[Bug 1705538] Re: Update Package request for libservicelog

Łukasz Zemczak 1705538 at bugs.launchpad.net
Mon Jun 4 21:18:49 UTC 2018 

** Description changed:

  [Impact]
  
  Update Package request for libservicelog. Some upstream patches have
- been requested to be included in both bionic and xenial.
+ been requested to be included in both bionic and xenial. The addressed
+ issues can potentially affect customer environments, causing possible
+ segmentation faults.
  
  [Test Case]
  
  The packages will be validated by the requesting party (see original
  description).
+ 
+ Besides making sure servicelog does not segfault anymore and performing
+ general dogfooding, the upstream test-suite will need to be run and made
+ sure to pass on the affected systems.
  
  [Regression Potential]
  
  Hard to assess but the requested patches have been in upstream trunk
  since at least a year and no issues have been reported - changes also
  present in Debian and Ubuntu bionic since last year.
  
  [Original Description]
  
  ---Problem Description---
  Update Package request for libservicelog
  
  Machine Type = lpar
  
  ---Steps to Reproduce---
   servicelog --dump
  
  ---uname output---
  Linux tuleta4u-lp9 4.10.0-27-generic #30~16.04.2-Ubuntu SMP Thu Jun 29 16:06:52 UTC 2017 ppc64le ppc64le ppc64le GNU/Linux
  
  Please pull below mentioned patches for libservicelog package
  
  commit 4fe9d9239f172604e16268ca1fb6fff1c06632b2
  Author: Ankit Kumar <ankit at linux.vnet.ibm.com>
  Date:   Sat May 20 01:38:41 2017 +0530
  
      Validate text string before and after bind call
  
      While binding string to query, if string is NULL then bind call gets ignored.
      While fetching data from string, if data is NULL then current code makes query
      as NULL and returns.
  
      This patch validates text string before and after bind call. It assigns string
      to "" incase data is NULL points to NULL pointer. After this we will be able
      to display information even if some of string data is NULL.
  
      It also does NULL checks for compulsory string.
  
      Signed-off-by: Ankit Kumar <ankit at linux.vnet.ibm.com>
      [Killed redundant goto statements - Vasant]
      Signed-off-by: Vasant Hegde <hegdevasant at linux.vnet.ibm.com>
  
  commit 787594814eb88e3149cd660bcb6aaa6d3dd1347c
  Author: Ankit Kumar <ankit at linux.vnet.ibm.com>
  Date:   Sat May 20 01:10:49 2017 +0530
  
      Correct string length calculation and validates destination buffer
  size before strncpy
  
      This patch corrects string length calculation logic and validates destination
      buffer size before calling strncpy to avoid memory corruption.
  
      Signed-off-by: Ankit Kumar <ankit at linux.vnet.ibm.com>
      [Moved memset to right place and removed redundant condition check -
       Vasant]
      Signed-off-by: Vasant Hegde <hegdevasant at linux.vnet.ibm.com>
  
  commit 48875ee8614eeefaa3d5d8ff92fb424915738169
  Author: Ankit Kumar <ankit at linux.vnet.ibm.com>
  Date:   Thu Sep 15 16:16:49 2016 +0530
  
      NULL check before strdup call
  
      This patch does "NULL checks" before passing argument to strdup
  call.
  
      Signed-off-by: Ankit Kumar <ankit at linux.vnet.ibm.com>
      Signed-off-by: Vasant Hegde <hegdevasant at linux.vnet.ibm.com>
  
  commit 40b4f7a52e61fb9da30b4cb9b5de9a85673da262
  Author: Ankit Kumar <ankit at linux.vnet.ibm.com>
  Date:   Thu Sep 15 16:16:48 2016 +0530
  
      NULL check before strlen call
  
      This patch checks NULL pointer before strlen call.
  
      Signed-off-by: Ankit Kumar <ankit at linux.vnet.ibm.com>
      [Fixed build warning - Vasant]
      Signed-off-by: Vasant Hegde <hegdevasant at linux.vnet.ibm.com>

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libservicelog in Ubuntu.
https://bugs.launchpad.net/bugs/1705538

Title:
  Update Package request for libservicelog

Status in The Ubuntu-power-systems project:
  Triaged
Status in libservicelog package in Ubuntu:
  Fix Released
Status in libservicelog source package in Xenial:
  Triaged

Bug description:
  [Impact]

  Update Package request for libservicelog. Some upstream patches have
  been requested to be included in both bionic and xenial. The addressed
  issues can potentially affect customer environments, causing possible
  segmentation faults.

  [Test Case]

  The packages will be validated by the requesting party (see original
  description).

  Besides making sure servicelog does not segfault anymore and
  performing general dogfooding, the upstream test-suite will need to be
  run and made sure to pass on the affected systems.

  [Regression Potential]

  Hard to assess but the requested patches have been in upstream trunk
  since at least a year and no issues have been reported - changes also
  present in Debian and Ubuntu bionic since last year.

  [Original Description]

  ---Problem Description---
  Update Package request for libservicelog

  Machine Type = lpar

  ---Steps to Reproduce---
   servicelog --dump

  ---uname output---
  Linux tuleta4u-lp9 4.10.0-27-generic #30~16.04.2-Ubuntu SMP Thu Jun 29 16:06:52 UTC 2017 ppc64le ppc64le ppc64le GNU/Linux

  Please pull below mentioned patches for libservicelog package

  commit 4fe9d9239f172604e16268ca1fb6fff1c06632b2
  Author: Ankit Kumar <ankit at linux.vnet.ibm.com>
  Date:   Sat May 20 01:38:41 2017 +0530

      Validate text string before and after bind call

      While binding string to query, if string is NULL then bind call gets ignored.
      While fetching data from string, if data is NULL then current code makes query
      as NULL and returns.

      This patch validates text string before and after bind call. It assigns string
      to "" incase data is NULL points to NULL pointer. After this we will be able
      to display information even if some of string data is NULL.

      It also does NULL checks for compulsory string.

      Signed-off-by: Ankit Kumar <ankit at linux.vnet.ibm.com>
      [Killed redundant goto statements - Vasant]
      Signed-off-by: Vasant Hegde <hegdevasant at linux.vnet.ibm.com>

  commit 787594814eb88e3149cd660bcb6aaa6d3dd1347c
  Author: Ankit Kumar <ankit at linux.vnet.ibm.com>
  Date:   Sat May 20 01:10:49 2017 +0530

      Correct string length calculation and validates destination buffer
  size before strncpy

      This patch corrects string length calculation logic and validates destination
      buffer size before calling strncpy to avoid memory corruption.

      Signed-off-by: Ankit Kumar <ankit at linux.vnet.ibm.com>
      [Moved memset to right place and removed redundant condition check -
       Vasant]
      Signed-off-by: Vasant Hegde <hegdevasant at linux.vnet.ibm.com>

  commit 48875ee8614eeefaa3d5d8ff92fb424915738169
  Author: Ankit Kumar <ankit at linux.vnet.ibm.com>
  Date:   Thu Sep 15 16:16:49 2016 +0530

      NULL check before strdup call

      This patch does "NULL checks" before passing argument to strdup
  call.

      Signed-off-by: Ankit Kumar <ankit at linux.vnet.ibm.com>
      Signed-off-by: Vasant Hegde <hegdevasant at linux.vnet.ibm.com>

  commit 40b4f7a52e61fb9da30b4cb9b5de9a85673da262
  Author: Ankit Kumar <ankit at linux.vnet.ibm.com>
  Date:   Thu Sep 15 16:16:48 2016 +0530

      NULL check before strlen call

      This patch checks NULL pointer before strlen call.

      Signed-off-by: Ankit Kumar <ankit at linux.vnet.ibm.com>
      [Fixed build warning - Vasant]
      Signed-off-by: Vasant Hegde <hegdevasant at linux.vnet.ibm.com>

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1705538/+subscriptions

More information about the foundations-bugs mailing list