Ubuntu
glibc package

autopkgtest failure with libselinux 3.1

Bug #1887919 reported by Balint Reczey on 2020-07-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	glibc (Ubuntu)	Fix Released	Undecided	Unassigned
	lxc (Ubuntu)	Invalid	Undecided	Unassigned

Bug Description

https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-groovy/groovy/amd64/g/glibc/20200717_023434_9a6a8@/log.gz

...
x86_64-linux-gnu-gcc-9 nss_files/files-service.c -c -std=gnu11 -fgnu89-inline -pipe -O2 -g -O3 -Wall -Wwrite-strings -Wundef -Werror -fmerge-all-constants -frounding-math -fstack-protector-strong -Wstrict-prototypes -Wold-style-definition -fmath-errno -fPIC -fcf-protection -U_FORTIFY_SOURCE -isystem /tmp/autopkgtest.p9VjWR/build.CPS/src/debian/include -I../include -I/tmp/autopkgtest.p9VjWR/build.CPS/src/build-tree/amd64-libc/nss -I/tmp/autopkgtest.p9VjWR/build.CPS/src/build-tree/amd64-libc -I../sysdeps/unix/sysv/linux/x86_64/64 -I../sysdeps/unix/sysv/linux/x86_64 -I../sysdeps/unix/sysv/linux/x86/include -I../sysdeps/unix/sysv/linux/x86 -I../sysdeps/x86/nptl -I../sysdeps/unix/sysv/linux/wordsize-64 -I../sysdeps/x86_64/nptl -I../sysdeps/unix/sysv/linux/include -I../sysdeps/unix/sysv/linux -I../sysdeps/nptl -I../sysdeps/pthread -I../sysdeps/gnu -I../sysdeps/unix/inet -I../sysdeps/unix/sysv -I../sysdeps/unix/x86_64 -I../sysdeps/unix -I../sysdeps/posix -I../sysdeps/x86_64/64 -I../sysdeps/x86_64/fpu/multiarch -I../sysdeps/x86_64/fpu -I../sysdeps/x86/fpu/include -I../sysdeps/x86/fpu -I../sysdeps/x86_64/multiarch -I../sysdeps/x86_64 -I../sysdeps/x86 -I../sysdeps/ieee754/float128 -I../sysdeps/ieee754/ldbl-96/include -I../sysdeps/ieee754/ldbl-96 -I../sysdeps/ieee754/dbl-64/wordsize-64 -I../sysdeps/ieee754/dbl-64 -I../sysdeps/ieee754/flt-32 -I../sysdeps/wordsize-64 -I../sysdeps/ieee754 -I../sysdeps/generic -I.. -I../libio -I. -nostdinc -isystem /usr/lib/gcc/x86_64-linux-gnu/9/include -isystem /tmp/autopkgtest.p9VjWR/build.CPS/src/debian/include -D_LIBC_REENTRANT -include /tmp/autopkgtest.p9VjWR/build.CPS/src/build-tree/amd64-libc/libc-modules.h -DMODULE_NAME=libnss_files -include ../include/libc-symbols.h -DPIC -DSHARED -DTOP_NAMESPACE=glibc -o /tmp/autopkgtest.p9VjWR/build.CPS/src/build-tree/amd64-libc/nss/files-service.os -MD -MP -MF /tmp/autopkgtest.p9VjWR/build.CPS/src/build-tree/amd64-libc/nss/files-service.os.dt -MT /tmp/autopkgtest.p9VjWR/build.CPS/src/build-tree/amd64-libc/nss/files-service.os
makedb.c: In function ‘set_file_creation_context’:
makedb.c:849:3: error: ‘security_context_t’ is deprecated [-Werror=deprecated-declarations]
  849 | security_context_t ctx;
      | ^~~~~~~~~~~~~~~~~~
makedb.c:863:3: error: ‘matchpathcon’ is deprecated: Use selabel_lookup instead [-Werror=deprecated-declarations]
  863 | if (matchpathcon (outname, S_IFREG | mode, &ctx) == 0 && ctx != NULL)
      | ^~
In file included from makedb.c:50:
/usr/include/selinux/selinux.h:500:12: note: declared here
  500 | extern int matchpathcon(const char *path,
      | ^~~~~~~~~~~~

...

https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-groovy/groovy/amd64/l/lxc/20200717_015751_af18d@/log.gz
...
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../../src -fPIC -DPIC -DLXCROOTFSMOUNT=\"/usr/lib/x86_64-linux-gnu/lxc\" -DLXCPATH=\"/var/lib/lxc\" -DLXC_GLOBAL_CONF=\"/etc/lxc/lxc.conf\" -DLXCINITDIR=\"/usr/lib/x86_64-linux-gnu\" -DLIBEXECDIR=\"/usr/lib/x86_64-linux-gnu\" -DLXCTEMPLATEDIR=\"/usr/share/lxc/templates\" -DLXCTEMPLATECONFIG=\"/usr/share/lxc/config\" -DLOGPATH=\"/var/log/lxc\" -DLXC_DEFAULT_CONFIG=\"/etc/lxc/default.conf\" -DLXC_USERNIC_DB=\"/run/lxc/nics\" -DLXC_USERNIC_CONF=\"/etc/lxc/lxc-usernet\" -DDEFAULT_CGROUP_PATTERN=\"\" -DRUNTIME_PATH=\"/run\" -DSBINDIR=\"/usr/sbin\" -DAPPARMOR_CACHE_DIR=\"/var/cache/lxc/apparmor\" -I ../../src -I ../../src/lxc -I ../../src/lxc/storage -I ../../src/lxc/cgroups -DHAVE_APPARMOR -DHAVE_SECCOMP -DHAVE_SELINUX -pthread -g -O2 -fdiagnostics-color -Wimplicit-fallthrough=5 -Wcast-align -fno-strict-aliasing -fstack-clash-protection -fstack-protector-strong --param=ssp-buffer-size=4 -g -Werror=implicit-function-declaration -Wlogical-op -Wmissing-include-dirs -Winit-self -Wunused-but-set-variable -Wfloat-equal -Wsuggest-attribute=noreturn -Werror=return-type -Werror=incompatible-pointer-types -Wformat=2 -Wshadow -Wendif-labels -Werror=overflow -fdiagnostics-show-option -Werror=shift-count-overflow -Werror=shift-overflow=2 -Wdate-time -Wnested-externs -fasynchronous-unwind-tables -pipe -fexceptions -Wvla -std=gnu11 -Werror -MT lsm/liblxc_la-selinux.lo -MD -MP -MF lsm/.deps/liblxc_la-selinux.Tpo -c lsm/selinux.c -fPIC -DPIC -o lsm/.libs/liblxc_la-selinux.o
[01m[Klsm/selinux.c:[m[K In function ‘[01m[Kselinux_process_label_get[m[K’:
[01m[Klsm/selinux.c:35:2:[m[K [01;31m[Kerror: [m[K‘[01m[Ksecurity_context_t[m[K’ is deprecated [[01;31m[K-Werror=deprecated-declarations[m[K]
35 | [01;31m[Ksecurity_context_t[m[K ctx;
| [01;31m[K^~~~~~~~~~~~~~~~~~[m[K
cc1: all warnings being treated as errors
make[3]: Leaving directory '/tmp/autopkgtest.p4mrYx/build.NY9/src/src/lxc'
make[2]: Leaving directory '/tmp/autopkgtest.p4mrYx/build.NY9/src/src'
make[1]: Leaving directory '/tmp/autopkgtest.p4mrYx/build.NY9/src/src'
make[3]: *** [Makefile:2328: lsm/liblxc_la-selinux.lo] Error 1
make[2]: *** [Makefile:432: all-recursive] Error 1
make[1]: *** [Makefile:371: all] Error 2
make: *** [Makefile:529: all-recursive] Error 1
...

Tags:

CVE References

Revision history for this message

Balint Reczey (rbalint) wrote on 2020-07-17:

I plan fixing the glibc failure together with other issues early next week.

tags:

added: update-excuse

Revision history for this message

Balint Reczey (rbalint) wrote on 2020-07-17:

The change in SELinux causing the failures:
https://github.com/SELinuxProject/selinux/commit/9eb9c9327563014ad6a807814e7975424642d5b9

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-09-20:

Download full text (8.2 KiB)

This bug was fixed in the package glibc - 2.32-0ubuntu3

---------------
glibc (2.32-0ubuntu3) groovy; urgency=medium

  * Fix cross-toolchain-base.
    Use ${Depends:foo=foo} magic to not create cross packages for
    libnss-nis*, rpcsvc-proto, libtirpc-dev and libnsl-dev (LP: #1895632)
  * XFAIL time/tst-cpuclock1 (LP: #1895687)

glibc (2.32-0ubuntu2) groovy; urgency=medium

  * Merge from Debian unstable
  * Refresh patches
  * debian/watch: Use HTTPS and download xz-compressed tarball
  * debian/watch: Use upstream's signing key to verify the tarball
  * Don't build and ship libnsl.a and Sun RPC static library and header files
  * XFAIL stdlib/tst-getrandom (LP: #1891403)
  * debian/symbols.wildcards: Update versions
  * Make libc-dev depend on rpcsvc-proto and libtirpc-dev.
    They replace development files for the Sun RPC library removed in glibc 32.
  * Make libc-dev depend on libnsl-dev.
    It replaces the development files for the new libnsl library replacing the
    one shipped by glibc.
  * Don't check symbols of libnss_nis.so and libnss_nisplus.so libraries.
    They are not shipped in glibc 2.32
  * Depend on libnss-nis and libnss-nisplus shipping the libraries dropped
    in 2.32
  * debian/patches/git-updates.diff: update from upstream stable branch:
    - x86-64: Fix FMA4 detection in ifunc
  * debian/testsuite-xfail-debian.mk: XFAIL unsupported tests failing in autopkgtest

glibc (2.31-3) unstable; urgency=medium

  [ Aurelien Jarno ]
  * debian/control.in/libc: add a Breaks: against openarena (<< 0.8.8+dfsg-4~)
    due to bug#966150.
  * debian/control.in/libc: add a Breaks: against ioquake3
    (<< 1.36+u20200211.f2c61c1~dfsg-2~) as previous versions are not correctly
    linked with libm.
  * debian/patches/git-updates.diff: update from upstream stable branch:
    - Fix an infinite loop in the iconv program (CVE-2016-10228). Closes:
      #856503.
    - debian/patches/any/submitted-selinux-deprecations.diff: upstreamed.
    - debian/patches/x32/submitted-fix-nptl-setgroups-x32.diff: upstreamed.
  * debian/rules.d/build.mk: install <finclude/math-vector-fortran.h> in the
    multiarch path. Closes: #962457.

  [ Samuel Thibault ]
  * debian/libc0.3.symbols.hurd-i386: Fix dependency of __errno_location and
    __h_errno_location symbols in libpthread.
  * patches/hurd-i386/unsubmitted-sbrk-_end.diff: Fix _end symbol appearance
    by reworking sbrk.
  * patches/hurd-i386/unsubmitted-sched_sets.diff: Add sched_set/getscheduler.
  * patches/hurd-i386/git-pthread_atfork-hidden.diff: Hide pthread_atfork
    symbols imported to applications, to avoid leaking them.

glibc (2.31-2ubuntu1) groovy; urgency=medium

[ Michael Hudson-Doyle ]
* Mark tst-getpw as XFAIL on arm64. (LP: #1869364)

This bug was fixed in the package glibc - 2.32-0ubuntu3

---------------
glibc (2.32-0ubuntu3) groovy; urgency=medium

glibc (2.32-0ubuntu2) groovy; urgency=medium

glibc (2.31-3) unstable; urgency=medium

[ Aurelien Jarno ]
  * debian/control.in/libc: add a Breaks: against openarena (<< 0.8.8+dfsg-4~)
    due to bug#966150.
  * debian/control.in/libc: add a Breaks: against ioquake3
    (<< 1.36+u20200211.f2c61c1~dfsg-2~) as previous versions are not correctly
    linked with libm.
  * debian/patches/git-updates.diff: update from upstream stable branch:
    - Fix an infinite loop in the iconv program (CVE-2016-10228).  Closes:
      #856503.
    - debian/patches/any/submitted-selinux-deprecations.diff: upstreamed.
    - debian/patches/x32/submitted-fix-nptl-setgroups-x32.diff: upstreamed.
  * debian/rules.d/build.mk: install <finclude/math-vector-fortran.h> in the
    multiarch path.  Closes: #962457.

glibc (2.31-2ubuntu1) groovy; urgency=medium

[ Michael Hudson-Doyle ]
  * Mark tst-getpw as XFAIL on arm64. (LP: #1869364)

[ Balint Reczey ]
  * Merge from Debian unstable
    - debian/patches/any/submitted-selinux-deprecations.diff: proposed patch to
      ignore the selinux deprecations introduced in libselinux (>= 3.1), fixing
      an FTBFS. (LP: #1887919)
    Remaining changes:
    - Enable libc6{,-dev}-armel on armhf and libc6{-dev}-armhf on armel.
    - Heavily mangle the way we do service restarting on major upgrades.
    - Build amd64 with -O3, and build ppc64 variants (both 64-bit and 32-bit)
      with -O3 -fno-tree-vectorize.
    - Build generic i386 flavour with -mno-tls-direct-seg-refs for Xen.
    - Drop the libc6-xen flavour, as the above change covers Xen's needs.
    - Enable systemtap support, which is currently disabled in Debian.
    - Don't build libc-l10n, its contents get stripped for language-packs.
    - Drop libc-bin manpages Recommends to Suggests to keep it in standard.
    - Revert dropping the ldconfig wrapper, as we still have a lot of
      packages that don't ship a trigger but instead call in postinst.
    - Use DH_COMPAT=8 for dh_strip to fix debug sections for valgrind.
    - Mangle locales package to support Ubuntu language packs seamlessly.
    - Relax some expected test failures for our infrastructure's quirks.
    - Let nptl/tst-stack4 fail, as it's been racing on several architectures.
    - Copy the fully conditionalized x86 variant for math-vector-fortran.h
      to /usr/include/finclude. On all architectures.
    - Backport x86 CET patches from the trunk.
    - Ship arm64 variant with LSE support in libc6-lse
    - debian/sysdeps/{amd64/i386/x32}.mk: Enable Intel Control Flow
    Dropped changes:
    - Build i386 variants as -march=i686
    - debian/patches/git-updates.diff: update from upstream stable branch.
  * debian/gbp.conf: Add initial configuration
  * debian/debhelper.in/libc.preinst: Fix setting LDCONFIG_NOTRIGGER
    (LP: #1889190)
  * Build-depend again on g++-10-multilib on armel and armhf which were lost in the merge
    (LP: #1889069)
  * debian/control.in/main: Add Vcs-* pointing to Ubuntu packaging repository
  * Don't handle false positive stringop-overflow warnings as errors on ppc64el
  * Fall back to calling nanosleep syscall when __clock_nanosleep returns EINVAL
    (LP: #1871240)
  * debian/testsuite-xfail-debian.mk: XFAIL stdlib/tst-strtod-round on riscv64

glibc (2.31-2) unstable; urgency=medium

[ Aurelien Jarno ]
  * debian/control.in/libc: add a Breaks: against macs (<< 2.2.7.1-3~) due to
    bug #965073.
  * debian/patches/git-updates.diff: update from upstream stable branch:
    - Fix a signed comparison vulnerability in the ARMv7 memcpy and memmove
      functions (CVE-2020-6096).  Closes: #961452.
  * debian/control.in/libc: do not limit the openssh-server breaks to 32-bit
    architectures, clock_nanosleep has to be allowed in addition to
    clock_gettime64.  Closes: #965932.
  * debian/patches/any/submitted-selinux-deprecations.diff: proposed patch to
    ignore the selinux deprecations introduced in libselinux (>= 3.1), fixing
    an FTBFS.  Closes: #965941.
  * debian/patches/x32/submitted-fix-nptl-setgroups-x32.patch: proposed patch
    to fix the setgroups functions in threaded applications on x32 (without
    the testsuite part).  Closes: #965091.

[ Samuel Thibault ]
  * debian/patches/hurd-i386/local-tls-ie-align.diff: Fix TLS IE load with >=
    8 byte alignment.
  * debian/testsuite-xfail-debian.mk: Update backtrace result.
  * debian/patches/hurd-i386/git-fix-longjmp.diff: Fix longjmp from dl loader.
    Notably fixes calling setuid programs from eatmydata.
  * debian/control: Build-depend on gnumach-dev with userland driver RPC interface.
  * debian/libc0.3.symbols.hurd-i386: Add userland driver RPC interface stubs.
  * debian/patches/hurd-i386/local-clock_gettime_MONOTONIC.diff: Make
    clock_nanosleep accept CLOCK_MONOTONIC as well.

glibc (2.31-1) unstable; urgency=medium

[ Samuel Thibault ]
  * debian/control: Build-depend on gcc-10 version that defaults to i686 on
    hurd-i386.
  * debian/control: Build-depend on mig-for-host instead of mig.
  * debian/sysdeps/hurd-i386.mk: Drop adding -march=i686.
  * debian/hurd-i386/git-pselect.diff: Fix pselect atomicity.
  * debian/hurd-i386/git-fexecve.diff: Fix fexecve.
  * debian/hurd-i386/git-cond_destroy.diff: Fix cond_destroy synchronization
    with woken threads.
  * debian/hurd-i386/git-holes.diff: Fix detecting support for file holes.
  * debian/hurd-i386/local-clock_gettime_MONOTONIC.diff: Also fix clock_getres
    with CLOCK_MONOTONIC.
  * debian/hurd-i386/git-longjmp-onstack.diff: Fix longjmp-ing from altstack.
  * debian/hurd-i386/git-register-atfork2.diff: Fix register-atfork ordering.
  * debian/hurd-i386/git-intr-msg-unwind.diff: Fix unwinding over interruptible
    RPC.
  * debian/hurd-i386/git-strtol-test.diff: Fix testing strtol errors.
  * debian/testsuite-xfail-debian.mk: Update.
  * debian/debhelper.in/libc-udeb.install.hurd-i386: Add missing
    libmachuser/libhurduser.
  * debian/rules.d/debhelper.mk: Add dh_link pass to libc-udeb binaryinst.
  * debian/debhelper.in/libc-udeb.links.hurd-i386: Add missing ld.so link.
  * debian/rules: Clean links file.

[ Aurelien Jarno ]
  * debian/patches/git-updates.diff: update from upstream stable branch.
  * debian/patches/any/git-surplus-tls-accounting.diff: backport TLS surplus
    accounting from upstream.  Closes: #964141.
  * debian/control.in/main: update breaks on cross-toolchain-base* as they
    will need changes to build with glibc 2.31.

-- Balint Reczey <rbalint@ubuntu.com>  Tue, 15 Sep 2020 17:13:26 +0200

Changed in glibc (Ubuntu):
status:	New → Fix Released

Stéphane Graber (stgraber) on 2022-02-03

Changed in lxc (Ubuntu):
status:	New → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuglibc package

autopkgtest failure with libselinux 3.1

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
glibc package