Bug#977691: fixed in glibc 2.31-7
I can confirm that glibc 2.31-7 returns correct values from wcwidth() for Unicode 13 sextants. Thanks a lot!
[Git][glibc-team/glibc][sid] debian/testsuite-xfail-debian.mk: Update tests
Samuel Thibault pushed to branch sid at GNU Libc Maintainers / glibc Commits: c503d029 by Samuel Thibault at 2021-01-04T00:00:14+01:00 debian/testsuite-xfail-debian.mk: Update tests - - - - - 2 changed files: - debian/changelog - debian/testsuite-xfail-debian.mk View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/commit/c503d029ed638ae6321aed10f27471cd2dba7b59 -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/commit/c503d029ed638ae6321aed10f27471cd2dba7b59 You're receiving this email because of your account on salsa.debian.org.
Bug#264039: Patch to add memusage and memusagestat
On Sun, 3 Jan 2021 15:01:10 +0100 Aurelien Jarno wrote: > On 2020-12-28 23:00, Josh Triplett wrote: > > On Tue, 21 Apr 2020 20:58:56 +0200 Stephen Kitt wrote: > > > The attached patch adds memusage and memusagestat to the libc-bin package. > > > This does mean that the latter becomes dependent on libgd3, so it might be > > > better to add a new memusage package; I can take care of that if the > > > maintainers think it’s better. > > > > I do think it makes sense to have these in a separate package. Would you > > consider moving libmemusage.so to that same separate package? > > This is not something doable, we can't mix binaries and libraries in the same > packages. Libraries have to be in a Multi-Arch: same package, while > binaries have to be in a Multi-Arch: foreign package. You're right, sorry about that. I hadn't been thinking about multiarch because libmemusage.so was a private non-versioned library, but that *is* still an issue regardless. That said, the actual memusage.sh script appears to hardcode the shared-library directory at compile time, and the patch here doesn't change that.
[Git][glibc-team/glibc] Pushed new tag debian/2.31-8v2
Aurelien Jarno pushed new tag debian/2.31-8v2 at GNU Libc Maintainers / glibc -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/tree/debian/2.31-8v2 You're receiving this email because of your account on salsa.debian.org.
[Git][glibc-team/glibc][sid] releasing package glibc version 2.31-8 (second try to experimental)
Aurelien Jarno pushed to branch sid at GNU Libc Maintainers / glibc Commits: 074bec9c by Aurelien Jarno at 2021-01-03T18:55:41+01:00 releasing package glibc version 2.31-8 (second try to experimental) - - - - - 1 changed file: - debian/changelog View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/commit/074bec9cabd6a5da2149a444fba296cbb5db2a97 -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/commit/074bec9cabd6a5da2149a444fba296cbb5db2a97 You're receiving this email because of your account on salsa.debian.org.
Bug#979160: glibc FTBFS on kfreebsd-*: Uses configure option --enable-add-ons=fbtl
control: retitle -1 glibc: GNU/kFreeBSD support is completely broken control: severity -1 wishlist Hi, On 2021-01-03 18:19, Mattias Ellert wrote: > Source: glibc > Version: 2.31-7 > Severity: important > User: debian-...@lists.debian.org > > The builds on kfreebsd-* currently fail during the patching step > because one of the kfreebsd specific patches fails to apply. > > Fixing this issue is trivial and simply requires a refresh of the patch > (attached). > > However, this trivial fix is not sufficient. The build then fails with: The glibc package hasn't been built since version 2.25 more than 3 years ago. The work to get it building again is *huge* and I don't see the point in just refreshing a patch to get the package to fail only a few seconds later. Instead, please provide a full patch to get it building, we'll include it. In the meantime, downgrading this bug as a wishlist. Regards, Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net signature.asc Description: PGP signature
Processed: Re: Bug#979160: glibc FTBFS on kfreebsd-*: Uses configure option --enable-add-ons=fbtl
Processing control commands: > retitle -1 glibc: GNU/kFreeBSD support is completely broken Bug #979160 [src:glibc] glibc FTBFS on kfreebsd-*: Uses configure option --enable-add-ons=fbtl Changed Bug title to 'glibc: GNU/kFreeBSD support is completely broken' from 'glibc FTBFS on kfreebsd-*: Uses configure option --enable-add-ons=fbtl'. > severity -1 wishlist Bug #979160 [src:glibc] glibc: GNU/kFreeBSD support is completely broken Severity set to 'wishlist' from 'important' -- 979160: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979160 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
glibc_2.31-8_source.changes REJECTED
Source-only uploads to NEW are not allowed. binary:libc-devtools is NEW. === Please feel free to respond to this email if you don't understand why your files were rejected, or if you upload new files which address our concerns.
Re: unicode 13 in bullseye
Aurelien Jarno left as an exercise for the reader: > No, the freeze is in next than 10 days, and it would not be reasonable > to ship a new upstream version now. .nod > > * If not, ought I prepare a patch to backport the Unicode 13 > >support, or is it unlikely that such a patch would be > >accepted? > > I have tried to backport the corresponding commit and it seems to work > fine, at least the glibc testsuite still passes. I'll include it in the > next upload, but it might get reverted if it causes regressions in other > packages. That's great to hear! Wonderful! -- nick black -=- https://www.nick-black.com to make an apple pie from scratch, you need first invent a universe. signature.asc Description: PGP signature
Processing of glibc_2.31-8_source.changes
glibc_2.31-8_source.changes uploaded successfully to localhost along with the files: glibc_2.31-8.dsc glibc_2.31-8.debian.tar.xz glibc_2.31-8_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
Processed: Bug#91815 marked as pending in glibc
Processing control commands: > tag -1 pending Bug #91815 [src:glibc] Build memusage and memusagestat ? Bug #214257 [src:glibc] Include memusage in distribution Bug #264039 [src:glibc] libc6-dev: memusage and libmemusage missing Added tag(s) pending. Added tag(s) pending. Added tag(s) pending. -- 214257: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=214257 264039: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=264039 91815: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=91815 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
[Git][glibc-team/glibc][sid] 2 commits: Build and package memusage*
Aurelien Jarno pushed to branch sid at GNU Libc Maintainers / glibc Commits: 57870ece by Stephen Kitt at 2021-01-03T17:14:46+01:00 Build and package memusage* This builds memusage and memusagestat in the libc pass, and ships them in a new package, libc-devtools (short for libc-provided developer tools, and not libc-dev-tools to avoid making it seem to closely-related to libc-dev-bin). This involves adding a build-dependency on libgd-dev (outside stage1 and stage2). Other tools which are not used to build *with* libc, but useful for development in general, are moved to libc-devtools: mtrace, sotruss, sprof. libc-dev-bin recommends libc-devtools to provide a simple transition (see #91815 for the discussion). Closes: #91815 Signed-off-by: Stephen Kitt sk...@debian.org - - - - - ac1f5c97 by Aurelien Jarno at 2021-01-03T18:32:59+01:00 releasing package glibc version 2.31-8 - - - - - 11 changed files: - debian/changelog - debian/control - debian/control.in/main - debian/debhelper.in/libc-dev-bin.install - − debian/debhelper.in/libc-dev-bin.lintian-overrides - debian/debhelper.in/libc-dev-bin.manpages - + debian/debhelper.in/libc-devtools.install - + debian/debhelper.in/libc-devtools.lintian-overrides - + debian/debhelper.in/libc-devtools.manpages - debian/rules - debian/rules.d/build.mk View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/compare/11e21e978d242858ced48542021bcfbe2e118d62...ac1f5c97f80b73bc84ba3d7bf7b50efc719a2914 -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/compare/11e21e978d242858ced48542021bcfbe2e118d62...ac1f5c97f80b73bc84ba3d7bf7b50efc719a2914 You're receiving this email because of your account on salsa.debian.org.
[Git][glibc-team/glibc] Pushed new tag debian/2.31-8
Aurelien Jarno pushed new tag debian/2.31-8 at GNU Libc Maintainers / glibc -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/tree/debian/2.31-8 You're receiving this email because of your account on salsa.debian.org.
Bug#979160: glibc FTBFS on kfreebsd-*: Uses configure option --enable-add-ons=fbtl
Hello, Mattias Ellert, le dim. 03 janv. 2021 18:19:37 +0100, a ecrit: > --enable-add-ons=libidn,"fbtl " \ > > However, the configure script does not have an --enable-add-ons option, > so this is ignored. (Option is not listed by ./configure --help, nor > found by grepping for it.) FI, in NEWS: * The add-ons mechanism for building additional packages at the same time as glibc has been removed. The --enable-add-ons configure option is now ignored. So fbtl needs to be included in Makefiles etc. just like htl is for instance. Samuel
Bug#979160: glibc FTBFS on kfreebsd-*: Uses configure option --enable-add-ons=fbtl
Source: glibc Version: 2.31-7 Severity: important User: debian-...@lists.debian.org The builds on kfreebsd-* currently fail during the patching step because one of the kfreebsd specific patches fails to apply. Fixing this issue is trivial and simply requires a refresh of the patch (attached). However, this trivial fix is not sufficient. The build then fails with: *** On GNU/kFreeBSD systems it is normal to compile GNU libc with the *** `fbtl' add-on. Without that, the library will be *** incompatible with normal GNU/kFreeBSD systems. *** If you really mean to not use this add-on, run configure again *** using the extra parameter `--disable-sanity-checks'. The package build tries to enable the fbtl add-on. The call to configure contains: $(CURDIR)/configure \ --host=x86_64-kfreebsd-gnu \ --build=$configure_build --prefix=/usr \ --enable-add-ons=libidn,"fbtl " \ However, the configure script does not have an --enable-add-ons option, so this is ignored. (Option is not listed by ./configure --help, nor found by grepping for it.) Mattias tst-unique is not supported by the FreeBSD ELF OSABI --- a/elf/Makefile +++ b/elf/Makefile @@ -145,7 +145,7 @@ tests += loadtest restest1 preloadtest loadfail multiload origtest resolvfail \ unload3 unload4 unload5 unload6 unload7 unload8 tst-global1 order2 \ tst-audit1 tst-audit2 tst-audit8 tst-audit9 \ tst-addr1 tst-thrlock \ - tst-unique1 tst-unique2 $(if $(CXX),tst-unique3 tst-unique4 \ + $(if $(CXX),tst-unique3 tst-unique4 \ tst-nodelete tst-dlopen-nodelete-reloc) \ tst-initorder tst-initorder2 tst-relsort1 tst-null-argv \ tst-tlsalign tst-tlsalign-extern tst-nodelete-opened \ @@ -207,8 +207,6 @@ modules-names = testobj1 testobj2 testobj3 testobj4 testobj5 testobj6 \ unload7mod1 unload7mod2 \ unload8mod1 unload8mod1x unload8mod2 unload8mod3 \ order2mod1 order2mod2 order2mod3 order2mod4 \ - tst-unique1mod1 tst-unique1mod2 \ - tst-unique2mod1 tst-unique2mod2 \ tst-auditmod9a tst-auditmod9b \ $(if $(CXX),tst-unique3lib tst-unique3lib2 tst-unique4lib \ tst-nodelete-uniquemod tst-nodelete-rtldmod \ signature.asc Description: This is a digitally signed message part
glibc_2.31-7_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 03 Jan 2021 17:01:18 +0100 Source: glibc Architecture: source Version: 2.31-7 Distribution: unstable Urgency: medium Maintainer: GNU Libc Maintainers Changed-By: Aurelien Jarno Closes: 731082 973430 976391 977691 Changes: glibc (2.31-7) unstable; urgency=medium . [ Samuel Thibault ] * debian/testsuite-xfail-debian.mk: Update with 2.33 tests. * debian/patches/hurd-i386/local-clock_gettime_MONOTONIC.diff: Also accept CLOCK_MONOTONIC_RAW, CLOCK_REALTIME_COARSE, CLOCK_MONOTONIC_COARSE. * debian/patches/hurd-i386/tg-hurdsig-SA_SIGINFO.diff: Rename to git-hurdsig-SA_SIGINFO.diff. * debian/patches/hurd-i386/tg-sigstate_thread_reference.diff: Rename to git-sigstate_thread_reference.diff. * debian/patches/hurd-i386/git-siginfo_uesp.diff: Fix ss_sp field in siginfo. * debian/patches/hurd-i386/git-mmap-EINVAL.diff: Fix mmap EINVAL return value. * debian/patches/hurd-i386/git-waitid.diff: Support WEXITED/WCONTINUED/WSTOPPED/WNOWAIT. * debian/patches/hurd-i386/git-hurd-version.diff: Accept including hurd/version.h. * debian/patches/kfreebsd/submitted-waitid.diff: Refresh. * debian/control: Bump hurd-dev build-dep to get proc_waitid RPC. * debian/libc0.3.symbols.hurd-i386: Add proc_waitid RPC. * debian/debhelper.in/libc-dev.install.hurd-i386: Add missing libpthread_syms.a. . [ Aurelien Jarno ] * debian/patches/git-updates.diff: update from upstream stable branch: - Fix assertion failure in iconv when converting invalid UCS4 (CVE-2020-29562). Closes: #976391. * debian/sysdeps/arm64.mk: enable static PIE support on arm64. Closes: #973430. * debian/patches/localedata/git-unicode-13-support.diff: backport Unicode 13 support from upstream. Closes: #977691. * debian/local/manpages/po/pt_BR.po: recode to UTF-8 to make lintian happy. * debian/debhelper.in/*.lintian-overrides: update for recent lintian versions. * debian/patches/any/git-ld.so-cache-endianness-markup.diff: backport ld.so cache endianness support from upstream. Closes: #731082. Checksums-Sha1: 1e331fee23e117757d2769f92dd0b2fd4df55382 8198 glibc_2.31-7.dsc 356dec34f77e672d93d46afb956a69e106933636 900892 glibc_2.31-7.debian.tar.xz 166a597e48ab8f09db52a6fd9b4e4a24d9eb7f3d 7065 glibc_2.31-7_source.buildinfo Checksums-Sha256: b6534894ab76c394ce87ea5989c7da95f189575f0ed47d10cab35f957f8ba12c 8198 glibc_2.31-7.dsc 8e36044afa2f37f53d9198fbbbfeabc500c40b1944dad6783b4c04e01049016f 900892 glibc_2.31-7.debian.tar.xz 4fa5e0ebd5903dc3023987bef8a9e9bcf641ef89fe3f2eb566a4d59236868415 7065 glibc_2.31-7_source.buildinfo Files: 5725b5efa8985f7f1617bbf9dc56f995 8198 libs required glibc_2.31-7.dsc 25010ad628983358039bf4d47b03924b 900892 libs required glibc_2.31-7.debian.tar.xz 5c2541422e4a3827d82ddc332ef38abe 7065 libs required glibc_2.31-7_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAl/x628ACgkQE4jA+Jno M2ta4g/9FYueTtUbGXu9l6/7WxYQ4Gkf4sq7EAXI6F0qpUORpCfRnyWjXR9FSX0z AWEG3BM48db6t8rte7WJRsxvkHIw0Wmspk2vS+Wu54zdBa45CRojnCiFhn038KWS 0TlJsJe0zDnwghnvmrI7maKW4vA54hufUDdbujvZ6MGDsXUV89Hd1ZxieKiwH+ls ti7lGMWXgqaPYrgPM1syeSxyYPAcSB3HQdKeY+pZC8+eIO2a0r++6//TLyjkVxOh 3d4b9gERQdS7dyBid3DE41rHGnyI2n69D1MQimGih3PzpThFmujSL+DClaSjoKpV nCl97KIjt6rig0pwxa8mDnysutmOt96WVRD2WZaHqFZUYATpUVBmtYiELSk1nRRC 3cMeUr5dCPzYJO5qLscxh9hxZSZGq9A7JoHkZRrL0/wW/7ChYiMnZiw9bHr069Db Na9jESKAoK4KNorY7HeXZwkr3XMil9Oc0msxyHzbyu04D9rUcq4idfBDPiH1iSWF ebMq760I04jLb3UgMSdaO3kMPcaKSR4/14ynLxnUaODR4SZ6nvyGzmmaALQ671CO 9Bhy1u4VTK5fZYRH2zOPP+/1qkLkBl2FU5EIEBIs5FlfwiAdBmi7/r+utja9iciJ Kgw3rn3SYoNxXde+LLcqaEIsuGRWWia4FPUlwTGJBaly6u+SPA4= =DDoC -END PGP SIGNATURE- Thank you for your contribution to Debian.
Processing of glibc_2.31-7_source.changes
glibc_2.31-7_source.changes uploaded successfully to localhost along with the files: glibc_2.31-7.dsc glibc_2.31-7.debian.tar.xz glibc_2.31-7_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
Bug#977691: marked as done (libc6: would be great to have 2.32's Unicode 13 support in bullseye)
Your message dated Sun, 03 Jan 2021 16:19:11 + with message-id and subject line Bug#977691: fixed in glibc 2.31-7 has caused the Debian Bug report #977691, regarding libc6: would be great to have 2.32's Unicode 13 support in bullseye to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 977691: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977691 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libc6 Version: 2.31-6 Severity: normal X-Debbugs-Cc: dankamong...@gmail.com Dear Maintainer, Unstable currently contains GNU libc 2.31. I assume that this is the version expected to go into Bullseye. If 2.32 is intended, please ignore this bug. 2.32 added Unicode 13 support, including wcwidth() tables for the new Unicode 13 characters, introduced in March 2020. 2.31 wcwidth() returns -1 for these characters. GNU libc's wcwidth() implementation is table-driven, and generated from Unicode data files. It is thus pretty well self-contained. If Bullseye will be shipping 2.31, it would be very desirable to include the Unicode 13 support from 2.32. At the very least, the updated wcwidth() tables would be a boon. I'd be happy to prepare a backport in the form of a patch, but wanted to submit this bug and get feedback from the glibc maintainers before doing so. Would such a patch be welcome, assuming I could get it done by some date? Alternatively, are there plans to ship 2.32 in Bullseye? Thanks! -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (300, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.10.1nlb (SMP w/64 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libc6 depends on: ii libcrypt1 1:4.4.17-1 ii libgcc-s1 10.2.1-1 Versions of packages libc6 recommends: ii libidn2-0 2.3.0-4 ii libnss-nis 3.1-4 ii libnss-nisplus 1.3-4 Versions of packages libc6 suggests: ii debconf [debconf-2.0] 1.5.74 ii glibc-doc 2.31-6 ii libc-l10n 2.31-6 ii locales2.31-6 -- debconf information: glibc/restart-failed: * glibc/disable-screensaver: * libraries/restart-without-asking: true glibc/kernel-not-supported: glibc/kernel-too-old: glibc/restart-services: glibc/upgrade: true --- End Message --- --- Begin Message --- Source: glibc Source-Version: 2.31-7 Done: Aurelien Jarno We believe that the bug you reported is fixed in the latest version of glibc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 977...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno (supplier of updated glibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 03 Jan 2021 17:01:18 +0100 Source: glibc Architecture: source Version: 2.31-7 Distribution: unstable Urgency: medium Maintainer: GNU Libc Maintainers Changed-By: Aurelien Jarno Closes: 731082 973430 976391 977691 Changes: glibc (2.31-7) unstable; urgency=medium . [ Samuel Thibault ] * debian/testsuite-xfail-debian.mk: Update with 2.33 tests. * debian/patches/hurd-i386/local-clock_gettime_MONOTONIC.diff: Also accept CLOCK_MONOTONIC_RAW, CLOCK_REALTIME_COARSE, CLOCK_MONOTONIC_COARSE. * debian/patches/hurd-i386/tg-hurdsig-SA_SIGINFO.diff: Rename to git-hurdsig-SA_SIGINFO.diff. * debian/patches/hurd-i386/tg-sigstate_thread_reference.diff: Rename to git-sigstate_thread_reference.diff. * debian/patches/hurd-i386/git-siginfo_uesp.diff: Fix ss_sp field in siginfo. * debian/patches/hurd-i386/git-mmap-EINVAL.diff: Fix mmap EINVAL return value. * debian/patches/hurd-i386/git-waitid.diff: Support WEXITED/WCONTINUED/WSTOPPED/WNOWAIT. * debian/patches/hurd-i386/git-hurd-version.diff: Accept including hurd/version.h. * debian/patches/kfreebsd/submitted-waitid.diff: Refresh. * debian/control: Bump hurd-dev
Bug#976391: marked as done (glibc: CVE-2020-29562)
Your message dated Sun, 03 Jan 2021 16:19:11 + with message-id and subject line Bug#976391: fixed in glibc 2.31-7 has caused the Debian Bug report #976391, regarding glibc: CVE-2020-29562 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 976391: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976391 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: glibc Version: 2.31-5 Severity: important Tags: security upstream Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=26923 X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: found -1 2.31-4 Hi, The following vulnerability was published for glibc. CVE-2020-29562[0]: | The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to | 2.32, when converting UCS4 text containing an irreversible character, | fails an assertion in the code path and aborts the program, | potentially resulting in a denial of service. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-29562 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29562 [1] https://sourceware.org/bugzilla/show_bug.cgi?id=26923 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: glibc Source-Version: 2.31-7 Done: Aurelien Jarno We believe that the bug you reported is fixed in the latest version of glibc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 976...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno (supplier of updated glibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 03 Jan 2021 17:01:18 +0100 Source: glibc Architecture: source Version: 2.31-7 Distribution: unstable Urgency: medium Maintainer: GNU Libc Maintainers Changed-By: Aurelien Jarno Closes: 731082 973430 976391 977691 Changes: glibc (2.31-7) unstable; urgency=medium . [ Samuel Thibault ] * debian/testsuite-xfail-debian.mk: Update with 2.33 tests. * debian/patches/hurd-i386/local-clock_gettime_MONOTONIC.diff: Also accept CLOCK_MONOTONIC_RAW, CLOCK_REALTIME_COARSE, CLOCK_MONOTONIC_COARSE. * debian/patches/hurd-i386/tg-hurdsig-SA_SIGINFO.diff: Rename to git-hurdsig-SA_SIGINFO.diff. * debian/patches/hurd-i386/tg-sigstate_thread_reference.diff: Rename to git-sigstate_thread_reference.diff. * debian/patches/hurd-i386/git-siginfo_uesp.diff: Fix ss_sp field in siginfo. * debian/patches/hurd-i386/git-mmap-EINVAL.diff: Fix mmap EINVAL return value. * debian/patches/hurd-i386/git-waitid.diff: Support WEXITED/WCONTINUED/WSTOPPED/WNOWAIT. * debian/patches/hurd-i386/git-hurd-version.diff: Accept including hurd/version.h. * debian/patches/kfreebsd/submitted-waitid.diff: Refresh. * debian/control: Bump hurd-dev build-dep to get proc_waitid RPC. * debian/libc0.3.symbols.hurd-i386: Add proc_waitid RPC. * debian/debhelper.in/libc-dev.install.hurd-i386: Add missing libpthread_syms.a. . [ Aurelien Jarno ] * debian/patches/git-updates.diff: update from upstream stable branch: - Fix assertion failure in iconv when converting invalid UCS4 (CVE-2020-29562). Closes: #976391. * debian/sysdeps/arm64.mk: enable static PIE support on arm64. Closes: #973430. * debian/patches/localedata/git-unicode-13-support.diff: backport Unicode 13 support from upstream. Closes: #977691. * debian/local/manpages/po/pt_BR.po: recode to UTF-8 to make lintian happy. * debian/debhelper.in/*.lintian-overrides: update for recent lintian versions. * debian/patches/any/git-ld.so-cache-endianness-markup.diff: backport ld.so cache endianness support from upstream. Closes: #731082. Checksums-Sha1: 1e331fee23e117757d2769f92dd0b2fd4df55382 8198 glibc_2.31-7.dsc 356dec34f77e672d93d46afb956a69e106933636 900892 glibc_2.31-7.debian.tar.xz 166a597e48ab8f09db52a6fd9b4e4a24d9eb7f3d 7065 glibc_2.31-7_source.buildinfo Checksums-Sha256:
Bug#973430: marked as done (glibc arm64 missing --enable-static-pie configure flag)
Your message dated Sun, 03 Jan 2021 16:19:11 + with message-id and subject line Bug#973430: fixed in glibc 2.31-7 has caused the Debian Bug report #973430, regarding glibc arm64 missing --enable-static-pie configure flag to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 973430: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973430 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libc6-dev Version: 2.28-10 There is an inconsistency between the build flags that are used to build amd64 and arm64 packages for libc6-dev. This leads to -static-pie not being supported in the arm64 version but is available in amd64. Can the -–enable-static-pie be added and a update pushed out for older packages (i.e. buster repo) or would this change only make -static-pie supported on future bullseye releases? https://buildd.debian.org/status/package.php?p=glibc Amd64 configure flags: cd build-tree/amd64-libc && \ CC="x86_64-linux-gnu-gcc-10" \ CXX="x86_64-linux-gnu-g++-10" \ MIG="x86_64-linux-gnu-mig" \ AUTOCONF=false \ MAKEINFO=: \ /<>/configure \ --host=x86_64-linux-gnu \ --build=$configure_build --prefix=/usr \ --enable-add-ons=libidn,"" \ --without-selinux \ --enable-stackguard-randomization \ --enable-stack-protector=strong \ --enable-obsolete-rpc \ --with-pkgversion="Debian GLIBC 2.31-4" \ --with-bugurl="http://www.debian.org/Bugs/; \ \ \ \ --disable-crypt \ --with-headers=/<>/debian/include --enable-kernel=3.2 --with-selinux --enable-multi-arch --enable-static-pie Arm64 configure flags: cd build-tree/arm64-libc && \ CC="aarch64-linux-gnu-gcc-10" \ CXX="aarch64-linux-gnu-g++-10" \ MIG="aarch64-linux-gnu-mig" \ AUTOCONF=false \ MAKEINFO=: \ /<>/configure \ --host=aarch64-linux-gnu \ --build=$configure_build --prefix=/usr \ --enable-add-ons=libidn,"" \ --without-selinux \ --enable-stackguard-randomization \ --enable-stack-protector=strong \ --enable-obsolete-rpc \ --with-pkgversion="Debian GLIBC 2.31-4" \ --with-bugurl="http://www.debian.org/Bugs/; \ \ \ --disable-mathvec \ --disable-crypt \ --with-headers=/<>/debian/include --enable-kernel=3.2 --with-selinux --enable-multi-arch --- End Message --- --- Begin Message --- Source: glibc Source-Version: 2.31-7 Done: Aurelien Jarno We believe that the bug you reported is fixed in the latest version of glibc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 973...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno (supplier of updated glibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 03 Jan 2021 17:01:18 +0100 Source: glibc Architecture: source Version: 2.31-7 Distribution: unstable Urgency: medium Maintainer: GNU Libc Maintainers Changed-By: Aurelien Jarno Closes: 731082 973430 976391 977691 Changes: glibc (2.31-7) unstable; urgency=medium . [ Samuel Thibault ] * debian/testsuite-xfail-debian.mk: Update with 2.33 tests. * debian/patches/hurd-i386/local-clock_gettime_MONOTONIC.diff: Also accept CLOCK_MONOTONIC_RAW, CLOCK_REALTIME_COARSE, CLOCK_MONOTONIC_COARSE. * debian/patches/hurd-i386/tg-hurdsig-SA_SIGINFO.diff: Rename to git-hurdsig-SA_SIGINFO.diff. * debian/patches/hurd-i386/tg-sigstate_thread_reference.diff: Rename to git-sigstate_thread_reference.diff. * debian/patches/hurd-i386/git-siginfo_uesp.diff: Fix ss_sp field in siginfo. * debian/patches/hurd-i386/git-mmap-EINVAL.diff: Fix mmap EINVAL return value. * debian/patches/hurd-i386/git-waitid.diff: Support WEXITED/WCONTINUED/WSTOPPED/WNOWAIT. * debian/patches/hurd-i386/git-hurd-version.diff: Accept including hurd/version.h. * debian/patches/kfreebsd/submitted-waitid.diff: Refresh. * debian/control: Bump hurd-dev build-dep to get
Bug#731082: marked as done (ld.so.cache parsing code does not deal with mixed endianess multiarch, causing segfaults)
Your message dated Sun, 03 Jan 2021 16:19:11 + with message-id and subject line Bug#731082: fixed in glibc 2.31-7 has caused the Debian Bug report #731082, regarding ld.so.cache parsing code does not deal with mixed endianess multiarch, causing segfaults to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 731082: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731082 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: qemu-user-static Version: 1.7.0+dfsg-2 Severity: normal Dear Maintainer, I managed to run: $ qemu-ppc-static /lib/powerpc-linux-gnu/libc.so.6 which prints the usual text, but so far that's the only program that hasn't failed with: $ qemu-ppc-static ./bin/true Invalid data memory access: 0xb6d15008 NIP f67e257c LR f67e2658 CTR XER MSR 6040 HID0 HF 6000 idx 0 TB GPR00 f67e2634 f6ffecc8 772b5010 GPR04 f67ec31c 000b 0002 GPR08 0030 80b40010 f677500a 0002 GPR12 f67dcb98 f67fea9c f67fe8c4 GPR16 f67fe900 000a GPR20 f67feaf0 f67fd4d8 GPR24 16f9 772b5010 7f51571d c059fff4 GPR28 b6d14ff4 200e f67fdff4 10077fff CR 44282042 [ G G E L E - G E ] RES FPR00 FPR04 FPR08 FPR12 FPR16 FPR20 FPR24 FPR28 FPSCR qemu: uncaught target signal 11 (Segmentation fault) - core dumped (I tested the /bin/true of coreutils_8.21-1_powerpc.deb to make sure it wasn't my cross-compiler that was broken) I must be doing something wrong, but I don't know what, because I followed exactly the same steps as for armhf, and that one is working just fine (thanks!). I also tested on the same system with qemu-ppc (not static), qemu-ppc64abi32, and with the x86 version of qemu-ppc-static, and all failed. It was already failing a lot with version 1.6, but I seem to remember that at least a trivial "return 0" program worked. Other people seem to have more luck, but I have mostly read posts about debootstrap or chroots, not about multiarch setups. According to strace, the segfault happens just after closing /etc/ld.so.cache. On arm, that's followed by a second check for /etc/ld.so.nohwcap and then looking everywhere for libc.so.6. -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable'), (50, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 armhf powerpc Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash qemu-user-static depends on no packages. Versions of packages qemu-user-static recommends: ii binfmt-support 2.0.16 Versions of packages qemu-user-static suggests: ii sudo 1.8.8-2 -- no debconf information --- End Message --- --- Begin Message --- Source: glibc Source-Version: 2.31-7 Done: Aurelien Jarno We believe that the bug you reported is fixed in the latest version of glibc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 731...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno (supplier of updated glibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 03 Jan 2021 17:01:18 +0100 Source: glibc Architecture: source
[Git][glibc-team/glibc][sid] releasing package glibc version 2.31-7
Aurelien Jarno pushed to branch sid at GNU Libc Maintainers / glibc Commits: 11e21e97 by Aurelien Jarno at 2021-01-03T17:01:34+01:00 releasing package glibc version 2.31-7 - - - - - 1 changed file: - debian/changelog View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/commit/11e21e978d242858ced48542021bcfbe2e118d62 -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/commit/11e21e978d242858ced48542021bcfbe2e118d62 You're receiving this email because of your account on salsa.debian.org.
[Git][glibc-team/glibc] Pushed new tag debian/2.31-7
Aurelien Jarno pushed new tag debian/2.31-7 at GNU Libc Maintainers / glibc -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/tree/debian/2.31-7 You're receiving this email because of your account on salsa.debian.org.
Processed: Bug#731082 marked as pending in glibc
Processing control commands: > tag -1 pending Bug #731082 [libc6] ld.so.cache parsing code does not deal with mixed endianess multiarch, causing segfaults Added tag(s) pending. -- 731082: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731082 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
[Git][glibc-team/glibc][sid] debian/patches/any/git-ld.so-cache-endianness-markup.diff: backport ld.so...
Aurelien Jarno pushed to branch sid at GNU Libc Maintainers / glibc Commits: ae84eb12 by Aurelien Jarno at 2021-01-03T16:52:33+01:00 debian/patches/any/git-ld.so-cache-endianness-markup.diff: backport ld.so cache endianness support from upstream. Closes: #731082. - - - - - 3 changed files: - debian/changelog - + debian/patches/any/git-ld.so-cache-endianness-markup.diff - debian/patches/series View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/commit/ae84eb12dd84123a256807555acc03ea2e2f8f22 -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/commit/ae84eb12dd84123a256807555acc03ea2e2f8f22 You're receiving this email because of your account on salsa.debian.org.
Processed: Bug#976391 marked as pending in glibc
Processing control commands: > tag -1 pending Bug #976391 [src:glibc] glibc: CVE-2020-29562 Added tag(s) pending. -- 976391: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976391 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Bug#973430 marked as pending in glibc
Processing control commands: > tag -1 pending Bug #973430 [libc6-dev] glibc arm64 missing --enable-static-pie configure flag Added tag(s) pending. -- 973430: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973430 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
[Git][glibc-team/glibc][sid] 4 commits: debian/sysdeps/arm64.mk: enable static PIE support on arm64. Closes: #973430.
Aurelien Jarno pushed to branch sid at GNU Libc Maintainers / glibc Commits: ac2dc2a2 by Aurelien Jarno at 2021-01-03T13:31:01+01:00 debian/sysdeps/arm64.mk: enable static PIE support on arm64. Closes: #973430. - - - - - 1fc8937b by Aurelien Jarno at 2021-01-03T13:56:48+01:00 debian/local/manpages/po/pt_BR.po: recode to UTF-8 to make lintian happy. - - - - - bc6b69f3 by Aurelien Jarno at 2021-01-03T16:10:48+01:00 debian/debhelper.in/*.lintian-overrides: update for recent lintian versions. - - - - - 1671f186 by Aurelien Jarno at 2021-01-03T16:10:48+01:00 debian/patches/git-updates.diff: update from upstream stable branch: * debian/patches/git-updates.diff: update from upstream stable branch: - Fix assertion failure in iconv when converting invalid UCS4 (CVE-2020-29562). Closes: #976391. - - - - - 12 changed files: - debian/changelog - debian/debhelper.in/libc-alt.lintian-overrides - debian/debhelper.in/libc-bin.lintian-overrides - + debian/debhelper.in/libc-dev-alt.lintian-overrides - + debian/debhelper.in/libc-dev.lintian-overrides - debian/debhelper.in/libc-otherbuild.lintian-overrides - debian/debhelper.in/libc.lintian-overrides - debian/local/manpages/po/pt_BR.po - debian/patches/git-updates.diff - + debian/patches/localedata/git-unicode-13-support.diff - debian/patches/series - debian/sysdeps/arm64.mk View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/compare/e580a229452971ed68ee5ed165346775ac013bde...1671f186dd0bb7494a1ba55ccc547693e06d89db -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/compare/e580a229452971ed68ee5ed165346775ac013bde...1671f186dd0bb7494a1ba55ccc547693e06d89db You're receiving this email because of your account on salsa.debian.org.
Processed: Re: Bug#954112: tzdata: Add ICU tzdata files
Processing control commands: > tag -1 +moreinfo Bug #954112 [tzdata] tzdata: Add ICU tzdata files Added tag(s) moreinfo. -- 954112: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954112 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#954112: tzdata: Add ICU tzdata files
control: tag -1 +moreinfo Hi, On 2020-10-19 21:02, Aurelien Jarno wrote: > Hi, > > On 2020-10-19 14:56, Dimitri John Ledkov wrote: > > On Mon, 16 Mar 2020 23:09:58 + Dimitri John Ledkov > > wrote: > > > Package: tzdata > > > Version: 2019c-3 > > > Severity: normal > > > > > > Dear Maintainer, > > > > > > This adds ICU timezone datafiles from icu-data repository. > > > > > > The source .txt data files are sources for the binary .res files, > > > which are compiled at build time. Shipping this enabled to update > > > timezone database files at runtime for icu, by rebuilding icu by > > > setting `U_TIMEZONE_FILES_DIR` build-time config option, or at runtime > > > with environment variable `ICU_TIMEZONE_FILES_DIR`. This will resolve > > > a long standing bug that tzdata inside icu is never updated, and thus > > > apps that use icu to access tzdata are always out of date (i.e. php). > > > > > > Note that the .txt files do duplicate tzdata data files a bit. As they > > > are generated with a Java app by ICU upstream which merges tzdata > > > files as input together with https://github.com/unicode-org/cldr xmls > > > overrides. Maybe in the future, I will provide a more complete / > > > reproducible process to rebuild icu input .txt files from the tzdata > > > files directly with the xml overlays "from complete scratch". > > > > > > However, at least .res files generated are reproducible and match > > > checksums of the prebuild .res files distributed in the icu-data > > > repository. > > > > > > Regards, > > > > > > Dimitri. > > > > Hi, Is this going to be reviewed / considered for inclusion? > > > > icu package in Debian now compiles with such a definition too, and is > > actively trying to lookup updated tzdata from that location. I got a look at that patch, and I fail to see why it should be part of the tzdata source package: - it doesn't use any files from the tzdata sources - the unicode-org github repository is not updated synchronously with tzdata, and even lagging by a few versions (currently it only has 2020d instead of 2020f). This would prevent use to ship new tzdata versions until the unicode-org repository is updated. In that regard it would be better to just ship and independent tzdata-icu source package instead. Regards, Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net
Bug#264039: Patch to add memusage and memusagestat
On 2020-12-28 23:00, Josh Triplett wrote: > On Tue, 21 Apr 2020 20:58:56 +0200 Stephen Kitt wrote: > > The attached patch adds memusage and memusagestat to the libc-bin package. > > This does mean that the latter becomes dependent on libgd3, so it might be > > better to add a new memusage package; I can take care of that if the > > maintainers think it’s better. > > I do think it makes sense to have these in a separate package. Would you > consider moving libmemusage.so to that same separate package? This is not something doable, we can't mix binaries and libraries in the same packages. Libraries have to be in a Multi-Arch: same package, while binaries have to be in a Multi-Arch: foreign package. Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net
Re: unicode 13 in bullseye
Hi, On 2021-01-02 20:27, Nick Black wrote: > Hey there, glibc maintainers! I recently filed bug #977691 > regarding Unicode 13 in Debian Bullseye's glibc: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977691 > > I hadn't heard back, so I wanted to ask here, since the Bullseye > freeze is coming so soon. > > * Do you intend to ship glibc 2.32+ in Bullseye? No, the freeze is in next than 10 days, and it would not be reasonable to ship a new upstream version now. > * If not, ought I prepare a patch to backport the Unicode 13 >support, or is it unlikely that such a patch would be >accepted? I have tried to backport the corresponding commit and it seems to work fine, at least the glibc testsuite still passes. I'll include it in the next upload, but it might get reverted if it causes regressions in other packages. Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net signature.asc Description: PGP signature