[Bug 1016349] Re: htons() returns wrong type on non-{i386, amd64} platforms

Adam Conrad adconrad at 0c3.net
Wed Nov 14 22:48:09 UTC 2012 

This bug was fixed in the package eglibc - 2.15-0ubuntu10.3

---------------
eglibc (2.15-0ubuntu10.3) precise; urgency=low

  * Backport fixes for dbl-64 and ldbl-128 issues (LP: #1000498)
  * Backport another FMA support patch from glibc master branch.

eglibc (2.15-0ubuntu10.2) precise-security; urgency=low

  * SECURITY UPDATE: stack buffer overflow in vfprintf handling
    (LP: #1031301)
    - debian/patches/any/CVE-2012-3406.patch: switch to malloc when
      array grows too large to handle via alloca extension
    - CVE-2012-3406
  * SECURITY UPDATE: stdlib strtod integer/buffer overflows
    - debian/patches/any/CVE-2012-3480.patch: rearrange calculations
      and modify types to void integer overflows
    - CVE-2012-3480

eglibc (2.15-0ubuntu10.1) precise; urgency=low

  * Backport fix from 2.16 to fix htons() conversion errors on non-x86
    architectures, by correctly casting to uint16_t (LP: #1016349)
  * Restore missing AT_EMPTY_PATH definition in fnctl.h (LP: #1010069)
  * Backport FMA4/AVX detection from glibc 2.16 (LP: #956051, #979003)
  * Backport fixups to AVX-using code to match the detection backport.
  * Backport fix from 2.16 for sscanf/realloc deadlock (LP: #1028038)
  * Backport for bogus FPE on underflow for exp(double) (LP: #1007457)
 -- Adam Conrad <adconrad at ubuntu.com> Wed, 03 Oct 2012 15:58:02 -0600


** Changed in: eglibc (Ubuntu Precise)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3406

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3480

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1016349

Title:
  htons() returns wrong type on non-{i386,amd64} platforms

Status in Embedded GLIBC:
  Fix Released
Status in “eglibc” package in Ubuntu:
  Fix Released
Status in “eglibc” source package in Precise:
  Fix Released
Status in “glibc” package in Fedora:
  Unknown

Bug description:
  [Impact]
  htons() on non x86 platforms is missing a cast to uint16_t which causes FTBFS of mosh on armel and armhf.

  [Development Fix]
  This has been fixed in eglibc in Quantal.

  [Stable Fix]
  A fix can be backported from the Quantal development version into Precise.

  [Test Case]
  See https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1016349/comments/2
  On how to reproduce with a C program.

  [Regression Potential]
  This patch affects some of the generic byteswaping code in eglibc. The fix for x86 arches was already completed years ago, and this patch fixes is for other arches.

  --

  The definition of htons() on platforms other than i386 and amd64 is
  missing a cast to uint16_t, which caused this FTBFS of mosh on armel
  and armhf:

  https://launchpad.net/ubuntu/+source/mosh/1.2.1-1ubuntu1/+build/3582950
  network.cc:76:28: error: narrowing conversion of '({...})' from 'unsigned int' to 'uint16_t {aka short unsigned int}' inside { } is ill-formed in C++11 [-Werror=narrowing]
  network.cc:76:50: error: narrowing conversion of '({...})' from 'unsigned int' to 'uint16_t {aka short unsigned int}' inside { } is ill-formed in C++11 [-Werror=narrowing]

  (We didn’t see this before because this warning is new in GCC 4.7.)

  This was fixed for glibc 2.16 in
  http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2174c6dd8555f654c30df2f8f3321b69e0f736f8

To manage notifications about this bug go to:
https://bugs.launchpad.net/eglibc/+bug/1016349/+subscriptions

More information about the foundations-bugs mailing list