{"update": {"autokarma": false, "autotime": true, "stable_karma": 3, "stable_days": 0, "unstable_karma": -3, "require_bugs": false, "require_testcases": false, "display_name": "", "notes": "Automatic update for glibc-2.38.9000-21.fc40.\n\n##### **Changelog**\n\n```\n* Sat Nov 11 2023 Florian Weimer <fweimer@redhat.com> - 2.38.9000-21\n- Fix missing entries in /etc/ld.so.cache (#2248915)\n* Sat Nov 11 2023 Florian Weimer <fweimer@redhat.com> - 2.38.9000-20\n- Drop glibc-rh2248502-*.patch, workaround applied upstream\n- Auto-sync with upstream branch master,\n  commit d1dcb565a1fb5829f9476a1438c30eccc4027d04:\n- Fix type typo in \u201cString/Array Conventions\u201d doc\n- stdlib: Avoid element self-comparisons in qsort (#2248502)\n- elf: Add glibc.mem.decorate_maps tunable\n- linux: Decorate __libc_fatal error buffer\n- assert: Decorate error message buffer\n- malloc: Decorate malloc maps\n- nptl: Decorate thread stack on pthread_create\n- support: Add support_set_vma_name\n- linux: Add PR_SET_VMA_ANON_NAME support\n\n```\n\n----\n\nAutomatic update for glibc-2.38.9000-20.fc40.\n", "type": "unspecified", "status": "obsolete", "request": null, "severity": "unspecified", "suggest": "unspecified", "locked": false, "pushed": false, "critpath": true, "critpath_groups": "core critical-path-anaconda critical-path-apps critical-path-base critical-path-build critical-path-compose critical-path-deepin-desktop critical-path-gnome critical-path-kde critical-path-lxde critical-path-lxqt critical-path-server critical-path-standard critical-path-xfce", "close_bugs": true, "date_submitted": "2023-11-11 11:22:12", "date_modified": null, "date_approved": null, "date_testing": "2023-11-11 11:29:13", "date_stable": null, "alias": "FEDORA-2023-0ae2d8e840", "test_gating_status": "failed", "from_tag": null, "date_pushed": "2023-11-11 11:29:13", "meets_testing_requirements": false, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-0ae2d8e840", "title": "glibc-2.38.9000-21.fc40", "version_hash": "64c8ca9dd6baa160f753b0c12ccb108972fd01cb", "release": {"name": "F40", "long_name": "Fedora 40", "version": "40", "id_prefix": "FEDORA", "branch": "f40", "dist_tag": "f40", "stable_tag": "f40-updates", "testing_tag": "f40-updates-testing", "candidate_tag": "f40-updates-candidate", "pending_signing_tag": "f40-signing-pending", "pending_testing_tag": "f40-updates-testing-pending", "pending_stable_tag": "f40-updates-pending", "override_tag": "f40-override", "mail_template": "fedora_errata_template", "state": "current", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": "2025-05-13", "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "fweimer", "email": "fweimer@redhat.com", "id": 1825, "avatar": "https://seccdn.libravatar.org/avatar/24e99cbd8f3721a17417169347326bfdeabd903e02f4733f62cf86e708dad8e2?s=24&d=retro", "openid": "fweimer.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "centosproject-email-aliases"}, {"name": "gitsecure-coding"}, {"name": "sig-isa"}, {"name": "gitlab-centos-sig-isa"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update was automatically created", "timestamp": "2023-11-11 11:22:12", "update_id": 563769, "user_id": 91, "id": 3278207, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has obsoleted [glibc-2.38.9000-20.fc40](https://bodhi.fedoraproject.org/updates/FEDORA-2023-58a008d38c), and has inherited its bugs and notes.", "timestamp": "2023-11-11 11:22:13", "update_id": 563769, "user_id": 91, "id": 3278209, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'waiting'.", "timestamp": "2023-11-11 11:29:13", "update_id": 563769, "user_id": 91, "id": 3278211, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'failed'.", "timestamp": "2023-11-11 11:51:18", "update_id": 563769, "user_id": 91, "id": 3278215, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": -1, "karma_critpath": 0, "text": "this is causing ns-slapd to crash in FreeIPA tests. I'm back from vacation and will look into it in more detail and try to get a backtrace.", "timestamp": "2023-11-14 19:06:11", "update_id": 563769, "user_id": 302, "id": 3281460, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}, {"karma": 0, "karma_critpath": 0, "text": "Here's the backtrace I was able to get:\n\n    #0  cos_cache_attr_compare (e1=<optimized out>, e2=0x7f2cfa43df18) at ldap/servers/plugins/cos/cos_cache.c:2924\n            com_Result = <optimized out>\n            pAttr = 0x7f2cfa409200\n            pTemplate = 0x7f2cfa414280\n            pAttr1 = 0x312e\n            pTemplate1 = <optimized out>\n    #1  0x00007f2d1585fca6 in insertion_sort_qsort_partitions (arg=<optimized out>, cmp=0x7f2d13b50db0 <cos_cache_attr_compare>, swap_type=SWAP_WORDS_64, size=8, total_elems=<optimized out>, pbase=<optimized out>) at qsort.c:220\n            base_ptr = <optimized out>\n            thresh = <optimized out>\n            end_ptr = <optimized out>\n            tmp_ptr = 0x7f2cfa43df18 \".1\"\n            max_thresh = 32\n            run_ptr = <optimized out>\n            base_ptr = <optimized out>\n            max_thresh = 32\n            swap_type = SWAP_WORDS_64\n            depth = <optimized out>\n    #2  __GI___qsort_r (pbase=<optimized out>, total_elems=<optimized out>, size=size@entry=8, cmp=cmp@entry=0x7f2d13b50db0 <cos_cache_attr_compare>, arg=arg@entry=0x0) at qsort.c:399\n            base_ptr = <optimized out>\n            max_thresh = 32\n            swap_type = SWAP_WORDS_64\n            depth = <optimized out>\n    #3  0x00007f2d158601ac in __GI_qsort (b=<optimized out>, n=<optimized out>, s=s@entry=8, cmp=cmp@entry=0x7f2d13b50db0 <cos_cache_attr_compare>) at qsort.c:408\n    #4  0x00007f2d13b55b4c in cos_cache_index_all (pCache=<optimized out>) at ldap/servers/plugins/cos/cos_cache.c:2797\n            attrcount = <optimized out>\n            pDef = <optimized out>\n            pAttrVal = <optimized out>\n            tmpindex = <optimized out>\n            cmpindex = 0\n            actualCount = 0\n            ret = -1\n            ret = 0\n            pNewCache = 0x7f2cfa401000\n            cache_built = 0\n            ret = -1\n            max_tries = <optimized out>\n    #5  cos_cache_create_unlock () at ldap/servers/plugins/cos/cos_cache.c:463\n            ret = 0\n            pNewCache = 0x7f2cfa401000\n            cache_built = 0\n            ret = -1\n            max_tries = <optimized out>\n    #6  cos_cache_creation_lock () at ldap/servers/plugins/cos/cos_cache.c:586\n            ret = -1\n            max_tries = <optimized out>\n    #7  0x00007f2d13b56185 in cos_cache_wait_on_change (arg=<optimized out>) at ldap/servers/plugins/cos/cos_cache.c:419\n    #8  0x00007f2d16139739 in _pt_root (arg=0x7f2d102e2680) at ../../../../nspr/pr/src/pthreads/ptthread.c:201\n            rv = <optimized out>\n            thred = 0x7f2d102e2680\n            detached = 1\n            tid = 8246\n    #9  0x00007f2d158abbd1 in start_thread (arg=<optimized out>) at pthread_create.c:447\n            ret = <optimized out>\n            pd = <optimized out>\n            unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139831168464576, 2270171665239543636, 139831168464576, -3040, 0, 140732134582048, 2270171665218572116, 2270544497101803348}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}\n            not_first_call = <optimized out>\n    #10 0x00007f2d1592be9c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78\n    quit\n\nThis happens during FreeIPA server deployment. It seems like ns-slapd gets started up, shut down and started up again several times during server deployment. This happens at the \"[7/10]: upgrading server\" stage of the process.", "timestamp": "2023-11-14 20:46:04", "update_id": 563769, "user_id": 302, "id": 3281525, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}, {"karma": 0, "karma_critpath": 0, "text": "Thanks. The comparison function can never return zero: https://github.com/389ds/389-ds-base/blob/main/ldap/servers/plugins/cos/cos_cache.c#L2933\n\nThis is clearly a `389-ds-base` bug. The old `qsort` implementation in glibc did not tickle it because it rarely called the comparison function with equal pointer arguments. We already worked around similar application problems in other places in the new implementation, we can probably do it in the insertion sort phase as well.", "timestamp": "2023-11-14 21:00:55", "update_id": 563769, "user_id": 1825, "id": 3281540, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "fweimer", "email": "fweimer@redhat.com", "id": 1825, "avatar": "https://seccdn.libravatar.org/avatar/24e99cbd8f3721a17417169347326bfdeabd903e02f4733f62cf86e708dad8e2?s=24&d=retro", "openid": "fweimer.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "centosproject-email-aliases"}, {"name": "gitsecure-coding"}, {"name": "sig-isa"}, {"name": "gitlab-centos-sig-isa"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been obsoleted by [glibc-2.38.9000-22.fc40](https://bodhi.fedoraproject.org/updates/FEDORA-2023-beaa4198ab).", "timestamp": "2023-11-15 07:32:10", "update_id": 563769, "user_id": 91, "id": 3282263, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "The crash occurs in cos_cache:2924 on that line\n<pre>\ncosTemplates *pTemplate1 = (cosTemplates *)pAttr1->pParent;\n</pre>\n\nThe only reason of the crash would be the dereferenced pAttr1.\nIt exists a known heap corruption bug (https://github.com/389ds/389-ds-base/issues/5984) that was not fixed in the Rawhide version of the DS that was tested. This ticket is now fixed.\nIt is highly probable that the crash was due to #5984.\n\nI agree that cos_cache_attr_compare can not return a 0 (equal). It is not a problem for DS to force an arbitrary sorting rather than letting qsort decide. I do not see why not returning 0 would crash in that routine\n", "timestamp": "2023-11-21 15:21:04", "update_id": 563769, "user_id": 2494, "id": 3288646, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "tbordaz", "email": "tbordaz@redhat.com", "id": 2494, "avatar": "https://seccdn.libravatar.org/avatar/856711b8fb54e30a01184c7a7744cc1a2f9aff9a99d0c8362e2bdf1bd3176b94?s=24&d=retro", "openid": "tbordaz.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "git389"}, {"name": "git389test"}]}}, {"karma": 0, "karma_critpath": 0, "text": "Before the workaround, glibc had this loop:\n\n```\n 220       while (cmp (run_ptr, tmp_ptr, arg) < 0)\n 221         tmp_ptr -= size;\n```\n\nhttps://sourceware.org/git/?p=glibc.git;a=blob;f=stdlib/qsort.c;h=ad110e8a892a66e1fc90f850b828e1a2d09e2ac5;hb=HEAD#l220\n\nThe loop is known to terminate if the comparison function is correct because eventually, `run_ptr == tmp_ptr`, and `cmp` must return zero. If that never happens, we eventually run into non-allocated memory regions. The only access to that memory is from the `cmp` function here, not from the `qsort` implementation, so that crash will happen in the comparison callback.", "timestamp": "2023-11-21 15:58:30", "update_id": 563769, "user_id": 1825, "id": 3288690, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "fweimer", "email": "fweimer@redhat.com", "id": 1825, "avatar": "https://seccdn.libravatar.org/avatar/24e99cbd8f3721a17417169347326bfdeabd903e02f4733f62cf86e708dad8e2?s=24&d=retro", "openid": "fweimer.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "centosproject-email-aliases"}, {"name": "gitsecure-coding"}, {"name": "sig-isa"}, {"name": "gitlab-centos-sig-isa"}]}}, {"karma": 0, "karma_critpath": 0, "text": "Okay I agree with your explanations. The loop overrun the buffer and make the cmp function sigsev.\n\nI created https://github.com/389ds/389-ds-base/issues/5992 to track this issue.", "timestamp": "2023-11-22 15:11:04", "update_id": 563769, "user_id": 2494, "id": 3289980, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "tbordaz", "email": "tbordaz@redhat.com", "id": 2494, "avatar": "https://seccdn.libravatar.org/avatar/856711b8fb54e30a01184c7a7744cc1a2f9aff9a99d0c8362e2bdf1bd3176b94?s=24&d=retro", "openid": "tbordaz.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "git389"}, {"name": "git389test"}]}}], "builds": [{"nvr": "glibc-2.38.9000-21.fc40", "signed": true, "release_id": 76, "type": "rpm", "epoch": 0}], "bugs": [], "updateid": "FEDORA-2023-0ae2d8e840", "karma": -1, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}