Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 438692 - sys-auth/nss_ldap-265-r2 stable request - WAS: sys-auth/nss_ldap-265-r1 with sys-libs/glibc-2.16.0 - /bin/login: symbol lookup error: /lib64/ undefined symbol: __libc_lock_lock
Summary: sys-auth/nss_ldap-265-r2 stable request - WAS: sys-auth/nss_ldap-265-r1 with ...
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Keywording and Stabilization (show other bugs)
Hardware: All Linux
: Normal normal with 2 votes (vote)
Assignee: Gentoo LDAP project
Depends on:
Blocks: glibc-2.16 467256
  Show dependency tree
Reported: 2012-10-17 10:00 UTC by Dennis Schridde
Modified: 2014-06-18 13:07 UTC (History)
7 users (show)

See Also:
Package list:
Runtime testing required: ---

nss_ldap-265-glibc-2.16.patch (nss_ldap-265-glibc-2.16.patch,4.79 KB, patch)
2012-10-17 13:22 UTC, Dennis Schridde
Details | Diff
nss_ldap.patch (nss_ldap.patch,31.44 KB, patch)
2013-06-18 04:45 UTC, Benda Xu
Details | Diff
nss_ldap.patch (nss_ldap.patch,23.85 KB, patch)
2013-06-18 04:52 UTC, Benda Xu
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Dennis Schridde 2012-10-17 10:00:08 UTC
It appears that functions __libc_lock_lock and similar were removed in
glibc-2.16. I cannot find them anywhere in the glibc headers, which causes
implicit-declaration and hence runtime linking problems:

ldap-nss.c:586:3: warning: implicit declaration of function '__libc_lock_lock'
ldap-nss.c:632:3: warning: implicit declaration of function
'__libc_lock_unlock' [-Wimplicit-function-declaration]
ldap-nss.c:1254:3: warning: implicit declaration of function '__libc_once'
util.c:97:3: warning: implicit declaration of function '__libc_lock_lock'
util.c:104:4: warning: implicit declaration of function '__libc_lock_unlock'

/bin/login: symbol lookup error: /lib64/ undefined symbol:

Reproducible: Always

Portage 2.2.0_alpha138 (!../../var/cache/portage/gentoo/profiles/default/linux/powerpc/ppc64/10.0/64bit-userland, gcc-4.6.3, glibc-2.16.0, 2.6.18-308.16.1.el5 x86_64)
System uname: Linux-2.6.18-308.16.1.el5-x86_64-Quad-Core_AMD_Opteron-tm-_Processor_2352-with-gentoo-2.1
Timestamp of tree: Tue, 16 Oct 2012 21:45:01 +0000
distcc 3.1 x86_64-pc-linux-gnu [disabled]
app-shells/bash:          4.2_p37
dev-lang/python:          2.7.3-r2, 3.2.3::ambro-cross
sys-apps/baselayout:      2.1-r1
sys-apps/sandbox:         2.5
sys-devel/autoconf:       2.68
sys-devel/automake:       1.11.6
sys-devel/binutils:       2.22-r1
sys-devel/gcc:            4.7.2
sys-devel/gcc-config:     1.7.3
sys-devel/libtool:        2.4-r1
sys-devel/make:           3.82-r3
sys-kernel/linux-headers: 3.4-r2 (virtual/os-headers)
sys-libs/glibc:           2.15-r2
Repositories: gentoo ambro-cross local sunrise
CFLAGS="-pipe -O2 -mcpu=cell -mabi=altivec"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-pipe -O2 -mcpu=cell -mabi=altivec"
EMERGE_DEFAULT_OPTS="--usepkg --binpkg-respect-use --keep-going"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs buildpkg config-protect-if-modified distlocks ebuild-locks fixlafiles news parallel-fetch parallel-install preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-$
FFLAGS="-O2 -pipe"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTDIR_OVERLAY="/var/lib/layman/ambro-cross /var/cache/portage/local /var/cache/portage/overlays/sunrise"
Comment 1 Dennis Schridde 2012-10-17 13:22:31 UTC
Created attachment 326768 [details, diff]

Attached patch fixes the issue for me and was submitted upstream [1].

Comment 2 Dennis Schridde 2012-10-17 13:53:05 UTC
I also submitted an additional patch for better pthread detection in another upstream bug:
Comment 3 Sean McGovern 2012-11-04 17:05:24 UTC
Please consider this important, systems using nss_ldap that are upgraded to glibc 2.16 become unbootable without disabling ldap in nsswitch.conf
Comment 4 Sean McGovern 2012-11-30 18:40:01 UTC
Comment 5 Ilya Sretensky 2012-11-30 20:47:52 UTC
I have the same issue!
Comment 6 Dan Goodliffe 2012-12-15 14:06:44 UTC
Same here. I've applied the patch from comment #1 and on the face of it, all seems well again.
Comment 7 Olaf Lessenich 2013-01-23 15:07:31 UTC
Issue still present. The patch from comment #1 works for me as well.

If you don't want to include the provided patch for some reason, maybe you can make nss_ldap at least use epatch_user, so custom patching is easier?
Comment 8 Ilya Sretensky 2013-01-23 17:48:33 UTC
How to restore the system image when it is already broken by this bug?
Comment 9 Sean McGovern 2013-01-23 18:05:21 UTC
Here's what I had to do:

1. boot with the livecd, and mount / somewhere (I just used /mnt)
2. back up /mnt/etc/nsswitch.conf
3. edit /mnt/etc/nsswitch.conf, remove 'ldap' from each of the active entries
4. sync && umount /mnt && reboot
5. assuming it boots safely, log in as root or a local user who can elevate to root priviledges (you won't be able to contact the LDAP server for this!)
6. copy <portage>/sys-auth/nss_ldap/nss_ldap-265-r1.ebuild to nss_ldap-265-r2.ebuild, and open the file in your text editor of choice
7. add a call to epatch_user in the src_prepare section, towards the end, right before the sed statement
8. copy the patch above to /etc/portage/patches/sys-auth/nss_ldap-265-r2
9. re-emerge sys-auth/nss_ldap, verifying that it picks the -r2 version
10. restore your backup of nsswitch.conf
11. reboot, and you should be OK.
Comment 10 Blu3 2013-04-02 18:28:43 UTC
while this fix appears to work for most things, in some instances nss_ldap is now crashing.  here's a TB from thunderbird.

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6e6aeb8 in strtok_r () from /lib64/
(gdb) bt
#0  0x00007ffff6e6aeb8 in strtok_r () from /lib64/
#1  0x00007ffff68d2eae in ldap_str2charray () from /usr/lib64/thunderbird/
#2  0x00007fffdedb2d05 in ?? () from /usr/lib64/
#3  0x00007fffdedb4478 in ldap_int_initialize_global_options () from /usr/lib64/
#4  0x00007fffdedb45da in ldap_int_initialize () from /usr/lib64/
#5  0x00007fffded9a52a in ldap_create () from /usr/lib64/
#6  0x00007fffded9aa21 in ldap_initialize () from /usr/lib64/
#7  0x00007fffdefd9cee in ?? () from /lib64/
#8  0x00007fffdefdb134 in ?? () from /lib64/
#9  0x00007fffdefdc767 in ?? () from /lib64/
#10 0x00007fffdefdce27 in _nss_ldap_getpwnam_r () from /lib64/
#11 0x00007ffff6e9ddc5 in getpwnam_r () from /lib64/
#12 0x00007fffefa01c5e in ?? () from /usr/lib64/
#13 0x00007fffefa026fd in g_get_user_name () from /usr/lib64/
#14 0x00007fffe438e6ed in ?? () from /usr/lib64/
#15 0x00007fffefce403f in g_type_create_instance () from /usr/lib64/
#16 0x00007fffefcc8778 in ?? () from /usr/lib64/
#17 0x00007fffefcca219 in g_object_newv () from /usr/lib64/
#18 0x00007fffefcca88c in g_object_new () from /usr/lib64/
#19 0x00007fffe4390232 in gnome_client_new_without_connection () from /usr/lib64/
#20 0x00007fffe4390eb0 in ?? () from /usr/lib64/
#21 0x00007fffe3ca86ce in gnome_program_preinit () from /usr/lib64/
#22 0x00007fffe3ca934a in ?? () from /usr/lib64/
#23 0x00007fffe3ca958d in gnome_program_initv () from /usr/lib64/
#24 0x00007fffe3ca966b in gnome_program_init () from /usr/lib64/
#25 0x00007ffff3836734 in ?? () from /usr/lib64/thunderbird/
#26 0x00007ffff382f82f in ?? () from /usr/lib64/thunderbird/
#27 0x00007ffff3831709 in ?? () from /usr/lib64/thunderbird/
#28 0x00007ffff383195d in XRE_main () from /usr/lib64/thunderbird/
#29 0x0000000000402d10 in _start ()

i'll do some more debugging tonight
Comment 11 Dan Goodliffe 2013-04-02 18:46:25 UTC
I think that might be the same as bug #463658.
Comment 12 Benda Xu gentoo-dev 2013-06-18 02:49:35 UTC
I've had the same problem on glibc-2.17. Apologies for the maintainer being away for a while. We are going to take this patch.
Comment 13 Benda Xu gentoo-dev 2013-06-18 04:45:35 UTC
Created attachment 351284 [details, diff]

patch for

1. and
2. EAPI bump to 5 and installdir hack for Prefix

Please review.
Comment 14 Benda Xu gentoo-dev 2013-06-18 04:52:28 UTC
Created attachment 351286 [details, diff]

stripped Manifest diff
Comment 15 Benda Xu gentoo-dev 2013-06-18 05:33:47 UTC
Just committed. Feel free to reopen this bug when necessary.

  18 Jun 2013; Benda Xu <>
  +files/nss_ldap-265-installdir.patch, +files/nss_ldap-265-pthread.patch,
  fix __libc_lock_lock  symbol against >=glibc-2.16 (bug 438692, thanks to
  Dennis Schridde). bump to EAPI 5 and add Prefix support.
Comment 16 Chan Min Wai 2013-12-11 16:57:29 UTC
This also fix a ldap access segment fault on nsswitch.conf when mit-krb5 replace with heimdal.

nss_ldap-265-r2 fixed it.

When can we see it unmask?
Comment 17 Benda Xu gentoo-dev 2013-12-12 02:15:54 UTC
(In reply to Chan Min Wai from comment #16)
> This also fix a ldap access segment fault on nsswitch.conf when mit-krb5
> replace with heimdal.
> nss_ldap-265-r2 fixed it.
> When can we see it unmask?

Not sure what you means by unmask. Do you mean stablize it?
Comment 18 Patrick Lauer gentoo-dev 2014-01-07 04:01:08 UTC
This seriously breaks all stable users using LDAP and is very not funny.

Please stabilize sys-auth/nss_ldap-265-r2 on all involved arches.
Comment 19 Nico Baggus 2014-01-07 14:56:41 UTC
This patch STILL shows
ldap-nss.c:1923:4: warning implicit declaration of function 'gss_krb5_ccache_name' [-Wimplicit-function-declaration]

so there are still missing bits. (mit-krb5 is used)
Comment 20 Jeroen Roovers (RETIRED) gentoo-dev 2014-01-07 22:45:56 UTC
Stable for HPPA.
Comment 21 Patrick Lauer gentoo-dev 2014-01-08 05:54:30 UTC
(In reply to Nico Baggus from comment #19)
> This patch STILL shows
> ldap-nss.c:1923:4: warning implicit declaration of function
> 'gss_krb5_ccache_name' [-Wimplicit-function-declaration]
> so there are still missing bits. (mit-krb5 is used)

That sounds like an independent bug, maybe open a new bugreport for it.
Comment 22 Nico Baggus 2014-01-08 17:47:12 UTC
That might depend on point of view.

if the error is about:
nss_ldap giving errors about undeclared functions NO

if the error is about:
nss_ldap failing because of changes in glibc then YES.

In both cases nss_ldap will fail.
nss_ldap is often used together with kerberos so YMMV.
Comment 23 Patrick Lauer gentoo-dev 2014-01-09 02:58:31 UTC
Stable for amd64 and x86
Comment 24 Agostino Sarubbo gentoo-dev 2014-01-15 10:24:11 UTC
ia64 stable
Comment 25 Agostino Sarubbo gentoo-dev 2014-01-19 10:36:04 UTC
ppc64 stable
Comment 26 Agostino Sarubbo gentoo-dev 2014-01-20 15:45:51 UTC
ppc stable
Comment 27 Agostino Sarubbo gentoo-dev 2014-01-26 12:06:46 UTC
sparc stable
Comment 28 Tobias Klausmann (RETIRED) gentoo-dev 2014-06-18 13:07:01 UTC
Stable on alpha. Closing.