Your message dated Tue, 20 Jan 2009 16:17:41 +0000
with message-id <e1lpjil-0000r6...@ries.debian.org>
and subject line Bug#483645: fixed in glibc 2.9-0exp2
has caused the Debian Bug report #483645,
regarding glibc: 32 bits uid/gid overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
483645: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483645
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libc6
Version: 2.7-16
Severity: normal
File: glibc
Hi,
I was working on setting nss-pgsql on my system when I discovered this bug.
It seems that uid/gid use 32 bits integer and if a uid/gid is set bigger than
(2^32)-1,
their is an overflow.
For example I have done this:
# echo "toto:x:4294967296:4294967296:Fake root:/home/linus:/bin/bash" >>
/etc/passwd
The result is:
# id toto
uid=0(root) gid=0(root) groupes=0(root)
This could be a security break...
-- System Information:
Debian Release: 5.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libc6 depends on:
ii libgcc1 1:4.3.2-1 GCC support library
libc6 recommends no packages.
Versions of packages libc6 suggests:
pn glibc-doc <none> (no description available)
ii locales 2.7-16 GNU C Library: National Language (
-- debconf information:
glibc/upgrade: true
glibc/restart-failed:
glibc/restart-services:
--- End Message ---
--- Begin Message ---
Source: glibc
Source-Version: 2.9-0exp2
We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive:
glibc-doc_2.9-0exp2_all.deb
to pool/main/g/glibc/glibc-doc_2.9-0exp2_all.deb
glibc-source_2.9-0exp2_all.deb
to pool/main/g/glibc/glibc-source_2.9-0exp2_all.deb
glibc_2.9-0exp2.diff.gz
to pool/main/g/glibc/glibc_2.9-0exp2.diff.gz
glibc_2.9-0exp2.dsc
to pool/main/g/glibc/glibc_2.9-0exp2.dsc
libc6-dbg_2.9-0exp2_amd64.deb
to pool/main/g/glibc/libc6-dbg_2.9-0exp2_amd64.deb
libc6-dev-i386_2.9-0exp2_amd64.deb
to pool/main/g/glibc/libc6-dev-i386_2.9-0exp2_amd64.deb
libc6-dev_2.9-0exp2_amd64.deb
to pool/main/g/glibc/libc6-dev_2.9-0exp2_amd64.deb
libc6-i386_2.9-0exp2_amd64.deb
to pool/main/g/glibc/libc6-i386_2.9-0exp2_amd64.deb
libc6-pic_2.9-0exp2_amd64.deb
to pool/main/g/glibc/libc6-pic_2.9-0exp2_amd64.deb
libc6-prof_2.9-0exp2_amd64.deb
to pool/main/g/glibc/libc6-prof_2.9-0exp2_amd64.deb
libc6-udeb_2.9-0exp2_amd64.udeb
to pool/main/g/glibc/libc6-udeb_2.9-0exp2_amd64.udeb
libc6_2.9-0exp2_amd64.deb
to pool/main/g/glibc/libc6_2.9-0exp2_amd64.deb
libnss-dns-udeb_2.9-0exp2_amd64.udeb
to pool/main/g/glibc/libnss-dns-udeb_2.9-0exp2_amd64.udeb
libnss-files-udeb_2.9-0exp2_amd64.udeb
to pool/main/g/glibc/libnss-files-udeb_2.9-0exp2_amd64.udeb
locales-all_2.9-0exp2_amd64.deb
to pool/main/g/glibc/locales-all_2.9-0exp2_amd64.deb
locales_2.9-0exp2_all.deb
to pool/main/g/glibc/locales_2.9-0exp2_all.deb
nscd_2.9-0exp2_amd64.deb
to pool/main/g/glibc/nscd_2.9-0exp2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 483...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <aure...@debian.org> (supplier of updated glibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 20 Jan 2009 09:20:14 +0100
Source: glibc
Binary: glibc-doc glibc-source locales locales-all nscd libc6 libc6-dev
libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg
libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg
libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg
libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64
libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64
libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32
libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386
libc6-sparcv9b libc6-i686 libc6-xen libc0.1-i686 libc6.1-alphaev67
libnss-dns-udeb libnss-files-udeb
Architecture: source all amd64
Version: 2.9-0exp2
Distribution: experimental
Urgency: low
Maintainer: Aurelien Jarno <aure...@debian.org>
Changed-By: Aurelien Jarno <aure...@debian.org>
Description:
glibc-doc - GNU C Library: Documentation
glibc-source - GNU C Library: sources
libc0.1 - GNU C Library: Shared libraries
libc0.1-dbg - GNU C Library: Libraries with debugging symbols
libc0.1-dev - GNU C Library: Development Libraries and Header Files
libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64
libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64
libc0.1-i686 - GNU C Library: Shared libraries [i686 optimized]
libc0.1-pic - GNU C Library: PIC archive library
libc0.1-prof - GNU C Library: Profiling Libraries
libc0.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
libc0.3 - GNU C Library: Shared libraries
libc0.3-dbg - GNU C Library: Libraries with debugging symbols
libc0.3-dev - GNU C Library: Development Libraries and Header Files
libc0.3-pic - GNU C Library: PIC archive library
libc0.3-prof - GNU C Library: Profiling Libraries
libc0.3-udeb - GNU C Library: Shared libraries - udeb (udeb)
libc6 - GNU C Library: Shared libraries
libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64
libc6-dbg - GNU C Library: Libraries with debugging symbols
libc6-dev - GNU C Library: Development Libraries and Header Files
libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64
libc6-dev-i386 - GNU C Library: 32bit development libraries for AMD64
libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64
libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64
libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for
ppc64
libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64
libc6-dev-s390x - GNU C Library: 64bit Development Libraries for IBM zSeries
libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC
libc6-i386 - GNU C Library: 32bit shared libraries for AMD64
libc6-i686 - GNU C Library: Shared libraries [i686 optimized]
libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64
libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64
libc6-pic - GNU C Library: PIC archive library
libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64
libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64
libc6-prof - GNU C Library: Profiling Libraries
libc6-s390x - GNU C Library: 64bit Shared libraries for IBM zSeries
libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC
libc6-sparcv9b - GNU C Library: Shared libraries [v9b optimized]
libc6-udeb - GNU C Library: Shared libraries - udeb (udeb)
libc6-xen - GNU C Library: Shared libraries [Xen version]
libc6.1 - GNU C Library: Shared libraries
libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized)
libc6.1-dbg - GNU C Library: Libraries with debugging symbols
libc6.1-dev - GNU C Library: Development Libraries and Header Files
libc6.1-pic - GNU C Library: PIC archive library
libc6.1-prof - GNU C Library: Profiling Libraries
libc6.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb)
libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb)
locales - GNU C Library: National Language (locale) data [support]
locales-all - GNU C Library: Precompiled locale data
nscd - GNU C Library: Name Service Cache Daemon
Closes: 468849 481543 483645 489946 489960 504031 504663 505784 506515 506881
507488 510083 510219 511430 511811 512238
Changes:
glibc (2.9-0exp2) experimental; urgency=low
.
[ Aurelien Jarno ]
* New upstream release.
- This version has been tagged in the CVS, update debian/rules and
debian/rules.d/tarball.mk accordingly.
- shs_CA locale is enabled. Closes: #504663.
- fix snprintf with low-memory. Closes: #481543.
- fix mtrace warning message. Closes: #507488.
- Disable m68k/local-mathinline_h.diff.
- Update any/local-bashisms.diff.
- Update hurd-i386/local-tls-support.diff.
- Update localedata/locale-en_DK.diff.
- Update localedata/sort-UTF8-first.diff.
- Update localedata/supported.diff.
- Update localedata/first_weekday.diff.
- Remove all/submitted-iconv-latin9.diff (merged).
- Remove any/submitted-user_h.diff (merged).
- Remove any/cvs-bug-iconv6_tst-iconv7.diff (merged).
- Remove any/cvs-getaddrinfo.diff (merged).
- Remove any/cvs-iconv-braces.diff (merged).
- Remove any/cvs-nscd-getservbyport.diff (merged).
- Remove any/cvs-regex_anchor.diff (merged).
- Remove any/cvs-tst-regex.diff (merged).
- Remove any/submitted-rpcgen-makefile.diff (merged).
- Remove hppa/cvs-context.diff (merged).
- Remove hppa/submitted-atomic_h.diff (merged).
- Remove hppa/submitted-fesetenv.diff (merged).
- Remove hurd-i386/cvs-lock-memory-clobber.diff (merged).
- Remove hurd-i386/cvs-mig-init.diff (merged).
- Remove hurd-i386/cvs-MSG_NOSIGNAL.diff (merged).
- Remove hurd-i386/cvs-open_2.diff (merged).
- Remove hurd-i386/cvs-signal-werror.diff (merged).
- Remove hurd-i386/cvs-termios.diff (merged).
- Remove hurd-i386/cvs-fcntl-types.diff (merged).
- Remove mips/local-setjmp.diff (merged).
- Remove sparc/cvs-context.diff (merged).
- Remove localedata/locale-ks_IN.diff (replaced upstream by
ks...@devanagari).
- debian/shlibver: bump to 2.9.
- debian/locales-depver: bump to 2.9.
- debian/sysdeps/depflags.pl: add a conflict on nscd (<< 2.9) to libc.
- Finnish (fi_FI) time format is fixed. closes: #468849.
* debhelper.in/locales.config: convert ks_IN into ks...@devanagari.
* symbols.wildcards: update for glibc 2.9.
* debhelper.in/*.lintian: update for glibc 2.9.
* testsuite-checking/compare.sh: don't assume expected and current
testsuite results in same order. Closes: bug#504031.
* testsuite-checking/expected-results-powerpc64-linux-ppc64: update.
* debian/local/etc_init.d/glibc.sh: add Description and Short-Description.
Closes: bug#510083.
* Remove manpage that will be provided by manpages-dev. Closes: bug#506515,
bug#505784.
* debian/copyright: update. Closes: bug#506881.
* any/submitted-popen.diff: new patch from Gentoo to fix popen() on >= 2.6.27
kernels. Closes: bug#512238.
* arm/submitted-setjmp.diff: new patch to fix build on arm.
* debian/rules: set BUILD_CC (host compiler) to gcc, and set CC (target
compiler) to gcc-4.3. The later can be override on a per target basis.
* debian/rules.d/build.mk: enable stackguard randomization. Closes:
bug#511811.
* expected-results-i486-linux-gnu-libc, expected-results-i686-linux-i686:
Add tests that fail on a Xen machine. Sigh.
.
[ Clint Adams ]
* patches/any/cvs-bz697-posix-regexec.diff: regex fix from Paolo Bonzini.
* patches/any/cvs-bz9697-posix-regcomp.diff: regex fix from Paolo Bonzini,
closes: #510219.
* patches/localedata/submitted-bz9725-locale-sv_SE.diff: fix from David
Weinehall for incorrect sv_SE date format. closes: #489960.
* patches/any/cvs-bz9706-nss_nss-files_files-parse.diff: unify NSS
behavior between 32-bit and 64-bit platforms. addresses: #483645.
* localedata/submitted-bz9730-locale-sv_FI.diff: make sv_FI time format
conform to that of fi_FI. closes: #489946.
* Rename patches/localedata/el_CY_euro.diff to
patches/localedata/submitted-bz9731-el_CY_euro.diff.
* Rename patches/localedata/dz_BT-collation.diff to
patches/localedata/submitted-bz9732-dz_BT-collation.diff.
.
[ Arthur Loiret ]
* patches/any/local-nss-overflow.diff: new patch to ignore uids and gids
greater than UINT_MAX. Closes: #483645.
* patches/hppa/submitted-tsd.diff: new patch from to fix build on hppa.
Closes: #511430.
Checksums-Sha1:
a6d2aab96a9af688c2c7ef63a81c6c129997b750 2673 glibc_2.9-0exp2.dsc
e6acaa21569423884175821617775344670670ab 685563 glibc_2.9-0exp2.diff.gz
f6563da87e5dd0a42a17a3f95161837b8827ab08 1650500 glibc-doc_2.9-0exp2_all.deb
ff144cfe9502f33932245a3bd9b086f25537ed1e 16106054
glibc-source_2.9-0exp2_all.deb
a226da471a319706642d59f79f75d60e082d8d92 4660156 locales_2.9-0exp2_all.deb
47c73d139f52ee69e756091a81b7de0273d79b4c 4936850 libc6_2.9-0exp2_amd64.deb
e22979975b6e1c7d56c32846700b435f079c9a68 2519726 libc6-dev_2.9-0exp2_amd64.deb
ad17fb0b1e41bfbbd624d27d3b292db9f5cc2112 1945726 libc6-prof_2.9-0exp2_amd64.deb
2622553674e79acde0751cd583bb2875d5e10c3c 1481458 libc6-pic_2.9-0exp2_amd64.deb
4735b332e1483c5048c581ffc546384d523e580e 2936866
locales-all_2.9-0exp2_amd64.deb
0628b8ba055c3b77dea51c9103bcd1cadd4d9226 3754914 libc6-i386_2.9-0exp2_amd64.deb
7c43e3ad16bbf3e75f072d66282fe0c53e24d9cd 1500396
libc6-dev-i386_2.9-0exp2_amd64.deb
5ba6c426fd32454ae8f07ed86636a83e1f1a064c 183260 nscd_2.9-0exp2_amd64.deb
2f3c91530c128b50989e2bc1afc0c8ac1537d3b9 5389376 libc6-dbg_2.9-0exp2_amd64.deb
c26939f97d746d9c8568b17165714d84760ebf05 1116574
libc6-udeb_2.9-0exp2_amd64.udeb
33c642de6ed3f5a902530590d7ea17f7dd95bb97 10890
libnss-dns-udeb_2.9-0exp2_amd64.udeb
50d88c0c6fcca65b80cd0cd5d2cb6326685fbdce 19312
libnss-files-udeb_2.9-0exp2_amd64.udeb
Checksums-Sha256:
7adcbaade9be83975e77cfc085cf5263c001c2ef22af1634d8c0a84d6b3aa4be 2673
glibc_2.9-0exp2.dsc
aa6c74b5b3b02d8faf473124defa2270c8a8e362758e605ae8732a03d2935860 685563
glibc_2.9-0exp2.diff.gz
a1a2a2a965726f702419c5d92dd86fcb78481dbd168da64594692174d1266440 1650500
glibc-doc_2.9-0exp2_all.deb
3c459827c031b59c9214e7f2da9cb2e21adfc0f567c62aba58ceaf8f79d18951 16106054
glibc-source_2.9-0exp2_all.deb
e05e9315acfc735217422c516626f5b767cfeec62be76aabb6c563629993f1ff 4660156
locales_2.9-0exp2_all.deb
9b71d07187e14c24ddd732091dad74d3bbc9c30d85b375e4313b73032c8bb82e 4936850
libc6_2.9-0exp2_amd64.deb
ac81ed402cc366a066e9828c3d03d9edbb782cd7c1673369ddc83f128afb91c7 2519726
libc6-dev_2.9-0exp2_amd64.deb
e8f542b0f9d8a8036fcb0416134a9e80634ad0d6926c87c5895e73a26f859403 1945726
libc6-prof_2.9-0exp2_amd64.deb
3df84c53479dcdbe9dc0ba50eca5df569a6aede76b4a36718427883273182dd4 1481458
libc6-pic_2.9-0exp2_amd64.deb
a8f07e2c174f28fb94d02523c3725934668d685e0a07d779c0b0fd2fa8829837 2936866
locales-all_2.9-0exp2_amd64.deb
22e67d195b2556fcb6036d020e6fd266dabbaaf3c5a2c49d7f57f51390db9b60 3754914
libc6-i386_2.9-0exp2_amd64.deb
fc2ba2d09a881bfa48a014a78f6ec31d90085185b065db2ea75ba0c85cea0fd2 1500396
libc6-dev-i386_2.9-0exp2_amd64.deb
cd23ffd8fea8d88bff3632f5b0915766005171a8a4c81c3ebdefb1e1de480e7c 183260
nscd_2.9-0exp2_amd64.deb
ca1c11c200cc353bbedf3c4962360ec8ea29549579905892f26b6379c9c4f658 5389376
libc6-dbg_2.9-0exp2_amd64.deb
411c867e98938d719f5e65e3084f66a99b2bc9ae8a7d54858485789c7417606e 1116574
libc6-udeb_2.9-0exp2_amd64.udeb
db882f8c8200bfeca2831d9ac8150a4eacc2c533422489cb99e2c6db11eb64d3 10890
libnss-dns-udeb_2.9-0exp2_amd64.udeb
4905556d89bf473d25a794b70fc4581cfc94f4c572bcd7c503f4cae3d27fd59f 19312
libnss-files-udeb_2.9-0exp2_amd64.udeb
Files:
bf4218959c42f07276f146ceaac2a886 2673 libs required glibc_2.9-0exp2.dsc
741231d777fe7323835dea0b92cb9a86 685563 libs required glibc_2.9-0exp2.diff.gz
ace16f4f7154989ba9228060fd5b3c8a 1650500 doc optional
glibc-doc_2.9-0exp2_all.deb
0a484dbad37770a87aeac9c804bc9fdf 16106054 devel optional
glibc-source_2.9-0exp2_all.deb
05a6617976d7796566ec0a473a279132 4660156 libs standard
locales_2.9-0exp2_all.deb
5f14e510408d8a56e1eaaf535d101fcf 4936850 libs required
libc6_2.9-0exp2_amd64.deb
342bca9196ab994f2832d28c8dc38545 2519726 libdevel optional
libc6-dev_2.9-0exp2_amd64.deb
1912ce2ffb46411679200c4150424dc4 1945726 libdevel extra
libc6-prof_2.9-0exp2_amd64.deb
6d3a53402aafc78731c680ba0c20133a 1481458 libdevel optional
libc6-pic_2.9-0exp2_amd64.deb
94903a25a5b1021e3362cda0b93ee72b 2936866 libs extra
locales-all_2.9-0exp2_amd64.deb
f408b68de6de0d71df30351c80c89c11 3754914 libs optional
libc6-i386_2.9-0exp2_amd64.deb
2ffb38735b3f2d10448cc285fcac344c 1500396 libdevel optional
libc6-dev-i386_2.9-0exp2_amd64.deb
4258cd5ce42578adebd80e6755de2440 183260 admin optional nscd_2.9-0exp2_amd64.deb
1302463e9c06284ab60d6ef9ce9390be 5389376 libdevel extra
libc6-dbg_2.9-0exp2_amd64.deb
60f0f47f0548c93efa09155de043213d 1116574 debian-installer extra
libc6-udeb_2.9-0exp2_amd64.udeb
da981d48ffcf96b21f7a47c7aa78bd95 10890 debian-installer extra
libnss-dns-udeb_2.9-0exp2_amd64.udeb
97c6de75fe27322d5a520b212325aea4 19312 debian-installer extra
libnss-files-udeb_2.9-0exp2_amd64.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJdfUGw3ao2vG823MRAtjQAJ9/VgoPVe6aRlFx1ET9oxSUdBhZOACgiAeH
RUcm0dD4vzQyJDm04Msj+cU=
=GJfx
-----END PGP SIGNATURE-----
--- End Message ---
