[Bug 1387594] Update Released

Chris J Arges 1387594 at bugs.launchpad.net
Wed Jan 28 16:23:23 UTC 2015 

The verification of the Stable Release Update for libnss-ldap has
completed successfully and the package has now been released to
-updates.  Subsequently, the Ubuntu Stable Release Updates Team is being
unsubscribed and will not receive messages about this bug report.  In
the event that you encounter a regression using the package from
-updates please report a new bug using ubuntu-bug and tag the bug report
regression-update so we can easily find any regressions.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libnss-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/1387594

Title:
  init: symbol lookup error: /lib/powerpc64le-linux-
  gnu/libnss_ldap.so.2: undefined symbol: __libc_lock_lock

Status in libnss-ldap package in Ubuntu:
  Fix Released
Status in libnss-ldap source package in Precise:
  Invalid
Status in libnss-ldap source package in Trusty:
  Fix Released
Status in libnss-ldap source package in Utopic:
  Fix Released

Bug description:
  [SRU justification]
  The version of the library in the archive for Utopic and Trusty has been built prior to a change in glibc that removes an expected symbol. Rebuild of the libnss-ldap library with the current source package will render the library unusable and may cause systems to become unbootable.

  [Impact]
  Without this fix, a rebuild of the libnss-ldap package will cause grave impact where usage of the libnss-ldap will segfault. Such a segfault during the boot process will cause the system to become unbootable.

  [Fix]
  Backport the glibc-2.16.patch that is now merged in Vivid into Utopic and Trusty. The version of the library in Precise already uses the correct glibc symbol.

  [Test Case]
  On a server properly configured for ldap authentication :

  root at trusty-ldapclient:~# getent passwd john
  john:x:10000:5000:John Doe:/home/john:/bin/bash

  The same test on arm64 or ppc64el platform where the libnss-ldap have
  been rebuilt recently you will get :

  root at trusty-ldapclient:~# getent passwd john
  Segmentation fault (core dumped)

  $ sudo apt-get download libnss-ldap
  $ mkdir tmp
  $ dpkg -x libnss-ldap_264-2.2ubuntu4_amd64.deb tmp
  $ nm -D tmp/lib/x86_64-linux-gnu/libnss_ldap-2.15.so |grep lock$
                   w __pthread_mutex_lock
                   w __pthread_mutex_unlock
  #Rebuild the library
  $ pull-lp-source libnss-ldap trusty
  $ sbuild -A -d trusty libnss-ldap_264-2.2ubuntu4.dsc
  $ rm -Rf tmp/*
  $ dpkg -x libnss-ldap_264-2.2ubuntu4_amd64.deb tmp
  $ nm -D tmp/lib/x86_64-linux-gnu/libnss_ldap-2.19.so | grep lock$
                   U __libc_lock_lock
                   U __libc_lock_unlock

  Notice that the libnss-ldap version change (2.15 -> 2.19). With the
  newly built version, the expected _pthread_mutex_lock|unlock is no
  longer present.

  [Regression]
  None expected. This is already present and in use in the upstream version of the library.

  15:27 <rbasak> caribou: so what I don't like about this is that the
  patch seems a bit invasive in an area where if there's a regression,
  it'll be in multithreading code that'll be non-deterministic and thus
  difficult to test.

  15:27 <rbasak> caribou: OTOH, it's broken on ppc64el at the moment?
  That means we need to fix it.

  15:28 <rbasak> Having an active upstream that had committed the code
  would give me more confidence that the patch is good (since they're
  more familiar with the code and will have reviewed it)

  15:29 <rbasak> But Debian have committed it, so that's better than
  nothing.

  15:31 <rbasak> caribou: I think we have no choice but to push it to
  Trusty (and Utopic), but we should let the SRU team decide at that
  stage. IMHO, my concern should be noted in "Regression Potential", so
  I'll do that now.

  [Original Description of the problem]

  Unlike previously thought, this bug is _NOT_ specific to the PPC64EL
  architecture. More details in the analysis.

  Many commands that require the use of libnss-ldap will fail with
  Segmentation Fault. The boot procedure itself can be blocked with the
  following message.

  One potential workaround is to remove the use of ldap from the
  /etc/nsswitch.conf file to at least provide a bootable system.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libnss-ldap/+bug/1387594/+subscriptions

More information about the foundations-bugs mailing list