[Bug 1823074] Re: Adjust xenial d-i builds to only used signed kernel image

2019-04-03 Thread Charles F. Stephens via ubuntu-bugs 
I see that this is a result of LP #1764794, I've adjusted my copy
debian-installer source package to compensate (using bionic version as a
template).

This however, should be fixed for xenial if there is going to be another
point release.

** Summary changed:

- xenial 4.4.0-145 image udeb overwrites unsigned image
+ Adjust xenial d-i builds to only used signed kernel image

** Package changed: linux-signed (Ubuntu) => debian-installer (Ubuntu)

** Summary changed:

- Adjust xenial d-i builds to only used signed kernel image
+ Adjust xenial d-i builds to only use signed kernel image

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1823074

Title:
  Adjust xenial d-i builds to only use signed kernel image

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/debian-installer/+bug/1823074/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1823074] [NEW] xenial 4.4.0-145 image udeb overwrites unsigned image

2019-04-03 Thread Charles F. Stephens via ubuntu-bugs 
Public bug reported:

The payload in the xenial package kernel-signed-image-4.4.0-145-generic-
di_4.4.0-145.171_amd64.udeb doesn't have the proper suffix and
overwrites the unsigned version of the same kernel image:

(from data.tar.xz from the package):

./
./boot/
./boot/vmlinuz-4.4.0-145-generic


It should be

./
./boot/
./boot/vmlinuz-4.4.0-145-generic.efi.signed

This was found while trying to build out a set of installer images via
building the debian-installer source package from xenial

** Affects: linux-signed (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1823074

Title:
  xenial 4.4.0-145 image udeb overwrites unsigned image

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-signed/+bug/1823074/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1760713] Re: getlogin_r is performing NSS lookups when loginid isn't set

2018-12-10 Thread Charles F. Stephens via ubuntu-bugs 
Would it be possible to get a backport of this to xenial as well?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1760713

Title:
  getlogin_r is performing NSS lookups when loginid isn't set

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1760713/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1760713] [NEW] getlogin_r is performing NSS lookups when loginid isn't set

2018-04-02 Thread Charles F. Stephens via ubuntu-bugs 
Public bug reported:

For configurations that use networked naming services for passwd (in
particular LDAP), processes that have no login UID, there are excessive
delays when getlogin_r() is called.

For such processes, /proc/self/loginid is set to a sentinel value (-1),
when files is the only backend, or if nscd is running this returns
quickly.  However if ldap is configured as a backend for passwd, and
nscd isn't being used (which for various political and economic reasons
is not always feasible) network requests to the configured LDAP servers
will occur which can slow down process creation enough to cause timeouts
in parent processes in certain contexts.

Good news, however, as this was recently fixed upstream by:

https://sourceware.org/git/?p=glibc.git;a=commit;h=cc8a1620eb97ccddd337d157263c13c57b39ab71

** Affects: glibc (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1760713

Title:
  getlogin_r is performing NSS lookups when loginid isn't set

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1760713/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1760714] [NEW] getlogin_r is performing NSS lookups when loginid isn't set

2018-04-02 Thread Charles F. Stephens via ubuntu-bugs 
Public bug reported:

This the eglibc duplicate of
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1760713 (which is
for glibc)

For configurations that use networked naming services for passwd (in
particular LDAP), processes that have no login UID, there are excessive
delays when getlogin_r() is called.

For such processes, /proc/self/loginid is set to a sentinel value (-1),
when files is the only backend, or if nscd is running this returns
quickly. However if ldap is configured as a backend for passwd, and nscd
isn't being used (which for various political and economic reasons is
not always feasible) network requests to the configured LDAP servers
will occur which can slow down process creation enough to cause timeouts
in parent processes in certain contexts.

Good news, however, as this was recently fixed upstream by:

https://sourceware.org/git/?p=glibc.git;a=commit;h=cc8a1620eb97ccddd337d157263c13c57b39ab71

** Affects: eglibc (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1760714

Title:
  getlogin_r is performing NSS lookups when loginid isn't set

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1760714/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716047] Re: rustc control file contains unsupported restriction formulas in control file

2017-10-10 Thread Charles F. Stephens 
We use Ubuntu trusty directly for some custom corporate installation
which uses germinate to construct an APT repository.

If this is built automatically, then I'm confused as to the resistance
to just respin the package without the incompatible schema in the
control file.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716047

Title:
  rustc control file contains unsupported restriction formulas in
  control file

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1716047/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716047] Re: rustc control file contains unsupported restriction formulas in control file

2017-10-10 Thread Charles F. Stephens 
Right now we are stuck because we can't issue security updates
internally because we can't construct our APT repository.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716047

Title:
  rustc control file contains unsupported restriction formulas in
  control file

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1716047/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716047] Re: rustc control file contains unsupported restriction formulas in control file

2017-10-09 Thread Charles F. Stephens 
Our builds use germinate to create a custom ISO installer.  Germinate
attempts to parse all of the index files from an APT repository
including Sources.  The rustc source package contains restriction
formulas which are too new (read as: schema change) for germinate and/or
python-apt to understand and it errors out.

If anyone attempted to rebuild rustc using trusty using pbuilder, it
won't work for the same reason. (This leads me to conclude that whomever
built the binary rustc packages for this trusty backport did not do so
on a trusty system).

There are zero other content changes required, just removal of the
unsupported restriction formulas in the Build-Depends* fields of the
control file.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716047

Title:
  rustc control file contains unsupported restriction formulas in
  control file

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1716047/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716047] Re: rustc control file contains unsupported restriction formulas in control file

2017-09-18 Thread Charles F. Stephens 
This is a debdiff for Trusty applicable to
1.15.1+dfsg0-1~exp1ubuntu2~14.04.7.  I built this in pbuilder (within
the ubuntu:trusty docker container) and it builds successfully, and I
installed it, the patch works as intended.

** Patch added: "1-1~exp1ubuntu2~14.04.7ubuntu1.debdiff"
   
https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1716047/+attachment/4952467/+files/1-1~exp1ubuntu2~14.04.7ubuntu1.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716047

Title:
  rustc control file contains unsupported restriction formulas in
  control file

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1716047/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716047] Re: rustc control file contains unsupported restriction formulas in control file

2017-09-14 Thread Charles F. Stephens 
** Summary changed:

- rustc dsc Build-Depends breaks apt
+ rustc control file contains unsupported restriction formulas in control file

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1716047

Title:
  rustc control file contains unsupported restriction formulas in
  control file

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1716047/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1716047] [NEW] rustc dsc Build-Depends breaks apt

2017-09-08 Thread Charles F. Stephens 
Public bug reported:

The trusty back port of the rustc source package breaks dependency
computation using apt because it contains qualifiers in the Build-
Depends that are not understood by the trusty version of apt.

Build-Depends: debhelper (>= 9), rustc (>= 1.14.0+dfsg) [!powerpc], rustc (<= 
1.15.1++) [!powerpc], autotools-dev, binutils-2.26, cmake3, curl, gperf, 
libedit-dev, llvm-3.9-dev (>= 1:3.9-5), llvm-3.9-tools (>= 1:3.9-5), python, 
zlib1g-dev, nodejs [!arm64] , valgrind , git , 
procps , libjs-jquery , antlr , bison , 
flex , default-jdk 
Build-Depends-Indep: libjs-jquery , pandoc (>= 1.9), po4a, 
texlive-xetex, texlive-latex-base, texlive-generic-recommended, 
texlive-fonts-recommended, lmodern

Namely it's the "" and "" qualifiers.

This is breaking our builds which run germinate which calls on APT to
parse various APT files, include Sources (even though it doesn't
actually use it):

/usr/bin/germinate --no-rdepends -S file:///buildtree/germinate/seeds -s pure 
-a amd64 -c main,universe -d trusty,trusty-updates,trusty-security -m 
http://apt-svc.redacted.example.com/trusty/trusty-20170615
rm: cannot remove ‘*’: No such file or directory
Downloading 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/main/binary-amd64/Packages.bz2
 file ...
Decompressing 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/main/binary-amd64/Packages.bz2
 file ...
Downloading 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/main/source/Sources.bz2
 file ...
Decompressing 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/main/source/Sources.bz2
 file ...
Downloading 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/main/debian-installer/binary-amd64/Packages.bz2
 file ...
Decompressing 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/main/debian-installer/binary-amd64/Packages.bz2
 file ...
Downloading 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/universe/binary-amd64/Packages.bz2
 file ...
Decompressing 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/universe/binary-amd64/Packages.bz2
 file ...
Downloading 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/universe/source/Sources.bz2
 file ...
Decompressing 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/universe/source/Sources.bz2
 file ...
Downloading 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/universe/debian-installer/binary-amd64/Packages.bz2
 file ...
Decompressing 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty/universe/debian-installer/binary-amd64/Packages.bz2
 file ...
Downloading 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty-updates/main/binary-amd64/Packages.bz2
 file ...
Decompressing 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty-updates/main/binary-amd64/Packages.bz2
 file ...
Downloading 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty-updates/main/source/Sources.bz2
 file ...
Decompressing 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty-updates/main/source/Sources.bz2
 file ...
Downloading 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty-updates/main/debian-installer/binary-amd64/Packages.bz2
 file ...
Downloading 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty-updates/main/debian-installer/binary-amd64/Packages.gz
 file ...
Downloading 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty-updates/main/debian-installer/binary-amd64/Packages
 file ...
Missing installer Packages file for main (ignoring)
Downloading 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty-updates/universe/binary-amd64/Packages.bz2
 file ...
Decompressing 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty-updates/universe/binary-amd64/Packages.bz2
 file ...
Downloading 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty-updates/universe/source/Sources.bz2
 file ...
Decompressing 
http://apt-svc.redacted.example.com/trusty/trusty-20170615/dists/trusty-updates/universe/source/Sources.bz2
 file ...
Traceback (most recent call last):
  File "/usr/bin/germinate", line 35, in 
main(sys.argv)
  File "/usr/lib/python3/dist-packages/germinate/scripts/germinate_main.py", 
line 119, in main
g.parse_archive(archive)
  File "/usr/lib/python3/dist-packages/germinate/germinator.py", line 512, in 
parse_archive
self._parse_source(section)
  File "/usr/lib/python3/dist-packages/germinate/germinator.py", line 497, in 
_parse_source
self._sources[src][field] = self._parse_src_depends(value)
  File "/usr/lib/python3/dist-packages/germinate/germinator.py", line 473, in 
_parse_src_depends
return apt_pkg.parse_src_depends(value, False)
ValueError: Problem

[Bug 1635360] Re: res_query.c:262: __libc_res_nquery: Assertion

2017-02-08 Thread Charles F. Stephens 
Ping: has anyone looked at this ticket yet?  It seems like a trivial fix
to incorporate into eglibc.  Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1635360

Title:
  res_query.c:262: __libc_res_nquery: Assertion

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1635360/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1635360] [NEW] res_query.c:262: __libc_res_nquery: Assertion

2016-10-20 Thread Charles F. Stephens 
Public bug reported:

Debian report https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816669
Upstream report https://sourceware.org/bugzilla/show_bug.cgi?id=19791

Whenever, in resolv.conf, there are both IPv6 and IPv4 server entries
and either protocol is not routable on a system, resolv throws an
assertion:

res_query.c:262: __libc_res_nquery: Assertion `(hp != ((void *)0)) &&
(hp2 != ((void *)0))' failed.

This problem was introduced as a side-effect of patching CVE-2015-7547.

There is a fix upstream:

commit 10d268070a8aa9a878668e7f060e92ed668de146
Author: Florian Weimer 
Date:   Fri Mar 25 11:49:51 2016 +0100

resolv: Always set *resplen2 out parameter in send_dg [BZ #19791]

Since commit 44d20bca52ace85850012b0ead37b360e3ecd96e (Implement
second fallback mode for DNS requests), there is a code path which
returns early, before *resplen2 is initialized.  This happens if the
name server address is immediately recognized as invalid (because of
lack of protocol support, or if it is a broadcast address such
255.255.255.255, or another invalid address).

If this happens and *resplen2 was non-zero (which is the case if a
previous query resulted in a failure), __libc_res_nquery would reuse
an existing second answer buffer.  This answer has been previously
identified as unusable (for example, it could be an NXDOMAIN
response).  Due to the presence of a second answer, no name server
switching will occur.  The result is a name resolution failure,
although a successful resolution would have been possible if name
servers have been switched and queries had proceeded along the search
path.

The above paragraph still simplifies the situation.  Before glibc
2.23, if the second answer needed malloc, the stub resolver would
still attempt to reuse the second answer, but this is not possible
because __libc_res_nsearch has freed it, after the unsuccessful call
to __libc_res_nquerydomain, and set the buffer pointer to NULL.  This
eventually leads to an assertion failure in __libc_res_nquery:

/* Make sure both hp and hp2 are defined */
assert((hp != NULL) && (hp2 != NULL));

If assertions are disabled, the consequence is a NULL pointer
dereference on the next line.

Starting with glibc 2.23, as a result of commit
e9db92d3acfe1822d56d11abcea5bfc4c41cf6ca (CVE-2015-7547: getaddrinfo()
stack-based buffer overflow (Bug 18665)), the second answer is always
allocated with malloc.  This means that the assertion failure happens
with small responses as well because there is no buffer to reuse, as
soon as there is a name resolution failure which triggers a search for
an answer along the search path.

This commit addresses the issue by ensuring that *resplen2 is
initialized before the send_dg function returns.

This commit also addresses a bug where an invalid second reply is
incorrectly returned as a valid to the caller.

(cherry picked from commit b66d837bb5398795c6b0f651bd5a5d66091d8577)

** Affects: eglibc (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1635360

Title:
  res_query.c:262: __libc_res_nquery: Assertion

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1635360/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs