Ubuntu
fglrx-installer package

Bug #642518
Comment #84

Comment 84 for bug 642518

Revision history for this message

QIII (qiii) wrote on 2010-09-23:

#84

Fortunately, I keep my ear to the ground and was aware of this problem before I updated. I would have been able to dig myself out of it, but it would certainly have raised by blood pressure.

Since the fix was made available in -updates, this worked for me:

Completely uninstall Catalyst 10.9.

Reinstall Catalyst 10.4 from the repo.

Perform updates.

Restart.

I am not going to move forward with installing the later Catalyst versions at this point.

But I must say something, and I hope the developers and MOTUs will take this as constructive criticism. I understand that you all work very hard, and I appreciate that. I admire you.

Lucid is an LTS. People expect it to be stable. They do not expect that some strange-sounding thing like compat_alloc_user_space, which they don't know from a hole in the ground, should change suddenly, causing them to have difficulty with their video driver. Understandably, this is difficult with driver versions later than the ones in the repos, but changes should work at least with what is in the repos. The driver affected, per the original bug report, is the one that is in the Lucid repo. CVE-2010-3081 is a critical bug fix that plugs a hole that can allow a nefarious outside user to root an exploited machine. The likelihood that someone's personal machine would be attacked is small, but it is real. This whole thing would have gone right past a headless server without notice.

A critical update to the kernel was needed and provided. Unwitting users, perhaps with little tech know-how, diligently updated their machines and broke their ATI drivers because there was a change in other files that kept the driver from being compiled against the kernel correctly. They were left with machines that would not operate as expected. They were first offered a patch, which many might not have understood how to apply. Finally some 24 - 36 hours later, they were given an update that works with the driver in the repo. Their ability to use it depends somewhat on whether they are able to get themselves out of whatever mire they may have gotten themselves into in the meantime.

Sorry, guys, but this smells very strongly of failure coordinate effort and conduct appropriate testing.

I've been doing the computer gig for 35 years. This is just not the sort of thing I find acceptable.

Fortunately, I keep my ear to the ground and was aware of this problem before I updated.  I would have been able to dig myself out of it, but it would certainly have raised by blood pressure.

Since the fix was made available in -updates, this worked for me:

Completely uninstall Catalyst 10.9.

Reinstall Catalyst 10.4 from the repo.

Perform updates.

Restart.

I am not going to move forward with installing the later Catalyst versions at this point.

But I must say something, and I hope the developers and MOTUs will take this as constructive criticism.  I understand that you all work very hard, and I appreciate that.  I admire you.

Lucid is an LTS.  People expect it to be stable.  They do not expect that some strange-sounding thing like compat_alloc_user_space, which they don't know from a hole in the ground, should change suddenly, causing them to have difficulty with their video driver.  Understandably, this is difficult with driver versions later than the ones in the repos, but changes should work at least with what is in the repos.  The driver affected, per the original bug report, is the one that is in the Lucid repo.  CVE-2010-3081 is a critical bug fix that plugs a hole that can allow a nefarious outside user to root an exploited machine.  The likelihood that someone's personal machine would be attacked is small, but it is real.  This whole thing would have gone right past a headless server without notice.

A critical update to the kernel was needed and provided.  Unwitting users, perhaps with little tech know-how, diligently updated their machines and broke their ATI drivers because there was a change in other files that kept the driver from being compiled against the kernel correctly.  They were left with machines that would not operate as expected. They were first offered a patch, which many might not have understood how to apply. Finally some 24 - 36 hours later, they were given an update that works with the driver in the repo.  Their ability to use it depends somewhat on whether they are able to get themselves out of whatever mire they may have gotten themselves into in the meantime.

Sorry, guys, but this smells very strongly of failure coordinate effort and conduct appropriate testing.

I've been doing the computer gig for 35 years.  This is just not the sort of thing I find acceptable.

Ubuntufglrx-installer package

Comment 84 for bug 642518

Ubuntu
fglrx-installer package