Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 809410 (libxcrypt-stable) - sys-libs/glibc-2.33-r7 stabilization including libxcrypt transition for stable users
Summary: sys-libs/glibc-2.33-r7 stabilization including libxcrypt transition for stabl...
Status: RESOLVED FIXED
Alias: libxcrypt-stable
Product: Gentoo Linux
Classification: Unclassified
Component: Stabilization (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Toolchain Maintainers
URL:
Whiteboard:
Keywords: CC-ARCHES, PullRequest, SECURITY, Tracker
Depends on: 821115 809491 809494 809497 809500 818046 822072
Blocks: CVE-2021-35942 CVE-2021-38604 817815 820524
  Show dependency tree
 
Reported: 2021-08-21 15:16 UTC by Andreas K. Hüttel
Modified: 2022-01-05 05:25 UTC (History)
4 users (show)

See Also:
Package list:
sys-libs/glibc-2.33-r7 sys-libs/libxcrypt-4.4.25-r1 virtual/libcrypt-2
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas K. Hüttel archtester gentoo-dev 2021-08-21 15:16:53 UTC
Tracker that will become stablerequest. No talking please.
Comment 1 NATTkA bot gentoo-dev 2021-09-09 17:32:25 UTC Comment hidden (obsolete)
Comment 2 NATTkA bot gentoo-dev 2021-09-09 17:36:29 UTC Comment hidden (obsolete)
Comment 3 Francisco Blas Izquierdo Riera gentoo-dev 2021-10-23 13:32:19 UTC
Please close #817815 once amd64 has stabilized sys-libs/glibc-2.33-r7
Comment 4 Andreas K. Hüttel archtester gentoo-dev 2021-10-30 21:42:32 UTC
Arches please test and stabilize at or after 1/Nov/21.

The packages *MUST* go stable together; all or none.

glibc test failures should only be reported if they are regressions compared to current stable.
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-10-30 21:58:35 UTC Comment hidden (obsolete)
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-10-31 18:10:29 UTC
arm done
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-10-31 18:10:31 UTC
arm64 done
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-10-31 18:10:32 UTC
amd64 done
Comment 9 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-10-31 18:12:12 UTC
x86 done
Comment 10 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-10-31 18:12:13 UTC
ppc done
Comment 11 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-10-31 18:12:15 UTC
ppc64 done
Comment 12 Larry the Git Cow gentoo-dev 2021-10-31 21:25:12 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=c0fc80bac65a65d04ca4ce503c233d238d43d390

commit c0fc80bac65a65d04ca4ce503c233d238d43d390
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-10-31 21:22:33 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-10-31 21:25:05 +0000

    2021-10-18-libxcrypt-migration-stable: tweak guidance slightly
    
    Bug: https://bugs.gentoo.org/809410
    Bug: https://bugs.gentoo.org/699422
    Signed-off-by: Sam James <sam@gentoo.org>

 .../2021-10-18-libxcrypt-migration-stable.en.txt          | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
Comment 13 Carlos Konstanski 2021-11-01 22:42:46 UTC
The upgrade of glibc and introduction of libxcrypt is not proceeding smoothly. The file /lib64/libcrypt.so.1 still exists in glibc and it is colliding with libxcrypt.

 * Detected file collision(s):
 * 
 *      /usr/include/crypt.h
 *      /lib64/libcrypt.so.1
 * 
 * Searching all installed packages for file collisions...
 * 
 * Press Ctrl-C to Stop
 * 
 * sys-libs/glibc-2.33-r7:2.2::gentoo
 *      /lib64/libcrypt.so.1


I'm on an x86_64 build. Here are the details of both packages:

# emerge -1av glibc libxcrypt

These are the packages that would be merged, in order:

Calculating dependencies  .... done!
[ebuild   R    ] sys-libs/glibc-2.33-r7:2.2::gentoo  USE="multiarch (multilib) ssp (static-libs) -audit -caps (-cet) -compile-locales (-crypt) -custom-cflags -doc -gd -headers-only -multilib-bootstrap -nscd -profile (-selinux) -static-pie -suid -systemd -systemtap -test (-vanilla)" 0 KiB
[ebuild  N     ] sys-libs/libxcrypt-4.4.25:0/1::gentoo  USE="(compat) (split-usr) (system) -static-libs -test" ABI_X86="32 (64) (-x32)" 0 KiB
Comment 14 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-11-02 09:10:18 UTC
(In reply to Carlos Konstanski from comment #13)
> The upgrade of glibc and introduction of libxcrypt is not proceeding
> smoothly. The file /lib64/libcrypt.so.1 still exists in glibc and it is
> colliding with libxcrypt.
> 
>  * Detected file collision(s):
>  * 
>  *      /usr/include/crypt.h
>  *      /lib64/libcrypt.so.1
>  * 
>  * Searching all installed packages for file collisions...
>  * 
>  * Press Ctrl-C to Stop
>  * 
>  * sys-libs/glibc-2.33-r7:2.2::gentoo
>  *      /lib64/libcrypt.so.1
> 
> 
> I'm on an x86_64 build. Here are the details of both packages:
> 
> # emerge -1av glibc libxcrypt
> 
> These are the packages that would be merged, in order:
> 
> Calculating dependencies  .... done!
> [ebuild   R    ] sys-libs/glibc-2.33-r7:2.2::gentoo  USE="multiarch
> (multilib) ssp (static-libs) -audit -caps (-cet) -compile-locales (-crypt)
> -custom-cflags -doc -gd -headers-only -multilib-bootstrap -nscd -profile
> (-selinux) -static-pie -suid -systemd -systemtap -test (-vanilla)" 0 KiB
> [ebuild  N     ] sys-libs/libxcrypt-4.4.25:0/1::gentoo  USE="(compat)
> (split-usr) (system) -static-libs -test" ABI_X86="32 (64) (-x32)" 0 KiB

Please file a new bug for this with the full emerge log and emerge —-info. Interestingly, I’ve heard a few reports of this yesterday, but not many.
Comment 15 Another Mortal 2021-11-03 21:29:46 UTC
I'm experiencing the exact same issue.

Some odd logic also seem to want to pull in glibc with USE=crypt enabled...

---
 * This package will overwrite one or more files that may belong to other                                                           
 * packages (see list below).                                                                                                       
 *                                                                                                                                  
 * Detected file collision(s):                                                                                                      
 *                                                                                                                                  
 *      /usr/include/crypt.h                                                                                                        
 *      /lib64/libcrypt.so.1                                                                                                        
 *                                                                                                                                  
 * Searching all installed packages for file collisions...                                                                          
 *                                                                                                                                  
 * Press Ctrl-C to Stop                                                                                                             
 *                                                                                                                                  
 * sys-libs/glibc-2.33-r7:2.2::gentoo
 *      /lib64/libcrypt.so.1
 * 
 * Package 'sys-libs/libxcrypt-4.4.25' NOT merged due to file collisions.
 * If necessary, refer to your elog messages for the whole content of the
 * above message.
eleven ~ # 
eleven ~ # emerge --skipfirst -qv                                  
 * One or more packages are either masked or have missing dependencies:
 * 
 *   sys-libs/glibc[crypt(+)] pulled in by:
 *     (virtual/libcrypt-1-r1:0/1::gentoo, installed)
 * 
 *   sys-libs/glibc[crypt(+)] pulled in by:
 *     (virtual/libcrypt-1-r1:0/1::gentoo, installed)
 * 
---


Shouldn't virtual/libcrypt be v2???

Aha... emerge wants to merge libxcrypt **before** that,
but since that never succeeds (even when run separately),
it never gets there...

---
eleven ~ # emerge -vaq virtual/libcrypt                                                                                             
[ebuild  N    ] sys-libs/libxcrypt-4.4.25  USE="(compat) (split-usr) (system) -static-libs -test" ABI_X86="32 (64) (-x32)"          
[ebuild  r  U ] virtual/libcrypt-2 [1-r1] USE="-static-libs" ABI_X86="32 (64) (-x32)"                                               
---

Interesting...
Comment 16 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-11-03 21:33:23 UTC
(In reply to Another Mortal from comment #15)
> I'm experiencing the exact same issue.
> 

Please file a _new_ bug with the full logs attached. This one is
getting rather crowded and it isn't for blocker issues anyway.

It's hard to investigate & easy to get lost with this sort of thing.

>  * Detected file collision(s):                                                                                                 
>  * sys-libs/glibc-2.33-r7:2.2::gentoo
>  *      /lib64/libcrypt.so.1

Something like 3 people have mentioned this so far although I have no idea
why it would happen.

> Shouldn't virtual/libcrypt be v2???
> eleven ~ # emerge --skipfirst -qv                                  
>  * One or more packages are either masked or have missing dependencies:

I would expect things to fall over if you're trying to resume, to be fair, yeah.

> Aha... emerge wants to merge libxcrypt **before** that,
> but since that never succeeds (even when run separately),
> it never gets there...
> 

Try FEATURES="-collision-protect -unmerge-orphans -protect-owned" emerge -v1 libxcrypt.
Comment 17 Another Mortal 2021-11-04 19:35:56 UTC
> Try FEATURES="-collision-protect -unmerge-orphans -protect-owned" emerge -v1 libxcrypt.

Thanks!  That's pretty close to what I did. ;^)

---
eleven ~ # mkdir libcrypt.backup
eleven ~ # for i in /usr/include/crypt.h /lib64/libcrypt.so.1 ; do cp -v $i libcrypt.backup/${i//\//,} -v; done
'/usr/include/crypt.h' -> 'libcrypt.backup/,usr,include,crypt.h'
'/lib64/libcrypt.so.1' -> 'libcrypt.backup/,lib64,libcrypt.so.1'
eleven ~ # FEATURES='-collision-protect -protect-owned' emerge -vaq1 libxcrypt
---

I'm happy with this resolution and too lazy to file a new bug report. SORRY!
Comment 18 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-11-06 00:52:33 UTC
hppa done
Comment 19 Larry the Git Cow gentoo-dev 2021-11-06 02:35:36 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f10efb4adc6e0266f0c0b1995c0ff01aa8e9cf28

commit f10efb4adc6e0266f0c0b1995c0ff01aa8e9cf28
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2021-11-05 17:34:01 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-11-06 02:35:11 +0000

    sys-libs/glibc: preserve libcrypt.so.1 as an orphan
    
    This should help users who have FEATURES="-preserve-libs protect-owned".
    
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>
    Bug: https://bugs.gentoo.org/809410
    Closes: https://github.com/gentoo/gentoo/pull/22833
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-libs/glibc/glibc-2.33-r7.ebuild | 5 +++--
 sys-libs/glibc/glibc-2.34.ebuild    | 5 +++--
 sys-libs/glibc/glibc-9999.ebuild    | 5 +++--
 3 files changed, 9 insertions(+), 6 deletions(-)
Comment 20 Larry the Git Cow gentoo-dev 2021-11-11 21:04:22 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3d081cb997d18d200c71e1ff394e17db2f01f38d

commit 3d081cb997d18d200c71e1ff394e17db2f01f38d
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-11-11 21:02:52 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-11-11 21:02:52 +0000

    sys-libs/glibc: drop Python 3.10 from PYTHON_COMPAT to avoid circular deps
    
    Needed for now to try help upgrades and avoid circular dependencies
    with glibc -> python -> libcrypt -> libxcrypt -> glibc -> ...
    
    Bug: https://bugs.gentoo.org/699422
    Bug: https://bugs.gentoo.org/702806
    Bug: https://bugs.gentoo.org/809410
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-libs/glibc/glibc-2.33-r7.ebuild | 5 ++++-
 sys-libs/glibc/glibc-2.34-r1.ebuild | 5 ++++-
 sys-libs/glibc/glibc-9999.ebuild    | 5 ++++-
 3 files changed, 12 insertions(+), 3 deletions(-)
Comment 21 Larry the Git Cow gentoo-dev 2021-11-12 04:58:50 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=1c4eb83b3e4a1f453d16e8a2356ddf61651b5310

commit 1c4eb83b3e4a1f453d16e8a2356ddf61651b5310
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-11-12 04:58:26 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-11-12 04:58:26 +0000

    2021-10-18-libxcrypt-migration-stable: mention being in root shell if possible
    
    Bug: https://bugs.gentoo.org/699422
    Bug: https://bugs.gentoo.org/809410
    Signed-off-by: Sam James <sam@gentoo.org>

 .../2021-10-18-libxcrypt-migration-stable.en.txt                     | 5 +++++
 1 file changed, 5 insertions(+)
Comment 22 NATTkA bot gentoo-dev 2021-11-19 17:44:35 UTC Comment hidden (obsolete)
Comment 23 Larry the Git Cow gentoo-dev 2021-11-22 06:28:26 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b87870785cf14109912ccce809d6e4a9b56c3aa

commit 5b87870785cf14109912ccce809d6e4a9b56c3aa
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-11-22 06:27:51 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-11-22 06:28:18 +0000

    profiles/arch/sparc: unmask older libcrypt virtual for now
    
    virtual/libcrypt:0/2 isn't marked stable yet on sparc.
    
    Bug: https://bugs.gentoo.org/809410
    Signed-off-by: Sam James <sam@gentoo.org>

 profiles/arch/sparc/package.mask | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01fd1ed53bffbcb11aa1734eb0ca42d3597318f5

commit 01fd1ed53bffbcb11aa1734eb0ca42d3597318f5
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-11-22 06:08:11 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-11-22 06:28:17 +0000

    profiles: mask (older) virtual/libcrypt:0/1 for glibc to ease upgrades
    
    Mask the older virtual/libcrypt subslot (which permits glibc[crypt] instead
    of libxcrypt) to ease upgrades.
    
    Not yet doing this for musl (need to figure that out still) or uclibc (which
    is going away, see news).
    
    Was on the fence about doing this given it makes it slightly more
    awkward to put off the upgrade if desired, but that's really discouraged
    at this point, and I think it's worth it to make upgrades easier
    for more people.
    
    This helps Portage realise it can/should upgrade to virtual/libcrypt:0/2
    rather than giving very confusing blocker errors (which it often, but not
    always, gets past).
    
    Final push to do this was a forum post: https://forums.gentoo.org/viewtopic-t-1145602.html
    
    Bug: https://bugs.gentoo.org/699422
    Bug: https://bugs.gentoo.org/809410
    Signed-off-by: Sam James <sam@gentoo.org>

 profiles/base/package.mask            | 9 +++++++++
 profiles/features/musl/package.mask   | 1 +
 profiles/features/uclibc/package.mask | 1 +
 3 files changed, 11 insertions(+)
Comment 24 Larry the Git Cow gentoo-dev 2021-11-22 06:29:36 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=8f2ad6dd0515374e473b79d6f6cbc32ac8050680

commit 8f2ad6dd0515374e473b79d6f6cbc32ac8050680
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-11-22 06:14:07 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-11-22 06:14:07 +0000

    2021-10-18-libxcrypt-migration-stable: mention unmasking libcrypt:0/1 for delay
    
    If users want to delay the upgrade (please don't do this though), they
    will (shortly) need to unmask virtual/libcrypt:0/1 too.
    
    Bug: https://bugs.gentoo.org/699422
    Bug: https://bugs.gentoo.org/809410
    Signed-off-by: Sam James <sam@gentoo.org>

 .../2021-10-18-libxcrypt-migration-stable.en.txt                         | 1 +
 1 file changed, 1 insertion(+)
Comment 25 Larry the Git Cow gentoo-dev 2021-11-25 00:49:56 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=4cd7ab13760667cc70b151cfb592ef9868dcba70

commit 4cd7ab13760667cc70b151cfb592ef9868dcba70
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-11-25 00:49:07 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-11-25 00:49:07 +0000

    2021-07-23-libxcrypt-migration: delete older version of libxcrypt news item
    
    We've updated the "in stable" one (the newer news item) a few times so having
    this one around is confusing.
    
    Bug: https://bugs.gentoo.org/809410
    Bug: https://bugs.gentoo.org/699422
    Signed-off-by: Sam James <sam@gentoo.org>

 .../2021-07-23-libxcrypt-migration.en.txt          | 65 ---------------------
 .../2021-07-23-libxcrypt-migration.ru.txt          | 67 ----------------------
 2 files changed, 132 deletions(-)
Comment 26 Larry the Git Cow gentoo-dev 2021-12-16 06:25:50 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=b76a1d4a5fa5a0e2a81d93c086d3077da82de89b

commit b76a1d4a5fa5a0e2a81d93c086d3077da82de89b
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-12-16 06:25:26 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-12-16 06:25:26 +0000

    2021-10-18-libxcrypt-migration-stable: improve readability a bit
    
    Bug: https://bugs.gentoo.org/699422
    Bug: https://bugs.gentoo.org/809410
    Signed-off-by: Sam James <sam@gentoo.org>

 .../2021-10-18-libxcrypt-migration-stable.en.txt   | 31 +++++++++++++++++-----
 1 file changed, 24 insertions(+), 7 deletions(-)
Comment 27 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-01-05 05:24:32 UTC
sparc done

all arches done
Comment 28 Larry the Git Cow gentoo-dev 2022-01-05 05:25:36 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=663003cc58d8839284bfbced89e8432aadf9ed25

commit 663003cc58d8839284bfbced89e8432aadf9ed25
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-01-05 05:25:15 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-01-05 05:25:15 +0000

    profiles/arch/sparc: unmask libcrypt:0/1 (libxcrypt)
    
    Bug: https://bugs.gentoo.org/809410
    Signed-off-by: Sam James <sam@gentoo.org>

 profiles/arch/sparc/package.mask | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)