[Touch-packages] [Bug 725126]

2020-06-18 Thread Jason A. Donenfeld
This problem still exists on binutils 2.33 when -fvisibility=hidden is passed to cflags. I imagine this is so due to some conflicting code where the forced B.W is only generated for static functions, since non- static ones will be relocated differently, but then because of -fvisibility=hidden, they

[Touch-packages] [Bug 725126]

2020-06-20 Thread Jason A. Donenfeld
Tracking the new bug here now: https://sourceware.org/bugzilla/show_bug.cgi?id=26141 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/725126 Title: gas may assemble b to lo

[Touch-packages] [Bug 1890286] [NEW] ansi escape sequence injection in add-apt-repository

2020-08-04 Thread Jason A. Donenfeld
*** This bug is a security vulnerability *** Public security bug reported: This was reported to oss-security and to secur...@ubuntu.com, but I figure I should make a real bug report, as otherwise it'll probably be missed. Original post from https://www.openwall.com/lists/oss- security/2020/08/03/

[Touch-packages] [Bug 1890286] Re: ansi escape sequence injection into add-apt-repository

2020-08-04 Thread Jason A. Donenfeld
Looks like this has come up before in other utilities and was fixed, such as https://bugs.launchpad.net/ubuntu/+source/base- files/+bug/1649352 . ** Summary changed: - ansi escape sequence injection into add-apt-repository + ansi escape sequence injection in add-apt-repository -- You received

[Touch-packages] [Bug 1890286] Re: ansi escape sequence injection in add-apt-repository

2020-08-12 Thread Jason A. Donenfeld
I'm not convinced that really cuts it. Namely, from the diff: -print(" %s" % (info["description"] or "")) +# strip ANSI escape sequences +description = re.sub(r"(\x9B|\x1B\[)[0-?]*[ -/]*[@-~]", + "", info["description"] or "") + +print("

[Touch-packages] [Bug 1890286] Re: ansi escape sequence injection in add-apt-repository

2020-08-12 Thread Jason A. Donenfeld
You might be right that the remaining ones that slip through your regex are mere "nuisance"s. But you know how those things go - one man's nuisance is another man's vuln. Some of those, anyhow, are implemented by the Linux console driver. Why not just take the tried and true "safe" route, as imple

[Touch-packages] [Bug 1892798] Re: eliminating resolvconf/openresolv dependencies

2020-08-25 Thread Jason A. Donenfeld
Thanks for bringing this to my attention. I believe your assessment is correct. Do you know which Ubuntu first started using resolved? How far back do we need to make changes? There are two facets of this: 1) The Ubuntu systemd package should install the resolvconf compatibility symlink. I have n

[Touch-packages] [Bug 1892798] Re: eliminating resolvconf/openresolv dependencies

2020-08-25 Thread Jason A. Donenfeld
> wireguard package => please feed DNS data direct to systemd-resolved using either dbus or the cli. Absolutely not. We're not going to add vendor-specific hacks for broken distros that are unable to include the standard interface for this kind of thing, resolvconf(8). This is a pretty clear case

[Touch-packages] [Bug 1892798] Re: systemd package missing resolvconf(8) compatibility symlink, and a Provides: resolvconf

2020-08-25 Thread Jason A. Donenfeld
By the way, Arch manages the possibility of openresolv colliding with systemd's resolvconf by providing a package called "systemd-resolvconf": https://www.archlinux.org/packages/core/x86_64/systemd-resolvconf/ https://github.com/archlinux/svntogit- packages/blob/packages/systemd/trunk/PKGBUILD#L239

[Touch-packages] [Bug 1892798] Re: systemd package missing resolvconf(8) compatibility symlink, and a Provides: resolvconf

2020-08-26 Thread Jason A. Donenfeld
** Changed in: wireguard (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1892798 Title: systemd package missing resolvconf(8

[Touch-packages] [Bug 1892798] Re: systemd package missing resolvconf(8) compatibility symlink, and a Provides: resolvconf

2020-08-26 Thread Jason A. Donenfeld
Your four appended comments are super full of just plain wrong information. I'll try to unpack these all piecemeal: > Ubuntu/Debian has never used openresolv This is not the case. Ubuntu and Debian have provided openresolv for a very long time, and resolvconf has mostly been an unmaintained mess.

[Touch-packages] [Bug 1892798] Re: systemd package missing resolvconf(8) compatibility symlink, and a Provides: resolvconf

2021-11-23 Thread Jason A. Donenfeld
I think he meant to post this on https://bugs.launchpad.net/ubuntu/+source/wireguard/+bug/1950317 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1892798 Title: systemd pac

[Touch-packages] [Bug 1680811] Re: Request to add wireguard interface to interface-order

2017-04-15 Thread Jason A. Donenfeld
It might make more sense to simply switch to using openresolv, which is a proper resolvconf implementation, which doesn't rely on this silly hard-coded list. Alternatively, you could just backport features one by one from openresolv, such as '-m 0 and '-x'. But really, since openresolv has no down

[Touch-packages] [Bug 1683884] [NEW] openresolv is less crippled than debian-resolvconf for security-focused configurations

2017-04-18 Thread Jason A. Donenfeld
Public bug reported: Ubuntu relies on Debian's own "resolvconf" which is vastly inferior to Openresolv and makes it impossible to securely set up DNS servers for ephemeral secure tunnel interfaces. Specifically, Debian's "resolvconf" relies on a hard coded list of interface templates. For virtual