kernel image + Adjust xenial d-i builds to only use signed kernel image -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823074 Title: Adjust xenial d-i builds to only use signed kernel image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debian-installer/+bug/1823074/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1823074] [NEW] xenial 4.4.0-145 image udeb overwrites unsigned image
Public bug reported: The payload in the xenial package kernel-signed-image-4.4.0-145-generic- di_4.4.0-145.171_amd64.udeb doesn't have the proper suffix and overwrites the unsigned version of the same kernel image: (from data.tar.xz from the package): ./ ./boot/ ./boot/vmlinuz-4.4.0-145-generic It should be ./ ./boot/ ./boot/vmlinuz-4.4.0-145-generic.efi.signed This was found while trying to build out a set of installer images via building the debian-installer source package from xenial ** Affects: linux-signed (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823074 Title: xenial 4.4.0-145 image udeb overwrites unsigned image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-signed/+bug/1823074/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1760713] Re: getlogin_r is performing NSS lookups when loginid isn't set
Would it be possible to get a backport of this to xenial as well? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1760713 Title: getlogin_r is performing NSS lookups when loginid isn't set To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1760713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1760713] [NEW] getlogin_r is performing NSS lookups when loginid isn't set
Public bug reported: For configurations that use networked naming services for passwd (in particular LDAP), processes that have no login UID, there are excessive delays when getlogin_r() is called. For such processes, /proc/self/loginid is set to a sentinel value (-1), when files is the only backend, or if nscd is running this returns quickly. However if ldap is configured as a backend for passwd, and nscd isn't being used (which for various political and economic reasons is not always feasible) network requests to the configured LDAP servers will occur which can slow down process creation enough to cause timeouts in parent processes in certain contexts. Good news, however, as this was recently fixed upstream by: https://sourceware.org/git/?p=glibc.git;a=commit;h=cc8a1620eb97ccddd337d157263c13c57b39ab71 ** Affects: glibc (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1760713 Title: getlogin_r is performing NSS lookups when loginid isn't set To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1760713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1760714] [NEW] getlogin_r is performing NSS lookups when loginid isn't set
Public bug reported: This the eglibc duplicate of https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1760713 (which is for glibc) For configurations that use networked naming services for passwd (in particular LDAP), processes that have no login UID, there are excessive delays when getlogin_r() is called. For such processes, /proc/self/loginid is set to a sentinel value (-1), when files is the only backend, or if nscd is running this returns quickly. However if ldap is configured as a backend for passwd, and nscd isn't being used (which for various political and economic reasons is not always feasible) network requests to the configured LDAP servers will occur which can slow down process creation enough to cause timeouts in parent processes in certain contexts. Good news, however, as this was recently fixed upstream by: https://sourceware.org/git/?p=glibc.git;a=commit;h=cc8a1620eb97ccddd337d157263c13c57b39ab71 ** Affects: eglibc (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1760714 Title: getlogin_r is performing NSS lookups when loginid isn't set To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1760714/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1716047] Re: rustc control file contains unsupported restriction formulas in control file
We use Ubuntu trusty directly for some custom corporate installation which uses germinate to construct an APT repository. If this is built automatically, then I'm confused as to the resistance to just respin the package without the incompatible schema in the control file. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1716047 Title: rustc control file contains unsupported restriction formulas in control file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1716047/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1716047] Re: rustc control file contains unsupported restriction formulas in control file
Right now we are stuck because we can't issue security updates internally because we can't construct our APT repository. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1716047 Title: rustc control file contains unsupported restriction formulas in control file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1716047/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1716047] Re: rustc control file contains unsupported restriction formulas in control file
Our builds use germinate to create a custom ISO installer. Germinate attempts to parse all of the index files from an APT repository including Sources. The rustc source package contains restriction formulas which are too new (read as: schema change) for germinate and/or python-apt to understand and it errors out. If anyone attempted to rebuild rustc using trusty using pbuilder, it won't work for the same reason. (This leads me to conclude that whomever built the binary rustc packages for this trusty backport did not do so on a trusty system). There are zero other content changes required, just removal of the unsupported restriction formulas in the Build-Depends* fields of the control file. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1716047 Title: rustc control file contains unsupported restriction formulas in control file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1716047/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1716047] Re: rustc control file contains unsupported restriction formulas in control file
This is a debdiff for Trusty applicable to 1.15.1+dfsg0-1~exp1ubuntu2~14.04.7. I built this in pbuilder (within the ubuntu:trusty docker container) and it builds successfully, and I installed it, the patch works as intended. ** Patch added: "1-1~exp1ubuntu2~14.04.7ubuntu1.debdiff" https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1716047/+attachment/4952467/+files/1-1~exp1ubuntu2~14.04.7ubuntu1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1716047 Title: rustc control file contains unsupported restriction formulas in control file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1716047/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1716047] Re: rustc control file contains unsupported restriction formulas in control file
** Summary changed: - rustc dsc Build-Depends breaks apt + rustc control file contains unsupported restriction formulas in control file -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1716047 Title: rustc control file contains unsupported restriction formulas in control file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1716047/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1716047] [NEW] rustc dsc Build-Depends breaks apt
Public bug reported: The trusty back port of the rustc source package breaks dependency computation using apt because it contains qualifiers in the Build- Depends that are not understood by the trusty version of apt. Build-Depends: debhelper (>= 9), rustc (>= 1.14.0+dfsg) [!powerpc], rustc (<= 1.15.1++) [!powerpc], autotools-dev, binutils-2.26, cmake3, curl, gperf, libedit-dev, llvm-3.9-dev (>= 1:3.9-5), llvm-3.9-tools (>= 1:3.9-5), python, zlib1g-dev, nodejs [!arm64] , valgrind , git , procps , libjs-jquery , antlr , bison , flex , default-jdk Build-Depends-Indep: libjs-jquery , pandoc (>= 1.9), po4a, texlive-xetex, texlive-latex-base, texlive-generic-recommended, texlive-fonts-recommended, lmodern Namely it's the "" and "" qualifiers. This is breaking our builds which run germinate which calls on APT to parse various APT files, include Sources (even though it doesn't actually use it): /usr/bin/germinate --no-rdepends -S file:///buildtree/germinate/seeds -s pure -a amd64 -c main,universe -d trusty,trusty-updates,trusty-security -m http://apt-svc.redacted.example.com/trusty/trusty-20170615 rm: cannot remove ‘*’: No such file or directory Downloading http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/main/binary-amd64/Packages.bz2 file ... Decompressing http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/main/binary-amd64/Packages.bz2 file ... Downloading http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/main/source/Sources.bz2 file ... Decompressing http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/main/source/Sources.bz2 file ... Downloading http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/main/debian-installer/binary-amd64/Packages.bz2 file ... Decompressing http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/main/debian-installer/binary-amd64/Packages.bz2 file ... Downloading http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/universe/binary-amd64/Packages.bz2 file ... Decompressing http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/universe/binary-amd64/Packages.bz2 file ... Downloading http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/universe/source/Sources.bz2 file ... Decompressing http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/universe/source/Sources.bz2 file ... Downloading http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/universe/debian-installer/binary-amd64/Packages.bz2 file ... Decompressing http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/universe/debian-installer/binary-amd64/Packages.bz2 file ... Downloading http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty-updates/main/binary-amd64/Packages.bz2 file ... Decompressing http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty-updates/main/binary-amd64/Packages.bz2 file ... Downloading http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty-updates/main/source/Sources.bz2 file ... Decompressing http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty-updates/main/source/Sources.bz2 file ... Downloading http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty-updates/main/debian-installer/binary-amd64/Packages.bz2 file ... Downloading http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty-updates/main/debian-installer/binary-amd64/Packages.gz file ... Downloading http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty-updates/main/debian-installer/binary-amd64/Packages file ... Missing installer Packages file for main (ignoring) Downloading http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty-updates/universe/binary-amd64/Packages.bz2 file ... Decompressing http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty-updates/universe/binary-amd64/Packages.bz2 file ... Downloading http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty-updates/universe/source/Sources.bz2 file ... Decompressing http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty-updates/universe/source/Sources.bz2 file ... Traceback (most recent call last): File "/usr/bin/germinate", line 35, in main(sys.argv) File "/usr/lib/python3/dist-packages/germinate/scripts/germinate_main.py", line 119, in main g.parse_archive(archive) File "/usr/lib/python3/dist-packages/germinate/germinator.py", line 512, in parse_archive self._parse_source(section) File "/usr/lib/python3/dist-packages/germinate/germinator.py", line 497, in _parse_source self._sources[src][field] = self._parse_src_depends(value) File "/usr/lib/python3/dist-packages/germinate/germinator.py", line 473, in _parse_src_depends return apt_pkg.parse_src_depends(value, False) ValueError: Problem
[Bug 1635360] Re: res_query.c:262: __libc_res_nquery: Assertion
Ping: has anyone looked at this ticket yet? It seems like a trivial fix to incorporate into eglibc. Thanks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1635360 Title: res_query.c:262: __libc_res_nquery: Assertion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1635360/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1635360] [NEW] res_query.c:262: __libc_res_nquery: Assertion
Public bug reported: Debian report https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816669 Upstream report https://sourceware.org/bugzilla/show_bug.cgi?id=19791 Whenever, in resolv.conf, there are both IPv6 and IPv4 server entries and either protocol is not routable on a system, resolv throws an assertion: res_query.c:262: __libc_res_nquery: Assertion `(hp != ((void *)0)) && (hp2 != ((void *)0))' failed. This problem was introduced as a side-effect of patching CVE-2015-7547. There is a fix upstream: commit 10d268070a8aa9a878668e7f060e92ed668de146 Author: Florian WeimerDate: Fri Mar 25 11:49:51 2016 +0100 resolv: Always set *resplen2 out parameter in send_dg [BZ #19791] Since commit 44d20bca52ace85850012b0ead37b360e3ecd96e (Implement second fallback mode for DNS requests), there is a code path which returns early, before *resplen2 is initialized. This happens if the name server address is immediately recognized as invalid (because of lack of protocol support, or if it is a broadcast address such 255.255.255.255, or another invalid address). If this happens and *resplen2 was non-zero (which is the case if a previous query resulted in a failure), __libc_res_nquery would reuse an existing second answer buffer. This answer has been previously identified as unusable (for example, it could be an NXDOMAIN response). Due to the presence of a second answer, no name server switching will occur. The result is a name resolution failure, although a successful resolution would have been possible if name servers have been switched and queries had proceeded along the search path. The above paragraph still simplifies the situation. Before glibc 2.23, if the second answer needed malloc, the stub resolver would still attempt to reuse the second answer, but this is not possible because __libc_res_nsearch has freed it, after the unsuccessful call to __libc_res_nquerydomain, and set the buffer pointer to NULL. This eventually leads to an assertion failure in __libc_res_nquery: /* Make sure both hp and hp2 are defined */ assert((hp != NULL) && (hp2 != NULL)); If assertions are disabled, the consequence is a NULL pointer dereference on the next line. Starting with glibc 2.23, as a result of commit e9db92d3acfe1822d56d11abcea5bfc4c41cf6ca (CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug 18665)), the second answer is always allocated with malloc. This means that the assertion failure happens with small responses as well because there is no buffer to reuse, as soon as there is a name resolution failure which triggers a search for an answer along the search path. This commit addresses the issue by ensuring that *resplen2 is initialized before the send_dg function returns. This commit also addresses a bug where an invalid second reply is incorrectly returned as a valid to the caller. (cherry picked from commit b66d837bb5398795c6b0f651bd5a5d66091d8577) ** Affects: eglibc (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1635360 Title: res_query.c:262: __libc_res_nquery: Assertion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1635360/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs