missing EDNS0 record confuses systemd-resolved

Bug #1785383 reported by Steve Dodd
30
This bug affects 4 people
Affects Status Importance Assigned to Milestone
systemd
Fix Released
Unknown
dnsmasq (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Paride Legovini
Focal
Undecided
Unassigned
Groovy
Undecided
Unassigned
Hirsute
Undecided
Unassigned
Impish
Undecided
Unassigned
systemd (Ubuntu)
Medium
Unassigned
Bionic
Medium
Dan Streetman
Focal
Medium
Dan Streetman
Groovy
Medium
Dan Streetman
Hirsute
Medium
Dan Streetman
Impish
Medium
Unassigned

Bug Description

[Impact]

dnsmasq 2.79 and below omits EDNS0 OPT records [1] when returning an empty answer for a domain it is authoritative for. systemd-resolved seems to get confused by this in certain circumstances; when using the stub resolver and requesting an address for which there are no AAAA records, there can sometimes be a five second hang in resolution.

[1] https://en.wikipedia.org/wiki/Extension_Mechanisms_for_DNS

[Test Plan]

Test case for bionic:

-----------------------------------------
IFACE=dummy0
SUBNET=10.0.0

ip link add $IFACE type dummy
ifconfig $IFACE ${SUBNET}.1/24
dnsmasq -h -R -d -C /dev/null -2 $IFACE -z -i $IFACE -I lo --host-record=test.test,${SUBNET}.1 --server=/test/ &

dig -t a test.test @10.0.0.1 | grep EDNS
# returns "; EDNS ..."
dig -t aaaa test.test @10.0.0.1 | grep EDNS
# again, should return "; EDNS ..." but doesn't.
# does so with the -proposed package.
-----------------------------------------

[Where problems could occur]

Problems may occur in case a client queries dnsmasq and relies on EDNS0 not being available for behaving correctly. This covers cases where the software querying dnsmasq is buggy or misconfigured.

[Development Fix]

Fixed upstream in dnsmasq >= 2.80.

[Stable Fix]

Partial cherry-pick of upstream commit http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=1682d15a744880b0398af75eadf68fe66128af78

The cherry-pick is partial because half if it is already in the package .diff we have in Bionic.

Related branches

Revision history for this message
Steve Dodd (anarchetic) wrote :
Revision history for this message
Steve Dodd (anarchetic) wrote :

Amend to test case:

dnsmasq -h -R -d -C /dev/null -2 $IFACE -z -i $IFACE -I lo -S /test/ --host-record=test.test,${SUBNET}.1

Cannot reproduce bug in systemd 239, but would be good to know which commit fixed the problem for cherry picking purposes.

Revision history for this message
Steve Dodd (anarchetic) wrote :

On further investigation this seems to be specific to the Ubuntu version of systemd 237. I cannot reproduce it with the upstream release.

Revision history for this message
Steve Dodd (anarchetic) wrote :

Reverting the patch "resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch" solves this problem for me. My best guess is that the following patch segment changes some key logic:

@@ -388,12 +388,12 @@ static int dns_transaction_pick_server(DnsTransaction *t) {
         if (!server)
                 return -ESRCH;

- /* If we changed the server invalidate the feature level clamping, as the new server might have completely
- * different properties. */
- if (server != t->server)
+ /* If we changed the server invalidate the current & clamp feature levels, as the new server might have
+ * completely different properties. */
+ if (server != t->server) {
                 t->clamp_feature_level = _DNS_SERVER_FEATURE_LEVEL_INVALID;
-
- t->current_feature_level = dns_server_possible_feature_level(server);
+ t->current_feature_level = dns_server_possible_feature_level(server);
+ }

Note that it makes the assignment dependent on the test, I don't know if this was intentional or not.

Revision history for this message
Chris E (cbz) wrote :

In my opinion the log message from system also needs to be dropped - a number of systems will use NXDOMAIN as a means of domain blocking/ad blocking, and this isn't thus an exceptional event that needs logging each time.

Revision history for this message
Arduous (samuel-progin) wrote :

Returning NXDOMAIN is the behavior of Adblock on Turris-os (a derivative of OpenWRT) with Knot resolver as back-end. I am of the same opinion than @cbz . At the moment I will limit the logging rate.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in dnsmasq (Ubuntu):
status: New → Confirmed
Changed in systemd (Ubuntu):
status: New → Confirmed
Revision history for this message
Steve Dodd (anarchetic) wrote :

Any news on this? Recent upgrade has removed my patches to dnsmasq, and I'm hitting this again. Still convinced the Ubuntu-specific patch to systemd-resolved is flawed as well.

I will try to get brain back into gear to have at look at this all again. If nothing else, would be good to SRU the dnsmasq upstream fix?

Paride Legovini (paride)
Changed in dnsmasq (Ubuntu):
status: Confirmed → Triaged
Bryce Harrington (bryce)
description: updated
Revision history for this message
Bryce Harrington (bryce) wrote :

I've linked to the upstream systemd bug report, although from comment #4 it sounds like it might be a regression caused by a security fix.

As to the dnsmasq patch mentioned in the issue description, what it appears to be doing is checking if there is a pseudoheader in the request, and if so adds the edns data structure to the response. I can't speak to what potential regressions might be concerns here, but the patch itself looks sensible to me. So, given adequate testing, I don't see a reason against considering SRU for this.

Changed in systemd (Ubuntu):
status: Confirmed → Triaged
Changed in dnsmasq (Ubuntu Bionic):
status: New → Triaged
Revision history for this message
Bryce Harrington (bryce) wrote :

Targeting to bionic, since disco/eoan/focal are on 2.80 which, per the OP, should already be carrying the requested fix.

Bryce Harrington (bryce)
tags: added: server-next
Changed in systemd:
status: Unknown → Fix Released
Revision history for this message
Dan Streetman (ddstreet) wrote :

> although from comment #4 it sounds like it might be a regression caused by a security fix.

it's not a security fix, it's a patch to get resolved working with specific broken captive portals, from bug 1727237 and bug 1766969. It was proposed upstream in this PR:
https://github.com/systemd/systemd/pull/8608

but was never accepted upstream, only added to Ubuntu. As this bug shows, the patch does appear to actually still cause problems for people even without DNSSEC on (that problem was fixed in Ubuntu separately with bug 1796501).

Fixing dnsmasq is good, but at some point we'll need to properly fix upstream to workaround buggy captive portals in a way that doesn't cause other problems.

Dan Streetman (ddstreet)
tags: added: ddstreet
Dan Streetman (ddstreet)
Changed in systemd (Ubuntu Hirsute):
assignee: nobody → Dan Streetman (ddstreet)
status: New → In Progress
Changed in systemd (Ubuntu Groovy):
assignee: nobody → Dan Streetman (ddstreet)
importance: Undecided → Medium
status: New → In Progress
Changed in systemd (Ubuntu Focal):
assignee: nobody → Dan Streetman (ddstreet)
importance: Undecided → Medium
status: New → In Progress
Changed in systemd (Ubuntu Bionic):
assignee: nobody → Dan Streetman (ddstreet)
importance: Undecided → Medium
status: New → In Progress
Changed in systemd (Ubuntu Hirsute):
importance: Undecided → Medium
Changed in dnsmasq (Ubuntu Focal):
status: New → Fix Released
Changed in dnsmasq (Ubuntu Groovy):
status: New → Fix Released
Changed in dnsmasq (Ubuntu Hirsute):
status: New → Fix Released
Changed in dnsmasq (Ubuntu Impish):
status: Triaged → Fix Released
Dan Streetman (ddstreet)
description: updated
Revision history for this message
Brian Murray (brian-murray) wrote :

The SRU of systemd for Hirsute (and all its accompanying bugs) looks good to me, but I'd like to see this fix merged for Impish at least per SRU policy.

Revision history for this message
Steve Langasek (vorlon) wrote :

marking incomplete for hirsute based on Brian's comment above.

Changed in systemd (Ubuntu Hirsute):
status: In Progress → Incomplete
Revision history for this message
Balint Reczey (rbalint) wrote :

@brian-murray I've merged the fix to the git repository thus it will be part of the next upload.

Changed in systemd (Ubuntu Impish):
status: Triaged → Fix Committed
importance: Undecided → Medium
Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello Steve, or anyone else affected,

Accepted systemd into hirsute-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/247.3-3ubuntu3.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-hirsute to verification-done-hirsute. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-hirsute. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in systemd (Ubuntu Hirsute):
status: Incomplete → Fix Committed
tags: added: verification-needed verification-needed-hirsute
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello Steve, or anyone else affected,

Accepted systemd into groovy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/246.6-1ubuntu1.4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-groovy to verification-done-groovy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-groovy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in systemd (Ubuntu Groovy):
status: In Progress → Fix Committed
tags: added: verification-needed-groovy
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello Steve, or anyone else affected,

Accepted systemd into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/245.4-4ubuntu3.7 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in systemd (Ubuntu Focal):
status: In Progress → Fix Committed
tags: added: verification-needed-focal
Changed in systemd (Ubuntu Bionic):
status: In Progress → Fix Committed
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello Steve, or anyone else affected,

Accepted systemd into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.48 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

tags: added: verification-needed-bionic
Revision history for this message
Dan Streetman (ddstreet) wrote :

ubuntu@lp1785383-h:~$ dpkg -l systemd|grep systemd
ii systemd 247.3-3ubuntu3 amd64 system and service manager
ubuntu@lp1785383-h:~$ systemd-resolve --reset-server-features
ubuntu@lp1785383-h:~$ systemd-resolve --flush-caches
ubuntu@lp1785383-h:~$ time host test.test
test.test has address 1.2.3.4

real 0m5.066s
user 0m0.012s
sys 0m0.012s

ubuntu@lp1785383-h:~$ dpkg -l systemd|grep systemd
ii systemd 247.3-3ubuntu3.1 amd64 system and service manager
ubuntu@lp1785383-h:~$ systemd-resolve --reset-server-features
ubuntu@lp1785383-h:~$ systemd-resolve --flush-caches
ubuntu@lp1785383-h:~$ time host test.test
test.test has address 1.2.3.4

real 0m0.044s
user 0m0.006s
sys 0m0.017s

tags: added: verification-done-hirsute
removed: verification-needed-hirsute
Revision history for this message
Dan Streetman (ddstreet) wrote :

ubuntu@lp1785383-g:~$ dpkg -l systemd|grep systemd
ii systemd 246.6-1ubuntu1.3 amd64 system and service manager
ubuntu@lp1785383-g:~$ systemd-resolve --reset-server-features
ubuntu@lp1785383-g:~$ systemd-resolve --flush-caches
ubuntu@lp1785383-g:~$ time host test.test
test.test has address 1.2.3.4

real 0m5.040s
user 0m0.013s
sys 0m0.013s

ubuntu@lp1785383-g:~$ dpkg -l systemd|grep systemd
ii systemd 246.6-1ubuntu1.4 amd64 system and service manager
ubuntu@lp1785383-g:~$ systemd-resolve --reset-server-features
ubuntu@lp1785383-g:~$ systemd-resolve --flush-caches
ubuntu@lp1785383-g:~$ time host test.test
test.test has address 1.2.3.4

real 0m0.023s
user 0m0.010s
sys 0m0.011s

tags: added: verification-done-groovy
removed: verification-needed-groovy
Revision history for this message
Dan Streetman (ddstreet) wrote :

ubuntu@lp1785383-f:~$ dpkg -l systemd|grep systemd
ii systemd 245.4-4ubuntu3.6 amd64 system and service manager
ubuntu@lp1785383-f:~$ systemd-resolve --reset-server-features
ubuntu@lp1785383-f:~$ systemd-resolve --flush-caches
ubuntu@lp1785383-f:~$ time host test.test
test.test has address 1.2.3.4

real 0m5.047s
user 0m0.015s
sys 0m0.018s

ubuntu@lp1785383-f:~$ dpkg -l systemd|grep systemd
ii systemd 245.4-4ubuntu3.7 amd64 system and service manager
ubuntu@lp1785383-f:~$ systemd-resolve --reset-server-features
ubuntu@lp1785383-f:~$ systemd-resolve --flush-caches
ubuntu@lp1785383-f:~$ time host test.test
test.test has address 1.2.3.4

real 0m0.020s
user 0m0.008s
sys 0m0.008s

tags: added: verification-done-focal
removed: verification-needed-focal
Revision history for this message
Dan Streetman (ddstreet) wrote :

ubuntu@lp1785383-b:~$ dpkg -l systemd|grep systemd
ii systemd 237-3ubuntu10.47 amd64 system and service manager
ubuntu@lp1785383-b:~$ sudo systemd-resolve --reset-server-features
ubuntu@lp1785383-b:~$ sudo systemd-resolve --flush-caches
ubuntu@lp1785383-b:~$ time host test.test
test.test has address 1.2.3.4

real 0m5.024s
user 0m0.012s
sys 0m0.008s

ubuntu@lp1785383-b:~$ dpkg -l systemd|grep systemd
ii systemd 237-3ubuntu10.48 amd64 system and service manager
ubuntu@lp1785383-b:~$ sudo systemd-resolve --reset-server-features
ubuntu@lp1785383-b:~$ sudo systemd-resolve --flush-caches
ubuntu@lp1785383-b:~$ time host test.test
test.test has address 1.2.3.4

real 0m0.023s
user 0m0.013s
sys 0m0.000s

tags: added: verification-done verification-done-bionic
removed: verification-needed verification-needed-bionic
Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (systemd/246.6-1ubuntu1.4)

All autopkgtests for the newly accepted systemd (246.6-1ubuntu1.4) for groovy have finished running.
The following regressions have been reported in tests triggered by the package:

casync/2+20190213-1 (s390x)
udisks2/2.9.1-2ubuntu1 (arm64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/groovy/update_excuses.html#systemd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (systemd/247.3-3ubuntu3.1)

All autopkgtests for the newly accepted systemd (247.3-3ubuntu3.1) for hirsute have finished running.
The following regressions have been reported in tests triggered by the package:

systemd/247.3-3ubuntu3.1 (armhf)
udisks2/2.9.2-1ubuntu1 (arm64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/hirsute/update_excuses.html#systemd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 247.3-3ubuntu3.1

---------------
systemd (247.3-3ubuntu3.1) hirsute; urgency=medium

  [ Andy Chi ]
  * debian/patches/lp1926547-hwdb-60-keyboard-Update-Dell-Privacy-Local-Mic-Mute-.patch
    - Apply upstream patch to correct key and device mapping.
      (LP: #1926547)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f360a705d992205e3da511910c859e81390e93c6

  [ Łukasz 'sil2100' Zemczak ]
  * d/p/lp1664844/0001-network-add-ActivationPolicy-configuration-parameter.patch,
    d/p/lp1664844/0002-test-add-ActivationPolicy-unit-tests.patch,
    d/p/lp1664844/0003-save-link-activation-policy-to-state-file-and-displa.patch:
    - add support for configuring the activation policy for an interface
      (LP: #1664844)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ae75627f573f5946169819e4fdfe89290badaf21

  [ Dan Streetman ]
  * d/p/debian/UBUNTU-resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch,
    d/p/lp1785383-resolved-address-DVE-2018-0001.patch:
    - Use upstream patch for DVE-2018-0001 handling (LP: #1785383)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6c6e948e4364649a4a803a8f1c9cdd5c70e1f0ab
  * d/p/lp1929849-rfkill-add-some-casts-to-silence-Werror-sign-compare.patch:
    - Fix FTBFS due to kernel header change (LP: #1929849)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=656bfde76b7a2d172d84d4e7905d80e1dfa2b68d

 -- Dan Streetman <email address hidden> Thu, 27 May 2021 11:09:57 -0400

Changed in systemd (Ubuntu Hirsute):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for systemd has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 246.6-1ubuntu1.4

---------------
systemd (246.6-1ubuntu1.4) groovy; urgency=medium

  [ Andy Chi ]
  * debian/patches/lp1926547-hwdb-60-keyboard-Update-Dell-Privacy-Local-Mic-Mute-.patch
    - Apply upstream patch to correct key and device mapping.
      (LP: #1926547)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=a4c14d1c8370445e315ffa59b0a7ce593a79fbf4

  [ Dan Streetman ]
  * d/p/lp1921696/0001-rfkill-improve-error-logging.patch,
    d/p/lp1921696/0002-rfkill-use-short-writes-and-accept-long-reads.patch:
    Handle rfkill api change in kernel 5.10 (LP: #1921696)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b683c842c74b5f193555fd79bc76e574a025f5b1
  * d/p/lp1929560-network-move-set-MAC-and-set-nomaster-operations-out.patch:
    Move link mac and master config out of link_up() (LP: #1929560)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=a90963d52a70c0ed1b429b1025b95f8c0fa6e7aa
  * d/p/lp1902891-core-mount-mount-command-may-fail-after-adding-the-c.patch:
    Handle failed mount command (LP: #1902891)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d83f3bce38e04395c6406c3c45efbc9977ae1138
  * d/p/debian/UBUNTU-resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch,
    d/p/lp1880258-log-nxdomain-as-debug.patch,
    d/p/lp1785383-resolved-address-DVE-2018-0001.patch:
    - Use upstream patch for DVE-2018-0001 handling (LP: #1785383)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=eb311ad89c5fd570bf3af362d8a2af1b357be3dd

  [ Łukasz 'sil2100' Zemczak ]
  * d/p/lp1664844/0001-network-add-ActivationPolicy-configuration-parameter.patch,
    d/p/lp1664844/0002-test-add-ActivationPolicy-unit-tests.patch,
    d/p/lp1664844/0003-save-link-activation-policy-to-state-file-and-displa.patch:
    - add support for configuring the activation policy for an interface
      (LP: #1664844)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=0b0a9202964b24fb8d9fb4b28bdb22c6aadd25b7

 -- Dan Streetman <email address hidden> Thu, 27 May 2021 11:13:07 -0400

Changed in systemd (Ubuntu Groovy):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 245.4-4ubuntu3.7

---------------
systemd (245.4-4ubuntu3.7) focal; urgency=medium

  [ Andy Chi ]
  * debian/patches/lp1926547-hwdb-60-keyboard-Update-Dell-Privacy-Local-Mic-Mute-.patch
    - Apply upstream patch to correct key and device mapping.
      (LP: #1926547)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=62c3ce6d6b2cab762b24aa610d6d135a67bdd76a

  [ Dan Streetman ]
  * d/p/lp1921696/0001-rfkill-improve-error-logging.patch,
    d/p/lp1921696/0002-rfkill-use-short-writes-and-accept-long-reads.patch:
    Handle rfkill api change in kernel 5.10 (LP: #1921696)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ff0c23ba4fbcfa7f68e98adb6d62798ce54ca1da
  * d/p/lp1929122-network-check-that-received-ifindex-is-valid.patch:
    Check if ifindex is valid (LP: #1929122)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6378191818bc7d169b657e6f7a2b50cfddb4275e
  * d/p/lp1929560-network-move-set-MAC-and-set-nomaster-operations-out.patch:
    Move link mac and master config out of link_up() (LP: #1929560)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=28cff7ee02a9ebd4ab93026af9fceaa2283725b3
  * d/p/lp1902891-core-mount-mount-command-may-fail-after-adding-the-c.patch:
    Handle failed mount command (LP: #1902891)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b425189a483d7455db870b0ec5b2443c0eea7d76
  * d/p/resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch,
    d/p/lp1880258-log-nxdomain-as-debug.patch,
    d/p/lp1785383-resolved-address-DVE-2018-0001.patch:
    - Use upstream patch for DVE-2018-0001 handling (LP: #1785383)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ec45ebfee362ad3e429642f7519e8b88f16dc221

  [ Łukasz 'sil2100' Zemczak ]
  * d/p/lp1664844/0001-network-add-ActivationPolicy-configuration-parameter.patch,
    d/p/lp1664844/0002-test-add-ActivationPolicy-unit-tests.patch,
    d/p/lp1664844/0003-save-link-activation-policy-to-state-file-and-displa.patch:
    - add support for configuring the activation policy for an interface
      (LP: #1664844)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=94f7b72d8128c743f35b308101a87d2c53a4074c

 -- Dan Streetman <email address hidden> Thu, 27 May 2021 11:16:17 -0400

Changed in systemd (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 237-3ubuntu10.48

---------------
systemd (237-3ubuntu10.48) bionic; urgency=medium

  * d/p/lp1925216-seccomp-rework-functions-for-parsing-system-call-fil.patch:
    Downgrade syscall group parsing failure logs to debug (LP: #1925216)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=8c0181e24f7c0128a48c706d1f4b28ec0f225fd7
  * d/p/lp1929560-network-move-set-MAC-and-set-nomaster-operations-out.patch:
    Move link mac and master config out of link_up() (LP: #1929560)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d808ea22366ca7ba4b5bb32815ab0ca2eea8a49f
  * d/p/resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch,
    d/p/resolved_disable-connection-downgrade-when-DNSSEC-yes.patch,
    d/p/lp1880258-log-nxdomain-as-debug.patch,
    d/p/lp1785383-resolved-address-DVE-2018-0001.patch:
    - Use upstream patch for DVE-2018-0001 handling (LP: #1785383)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b6258fda64c84c34b0f8026e6e29bcfffa8dc4f1

 -- Dan Streetman <email address hidden> Thu, 27 May 2021 11:18:38 -0400

Changed in systemd (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 248.3-1ubuntu2

---------------
systemd (248.3-1ubuntu2) impish; urgency=medium

  [ Kai-Heng Feng ]
  * d/p/hwdb-Add-ProBook-to-use-micmute-hotkey.patch:
    - Add ProBook to use micmute hotkey (LP: #1930910)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=30b96fac92d911cb725f7220a9539085a24fe5f7

  [ Jeremy Szu ]
  * d/p/lp1932352-hwdb-Add-mic-mute-key-mapping-for-HP-Elite-Dragonfly.patch:
    - Fix micmute hotkeys on HP Elite Dragonfly (LP: #1932352)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ac93cfcca200644b743deab94f655ccd74ff90a6

  [ Dan Streetman ]
  * d/p/debian/UBUNTU-resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch:
    Remove no-longer-needed patch for DVE-2018-0001 (LP: #1785383)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=943b2dd5884e67c67d6336c24352b02e17809df0
  * d/p/lp1931578/0001-network-default-RequiredForOnline-false-if-Activacti.patch,
    d/p/lp1931578/0002-networkctl-add-field-Required-For-Online.patch,
    d/p/lp1931578/0003-test-add-test-to-verify-RequiredForOnline-setting-wi.patch:
    Adjust default for RequiredForOnline when using ActivationPolicy
    (LP: #1931578)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d0b8629ec14396f1a5d5f7c132c9b687065136b0
  * d/p/lp1894622-Add-systemd-resolve-backwards-compatibility-section-.patch:
    Add man page symlink and deprecation notice for systemd-resolve
    (LP: #1894622)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f719185253f989d6708c894150c0878cabee6589
  * d/p/lp1858210/0001-time-simplify-get_timezones.patch,
    d/p/lp1858210/0002-time-split-get_timezone-into-main-function-and-zone1.patch,
    d/p/lp1858210/0003-time-get-timezones-from-tzdata.zi.patch:
    Parse tzdata.zi so timedatectl list-timezones also lists aliases
    (LP: #1858210)
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=8e5b0a7c7c4e1e29b5e81511a1145633d9b75be5

 -- Dan Streetman <email address hidden> Tue, 06 Jul 2021 13:37:59 -0400

Changed in systemd (Ubuntu Impish):
status: Fix Committed → Fix Released
Revision history for this message
Utkarsh Gupta (utkarsh) wrote :

[commenting so the bug doesn't get expired as we still need to look at the Bionic fix for dnsmasq]

Revision history for this message
Dan Streetman (ddstreet) wrote :

> [commenting so the bug doesn't get expired as we still need to look at the Bionic fix for dnsmasq]

AFAIK, launchpad bugs only auto-expire if set to 'incomplete'. bugs set to anything else, like this one set to 'triaged', won't auto-expire and don't need comments added to keep them from auto-expiring, unless there is something i'm missing.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote : Re: [Bug 1785383] Re: missing EDNS0 record confuses systemd-resolved

On Mon, Sep 6, 2021 at 4:05 PM Dan Streetman <email address hidden> wrote:
>
> > [commenting so the bug doesn't get expired as we still need to look at
> the Bionic fix for dnsmasq]
>
> AFAIK, launchpad bugs only auto-expire if set to 'incomplete'. bugs set
> to anything else, like this one set to 'triaged', won't auto-expire and
> don't need comments added to keep them from auto-expiring, unless there
> is something i'm missing.

Hi Dan,
There is a secondary layer of server-team triage to ensure we stay
aware of our bugs really well.
In that there are 60 and 180 day expiration periods depending on some
other factors we might ping
a bug to ensure it comes back up again.

This is related to the ubuntu server (bug) maintenance [1] and not
general launchpad expiry mechanims.

[1]: https://github.com/canonical/ubuntu-maintainers-handbook/blob/main/BugTriage.md

Revision history for this message
Dan Streetman (ddstreet) wrote :

> This is related to the ubuntu server (bug) maintenance

ah, https://wiki.ubuntu.com/ServerTeam#Daily_Bug_Expiration

just part of the internal canonical server team bug tracking, got it.

Revision history for this message
Paride Legovini (paride) wrote :

The only task that remains to tackled here is dnsmasq on Bionic.

By following the [Test Case] I verified that applying [1] fixes the bug in Bionic. The first two hunks of the patch are already applied in the Ubuntu package, what remains to apply is in the attached patch.

[1] http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=1682d15a744880b0398af75eadf68fe66128af78

Changed in dnsmasq (Ubuntu Bionic):
assignee: nobody → Paride Legovini (paride)
Paride Legovini (paride)
Changed in dnsmasq (Ubuntu Bionic):
status: Triaged → In Progress
Revision history for this message
Paride Legovini (paride) wrote :

I dropped the verification-* as there were about the systemd SRU, while I'm preparing the dnsmasq one at the moment.

description: updated
tags: removed: verification-done verification-done-bionic verification-done-focal verification-done-groovy verification-done-hirsute
description: updated
Revision history for this message
Paride Legovini (paride) wrote :

MP to fix this bug in Bionic, already reviewed and uploaded:

https://code.launchpad.net/~paride/ubuntu/+source/dnsmasq/+git/dnsmasq/+merge/409149

Revision history for this message
Paride Legovini (paride) wrote :

The MP got reviewed and the dnsmasq upload is currently waiting in the Bionic unapproved queue.

Being a format 1.0 package the diff [1] looks huge at first glance, but the real changes are actually very limited (those in the MP).

[1] https://launchpadlibrarian.net/560828569/dnsmasq_2.79-1ubuntu0.5.diff.gz

Revision history for this message
Robie Basak (racb) wrote : Please test proposed package

Hello Steve, or anyone else affected,

Accepted dnsmasq into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/dnsmasq/2.79-1ubuntu0.5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in dnsmasq (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-bionic
Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (dnsmasq/2.79-1ubuntu0.5)

All autopkgtests for the newly accepted dnsmasq (2.79-1ubuntu0.5) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

netplan.io/0.99-0ubuntu3~18.04.5 (i386)
ubuntu-fan/0.12.10 (amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#dnsmasq

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Paride Legovini (paride) wrote :

I retriggered those two tests and they passed.

Revision history for this message
Paride Legovini (paride) wrote :

Bionic verification done according to the [Test Plan].

tags: added: verification-done verification-done-bionic
removed: verification-needed verification-needed-bionic
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dnsmasq - 2.79-1ubuntu0.5

---------------
dnsmasq (2.79-1ubuntu0.5) bionic; urgency=medium

  * src/forward.c: add missing EDNS0 section. (LP: #1785383)

 -- Paride Legovini <email address hidden> Fri, 24 Sep 2021 13:05:51 +0200

Changed in dnsmasq (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.