Bug#952516: please support LC_CTYPE=UTF-8
Not yet. Do you have some Posix document, RFC, best practice guideline, etc showing that it should be "C.UTF-8" instead of "UTF-8"? Something to present to Apple proving that they are not Posix compliant? https://pubs.opengroup.org/onlinepubs/9699919799/functions/setlocale.html says "The contents of this string are implementation-defined." I could live with having to run localedef once to define a locale UTF-8 at installation time, but that is wiped out again and again, see #965323. What would you suggest? Regards Harri
glibc_2.31-2_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 23 Jul 2020 00:26:24 +0200 Source: glibc Architecture: source Version: 2.31-2 Distribution: unstable Urgency: medium Maintainer: GNU Libc Maintainers Changed-By: Aurelien Jarno Closes: 961452 965091 965932 965941 Changes: glibc (2.31-2) unstable; urgency=medium . [ Aurelien Jarno ] * debian/control.in/libc: add a Breaks: against macs (<< 2.2.7.1-3~) due to bug #965073. * debian/patches/git-updates.diff: update from upstream stable branch: - Fix a signed comparison vulnerability in the ARMv7 memcpy and memmove functions (CVE-2020-6096). Closes: #961452. * debian/control.in/libc: do not limit the openssh-server breaks to 32-bit architectures, clock_nanosleep has to be allowed in addition to clock_gettime64. Closes: #965932. * debian/patches/any/submitted-selinux-deprecations.diff: proposed patch to ignore the selinux deprecations introduced in libselinux (>= 3.1), fixing an FTBFS. Closes: #965941. * debian/patches/x32/submitted-fix-nptl-setgroups-x32.patch: proposed patch to fix the setgroups functions in threaded applications on x32 (without the testsuite part). Closes: #965091. . [ Samuel Thibault ] * debian/patches/hurd-i386/local-tls-ie-align.diff: Fix TLS IE load with >= 8 byte alignment. * debian/testsuite-xfail-debian.mk: Update backtrace result. * debian/patches/hurd-i386/git-fix-longjmp.diff: Fix longjmp from dl loader. Notably fixes calling setuid programs from eatmydata. * debian/control: Build-depend on gnumach-dev with userland driver RPC interface. * debian/libc0.3.symbols.hurd-i386: Add userland driver RPC interface stubs. * debian/patches/hurd-i386/local-clock_gettime_MONOTONIC.diff: Make clock_nanosleep accept CLOCK_MONOTONIC as well. Checksums-Sha1: de6f87b63f42f73654f720a5a39e511ca62d09a6 8195 glibc_2.31-2.dsc 7fa2322888e002362003b52eef5461c0458c9046 832956 glibc_2.31-2.debian.tar.xz 17b00b1ebec24339a160116dfc4034d6ea98 6939 glibc_2.31-2_source.buildinfo Checksums-Sha256: 1e68e21c7c03f539fe4f7b6cd6b04edc124dcbdd4c64a742a0e8defc6c446e03 8195 glibc_2.31-2.dsc 2f09126faa95ae00641c8848a4602cf108849d980ce88d9d129adab596ea835d 832956 glibc_2.31-2.debian.tar.xz c76049c623ea0b2ff84c04c3be9a2738da6e9fdf7cd2cc90a83d1185e349c30d 6939 glibc_2.31-2_source.buildinfo Files: 118a87db2b3d4629465eb10c47946718 8195 libs required glibc_2.31-2.dsc 73afb447f5e0e822f158dac21adaee3f 832956 libs required glibc_2.31-2.debian.tar.xz 01bdd8e9c0f02ac876ca8ec1b98b5cf5 6939 libs required glibc_2.31-2_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAl8Yvd4ACgkQE4jA+Jno M2vMkA/+KIfz4B04ywg0bvms3cfIQKuw+FQojw8inBrERUMpKDxZ94AkD30FwSIE wyao0KZTKGT42cQCwnQ8boYt2EfhFGXKXeDei40srZW1gMd138Fubsf1b3ClTW68 WKufygMDWbThbEahswn60w/2dxFaqQT4pIV29W/80dOMiPMfiSbNm79uK8Jp1jz2 6x//TP8zZCaKvGiF5uHI8Xjib/sMWGjHQBbBkpYZmF/ab4qdS/zRWLWaEajOZ91J P3O1hsn3IU5KQiMXL3k9V8llZV7DaBU+Hum+TJRfcjG0zMkGN5PARR3Fok89zs1u 1oD5voXnnshXqvCmz6AhVpy0rxdsVr4P1ozr79RM8bdAsjyxC1ora8fGy4GRts61 DfNdBApSSnijon0Erfm4U4Lw0/U9kcb848+jEAzkrUzk46jHI5BHn5ZUx2fo2jmU eWKxQj+5kvWMqZei476lGEVE2N/7e8NQGC8tnxLpfxb2d6rB9j++0eBlpcI9cvgS PkXRrRR1bYmtBTILnTbNp6Hf9C5vuDjmaEjUbG5U3soJCViYsSVwXrM7OL4DHlYg T2gqw3iXenVBNwSeWTgYX6fKo8/Lz+zYjARrr+ePT0L3612bAmsIXnO0GSqF47M6 fO4OdXgZGfGBvMcNYyZ9jdsqveZcPNPzMjNNnXAr/qT0KrYO23Q= =jFu3 -END PGP SIGNATURE- Thank you for your contribution to Debian.
Bug#965091: marked as done (glibc: setgroups: Bad address [2.31/x32, regression from 2.30])
Your message dated Wed, 22 Jul 2020 22:51:17 +
with message-id
and subject line Bug#965091: fixed in glibc 2.31-2
has caused the Debian Bug report #965091,
regarding glibc: setgroups: Bad address [2.31/x32, regression from 2.30]
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
965091: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965091
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libc6
Version: 2.31-1
Severity: grave
Justification: renders package unusable
This is related to #965086 and #965087 (and, in fact, possibly
causing them). After a glibc upgrade half the system services
(postfix, sshd, apt-get(!)) don’t work any more.
Downgrading with dpkg -i the following set of packages fixes it:
libc-bin_2.30-8_x32.deb
libc-dev-bin_2.30-8_x32.deb
libc-l10n_2.30-8_all.deb
libc6-dbg_2.30-8_x32.deb
libc6-dev_2.30-8_x32.deb
libc6_2.30-8_amd64.deb
libc6_2.30-8_i386.deb
libc6_2.30-8_x32.deb
locales-all_2.30-8_x32.deb
locales_2.30-8_all.deb
unscd_0.53-1+b3_x32.deb
Snippet from strace:
[…]
9839 getpid() = 9839
9839 chroot("/run/sshd") = 0
9839 chdir("/")= 0
9839 write(7, "\0\0\0$\0\0\0\7\0\0\0\34privsep user:group 1"..., 40) = 40
9839 setgroups(1, 0xff866750
9794 <... poll resumed>) = 1 ([{fd=6, revents=POLLIN}])
9839 <... setgroups resumed>) = -1 EFAULT (Bad address)
9794 read(6,
9839 write(7, "\0\0\0\36\0\0\0\1\0\0\0\26setgroups: Bad addre"..., 34
[…]
Noticeable: the sign-extended address.
I haven’t yet managed to reproduce this in a stand-alone program.
-- System Information:
Debian Release: bullseye/sid
APT prefers unreleased
APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable'),
(100, 'experimental')
Architecture: x32 (x86_64)
Foreign Architectures: i386, amd64
Kernel: Linux 5.7.0-1-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)
Versions of packages libc6 depends on:
ii libcrypt1 1:4.4.16-1
ii libgcc-s1 10.1.0-6
Versions of packages libc6 recommends:
ii libidn2-0 2.3.0-1
Versions of packages libc6 suggests:
ii debconf [debconf-2.0] 1.5.74
ii glibc-doc 2.31-1
ii libc-l10n 2.31-1
ii locales2.31-1
-- debconf information:
glibc/disable-screensaver:
* libraries/restart-without-asking: true
glibc/restart-failed:
glibc/kernel-too-old:
* glibc/upgrade: true
* glibc/restart-services: postfix openbsd-inetd cups cron
glibc/kernel-not-supported:
--- End Message ---
--- Begin Message ---
Source: glibc
Source-Version: 2.31-2
Done: Aurelien Jarno
We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 965...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno (supplier of updated glibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Thu, 23 Jul 2020 00:26:24 +0200
Source: glibc
Architecture: source
Version: 2.31-2
Distribution: unstable
Urgency: medium
Maintainer: GNU Libc Maintainers
Changed-By: Aurelien Jarno
Closes: 961452 965091 965932 965941
Changes:
glibc (2.31-2) unstable; urgency=medium
.
[ Aurelien Jarno ]
* debian/control.in/libc: add a Breaks: against macs (<< 2.2.7.1-3~) due to
bug #965073.
* debian/patches/git-updates.diff: update from upstream stable branch:
- Fix a signed comparison vulnerability in the ARMv7 memcpy and memmove
functions (CVE-2020-6096). Closes: #961452.
* debian/control.in/libc: do not limit the openssh-server breaks to 32-bit
architectures, clock_nanosleep has to be allowed in addition to
clock_gettime64. Closes: #965932.
* debian/patches/any/submitted-selinux-deprecations.diff: proposed patch to
ignore the selinux deprecations introduced in libselinux (>= 3.1), fixing
an FTBFS. Closes: #965941.
* debian/patches/x32/submitted-fix-nptl-setgroups-x32.p
Bug#965941: marked as done (src:glibc: FTBFS with libselinux-dev (>= 3.1) due to deprecations warnings)
Your message dated Wed, 22 Jul 2020 22:51:17 + with message-id and subject line Bug#965941: fixed in glibc 2.31-2 has caused the Debian Bug report #965941, regarding src:glibc: FTBFS with libselinux-dev (>= 3.1) due to deprecations warnings to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 965941: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965941 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: src:glibc Version: 2.31-1 Severity: serious Tags: upstream ftbfs Justification: fails to build from source (but built successfully in the past) Since the upload of libselinux 3.1 to unstable, glibc doesn't build anymore due to deprecation warnings: | ... | x86_64-linux-gnu-gcc-10 makedb.c -c -std=gnu11 -fgnu89-inline -pipe -O2 -g -fdebug-prefix-map=/home/aurel32/work/glibc/glibc-2.31=. -Wall -Wwrite-strings -Wundef -Werror -fmerge-all-constants -frounding-math -fstack-protector-strong -Wstrict-prototypes -Wold-style-definition -fmath-errno -fpie -isystem /home/aurel32/work/glibc/glibc-2.31/debian/include -I../include -I/home/aurel32/work/glibc/glibc-2.31/build-tree/amd64-libc/nss -I/home/aurel32/work/glibc/glibc-2.31/build-tree/amd64-libc -I../sysdeps/unix/sysv/linux/x86_64/64 -I../sysdeps/unix/sysv/linux/x86_64 -I../sysdeps/unix/sysv/linux/x86/include -I../sysdeps/unix/sysv/linux/x86 -I../sysdeps/x86/nptl -I../sysdeps/unix/sysv/linux/wordsize-64 -I../sysdeps/x86_64/nptl -I../sysdeps/unix/sysv/linux/include -I../sysdeps/unix/sysv/linux -I../sysdeps/nptl -I../sysdeps/pthread -I../sysdeps/gnu -I../sysdeps/unix/inet -I../sysdeps/unix/sysv -I../sysdeps/unix/x86_64 -I../sysdeps/unix -I../sysdeps/posix -I../sysdeps/x86_64/64 -I../sysdeps/x86_64/fpu/multiarch -I../sysdeps/x86_64/fpu -I../sysdeps/x86/fpu/include -I../sysdeps/x86/fpu -I../sysdeps/x86_64/multiarch -I../sysdeps/x86_64 -I../sysdeps/x86 -I../sysdeps/ieee754/float128 -I../sysdeps/ieee754/ldbl-96/include -I../sysdeps/ieee754/ldbl-96 -I../sysdeps/ieee754/dbl-64/wordsize-64 -I../sysdeps/ieee754/dbl-64 -I../sysdeps/ieee754/flt-32 -I../sysdeps/wordsize-64 -I../sysdeps/ieee754 -I../sysdeps/generic -I.. -I../libio -I. -nostdinc -isystem /usr/lib/gcc/x86_64-linux-gnu/10/include -isystem /home/aurel32/work/glibc/glibc-2.31/debian/include -D_LIBC_REENTRANT -include /home/aurel32/work/glibc/glibc-2.31/build-tree/amd64-libc/libc-modules.h -DMODULE_NAME=nonlib -include ../include/libc-symbols.h -DPIC -DTOP_NAMESPACE=glibc -o /home/aurel32/work/glibc/glibc-2.31/build-tree/amd64-libc/nss/makedb.o -MD -MP -MF /home/aurel32/work/glibc/glibc-2.31/build-tree/amd64-libc/nss/makedb.o.dt -MT /home/aurel32/work/glibc/glibc-2.31/build-tree/amd64-libc/nss/makedb.o | makedb.c: In function 'set_file_creation_context': | makedb.c:849:3: error: 'security_context_t' is deprecated [-Werror=deprecated-declarations] | 849 | security_context_t ctx; | | ^~ | makedb.c:863:3: error: 'matchpathcon' is deprecated: Use selabel_lookup instead [-Werror=deprecated-declarations] | 863 | if (matchpathcon (outname, S_IFREG | mode, &ctx) == 0 && ctx != NULL) | | ^~ | In file included from makedb.c:50: | /usr/include/selinux/selinux.h:500:12: note: declared here | 500 | extern int matchpathcon(const char *path, | |^~~~ | cc1: all warnings being treated as errors | make[3]: *** [../o-iterator.mk:9: /home/aurel32/work/glibc/glibc-2.31/build-tree/amd64-libc/nss/makedb.o] Error 1 | make[3]: *** Waiting for unfinished jobs | make[3]: Leaving directory '/home/aurel32/work/glibc/glibc-2.31/nss' | make[2]: *** [Makefile:487: nss/others] Error 2 | make[2]: Leaving directory '/home/aurel32/work/glibc/glibc-2.31' | make[1]: *** [Makefile:9: all] Error 2 | make[1]: Leaving directory '/home/aurel32/work/glibc/glibc-2.31/build-tree/amd64-libc' | make: *** [debian/rules.d/build.mk:114: /home/aurel32/work/glibc/glibc-2.31/stamp-dir/build_libc] Error 2 | dpkg-buildpackage: error: debian/rules build-arch subprocess returned exit status 2 --- End Message --- --- Begin Message --- Source: glibc Source-Version: 2.31-2 Done: Aurelien Jarno We believe that the bug you reported is fixed in the latest version of glibc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 965...@bugs.debian.org, and the maintainer will reopen the bug report if ap
Bug#961452: marked as done (CVE-2020-6096)
Your message dated Wed, 22 Jul 2020 22:51:16 + with message-id and subject line Bug#961452: fixed in glibc 2.31-2 has caused the Debian Bug report #961452, regarding CVE-2020-6096 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 961452: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961452 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: glibc Severity: important Please see https://sourceware.org/bugzilla/show_bug.cgi?id=25620 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019 Cheers, Moritz --- End Message --- --- Begin Message --- Source: glibc Source-Version: 2.31-2 Done: Aurelien Jarno We believe that the bug you reported is fixed in the latest version of glibc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 961...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno (supplier of updated glibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 23 Jul 2020 00:26:24 +0200 Source: glibc Architecture: source Version: 2.31-2 Distribution: unstable Urgency: medium Maintainer: GNU Libc Maintainers Changed-By: Aurelien Jarno Closes: 961452 965091 965932 965941 Changes: glibc (2.31-2) unstable; urgency=medium . [ Aurelien Jarno ] * debian/control.in/libc: add a Breaks: against macs (<< 2.2.7.1-3~) due to bug #965073. * debian/patches/git-updates.diff: update from upstream stable branch: - Fix a signed comparison vulnerability in the ARMv7 memcpy and memmove functions (CVE-2020-6096). Closes: #961452. * debian/control.in/libc: do not limit the openssh-server breaks to 32-bit architectures, clock_nanosleep has to be allowed in addition to clock_gettime64. Closes: #965932. * debian/patches/any/submitted-selinux-deprecations.diff: proposed patch to ignore the selinux deprecations introduced in libselinux (>= 3.1), fixing an FTBFS. Closes: #965941. * debian/patches/x32/submitted-fix-nptl-setgroups-x32.patch: proposed patch to fix the setgroups functions in threaded applications on x32 (without the testsuite part). Closes: #965091. . [ Samuel Thibault ] * debian/patches/hurd-i386/local-tls-ie-align.diff: Fix TLS IE load with >= 8 byte alignment. * debian/testsuite-xfail-debian.mk: Update backtrace result. * debian/patches/hurd-i386/git-fix-longjmp.diff: Fix longjmp from dl loader. Notably fixes calling setuid programs from eatmydata. * debian/control: Build-depend on gnumach-dev with userland driver RPC interface. * debian/libc0.3.symbols.hurd-i386: Add userland driver RPC interface stubs. * debian/patches/hurd-i386/local-clock_gettime_MONOTONIC.diff: Make clock_nanosleep accept CLOCK_MONOTONIC as well. Checksums-Sha1: de6f87b63f42f73654f720a5a39e511ca62d09a6 8195 glibc_2.31-2.dsc 7fa2322888e002362003b52eef5461c0458c9046 832956 glibc_2.31-2.debian.tar.xz 17b00b1ebec24339a160116dfc4034d6ea98 6939 glibc_2.31-2_source.buildinfo Checksums-Sha256: 1e68e21c7c03f539fe4f7b6cd6b04edc124dcbdd4c64a742a0e8defc6c446e03 8195 glibc_2.31-2.dsc 2f09126faa95ae00641c8848a4602cf108849d980ce88d9d129adab596ea835d 832956 glibc_2.31-2.debian.tar.xz c76049c623ea0b2ff84c04c3be9a2738da6e9fdf7cd2cc90a83d1185e349c30d 6939 glibc_2.31-2_source.buildinfo Files: 118a87db2b3d4629465eb10c47946718 8195 libs required glibc_2.31-2.dsc 73afb447f5e0e822f158dac21adaee3f 832956 libs required glibc_2.31-2.debian.tar.xz 01bdd8e9c0f02ac876ca8ec1b98b5cf5 6939 libs required glibc_2.31-2_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAl8Yvd4ACgkQE4jA+Jno M2vMkA/+KIfz4B04ywg0bvms3cfIQKuw+FQojw8inBrERUMpKDxZ94AkD30FwSIE wyao0KZTKGT42cQCwnQ8boYt2EfhFGXKXeDei40srZW1gMd138Fubsf1b3ClTW68 WKufygMDWbThbEahswn60w/2dxFaqQT4pIV29W/80dOMiPMfiSbNm79uK8Jp1jz2 6x//TP8zZCaKvGiF5uHI8Xjib/sMWGjHQBbBkpYZmF/ab4qdS/zRWLWaEajOZ91J P3O1hsn3IU5KQiMXL3k9V8llZV7DaBU+Hum+TJRfcjG0zMkGN5PARR3Fok89zs1u 1oD5voXnnshXqvCmz6AhVpy0rxdsVr4P1ozr79RM8bdAsjyxC1ora8fGy4GRts61 DfNdBApSSnijon0Erfm4U4Lw0/U9kcb848+jEAzkrUzk46jHI5BHn5ZUx2fo2jmU eWKxQ
Processing of glibc_2.31-2_source.changes
glibc_2.31-2_source.changes uploaded successfully to localhost along with the files: glibc_2.31-2.dsc glibc_2.31-2.debian.tar.xz glibc_2.31-2_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
Bug#965932: marked as done (libc6: breaks openssh-server/buster)
Your message dated Wed, 22 Jul 2020 22:51:17 + with message-id and subject line Bug#965932: fixed in glibc 2.31-2 has caused the Debian Bug report #965932, regarding libc6: breaks openssh-server/buster to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 965932: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965932 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libc6 Version: 2.31-1 Severity: critical Justification: breaks unrelated software; breaks remote access TL;DR: sshd privsep child dies with SIGSYS in clock_nanosleep() (libc6 2.31-1) while it succeeded using nanosleep() under libc6 2.30-8 The machine in question is running buster with some selected packages (mainly compilers and development stuff) from bullseye (and is located at a remote location). The running kernel is 4.19.0-9-amd64 4.19.118-2. openssh-server 1:7.9p1-10+deb10u2 is running. After upgrading libc6 from 2.30-8 to 2.31-1 (which caused sshd to restart), sshd was running, but dropped incoming connections during authentication. Luckily I still had a terminal open and could downgrade again to 2.30-8 which restored accessibility. Thanks to the people trying to guess usernames and passwords, I noticed this difference in /var/log/auth.log: with 2.31-1: Jul 20 21:52:11 hostname sshd[25603]: Invalid user ping from 139.219.0.102 port 39588 Jul 20 21:52:11 hostname sshd[25603]: pam_unix(sshd:auth): check pass; user unknown Jul 20 21:52:11 hostname sshd[25603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.219.0.102 Jul 20 21:52:13 hostname sshd[25603]: Failed password for invalid user ping from 139.219.0.102 port 39588 ssh2 after downgrading to 2.30-8: Jul 20 21:54:33 hostname sshd[26824]: Invalid user mickey from 51.83.131.123 port 32822 Jul 20 21:54:33 hostname sshd[26824]: pam_unix(sshd:auth): check pass; user unknown Jul 20 21:54:33 hostname sshd[26824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.131.123 Jul 20 21:54:35 hostname sshd[26824]: Failed password for invalid user mickey from 51.83.131.123 port 32822 ssh2 Jul 20 21:54:35 hostname sshd[26824]: Received disconnect from 51.83.131.123 port 32822:11: Bye Bye [preauth] Jul 20 21:54:35 hostname sshd[26824]: Disconnected from invalid user mickey 51.83.131.123 port 32822 [preauth] I can reproduce this by running sshd in a mininmal buster chroot and upgrading libc6 (+ libgcc-s1 libcrypto1 libc-bin). (There is even no need to restart sshd (which was started under 2.31-1) after downgrading libc6 again to 2.30-8 to get it functional again.) I haven't tried sshd/bullseye. I haven't tried booting with 2.31-1. $ ssh -vvv foo@localhost -p 9922 [...] debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ecdsa-sha2-nistp256 SHA256:/07awyZSdCd9QgaTWi1dn3kEg9rbZtYC+ejHd6ZFi2w debug3: put_host_port: [127.0.0.1]:9922 debug3: put_host_port: [localhost]:9922 debug3: hostkeys_foreach: reading file "/home/beckmann/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /home/beckmann/.ssh/known_hosts:4 debug3: load_hostkeys: loaded 1 keys from [localhost]:9922 debug1: Host '[localhost]:9922' is known and matches the ECDSA host key. debug1: Found key in /home/beckmann/.ssh/known_hosts:4 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug1: Will attempt key: /home/beckmann/.ssh/id_dsa debug1: Will attempt key: /home/beckmann/.ssh/id_ecdsa debug1: Will attempt key: /home/beckmann/.ssh/id_ed25519 debug1: Will attempt key: /home/beckmann/.ssh/id_xmss debug2: pubkey_prepare: done debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 Connection closed by 127.0.0.1 port 9922 # /usr/sbin/sshd -ddd debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 328 debug2: parse_server_config: config /etc/ssh/sshd_config len 328 debug3: /etc/ssh/sshd_config:13 setting Port 9922 debug3: /etc/ssh/sshd_config:26 setting SyslogFacility LOCAL7 debug3: /etc/ssh/sshd_config:27 setting LogLevel DEBUG3 debug3: /etc/ss
[Git][glibc-team/glibc][sid] releasing package glibc version 2.31-2
Aurelien Jarno pushed to branch sid at GNU Libc Maintainers / glibc Commits: 97f2812e by Aurelien Jarno at 2020-07-23T00:27:29+02:00 releasing package glibc version 2.31-2 - - - - - 1 changed file: - debian/changelog View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/commit/97f2812e9cc8a7bec5c5ed630eda8770fb4002b3 -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/commit/97f2812e9cc8a7bec5c5ed630eda8770fb4002b3 You're receiving this email because of your account on salsa.debian.org.
[Git][glibc-team/glibc] Pushed new tag debian/2.31-2
Aurelien Jarno pushed new tag debian/2.31-2 at GNU Libc Maintainers / glibc -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/tree/debian/2.31-2 You're receiving this email because of your account on salsa.debian.org.
Processed: Bug#965091 marked as pending in glibc
Processing control commands: > tag -1 pending Bug #965091 [libc6] glibc: setgroups: Bad address [2.31/x32, regression from 2.30] Added tag(s) pending. -- 965091: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965091 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Bug#965941 marked as pending in glibc
Processing control commands: > tag -1 pending Bug #965941 [src:glibc] src:glibc: FTBFS with libselinux-dev (>= 3.1) due to deprecations warnings Added tag(s) pending. -- 965941: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965941 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
[Git][glibc-team/glibc][sid] 2 commits: debian/patches/any/submitted-selinux-deprecations.diff: proposed patch to...
Aurelien Jarno pushed to branch sid at GNU Libc Maintainers / glibc Commits: c1c080b4 by Aurelien Jarno at 2020-07-22T23:59:08+02:00 debian/patches/any/submitted-selinux-deprecations.diff: proposed patch to ignore the selinux deprecations introduced in libselinux (>= 3.1), fixing an FTBFS. Closes: #965941. - - - - - c0233ff5 by Aurelien Jarno at 2020-07-23T00:25:02+02:00 debian/patches/x32/submitted-fix-nptl-setgroups-x32.patch: proposed patch to fix the setgroups functions in threaded applications on x32 (without the testsuite part). Closes: #965091. - - - - - 4 changed files: - debian/changelog - + debian/patches/any/submitted-selinux-deprecations.diff - debian/patches/series - + debian/patches/x32/submitted-fix-nptl-setgroups-x32.diff View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/compare/b1488bfda31968a724afa3ba212001a807603efd...c0233ff5731855bb986cda89957829d635ea17c7 -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/compare/b1488bfda31968a724afa3ba212001a807603efd...c0233ff5731855bb986cda89957829d635ea17c7 You're receiving this email because of your account on salsa.debian.org.
