Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these template lines ***
Dear Maintainer: Sorry, add some missing information below: After update to Buster, the systemd-sysusers are segfaulting every time. After search around, I found following bugreport in glibc https://sourceware.org/legacy-ml/libc-alpha/2016-06/msg01015.html I backported to the fix to 2.28-10, it fixed the problem. glibc upstream have a different fix for it in 2.32, see https://sourceware.org/bugzilla/show_bug.cgi?id=20338 I think it's still easier to backport the fix in msg01015.html to 2.28 version, patch attached in the initial report.
* Jinpu Wang: The patch from 2016 is incomplete because it does not seek back to the original file position, so the next call of fgetsgent_r skips over the entry that could not be fully parsed.
Hi Florian, Thanks for quick response, can you provide a minimum bugfix, which can be easily backported to old version like 2.28? as you also make the bug 20338 as a security hole. Regards! Jinpu
I think we do not want to diverge from the upstream fix, even if it is a bit more work to backport. We first need to fix it in bullseye/sid and then we can try to get this in the next buster stable release. It is marked as "security-", so it is *not* considered as a security issue (as the content of this file is trusted). Aurelien
* Aurelien Jarno: I can backport it to upstream release branches, all the way to version 2.28. Would that help? I plan to add local copies of the new functions, so that the GLIBC_PRIVATE ABI remains unchanged. But I have other commitments, so that may not happen until September-ish. That's right.
Hi, Yes, that would definitely help. The timing should not be an issue, I still have to prepare a buster upload. Thanks, Aurelien
Hi Florian, hi Aurelien, I did a backport of your fixes from glibc 2.32 to Buster 2.28, as patch attached. I tested with systemd-sysusers, it no longer SEGV. Can you please review it? Thanks! Jinpu
Dear maintainers, We are still seeing the same SEGV with Bullseye, I did a forward porting of the minimum bugfix. Is it possible to get it upstream. The patch is against glibc 2.31-13+deb11u2. Thanks! Regards Jinpu Wang Sr. Linux Kernel Storage Programmer Compute Platform Development Cloud IONOS SE | Revaler Str. 30 | 10245 Berlin | Deutschland Phone: E-Mail: jinpu.wang@ionos.com | Web: www.ionos.de Hauptsitz Montabaur, Amtsgericht Montabaur, HRB 24498 Vorstand: Hüseyin Dogan, Dr. Martin Endreß, Claudia Frese, Henning Kettler, Arthur Mai, Britta Schmidt, Achim Weiß Aufsichtsratsvorsitzender: Markus Kadelke Member of United Internet Diese E-Mail kann vertrauliche und/oder gesetzlich geschützte Informationen enthalten. Wenn Sie nicht der bestimmungsgemäße Adressat sind oder diese E-Mail irrtümlich erhalten haben, unterrichten Sie bitte den Absender und vernichten Sie diese E-Mail. Anderen als dem bestimmungsgemäßen Adressaten ist untersagt, diese E-Mail zu speichern, weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient of this e-mail, you are hereby notified that saving, distribution or use of the content of this e-mail in any way is prohibited. If you have received this e-mail in error, please notify the sender and delete the e-mail.