glibc/eglibc: proposed promotion to security/updates
Steve Beattie
sbeattie at ubuntu.com
Wed May 25 07:22:21 UTC 2016
Hi,
I prepared security updates for glibc/eglibc in precise, trusty, and
wily. However, the updates addresses CVE-2016-2856 and CVE-2013-2207
by disabling pt_chown and not having grantpt() fail if /dev/pts got
remounted incorrectly. Due to this I asked Adam Conrad to copy the
updates into the proposed pockets to get more widespread testing, as
earlier attempts to address these issues had resulted in breakage for
users, particularly around chroots. (The same pt_chown fixes landed
in glibc in time for the xenial release.)
Now that they've been in proposed for a while, I'd like to argue that
the updates should be moved to the security and updates pockets. I've
tested each of the versions as I would for a normal security update,
as well as doing specific testing for the pt_chown issue, looking
for breakage. I don't see any new bug reports or error reports for
the specific versions in proposed.
However, the ADT tests triggered by glibc moving into proposed show a
number of failures. I've examined these, and I don't believe any of the
failures are regressions introduced by the glibc packages. What follows
is my analysis for each listed "regression".
Given all of the above, I'd like to ask that the glibc/eglibc pacckages
in proposed be moved to their respective security and updates pockets.
Thanks!
ADT analysis:
=======
precise
=======
http://people.canonical.com/~ubuntu-archive/proposed-migration/precise/update_excuses.html#eglibc
Regression in autopkgtest for dahdi-linux 1:2.5.0.1+dfsg-1ubuntu2.2 (i386):
Regression in autopkgtest for dahdi-linux 1:2.5.0.1+dfsg-1ubuntu2.2 (amd64):
tests routinely fail:
http://autopkgtest.ubuntu.com/packages/d/dahdi-linux/precise/i386/
http://autopkgtest.ubuntu.com/packages/d/dahdi-linux/precise/amd64/
I can't find what's causing these tests to be run or how they are
run, dahdi-linux source package has no Testsuite: header nor a
debian/tests/ directory.
Regression in autopkgtest for linux-lts-trusty 3.13.0-86.130~precise1 (armhf):
kernel build timeout after 10k seconds. kernel build is normally
skipped in tests triggered by the meta package update (e.g. "rebuild:
short circuiting build for 'linux-meta-lts-trusty/3.13.0.87.79'"):
http://autopkgtest.ubuntu.com/packages/l/linux-lts-trusty/precise/armhf/
======
Trusty
======
http://people.canonical.com/~ubuntu-archive/proposed-migration/trusty/update_excuses.html#eglibc
Regression in autopkgtest for apt 1.0.1ubuntu2.13 (armhf):
started failing before eglibc triggered test:
http://autopkgtest.ubuntu.com/packages/a/apt/trusty/armhf/ (looks like
a permissions problem with the squid proxy?)
Regression in autopkgtest for dahdi-linux 1:2.5.0.1+dfsg-1ubuntu4~14.04.4 (ppc64el):
Been failing long before eglibc upload:
http://autopkgtest.ubuntu.com/packages/d/dahdi-linux/trusty/ppc64el/
Regression in autopkgtest for gvfs 1.20.3-0ubuntu1.2 (ppc64el):
tests always failed, the tests that are listed as passing under
http://autopkgtest.ubuntu.com/packages/g/gvfs/trusty/ppc64el/ were
skipped due to lack of virtualization in the test environment
Regression in autopkgtest for linux-keystone 3.13.0-56.81 (armhf):
kernel build failures TIMEOUT after 10k seconds, previous rebuild test managed
to complete.
Regression in autopkgtest for linux 3.13.0-86.130 (ppc64el):
An apparmor regression test failure, but not caused by glibc update,
this is https://bugs.launchpad.net/qa-regression-testing/+bug/1543461
Regression in autopkgtest for linux-lts-utopic 3.16.0-71.91~14.04.1 (amd64):
Regression in autopkgtest for linux-lts-utopic 3.16.0-71.91~14.04.1 (armhf):
Regression in autopkgtest for linux-lts-utopic 3.16.0-71.91~14.04.1 (i386):
kernel build failures TIMEOUT after 10k seconds, rebuild is normally
short-circuited
Regression in autopkgtest for linux-lts-utopic 3.16.0-71.91~14.04.1 (ppc64el):
kernel build succeeded, but attempt to run tests failed due to version
mismatch between kernel source and installed kernel:
Source Package Version: 3.16.0-71.91~14.04.1
Running Kernel Version: 3.13.0-86.130
ERROR: running version does not match source package
http://autopkgtest.ubuntu.com/packages/l/linux-lts-utopic/trusty/ppc64el/
Regression in autopkgtest for linux-lts-vivid 3.19.0-59.65~14.04.1 (amd64):
Regression in autopkgtest for linux-lts-vivid 3.19.0-59.65~14.04.1 (armhf):
Regression in autopkgtest for linux-lts-vivid 3.19.0-59.65~14.04.1 (i386):
kernel build failures TIMEOUT after 10k seconds, rebuild is normally
short-circuited
Regression in autopkgtest for linux-lts-vivid 3.19.0-59.65~14.04.1 (ppc64el):
kernel build succeeded, but attempt to run tests failed due to version
mismatch between kernel source and installed kernel:
Source Package Version: 3.19.0-59.65~14.04.1
Running Kernel Version: 3.13.0-86.130
ERROR: running version does not match source package
http://autopkgtest.ubuntu.com/packages/l/linux-lts-vivid/trusty/ppc64el/
Regression in autopkgtest for linux-lts-wily 4.2.0-36.41~14.04.1 (armhf):
kernel build failures TIMEOUT after 10k seconds, rebuild is normally
short-circuited
Regression in autopkgtest for linux-lts-xenial 4.4.0-21.37~14.04.1 (armhf):
kernel build failures TIMEOUT after 10k seconds, rebuild is normally
short-circuited
Regression in autopkgtest for network-manager 0.9.8.8-0ubuntu7.2 (ppc64el):
long-standing failure:
http://autopkgtest.ubuntu.com/packages/n/network-manager/trusty/ppc64el
(calling rfkill command with invalid argument?)
Regression in autopkgtest for ofono-phonesim 1.19-0ubuntu10 (amd64):
http://autopkgtest.ubuntu.com/packages/o/ofono-phonesim/trusty/amd64/
sometimes passes, sometimes fails.
Regression in autopkgtest for pandas 0.13.1-2ubuntu2 (i386):
FAIL: test_sum (pandas.tests.test_frame.TestDataFrame)
looks to be https://github.com/pydata/pandas/issues/6982 ?
not glibc related.
Regression in autopkgtest for python2.7 2.7.6-8ubuntu0.2 (armhf):
A couple of regression test failures that look to be
permissions problems? Previous test that is listed as
"passed" actually failed in the same way, just wasn't detected:
http://autopkgtest.ubuntu.com/packages/p/python2.7/trusty/armhf
Regression in autopkgtest for ubuntu-drivers-common 1:0.2.91.11 (i386):
Been failing for a while:
http://autopkgtest.ubuntu.com/packages/u/ubuntu-drivers-common/trusty/i386/
not glibc related
Regression in autopkgtest for langford 0.0.20130228-3 (armhf):
similar-style dkms failure to dahdi-linux? fails tests frequently:
http://autopkgtest.ubuntu.com/packages/l/langford/trusty/armhf/
====
Wily
====
http://people.canonical.com/~ubuntu-archive/proposed-migration/wily/update_excuses.html#glibc
Regression in autopkgtest for apport 2.19.1-0ubuntu5 (i386):
Regression in autopkgtest for apport 2.19.1-0ubuntu5 (amd64):
failure to install a different version of libc for armhf testcase
failure? Has been failing on both arches for a while:
http://autopkgtest.ubuntu.com/packages/a/apport/wily/amd64/
http://autopkgtest.ubuntu.com/packages/a/apport/wily/i386/
Regression in autopkgtest for chromium-browser 49.0.2623.108-0ubuntu0.15.10.1.1223 (armhf):
possible chromium segfault? That said, it looks like a similar sikuli
error pops up even in the 'passing' test runs
http://autopkgtest.ubuntu.com/packages/c/chromium-browser/wily/armhf/
Regression in autopkgtest for crash 7.1.1-1ubuntu4.1 (ppc64el):
Regression in autopkgtest for crash 7.1.1-1ubuntu4.1 (i386):
Regression in autopkgtest for crash 7.1.1-1ubuntu4.1 (amd64):
Failures due to gpg key that signs the ddeb repo changing, preventing
install of linux kernel ddeb package?
Regression in autopkgtest for dahdi-linux 1:2.10.0.1~dfsg-1ubuntu4 (ppc64el):
Been failing for a while:
http://autopkgtest.ubuntu.com/packages/d/dahdi-linux/wily/ppc64el/
Regression in autopkgtest for ganeti 2.15.1-1 (amd64):
Starting failing before glibc package:
http://autopkgtest.ubuntu.com/packages/g/ganeti/wily/amd64/
Regression in autopkgtest for gdnsd 2.1.2-1 (i386):
Regression in autopkgtest for gdnsd 2.1.2-1 (amd64):
gdnsd fails on service startup in postinst:
http://autopkgtest.ubuntu.com/packages/g/gdnsd/wily/i386/
http://autopkgtest.ubuntu.com/packages/g/gdnsd/wily/amd64/
I am able to reproduce this in a vm, as the gdnsd daemon attempts to
bind to port 53, which conflicts with dnsmasq running on loopback
bound port 53. I'm not sure why this isn't a problem for the
successful test runs.
Regression in autopkgtest for kdelibs4support 5.15.0-0ubuntu1 (ppc64el):
Regression in autopkgtest for kdelibs4support 5.15.0-0ubuntu1 (amd64):
dh_acc (abi-compliance-checker) is failing while generating the
initial base abi dump. I can reproduce this locally in a vm with 768M
allocated to it, it fails when run in non-quiet mode with 'ERROR:
can't pack the ABI dump: Cannot allocate memory' but I can't tell if
it's the same failure happening in adt, as returned Error code 2 is
used as an Undifferentiated error code, though Error 1 is supposed to
be the value returned if the ABI is incompatible.
http://autopkgtest.ubuntu.com/packages/k/kdelibs4support/wily/amd64/
Regression in autopkgtest for kdepim-runtime 4:15.08.2-0ubuntu1 (ppc64el):
Regression in autopkgtest for kdepim-runtime 4:15.08.2-0ubuntu1 (i386):
Regression in autopkgtest for kdepim-runtime 4:15.08.2-0ubuntu1 (amd64):
Regression in autopkgtest for kdepim-runtime 4:15.08.2-0ubuntu1 (armhf):
tests failing for a while, not glibc related:
http://autopkgtest.ubuntu.com/packages/k/kdepim-runtime/wily/amd64/
http://autopkgtest.ubuntu.com/packages/k/kdepim-runtime/wily/armhf/
http://autopkgtest.ubuntu.com/packages/k/kdepim-runtime/wily/i386/
http://autopkgtest.ubuntu.com/packages/k/kdepim-runtime/wily/ppc64el/
some kind of IMAP failure?
Regression in autopkgtest for kservice 5.15.0-0ubuntu1 (ppc64el):
Regression in autopkgtest for kservice 5.15.0-0ubuntu1 (i386):
Regression in autopkgtest for kservice 5.15.0-0ubuntu1 (amd64):
Regression in autopkgtest for kservice 5.15.0-0ubuntu1 (armhf):
tests failing for a while, not glibc related:
http://autopkgtest.ubuntu.com/packages/k/kservice/wily/amd64
http://autopkgtest.ubuntu.com/packages/k/kservice/wily/armhf
http://autopkgtest.ubuntu.com/packages/k/kservice/wily/i386
http://autopkgtest.ubuntu.com/packages/k/kservice/wily/ppc64el
Regression in autopkgtest for kwayland 4:5.4.2-0ubuntu1 (ppc64el):
http://autopkgtest.ubuntu.com/packages/k/kwayland/wily/ppc64el new
failure for unclear reasons, but i386 has always failed in the same
way: http://autopkgtest.ubuntu.com/packages/k/kwayland/wily/i386
Regression in autopkgtest for libxml-libxml-perl 2.0116+dfsg-5 (i386):
Regression in autopkgtest for libxml-libxml-perl 2.0116+dfsg-5 (amd64):
missing Changes.pm from test environment? Tests frequently fail.
http://autopkgtest.ubuntu.com/packages/libx/libxml-libxml-perl/wily/i386/
http://autopkgtest.ubuntu.com/packages/libx/libxml-libxml-perl/wily/amd64/
Regression in autopkgtest for libxml-libxslt-perl 1.94-1 (i386):
Regression in autopkgtest for libxml-libxslt-perl 1.94-1 (amd64):
missing Changes.pm from test environment? Tests frequently fail.
http://autopkgtest.ubuntu.com/packages/libx/libxml-libxslt-perl/wily/amd64/
http://autopkgtest.ubuntu.com/packages/libx/libxml-libxslt-perl/wily/i386/
Regression in autopkgtest for lxcfs 0.10-0ubuntu2.1 (i386):
Regression in autopkgtest for lxcfs 0.10-0ubuntu2.1 (amd64):
tests failing for a while, not glibc related
http://autopkgtest.ubuntu.com/packages/l/lxcfs/wily/amd64/
http://autopkgtest.ubuntu.com/packages/l/lxcfs/wily/i386/
Regression in autopkgtest for ofono-phonesim 1.20-1ubuntu3 (armhf):
History is mostly failures, had one successful test run:
http://autopkgtest.ubuntu.com/packages/o/ofono-phonesim/wily/armhf/
not glibc related
Regression in autopkgtest for pdns 3.4.5-1build2 (i386):
Regression in autopkgtest for pdns 3.4.5-1build2 (amd64):
unable to resolve test host, but failure started occurring with
postgresql triggered test
http://autopkgtest.ubuntu.com/packages/p/pdns/wily/amd64/
http://autopkgtest.ubuntu.com/packages/p/pdns/wily/i386/
Regression in autopkgtest for pg-reorg 1.1.11-1 (i386):
Regression in autopkgtest for pg-reorg 1.1.11-1 (amd64):
Regression in autopkgtest for pg-reorg 1.1.11-1 (armhf):
test failures started with postgresql update, not glibc related
http://autopkgtest.ubuntu.com/packages/p/pg-reorg/wily/amd64/
http://autopkgtest.ubuntu.com/packages/p/pg-reorg/wily/armhf/
http://autopkgtest.ubuntu.com/packages/p/pg-reorg/wily/i386/
Regression in autopkgtest for postgresql-multicorn 1.2.2-1 (ppc64el):
Regression in autopkgtest for postgresql-multicorn 1.2.2-1 (i386):
Regression in autopkgtest for postgresql-multicorn 1.2.2-1 (amd64):
Regression in autopkgtest for postgresql-multicorn 1.2.2-1 (armhf):
test failures started with postgresql update, not glibc related
http://autopkgtest.ubuntu.com/packages/p/postgresql-multicorn/wily/amd64/
http://autopkgtest.ubuntu.com/packages/p/postgresql-multicorn/wily/armhf/
http://autopkgtest.ubuntu.com/packages/p/postgresql-multicorn/wily/i386/
http://autopkgtest.ubuntu.com/packages/p/postgresql-multicorn/wily/ppc64el/
Regression in autopkgtest for python-cffi 1.1.2-1ubuntu2 (i386):
Regression in autopkgtest for python-cffi 1.1.2-1ubuntu2 (amd64):
Does not appear to be glibc related (missing setup.py in test cases?)
http://autopkgtest.ubuntu.com/packages/p/python-cffi/wily/amd64/
http://autopkgtest.ubuntu.com/packages/p/python-cffi/wily/i386/
Regression in autopkgtest for rocs 4:15.08.2-0ubuntu1 (ppc64el):
Regression in autopkgtest for rocs 4:15.08.2-0ubuntu1 (amd64):
Compiler ICE on 64bit systems? First time tested since Nov 2015
http://autopkgtest.ubuntu.com/packages/r/rocs/wily/amd64/
http://autopkgtest.ubuntu.com/packages/r/rocs/wily/ppc64el/
Regression in autopkgtest for s3ql 2.13+dfsg-2 (ppc64el):
Regression in autopkgtest for s3ql 2.13+dfsg-2 (armhf):
504 Gateway timeout error? Possible differing test setup?
http://autopkgtest.ubuntu.com/packages/s/s3ql/wily/armhf/
http://autopkgtest.ubuntu.com/packages/s/s3ql/wily/ppc64el/
Note that i386/amd64 have failed always with the same error, so maybe
devirt->virt conversion?:
http://autopkgtest.ubuntu.com/packages/s/s3ql/wily/i386/
http://autopkgtest.ubuntu.com/packages/s/s3ql/wily/amd64/
Regression in autopkgtest for udisks2 2.1.6-2ubuntu1 (i386):
Regression in autopkgtest for udisks2 2.1.6-2ubuntu1 (amd64):
Started failing with timeouts on systemd update:
http://autopkgtest.ubuntu.com/packages/u/udisks2/wily/amd64/
http://autopkgtest.ubuntu.com/packages/u/udisks2/wily/i386/
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-release/attachments/20160525/64f6e4a3/attachment.pgp>
More information about the Ubuntu-release
mailing list