On 2020-08-06 06:08, Jinpu Wang wrote: > Hi Florian, > > On Wed, Aug 5, 2020 at 6:44 PM Florian Weimer <f...@deneb.enyo.de> wrote: > > > > * Jinpu Wang: > > > > > Dear Maintainer: > > > > > > Sorry, add some missing information below: > > > > > > After update to Buster, the systemd-sysusers are segfaulting every time. > > > After search around, I found following bugreport in glibc > > > https://sourceware.org/legacy-ml/libc-alpha/2016-06/msg01015.html > > > > > > I backported to the fix to 2.28-10, it fixed the problem. > > > > > > glibc upstream have a different fix for it in 2.32, see > > > https://sourceware.org/bugzilla/show_bug.cgi?id=20338 > > > > > > I think it's still easier to backport the fix in msg01015.html to 2.28 > > > version, > > > patch attached in the initial report. > > > > The patch from 2016 is incomplete because it does not seek back to the > > original file position, so the next call of fgetsgent_r skips over the > > entry that could not be fully parsed. > Thanks for quick response, can you provide a minimum bugfix, which > can be easily backported to old version like 2.28?
I think we do not want to diverge from the upstream fix, even if it is a bit more work to backport. We first need to fix it in bullseye/sid and then we can try to get this in the next buster stable release. > as you also make the bug 20338 as a security hole. It is marked as "security-", so it is *not* considered as a security issue (as the content of this file is trusted). Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net