2020-11-16 14:39:32 |
bugproxy |
bug |
|
|
added bug |
2020-11-16 14:39:35 |
bugproxy |
tags |
|
architecture-s39064 bugnameltc-189287 severity-high targetmilestone-inin2004 |
|
2020-11-16 14:39:36 |
bugproxy |
ubuntu: assignee |
|
Skipper Bug Screeners (skipper-screen-team) |
|
2020-11-16 14:39:39 |
bugproxy |
affects |
ubuntu |
glibc (Ubuntu) |
|
2020-11-16 14:41:02 |
Frank Heimes |
bug task added |
|
ubuntu-z-systems |
|
2020-11-16 14:41:12 |
Frank Heimes |
ubuntu-z-systems: importance |
Undecided |
High |
|
2020-11-16 14:41:59 |
Frank Heimes |
glibc (Ubuntu): assignee |
Skipper Bug Screeners (skipper-screen-team) |
Canonical Foundations Team (canonical-foundations) |
|
2020-11-16 14:42:13 |
Frank Heimes |
ubuntu-z-systems: assignee |
|
Skipper Bug Screeners (skipper-screen-team) |
|
2020-11-16 14:42:18 |
Frank Heimes |
ubuntu-z-systems: status |
New |
Triaged |
|
2020-11-16 14:51:20 |
Balint Reczey |
glibc (Ubuntu): status |
New |
Fix Committed |
|
2020-11-16 14:52:08 |
Frank Heimes |
nominated for series |
|
Ubuntu Hirsute |
|
2020-11-16 14:52:08 |
Frank Heimes |
bug task added |
|
glibc (Ubuntu Hirsute) |
|
2020-11-16 14:52:08 |
Frank Heimes |
nominated for series |
|
Ubuntu Groovy |
|
2020-11-16 14:52:08 |
Frank Heimes |
bug task added |
|
glibc (Ubuntu Groovy) |
|
2020-11-16 14:53:20 |
Frank Heimes |
glibc (Ubuntu Groovy): assignee |
|
Canonical Foundations Team (canonical-foundations) |
|
2020-11-16 18:44:21 |
Steve Langasek |
tags |
architecture-s39064 bugnameltc-189287 severity-high targetmilestone-inin2004 |
architecture-s39064 bugnameltc-189287 fr-934 severity-high targetmilestone-inin2004 |
|
2020-11-17 07:59:23 |
bugproxy |
tags |
architecture-s39064 bugnameltc-189287 fr-934 severity-high targetmilestone-inin2004 |
architecture-s39064 bugnameltc-189287 fr-934 severity-high targetmilestone-inin2010 |
|
2020-12-09 19:22:16 |
Frank Heimes |
summary |
Ugrade glibc 2.32 by required upstream patches |
Upgrade glibc 2.32 by required upstream patches |
|
2020-12-09 19:34:19 |
Balint Reczey |
glibc (Ubuntu Hirsute): status |
Fix Committed |
Fix Released |
|
2020-12-10 15:29:55 |
bugproxy |
bug watch added |
|
https://sourceware.org/bugzilla/show_bug.cgi?id=26636 |
|
2020-12-10 15:29:55 |
bugproxy |
bug watch added |
|
https://sourceware.org/bugzilla/show_bug.cgi?id=26639 |
|
2020-12-10 15:29:55 |
bugproxy |
bug watch added |
|
https://sourceware.org/bugzilla/show_bug.cgi?id=26637 |
|
2020-12-10 15:29:55 |
bugproxy |
bug watch added |
|
https://sourceware.org/bugzilla/show_bug.cgi?id=26600 |
|
2020-12-10 15:29:55 |
bugproxy |
bug watch added |
|
https://bugzilla.redhat.com/show_bug.cgi?id=1868106 |
|
2020-12-11 15:49:55 |
bugproxy |
bug watch added |
|
https://github.com/mozilla/rr/issues/2681 |
|
2020-12-11 18:16:37 |
Frank Heimes |
tags |
architecture-s39064 bugnameltc-189287 fr-934 severity-high targetmilestone-inin2010 |
architecture-s39064 bugnameltc-189287 fr-934 regression severity-high targetmilestone-inin2010 |
|
2020-12-11 18:16:43 |
Frank Heimes |
ubuntu-z-systems: importance |
High |
Critical |
|
2020-12-11 18:23:11 |
Frank Heimes |
description |
The current libc6-2.32-0ubuntu3 package lacks some of the upstream glibc commits on the "release/2.32/master" branch (see http://sourceware.org/git/?p=glibc.git;a=shortlog;h=refs/heads/release/2.32/master). Does Ubuntu automatically pick the commits from this release branch?
Otherwise, please update to the latest commits on this branch, especially for:
- 2dfa659a66 resolv: Handle transaction ID collisions in parallel queries (bug 26600)
- 0b9460d22e sysvipc: Fix IPC_INFO and SHM_INFO handling [BZ #26636]
- c4aeedea59 sysvipc: Fix IPC_INFO and MSG_INFO handling [BZ #26639]
- 9b139b6b81 sysvipc: Fix SEM_STAT_ANY kernel argument pass [BZ #26637]
- ... |
SRU Justification:
[Impact]
* The glibc version 2.32 in groovy has some regressions with the following impact:
* A regression that got introduced by commit ffd178c651b827f24acead02284abbb12f3f723b can lead to a crash, because __shmctl calls shmid_to_shmid64 on the input buffer even when cmd is IPC_INFO. If SHM_INFO is immediately followed by unmapped memory, shmid_to_shmid64 will read past its end into unmapped memory and will crash.
* Starting with glibc-2.31.9000-687-g3283f71113 (glibc-2.32~83) IPC_INFO and MSG_INFO commands of __msgctl and __msgctl64 return garbage because a pointer to an internal buffer on the stack is passed to the kernel. The buffer specified by the user remains unchanged after IPC_INFO and MSG_INFO commands.
* semctl SEM_STAT_ANY fails to pass the buffer specified by the caller to the kernel. The kernel receives garbage instead of union semun.buf address specified by the caller.
[ Fix ]
* a49d7fd4f764e97ccaf922e433046590ae52fce9 "32-bit shmctl(IPC_INFO) crashes when shminfo struct is at the end of a memory mapping"
* 20a00dbefca5695cccaa44846a482db8ccdd85ab "msgctl IPC_INFO and MSG_INFO return garbage"
* 574500a108be1d2a6a0dc97a075c9e0a98371aba "semctl SEM_STAT_ANY fails to pass the buffer specified by the caller to the kernel"
[ Test Case ]
Execute test script available upstream (1) here:
https://sourceware.org/bugzilla/show_bug.cgi?id=26636#c0
And run the test suite with the newly introduced test-cases that came with the commits.
[ Where problems could occur ]
* glibc modification are usually quite sensitive.
* Erroneous modifications (1) in the area of IPC and SHM (i.e. IPC_INFO and MSG_INFO) and it's control may lead to an even bigger impact - and in worst case the crashes go beyond the case where shminfo is immediately followed by unmapped memory and could happen always (which would break the system entirely).
* Returning (3) or passing over and pointing to wrong buffers (2), or in worst case to other unwanted areas, can cause virtually any unforeseen consequences.
Returning garbage is only one aspect, returning wrong data and even modifying it would be even worse.
[Other Info]
* All fixes are upstream accepted and are part of glibc 2.33.
__________
The current libc6-2.32-0ubuntu3 package lacks some of the upstream glibc commits on the "release/2.32/master" branch (see http://sourceware.org/git/?p=glibc.git;a=shortlog;h=refs/heads/release/2.32/master). Does Ubuntu automatically pick the commits from this release branch?
Otherwise, please update to the latest commits on this branch, especially for:
- 2dfa659a66 resolv: Handle transaction ID collisions in parallel queries (bug 26600)
- 0b9460d22e sysvipc: Fix IPC_INFO and SHM_INFO handling [BZ #26636]
- c4aeedea59 sysvipc: Fix IPC_INFO and MSG_INFO handling [BZ #26639]
- 9b139b6b81 sysvipc: Fix SEM_STAT_ANY kernel argument pass [BZ #26637]
- ... |
|
2020-12-16 10:23:32 |
Balint Reczey |
glibc (Ubuntu Groovy): status |
New |
In Progress |
|
2020-12-16 10:23:49 |
Balint Reczey |
glibc (Ubuntu Groovy): assignee |
Canonical Foundations Team (canonical-foundations) |
Balint Reczey (rbalint) |
|
2020-12-16 10:51:27 |
Frank Heimes |
ubuntu-z-systems: status |
Triaged |
In Progress |
|
2020-12-16 19:51:59 |
Łukasz Zemczak |
glibc (Ubuntu Groovy): status |
In Progress |
Fix Committed |
|
2020-12-16 19:52:02 |
Łukasz Zemczak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2020-12-16 19:52:04 |
Łukasz Zemczak |
bug |
|
|
added subscriber SRU Verification |
2020-12-16 19:52:07 |
Łukasz Zemczak |
tags |
architecture-s39064 bugnameltc-189287 fr-934 regression severity-high targetmilestone-inin2010 |
architecture-s39064 bugnameltc-189287 fr-934 regression severity-high targetmilestone-inin2010 verification-needed verification-needed-groovy |
|
2020-12-17 14:32:03 |
Frank Heimes |
tags |
architecture-s39064 bugnameltc-189287 fr-934 regression severity-high targetmilestone-inin2010 verification-needed verification-needed-groovy |
architecture-s39064 bugnameltc-189287 fr-934 regression severity-high targetmilestone-inin2010 verification-done verification-done-groovy |
|
2020-12-17 14:32:10 |
Frank Heimes |
ubuntu-z-systems: status |
In Progress |
Fix Committed |
|
2021-01-26 19:25:14 |
Brian Murray |
tags |
architecture-s39064 bugnameltc-189287 fr-934 regression severity-high targetmilestone-inin2010 verification-done verification-done-groovy |
architecture-s39064 block-proposed-groovy bugnameltc-189287 fr-934 regression severity-high targetmilestone-inin2010 verification-done verification-done-groovy |
|
2021-04-08 09:29:30 |
Łukasz Zemczak |
tags |
architecture-s39064 block-proposed-groovy bugnameltc-189287 fr-934 regression severity-high targetmilestone-inin2010 verification-done verification-done-groovy |
architecture-s39064 block-proposed-groovy bugnameltc-189287 fr-934 regression severity-high targetmilestone-inin2010 verification-needed verification-needed-groovy |
|
2021-04-08 10:43:24 |
Frank Heimes |
tags |
architecture-s39064 block-proposed-groovy bugnameltc-189287 fr-934 regression severity-high targetmilestone-inin2010 verification-needed verification-needed-groovy |
architecture-s39064 block-proposed-groovy bugnameltc-189287 fr-934 regression severity-high targetmilestone-inin2010 verification-done verification-done-groovy |
|
2021-04-08 15:02:21 |
Balint Reczey |
tags |
architecture-s39064 block-proposed-groovy bugnameltc-189287 fr-934 regression severity-high targetmilestone-inin2010 verification-done verification-done-groovy |
architecture-s39064 bugnameltc-189287 fr-934 regression severity-high targetmilestone-inin2010 verification-done verification-done-groovy |
|
2021-06-12 19:30:03 |
Balint Reczey |
glibc (Ubuntu Groovy): assignee |
Balint Reczey (rbalint) |
|
|
2021-07-28 11:40:53 |
Frank Heimes |
glibc (Ubuntu Groovy): status |
Fix Committed |
Won't Fix |
|
2021-07-28 11:41:00 |
Frank Heimes |
ubuntu-z-systems: status |
Fix Committed |
Fix Released |
|