Your message dated Sat, 15 Sep 2012 18:32:50 +0000 with message-id <e1tcxag-00058b...@franck.debian.org> and subject line Bug#670578: fixed in gnunet 0.9.3-3 has caused the Debian Bug report #670578, regarding gcc-4.6: [sparc] compiler fails to align stack-allocated struct,with array of uint32-values to 32-bit boundary to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 670578: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670578 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: gcc-4.6 Version: 4.6.3-1 Justification: causes non-serious data loss Severity: grave When compiling GNUnet on our sparc buildbot, gcc decides to place the "hc" variable from file https://gnunet.org/doxygen/d7/dc5/gnunet-service-mesh_8c_source.html in line 3860 at an inadequate stack offset; the type of the variable is this https://gnunet.org/doxygen/d6/d36/struct_g_n_u_n_e_t___hash_code.html which should be placed on a 4-byte boundary (as confirmed by an extensive discussion with Eric Botcazou; who could not say if this was a Debian or an upstream issue). Note that swapping the 'hc' with 'u16' does not solve the problem; however adding an 'align(4)' attribute does fix the issue. The result of the mis-alignment is that a few lines later a pointer to the variable on the stack is dereferenced, resulting in a SIGBUS. This is a security issue, as now virtually any complex C code compiled with this version of gcc can theoretically result in a SIGBUS at any time. I've tried to produce a simpler instance of the bug (mimicking a similar stack layout) but failed to get gcc to create the bad stack layout with "simpler" code. The problem also exists with gcc 4.4 (where we observed it first, but then updated to 4.6 to see if it disappeared). I believe this is a security issue (in the broadest sense) as with this bug virtually *any* non-trivial C code compiled with gcc could SIGBUS at any time, resulting in data-loss for the current process. Given that the issue is hard to reproduce, I'm happy to say that we can easily give shell access to our system; alternatively, the best procedure to reproduce is to: 1) download and install GNUnet from SVN HEAD (difficult on Debian due to outdated dependencies, but possible, see http://gnunet.org/) 2) enable core dumps (ulimit -c 9999999, etc.) 3) run 'make check' in src/vpn/ (after running 'make install' as root) 4) enjoy the core dumps with gdb (they are usually a bit useless, but show the sigbus) -- now you know the system is affected 5) run "gnunet-arm -s" with a default configuration with all applications (fs, vpn) disabled and 'AUTOSTART=NO' for mesh; 6) run 'gdb gnunet-service-mesh' 7) run 'gnunet-arm -i exit' in another shell 8) observe gdb-supervised gnunet-service-mesh crashing, now with nice stack trace for the SIGBUS; enjoy the stack layout Again, while running into this bad stack layout seems to not happen easily, non-deterministic crashes are still data-loss issues (so re-compiling *all* of Debian/Sparc might be indicated after fixing this issue...). Happy hacking! Christian -- System Information: Debian Release: 6.0.4 APT prefers stable APT policy: (700, 'stable'), (650, 'testing') Architecture: sparc (sparc64) Kernel: Linux 2.6.32-5-sparc64 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages gcc-4.6 depends on: ii binutils 2.22-6 GNU assembler, linker and binary u ii cpp-4.6 4.6.3-1 GNU C preprocessor ii gcc-4.6-base 4.6.3-1 GCC, the GNU Compiler Collection ( ii libc6 2.13-27 Embedded GNU C Library: Shared lib ii libgcc1 1:4.7.0-3 GCC support library ii libgmp10 2:5.0.4+dfsg-1 Multiprecision arithmetic library ii libgomp1 4.7.0-3 GCC OpenMP (GOMP) support library ii libmpc2 0.9-4 multiple precision complex floatin ii libmpfr4 3.1.0-4 multiple precision floating-point ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages gcc-4.6 recommends: ii libc6-dev 2.13-27 Embedded GNU C Library: Developmen Versions of packages gcc-4.6 suggests: pn binutils-gold <none> (no description available) pn gcc-4.6-doc <none> (no description available) pn gcc-4.6-locales <none> (no description available) pn gcc-4.6-multilib <none> (no description available) pn libgcc1-dbg <none> (no description available) pn libgomp1-dbg <none> (no description available) pn libmudflap0-4.6-dev <none> (no description available) pn libmudflap0-dbg <none> (no description available) pn libquadmath-dbg <none> (no description available) -- no debconf information
--- End Message ---
--- Begin Message ---Source: gnunet Source-Version: 0.9.3-3 We believe that the bug you reported is fixed in the latest version of gnunet, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 670...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bertrand Marc <beberk...@gmail.com> (supplier of updated gnunet package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 05 Aug 2012 20:13:49 +0200 Source: gnunet Binary: gnunet gnunet-client gnunet-common gnunet-dbg gnunet-server gnunet-dev Architecture: source all amd64 Version: 0.9.3-3 Distribution: unstable Urgency: low Maintainer: Bertrand Marc <beberk...@gmail.com> Changed-By: Bertrand Marc <beberk...@gmail.com> Description: gnunet - secure, trust-based peer-to-peer framework (meta) gnunet-client - secure, trust-based peer-to-peer framework (client) gnunet-common - secure, trust-based peer-to-peer framework (common) gnunet-dbg - secure, trust-based peer-to-peer framework (debug) gnunet-dev - secure, trust-based peer-to-peer framework (development) gnunet-server - secure, trust-based peer-to-peer framework (server) Closes: 670578 670794 673301 685856 Changes: gnunet (0.9.3-3) unstable; urgency=low . * debian/control: update Vcs-* to the new repository in collab-maint. * Install only the generated binaries on Hurd, thanks to Cyril Roelandt (Closes: #670794). * Use chmod and chown instead of dpkg-statoverride to set special permissions and upgrade properly depending on the previous version (Closes: #673301). * Fix "gcc-4.6: [sparc] compiler fails to align stack-allocated struct, with array of uint32-values to 32-bit boundary": new patch sparc_alignment.patch, taken from upstream: https://lists.gnu.org/archive/html/gnunet-svn/2012-07/msg00548.html Thanks to Jurij Smakov for the analysis. (Closes: #670578) * Fix the logfile name in gnunet-server.logrotate (Closes: #685856). Checksums-Sha1: daf0b1ba31e66efac22b70eea371b0be82841a94 2440 gnunet_0.9.3-3.dsc a0e1c6f099dafb6ab8a0a0b0d05cae7e2185f6b3 30279 gnunet_0.9.3-3.debian.tar.gz 7537dd5e7ba5ce675334ac42670eb0a7d718fefd 914 gnunet_0.9.3-3_all.deb 3c493fbcaf939320649130496b01f2f032634f2a 47062 gnunet-client_0.9.3-3_amd64.deb 9635365518b62af307f718c397298271718a4898 349222 gnunet-common_0.9.3-3_amd64.deb 51e8534da8389246b6b9e4fc86cdad9dc0c875e4 3086438 gnunet-dbg_0.9.3-3_amd64.deb 4e5efb83dc8474498dfecc8b4a98aba752a11c82 915274 gnunet-server_0.9.3-3_amd64.deb a4a5e4394b5e862a1f786527c6ce4c9f533f1ef6 3626428 gnunet-dev_0.9.3-3_amd64.deb Checksums-Sha256: 72277da8e8525bb0861a9a3ea77f979e7687b78631e2c4562f21af6a59433e84 2440 gnunet_0.9.3-3.dsc 604413eb5189c68a787b5ca02fc0b83717189abf72de7f002d710a0046cdc920 30279 gnunet_0.9.3-3.debian.tar.gz 9788cb38ac54dafb120cbf38f42cf15f8d19b23dce99786dddb186723a690625 914 gnunet_0.9.3-3_all.deb 54429db160aff52b63ee5ccfec7c66f504dd3103c59144e641b6c936434b8b38 47062 gnunet-client_0.9.3-3_amd64.deb 4376bb239b905a71802a7964b6d669a230f08a6f7cfc624583cc53d4681797ce 349222 gnunet-common_0.9.3-3_amd64.deb ed98b684948fb521bc84e16cdff8086ce90713a7ea1b00519aede01c75bc6dc4 3086438 gnunet-dbg_0.9.3-3_amd64.deb cfd43a1c2db240a425db52194396e92b75d78412e818474d835795be262280ba 915274 gnunet-server_0.9.3-3_amd64.deb 175104af33a714347d4f6d2546b19b843e5aa822a85f56feaef1c406871563ee 3626428 gnunet-dev_0.9.3-3_amd64.deb Files: a2e5ea5fd0c493ce28ec6726d8632d76 2440 net optional gnunet_0.9.3-3.dsc 0773424509ad4a5def5803f47c89e443 30279 net optional gnunet_0.9.3-3.debian.tar.gz f567d9b231a8f1f6d62d1cd7124a5ea4 914 net optional gnunet_0.9.3-3_all.deb c21e33002ef1a967894d7d0a92c78335 47062 net optional gnunet-client_0.9.3-3_amd64.deb c7a66887b8e43fc54e491ead03429b97 349222 net optional gnunet-common_0.9.3-3_amd64.deb 397fab707abcb79324917cd3fa277ed6 3086438 debug extra gnunet-dbg_0.9.3-3_amd64.deb 8f84acc2a192b7aa6cbd47a116c76c97 915274 net optional gnunet-server_0.9.3-3_amd64.deb 9d243de298b0ad013abb6cc44920ac88 3626428 libdevel optional gnunet-dev_0.9.3-3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIVAwUBUFTH3wkauFYGmqocAQj2Zg/8C283/F/XFTiNi7m82IkUmQHFbLEMqWOi 2hjWvildlaSUYmBUwm1fUM7pjReetusJxPkr5aAuXWby1A1+WM0j3DBGruGNXPcl ItTIewxXke/RU6pgFkJqjsumOZxRqD7KJxSbBrm3XHpxPJvyb4FMKztSx9PuL6MH X9yPi2lbEn7kRD2/IA0Dn28quKriJxWYcGg0hncFXDv3a2Y39ijhmQvY7+j/xu+z WZelqPAaL4Xtk186KyBKxkweoJCIEcuGkkHgkzIigYU1AUyyBnNEsM0aOnW01PpJ AgZZ2w6uKa98zK2IsQXNhbXm3/T4A9Gh+ChrClrv3/e2b4mwWwWTkd0kCMbBu/DM CZNBYi0zG8saXSqOZu9oBmkgBHmLWlrGllwvUR66vU+p3nN11aWSglunyOzhpP2s m/v1WgCFJxF46vTU74CZ7Abah/+NOVOircp1/0XNPlDMJvSsHIdjtezH9XvxO+bC c+C+wUhs0LTpBoKYMdNzgLoOjnG/Q9bKDjg9dXbyU8EM08YaXFUrUe39KfMQy+lt 7KVwP7yHCJmsPrFdYU+nQsCldrFUrFcYfSqjZtC+We5vd4SmJHe7SMa+/IvWFUl4 TM+f53F4MlKAwgyJI+Ibsxfz1mxK0ZavhF8OL1bsVyDB+431LscKk1gECEzqcX1/ a2QiIwRslng= =vNQJ -----END PGP SIGNATURE-----
--- End Message ---
