Bug 628180 (glibc-2.25)

Summary:

sys-libs/glibc-2.25-r8 stabilization

Product:

Gentoo Linux

Reporter:

Andreas K. Hüttel <dilfridge>

Component:

Stabilization

Assignee:

Gentoo Toolchain Maintainers <toolchain>

Status:

RESOLVED OBSOLETE

Severity:

normal

CC:

ab4bd, alexander, arthur, bertrand, frederico, hydrapolic, phmagic

Priority:

Normal

Keywords:

STABLEREQ

Version:

unspecified

Flags:

stable-bot: sanity-check+

Hardware:

All

OS:

Linux

Whiteboard:

Package list:

sys-libs/glibc-2.25-r8

Runtime testing required:

Yes

Bug Depends on:

296597, 471020, 593784, 600632, 604408, 609048, 609658, 617200, 623884, 627164, 628100, 629054, 632596, 632604, 633356, 634062, 635850, 636026, 636046

Bug Blocks:

Attachments:

Description	Flags
emerge --info	none

Description Andreas K. Hüttel archtester

2017-08-18 14:44:23 UTC

No talking please.

Please update the bug when a new revision is bumped (update summary to new revision, remove fixed blocking bugs, ...)

Comment 1 Frederico Freire Boaventura 2017-08-24 18:17:27 UTC

Created attachment 490502 [details]
emerge --info

I'm getting this access violation error upon sys-libs/glibc-2.25-r4 emerge.  It was, at first, complaining about sys-libs/timezone-data-2017b, as being a blocker.


>>> Completed installing glibc-2.25-r4 into /var/tmp/portage/sys-libs/glibc-2.25-r4/image/

 * Final size of build directory: 588440 KiB
 * Final size of installed tree: 69820 KiB

 * --------------------------- ACCESS VIOLATION SUMMARY ---------------------------
 * LOG FILE: "/var/log/sandbox/sandbox-32269.log"
 * 

VERSION 1.0
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line

F: open_wr
S: deny
P: /etc/ld.so.cache~
A: /etc/ld.so.cache~
R: /etc/ld.so.cache~
C: /var/tmp/portage/sys-libs/glibc-2.25-r4/work/build-x86-x86_64-pc-linux-gnu-nptl/elf/ldconfig -r /var/tmp/portage/sys-libs/glibc-2.25-r4/image  /lib32 /usr/lib32 

F: open_wr
S: deny
P: /etc/ld.so.cache~
A: /etc/ld.so.cache~
R: /etc/ld.so.cache~
C: /var/tmp/portage/sys-libs/glibc-2.25-r4/work/build-amd64-x86_64-pc-linux-gnu-nptl/elf/ldconfig -r /var/tmp/portage/sys-libs/glibc-2.25-r4/image  /lib64 /usr/lib64 
 * --------------------------------------------------------------------------------

Comment 2 Sergei Trofimovich (RETIRED) gentoo-dev

2017-08-24 20:11:11 UTC

(In reply to Frederico Freire Boaventura from comment #1)
> Created attachment 490502 [details]
> emerge --info
> 
> I'm getting this access violation error upon sys-libs/glibc-2.25-r4 emerge. 
> It was, at first, complaining about sys-libs/timezone-data-2017b, as being a
> blocker.
> 
> 
> >>> Completed installing glibc-2.25-r4 into /var/tmp/portage/sys-libs/glibc-2.25-r4/image/
> 
>  * Final size of build directory: 588440 KiB
>  * Final size of installed tree: 69820 KiB
> 
>  * --------------------------- ACCESS VIOLATION SUMMARY
> ---------------------------
>  * LOG FILE: "/var/log/sandbox/sandbox-32269.log"
>  * 
> 
> VERSION 1.0
> FORMAT: F - Function called
> FORMAT: S - Access Status
> FORMAT: P - Path as passed to function
> FORMAT: A - Absolute Path (not canonical)
> FORMAT: R - Canonical Path
> FORMAT: C - Command Line
> 
> F: open_wr
> S: deny
> P: /etc/ld.so.cache~
> A: /etc/ld.so.cache~
> R: /etc/ld.so.cache~
> C:
> /var/tmp/portage/sys-libs/glibc-2.25-r4/work/build-x86-x86_64-pc-linux-gnu-
> nptl/elf/ldconfig -r /var/tmp/portage/sys-libs/glibc-2.25-r4/image  /lib32
> /usr/lib32 
> 
> F: open_wr
> S: deny
> P: /etc/ld.so.cache~
> A: /etc/ld.so.cache~
> R: /etc/ld.so.cache~
> C:
> /var/tmp/portage/sys-libs/glibc-2.25-r4/work/build-amd64-x86_64-pc-linux-gnu-
> nptl/elf/ldconfig -r /var/tmp/portage/sys-libs/glibc-2.25-r4/image  /lib64
> /usr/lib64 
>  *
> -----------------------------------------------------------------------------
> ---

Please file a separate bug.

Comment 3 jack_mort 2017-08-28 13:55:36 UTC

Hi,
Could you please ad a dependency on bug 628576 ?
Thanks.

Comment 4 Andreas K. Hüttel archtester

2017-08-28 21:38:16 UTC

(In reply to jack_mort from comment #3)
> Hi,
> Could you please ad a dependency on bug 628576 ?
> Thanks.

I think you got the bug number wrong, I see no connection, sorry.

Comment 5 jack_mort 2017-08-29 04:31:40 UTC

(In reply to Andreas K. Hüttel from comment #4)
> (In reply to jack_mort from comment #3)
> > Hi,
> > Could you please ad a dependency on bug 628576 ?
> > Thanks.
> 
> I think you got the bug number wrong, I see no connection, sorry.

Yes sorry, it's bug 628020 !

Comment 6 Frederico Freire Boaventura 2017-09-08 19:06:42 UTC

Separated bug 630414 filed.

Comment 7 Andreas K. Hüttel archtester

2017-09-12 16:31:10 UTC

Turning this into future stable request.

Comment 8 Andreas K. Hüttel archtester

2017-10-05 09:13:16 UTC

New revbump, patchlevel 10, adding only fixes for hppa and arm64

Comment 9 Andreas K. Hüttel archtester

2017-10-05 16:45:58 UTC

Another revbump, sorry about this. Security patch for libcidn.so (CVE-2017-14062, bug 632556).

Comment 10 Andreas K. Hüttel archtester

2017-10-20 10:39:46 UTC

Please test carefully and thoroughly, and stabilize if possible:

sys-libs/glibc-2.25-r7

[This version does NOT have a functional test suite yet, so running the test phase is only of limited help (and will likely fail). That is fixed from 2.26-r2 on upwards, but the fixes required too many changes to be done late in the stabilization / testing cycle.]

So far I have 
* positive feedback from: amd64, arm64, hppa
* negative feedback from: mips (bash segfaults)

Comment 11 Sergei Trofimovich (RETIRED) gentoo-dev

2017-10-21 10:12:25 UTC

White glibc itself works fine on ia64/ppc/ppc64 i'm uncomfortable
stabling it and breaking xorg-server build: bug #634590

Comment 12 Andreas K. Hüttel archtester

2017-10-21 11:59:44 UTC

(In reply to Sergei Trofimovich from comment #11)
> White glibc itself works fine on ia64/ppc/ppc64 i'm uncomfortable
> stabling it and breaking xorg-server build: bug #634590

Yes. Makes sense. So let's wait a bit and use the time for extra testing.
 
In the meantime I'm going to find out what upstream glibc plans are.

Comment 13 Andreas K. Hüttel archtester

2017-10-22 12:30:25 UTC

Please stabilize 

sys-libs/glibc-2.25-r8

instead.

The only difference between -r7 and -r8 is that in -r8 the header <sys/types.h> again includes <sys/sysmacros.h> (which means we don't need to wait for bug 575232).

Comment 14 Eddie Chapman 2017-10-23 13:18:00 UTC

Shouldn't the fix for CVE-2017-15670 (bug 634920) be added before stabilizing, in view of severity of the vulnerability? To avoid having a to do a security bump right after marking stable?

Comment 15 Andreas K. Hüttel archtester

2017-10-23 19:46:57 UTC

(In reply to Eddie Chapman from comment #14)
> Shouldn't the fix for CVE-2017-15670 (bug 634920) be added before
> stabilizing, in view of severity of the vulnerability? To avoid having a to
> do a security bump right after marking stable?

No. Deadline missed. We're already blocking two A3 and one A4 here for much too long. If I add more patches here, given the critical role of glibc, we need another testing period of a 2 weeks min. 

I'll be happy to prepare another revbump as soon as arches have started stabilizing here. However, we need to make the step from 2.23 to 2.25 first.

Comment 16 Sergei Trofimovich (RETIRED) gentoo-dev

2017-10-23 20:24:44 UTC

gcc-5.4.0 can't be built with glibc-2.25-r8 (same as bug #629502)

On ppc it failed as:

.../portage/sys-devel/gcc-5.4.0-r3/work/gcc-5.4.0/libsanitizer/asan/asan_linux.cc: In function 'bool __asan::AsanInterceptsSignal(int)':
.../portage/sys-devel/gcc-5.4.0-r3/work/gcc-5.4.0/libsanitizer/asan/asan_linux.cc:222:20: error: 'SIGSEGV' was not declared in this scope
   return signum == SIGSEGV && common_flags()->handle_segv;
                    ^

Comment 17 Eddie Chapman 2017-10-23 20:59:47 UTC

(In reply to Andreas K. Hüttel from comment #15)
> (In reply to Eddie Chapman from comment #14)
> > Shouldn't the fix for CVE-2017-15670 (bug 634920) be added before
> > stabilizing, in view of severity of the vulnerability? To avoid having a to
> > do a security bump right after marking stable?
> 
> No. Deadline missed. We're already blocking two A3 and one A4 here for much
> too long. If I add more patches here, given the critical role of glibc, we
> need another testing period of a 2 weeks min. 
> 
> I'll be happy to prepare another revbump as soon as arches have started
> stabilizing here. However, we need to make the step from 2.23 to 2.25 first.

Understood, and normally I'd agree. But in this case the upstream patch for CVE-2017-15670 is just:

--- a/posix/glob.c
+++ b/posix/glob.c
@@ -870,7 +870,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
 		  *p = '\0';
 		}
 	      else
-		*((char *) mempcpy (newp, dirname + 1, end_name - dirname))
+		*((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
 		  = '\0';
 	      user_name = newp;

 	    }

Now worries though, was just a suggestion, doesn't affect me either way as I have it in /etc/portage/patches.
Thanks.

Comment 18 Thomas Deutschmann (RETIRED) gentoo-dev

2017-10-23 21:40:32 UTC

x86 stable

Comment 19 Sergei Trofimovich (RETIRED) gentoo-dev

2017-10-24 06:25:19 UTC

ia64 stable

Comment 20 Sergei Trofimovich (RETIRED) gentoo-dev

2017-10-24 21:16:16 UTC

dropped bug #629502 from blockers as stable gcc got one-liner fix of missing header.

ppc/ppc64 stable

Comment 21 Sergei Trofimovich (RETIRED) gentoo-dev

2017-10-25 22:04:25 UTC

hppa stable (thanks to Rolf Eike Beer)

Comment 22 Matt Turner gentoo-dev

2017-10-26 18:51:32 UTC

alpha stable

Comment 23 Sergei Trofimovich (RETIRED) gentoo-dev

2017-10-28 19:59:46 UTC

sparc stable

Comment 24 Manuel Rüger (RETIRED) gentoo-dev

2017-10-29 11:13:56 UTC

amd64 stable

Comment 25 Michael Hofmann 2017-10-30 11:33:10 UTC

Current stable version of net-nds/yp-tools (2.12-r1) can't be installed with glibc-2.25. See #603302 and #635886

Comment 26 Andreas K. Hüttel archtester

2017-11-11 15:56:16 UTC

@ arm: please continue with -r9 in bug 637140