[Touch-packages] [Bug 1796501] Re: systemd-resolved tries to mitigate DVE-2018-0001 even if DNSSEC=yes
i fixed the issue simply but changing the link from the stub resolver to just point at resolv.conf with just nameserver lines... -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1796501 Title: systemd-resolved tries to mitigate DVE-2018-0001 even if DNSSEC=yes Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Bionic: Fix Released Status in systemd source package in Cosmic: Won't Fix Status in systemd source package in Disco: Fix Released Bug description: [impact] an NXDOMAIN response from a dns server when systemd-resolved is configured as DNSSEC=yes breaks dns resolution as it downgrades from DNSSEC. [test case] see comment 9 [regression potential] as with the original patch that introduced this problem, this has the potential to break dns resolution. [other info] original description: I ask systemd-resolved through dig to resolve the SOA of test.asdf. (doesn't exist) but it returns SERVFAIL instead of NXDOMAIN. It seems to do the following steps: 1. Ask upstream for SOA of test.asdf. with EDNS0, DO-bit and 4k size. 2. Ask upstream for SOA of test.asdf. with EDNS0 and DO-bit. 3. Ask upstream for SOA of test.asdf. with EDNS0. 4. Ask upstream for SOA of test.asdf. without EDNS0. 5. Repeat 1-4 for DS of test.asdf. 6. Repeat 1-5 for asdf. 7. Ask upstream for SOA of . with EDNS0, DO-bit and 4k size. 8. Ask upstream for DNSKEY of . with EDNS0, DO-bit and 4k size. The upstream returns an unfragmented NXDOMAIN response for steps 1-6, an unfragmented NOERROR response for step 7 and a fragmented NOERROR response for step 8 which is the correct behaviour. DNSSEC records are included in the response if the DO-bit in the request was set. systemd-resolved should take the response from step 1 and start with validation instead of starting useless retries with reduced feture set. Step 3 and 4 are completely useless and probably lead to the SERVFAIL because I have configured it with DNSSEC=yes to prevent downgrade attacks. This regression seems to be caused by the patch resolved-Mitigate- DVE-2018-0001-by-retrying-NXDOMAIN-with.patch. The downgrade logic should only be executed if it is configured as DNSSEC=allow-downgrade or DNSSEC=no. See also https://github.com/systemd/systemd/pull/8608#issuecomment-396927885. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796501/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 992971] Re: libavformat53 Mismatching header version
Building from scratch using Ubuntu dev packages works like a charm. http://www.andrews-corner.org/ubuntu/mplayer.html -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/992971 Title: libavformat53 Mismatching header version Status in libav package in Ubuntu: Opinion Status in mplayer package in Ubuntu: Confirmed Bug description: Version details should be in the auto-loaded Apport file. $ mplayer blah_blah.mov MPlayer svn r34540 (Ubuntu), built with gcc-4.6 (C) 2000-2012 MPlayer Team Playing blah_blah.mov. libavformat version 53.21.0 (external) Mismatching header version 53.19.0 libavformat file format detected. [snip] ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: libavformat53 4:0.8.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.2.0-24.37-generic 3.2.14 Uname: Linux 3.2.0-24-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.0.1-0ubuntu7 Architecture: amd64 Date: Tue May 1 20:24:45 2012 InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425) ProcEnviron: TERM=xterm PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: libav UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/992971/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1455780] [NEW] the i386 and amb64 versions break each other
Public bug reported: Trying to install wine1.6 leads to a series of dependency errors that lead back to libvpx1:i386. Trying to install that package means that libvpx1:amd64 is to be removed, which then wants to remove a whole bunch of other, important, packages, like software-center & gnome-control-center. $ sudo apt-get install libvpx1:i386 Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: colord dvipng ffmpeg gnome-control-center graphviz gstreamer1.0-libav gstreamer1.0-plugins-bad gstreamer1.0-plugins-good gvfs-backends handbrake-gtk hplip libavcodec-dev libavcodec54 libavformat-dev libavformat54 libcheese-gtk23 libcheese7 libchromaprint0 libgd3 libgphoto2-6 libgvc6 libopencv-contrib2.4 libopencv-highgui2.4 libopencv-legacy2.4 libopencv-objdetect2.4 libsane libvpx-dev libvpx1 printer-driver-postscript-hp python-pygraphviz sane-utils simple-scan software-center vlc vlc-nox vlc-plugin-notify vlc-plugin-samba xdot The following NEW packages will be installed: libvpx1:i386 0 upgraded, 1 newly installed, 38 to remove and 93 not upgraded. Need to get 525 kB of archives. After this operation, 188 MB disk space will be freed. Do you want to continue? [Y/n] n Abort. --= $ lsb_release -rd Description:Ubuntu 14.04.2 LTS Release:14.04 --= What I expect to happen: in a multi-arch system, that amd64 and i386 packages happily coexist. --= What happens instead: they break each other. $ apt-cache depends libvpx1 libvpx1 Depends: libc6 PreDepends: multiarch-support multiarch-support:i386 Replaces: libvpx1:i386 Breaks: libvpx1:i386 $ apt-cache depends libvpx1:i386 libvpx1:i386 Depends: libc6:i386 PreDepends: multiarch-support:i386 multiarch-support Replaces: libvpx1 Breaks: libvpx1 ** Affects: libvpx (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libvpx in Ubuntu. https://bugs.launchpad.net/bugs/1455780 Title: the i386 and amb64 versions break each other Status in libvpx package in Ubuntu: New Bug description: Trying to install wine1.6 leads to a series of dependency errors that lead back to libvpx1:i386. Trying to install that package means that libvpx1:amd64 is to be removed, which then wants to remove a whole bunch of other, important, packages, like software-center & gnome-control-center. $ sudo apt-get install libvpx1:i386 Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: colord dvipng ffmpeg gnome-control-center graphviz gstreamer1.0-libav gstreamer1.0-plugins-bad gstreamer1.0-plugins-good gvfs-backends handbrake-gtk hplip libavcodec-dev libavcodec54 libavformat-dev libavformat54 libcheese-gtk23 libcheese7 libchromaprint0 libgd3 libgphoto2-6 libgvc6 libopencv-contrib2.4 libopencv-highgui2.4 libopencv-legacy2.4 libopencv-objdetect2.4 libsane libvpx-dev libvpx1 printer-driver-postscript-hp python-pygraphviz sane-utils simple-scan software-center vlc vlc-nox vlc-plugin-notify vlc-plugin-samba xdot The following NEW packages will be installed: libvpx1:i386 0 upgraded, 1 newly installed, 38 to remove and 93 not upgraded. Need to get 525 kB of archives. After this operation, 188 MB disk space will be freed. Do you want to continue? [Y/n] n Abort. --= $ lsb_release -rd Description: Ubuntu 14.04.2 LTS Release: 14.04 --= What I expect to happen: in a multi-arch system, that amd64 and i386 packages happily coexist. --= What happens instead: they break each other. $ apt-cache depends libvpx1 libvpx1 Depends: libc6 PreDepends: multiarch-support multiarch-support:i386 Replaces: libvpx1:i386 Breaks: libvpx1:i386 $ apt-cache depends libvpx1:i386 libvpx1:i386 Depends: libc6:i386 PreDepends: multiarch-support:i386 multiarch-support Replaces: libvpx1 Breaks: libvpx1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvpx/+bug/1455780/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1414316] [NEW] cut() does not handle unicode properly
Public bug reported: Hi, $ echo 哈哈 哈哈 $ echo 哈哈 | cut -c 2- ��哈 Apparently, Red Hat patched this in or before FC15. http://unix.stackexchange.com/questions/15961/coreutils-that-are-utf-aware [patches@holocene ~]$ rpm -q coreutils coreutils-8.10-2.fc15.x86_64 [patches@holocene ~]$ echo 哈哈 | cut -c 2- 哈 The patch is here: http://pkgs.fedoraproject.org/cgit/coreutils.git/tree /coreutils- i18n.patch?id=6e10f376996b64f538259091a524df2249b653fb;id2=HEAD ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: coreutils 8.21-1ubuntu5.1 ProcVersionSignature: Ubuntu 3.13.0-44.73-generic 3.13.11-ckt12 Uname: Linux 3.13.0-44-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.14.1-0ubuntu3.6 Architecture: amd64 CurrentDesktop: XFCE Date: Sat Jan 24 10:06:25 2015 InstallationDate: Installed on 2013-05-22 (611 days ago) InstallationMedia: Xubuntu 13.04 "Raring Ringtail" - Release amd64 (20130423.1) SourcePackage: coreutils UpgradeStatus: Upgraded to trusty on 2015-01-04 (19 days ago) ** Affects: coreutils (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug trusty -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to coreutils in Ubuntu. https://bugs.launchpad.net/bugs/1414316 Title: cut() does not handle unicode properly Status in coreutils package in Ubuntu: New Bug description: Hi, $ echo 哈哈 哈哈 $ echo 哈哈 | cut -c 2- ��哈 Apparently, Red Hat patched this in or before FC15. http://unix.stackexchange.com/questions/15961/coreutils-that-are-utf-aware [patches@holocene ~]$ rpm -q coreutils coreutils-8.10-2.fc15.x86_64 [patches@holocene ~]$ echo 哈哈 | cut -c 2- 哈 The patch is here: http://pkgs.fedoraproject.org/cgit/coreutils.git/tree/coreutils- i18n.patch?id=6e10f376996b64f538259091a524df2249b653fb;id2=HEAD ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: coreutils 8.21-1ubuntu5.1 ProcVersionSignature: Ubuntu 3.13.0-44.73-generic 3.13.11-ckt12 Uname: Linux 3.13.0-44-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.14.1-0ubuntu3.6 Architecture: amd64 CurrentDesktop: XFCE Date: Sat Jan 24 10:06:25 2015 InstallationDate: Installed on 2013-05-22 (611 days ago) InstallationMedia: Xubuntu 13.04 "Raring Ringtail" - Release amd64 (20130423.1) SourcePackage: coreutils UpgradeStatus: Upgraded to trusty on 2015-01-04 (19 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/1414316/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
