[Bug 1088677] Re: rtld: limit self loading check to normal mode only

Launchpad Bug Tracker 1088677 at bugs.launchpad.net
Mon Jan 28 19:13:19 UTC 2013 

This bug was fixed in the package eglibc - 2.17-0ubuntu1

---------------
eglibc (2.17-0ubuntu1) raring; urgency=low

  * Merge with Debian, bringing in a new upstream and many small fixes:
    - patches/any/cvs-malloc-deadlock.diff: Dropped, merged upstream.
    - patches/ubuntu/lddebug-scopes.diff: Rebase for upstream changes.
    - patches/ubuntu/local-CVE-2012-3406.diff: Rebased against upstream.
    - patches/ubuntu/no-asm-mtune-i686.diff: Fixed in recent binutils.
  * This upstream merge fixes a nasty hang in pulseaudio (LP: #1085342)
  * Bump MIN_KERNEL_SUPPORTED to 2.6.32 on ARM, now that we no longer
    have to support shonky 2.6.31 kernels on imx51 babbage builders.
  * Drop patches/ubuntu/local-disable-nscd-host-caching.diff, as these
    issues were apparently resolved upstream a while ago (LP: #613662)
  * Fix the compiled-in bug URL to point to launchpad.net, not Debian.

eglibc (2.17-0experimental0) experimental; urgency=low

  [ Adam Conrad ]
  * New upstream release: version 2.17, orig tarball built at SVN r22169:
    - Restricts ld.so self-loading checks to normal mode (LP: #1088677)
    - debian/rules.d/tarball.mk: ports is no longer external to libc.
    - debian/*: Update all 2.16 occurences to 2.17 for upgrades/deps.
    - patches/localedata/supported.diff: Rebased against new upstream.
    - patches/localedata/locale-ia.diff: Dropped, merged upstream.
    - patches/localedata/submitted-es_MX-decimal_point.diff: Rebased.
    - patches/amd64/local-pthread_cond_wait.diff: Dropped, fixed upstream.
    - patches/i386/local-pthread_cond_wait.diff: Dropped (closes: #694962)
    - patches/arm64/cvs-ldconfig-cache-abi.diff: Dropped, merged upstream.
    - patches/arm64/submitted-aarch64-support.diff: Merged upstream.
    - patches/arm/cvs-ldconfig-cache-abi.diff: Dropped, merged upstream.
    - patches/arm/local-atomic.diff: Dropped, fixed differently upstream.
    - patches/arm/unsubmitted-armhf-linker.diff: Dropped, not needed.
    - patches/arm/unsubmitted-ldconfig-cache-abi.diff: Rewritten slightly.
    - patches/hppa/submitted-nptl-carlos.diff: Rebased against upstream.
    - patches/hppa/local-stack-grows-up.diff: Rebased against upstream.
    - patches/hurd-i386/local-enable-ldconfig.diff: dl-cache.c dropped.
    - patches/hurd-i386/tg-tls.diff: Rebase and drop powerpc support.
    - patches/hurd-i386/tg-regenerate_errno.h.diff: Merged upstream.
    - patches/hurd-i386/tg-extern_inline.diff: Drop powerpc support.
    - patches/hurd-i386/tg-elfosabi_gnu.diff: Drop powerpc support.
    - patches/hurd-i386/tg-grantpt.diff: Rebased against new upstream.
    - patches/hurd-i386/unsubmitted-pthread_posix-option.diff: Rebased.
    - patches/hurd-i386/submitted-getgroups.diff: Dropped, merged upstream.
    - patches/hurd-i386/submitted-getlogin_r.diff: Dropped, fixed upstream.
    - patches/hurd-i386/submitted-ptsname.diff: Dropped, merged upstream.
    - patches/hurd-i386/submitted-sendto.diff: Dropped, fixed upstream.
    - patches/hurd-i386/cvs-add-missing-includes.diff: Merged upstream.
    - patches/hurd-i386/cvs-mach-check-local-headers.sh.diff: Merged.
    - patches/hurd-i386/cvs-lremovexattr.diff: Dropped, merged upstream.
    - patches/hurd-i386/cvs-renameat.diff: Dropped, merged upstream.
    - patches/hurd-i386/cvs-mknodat.diff: Dropped, merged upstream.
    - patches/hurd-i386/cvs-llistxattr.diff: Dropped, merged upstream.
    - patches/i386/submitted-i686-timing.diff: Rebase, and fix a bug that
      was excluding dl-caller.c from shared-only-routines for rtld builds.
    - patches/m68k/cvs-syscall-arguments.diff: Dropped, merged upstream.
    - patches/powerpc/local-math-logb.diff: Rebased against new upstream.
    - patches/all/unsubmitted-autoconfupdate.diff: Dropped, not needed.
    - patches/any/local-bindresvport_blacklist.diff: Rebase with upstream.
    - patches/any/local-ldso-disable-hwcap.diff: Rebased against upstream.
    - patches/any/local-libgcc-compat-ports.diff: Rebased against upstream.
    - patches/any/local-nss-upgrade.diff: Rebased against new upstream.
    - patches/any/local-o_cloexec.diff: Rebased against new upstream.
    - patches/any/local-rtld.diff: Rebased against new upstream.
    - patches/any/submitted-popen.diff: Dropped, finally merged upstream.
    - patches/any/submitted-accept4-hidden.diff: Dropped, merged upstream.
    - patches/any/submitted-bits-fcntl_h-at.diff: Rebased against upstream.
    - patches/any/local-gai-rfc1918-scope-global.patch: Merged upstream.
    - patches/any/submitted-resolv-assert.diff: Dropped, merged upstream.
    - patches/any/local-revert-fclose-posix2008.diff: Reverted upstream.
    - patches/any/local-sunrpc-dos.diff: Dropped, different fix upstream.
    - patches/any/cvs-cxxheaders-detection[123].diff: Merged upstream.
  * debian/patches/powerpc/submitted-UAPI_ASM_POWERPC_ELF.diff: Remove,
    as this has been fixed in the 3.7 release and 3.8 kernel headers.
  * debian/sysdeps/{amd64,i386}.mk: Fix rtlddir for x32 alternate builds.
  * debian/sysdeps/{armel,armhf}.mk: Merge multilib configs from Ubuntu.
  * debian/debhelper.in/libc.preinst: Fix preinst kernel check to match
    the reality that we need >= 2.6.32, as found in squeeze/lucid/RHEL6.
  * debian/rules: Fix EGLIBC_VERSION epoch parsing breakage (LP: #929565)
  * debian/patches/any/cvs-tst-array-as-needed.diff: Fix tst-array2 and
    tst-array5 to build with --no-as-needed to prevent test regressions.
  * debian/patches/any/unsubmitted-ldso-machine-mismatch.diff: Skip past
    libraries that are built for other machines, rather than erroring.
  * debian/patches/i386/unsubmitted-quiet-ldconfig.diff: Fix ldconfig on
    x86 to stop complaining so loudly about wrong-arch libraries on path.
  * debian/{rules.d/build.mk,sysdeps/hurd*}: When the threads variable is
    not set to "yes", add --disable-nscd to the main configure options.
  * debian/patches/any/cvs-use-glibc-wchar.diff: Switch from the eglibc
    implementation of wchar.h to the cleaner glibc-2.18 implementation.
  * debian/patches/arm/local-eabi-wchar.diff: Dropped, no longer needed.
  * debian/patches/any/local-tst-dir-overlayfs.diff: Apply dirty hack to
    skip tst-dir on overlayfs, as it currently fails (see: LP #1107492)
  * debian/patches/svn-updates.diff: Bring svn-updates to revision 22169.

  [ Matthias Klose ]
  * debian/{rules,rules.d/control.mk,control.in/libc}: Allow turning off
    libc-prof arbitrarily, and disable it for arm64, which lacks support.
  * debian/rules.d/build.mk: Fix armhf multilib with WITH_BUILD_SYSROOT.

  [ Steve McIntyre ]
  * debian/patches/arm/unsubmitted-ldso-multilib.diff: Stop ld.so from
    exiting prematurely when it encounters wrong-float ABI libraries.

  [ Pino Toscano ]
  * Rebase/remove hurd-i386 patches against the new upstream version:
    - patches/hurd-i386/tg-ptrmangle.diff: Remove, obsolete.
    - patches/hurd-i386/tg-check_native.diff: Remove, obsolete.
    - patches/hurd-i386/submitted-regex_internal.diff: Fixed upstream.
    - patches/hurd-i386/local-disable-sendmmsg.diff: Fixed upstream.
    - patches/hurd-i386/unsubmitted-pthread.diff: Drop, obsolete.
    - patches/hurd-i386/unsubmitted-mremap.diff: Rebased for new upstream.
  * debian/patches/hurd-i386/local-disable-tst-xmmymm.diff: Disable test.
  * Update expected-results-i486-gnu-libc, expected-results-i686-gnu-i386,
    expected-results-i686-gnu-i686, expected-results-i686-gnu-xen.
 -- Adam Conrad <adconrad at ubuntu.com>   Thu, 10 Jan 2013 18:39:35 -0700

** Changed in: eglibc (Ubuntu)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3406

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1088677

Title:
  rtld: limit self loading check to normal mode only

Status in “eglibc” package in Ubuntu:
  Fix Released
Status in “eglibc” source package in Precise:
  Fix Committed
Status in “eglibc” source package in Quantal:
  Fix Committed

Bug description:
  [Impact / Justification]
  To be fair, this bug is (mostly) cosmetic, but when tools exit non-zero in scary ways, it can have knock-on effects elsewhere (to custom scripting, or just frightened users).  The fix here is targeted, "obviously correct", and easily auditable, so I figured I'd pull it back to the LTS for a bit of polish.

  [Test Case]
  The SRU patch includes an addition to the glibc testsuite that tests that ld.so can now load itself correctly in a few different ways, but the easiest user verification is to run:

  ldd /lib/ld-linux.so.2 (or /lib64/ld-linux-x86-64.so.2 on amd64)

  And witness it fail before the upgrade, and work after.

  [Regression Potential]
  Regression potential here is low, the patch is from upstream, very simple, and it's quite clear what it does.

  [Original Report]
  Commit glibc-2.14~10 disallowed rtld self loading to avoid a segfault

  that used to happen when rtld was loading itself in normal mode.

  Unfortunately, that commit disallowed all modes of self loading,

  including those that used to work before.  This change limits the
  check

  for self loading to normal mode only, so that instruments like ldd
  could

  handle rtld properly.

  http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f3fd569c365ca5149fedbbc6c7a902aa1f8e5b60

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1088677/+subscriptions

More information about the foundations-bugs mailing list