date:20120607

[bts-link] source package eglibc

2012-06-07 Thread bts-link-upstream

#
# bts-link upstream status pull for source package eglibc
# see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html
#

user bts-link-upstr...@lists.alioth.debian.org

# remote status report for #674412 (http://bugs.debian.org/674412)
# Bug title: tcc: undefined symbol '__builtin_expect' on pthread_cleanup_push() 
call
#  * http://sourceware.org/bugzilla/show_bug.cgi?id=14188
#  * remote status changed: (?) - RESOLVED
#  * remote resolution changed: (?) - FIXED
usertags 674412 + status-RESOLVED resolution-FIXED

thanks


--
To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20120607163927.19971.88911.btsl...@busoni.debian.org

Bug#555168: Unclear license situation for (e)glibc locales provided by you

2012-06-07 Thread Helge Kreutzmann

Hello,
you are listed as contact person/author of the following locale(s):

en_BW en_ZW

These locales come with a statement

% Distribution and use is free, also
% for commercial purposes.

Thus they do not allow modification; it is unclear, however, if this
statement was meant as a license.

As discussed in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555168 these
locales could strictly speaking not be part of Debian which would be a
great loss. (Currently they are allowed pending investigation).

To properly resolve this, I would like to ask you the following
question:

Would you be willing to relicense these locale(s) to a proper license,
e.g.  (L)GPL v2 or higher or another free software license of your choice?

If you have any questions regarding this issue, do not hesitate to
contact me (via the reply-to address set).

Thanks for helping to resolve this!

Helge

-- 
  Dr. Helge Kreutzmann deb...@helgefjell.de
   Dipl.-Phys.   http://www.helgefjell.de/debian.php
64bit GNU powered gpg signed mail preferred
   Help keep free software libre: http://www.ffii.de/


signature.asc
Description: Digital signature

Bug#637239: marked as done (libc6: Broken thread local storage (TLS) initialization)

2012-06-07 Thread Debian Bug Tracking System

Your message dated Thu, 07 Jun 2012 21:47:17 +
with message-id e1scky1-000787...@franck.debian.org
and subject line Bug#637239: fixed in eglibc 2.11.3-4
has caused the Debian Bug report #637239,
regarding libc6: Broken thread local storage (TLS) initialization
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
637239: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637239
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: libc6
Version: 2.13-7
Severity: important
Tags: upstream

There is a bug with TLS in libc6, beginning with 2.12.

See libc6 Bug 12453 - Broken thread local storage (TLS) initialization
http://sourceware.org/bugzilla/show_bug.cgi?id=12453

There is a test script demonstrating the segfault:
http://sourceware.org/bugzilla/attachment.cgi?id=5218

It also affects Debian Bug 622591 (SEGV with libuuid and imagemagick).

See also:
https://bugs.gentoo.org/353224
https://github.com/cschwan/sage-on-gentoo/issues/40

-- System Information:
Debian Release: wheezy/sid
  APT prefers oldstable
  APT policy: (500, 'oldstable'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.38-2-686-bigmem (SMP w/2 CPU cores)
Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) (ignored: 
LC_ALL set to ru_RU.KOI8-R)
Shell: /bin/sh linked to /bin/bash

Versions of packages libc6 depends on:
ii  libc-bin  2.13-7 Embedded GNU C Library: Binaries
ii  libgcc1   1:4.6.0-11 GCC support library

Versions of packages libc6 recommends:
ii  libc6-i6862.13-7 Embedded GNU C Library: Shared lib

Versions of packages libc6 suggests:
ii  debconf [debconf-2.0] 1.5.40 Debian configuration management sy
ii  glibc-doc 2.13-7 Embedded GNU C Library: Documentat
ii  locales   2.13-7 Embedded GNU C Library: National L

-- debconf-show failed

-- 
With best regards,
  Vitaliy Filippov---End Message---
---BeginMessage---
Source: eglibc
Source-Version: 2.11.3-4

We believe that the bug you reported is fixed in the latest version of
eglibc, which is due to be installed in the Debian FTP archive:

eglibc-source_2.11.3-4_all.deb
  to main/e/eglibc/eglibc-source_2.11.3-4_all.deb
eglibc_2.11.3-4.diff.gz
  to main/e/eglibc/eglibc_2.11.3-4.diff.gz
eglibc_2.11.3-4.dsc
  to main/e/eglibc/eglibc_2.11.3-4.dsc
glibc-doc_2.11.3-4_all.deb
  to main/e/eglibc/glibc-doc_2.11.3-4_all.deb
libc-bin_2.11.3-4_amd64.deb
  to main/e/eglibc/libc-bin_2.11.3-4_amd64.deb
libc-dev-bin_2.11.3-4_amd64.deb
  to main/e/eglibc/libc-dev-bin_2.11.3-4_amd64.deb
libc6-dbg_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-dbg_2.11.3-4_amd64.deb
libc6-dev-i386_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-dev-i386_2.11.3-4_amd64.deb
libc6-dev_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-dev_2.11.3-4_amd64.deb
libc6-i386_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-i386_2.11.3-4_amd64.deb
libc6-pic_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-pic_2.11.3-4_amd64.deb
libc6-prof_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-prof_2.11.3-4_amd64.deb
libc6-udeb_2.11.3-4_amd64.udeb
  to main/e/eglibc/libc6-udeb_2.11.3-4_amd64.udeb
libc6_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6_2.11.3-4_amd64.deb
libnss-dns-udeb_2.11.3-4_amd64.udeb
  to main/e/eglibc/libnss-dns-udeb_2.11.3-4_amd64.udeb
libnss-files-udeb_2.11.3-4_amd64.udeb
  to main/e/eglibc/libnss-files-udeb_2.11.3-4_amd64.udeb
locales-all_2.11.3-4_amd64.deb
  to main/e/eglibc/locales-all_2.11.3-4_amd64.deb
locales_2.11.3-4_all.deb
  to main/e/eglibc/locales_2.11.3-4_all.deb
nscd_2.11.3-4_amd64.deb
  to main/e/eglibc/nscd_2.11.3-4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 637...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno aure...@debian.org (supplier of updated eglibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Wed, 06 Jun 2012 18:03:02 +0200
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd 
libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev 
libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev

Bug#647896: marked as done (regression (?): libc6: Broken thread local storage (TLS) initialization)

2012-06-07 Thread Debian Bug Tracking System

Your message dated Thu, 07 Jun 2012 21:47:17 +
with message-id e1scky1-000787...@franck.debian.org
and subject line Bug#637239: fixed in eglibc 2.11.3-4
has caused the Debian Bug report #637239,
regarding regression (?): libc6: Broken thread local storage (TLS) 
initialization
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
637239: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637239
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: libc6
Version: 2.11.2-10
Severity: serious
Justification: Policy 10.2


Regarding the bug on this page: 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637239

It clearly states: There is a bug with TLS in libc6, beginning with 2.12.

However, I seem to be having similar problems on Debian stable with 2.11:

# dpkg --list | grep libc6
ii  libc6  2.11.2-10
Embedded GNU C Library: Shared libraries
ii  libc6-dev  2.11.2-10
Embedded GNU C Library: Development Libraries and Header Files
ii  libc6-i686 2.11.2-10
Embedded GNU C Library: Shared libraries [i686 optimized]
ii  libc6-xen  2.11.2-10
Embedded GNU C Library: Shared libraries [Xen version]

Running my website:

# thin -R config-test.ru -p 4000 start
WARNING: Nokogiri was built against LibXML version 2.7.7, but has 
dynamically loaded 2.7.8
I, [2011-11-07T23:59:37.933309 #31293]  INFO -- : ** 
Utopia::Middleware::Content: Running in /srv/www/www.oriontransfer.co.nz/pages
I, [2011-11-07T23:59:37.934007 #31293]  INFO -- : ** 
Utopia::Middleware::Static: Running in /srv/www/www.oriontransfer.co.nz/pages 
with 65 filetypes
I, [2011-11-07T23:59:37.934237 #31293]  INFO -- : ** 
Utopia::Middleware::Controller: Running in 
/srv/www/www.oriontransfer.co.nz/pages
I, [2011-11-07T23:59:37.935003 #31293]  INFO -- : ** 
Utopia::Middleware::Redirector: Running with 31 rules
I, [2011-11-07T23:59:37.935236 #31293]  INFO -- : Updating index in 
background...

/usr/lib/ruby/gems/1.8/gems/xapian-rack-1.2.3.3/lib/xapian/rack/search.rb:139: 
[BUG] Segmentation fault
ruby 1.8.7 (2010-08-16 patchlevel 302) [i486-linux]

Aborted

In GDB:

# gdb env   
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type show 
copying
and show warranty for details.
This GDB was configured as i486-linux-gnu.
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/...
Reading symbols from /usr/bin/env...(no debugging symbols found)...done.
(gdb) run thin -R config-test.ru -p 4000 start
Starting program: /usr/bin/env thin -R config-test.ru -p 4000 start
Executing new program: /usr/bin/ruby1.8
[Thread debugging using libthread_db enabled]
WARNING: Nokogiri was built against LibXML version 2.7.7, but has 
dynamically loaded 2.7.8
I, [2011-11-08T00:00:16.576598 #31311]  INFO -- : ** 
Utopia::Middleware::Content: Running in /srv/www/www.oriontransfer.co.nz/pages
I, [2011-11-08T00:00:16.577361 #31311]  INFO -- : ** 
Utopia::Middleware::Static: Running in /srv/www/www.oriontransfer.co.nz/pages 
with 65 filetypes
I, [2011-11-08T00:00:16.577603 #31311]  INFO -- : ** 
Utopia::Middleware::Controller: Running in 
/srv/www/www.oriontransfer.co.nz/pages
I, [2011-11-08T00:00:16.582338 #31311]  INFO -- : ** 
Utopia::Middleware::Redirector: Running with 31 rules
[New Thread 0xb648bb70 (LWP 31314)]
I, [2011-11-08T00:00:16.583160 #31311]  INFO -- : Updating index in 
background...

Program received signal SIGSEGV, Segmentation fault.
0xb6ade301 in ?? () from /lib/libuuid.so.1
(gdb) bt
#0  0xb6ade301 in ?? () from /lib/libuuid.so.1
#1  0xb6adf22f in uuid_generate () from /lib/libuuid.so.1
#2  0xb6783cb2 in ChertVersion::create (this=0x83f35a4) at 
backends/chert/chert_version.cc:73
... snip ...

After a bit of research, I found that this error is tied back to some issues in 
libc6, as per the above bug report. I also found on the Gentoo mailing list 
that the bug has

Bug#668891: marked as done (Static TLS (thread local storage) generates SIGSEGV in libc6 (GNU C-Library))

2012-06-07 Thread Debian Bug Tracking System

Your message dated Thu, 07 Jun 2012 21:47:17 +
with message-id e1scky1-000787...@franck.debian.org
and subject line Bug#637239: fixed in eglibc 2.11.3-4
has caused the Debian Bug report #637239,
regarding Static TLS (thread local storage) generates SIGSEGV in libc6 (GNU 
C-Library)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
637239: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637239
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: libc6
Version: 2.11.3-2
Severity: important
Tags: squeeze

The eglibc source (eglibc_2.11.3-2.diff.gz eglibc_2.11.3-2.dsc
eglibc_2.11.3.orig.tar.gz)  of the libc6*.deb packages contains a
patch which fixes a well known bug of older releases of the GNUC-Library
resulting in SIGSEGV on software which makes use of static tls. The can
be found in .../debian/patches/any/cvs-dlopen-tls.diff.
For some reasons the patch has not been pushed onto the quilt stack. So
when building the libc6*.deb packages from source the patch is left
out rendering any software which make use of statis tls (e.g. qt-4.8.x)
useless (generating SIGSEGV).
When rebuilding the libc6*.deb packages with the mentioned patch
included all seems to be o.k. so far. Now I'm wondering if the patch has
been omitted by intention or if the omission is simply a bug, and I'm
wondering if the patch could be included officially?



-- System Information:
Debian Release: 6.0.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libc6 depends on:
ii  libc-bin  2.11.3-3   Embedded GNU C Library:
Binaries
ii  libgcc1   1:4.4.5-8  GCC support library

Versions of packages libc6 recommends:
ii  libc6-i6862.11.3-3   Embedded GNU C Library:
Shared lib

Versions of packages libc6 suggests:
ii  debconf [debconf-2.0] 1.5.36.1   Debian configuration
management sy
ii  glibc-doc 2.11.3-3   Embedded GNU C Library:
Documentat
ii  locales   2.11.3-3   Embedded GNU C Library:
National L

-- debconf information:
  glibc/upgrade: true
  glibc/restart-services:
  glibc/disable-screensaver:
  glibc/restart-failed:



---End Message---
---BeginMessage---
Source: eglibc
Source-Version: 2.11.3-4

We believe that the bug you reported is fixed in the latest version of
eglibc, which is due to be installed in the Debian FTP archive:

eglibc-source_2.11.3-4_all.deb
  to main/e/eglibc/eglibc-source_2.11.3-4_all.deb
eglibc_2.11.3-4.diff.gz
  to main/e/eglibc/eglibc_2.11.3-4.diff.gz
eglibc_2.11.3-4.dsc
  to main/e/eglibc/eglibc_2.11.3-4.dsc
glibc-doc_2.11.3-4_all.deb
  to main/e/eglibc/glibc-doc_2.11.3-4_all.deb
libc-bin_2.11.3-4_amd64.deb
  to main/e/eglibc/libc-bin_2.11.3-4_amd64.deb
libc-dev-bin_2.11.3-4_amd64.deb
  to main/e/eglibc/libc-dev-bin_2.11.3-4_amd64.deb
libc6-dbg_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-dbg_2.11.3-4_amd64.deb
libc6-dev-i386_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-dev-i386_2.11.3-4_amd64.deb
libc6-dev_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-dev_2.11.3-4_amd64.deb
libc6-i386_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-i386_2.11.3-4_amd64.deb
libc6-pic_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-pic_2.11.3-4_amd64.deb
libc6-prof_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-prof_2.11.3-4_amd64.deb
libc6-udeb_2.11.3-4_amd64.udeb
  to main/e/eglibc/libc6-udeb_2.11.3-4_amd64.udeb
libc6_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6_2.11.3-4_amd64.deb
libnss-dns-udeb_2.11.3-4_amd64.udeb
  to main/e/eglibc/libnss-dns-udeb_2.11.3-4_amd64.udeb
libnss-files-udeb_2.11.3-4_amd64.udeb
  to main/e/eglibc/libnss-files-udeb_2.11.3-4_amd64.udeb
locales-all_2.11.3-4_amd64.deb
  to main/e/eglibc/locales-all_2.11.3-4_amd64.deb
locales_2.11.3-4_all.deb
  to main/e/eglibc/locales_2.11.3-4_all.deb
nscd_2.11.3-4_amd64.deb
  to main/e/eglibc/nscd_2.11.3-4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 637...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno aure...@debian.org (supplier of updated eglibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the

Bug#660611: marked as done (CVE-2012-0864: FORTIFY_SOURCE format string protection bypass)

2012-06-07 Thread Debian Bug Tracking System

Your message dated Thu, 07 Jun 2012 21:47:17 +
with message-id e1scky1-00078d...@franck.debian.org
and subject line Bug#660611: fixed in eglibc 2.11.3-4
has caused the Debian Bug report #660611,
regarding CVE-2012-0864: FORTIFY_SOURCE format string protection bypass
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
660611: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660611
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: eglibc
Severity: important
Tags: security

Please see http://sourceware.org/bugzilla/show_bug.cgi?id=13656

Current proposed patch:
http://sourceware.org/ml/libc-alpha/2012-02/msg00073.html

Could you also merge this in the Squeeze branch once a final fix is
available?

Cheers,
Moritz


---End Message---
---BeginMessage---
Source: eglibc
Source-Version: 2.11.3-4

We believe that the bug you reported is fixed in the latest version of
eglibc, which is due to be installed in the Debian FTP archive:

eglibc-source_2.11.3-4_all.deb
  to main/e/eglibc/eglibc-source_2.11.3-4_all.deb
eglibc_2.11.3-4.diff.gz
  to main/e/eglibc/eglibc_2.11.3-4.diff.gz
eglibc_2.11.3-4.dsc
  to main/e/eglibc/eglibc_2.11.3-4.dsc
glibc-doc_2.11.3-4_all.deb
  to main/e/eglibc/glibc-doc_2.11.3-4_all.deb
libc-bin_2.11.3-4_amd64.deb
  to main/e/eglibc/libc-bin_2.11.3-4_amd64.deb
libc-dev-bin_2.11.3-4_amd64.deb
  to main/e/eglibc/libc-dev-bin_2.11.3-4_amd64.deb
libc6-dbg_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-dbg_2.11.3-4_amd64.deb
libc6-dev-i386_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-dev-i386_2.11.3-4_amd64.deb
libc6-dev_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-dev_2.11.3-4_amd64.deb
libc6-i386_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-i386_2.11.3-4_amd64.deb
libc6-pic_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-pic_2.11.3-4_amd64.deb
libc6-prof_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-prof_2.11.3-4_amd64.deb
libc6-udeb_2.11.3-4_amd64.udeb
  to main/e/eglibc/libc6-udeb_2.11.3-4_amd64.udeb
libc6_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6_2.11.3-4_amd64.deb
libnss-dns-udeb_2.11.3-4_amd64.udeb
  to main/e/eglibc/libnss-dns-udeb_2.11.3-4_amd64.udeb
libnss-files-udeb_2.11.3-4_amd64.udeb
  to main/e/eglibc/libnss-files-udeb_2.11.3-4_amd64.udeb
locales-all_2.11.3-4_amd64.deb
  to main/e/eglibc/locales-all_2.11.3-4_amd64.deb
locales_2.11.3-4_all.deb
  to main/e/eglibc/locales_2.11.3-4_all.deb
nscd_2.11.3-4_amd64.deb
  to main/e/eglibc/nscd_2.11.3-4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 660...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno aure...@debian.org (supplier of updated eglibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Format: 1.8
Date: Wed, 06 Jun 2012 18:03:02 +0200
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd 
libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev 
libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev 
libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev 
libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 
libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 
libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 
libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 
libc0.1-dev-i386 libc6-sparcv9b libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 
libc0.3-xen libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb
Architecture: source all amd64
Version: 2.11.3-4
Distribution: stable
Urgency: low
Maintainer: Aurelien Jarno aure...@debian.org
Changed-By: Aurelien Jarno aure...@debian.org
Description: 
 eglibc-source - Embedded GNU C Library: sources
 glibc-doc  - Embedded GNU C Library: Documentation
 libc-bin   - Embedded GNU C Library: Binaries
 libc-dev-bin - Embedded GNU C Library: Development binaries
 libc0.1- Embedded GNU C Library: Shared libraries
 libc0.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for 
AMD64
 libc0.1-i386 - Embedded GNU C

Bug#671478: marked as done (CVE-2011-4609)

2012-06-07 Thread Debian Bug Tracking System

Your message dated Thu, 07 Jun 2012 21:47:17 +
with message-id e1scky1-00078i...@franck.debian.org
and subject line Bug#671478: fixed in eglibc 2.11.3-4
has caused the Debian Bug report #671478,
regarding CVE-2011-4609
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
671478: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=671478
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: eglibc
Severity: important
Tags: security

There was a security issue in RPC handling, which is unfixed in Squeeze
and sid:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4609

The Bugzilla entry has a fix for glibc. I'm attaching a eglibc version
of that patch from Ubuntu to this bug.

This appears to be still unfixed in eglibc trunk, maybe it should
be upstream before?

This doesn't warrant a DSA, but maybe it can be added to potential
further eglibc point updates.

Cheers,
Moritz
Origin: Red Hat, glibc-2.12-1.47.el6_2.5.src.rpm:glibc-rh767692-2.patch
Bug: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/901716
Subject: DoS in RPC implementation

CVE-2011-4069


---
 sunrpc/svc_tcp.c  |6 ++
 sunrpc/svc_udp.c  |   13 +++--
 sunrpc/svc_unix.c |6 ++
 3 files changed, 23 insertions(+), 2 deletions(-)

Index: b/sunrpc/svc_tcp.c
===
--- a/sunrpc/svc_tcp.c
+++ b/sunrpc/svc_tcp.c
@@ -44,6 +44,7 @@
 #include sys/poll.h
 #include errno.h
 #include stdlib.h
+#include time.h
 
 #ifdef USE_IN_LIBIO
 # include wchar.h
@@ -243,6 +244,11 @@ again:
 {
   if (errno == EINTR)
 	goto again;
+  if (errno == EMFILE)
+{
+  struct timespec ts = { .tv_sec = 0, .tv_nsec = 5000 };
+  __nanosleep(ts , NULL);
+}
   return FALSE;
 }
   /*
Index: b/sunrpc/svc_udp.c
===
--- a/sunrpc/svc_udp.c
+++ b/sunrpc/svc_udp.c
@@ -40,6 +40,7 @@
 #include sys/socket.h
 #include errno.h
 #include libintl.h
+#include time.h
 
 #ifdef IP_PKTINFO
 #include sys/uio.h
@@ -272,8 +273,16 @@ again:
 		   (int) su-su_iosz, 0,
 		   (struct sockaddr *) (xprt-xp_raddr), len);
   xprt-xp_addrlen = len;
-  if (rlen == -1  errno == EINTR)
-goto again;
+  if (rlen == -1)
+{
+  if (errno == EINTR)
+goto again;
+  if (errno == EMFILE)
+{
+  struct timespec ts = { .tv_sec = 0, .tv_nsec = 5000 };
+  __nanosleep(ts , NULL);
+}
+}
   if (rlen  16)		/*  4 32-bit ints? */
 return FALSE;
   xdrs-x_op = XDR_DECODE;
Index: b/sunrpc/svc_unix.c
===
--- a/sunrpc/svc_unix.c
+++ b/sunrpc/svc_unix.c
@@ -46,6 +46,7 @@
 #include errno.h
 #include stdlib.h
 #include libintl.h
+#include time.h
 
 #ifdef USE_IN_LIBIO
 # include wchar.h
@@ -245,6 +246,11 @@ again:
 {
   if (errno == EINTR)
 	goto again;
+  if (errno == EMFILE)
+{
+  struct timespec ts = { .tv_sec = 0, .tv_nsec = 5000 };
+  __nanosleep(ts , NULL);
+}
   return FALSE;
 }
   /*
---End Message---
---BeginMessage---
Source: eglibc
Source-Version: 2.11.3-4

We believe that the bug you reported is fixed in the latest version of
eglibc, which is due to be installed in the Debian FTP archive:

eglibc-source_2.11.3-4_all.deb
  to main/e/eglibc/eglibc-source_2.11.3-4_all.deb
eglibc_2.11.3-4.diff.gz
  to main/e/eglibc/eglibc_2.11.3-4.diff.gz
eglibc_2.11.3-4.dsc
  to main/e/eglibc/eglibc_2.11.3-4.dsc
glibc-doc_2.11.3-4_all.deb
  to main/e/eglibc/glibc-doc_2.11.3-4_all.deb
libc-bin_2.11.3-4_amd64.deb
  to main/e/eglibc/libc-bin_2.11.3-4_amd64.deb
libc-dev-bin_2.11.3-4_amd64.deb
  to main/e/eglibc/libc-dev-bin_2.11.3-4_amd64.deb
libc6-dbg_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-dbg_2.11.3-4_amd64.deb
libc6-dev-i386_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-dev-i386_2.11.3-4_amd64.deb
libc6-dev_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-dev_2.11.3-4_amd64.deb
libc6-i386_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-i386_2.11.3-4_amd64.deb
libc6-pic_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-pic_2.11.3-4_amd64.deb
libc6-prof_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6-prof_2.11.3-4_amd64.deb
libc6-udeb_2.11.3-4_amd64.udeb
  to main/e/eglibc/libc6-udeb_2.11.3-4_amd64.udeb
libc6_2.11.3-4_amd64.deb
  to main/e/eglibc/libc6_2.11.3-4_amd64.deb
libnss-dns-udeb_2.11.3-4_amd64.udeb
  to main/e/eglibc/libnss-dns-udeb_2.11.3-4_amd64.udeb
libnss-files-udeb_2.11.3-4_amd64.udeb
  to

[bts-link] source package eglibc

Bug#555168: Unclear license situation for (e)glibc locales provided by you

Bug#637239: marked as done (libc6: Broken thread local storage (TLS) initialization)

Bug#647896: marked as done (regression (?): libc6: Broken thread local storage (TLS) initialization)

Bug#668891: marked as done (Static TLS (thread local storage) generates SIGSEGV in libc6 (GNU C-Library))

Bug#660611: marked as done (CVE-2012-0864: FORTIFY_SOURCE format string protection bypass)

Bug#671478: marked as done (CVE-2011-4609)

7 matches

Site Navigation

Mail list logo

Footer information