Your message dated Sun, 28 Aug 2022 12:02:08 +0000 with message-id <E1oSGzQ-00FVTG-Sy@fasolo.debian.org> and subject line Bug#1015740: fixed in glibc 2.31-13+deb11u4 has caused the Debian Bug report #1015740, regarding libc6: Include patch to make grantpt usable after multi-threaded fork in more cases to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1015740: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015740 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: libc6: Include patch to make grantpt usable after multi-threaded fork in more cases
- From: Ian Wienand <iwienand@redhat.com>
- Date: Wed, 20 Jul 2022 03:40:35 +0000
- Message-id: <165828843568.984252.2016560186346974040.reportbug@6bfdae83ff95>Package: libc6 Version: 2.31-13+deb11u3 Severity: normal Tags: patch X-Debbugs-Cc: iwienand@redhat.com Dear Maintainer, The glibc bug https://sourceware.org/bugzilla/show_bug.cgi?id=24941 fixed by https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=27fe5f2e67a0e4cc0526b1b32b55f8e519075edb provides fixes for the grantpt() call deadlocking after fork(). This seems rather esoteric, but has caused difficult to debug issues for Ansible users, e.g. https://github.com/ansible/ansible/issues/59642 In opendev.org CI (zuul.opendev.org) several users hit this in various ways as our execution environment is based on Debian Bullseye. We have pulled a more recent glibc into our images with https://review.opendev.org/c/zuul/zuul/+/849795 But hopefully we can find a solution that is helpful to everyone. I have pulled the patch and applied it with minor fuzz updates against 2.31-13+deb11u3. Could we consider having this applied? Thanks, -i -- System Information: Debian Release: 11.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.18.10-200.fc36.x86_64 (SMP w/12 CPU threads; PREEMPT) Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: unable to detect Versions of packages libc6 depends on: ii libcrypt1 1:4.4.18-4 ii libgcc-s1 10.2.1-6 Versions of packages libc6 recommends: ii libidn2-0 2.3.0-5 pn libnss-nis <none> pn libnss-nisplus <none> Versions of packages libc6 suggests: ii debconf [debconf-2.0] 1.5.77 pn glibc-doc <none> pn libc-l10n <none> pn locales <none> -- debconf information excluded
commit 27fe5f2e67a0e4cc0526b1b32b55f8e519075edb Author: Florian Weimer <fweimer@redhat.com> Date: Wed Oct 7 14:55:04 2020 +0200 Linux: Require properly configured /dev/pts for PTYs Current systems do not have BSD terminals, so the fallback code in posix_openpt/getpt does not do anything. Also remove the file system check for /dev/pts. Current systems always have a devpts file system mounted there if /dev/ptmx exists. grantpt is now essentially a no-op. It only verifies that the argument is a ptmx-descriptor. Therefore, this change indirectly addresses bug 24941. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> (Cherry-picked by Ian Wienand <iwienand@redhat.com>) Index: glibc-2.31/INSTALL =================================================================== --- glibc-2.31.orig/INSTALL +++ glibc-2.31/INSTALL @@ -184,14 +184,9 @@ if 'CFLAGS' is specified it must enable '--enable-pt_chown' The file 'pt_chown' is a helper binary for 'grantpt' (*note Pseudo-Terminals: Allocation.) that is installed setuid root to fix - up pseudo-terminal ownership. It is not built by default because - systems using the Linux kernel are commonly built with the 'devpts' - filesystem enabled and mounted at '/dev/pts', which manages - pseudo-terminal ownership automatically. By using - '--enable-pt_chown', you may build 'pt_chown' and install it setuid - and owned by 'root'. The use of 'pt_chown' introduces additional - security risks to the system and you should enable it only if you - understand and accept those risks. + up pseudo-terminal ownership on GNU/Hurd. It is not required on + GNU/Linux, and the GNU C Library will not use the installed + 'pt_chown' program when configured with '--enable-pt_chown'. '--disable-werror' By default, the GNU C Library is built with '-Werror'. If you wish Index: glibc-2.31/NEWS =================================================================== --- glibc-2.31.orig/NEWS +++ glibc-2.31/NEWS @@ -399,6 +399,18 @@ Changes to build and runtime requirement Older GCC versions and non-GNU compilers are still supported when compiling programs that use the GNU C Library. +* On Linux, the system administrator needs to configure /dev/pts with + the intended access modes for pseudo-terminals. glibc no longer + attemps to adjust permissions of terminal devices. The previous glibc + defaults ("tty" group, user read/write and group write) already + corresponded to what most systems used, so that grantpt did not + perform any adjustments. + +* On Linux, the posix_openpt and getpt functions no longer attempt to + use legacy (BSD) pseudo-terminals and assume that if /dev/ptmx exists + (and pseudo-terminals are supported), a devpts file system is mounted + on /dev/pts. Current systems already meet these requirements. + Security related changes: CVE-2019-7309: x86-64 memcmp used signed Jcc instructions to check Index: glibc-2.31/sysdeps/unix/sysv/linux/getpt.c =================================================================== --- glibc-2.31.orig/sysdeps/unix/sysv/linux/getpt.c +++ glibc-2.31/sysdeps/unix/sysv/linux/getpt.c @@ -16,69 +16,18 @@ License along with the GNU C Library; if not, see <https://www.gnu.org/licenses/>. */ -#include <errno.h> #include <fcntl.h> -#include <stdlib.h> #include <unistd.h> #include <paths.h> -#include <sys/statfs.h> - -#include "linux_fsinfo.h" /* Path to the master pseudo terminal cloning device. */ #define _PATH_DEVPTMX _PATH_DEV "ptmx" -/* Directory containing the UNIX98 pseudo terminals. */ -#define _PATH_DEVPTS _PATH_DEV "pts" - -/* Prototype for function that opens BSD-style master pseudo-terminals. */ -extern int __bsd_openpt (int oflag) attribute_hidden; /* Open a master pseudo terminal and return its file descriptor. */ int __posix_openpt (int oflag) { - static int have_no_dev_ptmx; - int fd; - - if (!have_no_dev_ptmx) - { - fd = __open (_PATH_DEVPTMX, oflag); - if (fd != -1) - { - struct statfs fsbuf; - static int devpts_mounted; - - /* Check that the /dev/pts filesystem is mounted - or if /dev is a devfs filesystem (this implies /dev/pts). */ - if (devpts_mounted - || (__statfs (_PATH_DEVPTS, &fsbuf) == 0 - && fsbuf.f_type == DEVPTS_SUPER_MAGIC) - || (__statfs (_PATH_DEV, &fsbuf) == 0 - && fsbuf.f_type == DEVFS_SUPER_MAGIC)) - { - /* Everything is ok. */ - devpts_mounted = 1; - return fd; - } - - /* If /dev/pts is not mounted then the UNIX98 pseudo terminals - are not usable. */ - __close (fd); - have_no_dev_ptmx = 1; - __set_errno (ENOENT); - } - else - { - if (errno == ENOENT || errno == ENODEV) - have_no_dev_ptmx = 1; - else - return -1; - } - } - else - __set_errno (ENOENT); - - return -1; + return __open (_PATH_DEVPTMX, oflag); } weak_alias (__posix_openpt, posix_openpt) @@ -86,17 +35,6 @@ weak_alias (__posix_openpt, posix_openpt int __getpt (void) { - int fd = __posix_openpt (O_RDWR); - if (fd == -1) - fd = __bsd_openpt (O_RDWR); - return fd; + return __posix_openpt (O_RDWR); } weak_alias (__getpt, getpt) - - -#define PTYNAME1 "pqrstuvwxyzabcde"; -#define PTYNAME2 "0123456789abcdef"; - -#define HAVE_GETPT -#define HAVE_POSIX_OPENPT -#include <sysdeps/unix/bsd/getpt.c> Index: glibc-2.31/sysdeps/unix/sysv/linux/grantpt.c =================================================================== --- glibc-2.31.orig/sysdeps/unix/sysv/linux/grantpt.c +++ glibc-2.31/sysdeps/unix/sysv/linux/grantpt.c @@ -1,44 +1,41 @@ -#include <assert.h> -#include <ctype.h> -#include <dirent.h> +/* grantpt implementation for Linux. + Copyright (C) 1998-2020 Free Software Foundation, Inc. + This file is part of the GNU C Library. + Contributed by Zack Weinberg <zack@rabi.phys.columbia.edu>, 1998. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <https://www.gnu.org/licenses/>. */ + #include <errno.h> -#include <fcntl.h> -#include <paths.h> #include <stdlib.h> -#include <unistd.h> - -#include <not-cancel.h> +#include <sys/ioctl.h> +#include <termios.h> -#include "pty-private.h" - -#if HAVE_PT_CHOWN -/* Close all file descriptors except the one specified. */ -static void -close_all_fds (void) +int +grantpt (int fd) { - DIR *dir = __opendir ("/proc/self/fd"); - if (dir != NULL) - { - struct dirent64 *d; - while ((d = __readdir64 (dir)) != NULL) - if (isdigit (d->d_name[0])) - { - char *endp; - long int fd = strtol (d->d_name, &endp, 10); - if (*endp == '\0' && fd != PTY_FILENO && fd != dirfd (dir)) - __close_nocancel_nostatus (fd); - } - - __closedir (dir); - - int nullfd = __open_nocancel (_PATH_DEVNULL, O_RDONLY); - assert (nullfd == STDIN_FILENO); - nullfd = __open_nocancel (_PATH_DEVNULL, O_WRONLY); - assert (nullfd == STDOUT_FILENO); - __dup2 (STDOUT_FILENO, STDERR_FILENO); - } + /* Without pt_chown on Linux, we have delegated the creation of the + pty node with the right group and permission mode to the kernel, and + non-root users are unlikely to be able to change it. Therefore let's + consider that POSIX enforcement is the responsibility of the whole + system and not only the GNU libc. */ + + /* Verify that fd refers to a ptmx descriptor. */ + unsigned int ptyno; + int ret = __ioctl (fd, TIOCGPTN, &ptyno); + if (ret != 0 && errno == ENOTTY) + /* POSIX requires EINVAL instead of ENOTTY provided by the kernel. */ + __set_errno (EINVAL); + return ret; } -# define CLOSE_ALL_FDS() close_all_fds() -#endif - -#include <sysdeps/unix/grantpt.c> Index: glibc-2.31/sysdeps/unix/sysv/linux/ptsname.c =================================================================== --- glibc-2.31.orig/sysdeps/unix/sysv/linux/ptsname.c +++ glibc-2.31/sysdeps/unix/sysv/linux/ptsname.c @@ -21,39 +21,14 @@ #include <stdlib.h> #include <string.h> #include <sys/ioctl.h> -#include <sys/stat.h> -#include <sys/sysmacros.h> #include <termios.h> #include <unistd.h> #include <_itoa.h> -/* Check if DEV corresponds to a master pseudo terminal device. */ -#define MASTER_P(Dev) \ - (__gnu_dev_major ((Dev)) == 2 \ - || (__gnu_dev_major ((Dev)) == 4 \ - && __gnu_dev_minor ((Dev)) >= 128 && __gnu_dev_minor ((Dev)) < 192) \ - || (__gnu_dev_major ((Dev)) >= 128 && __gnu_dev_major ((Dev)) < 136)) - -/* Check if DEV corresponds to a slave pseudo terminal device. */ -#define SLAVE_P(Dev) \ - (__gnu_dev_major ((Dev)) == 3 \ - || (__gnu_dev_major ((Dev)) == 4 \ - && __gnu_dev_minor ((Dev)) >= 192 && __gnu_dev_minor ((Dev)) < 256) \ - || (__gnu_dev_major ((Dev)) >= 136 && __gnu_dev_major ((Dev)) < 144)) - -/* Note that major number 4 corresponds to the old BSD style pseudo - terminal devices. As of Linux 2.1.115 these are no longer - supported. They have been replaced by major numbers 2 (masters) - and 3 (slaves). */ - /* Directory where we can find the slave pty nodes. */ #define _PATH_DEVPTS "/dev/pts/" -/* The are declared in getpt.c. */ -extern const char __libc_ptyname1[] attribute_hidden; -extern const char __libc_ptyname2[] attribute_hidden; - /* Static buffer for `ptsname'. */ static char buffer[sizeof (_PATH_DEVPTS) + 20]; @@ -68,19 +43,15 @@ ptsname (int fd) } +/* Store at most BUFLEN characters of the pathname of the slave pseudo + terminal associated with the master FD is open on in BUF. + Return 0 on success, otherwise an error number. */ int -__ptsname_internal (int fd, char *buf, size_t buflen, struct stat64 *stp) +__ptsname_r (int fd, char *buf, size_t buflen) { int save_errno = errno; unsigned int ptyno; - if (!__isatty (fd)) - { - __set_errno (ENOTTY); - return ENOTTY; - } - -#ifdef TIOCGPTN if (__ioctl (fd, TIOCGPTN, &ptyno) == 0) { /* Buffer we use to print the number in. For a maximum size for @@ -101,67 +72,11 @@ __ptsname_internal (int fd, char *buf, s memcpy (__stpcpy (buf, devpts), p, &numbuf[sizeof (numbuf)] - p); } - else if (errno != EINVAL) - return errno; else -#endif - { - char *p; - - if (buflen < strlen (_PATH_TTY) + 3) - { - __set_errno (ERANGE); - return ERANGE; - } - - if (__fxstat64 (_STAT_VER, fd, stp) < 0) - return errno; - - /* Check if FD really is a master pseudo terminal. */ - if (! MASTER_P (stp->st_rdev)) - { - __set_errno (ENOTTY); - return ENOTTY; - } - - ptyno = __gnu_dev_minor (stp->st_rdev); - - if (ptyno / 16 >= strlen (__libc_ptyname1)) - { - __set_errno (ENOTTY); - return ENOTTY; - } - - p = __stpcpy (buf, _PATH_TTY); - p[0] = __libc_ptyname1[ptyno / 16]; - p[1] = __libc_ptyname2[ptyno % 16]; - p[2] = '\0'; - } - - if (__xstat64 (_STAT_VER, buf, stp) < 0) + /* Bad file descriptor, or not a ptmx descriptor. */ return errno; - /* Check if the name we're about to return really corresponds to a - slave pseudo terminal. */ - if (! S_ISCHR (stp->st_mode) || ! SLAVE_P (stp->st_rdev)) - { - /* This really is a configuration problem. */ - __set_errno (ENOTTY); - return ENOTTY; - } - __set_errno (save_errno); return 0; } - - -/* Store at most BUFLEN characters of the pathname of the slave pseudo - terminal associated with the master FD is open on in BUF. - Return 0 on success, otherwise an error number. */ -int -__ptsname_r (int fd, char *buf, size_t buflen) -{ - struct stat64 st; - return __ptsname_internal (fd, buf, buflen, &st); -} weak_alias (__ptsname_r, ptsname_r)
--- End Message ---
--- Begin Message ---
- To: 1015740-close@bugs.debian.org
- Subject: Bug#1015740: fixed in glibc 2.31-13+deb11u4
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 28 Aug 2022 12:02:08 +0000
- Message-id: <E1oSGzQ-00FVTG-Sy@fasolo.debian.org>
- Reply-to: Aurelien Jarno <aurel32@debian.org>
Source: glibc Source-Version: 2.31-13+deb11u4 Done: Aurelien Jarno <aurel32@debian.org> We believe that the bug you reported is fixed in the latest version of glibc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1015740@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 26 Aug 2022 23:32:46 +0200 Source: glibc Architecture: source Version: 2.31-13+deb11u4 Distribution: bullseye Urgency: medium Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org> Changed-By: Aurelien Jarno <aurel32@debian.org> Closes: 1014735 1015740 Changes: glibc (2.31-13+deb11u4) bullseye; urgency=medium . [ Aurelien Jarno ] * debian/debhelper.in/libc-dev.NEWS: New file to explain how to update programs to use the TI-RPC library instead of the Sun RPC one. Closes: #1014735. * debian/patches/git-updates.diff: update from upstream stable branch: - Fix an off-by-one buffer overflow/underflow in getcwd() (CVE-2021-3999). - Fix an overflow bug in the SSE2 and AVX2 implementations of wmemchr. - Fix an overflow bug in the SSE4.1 and AVX2 implementations of wcslen and wcsncat. - Fix an overflow bug in the AVX2 and EVEX implementation of wcsncmp. - Add a few EVEX optimized string functions to fix a performance issue (up to 40%) with Skylake-X processors. - Make grantpt usable after multi-threaded fork. Closes: #1015740. - debian/patches/hurd-i386/git-posix_openpt.diff: rebase. * debian/rules.d/build.mk: pass --with-default-link=no to configure to ensure that libio vtable protection is enabled. Checksums-Sha1: dc2af46a866d9c46d3009f60bae04411d2d690a7 8347 glibc_2.31-13+deb11u4.dsc 1f4e2020c1a99c219964c9d81115a33b36c8b541 953784 glibc_2.31-13+deb11u4.debian.tar.xz 52de79772208800ea1edffc8d735610da6ce65b9 9057 glibc_2.31-13+deb11u4_source.buildinfo Checksums-Sha256: 2591bbb14fbf3f7490b3d67775601f991cfff721db3bc7bb0bf311165540fdaf 8347 glibc_2.31-13+deb11u4.dsc 0913d214e3c213d4e148b39fd7a1289dd3612799ec97fb55e1a77f8b6108cf76 953784 glibc_2.31-13+deb11u4.debian.tar.xz 2b3ed742da37cbf714ceef82005b2619e778071b22c894fcdb07a518128f644d 9057 glibc_2.31-13+deb11u4_source.buildinfo Files: 76ad7348971917d9557e2f43aa027615 8347 libs required glibc_2.31-13+deb11u4.dsc 28e888c67441ed231d3a6757d14276a6 953784 libs required glibc_2.31-13+deb11u4.debian.tar.xz 67076b5b980dfd543e3a714f2a3906a2 9057 libs required glibc_2.31-13+deb11u4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAmMJPxEACgkQE4jA+Jno M2vDDxAAliUXkbgJMMOke/pR0HFGWsPvJEkYHFMSu8sziL4TMDf06tkmN0svC16e Ks+S95sohIh/AgqqEjwU1MtH5s/m2A5UkMx6Xaj/EymAxMI+gmviFF68CgAdMGkE f0/cMIui8LICiR/j4VsAGfXk3jsnqm4h9ED82Z5zgWxaLXmYBeKnqfGQXOKtBPSy x56N9hkcnu4l68nes/so60LU3SC7yMmjnUuw+y902I8J5Yyyekb9QSyacbtYDixS w5BFCygLxPoVOZzDt+DAu2sSGvs8wvnyyH+MB28rI06ZM9x9LlS0Cxi3tbcMAAaH tEi2UxhlQ1QRJuU7yHZ3eUxqeMgB3lYJt4mijkXyBKK278EN0azDhvWwHH0UoFQo rvfkl8f94+ksIrF1wwSjLUAO2VXYi7g9xAgWZpyMEIhvSgwApwJ6Zl2sjxb0Wwv3 8uH6ggw3jUbulCxlgEDb8qFZV+Yxtyf+UMaM7ZVnDJGfeR4g+jnmXfyi93e9Qjwi +oZMOqf0Y3zIGuJtxMsjURU+Zu+/notO8q3DjmjwVrS00xI/9U0TiWQcJMD6m7Ww VPL0eA4gDXxjXGTSnQ0RKAsWrQPkj1c4Q3VDIt2Xajjm8pK8EofVlq92VIVk6Dfi lhlsXgCcT77CmoBe2PYC7PgIedgk61j2JtEj7EsDryMFAqFHY6Q= =xaQm -----END PGP SIGNATURE-----Attachment: pgpINdOdhx8Ro.pgp
Description: PGP signature
--- End Message ---