libc has broken cos implementation

Bug #1614966 reported by Mwelinder on 2016-08-19
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
glibc (Ubuntu)
Undecided
Adam Conrad
Xenial
Undecided
Adam Conrad

Bug Description

glibc 2.23 has a broken implementation of cos.

To see that, enter "=cos(1.5689793435451356)" into gnumeric or localc. A correct result is close
to 0, but libc and thus gnumeric/localc return ~1.

As per https://sourceware.org/bugzilla/show_bug.cgi?id=20357 this is fixed in 2.24

Suggestion: backport fix for that.

Seen on Ubuntu 16.04 (well, Mint 18).

CVE References

Adam Conrad (adconrad) on 2016-10-14
Changed in glibc (Ubuntu):
assignee: nobody → Adam Conrad (adconrad)
Changed in glibc (Ubuntu Xenial):
assignee: nobody → Adam Conrad (adconrad)
Changed in glibc (Ubuntu):
status: New → Fix Released
Changed in glibc (Ubuntu Xenial):
status: New → In Progress

Hello Mwelinder, or anyone else affected,

Accepted glibc into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/glibc/2.23-0ubuntu4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in glibc (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed
Adam Conrad (adconrad) wrote :

Verified that the 2.23-0ubuntu4 binaries in xenial-proposed resolve this issue.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package glibc - 2.23-0ubuntu4

---------------
glibc (2.23-0ubuntu4) xenial; urgency=medium

  * debian/rules.d/tarball.mk: Apply --no-renames to make the diff readable.
  * debian/patches/git-updates.diff: Update from release/2.23/master branch:
    - Include fix for potential makecontext() hang on ARMv7 (CVE-2016-6323)
    - Include fix for SEGV in sock_eq with nss_hesiod module (LP: #1571456)
    - Include malloc fixes, addressing multithread deadlocks (LP: #1630302)
    - debian/patches/hurd-i386/cvs-libpthread.so.diff: Dropped, upstreamed.
    - debian/patches/any/submitted-argp-attribute.diff: Dropped, upstreamed.
    - debian/patches/hurd-i386/tg-hurdsig-fixes-2.diff: Rebased to upstream.
  * debian/patches/ubuntu/local-altlocaledir.diff: Updated to latest version
    from Martin that limits scope to LC_MESSAGES, fixing segv (LP: #1577460)
  * debian/patches/any/cvs-cos-precision.diff: Fix cos() bugs (LP: #1614966)
  * debian/testsuite-xfail-debian.mk: Allow nptl/tst-signal6 to fail on ARM.

 -- Adam Conrad <email address hidden> Fri, 14 Oct 2016 00:00:34 -0600

Changed in glibc (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for glibc has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers