[bts-link] source package eglibc
# # bts-link upstream status pull for source package eglibc # see http://lists.debian.org/debian-devel-announce/2006/05/msg1.html # user bts-link-upstr...@lists.alioth.debian.org # remote status report for #674412 (http://bugs.debian.org/674412) # Bug title: tcc: undefined symbol '__builtin_expect' on pthread_cleanup_push() call # * http://sourceware.org/bugzilla/show_bug.cgi?id=14188 # * remote status changed: (?) - RESOLVED # * remote resolution changed: (?) - FIXED usertags 674412 + status-RESOLVED resolution-FIXED thanks -- To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120607163927.19971.88911.btsl...@busoni.debian.org
Bug#555168: Unclear license situation for (e)glibc locales provided by you
Hello, you are listed as contact person/author of the following locale(s): en_BW en_ZW These locales come with a statement % Distribution and use is free, also % for commercial purposes. Thus they do not allow modification; it is unclear, however, if this statement was meant as a license. As discussed in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555168 these locales could strictly speaking not be part of Debian which would be a great loss. (Currently they are allowed pending investigation). To properly resolve this, I would like to ask you the following question: Would you be willing to relicense these locale(s) to a proper license, e.g. (L)GPL v2 or higher or another free software license of your choice? If you have any questions regarding this issue, do not hesitate to contact me (via the reply-to address set). Thanks for helping to resolve this! Helge -- Dr. Helge Kreutzmann deb...@helgefjell.de Dipl.-Phys. http://www.helgefjell.de/debian.php 64bit GNU powered gpg signed mail preferred Help keep free software libre: http://www.ffii.de/ signature.asc Description: Digital signature
Bug#637239: marked as done (libc6: Broken thread local storage (TLS) initialization)
Your message dated Thu, 07 Jun 2012 21:47:17 + with message-id e1scky1-000787...@franck.debian.org and subject line Bug#637239: fixed in eglibc 2.11.3-4 has caused the Debian Bug report #637239, regarding libc6: Broken thread local storage (TLS) initialization to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 637239: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637239 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libc6 Version: 2.13-7 Severity: important Tags: upstream There is a bug with TLS in libc6, beginning with 2.12. See libc6 Bug 12453 - Broken thread local storage (TLS) initialization http://sourceware.org/bugzilla/show_bug.cgi?id=12453 There is a test script demonstrating the segfault: http://sourceware.org/bugzilla/attachment.cgi?id=5218 It also affects Debian Bug 622591 (SEGV with libuuid and imagemagick). See also: https://bugs.gentoo.org/353224 https://github.com/cschwan/sage-on-gentoo/issues/40 -- System Information: Debian Release: wheezy/sid APT prefers oldstable APT policy: (500, 'oldstable'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.38-2-686-bigmem (SMP w/2 CPU cores) Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) (ignored: LC_ALL set to ru_RU.KOI8-R) Shell: /bin/sh linked to /bin/bash Versions of packages libc6 depends on: ii libc-bin 2.13-7 Embedded GNU C Library: Binaries ii libgcc1 1:4.6.0-11 GCC support library Versions of packages libc6 recommends: ii libc6-i6862.13-7 Embedded GNU C Library: Shared lib Versions of packages libc6 suggests: ii debconf [debconf-2.0] 1.5.40 Debian configuration management sy ii glibc-doc 2.13-7 Embedded GNU C Library: Documentat ii locales 2.13-7 Embedded GNU C Library: National L -- debconf-show failed -- With best regards, Vitaliy Filippov---End Message--- ---BeginMessage--- Source: eglibc Source-Version: 2.11.3-4 We believe that the bug you reported is fixed in the latest version of eglibc, which is due to be installed in the Debian FTP archive: eglibc-source_2.11.3-4_all.deb to main/e/eglibc/eglibc-source_2.11.3-4_all.deb eglibc_2.11.3-4.diff.gz to main/e/eglibc/eglibc_2.11.3-4.diff.gz eglibc_2.11.3-4.dsc to main/e/eglibc/eglibc_2.11.3-4.dsc glibc-doc_2.11.3-4_all.deb to main/e/eglibc/glibc-doc_2.11.3-4_all.deb libc-bin_2.11.3-4_amd64.deb to main/e/eglibc/libc-bin_2.11.3-4_amd64.deb libc-dev-bin_2.11.3-4_amd64.deb to main/e/eglibc/libc-dev-bin_2.11.3-4_amd64.deb libc6-dbg_2.11.3-4_amd64.deb to main/e/eglibc/libc6-dbg_2.11.3-4_amd64.deb libc6-dev-i386_2.11.3-4_amd64.deb to main/e/eglibc/libc6-dev-i386_2.11.3-4_amd64.deb libc6-dev_2.11.3-4_amd64.deb to main/e/eglibc/libc6-dev_2.11.3-4_amd64.deb libc6-i386_2.11.3-4_amd64.deb to main/e/eglibc/libc6-i386_2.11.3-4_amd64.deb libc6-pic_2.11.3-4_amd64.deb to main/e/eglibc/libc6-pic_2.11.3-4_amd64.deb libc6-prof_2.11.3-4_amd64.deb to main/e/eglibc/libc6-prof_2.11.3-4_amd64.deb libc6-udeb_2.11.3-4_amd64.udeb to main/e/eglibc/libc6-udeb_2.11.3-4_amd64.udeb libc6_2.11.3-4_amd64.deb to main/e/eglibc/libc6_2.11.3-4_amd64.deb libnss-dns-udeb_2.11.3-4_amd64.udeb to main/e/eglibc/libnss-dns-udeb_2.11.3-4_amd64.udeb libnss-files-udeb_2.11.3-4_amd64.udeb to main/e/eglibc/libnss-files-udeb_2.11.3-4_amd64.udeb locales-all_2.11.3-4_amd64.deb to main/e/eglibc/locales-all_2.11.3-4_amd64.deb locales_2.11.3-4_all.deb to main/e/eglibc/locales_2.11.3-4_all.deb nscd_2.11.3-4_amd64.deb to main/e/eglibc/nscd_2.11.3-4_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 637...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno aure...@debian.org (supplier of updated eglibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 06 Jun 2012 18:03:02 +0200 Source: eglibc Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev
Bug#647896: marked as done (regression (?): libc6: Broken thread local storage (TLS) initialization)
Your message dated Thu, 07 Jun 2012 21:47:17 + with message-id e1scky1-000787...@franck.debian.org and subject line Bug#637239: fixed in eglibc 2.11.3-4 has caused the Debian Bug report #637239, regarding regression (?): libc6: Broken thread local storage (TLS) initialization to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 637239: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637239 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libc6 Version: 2.11.2-10 Severity: serious Justification: Policy 10.2 Regarding the bug on this page: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637239 It clearly states: There is a bug with TLS in libc6, beginning with 2.12. However, I seem to be having similar problems on Debian stable with 2.11: # dpkg --list | grep libc6 ii libc6 2.11.2-10 Embedded GNU C Library: Shared libraries ii libc6-dev 2.11.2-10 Embedded GNU C Library: Development Libraries and Header Files ii libc6-i686 2.11.2-10 Embedded GNU C Library: Shared libraries [i686 optimized] ii libc6-xen 2.11.2-10 Embedded GNU C Library: Shared libraries [Xen version] Running my website: # thin -R config-test.ru -p 4000 start WARNING: Nokogiri was built against LibXML version 2.7.7, but has dynamically loaded 2.7.8 I, [2011-11-07T23:59:37.933309 #31293] INFO -- : ** Utopia::Middleware::Content: Running in /srv/www/www.oriontransfer.co.nz/pages I, [2011-11-07T23:59:37.934007 #31293] INFO -- : ** Utopia::Middleware::Static: Running in /srv/www/www.oriontransfer.co.nz/pages with 65 filetypes I, [2011-11-07T23:59:37.934237 #31293] INFO -- : ** Utopia::Middleware::Controller: Running in /srv/www/www.oriontransfer.co.nz/pages I, [2011-11-07T23:59:37.935003 #31293] INFO -- : ** Utopia::Middleware::Redirector: Running with 31 rules I, [2011-11-07T23:59:37.935236 #31293] INFO -- : Updating index in background... /usr/lib/ruby/gems/1.8/gems/xapian-rack-1.2.3.3/lib/xapian/rack/search.rb:139: [BUG] Segmentation fault ruby 1.8.7 (2010-08-16 patchlevel 302) [i486-linux] Aborted In GDB: # gdb env GNU gdb (GDB) 7.0.1-debian Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type show copying and show warranty for details. This GDB was configured as i486-linux-gnu. For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/... Reading symbols from /usr/bin/env...(no debugging symbols found)...done. (gdb) run thin -R config-test.ru -p 4000 start Starting program: /usr/bin/env thin -R config-test.ru -p 4000 start Executing new program: /usr/bin/ruby1.8 [Thread debugging using libthread_db enabled] WARNING: Nokogiri was built against LibXML version 2.7.7, but has dynamically loaded 2.7.8 I, [2011-11-08T00:00:16.576598 #31311] INFO -- : ** Utopia::Middleware::Content: Running in /srv/www/www.oriontransfer.co.nz/pages I, [2011-11-08T00:00:16.577361 #31311] INFO -- : ** Utopia::Middleware::Static: Running in /srv/www/www.oriontransfer.co.nz/pages with 65 filetypes I, [2011-11-08T00:00:16.577603 #31311] INFO -- : ** Utopia::Middleware::Controller: Running in /srv/www/www.oriontransfer.co.nz/pages I, [2011-11-08T00:00:16.582338 #31311] INFO -- : ** Utopia::Middleware::Redirector: Running with 31 rules [New Thread 0xb648bb70 (LWP 31314)] I, [2011-11-08T00:00:16.583160 #31311] INFO -- : Updating index in background... Program received signal SIGSEGV, Segmentation fault. 0xb6ade301 in ?? () from /lib/libuuid.so.1 (gdb) bt #0 0xb6ade301 in ?? () from /lib/libuuid.so.1 #1 0xb6adf22f in uuid_generate () from /lib/libuuid.so.1 #2 0xb6783cb2 in ChertVersion::create (this=0x83f35a4) at backends/chert/chert_version.cc:73 ... snip ... After a bit of research, I found that this error is tied back to some issues in libc6, as per the above bug report. I also found on the Gentoo mailing list that the bug has
Bug#668891: marked as done (Static TLS (thread local storage) generates SIGSEGV in libc6 (GNU C-Library))
Your message dated Thu, 07 Jun 2012 21:47:17 + with message-id e1scky1-000787...@franck.debian.org and subject line Bug#637239: fixed in eglibc 2.11.3-4 has caused the Debian Bug report #637239, regarding Static TLS (thread local storage) generates SIGSEGV in libc6 (GNU C-Library) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 637239: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637239 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libc6 Version: 2.11.3-2 Severity: important Tags: squeeze The eglibc source (eglibc_2.11.3-2.diff.gz eglibc_2.11.3-2.dsc eglibc_2.11.3.orig.tar.gz) of the libc6*.deb packages contains a patch which fixes a well known bug of older releases of the GNUC-Library resulting in SIGSEGV on software which makes use of static tls. The can be found in .../debian/patches/any/cvs-dlopen-tls.diff. For some reasons the patch has not been pushed onto the quilt stack. So when building the libc6*.deb packages from source the patch is left out rendering any software which make use of statis tls (e.g. qt-4.8.x) useless (generating SIGSEGV). When rebuilding the libc6*.deb packages with the mentioned patch included all seems to be o.k. so far. Now I'm wondering if the patch has been omitted by intention or if the omission is simply a bug, and I'm wondering if the patch could be included officially? -- System Information: Debian Release: 6.0.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libc6 depends on: ii libc-bin 2.11.3-3 Embedded GNU C Library: Binaries ii libgcc1 1:4.4.5-8 GCC support library Versions of packages libc6 recommends: ii libc6-i6862.11.3-3 Embedded GNU C Library: Shared lib Versions of packages libc6 suggests: ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii glibc-doc 2.11.3-3 Embedded GNU C Library: Documentat ii locales 2.11.3-3 Embedded GNU C Library: National L -- debconf information: glibc/upgrade: true glibc/restart-services: glibc/disable-screensaver: glibc/restart-failed: ---End Message--- ---BeginMessage--- Source: eglibc Source-Version: 2.11.3-4 We believe that the bug you reported is fixed in the latest version of eglibc, which is due to be installed in the Debian FTP archive: eglibc-source_2.11.3-4_all.deb to main/e/eglibc/eglibc-source_2.11.3-4_all.deb eglibc_2.11.3-4.diff.gz to main/e/eglibc/eglibc_2.11.3-4.diff.gz eglibc_2.11.3-4.dsc to main/e/eglibc/eglibc_2.11.3-4.dsc glibc-doc_2.11.3-4_all.deb to main/e/eglibc/glibc-doc_2.11.3-4_all.deb libc-bin_2.11.3-4_amd64.deb to main/e/eglibc/libc-bin_2.11.3-4_amd64.deb libc-dev-bin_2.11.3-4_amd64.deb to main/e/eglibc/libc-dev-bin_2.11.3-4_amd64.deb libc6-dbg_2.11.3-4_amd64.deb to main/e/eglibc/libc6-dbg_2.11.3-4_amd64.deb libc6-dev-i386_2.11.3-4_amd64.deb to main/e/eglibc/libc6-dev-i386_2.11.3-4_amd64.deb libc6-dev_2.11.3-4_amd64.deb to main/e/eglibc/libc6-dev_2.11.3-4_amd64.deb libc6-i386_2.11.3-4_amd64.deb to main/e/eglibc/libc6-i386_2.11.3-4_amd64.deb libc6-pic_2.11.3-4_amd64.deb to main/e/eglibc/libc6-pic_2.11.3-4_amd64.deb libc6-prof_2.11.3-4_amd64.deb to main/e/eglibc/libc6-prof_2.11.3-4_amd64.deb libc6-udeb_2.11.3-4_amd64.udeb to main/e/eglibc/libc6-udeb_2.11.3-4_amd64.udeb libc6_2.11.3-4_amd64.deb to main/e/eglibc/libc6_2.11.3-4_amd64.deb libnss-dns-udeb_2.11.3-4_amd64.udeb to main/e/eglibc/libnss-dns-udeb_2.11.3-4_amd64.udeb libnss-files-udeb_2.11.3-4_amd64.udeb to main/e/eglibc/libnss-files-udeb_2.11.3-4_amd64.udeb locales-all_2.11.3-4_amd64.deb to main/e/eglibc/locales-all_2.11.3-4_amd64.deb locales_2.11.3-4_all.deb to main/e/eglibc/locales_2.11.3-4_all.deb nscd_2.11.3-4_amd64.deb to main/e/eglibc/nscd_2.11.3-4_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 637...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno aure...@debian.org (supplier of updated eglibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the
Bug#660611: marked as done (CVE-2012-0864: FORTIFY_SOURCE format string protection bypass)
Your message dated Thu, 07 Jun 2012 21:47:17 + with message-id e1scky1-00078d...@franck.debian.org and subject line Bug#660611: fixed in eglibc 2.11.3-4 has caused the Debian Bug report #660611, regarding CVE-2012-0864: FORTIFY_SOURCE format string protection bypass to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 660611: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660611 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: eglibc Severity: important Tags: security Please see http://sourceware.org/bugzilla/show_bug.cgi?id=13656 Current proposed patch: http://sourceware.org/ml/libc-alpha/2012-02/msg00073.html Could you also merge this in the Squeeze branch once a final fix is available? Cheers, Moritz ---End Message--- ---BeginMessage--- Source: eglibc Source-Version: 2.11.3-4 We believe that the bug you reported is fixed in the latest version of eglibc, which is due to be installed in the Debian FTP archive: eglibc-source_2.11.3-4_all.deb to main/e/eglibc/eglibc-source_2.11.3-4_all.deb eglibc_2.11.3-4.diff.gz to main/e/eglibc/eglibc_2.11.3-4.diff.gz eglibc_2.11.3-4.dsc to main/e/eglibc/eglibc_2.11.3-4.dsc glibc-doc_2.11.3-4_all.deb to main/e/eglibc/glibc-doc_2.11.3-4_all.deb libc-bin_2.11.3-4_amd64.deb to main/e/eglibc/libc-bin_2.11.3-4_amd64.deb libc-dev-bin_2.11.3-4_amd64.deb to main/e/eglibc/libc-dev-bin_2.11.3-4_amd64.deb libc6-dbg_2.11.3-4_amd64.deb to main/e/eglibc/libc6-dbg_2.11.3-4_amd64.deb libc6-dev-i386_2.11.3-4_amd64.deb to main/e/eglibc/libc6-dev-i386_2.11.3-4_amd64.deb libc6-dev_2.11.3-4_amd64.deb to main/e/eglibc/libc6-dev_2.11.3-4_amd64.deb libc6-i386_2.11.3-4_amd64.deb to main/e/eglibc/libc6-i386_2.11.3-4_amd64.deb libc6-pic_2.11.3-4_amd64.deb to main/e/eglibc/libc6-pic_2.11.3-4_amd64.deb libc6-prof_2.11.3-4_amd64.deb to main/e/eglibc/libc6-prof_2.11.3-4_amd64.deb libc6-udeb_2.11.3-4_amd64.udeb to main/e/eglibc/libc6-udeb_2.11.3-4_amd64.udeb libc6_2.11.3-4_amd64.deb to main/e/eglibc/libc6_2.11.3-4_amd64.deb libnss-dns-udeb_2.11.3-4_amd64.udeb to main/e/eglibc/libnss-dns-udeb_2.11.3-4_amd64.udeb libnss-files-udeb_2.11.3-4_amd64.udeb to main/e/eglibc/libnss-files-udeb_2.11.3-4_amd64.udeb locales-all_2.11.3-4_amd64.deb to main/e/eglibc/locales-all_2.11.3-4_amd64.deb locales_2.11.3-4_all.deb to main/e/eglibc/locales_2.11.3-4_all.deb nscd_2.11.3-4_amd64.deb to main/e/eglibc/nscd_2.11.3-4_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 660...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno aure...@debian.org (supplier of updated eglibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 06 Jun 2012 18:03:02 +0200 Source: eglibc Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-sparcv9b libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb Architecture: source all amd64 Version: 2.11.3-4 Distribution: stable Urgency: low Maintainer: Aurelien Jarno aure...@debian.org Changed-By: Aurelien Jarno aure...@debian.org Description: eglibc-source - Embedded GNU C Library: sources glibc-doc - Embedded GNU C Library: Documentation libc-bin - Embedded GNU C Library: Binaries libc-dev-bin - Embedded GNU C Library: Development binaries libc0.1- Embedded GNU C Library: Shared libraries libc0.1-dbg - Embedded GNU C Library: detached debugging symbols libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for AMD64 libc0.1-i386 - Embedded GNU C
Bug#671478: marked as done (CVE-2011-4609)
Your message dated Thu, 07 Jun 2012 21:47:17 + with message-id e1scky1-00078i...@franck.debian.org and subject line Bug#671478: fixed in eglibc 2.11.3-4 has caused the Debian Bug report #671478, regarding CVE-2011-4609 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 671478: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=671478 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: eglibc Severity: important Tags: security There was a security issue in RPC handling, which is unfixed in Squeeze and sid: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4609 The Bugzilla entry has a fix for glibc. I'm attaching a eglibc version of that patch from Ubuntu to this bug. This appears to be still unfixed in eglibc trunk, maybe it should be upstream before? This doesn't warrant a DSA, but maybe it can be added to potential further eglibc point updates. Cheers, Moritz Origin: Red Hat, glibc-2.12-1.47.el6_2.5.src.rpm:glibc-rh767692-2.patch Bug: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/901716 Subject: DoS in RPC implementation CVE-2011-4069 --- sunrpc/svc_tcp.c |6 ++ sunrpc/svc_udp.c | 13 +++-- sunrpc/svc_unix.c |6 ++ 3 files changed, 23 insertions(+), 2 deletions(-) Index: b/sunrpc/svc_tcp.c === --- a/sunrpc/svc_tcp.c +++ b/sunrpc/svc_tcp.c @@ -44,6 +44,7 @@ #include sys/poll.h #include errno.h #include stdlib.h +#include time.h #ifdef USE_IN_LIBIO # include wchar.h @@ -243,6 +244,11 @@ again: { if (errno == EINTR) goto again; + if (errno == EMFILE) +{ + struct timespec ts = { .tv_sec = 0, .tv_nsec = 5000 }; + __nanosleep(ts , NULL); +} return FALSE; } /* Index: b/sunrpc/svc_udp.c === --- a/sunrpc/svc_udp.c +++ b/sunrpc/svc_udp.c @@ -40,6 +40,7 @@ #include sys/socket.h #include errno.h #include libintl.h +#include time.h #ifdef IP_PKTINFO #include sys/uio.h @@ -272,8 +273,16 @@ again: (int) su-su_iosz, 0, (struct sockaddr *) (xprt-xp_raddr), len); xprt-xp_addrlen = len; - if (rlen == -1 errno == EINTR) -goto again; + if (rlen == -1) +{ + if (errno == EINTR) +goto again; + if (errno == EMFILE) +{ + struct timespec ts = { .tv_sec = 0, .tv_nsec = 5000 }; + __nanosleep(ts , NULL); +} +} if (rlen 16) /* 4 32-bit ints? */ return FALSE; xdrs-x_op = XDR_DECODE; Index: b/sunrpc/svc_unix.c === --- a/sunrpc/svc_unix.c +++ b/sunrpc/svc_unix.c @@ -46,6 +46,7 @@ #include errno.h #include stdlib.h #include libintl.h +#include time.h #ifdef USE_IN_LIBIO # include wchar.h @@ -245,6 +246,11 @@ again: { if (errno == EINTR) goto again; + if (errno == EMFILE) +{ + struct timespec ts = { .tv_sec = 0, .tv_nsec = 5000 }; + __nanosleep(ts , NULL); +} return FALSE; } /* ---End Message--- ---BeginMessage--- Source: eglibc Source-Version: 2.11.3-4 We believe that the bug you reported is fixed in the latest version of eglibc, which is due to be installed in the Debian FTP archive: eglibc-source_2.11.3-4_all.deb to main/e/eglibc/eglibc-source_2.11.3-4_all.deb eglibc_2.11.3-4.diff.gz to main/e/eglibc/eglibc_2.11.3-4.diff.gz eglibc_2.11.3-4.dsc to main/e/eglibc/eglibc_2.11.3-4.dsc glibc-doc_2.11.3-4_all.deb to main/e/eglibc/glibc-doc_2.11.3-4_all.deb libc-bin_2.11.3-4_amd64.deb to main/e/eglibc/libc-bin_2.11.3-4_amd64.deb libc-dev-bin_2.11.3-4_amd64.deb to main/e/eglibc/libc-dev-bin_2.11.3-4_amd64.deb libc6-dbg_2.11.3-4_amd64.deb to main/e/eglibc/libc6-dbg_2.11.3-4_amd64.deb libc6-dev-i386_2.11.3-4_amd64.deb to main/e/eglibc/libc6-dev-i386_2.11.3-4_amd64.deb libc6-dev_2.11.3-4_amd64.deb to main/e/eglibc/libc6-dev_2.11.3-4_amd64.deb libc6-i386_2.11.3-4_amd64.deb to main/e/eglibc/libc6-i386_2.11.3-4_amd64.deb libc6-pic_2.11.3-4_amd64.deb to main/e/eglibc/libc6-pic_2.11.3-4_amd64.deb libc6-prof_2.11.3-4_amd64.deb to main/e/eglibc/libc6-prof_2.11.3-4_amd64.deb libc6-udeb_2.11.3-4_amd64.udeb to main/e/eglibc/libc6-udeb_2.11.3-4_amd64.udeb libc6_2.11.3-4_amd64.deb to main/e/eglibc/libc6_2.11.3-4_amd64.deb libnss-dns-udeb_2.11.3-4_amd64.udeb to main/e/eglibc/libnss-dns-udeb_2.11.3-4_amd64.udeb libnss-files-udeb_2.11.3-4_amd64.udeb to