Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package s390-tools for openSUSE:Factory
checked in at 2022-05-03 21:19:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/s390-tools (Old)
and /work/SRC/openSUSE:Factory/.s390-tools.new.1538 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "s390-tools"
Tue May 3 21:19:41 2022 rev:46 rq:974770 version:2.19.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/s390-tools/s390-tools.changes 2022-04-14
17:26:40.747348500 +0200
+++ /work/SRC/openSUSE:Factory/.s390-tools.new.1538/s390-tools.changes
2022-05-03 21:19:50.765064360 +0200
@@ -1,0 +2,8 @@
+Tue May 3 18:10:58 UTC 2022 - Mark Post <mp...@suse.com>
+
+- Added s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch
+ for bsc#1199128. zgetdump --info may lead to a core dump when
+ issued for the device node (not a partition) right after
+ installing multi-volume dump tool (without taking actual dump).
+
+-------------------------------------------------------------------
New:
----
s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ s390-tools.spec ++++++
--- /var/tmp/diff_new_pack.izVDfK/_old 2022-05-03 21:19:51.805065662 +0200
+++ /var/tmp/diff_new_pack.izVDfK/_new 2022-05-03 21:19:51.809065666 +0200
@@ -1,7 +1,7 @@
#
# spec file for package s390-tools
#
-# Copyright (c) 2021-2022 SUSE LLC
+# Copyright (c) 2001-2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -100,6 +100,7 @@
Patch005:
s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch
Patch006:
s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch
Patch007:
s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch
+Patch008:
s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch
# SUSE patches
Patch900: s390-tools-sles12-zipl_boot_msg.patch
++++++ s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch ++++++
Subject: [PATCH] [BZ 197814] zdump/dfi: Fix segfault due to double free
From: Mikhail Zaslonko <zaslo...@linux.ibm.com>
Description: zdump: segfault on zgetdump -i for multi-volume dump
Symptom: zgetdump --info may lead to the core dump when issued for
the device node (not a partition) right after installing
multi-volume dump tool (without taking actual dump).
Problem: Double free condition occurs on zg_close() call at the end of
the while loop in dfi_init() in scope of zgetdump processing.
Solution: Do not call zg_close() at the end of open_dump() function during
multi-volume dump initialization.
Reproduction: 1) Install multi-volume dump tool
2) Run zgetdump -i using the device node of one of the dump
volumes as a parameter without taking actual dump.
Upstream-ID: c4e4b926b471da9c488a6468e6bd966512d1d14c
Problem-ID: 197814
Upstream-Description:
zdump/dfi: Fix segfault due to double free
The problem can happen when dfi_s390mv_init_gen() returns with an
error
code to dfi_init() in dfi.c.
Double free condition occurs on zg_close() call at the end of the
while loop in dfi_init() if zg_close() has already been called
for the
same file handle at the end of open_dump() function in scope of
dfi_s390mv_init_gen() processing.
This global file handle is not closed during init() call for any
other dump formats. Since it is not reopened/reused after
open_dump() call
during multi-volume dump initialization, we should not close it
at all.
The problem can be reproduced in the following steps:
1) Install multi-volume dump tool
# zipl -M mvdump.conf
Dump target: 2 partitions with a total size of 4732 MB.
Warning: All information on the following partitions will be
lost!
/dev/dasdb2
/dev/dasdb3
Do you want to continue creating multi-volume dump partitions
(y/n)?y
Done.
2) Run zgetdump -i using device (not partition) as a parameter
without
taking actual dump.
# zgetdump -i /dev/dasdb
free(): double free detected in tcache 2
Aborted (core dumped)
Signed-off-by: Mikhail Zaslonko <zaslo...@linux.ibm.com>
Reviewed-by: Alexander Egorenkov <egore...@linux.ibm.com>
Signed-off-by: Jan Hoeppner <hoepp...@linux.ibm.com>
Signed-off-by: Mikhail Zaslonko <zaslo...@linux.ibm.com>
---
zdump/dfi_s390mv.c | 1 -
1 file changed, 1 deletion(-)
--- a/zdump/dfi_s390mv.c
+++ b/zdump/dfi_s390mv.c
@@ -556,7 +556,6 @@ static int open_dump(void)
}
if (mv_dumper_read() != 0)
return -ENODEV;
- zg_close(g.fh);
return 0;
}
