Bug#727177: Upgrade of libnss-ldap to 265-1 causes important binaries to segfault
On Thu, 2013-10-24 at 10:25 -0400, Klee Dienes wrote: The issue is that libnss-ldap is ending up with a dependency on __libc_lock_lock, which was removed from glibc. Thanks for the pointer to the patch. I thought I tested the release before uploading but apparently I was mistaken. Sorry about that. Preparing another upload with this fix (I'll run some tests this time). A few other thoughts: * It might be nice to build nss-ldap with -Wimplicit -Werror or something along those lines. FTBFS is much better than fail-to-boot. * 'sudo' just crashes on null pointer dereference; 'su' complains about the link error. It'd be much better if the client apps would just ignore the missing nsswitch module. Patches are always welcome, however, libnss-ldap currently doesn't have a maintainer so if someone who actually regularly uses this package would step up to become maintainer that would help. I personally use nss-pam-ldapd which is easier to maintain and contains almost all features nss_ldap has but I understand some people still prefer nss_ldap so I uploaded a new release that should fix some bugs. Kind regards, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#727177: Upgrade of libnss-ldap to 265-1 causes important binaries to segfault
The issue is that libnss-ldap is ending up with a dependency on __libc_lock_lock, which was removed from glibc. So anything that tries to load libnss-ldap via nsswitch ends up getting a NULL for the library load, and then behaves poorly. There is a patch at https://github.com/archlinuxarm/PKGBUILDs/blob/master/extra/nss_ldap/nss_ldap-265-glibc-2.16.patch that fixed the problem for me. I had to edit it slightly to get along with the log_authpriv patch. A few other thoughts: * It might be nice to build nss-ldap with -Wimplicit -Werror or something along those lines. FTBFS is much better than fail-to-boot. * 'sudo' just crashes on null pointer dereference; 'su' complains about the link error. It'd be much better if the client apps would just ignore the missing nsswitch module.
Bug#727177: Upgrade of libnss-ldap to 265-1 causes important binaries to segfault
I just did run into exactely the same issue. No login possible after that update, when chrooting from a rescue system zsh did segfault. i was lucky to find bash still usable and i managed to identify libnss-ldap as the cause and could sucessfully downgrade to 264-2.5 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#727177: Upgrade of libnss-ldap to 265-1 causes important binaries to segfault
Same here. I can not login to the system in any way, I am trying to boot from a pen drive to downgrade libnss-ldap. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#727177: Upgrade of libnss-ldap to 265-1 causes important binaries to segfault
Package: libnss-ldap Version: 265-1 Severity: normal Dear Maintainer, * What led up to the situation? * I upgraded my system using apt-get. * What exactly did you do (or not do) that was effective (or ineffective)? After upgrading to nss-ldap-265-1, a substantial number of critical system binaries segfault immediately, including: * logins * zsh * bash * sudo * ssh * resolvconf * What was the outcome of this action? * My system was placed into a state that was impossible to adminstrate/fix, as I could not login as root, nor could I sudo to root. Recovery was only possible by booting to a USB drive, and recovering the system from there. Many login shells would not work (bash, zsh). * What outcome did you expect instead? * A clean upgrade, with overall system functionality intact - maybe a few bugs (perhaps even serious), but not an entirely unusable system. After rolling back to a different BTRFS snapshot, I was able to confirm this happens when libnss-ldap is upgraded to 265-1.: * I rolled back to a pre-upgrade state * Made a start snapshot * Mounted the start snapshot * mounted (bind) /dev, /dev/pts, /proc, /sys into the chroot. * chrooted to the start snapshot * apt-get install libnss-ldap At this point, sudo, zsh, bash, and other programs segfault immediately. I then held libnss-ldap to version 264-2.5, and ran an apt-get upgrade, which was uneventful. I then proceeded to do a snapshot/chroot test cycle, and was able to confirm again that upgrading libnss-ldap (and only libnss-ldap) would reproduce this issue for me. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.11-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libnss-ldap depends on: ii debconf [debconf-2.0] 1.5.51 ii libc6 2.17-93 ii libcomerr2 1.42.8-1 ii libgssapi-krb5-2 1.11.3+dfsg-3 ii libkrb5-3 1.11.3+dfsg-3 ii libldap-2.4-2 2.4.31-1+nmu2+b1 ii libsasl2-2 2.1.25.dfsg1-17 ii multiarch-support 2.17-93 Versions of packages libnss-ldap recommends: ii libpam-ldap 184-8.6 ii nscd 2.17-93 libnss-ldap suggests no packages. -- debconf information: * libnss-ldap/confperm: false * shared/ldapns/ldap-server: ldap://pilot.pariahzero.net/ * libnss-ldap/rootbinddn: cn=admin,dc=pilot,dc=pariahzero,dc=net * shared/ldapns/ldap_version: 3 libnss-ldap/override: true * libnss-ldap/dbrootlogin: true libnss-ldap/binddn: cn=proxyuser,dc=example,dc=net * libnss-ldap/nsswitch: * shared/ldapns/base-dn: dc=pilot,dc=pariahzero,dc=net * libnss-ldap/dblogin: false -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
