Bug#896750: Hide unused symbols in libbz2
Package: bzip2 Version: 1.0.6-9 Currently libbz2.so exports all of it's symbols, including private ones. This may cause slower startup time and inadverent dependency on library internals in client code. Attached patch uses -fvisibility=hidden and -Wl,-version-script (whenever they are supported by compiler) to export only symbols which are present in public header. `make check' passed but I haven't tested dependent packages. Code may be ugly, I'd be happy to update it if deemed necessary. Removed symbols are: BZ2_blockSort BZ2_bsInitWrite BZ2_bz__AssertH__fail BZ2_compressBlock BZ2_crc32Table BZ2_decompress BZ2_hbAssignCodes BZ2_hbCreateDecodeTables BZ2_hbMakeCodeLengths BZ2_indexIntoF BZ2_rNums _edata _end _fini _init _bss_start My system is $ uname -a Linux yugr-VirtualBox 4.13.0-38-generic #43~16.04.1-Ubuntu SMP Wed Mar 14 17:48:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ ls -l /lib/*/libc.so.6 lrwxrwxrwx 1 root root 12 Jan 15 02:51 /lib/x86_64-linux-gnu/libc.so.6 -> libc-2.23.so The issue was found using https://github.com/yugr/ShlibVisibilityChecker -Yury Gribov 0001-Hide-private-symbols.patch Description: Binary data
Bug#858389: Memcpy parameter overlap in docbook-to-man
Package: docbook-to-man Version: 1:2.0.0-34 Hi, ReadESIS function in Instant/main.c triggers undefined behavior via memcpy's source and destination buffers overlap: memcpy([1], [2], strlen(buf)-1); As far as I can see, the issue is still present in 1:2.0.0-35. The simplest fix is probly to replace with memmove. The issue was found by Valgrind when testing flac package in debian_pkg_test framework (https://github.com/yugr/debian_pkg_test). Valgrind report: ==7111== Memcheck, a memory error detector ==7111== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==7111== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==7111== Command: /usr/bin/instant -croff.cmap -sroff.sdata -tdocbook-to-man.ts -d ==7111== Parent PID: 7109 ==7111== ==7111== Source and destination overlap in memcpy_chk(0x586f051, 0x586f052, 5) ==7111==at 0x4C353D7: __memcpy_chk (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==7111==by 0x10B2EF: ??? (in /usr/bin/instant) ==7111==by 0x10B157: ??? (in /usr/bin/instant) ==7111==by 0x10B157: ??? (in /usr/bin/instant) ==7111==by 0x10A796: ??? (in /usr/bin/instant) ==7111==by 0x526C82F: (below main) (/build/glibc-t3gR2i/glibc-2.23/csu/../csu/libc-start.c:291) -Yuri
Bug#855999: Pbuilder hangs until timeout when output is piped
Package: pbuilder Version: 0.223 Hi, When using --timeout option of pbuilder and piping output to e.g. cat, pbuilder will hang until timeout expires (instead of terminating once build is done): $ sudo pbuilder build --timeout 1h lua5.2_5.2.4-1ubuntu1.dsc 2>&1 | cat ... I: Copying back the cached apt archive contents I: unmounting dev/pts filesystem I: unmounting run/shm filesystem I: unmounting proc filesystem I: cleaning the build env I: removing directory /var/cache/pbuilder/build/5322 and its subdirectories I: Current time: Fri Feb 24 06:57:25 GMT 2017 I: pbuilder-time-stamp: 1487919445 # <-- Hangs for 1 hour It seems that the issue is in /usr/lib/pbuilder/pbuilder-buildpackage : if [ -n "${TIMEOUT_TIME}" ]; then ( : Timeout process sleep "${TIMEOUT_TIME}" log.i "Terminating build process due to timeout " kill "${BUILD_PID}" || true ) & # timeout process KILL_WAIT_PID="kill $! || true; echo \"I: Terminate timeout process\"; " ... eval "${KILL_WAIT_PID}" Note that KILL_WAIT_PID will kill the parent shell but keep sleep running. Sleep child process will become a zombie and keep writing to pipe which will _probably_ prevent it from being reaped by the kernel. A simple fix which worked for me is to redirect sleep's output to /dev/null (both stdout and stderr need to be redirected): sleep "${TIMEOUT_TIME}" &> /dev/null As far as I can see, the issue is still present in latest pbuilder. -Iurii
Bug#808912: dpkg: pkg_sorter_by_listfile_phys_offs violates qsort requirements
Package: dpkg Version: 1.17.5ubuntu5.5 Severity: normal Tags: upstream patch Dear Maintainer, Comparison function pkg_sorter_by_listfile_phys_offs passed to qsort does not satisfy qsort symmetry requirements: for some inputs pkg_sorter_by_listfile_phys_offs(a, b) != - pkg_sorter_by_listfile_phys_offs(b, a) This may cause various qsort misbehaviors e.g. failing to properly sort input array (on some platforms qsort could even abort although that seems to not be the case for Linux and glibc). Here's some relevant info from gdb: (gdb) set $a = (const struct pkginfo **)((char *)data + i * sz) (gdb) set $b = (const struct pkginfo **)((char *)data + j * sz) (gdb) p $a.set.name $9 = 0x9a5390 "libndr0" (gdb) p $b.set.name $10 = 0xa39120 "gir1.0-gdata-0.0" (gdb) p $a.clientdata.listfile_phys_offs $11 = 0 (gdb) p $b.clientdata.listfile_phys_offs $12 = 0 (gdb) p pkg_sorter_by_listfile_phys_offs($a, $b) $7 = 1 (gdb) p pkg_sorter_by_listfile_phys_offs($b, $a) $8 = 1 The fix seems to be pretty trivial - explicitly handle the case of equal listfile_phys_offs. I've found this bug in Ubuntu 12.04 but it seems to be still present in current dpkg git. The bug was found via SortChecker tool (https://github.com/yugr/sortcheck). -- System Information: Debian Release: jessie/sid APT prefers trusty-updates APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500, 'trusty-proposed'), (500, 'trusty'), (100, 'trusty-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.13.0-73-generic (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages dpkg depends on: ii libbz2-1.0 1.0.6-5 ii libc62.19-0ubuntu6.6 ii liblzma5 5.1.1alpha+20120614-2ubuntu2 ii libselinux1 2.2.2-1ubuntu0.1 ii tar 1.27.1-1 ii zlib1g 1:1.2.8.dfsg-1ubuntu1 dpkg recommends no packages. Versions of packages dpkg suggests: ii apt 1.0.1ubuntu2.10 Best regards, Yury Gribov dpkg-qsort-1.patch Description: Binary data