Debian Bug report logs - #658424
pu: package eglibc/2.11.3-3

version graph

Package: release.debian.org; Maintainer for release.debian.org is Debian Release Team <debian-release@lists.debian.org>;

Reported by: Aurelien Jarno <aurel32@debian.org>

Date: Thu, 2 Feb 2012 22:15:02 UTC

Severity: normal

Tags: confirmed, squeeze

Fixed in version 6.0.5

Done: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, debian-glibc@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#658424; Package release.debian.org. (Thu, 02 Feb 2012 22:15:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Aurelien Jarno <aurel32@debian.org>:
New Bug report received and forwarded. Copy sent to debian-glibc@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>. (Thu, 02 Feb 2012 22:15:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Aurelien Jarno <aurel32@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: pu: package eglibc/2.11.3-3
Date: Thu, 02 Feb 2012 23:11:21 +0100
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu

eglibc 2.11.3-2 shipped in Debian Squeeze 6.0.4 suffers from a 
regression in the resolver code with broken DNS server not answering
correctly to AAAA requests. It causes the first or sometimes more DNS
resolving requests to fail. See bug#658171 for more details.

The actual problem has been triggered by the patch 
debian/patches/any/cvs-resolv-different-nameserver.diff, which allows to
fallback to the next server in /etc/resolv.conf in case a DNS server
doesn't answer. Given this feature is quite important, and given this 
code is also present in recent upstream versions (it appears that 
wheezy and sid are also affected), it seemed to be a good idea to fix 
the real problem instead of simply reverting this patch.

The diff below is a proposal for an upload to stable-proposed-updates
fixing the DNS issue, as well as a security issue as requested by the
security team. Both patches are already in sid (though the DNS one is
only present in 2.13-26 that has just been uploaded).

Would it be possible to upload it? You might actually want to wait a 
few days for having some feedback of the sid upload.



Index: debian/patches/any/submitted-resolv-first-query-failure.diff
===================================================================
--- debian/patches/any/submitted-resolv-first-query-failure.diff	(révision 0)
+++ debian/patches/any/submitted-resolv-first-query-failure.diff	(révision 5155)
@@ -0,0 +1,36 @@
+2012-02-02  Aurelien Jarno  <aurel32@debian.org>
+
+	* resolv/res_query.c(__libc_res_nsearch): succeed if the first
+	query fails, but the second query succeeds.
+
+diff --git a/resolv/res_query.c b/resolv/res_query.c
+index 947c651..c88268f 100644
+--- a/resolv/res_query.c
++++ b/resolv/res_query.c
+@@ -378,7 +378,7 @@ __libc_res_nsearch(res_state statp,
+ 		ret = __libc_res_nquerydomain(statp, name, NULL, class, type,
+ 					      answer, anslen, answerp,
+ 					      answerp2, nanswerp2, resplen2);
+-		if (ret > 0 || trailing_dot)
++		if (ret > 0 || (ret == 0 && *resplen2 > 0) || trailing_dot)
+ 			return (ret);
+ 		saved_herrno = h_errno;
+ 		tried_as_is++;
+@@ -418,7 +418,7 @@ __libc_res_nsearch(res_state statp,
+ 						      answer, anslen, answerp,
+ 						      answerp2, nanswerp2,
+ 						      resplen2);
+-			if (ret > 0)
++			if ((ret > 0) || (ret == 0 && *resplen2 > 0))
+ 				return (ret);
+ 
+ 			if (answerp && *answerp != answer) {
+@@ -487,7 +487,7 @@ __libc_res_nsearch(res_state statp,
+ 		ret = __libc_res_nquerydomain(statp, name, NULL, class, type,
+ 					      answer, anslen, answerp,
+ 					      answerp2, nanswerp2, resplen2);
+-		if (ret > 0)
++		if ((ret > 0) || (ret == 0 && *resplen2 > 0))
+ 			return (ret);
+ 	}
+ 
Index: debian/patches/any/cvs-tzfile.diff
===================================================================
--- debian/patches/any/cvs-tzfile.diff	(révision 0)
+++ debian/patches/any/cvs-tzfile.diff	(révision 5154)
@@ -0,0 +1,85 @@
+2011-12-17  Ulrich Drepper  <drepper@gmail.com>
+
+	[BZ #13506]
+	* time/tzfile.c (__tzfile_read): Check values from file header.
+
+diff --git a/time/tzfile.c b/time/tzfile.c
+index 144e20b..402389c 100644
+--- a/time/tzfile.c
++++ b/time/tzfile.c
+@@ -26,6 +26,7 @@
+ #include <time.h>
+ #include <unistd.h>
+ #include <sys/stat.h>
++#include <stdint.h>
+ 
+ #define	NOID
+ #include <timezone/tzfile.h>
+@@ -234,23 +234,58 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
+       goto read_again;
+     }
+ 
++  if (__builtin_expect (num_transitions
++			> ((SIZE_MAX - (__alignof__ (struct ttinfo) - 1))
++			   / (sizeof (time_t) + 1)), 0))
++    goto lose;
+   total_size = num_transitions * (sizeof (time_t) + 1);
+   total_size = ((total_size + __alignof__ (struct ttinfo) - 1)
+ 		& ~(__alignof__ (struct ttinfo) - 1));
+   types_idx = total_size;
+-  total_size += num_types * sizeof (struct ttinfo) + chars;
++  if (__builtin_expect (num_types
++			> (SIZE_MAX - total_size) / sizeof (struct ttinfo), 0))
++    goto lose;
++  total_size += num_types * sizeof (struct ttinfo);
++  if (__builtin_expect (chars > SIZE_MAX - total_size, 0))
++    goto lose;
++  total_size += chars;
++  if (__builtin_expect (__alignof__ (struct leap) - 1
++			> SIZE_MAX - total_size, 0))
++    goto lose;
+   total_size = ((total_size + __alignof__ (struct leap) - 1)
+ 		& ~(__alignof__ (struct leap) - 1));
+   leaps_idx = total_size;
++  if (__builtin_expect (num_leaps
++			> (SIZE_MAX - total_size) / sizeof (struct leap), 0))
++    goto lose;
+   total_size += num_leaps * sizeof (struct leap);
+-  tzspec_len = (sizeof (time_t) == 8 && trans_width == 8
+-		? st.st_size - (ftello (f)
+-				+ num_transitions * (8 + 1)
+-				+ num_types * 6
+-				+ chars
+-				+ num_leaps * 12
+-				+ num_isstd
+-				+ num_isgmt) - 1 : 0);
++  tzspec_len = 0;
++  if (sizeof (time_t) == 8 && trans_width == 8)
++    {
++      off_t rem = st.st_size - ftello (f);
++      if (__builtin_expect (rem < 0
++			    || (size_t) rem < (num_transitions * (8 + 1)
++					       + num_types * 6
++					       + chars), 0))
++	goto lose;
++      tzspec_len = (size_t) rem - (num_transitions * (8 + 1)
++				   + num_types * 6
++				   + chars);
++      if (__builtin_expect (num_leaps > SIZE_MAX / 12
++			    || tzspec_len < num_leaps * 12, 0))
++	goto lose;
++      tzspec_len -= num_leaps * 12;
++      if (__builtin_expect (tzspec_len < num_isstd, 0))
++	goto lose;
++      tzspec_len -= num_isstd;
++      if (__builtin_expect (tzspec_len == 0 || tzspec_len - 1 < num_isgmt, 0))
++	goto lose;
++      tzspec_len -= num_isgmt + 1;
++      if (__builtin_expect (SIZE_MAX - total_size < tzspec_len, 0))
++	goto lose;
++    }
++  if (__builtin_expect (SIZE_MAX - total_size - tzspec_len < extra, 0))
++    goto lose;
+ 
+   /* Allocate enough memory including the extra block requested by the
+      caller.  */
Index: debian/patches/series
===================================================================
--- debian/patches/series	(révision 5091)
+++ debian/patches/series	(copie de travail)
@@ -270,3 +270,5 @@
 any/cvs-dl_close-scope-handling.diff
 any/cvs-nptl-pthread-race.diff
 any/cvs-statvfs-mount-flags.diff
+any/cvs-tzfile.diff
+any/submitted-resolv-first-query-failure.diff
Index: debian/changelog
===================================================================
--- debian/changelog	(révision 5091)
+++ debian/changelog	(copie de travail)
@@ -1,3 +1,13 @@
+eglibc (2.11.3-3) stable; urgency=low
+
+  * patches/any/cvs-tzfile.diff: fix integer overflow in timezone code.
+    (CVE-2009-5029).  Closes: #650790.
+  * patches/any/submitted-resolv-first-query-failure.diff: new patch to fix
+    resolving issues with broken servers returning NOTIMP or FORMERR to AAAA
+    queries.  Closes: #658171.
+
+ -- Aurelien Jarno <aurel32@debian.org>  Thu, 02 Feb 2012 22:20:02 +0100
+
 eglibc (2.11.3-2) stable; urgency=low
 
   * Add patches/arm/cvs-tls-unallocated.diff and

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#658424; Package release.debian.org. (Tue, 07 Feb 2012 21:48:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Tue, 07 Feb 2012 21:48:04 GMT) Full text and rfc822 format available.

Message #10 received at 658424@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Aurelien Jarno <aurel32@debian.org>, 658424@bugs.debian.org
Subject: Re: Bug#658424: pu: package eglibc/2.11.3-3
Date: Tue, 07 Feb 2012 21:45:12 +0000
On Thu, 2012-02-02 at 23:11 +0100, Aurelien Jarno wrote:
> eglibc 2.11.3-2 shipped in Debian Squeeze 6.0.4 suffers from a 
> regression in the resolver code with broken DNS server not answering
> correctly to AAAA requests. It causes the first or sometimes more DNS
> resolving requests to fail. See bug#658171 for more details.
[...]
> Would it be possible to upload it? You might actually want to wait a 
> few days for having some feedback of the sid upload.

Has there been any feedback as a result of the sid upload, whether
positive or otherwise?

Regards,

Adam





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#658424; Package release.debian.org. (Tue, 07 Feb 2012 21:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Aurelien Jarno <aurel32@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Tue, 07 Feb 2012 21:51:03 GMT) Full text and rfc822 format available.

Message #15 received at 658424@bugs.debian.org (full text, mbox):

From: Aurelien Jarno <aurel32@debian.org>
To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: 658424@bugs.debian.org
Subject: Re: Bug#658424: pu: package eglibc/2.11.3-3
Date: Tue, 7 Feb 2012 22:48:29 +0100
On Tue, Feb 07, 2012 at 09:45:12PM +0000, Adam D. Barratt wrote:
> On Thu, 2012-02-02 at 23:11 +0100, Aurelien Jarno wrote:
> > eglibc 2.11.3-2 shipped in Debian Squeeze 6.0.4 suffers from a 
> > regression in the resolver code with broken DNS server not answering
> > correctly to AAAA requests. It causes the first or sometimes more DNS
> > resolving requests to fail. See bug#658171 for more details.
> [...]
> > Would it be possible to upload it? You might actually want to wait a 
> > few days for having some feedback of the sid upload.
> 
> Has there been any feedback as a result of the sid upload, whether
> positive or otherwise?
> 

Nothing so far :-(


-- 
Aurelien Jarno	                        GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#658424; Package release.debian.org. (Sat, 11 Feb 2012 11:15:42 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sat, 11 Feb 2012 11:15:50 GMT) Full text and rfc822 format available.

Message #20 received at 658424@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Aurelien Jarno <aurel32@debian.org>, 658424@bugs.debian.org
Cc: "Bernhard R. Link" <brlink@debian.org>, JBK <jbk5982@gmail.com>, 658171@bugs.debian.org
Subject: Re: Bug#658424: pu: package eglibc/2.11.3-3
Date: Sat, 11 Feb 2012 11:09:49 +0000
tag 658424 + confirmed squeeze
thanks

On Tue, 2012-02-07 at 22:48 +0100, Aurelien Jarno wrote:
> On Tue, Feb 07, 2012 at 09:45:12PM +0000, Adam D. Barratt wrote:
> > On Thu, 2012-02-02 at 23:11 +0100, Aurelien Jarno wrote:
> > > eglibc 2.11.3-2 shipped in Debian Squeeze 6.0.4 suffers from a 
> > > regression in the resolver code with broken DNS server not answering
> > > correctly to AAAA requests. It causes the first or sometimes more DNS
> > > resolving requests to fail. See bug#658171 for more details.
[...]
> > Has there been any feedback as a result of the sid upload, whether
> > positive or otherwise?
> > 
> Nothing so far :-(

That's unfortunate, but I'm not sure we should let it block getting the
fix to stable users any further.  Please go ahead with the upload.

Bernhard, "JBK" - once the package is available for your architecture
via proposed-updates, please test it and let us know whether it resolves
the issue for you.

Regards,

Adam





Added tag(s) squeeze and confirmed. Request was from "Adam D. Barratt" <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Sat, 11 Feb 2012 11:16:02 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#658424; Package release.debian.org. (Sun, 12 Feb 2012 19:42:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Aurelien Jarno <aurel32@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sun, 12 Feb 2012 19:42:06 GMT) Full text and rfc822 format available.

Message #27 received at 658424@bugs.debian.org (full text, mbox):

From: Aurelien Jarno <aurel32@debian.org>
To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: 658424@bugs.debian.org, "Bernhard R. Link" <brlink@debian.org>, JBK <jbk5982@gmail.com>, 658171@bugs.debian.org
Subject: Re: Bug#658424: pu: package eglibc/2.11.3-3
Date: Sun, 12 Feb 2012 20:38:44 +0100
On Sat, Feb 11, 2012 at 11:09:49AM +0000, Adam D. Barratt wrote:
> tag 658424 + confirmed squeeze
> thanks
> 
> On Tue, 2012-02-07 at 22:48 +0100, Aurelien Jarno wrote:
> > On Tue, Feb 07, 2012 at 09:45:12PM +0000, Adam D. Barratt wrote:
> > > On Thu, 2012-02-02 at 23:11 +0100, Aurelien Jarno wrote:
> > > > eglibc 2.11.3-2 shipped in Debian Squeeze 6.0.4 suffers from a 
> > > > regression in the resolver code with broken DNS server not answering
> > > > correctly to AAAA requests. It causes the first or sometimes more DNS
> > > > resolving requests to fail. See bug#658171 for more details.
> [...]
> > > Has there been any feedback as a result of the sid upload, whether
> > > positive or otherwise?
> > > 
> > Nothing so far :-(
> 
> That's unfortunate, but I'm not sure we should let it block getting the
> fix to stable users any further.  Please go ahead with the upload.

I have just done the upload. As told on IRC, it also includes fixes for
the gai.conf manpage.

Regards,
Aurelien

-- 
Aurelien Jarno	                        GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#658424; Package release.debian.org. (Sun, 12 Feb 2012 21:09:12 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sun, 12 Feb 2012 21:09:13 GMT) Full text and rfc822 format available.

Message #32 received at 658424@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Aurelien Jarno <aurel32@debian.org>, 658424@bugs.debian.org
Cc: "Bernhard R. Link" <brlink@debian.org>, JBK <jbk5982@gmail.com>, 658171@bugs.debian.org
Subject: Re: Bug#658424: pu: package eglibc/2.11.3-3
Date: Sun, 12 Feb 2012 21:05:54 +0000
tag 658424 + pending
thanks

On Sun, 2012-02-12 at 20:38 +0100, Aurelien Jarno wrote:
> On Sat, Feb 11, 2012 at 11:09:49AM +0000, Adam D. Barratt wrote:
> > That's unfortunate, but I'm not sure we should let it block getting the
> > fix to stable users any further.  Please go ahead with the upload.
> 
> I have just done the upload. As told on IRC, it also includes fixes for
> the gai.conf manpage.

Thanks.  I've flagged it for acceptance.

As I mentioned previously: Bernhard, "JBK" (and anyone else affected and
watching the bugs) - once the package is available for your architecture
via proposed-updates, please test it and let us know whether it resolves
the issue for you.

Regards,

Adam





Added tag(s) pending. Request was from "Adam D. Barratt" <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Sun, 12 Feb 2012 21:09:17 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#658424; Package release.debian.org. (Tue, 14 Feb 2012 11:57:14 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Bernhard R. Link" <brlink@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Tue, 14 Feb 2012 11:57:15 GMT) Full text and rfc822 format available.

Message #39 received at 658424@bugs.debian.org (full text, mbox):

From: "Bernhard R. Link" <brlink@debian.org>
To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: Aurelien Jarno <aurel32@debian.org>, 658424@bugs.debian.org, 658171@bugs.debian.org
Subject: Re: Bug#658424: pu: package eglibc/2.11.3-3
Date: Tue, 14 Feb 2012 12:54:43 +0100
* Adam D. Barratt <adam@adam-barratt.org.uk> [120212 22:06]:
> As I mentioned previously: Bernhard, "JBK" (and anyone else affected and
> watching the bugs) - once the package is available for your architecture
> via proposed-updates, please test it and let us know whether it resolves
> the issue for you.

As far as I can tell from a short testing, it seems to work.

        Bernhard R. Link




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#658424; Package release.debian.org. (Thu, 16 Feb 2012 19:12:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Thu, 16 Feb 2012 19:12:06 GMT) Full text and rfc822 format available.

Message #44 received at 658424@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: "Bernhard R. Link" <brlink@debian.org>, 658424@bugs.debian.org
Cc: Aurelien Jarno <aurel32@debian.org>, 658171@bugs.debian.org
Subject: Re: Bug#658424: pu: package eglibc/2.11.3-3
Date: Thu, 16 Feb 2012 19:09:27 +0000
On Tue, 2012-02-14 at 12:54 +0100, Bernhard R. Link wrote:
> * Adam D. Barratt <adam@adam-barratt.org.uk> [120212 22:06]:
> > As I mentioned previously: Bernhard, "JBK" (and anyone else affected and
> > watching the bugs) - once the package is available for your architecture
> > via proposed-updates, please test it and let us know whether it resolves
> > the issue for you.
> 
> As far as I can tell from a short testing, it seems to work.

Thanks.  I've pushed the package to squeeze-updates, so it will start
hit mirrors with the next dinstall.

Regards,

Adam





Reply sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
You have taken responsibility. (Sat, 12 May 2012 12:36:36 GMT) Full text and rfc822 format available.

Notification sent to Aurelien Jarno <aurel32@debian.org>:
Bug acknowledged by developer. (Sat, 12 May 2012 12:36:36 GMT) Full text and rfc822 format available.

Message #49 received at 658424-done@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: <623148-done@bugs.debian.org>, <657722-done@bugs.debian.org>, <658424-done@bugs.debian.org>, <660693-done@bugs.debian.org>, <661473-done@bugs.debian.org>, <661652-done@bugs.debian.org>, <663104-done@bugs.debian.org>, <664567-done@bugs.debian.org>, <666001-done@bugs.debian.org>, <666222-done@bugs.debian.org>, <666687-done@bugs.debian.org>, <668456-done@bugs.debian.org>, <670730-done@bugs.debian.org>, <671449-done@bugs.debian.org>
Subject: Closing requests for packages included in 6.0.5
Date: Sat, 12 May 2012 13:32:55 +0100
Version: 6.0.5

Hi,

All of the packages referenced by the closed bugs were included in the 
6.0.5 point release which occured today.

Regards,

Adam




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 11 Jun 2012 07:39:36 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 23:29:02 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.