** Description changed: [SRU justification] The version of the library in the archive for Utopic and Trusty has been built prior to a change in glibc that removes an expected symbol. Rebuild of the libnss-ldap library with the current source package will render the library unusable and may cause systems to become unbootable. [Impact] Without this fix, a rebuild of the libnss-ldap package will cause grave impact where usage of the libnss-ldap will segfault. Such a segfault during the boot process will cause the system to become unbootable. [Fix] Backport the glibc-2.16.patch that is now merged in Vivid into Utopic and Trusty. The version of the library in Precise already uses the correct glibc symbol. [Test Case] On a server properly configured for ldap authentication : root@trusty-ldapclient:~# getent passwd john john:x:10000:5000:John Doe:/home/john:/bin/bash The same test on arm64 or ppc64el platform where the libnss-ldap have been rebuilt recently you will get : root@trusty-ldapclient:~# getent passwd john Segmentation fault (core dumped) $ sudo apt-get download libnss-ldap $ mkdir tmp $ dpkg -x libnss-ldap_264-2.2ubuntu4_amd64.deb tmp $ nm -D tmp/lib/x86_64-linux-gnu/libnss_ldap-2.15.so |grep lock$ w __pthread_mutex_lock w __pthread_mutex_unlock #Rebuild the library $ pull-lp-source libnss-ldap trusty $ sbuild -A -d trusty libnss-ldap_264-2.2ubuntu4.dsc $ rm -Rf tmp/* $ dpkg -x libnss-ldap_264-2.2ubuntu4_amd64.deb tmp $ nm -D tmp/lib/x86_64-linux-gnu/libnss_ldap-2.19.so | grep lock$ U __libc_lock_lock U __libc_lock_unlock Notice that the libnss-ldap version change (2.15 -> 2.19). With the newly built version, the expected _pthread_mutex_lock|unlock is no longer present. [Regression] None expected. This is already present and in use in the upstream version of the library. + 15:27 <rbasak> caribou: so what I don't like about this is that the + patch seems a bit invasive in an area where if there's a regression, + it'll be in multithreading code that'll be non-deterministic and thus + difficult to test. + + 15:27 <rbasak> caribou: OTOH, it's broken on ppc64el at the moment? That + means we need to fix it. + + 15:28 <rbasak> Having an active upstream that had committed the code + would give me more confidence that the patch is good (since they're more + familiar with the code and will have reviewed it) + + 15:29 <rbasak> But Debian have committed it, so that's better than + nothing. + + 15:31 <rbasak> caribou: I think we have no choice but to push it to + Trusty (and Utopic), but we should let the SRU team decide at that + stage. IMHO, my concern should be noted in "Regression Potential", so + I'll do that now. + [Original Description of the problem] Unlike previously thought, this bug is _NOT_ specific to the PPC64EL architecture. More details in the analysis. Many commands that require the use of libnss-ldap will fail with Segmentation Fault. The boot procedure itself can be blocked with the following message. One potential workaround is to remove the use of ldap from the /etc/nsswitch.conf file to at least provide a bootable system.
-- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in Ubuntu. https://bugs.launchpad.net/bugs/1387594 Title: init: symbol lookup error: /lib/powerpc64le-linux- gnu/libnss_ldap.so.2: undefined symbol: __libc_lock_lock To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libnss-ldap/+bug/1387594/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
