** Description changed: [Impact] * Ubuntu 18.04 is missing various stability and performance fixes that have been added to upstream's 2.27 branch. The accumulated changes are known to fix various issues already reported to Launchpad. [Test Case] * Observe that debian/patches/git-updates-2.diff contains the missing upstream commits intended to be backported. * Observe the patch being applied at build time. * All triggered autopkgtests were run in the Bileto PPA before the SRU upload took place and no reggressions were found. * Several issues fixed in git-updates-2.diff were reported on Launchpad and the ones having reproducers were and will be verified separately. [Regression Potential] * Any form of regression is possible including hangs, live locks and crashes due to the broad range of fixes to be backported. In addition to the standard autopkgtests it is recommended to keep the packages in bionic-proposed longer and call for testing on additional public channels, such as on the ubuntu-devel mailing list. + + The update seem to have triggered an existing, but hiding bug in lftp: + #1902832. [Original Bug Text] Hi, I updated from ubuntu 14.04 to 18.04 and installed a custom (old) application. When starting the application it stop immediately with this error message: "glibc detected an invalid stdio handle" This error message was added by commit [1] "libio: Implement vtable verification [BZ #20191]" to fix a security issue [2]. I tested with several Linux distribution (so different libc version) and the application is working fine with Fedora 30 (Glibc 2.29). There is an interesting patch [3] from Glibc 2.28 which was backported to Glibc 2.27 [4] "libio: Disable vtable validation in case of interposition [BZ #23313]" But Ubuntu 18.04 is still using an old Glibc 2.27 version (from 02-2018). Here is the Glibc version used in 18.04: $ dpkg -s libc6 [...] Version: 2.27-3ubuntu1 Looking at the changelog, ubuntu updated Glibc 2.27 the 16 Apr 2018 but there is a lot of fix from upstream Glibc 2.27 stable branch. The one I'm looking for was merged the 07-2018. It would be great if Ubuntu 18.04 can update Glibc to the latest stable version. Best regards, Romain [1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=db3476aff19b75c4fdefbe65fcd5f0a90588ba51 [2] https://dhavalkapil.com/blogs/FILE-Structure-Exploitation [3] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c402355dfa7807b8e0adb27c009135a7e2b9f1b0 [4] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3bb748257405e94e13de76573a4e9da1cfd961d0
** Description changed: [Impact] * Ubuntu 18.04 is missing various stability and performance fixes that have been added to upstream's 2.27 branch. The accumulated changes are known to fix various issues already reported to Launchpad. [Test Case] * Observe that debian/patches/git-updates-2.diff contains the missing upstream commits intended to be backported. * Observe the patch being applied at build time. * All triggered autopkgtests were run in the Bileto PPA before the SRU upload took place and no reggressions were found. * Several issues fixed in git-updates-2.diff were reported on Launchpad and the ones having reproducers were and will be verified separately. [Regression Potential] * Any form of regression is possible including hangs, live locks and crashes due to the broad range of fixes to be backported. In addition to the standard autopkgtests it is recommended to keep the packages in bionic-proposed longer and call for testing on additional public channels, such as on the ubuntu-devel mailing list. The update seem to have triggered an existing, but hiding bug in lftp: - #1902832. + LP: #1902832. [Original Bug Text] Hi, I updated from ubuntu 14.04 to 18.04 and installed a custom (old) application. When starting the application it stop immediately with this error message: "glibc detected an invalid stdio handle" This error message was added by commit [1] "libio: Implement vtable verification [BZ #20191]" to fix a security issue [2]. I tested with several Linux distribution (so different libc version) and the application is working fine with Fedora 30 (Glibc 2.29). There is an interesting patch [3] from Glibc 2.28 which was backported to Glibc 2.27 [4] "libio: Disable vtable validation in case of interposition [BZ #23313]" But Ubuntu 18.04 is still using an old Glibc 2.27 version (from 02-2018). Here is the Glibc version used in 18.04: $ dpkg -s libc6 [...] Version: 2.27-3ubuntu1 Looking at the changelog, ubuntu updated Glibc 2.27 the 16 Apr 2018 but there is a lot of fix from upstream Glibc 2.27 stable branch. The one I'm looking for was merged the 07-2018. It would be great if Ubuntu 18.04 can update Glibc to the latest stable version. Best regards, Romain [1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=db3476aff19b75c4fdefbe65fcd5f0a90588ba51 [2] https://dhavalkapil.com/blogs/FILE-Structure-Exploitation [3] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c402355dfa7807b8e0adb27c009135a7e2b9f1b0 [4] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3bb748257405e94e13de76573a4e9da1cfd961d0 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1851263 Title: Ubuntu 18.04.3 LTS bump Glibc 2.27 to the latest stable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1851263/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
