Debian Bug report logs - #987266
preinst check for kernel release > 255 may no longer be needed

version graph

Package: libc6; Maintainer for libc6 is GNU Libc Maintainers <debian-glibc@lists.debian.org>; Source for libc6 is src:glibc (PTS, buildd, popcon).

Reported by: Andras Korn <korn-debbugs@elan.rulez.org>

Date: Tue, 20 Apr 2021 16:39:01 UTC

Severity: normal

Found in versions glibc/2.31-11, glibc/2.24-11+deb9u4

Fixed in versions glibc/2.31-14, glibc/2.28-10+deb10u1, glibc/2.31-13+deb11u3

Done: Aurelien Jarno <aurel32@debian.org>

Bug is archived. No further changes may be made.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#987266; Package libc6. (Tue, 20 Apr 2021 16:39:03 GMT) (full text, mbox, link).


Acknowledgement sent to Andras Korn <korn-debbugs@elan.rulez.org>:
New Bug report received and forwarded. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Tue, 20 Apr 2021 16:39:03 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Andras Korn <korn-debbugs@elan.rulez.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: preinst check for kernel release > 255 may no longer be needed
Date: Tue, 20 Apr 2021 18:36:33 +0200
Package: libc6
Version: 2.31-11
Severity: normal

Hi,

due to https://salsa.debian.org/glibc-team/glibc/-/commit/6ddfa57577af0d96df9ddd7be401f5ce9a9bcc0f (a commit from 2004) the preinst script for glibc checks whether the "z" in the "x.y.z" of the kernel version is less than 255. If yes, the package refuses to install.

I hit this problem on a box with a custom 4.9.266 kernel.

Based on this lkml thread: https://lore.kernel.org/lkml/7pR0YCctzN9phpuEChlL7_SS6auHOM80bZBcGBTZPuMkc6XjKw7HUXf9vZUPi-IaV2gTtsRVXgywQbja8xpzjGRDGWJsVYSGQN5sNuX1yaQ=@protonmail.com/T/, the check is no longer needed because the kernel caps the version code it reports to 255, even if uname prints a higher number.

Of course, you could conceivably still hit the problem with earlier kernels, so I suppose the logic of the check should be modified, not removed entirely, to be technically correct.

If forced at gunpoint to make a guess, I would guess, though, that removing the check would have very little actual impact; it also doesn't protect the user from installing a kernel with an unsupported version number after having installed glibc.

Best regards,

András

-- 
     A ham sandwich is better than nothing. Nothing is better than eternal
         happiness. So a ham sandwich is better than eternal happiness.



Message sent on to Andras Korn <korn-debbugs@elan.rulez.org>:
Bug#987266. (Mon, 16 Aug 2021 21:21:06 GMT) (full text, mbox, link).


Message #8 received at 987266-submitter@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <noreply@salsa.debian.org>
To: 987266-submitter@bugs.debian.org
Subject: Bug#987266 marked as pending in glibc
Date: Mon, 16 Aug 2021 21:16:16 +0000
Control: tag -1 pending

Hello,

Bug #987266 in glibc reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/glibc-team/glibc/-/commit/b3c76cf1cd0c8b6e4844c6362a45143c136a2900

------------------------------------------------------------------------
debian/debhelper.in/libc.preinst: drop the check for kernel release > 255 now that glibc and preinstall script are fixed.  Closes: #987266.
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/987266



Added tag(s) pending. Request was from Aurelien Jarno <noreply@salsa.debian.org> to 987266-submitter@bugs.debian.org. (Mon, 16 Aug 2021 21:21:06 GMT) (full text, mbox, link).


Reply sent to Aurelien Jarno <aurel32@debian.org>:
You have taken responsibility. (Tue, 17 Aug 2021 15:09:15 GMT) (full text, mbox, link).


Notification sent to Andras Korn <korn-debbugs@elan.rulez.org>:
Bug acknowledged by developer. (Tue, 17 Aug 2021 15:09:15 GMT) (full text, mbox, link).


Message #15 received at 987266-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 987266-close@bugs.debian.org
Subject: Bug#987266: fixed in glibc 2.31-14
Date: Tue, 17 Aug 2021 15:04:03 +0000
Source: glibc
Source-Version: 2.31-14
Done: Aurelien Jarno <aurel32@debian.org>

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 987266@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 17 Aug 2021 16:27:59 +0200
Source: glibc
Architecture: source
Version: 2.31-14
Distribution: unstable
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Closes: 603914 975077 981650 982360 986951 987266 990031 990069
Changes:
 glibc (2.31-14) unstable; urgency=medium
 .
   [ Samuel Thibault ]
   * debian/testsuite-xfail-debian.mk: Update tests.
   * debian/patches/hurd-i386/tg-eintr.diff: Replace with upstream's
     more complete git-eintr.diff.
   * debian/patches/hurd-i386/proc_reauth.diff: Use the new
     __proc_reauthenticate_complete protocol.
   * control: Break hurd version that erroneously depended on an update libc0.3
     for the auth_complete_reauthentication RPC
   * debian/libc0.3.symbols.hurd-i386: Add missing gsync_wait_intr symbol.
   * debian/patches/hurd-i386/git-AT_NO_AUTOMOUNT.diff: Fix glib's fileinfo.
   * debian/patches/hurd-i386/git-ELF_MACHINE_USER_ADDRESS_MASK.diff: Fix
     ELF_MACHINE_USER_ADDRESS_MASK value.
   * debian/patches/hurd-i386/tg-bigmem.diff: Relace by git-drop-rmh.diff.
   * debian/patches/series: Reorder hurd-i386 git patches according to glibc
     release dates.
   * debian/patches/hurd-i386/sysvshm-lll.diff: Fold into tg-sysvshm.diff.
 .
   [ Aurelien Jarno ]
   * Drop debian/patches/arm/local-soname-hack.diff: not needed anymore.
   * Drop debian/patches/arm/unsubmitted-ldconfig-cache-abi.diff: not needed
     anymore.
   * debian/sysdeps/armhf.mk: drop old armhf compat symlink, this is not
     supported anymore.
   * debian/control.in/main: remove Adam Conrad from Uploaders. RIP.  Closes:
     #986951.
   * debian/testsuite-xfail-debian.mk: drop tst-malloc-usable-tunables from
     XFAIL, the kernel bug has been fixed.
   * debian/control.in/libc, debian/rules.d/debhelper.mk: Drop the depends in
     libcrypt1 as upgrades from buster to bookworm are not supported. Demote
     the libnss-nis and libnss-nisplus recommends to suggests.  Closes:
     #975077.
   * debian/patches/hppa/git-fcntl.h-update.diff: new patch from upstream to
     update EFD_NONBLOCK, IN_NONBLOCK, SFD_NONBLOCK and TFD_NONBLOCK on HPPA.
     Closes: #981650.
   * debian/debhelper.in/locales.postinst: simplify locales-all detection.
   * debian/control.in/main: drop arch specific depends on gcc-10 now that the
     minimum version is already in bullseye.
   * debian/debhelper.in/libc.preinst: simplify the version comparison by only
     comparing the two first parts, now that kernel 2.X are not supported
     anymore.
   * debian/debhelper.in/libc.preinst: drop the check for kernel release > 255
     now that glibc and preinstall script are fixed.  Closes: #987266.
   * debian/rules.d/build.mk: stop passing --enable-obsolete-rpc.
   * debian/debhelper.in/libc-dev.install{,.hurd-i386}: do not install
     librpcsvc.a.
   * debian/debhelper.in/libc-dev-bin.manpage, debian/local/manpages/rpcgen.1:
     do not install rpcgen (1) manpage.
   * debian/rules.d/build.mk: stop deleting <rpcsvc/yppasswd.h> and
     <rpcsvc/yppasswd.x>.
   * debian/control.in/libc, debian/rules.d/debhelper.mk: make libc6-dev to
     depend on rpcsvc-proto, except for stage1 and stage2.
   * debian/patches/localedata/supported.diff: update to drop all non-UTF-8
     locales.  Closes: #603914.
   * debian/patches/localedata/sort-UTF8-first.diff: drop.
   * debian/script.in/nsscheck.sh: restart openssh-server even if it has been
     deconfigured during the upgrade.  Closes: #990069.
 .
   [ Helmut Grohne ]
   * Fix FTCBFS: (Closes: #990031)
     + debian/control.in/main: Annotate binutils dependency with -for-host.
     + debian/control.in/main, debian/rules.d/control.mk: Use suffixed cross
       compilers until there is -for-host.
     + debian/patches/any/local-cross.patch: LIBGD detection actually works.
 .
   [ Matthias Klose ]
   * debian/rules, debian/rules.d/build.mk: Run checks for every pass before
     failing the build.  Closes: #982360.
Checksums-Sha1:
 c6fe176769a0e4068e39d9416e6f96d830508cdf 9762 glibc_2.31-14.dsc
 18b265e2eea5b45e47c7ce331e0e84b9bf4ccc90 913480 glibc_2.31-14.debian.tar.xz
 822fc821fd078cfec8b122ce5b4bbff1103b3361 8618 glibc_2.31-14_source.buildinfo
Checksums-Sha256:
 270453ce3b45caf98a1edc2b933c0703477e474427ad1fb14d5653ebb201c401 9762 glibc_2.31-14.dsc
 ad39bc1cb4c8eaa4dde7df897b3c7f7fe85743b88422a972c195a7d43a2bc862 913480 glibc_2.31-14.debian.tar.xz
 e5b472f4f5785a4c8a5e19a117a401270f003130464138a1be24290868eb9b13 8618 glibc_2.31-14_source.buildinfo
Files:
 75a013feac12d6637e49d73cdddb7fc1 9762 libs required glibc_2.31-14.dsc
 dd51c09b4cebb2416b7d684e8646fa73 913480 libs required glibc_2.31-14.debian.tar.xz
 48e98e2522e9c1534999a1ff074b9e8d 8618 libs required glibc_2.31-14_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAmEbyoAACgkQE4jA+Jno
M2vheA/7B7xJoWlagrNo44CNH4upRFb0HpzqtG/FtXjGAQJr5c0OWRiZf9YVv7PL
UzIfUoLjYVmu2YxeSgTCbunC/d9CgWIhpn6306Tum/CMF2+loCWD7ZdcudZnh8tR
aDKwQvW9RI5uGn54G4dFs8nL0Ir2lq+5WKzvaVLIMOZja58ck0HI+0tJ7Mjw/tCt
8QTihOVH/NY9brsnw1lbwBwUVErZH/1MDfQ6pnwxzd2rKgH0pYBDt1Ac9fwofqRB
xH+fDV/56xHzGh8ECTQWLIRkagP0ab/uP8eVpiD+Avl9eZ/jYtw8aNO2cZl3EDng
P7TEGJgnkr7VY7Cded/Tti6GQrWz3eIq/uIWGjvpkjzuFvQgWaKnSRrUuVpa0Rr6
XfjJfZKcrEWnfigxd2zk/NIWZnhTS+XtKNkFujJSxsdN1QEL3ubPZS3eV6uMggWo
QHgt7FCfBfIGCYWoQR4t+9rTU8jgIswevjUnRqb5u1vN5b2dyMUYI4eJlQvLD+JC
tAfqpaElAnVF6l4fhyeT6/2PzRBT6LFmpDphcPKHgfO1+asYiWOKsQ1IItvZwjhR
u+fcGVGrW6K1GVVXq+sVYBqeCoZdG6eU+hQN+MM6cIQAecV7M7OP9yoW3I2UdG3g
MyPsbG1YNeaQbWK44pNY+IpReKhI9hEcR93L1Ya0QWLJmI7hFpo=
=547K
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 15 Sep 2021 07:30:16 GMT) (full text, mbox, link).


Bug unarchived. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sun, 26 Sep 2021 07:57:04 GMT) (full text, mbox, link).


Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#987266; Package libc6. (Sun, 26 Sep 2021 08:00:02 GMT) (full text, mbox, link).


Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Sun, 26 Sep 2021 08:00:03 GMT) (full text, mbox, link).


Message #24 received at 987266@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Andras Korn <korn-debbugs@elan.rulez.org>, 987266@bugs.debian.org, Aurelien Jarno <aurel32@debian.org>
Subject: Re: Bug#987266: preinst check for kernel release > 255 may no longer be needed
Date: Sun, 26 Sep 2021 09:57:02 +0200
Hi Aurelien,

On Tue, Apr 20, 2021 at 06:36:33PM +0200, Andras Korn wrote:
> Package: libc6
> Version: 2.31-11
> Severity: normal
> 
> Hi,
> 
> due to
> https://salsa.debian.org/glibc-team/glibc/-/commit/6ddfa57577af0d96df9ddd7be401f5ce9a9bcc0f
> (a commit from 2004) the preinst script for glibc checks whether the
> "z" in the "x.y.z" of the kernel version is less than 255. If yes,
> the package refuses to install.
> 
> I hit this problem on a box with a custom 4.9.266 kernel.
> 
> Based on this lkml thread:
> https://lore.kernel.org/lkml/7pR0YCctzN9phpuEChlL7_SS6auHOM80bZBcGBTZPuMkc6XjKw7HUXf9vZUPi-IaV2gTtsRVXgywQbja8xpzjGRDGWJsVYSGQN5sNuX1yaQ=@protonmail.com/T/,
> the check is no longer needed because the kernel caps the version
> code it reports to 255, even if uname prints a higher number.
> 
> Of course, you could conceivably still hit the problem with earlier
> kernels, so I suppose the logic of the check should be modified, not
> removed entirely, to be technically correct.
> 
> If forced at gunpoint to make a guess, I would guess, though, that
> removing the check would have very little actual impact; it also
> doesn't protect the user from installing a kernel with an
> unsupported version number after having installed glibc.

Prompted by
https://lore.kernel.org/stable/YVAhOlTsb0NK0BVi@kroah.com/T/#t and
given this was addressed with
https://salsa.debian.org/glibc-team/glibc/-/commit/b3c76cf1cd0c8b6e4844c6362a45143c136a2900
is this something we should do consider as well for the older releases
where it is not acutally needed for people compiling their own custom
kernels?

Regards,
Salvatore



Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#987266; Package libc6. (Sun, 26 Sep 2021 11:24:02 GMT) (full text, mbox, link).


Acknowledgement sent to Aurelien Jarno <aurel32@debian.org>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Sun, 26 Sep 2021 11:24:02 GMT) (full text, mbox, link).


Message #29 received at 987266@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurel32@debian.org>
To: Salvatore Bonaccorso <carnil@debian.org>
Cc: Andras Korn <korn-debbugs@elan.rulez.org>, 987266@bugs.debian.org
Subject: Re: Bug#987266: preinst check for kernel release > 255 may no longer be needed
Date: Sun, 26 Sep 2021 13:21:16 +0200
Hi,

On 2021-09-26 09:57, Salvatore Bonaccorso wrote:
> Hi Aurelien,
> 
> On Tue, Apr 20, 2021 at 06:36:33PM +0200, Andras Korn wrote:
> > Package: libc6
> > Version: 2.31-11
> > Severity: normal
> > 
> > Hi,
> > 
> > due to
> > https://salsa.debian.org/glibc-team/glibc/-/commit/6ddfa57577af0d96df9ddd7be401f5ce9a9bcc0f
> > (a commit from 2004) the preinst script for glibc checks whether the
> > "z" in the "x.y.z" of the kernel version is less than 255. If yes,
> > the package refuses to install.
> > 
> > I hit this problem on a box with a custom 4.9.266 kernel.
> > 
> > Based on this lkml thread:
> > https://lore.kernel.org/lkml/7pR0YCctzN9phpuEChlL7_SS6auHOM80bZBcGBTZPuMkc6XjKw7HUXf9vZUPi-IaV2gTtsRVXgywQbja8xpzjGRDGWJsVYSGQN5sNuX1yaQ=@protonmail.com/T/,
> > the check is no longer needed because the kernel caps the version
> > code it reports to 255, even if uname prints a higher number.
> > 
> > Of course, you could conceivably still hit the problem with earlier
> > kernels, so I suppose the logic of the check should be modified, not
> > removed entirely, to be technically correct.
> > 
> > If forced at gunpoint to make a guess, I would guess, though, that
> > removing the check would have very little actual impact; it also
> > doesn't protect the user from installing a kernel with an
> > unsupported version number after having installed glibc.
> 
> Prompted by
> https://lore.kernel.org/stable/YVAhOlTsb0NK0BVi@kroah.com/T/#t and
> given this was addressed with
> https://salsa.debian.org/glibc-team/glibc/-/commit/b3c76cf1cd0c8b6e4844c6362a45143c136a2900
> is this something we should do consider as well for the older releases
> where it is not acutally needed for people compiling their own custom
> kernels?

The bug has been reported with severity normal, and it seemed it was
limited to a rather small range of users. Now if you thing it is a more
widespread issue, feel free to raise the severity so that we can
consider it from buster and bullseye. The fix has been in testing/sid
for a few weeks, so this should be acceptable for older releases.

At least for bullseye, we have an update scheduled, currently being
under review by the release team (bug #992693). But we won't be able to
fix Raspbian ;-).

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net



Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#987266; Package libc6. (Mon, 27 Sep 2021 14:27:02 GMT) (full text, mbox, link).


Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Mon, 27 Sep 2021 14:27:02 GMT) (full text, mbox, link).


Message #34 received at 987266@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Aurelien Jarno <aurel32@debian.org>
Cc: Andras Korn <korn-debbugs@elan.rulez.org>, 987266@bugs.debian.org
Subject: Re: Bug#987266: preinst check for kernel release > 255 may no longer be needed
Date: Mon, 27 Sep 2021 16:22:25 +0200
Hi Aurelien,

On Sun, Sep 26, 2021 at 01:21:16PM +0200, Aurelien Jarno wrote:
> Hi,
> 
> On 2021-09-26 09:57, Salvatore Bonaccorso wrote:
> > Hi Aurelien,
> > 
> > On Tue, Apr 20, 2021 at 06:36:33PM +0200, Andras Korn wrote:
> > > Package: libc6
> > > Version: 2.31-11
> > > Severity: normal
> > > 
> > > Hi,
> > > 
> > > due to
> > > https://salsa.debian.org/glibc-team/glibc/-/commit/6ddfa57577af0d96df9ddd7be401f5ce9a9bcc0f
> > > (a commit from 2004) the preinst script for glibc checks whether the
> > > "z" in the "x.y.z" of the kernel version is less than 255. If yes,
> > > the package refuses to install.
> > > 
> > > I hit this problem on a box with a custom 4.9.266 kernel.
> > > 
> > > Based on this lkml thread:
> > > https://lore.kernel.org/lkml/7pR0YCctzN9phpuEChlL7_SS6auHOM80bZBcGBTZPuMkc6XjKw7HUXf9vZUPi-IaV2gTtsRVXgywQbja8xpzjGRDGWJsVYSGQN5sNuX1yaQ=@protonmail.com/T/,
> > > the check is no longer needed because the kernel caps the version
> > > code it reports to 255, even if uname prints a higher number.
> > > 
> > > Of course, you could conceivably still hit the problem with earlier
> > > kernels, so I suppose the logic of the check should be modified, not
> > > removed entirely, to be technically correct.
> > > 
> > > If forced at gunpoint to make a guess, I would guess, though, that
> > > removing the check would have very little actual impact; it also
> > > doesn't protect the user from installing a kernel with an
> > > unsupported version number after having installed glibc.
> > 
> > Prompted by
> > https://lore.kernel.org/stable/YVAhOlTsb0NK0BVi@kroah.com/T/#t and
> > given this was addressed with
> > https://salsa.debian.org/glibc-team/glibc/-/commit/b3c76cf1cd0c8b6e4844c6362a45143c136a2900
> > is this something we should do consider as well for the older releases
> > where it is not acutally needed for people compiling their own custom
> > kernels?
> 
> The bug has been reported with severity normal, and it seemed it was
> limited to a rather small range of users. Now if you thing it is a more
> widespread issue, feel free to raise the severity so that we can
> consider it from buster and bullseye. The fix has been in testing/sid
> for a few weeks, so this should be acceptable for older releases.
> 
> At least for bullseye, we have an update scheduled, currently being
> under review by the release team (bug #992693). But we won't be able to
> fix Raspbian ;-).

It is probalby not that widespread, because I guess  the case where
user install older custom kernel from 4.4.y and 4.9.y series on buster
and newer is not that frequent and at time of writing the stable
series supported are 4.4.285, 4.9.284, so the two problematic ones,
4.14.248, 4.19.208, 5.4.149, 5.10.69 and 5.14.8. But at some point
upstream will reach 256 minor version as well forthe 4.14.y, 4.19.y
and 5.10.y series.

So maybe it is worth of fixing this as for bullseye and buster point
releases (not the next ones).

So no I have no strong opinion but I stumbled over the above on the
stable list.

Regards,
Salvatore



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Oct 2021 07:26:33 GMT) (full text, mbox, link).


Bug unarchived. Request was from Nikolaus Schulz <ns@htonl.de> to control@bugs.debian.org. (Sun, 13 Feb 2022 23:48:06 GMT) (full text, mbox, link).


Marked as found in versions glibc/2.24-11+deb9u4. Request was from Nikolaus Schulz <ns@htonl.de> to control@bugs.debian.org. (Sun, 13 Feb 2022 23:48:06 GMT) (full text, mbox, link).


Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#987266; Package libc6. (Sun, 13 Feb 2022 23:54:02 GMT) (full text, mbox, link).


Acknowledgement sent to Nikolaus Schulz <ns@htonl.de>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Sun, 13 Feb 2022 23:54:02 GMT) (full text, mbox, link).


Message #45 received at 987266@bugs.debian.org (full text, mbox, reply):

From: Nikolaus Schulz <ns@htonl.de>
To: 987266@bugs.debian.org
Subject: The preinst check for kernel release >255 broke my LTS upgrade
Date: Mon, 14 Feb 2022 00:50:55 +0100
Hi,

this check just broke the dist-upgrade of my server, going from jessie
to stretch.

While my machine is a vserver with a kernel 4.4.268 which is not part of
the Debian OS that I control, the current Debian kernel in stretch is
4.9.290-1 if I'm not mistaken, so I guess it's also affected.

So it looks to me like this is breaking any updates of glibc in stretch?

But breaking updates in a vserver scenario like above is also bad IMO.

I'm not sure if the preinst check is entirely obsolete, but if not, it
may at least additionally check if the current kernel has the version
clamping fix by upstream applied[1], which is true for -stable versions >=4.4.257
and >=4.9.257.

Best regards,
Nikolaus

[1] https://lwn.net/ml/linux-kernel/20210208145805.898658055@linuxfoundation.org/



Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#987266; Package libc6. (Fri, 04 Mar 2022 08:21:02 GMT) (full text, mbox, link).


Acknowledgement sent to Emilio Pozuelo Monfort <pochu@debian.org>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Fri, 04 Mar 2022 08:21:02 GMT) (full text, mbox, link).


Message #50 received at 987266@bugs.debian.org (full text, mbox, reply):

From: Emilio Pozuelo Monfort <pochu@debian.org>
To: 987266@bugs.debian.org, Salvatore Bonaccorso <carnil@debian.org>, Aurelien Jarno <aurel32@debian.org>
Subject: Re: Bug#987266: preinst check for kernel release > 255 may no longer be needed
Date: Fri, 4 Mar 2022 09:19:28 +0100
Hi,

On Sun, 26 Sep 2021 09:57:02 +0200 Salvatore Bonaccorso <carnil@debian.org> wrote:
> Hi Aurelien,
> 
> On Tue, Apr 20, 2021 at 06:36:33PM +0200, Andras Korn wrote:
> > Package: libc6
> > Version: 2.31-11
> > Severity: normal
> > 
> > Hi,
> > 
> > due to
> > https://salsa.debian.org/glibc-team/glibc/-/commit/6ddfa57577af0d96df9ddd7be401f5ce9a9bcc0f
> > (a commit from 2004) the preinst script for glibc checks whether the
> > "z" in the "x.y.z" of the kernel version is less than 255. If yes,
> > the package refuses to install.
> > 
> > I hit this problem on a box with a custom 4.9.266 kernel.
> > 
> > Based on this lkml thread:
> > https://lore.kernel.org/lkml/7pR0YCctzN9phpuEChlL7_SS6auHOM80bZBcGBTZPuMkc6XjKw7HUXf9vZUPi-IaV2gTtsRVXgywQbja8xpzjGRDGWJsVYSGQN5sNuX1yaQ=@protonmail.com/T/,
> > the check is no longer needed because the kernel caps the version
> > code it reports to 255, even if uname prints a higher number.
> > 
> > Of course, you could conceivably still hit the problem with earlier
> > kernels, so I suppose the logic of the check should be modified, not
> > removed entirely, to be technically correct.
> > 
> > If forced at gunpoint to make a guess, I would guess, though, that
> > removing the check would have very little actual impact; it also
> > doesn't protect the user from installing a kernel with an
> > unsupported version number after having installed glibc.
> 
> Prompted by
> https://lore.kernel.org/stable/YVAhOlTsb0NK0BVi@kroah.com/T/#t and
> given this was addressed with
> https://salsa.debian.org/glibc-team/glibc/-/commit/b3c76cf1cd0c8b6e4844c6362a45143c136a2900
> is this something we should do consider as well for the older releases
> where it is not acutally needed for people compiling their own custom
> kernels?

Another stretch user brought this up [1]. I suppose there are and as time passes 
(with current stable kernel versions getting higher) there will be more users 
affected by this in buster and bullseye. Have you further considered including 
this fix in a proposed-update?

Cheers,
Emilio

[1] https://lists.debian.org/debian-lts/2022/03/msg00002.html



Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#987266; Package libc6. (Fri, 04 Mar 2022 08:54:02 GMT) (full text, mbox, link).


Acknowledgement sent to Aurelien Jarno <aurel32@debian.org>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Fri, 04 Mar 2022 08:54:02 GMT) (full text, mbox, link).


Message #55 received at 987266@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurel32@debian.org>
To: Emilio Pozuelo Monfort <pochu@debian.org>
Cc: 987266@bugs.debian.org, Salvatore Bonaccorso <carnil@debian.org>
Subject: Re: Bug#987266: preinst check for kernel release > 255 may no longer be needed
Date: Fri, 4 Mar 2022 09:50:09 +0100
On 2022-03-04 09:19, Emilio Pozuelo Monfort wrote:
> Hi,
> 
> On Sun, 26 Sep 2021 09:57:02 +0200 Salvatore Bonaccorso <carnil@debian.org> wrote:
> > Hi Aurelien,
> > 
> > On Tue, Apr 20, 2021 at 06:36:33PM +0200, Andras Korn wrote:
> > > Package: libc6
> > > Version: 2.31-11
> > > Severity: normal
> > > > Hi,
> > > > due to
> > > https://salsa.debian.org/glibc-team/glibc/-/commit/6ddfa57577af0d96df9ddd7be401f5ce9a9bcc0f
> > > (a commit from 2004) the preinst script for glibc checks whether the
> > > "z" in the "x.y.z" of the kernel version is less than 255. If yes,
> > > the package refuses to install.
> > > > I hit this problem on a box with a custom 4.9.266 kernel.
> > > > Based on this lkml thread:
> > > https://lore.kernel.org/lkml/7pR0YCctzN9phpuEChlL7_SS6auHOM80bZBcGBTZPuMkc6XjKw7HUXf9vZUPi-IaV2gTtsRVXgywQbja8xpzjGRDGWJsVYSGQN5sNuX1yaQ=@protonmail.com/T/,
> > > the check is no longer needed because the kernel caps the version
> > > code it reports to 255, even if uname prints a higher number.
> > > > Of course, you could conceivably still hit the problem with earlier
> > > kernels, so I suppose the logic of the check should be modified, not
> > > removed entirely, to be technically correct.
> > > > If forced at gunpoint to make a guess, I would guess, though, that
> > > removing the check would have very little actual impact; it also
> > > doesn't protect the user from installing a kernel with an
> > > unsupported version number after having installed glibc.
> > 
> > Prompted by
> > https://lore.kernel.org/stable/YVAhOlTsb0NK0BVi@kroah.com/T/#t and
> > given this was addressed with
> > https://salsa.debian.org/glibc-team/glibc/-/commit/b3c76cf1cd0c8b6e4844c6362a45143c136a2900
> > is this something we should do consider as well for the older releases
> > where it is not acutally needed for people compiling their own custom
> > kernels?
> 
> Another stretch user brought this up [1]. I suppose there are and as time
> passes (with current stable kernel versions getting higher) there will be
> more users affected by this in buster and bullseye. Have you further
> considered including this fix in a proposed-update?

Yep I have submitted #1005906 for bullseye, and I have committed the fix
to the buster branch, but not yet submitted the bug.

Stretch is going to be more complicated as we still support 2.6.32
kernels, which means the third version level actually still makes sense.

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net



Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#987266; Package libc6. (Fri, 04 Mar 2022 09:27:05 GMT) (full text, mbox, link).


Acknowledgement sent to Emilio Pozuelo Monfort <pochu@debian.org>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Fri, 04 Mar 2022 09:27:05 GMT) (full text, mbox, link).


Message #60 received at 987266@bugs.debian.org (full text, mbox, reply):

From: Emilio Pozuelo Monfort <pochu@debian.org>
To: Aurelien Jarno <aurel32@debian.org>
Cc: 987266@bugs.debian.org, Salvatore Bonaccorso <carnil@debian.org>
Subject: Re: Bug#987266: preinst check for kernel release > 255 may no longer be needed
Date: Fri, 4 Mar 2022 10:22:01 +0100
On 04/03/2022 09:50, Aurelien Jarno wrote:
> On 2022-03-04 09:19, Emilio Pozuelo Monfort wrote:
>> Hi,
>>
>> On Sun, 26 Sep 2021 09:57:02 +0200 Salvatore Bonaccorso <carnil@debian.org> wrote:
>>> Hi Aurelien,
>>>
>>> On Tue, Apr 20, 2021 at 06:36:33PM +0200, Andras Korn wrote:
>>>> Package: libc6
>>>> Version: 2.31-11
>>>> Severity: normal
>>>>> Hi,
>>>>> due to
>>>> https://salsa.debian.org/glibc-team/glibc/-/commit/6ddfa57577af0d96df9ddd7be401f5ce9a9bcc0f
>>>> (a commit from 2004) the preinst script for glibc checks whether the
>>>> "z" in the "x.y.z" of the kernel version is less than 255. If yes,
>>>> the package refuses to install.
>>>>> I hit this problem on a box with a custom 4.9.266 kernel.
>>>>> Based on this lkml thread:
>>>> https://lore.kernel.org/lkml/7pR0YCctzN9phpuEChlL7_SS6auHOM80bZBcGBTZPuMkc6XjKw7HUXf9vZUPi-IaV2gTtsRVXgywQbja8xpzjGRDGWJsVYSGQN5sNuX1yaQ=@protonmail.com/T/,
>>>> the check is no longer needed because the kernel caps the version
>>>> code it reports to 255, even if uname prints a higher number.
>>>>> Of course, you could conceivably still hit the problem with earlier
>>>> kernels, so I suppose the logic of the check should be modified, not
>>>> removed entirely, to be technically correct.
>>>>> If forced at gunpoint to make a guess, I would guess, though, that
>>>> removing the check would have very little actual impact; it also
>>>> doesn't protect the user from installing a kernel with an
>>>> unsupported version number after having installed glibc.
>>>
>>> Prompted by
>>> https://lore.kernel.org/stable/YVAhOlTsb0NK0BVi@kroah.com/T/#t and
>>> given this was addressed with
>>> https://salsa.debian.org/glibc-team/glibc/-/commit/b3c76cf1cd0c8b6e4844c6362a45143c136a2900
>>> is this something we should do consider as well for the older releases
>>> where it is not acutally needed for people compiling their own custom
>>> kernels?
>>
>> Another stretch user brought this up [1]. I suppose there are and as time
>> passes (with current stable kernel versions getting higher) there will be
>> more users affected by this in buster and bullseye. Have you further
>> considered including this fix in a proposed-update?
> 
> Yep I have submitted #1005906 for bullseye, and I have committed the fix
> to the buster branch, but not yet submitted the bug.

I was wondering what docker had to do with all this, until I realized you meant 
#1005949 :)

> Stretch is going to be more complicated as we still support 2.6.32
> kernels, which means the third version level actually still makes sense.

I'm surprised we support that. However in any case we wouldn't need to backport 
[1], we could just backport [2] and support both 2.6.32 as well as e.g. 
4.14.264. Wouldn't that work?

Cheers,
Emilio

[1] 
https://salsa.debian.org/glibc-team/glibc/-/commit/5452b62ded81132ebedf3db82577de5277479b27
[2] 
https://salsa.debian.org/glibc-team/glibc/-/commit/b3c76cf1cd0c8b6e4844c6362a45143c136a2900



Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#987266; Package libc6. (Fri, 04 Mar 2022 11:57:02 GMT) (full text, mbox, link).


Acknowledgement sent to Aurelien Jarno <aurel32@debian.org>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Fri, 04 Mar 2022 11:57:03 GMT) (full text, mbox, link).


Message #65 received at 987266@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurel32@debian.org>
To: Emilio Pozuelo Monfort <pochu@debian.org>
Cc: 987266@bugs.debian.org, Salvatore Bonaccorso <carnil@debian.org>
Subject: Re: Bug#987266: preinst check for kernel release > 255 may no longer be needed
Date: Fri, 4 Mar 2022 12:54:26 +0100
On 2022-03-04 10:22, Emilio Pozuelo Monfort wrote:
> On 04/03/2022 09:50, Aurelien Jarno wrote:
> > On 2022-03-04 09:19, Emilio Pozuelo Monfort wrote:
> > > Hi,
> > > 
> > > On Sun, 26 Sep 2021 09:57:02 +0200 Salvatore Bonaccorso <carnil@debian.org> wrote:
> > > > Hi Aurelien,
> > > > 
> > > > On Tue, Apr 20, 2021 at 06:36:33PM +0200, Andras Korn wrote:
> > > > > Package: libc6
> > > > > Version: 2.31-11
> > > > > Severity: normal
> > > > > > Hi,
> > > > > > due to
> > > > > https://salsa.debian.org/glibc-team/glibc/-/commit/6ddfa57577af0d96df9ddd7be401f5ce9a9bcc0f
> > > > > (a commit from 2004) the preinst script for glibc checks whether the
> > > > > "z" in the "x.y.z" of the kernel version is less than 255. If yes,
> > > > > the package refuses to install.
> > > > > > I hit this problem on a box with a custom 4.9.266 kernel.
> > > > > > Based on this lkml thread:
> > > > > https://lore.kernel.org/lkml/7pR0YCctzN9phpuEChlL7_SS6auHOM80bZBcGBTZPuMkc6XjKw7HUXf9vZUPi-IaV2gTtsRVXgywQbja8xpzjGRDGWJsVYSGQN5sNuX1yaQ=@protonmail.com/T/,
> > > > > the check is no longer needed because the kernel caps the version
> > > > > code it reports to 255, even if uname prints a higher number.
> > > > > > Of course, you could conceivably still hit the problem with earlier
> > > > > kernels, so I suppose the logic of the check should be modified, not
> > > > > removed entirely, to be technically correct.
> > > > > > If forced at gunpoint to make a guess, I would guess, though, that
> > > > > removing the check would have very little actual impact; it also
> > > > > doesn't protect the user from installing a kernel with an
> > > > > unsupported version number after having installed glibc.
> > > > 
> > > > Prompted by
> > > > https://lore.kernel.org/stable/YVAhOlTsb0NK0BVi@kroah.com/T/#t and
> > > > given this was addressed with
> > > > https://salsa.debian.org/glibc-team/glibc/-/commit/b3c76cf1cd0c8b6e4844c6362a45143c136a2900
> > > > is this something we should do consider as well for the older releases
> > > > where it is not acutally needed for people compiling their own custom
> > > > kernels?
> > > 
> > > Another stretch user brought this up [1]. I suppose there are and as time
> > > passes (with current stable kernel versions getting higher) there will be
> > > more users affected by this in buster and bullseye. Have you further
> > > considered including this fix in a proposed-update?
> > 
> > Yep I have submitted #1005906 for bullseye, and I have committed the fix
> > to the buster branch, but not yet submitted the bug.
> 
> I was wondering what docker had to do with all this, until I realized you
> meant #1005949 :)

Oops, sorry about that.

> > Stretch is going to be more complicated as we still support 2.6.32
> > kernels, which means the third version level actually still makes sense.
> 
> I'm surprised we support that. However in any case we wouldn't need to

We disabled it at some point but we got strong pressure to re-enable it
as it is the last version supported by OpenVZ.

> backport [1], we could just backport [2] and support both 2.6.32 as well as
> e.g. 4.14.264. Wouldn't that work?

If we backport only [2], it means [1] doesn't work correctly as it
assumes that the third version level is < 255, just like glibc
internals.

Aurelien

> [1] https://salsa.debian.org/glibc-team/glibc/-/commit/5452b62ded81132ebedf3db82577de5277479b27
> [2] https://salsa.debian.org/glibc-team/glibc/-/commit/b3c76cf1cd0c8b6e4844c6362a45143c136a2900

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net



Reply sent to Aurelien Jarno <aurel32@debian.org>:
You have taken responsibility. (Fri, 18 Mar 2022 20:18:13 GMT) (full text, mbox, link).


Notification sent to Andras Korn <korn-debbugs@elan.rulez.org>:
Bug acknowledged by developer. (Fri, 18 Mar 2022 20:18:13 GMT) (full text, mbox, link).


Message #70 received at 987266-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 987266-close@bugs.debian.org
Subject: Bug#987266: fixed in glibc 2.28-10+deb10u1
Date: Fri, 18 Mar 2022 20:15:40 +0000
Source: glibc
Source-Version: 2.28-10+deb10u1
Done: Aurelien Jarno <aurel32@debian.org>

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 987266@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 15 Mar 2022 23:48:49 +0100
Source: glibc
Architecture: source
Version: 2.28-10+deb10u1
Distribution: buster
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Closes: 930697 953257 987266 1004861
Changes:
 glibc (2.28-10+deb10u1) buster; urgency=medium
 .
   [ Aurelien Jarno ]
   * debian/patches/git-updates.diff: update from upstream stable branch
     (Closes: #930697):
     - Add more integrity check to malloc() function.
     - Fix crash in _IO_wfile_sync.
     - Fix bad free() in libdl if dlerror() is not used.  Closes: #953257.
     - Fix overflow in glibc.malloc.tcache_count tunable.
     - Fix old x86 applications crash on exit() under valgrind.
     - Remove copy_file_range emulation. The kernel interface has at evolved
       and the glibc emulation doesn't match it anymore, so it's better for
       it to return -ENOSYS. This only impacts Linux kernels << 4.8.
     - Avoid lazy binding of symbols that may follow a variant PCS on arm64, to
       support binaries using AdvSIMD and SVE vector calls.
     - Fix large mmap64 offset for the N32 ABI on mips/mipsel/mips64el.
     - Improve string functions performances on arm64.
   * debian/patches/any/git-libio-stdout-putc.diff: refresh.
   * debian/debhelper.in/libc.preinst: simplify the version comparison by only
     comparing the two first parts, now that kernel 2.X are not supported
     anymore.  Closes: #1004861.
   * debian/debhelper.in/libc.preinst: drop the check for kernel release > 255
     now that glibc and preinstall script are fixed.  Closes: #987266.
Checksums-Sha1:
 243f0628429fb07884d7296efbc9061c76c6271e 8921 glibc_2.28-10+deb10u1.dsc
 850647b95ec602f2ad699646b0d0b9b5ada59372 899676 glibc_2.28-10+deb10u1.debian.tar.xz
 5724c49144613d48fa8fe4d0e6e3acab50c27396 7569 glibc_2.28-10+deb10u1_source.buildinfo
Checksums-Sha256:
 9bb410368ec00f6c6d2b281e97244337fb3513c885c250c0bd5caab694f4f62f 8921 glibc_2.28-10+deb10u1.dsc
 2f8b22a99965eafcfbb65f14bfb2dbe2400b06cb8e646e909eb22317c222dfe7 899676 glibc_2.28-10+deb10u1.debian.tar.xz
 deb07a130abba4c2ff46d7cb322388aeada9ad9947084ad925f19a5d171090cb 7569 glibc_2.28-10+deb10u1_source.buildinfo
Files:
 02890154ecc784fb9bc8d622b30a6b84 8921 libs required glibc_2.28-10+deb10u1.dsc
 0b0ef6ead64111aeee314ad523c03acb 899676 libs required glibc_2.28-10+deb10u1.debian.tar.xz
 6497b0149148112212ae1072f04efc22 7569 libs required glibc_2.28-10+deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAmIzr2sACgkQE4jA+Jno
M2vSkw/+Kbw30ZfDZEDUCUY31m6UTlxtiJz1HFxsz//bE4hQ1jW86TYOSm+zDL+x
edaFjrchTF2HhKMe8fO7jo+0xZpeLu2mVt1DmV7OUv1xaIcBzMbpzyVGHh4SCsku
MXMvMo2QO24saKUs7iK35h/FyOWmIAkDIs2dUvN8Hw4yyF+lRmOqTwEA+9h0oJg7
H18Cf7H//0uT3IWyTwQ5cD/oq9FDCC6MsWSCJ3VLOrOjWKaI7gYxAVVLS5GZqarQ
r+eBnKxnW6eSEiVHNDz//AvbyYTuSGZfnyAuNXhM/JAC6/YNBXu/4S8dn/Z6ddyU
IVYeWe1q/thrg7hi6iexnjuk0yeYL8n8BLbrQ3HD4rdf5S871Kjr2/ipr65PW73M
7AjiTFVB1SEYAHXMuMV5Bq8DT/Wz1/0tYN++Rfj4H+1FyPX/7BIE5LlGo8YJ84sc
qflBT7wXU0o9ej/jvPKZ5KOWQhb5rQRD+SAziYEeS1aAM7b7asv+pwEZ/2EO/nNr
bnzzuckzH//mXrySGPxRtkhRWm3ojT0cM/xASLfa1qJIRKI6KJdgRo+HPJLxkuJM
3knPo7RkZTyFEawr0Nla0Y5k/rUd7vIbc3q4ferct1hCKFdB6zHVlci8jvK8RRzd
0pL2L0ZaTbBG0wk29pa49My37PIt1DsoVLvhVxiJXGlQqIxedoY=
=nbo+
-----END PGP SIGNATURE-----




Reply sent to Aurelien Jarno <aurel32@debian.org>:
You have taken responsibility. (Sat, 19 Mar 2022 10:06:12 GMT) (full text, mbox, link).


Notification sent to Andras Korn <korn-debbugs@elan.rulez.org>:
Bug acknowledged by developer. (Sat, 19 Mar 2022 10:06:12 GMT) (full text, mbox, link).


Message #75 received at 987266-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 987266-close@bugs.debian.org
Subject: Bug#987266: fixed in glibc 2.31-13+deb11u3
Date: Sat, 19 Mar 2022 10:02:09 +0000
Source: glibc
Source-Version: 2.31-13+deb11u3
Done: Aurelien Jarno <aurel32@debian.org>

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 987266@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 17 Mar 2022 22:37:00 +0100
Source: glibc
Architecture: source
Version: 2.31-13+deb11u3
Distribution: bullseye
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Closes: 987266 989147 998008 998622 1004861
Changes:
 glibc (2.31-13+deb11u3) bullseye; urgency=medium
 .
   [ Aurelien Jarno ]
   * debian/patches/git-updates.diff: update from upstream stable branch:
     - Fix bad conversion from ISO-2022-JP-3 with iconv (CVE-2021-43396).
       Closes: #998622.
     - Remove PIE check on amd64 to fix FTBFS with binutils 2.37.
     - Fix a buffer overflow in sunrpc svcunix_create (CVE-2022-23218).
     - Fix a buffer overflow in sunrpc clnt_create (CVE-2022-23219).
   * debian/debhelper.in/libc-bin.postinst: stop replacing older versions from
     /etc/nsswitch.conf.  Closes: #998008.
   * debian/debhelper.in/libc.preinst: simplify the version comparison by only
     comparing the two first parts, now that kernel 2.X are not supported
     anymore.  Closes: #1004861.
   * debian/debhelper.in/libc.preinst: drop the check for kernel release > 255
     now that glibc and preinstall script are fixed.  Closes: #987266.
   * debian/patches/local-CVE-2021-33574-mq_notify-use-after-free.diff:
     fix a possible use-after-free in mq_notify (CVE-2021-33574).  Closes:
     #989147.
Checksums-Sha1:
 fdc75bac6fd6f430366dae36fd7807aefb2fc46d 8347 glibc_2.31-13+deb11u3.dsc
 b95746511969a1071f03c7a79855dfd4181f4238 916044 glibc_2.31-13+deb11u3.debian.tar.xz
 8311b1881f16eb90968469c7b26d445ace889426 8907 glibc_2.31-13+deb11u3_source.buildinfo
Checksums-Sha256:
 1a8c389b5664962dda78e289d6938a2276b8b450d41e3081e7bf82db2fe1e409 8347 glibc_2.31-13+deb11u3.dsc
 1accd7015160a589e8ad1111011fa9c911a572e673aa5689b99f64ce6740226c 916044 glibc_2.31-13+deb11u3.debian.tar.xz
 f828487f38283f566b310deb099466d5a5979faef6944d021c23a8503c6735b2 8907 glibc_2.31-13+deb11u3_source.buildinfo
Files:
 2cd4f1126a06d943b2b56256ef7d4294 8347 libs required glibc_2.31-13+deb11u3.dsc
 8a4a07322785138fbd85c61134702e25 916044 libs required glibc_2.31-13+deb11u3.debian.tar.xz
 2a048422f04673d3c7cf746f7593e7e7 8907 libs required glibc_2.31-13+deb11u3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAmIzrjoACgkQE4jA+Jno
M2tUrg/+LhtQVR/e/NlX8rD7J+yTsBxEbfgMaE6+RdqcwxBV3o9kmQFi8zc0hU3f
Dhzgs6bOxMsEpLJ+PWFl7tEEM50VxE5DZbOhWhqZh7Blbb3sQjjm5mVsH78Zjz6b
bE4ReCCIwTKMD5pXkXcHDcReW8YjlmHvce8Mh28XlY7U6SkYkN/gF1XQ1gMxB+Dp
SQ4FHxNJ6YAMuUHTQSNPnrsN5oSGytmMTgzHerb9qETACbiobjwUUAHJ1rb4ff2a
flGWmf0NoXPgD8/ZT5kfC0CpG+ZDme+li2dotVpLDnUE1WdEswOEHbHut2Ax7P3d
8aZvRLpJE3XMOU0R44ZqGEOXhph3adoEboGbE9MEIHp4JgCMYRjtZ6udFsaPAZKO
3bDfyw5Tl6CE/xoQecr6zAWIPvF5ZgmURw8nrz5fLzI1GDJbXUD2EnrVH6yfzL7H
wSE4/nYsihgojYZEyDpNKMycDUjjJwuW4qf6d0lFdSbBNK7JvqKkgFHmO1vrvBpW
fC/U5/8NA7ifQ/fSFb8PRcTChY9YuK9u/cc9TRn2wG1SD9lI9S2+Xn2pKZM6skJ/
54SGPHSjviwakCjTD45YC5B0KqQyn+B4ozOcKIAE/8Tc1kb//gd066IPcoIuOhe5
ihUsiXuJNTn0RTobXdEcMqwq6twKA38pKn5G8FBAQWSWc4D+dE8=
=pu7d
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 17 Apr 2022 07:28:53 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Oct 31 01:18:23 2025; Machine Name: berlioz

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.