Ubuntu
bind9 package

Merge ~ahasenack/ubuntu/+source/bind9:bionic-rtld-deepbind-1769440 into ubuntu/+source/bind9:ubuntu/bionic-devel

  1. Git
  2. lp:~ahasenack/ubuntu/+source/bind9
  3. bionic-rtld-deepbind-1769440
  4. Merge into ubuntu/bionic-devel
Proposed by Andreas Hasenack
Status: Merged
Approved by: Andreas Hasenack
Approved revision: ca2cf950b1884e5e8442415dcedbd2eafb8d65fb
Merged at revision: ca2cf950b1884e5e8442415dcedbd2eafb8d65fb
Proposed branch: ~ahasenack/ubuntu/+source/bind9:bionic-rtld-deepbind-1769440
Merge into: ubuntu/+source/bind9:ubuntu/bionic-devel
Diff against target: 60 lines (+38/-0)
3 files modified
debian/changelog (+8/-0)
debian/patches/series (+1/-0)
debian/patches/skip-rtld-deepbind-for-dyndb.diff (+29/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Canonical Server Core Reviewers Pending
Review via email: mp+356439@code.launchpad.net

Description of the change

Cherry pick from cosmic's bd16d30d40b8487c6f79afe317d79a0dea204a6f, same fix. There is a small offset that I kept.

Bug has the SRU template with testing instructions. It's a bit complicated, since it involves installing freeipa and a VM (not lxd) must be used.

Bileto ticket: https://bileto.ubuntu.com/#/ticket/3467
PPA: ppa:ci-train-ppa-service/3467

There is currently an armhf regression with resource-agents/1:4.1.0~rc1-1ubuntu1. Looking at the testing history, it seems to be a recurring failure. I don't have access to an armhf system to verify what is going on, but it looks like installing ldirectord is failing there for some reason.

Other tests are still running and I will re-evaluate once they are all done.

To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I just noticed that the patch file has some issues:
- two "Description" fields
- diff "noise"
- the author is actually someone from Redhat, not Karl. See https://bugzilla.redhat.com/show_bug.cgi?id=1410433#c4, which points at https://pagure.io/fedora-bind/c/3d5ea105bd877f0069452e450320f8877b01cb52?branch=master

Should I fix these issues here, even though they already exist in the cosmic package? i.e., keep the patch as a cherry-pick, or change it?

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

yeah, I'd ask to fix this up.
- second description should go away, IMHO "not-needed" is the right entry at forwarded for this case
- The origin is actually either
   https://pagure.io/fedora-bind/blob/3d5ea105bd877f0069452e450320f8877b01cb52/f/bind-9.11-rh1410433.patch
  or
  https://salsa.debian.org/dns-team/bind9/blob/afc6b5fe2e359e4e7eadc256cd94481965418b4b/debian/patches/skip-rtld-deepbind-for-dyndb.diff
- and yes Author is only needed if we massively backport-change (and even then you can carry Original-Author) - both not needed here

Furthermore the changelog entry does not refer to the patch being added, that should also be fixed up IMHO

review: Needs Fixing
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks for the review.

Since the overall change is small, I pushed --force my updates. Please take another look.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

looks much better now +1

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks, tagged and uploaded.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 6451196..c044c8d 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,11 @@
6+bind9 (1:9.11.3+dfsg-1ubuntu1.3) bionic; urgency=medium
7+
8+ [ Karl Stenerud ]
9+ * d/p/skip-rtld-deepbind-for-dyndb.diff: fix named-pkcs11 crashing on
10+ startup. Thanks to Petr Menšík <pemensik@redhat.com> (LP: #1769440)
11+
12+ -- Andreas Hasenack <andreas@canonical.com> Wed, 10 Oct 2018 14:33:34 -0300
13+
14 bind9 (1:9.11.3+dfsg-1ubuntu1.2) bionic-security; urgency=medium
15
16 * SECURITY UPDATE: denial of service crash when deny-answer-aliases
17diff --git a/debian/patches/series b/debian/patches/series
18index f33db52..53637f6 100644
19--- a/debian/patches/series
20+++ b/debian/patches/series
21@@ -15,3 +15,4 @@ CVE-2018-5738.patch
22 CVE-2018-5740-1.patch
23 CVE-2018-5740-2.patch
24 CVE-2018-5740-3.patch
25+skip-rtld-deepbind-for-dyndb.diff
26diff --git a/debian/patches/skip-rtld-deepbind-for-dyndb.diff b/debian/patches/skip-rtld-deepbind-for-dyndb.diff
27new file mode 100644
28index 0000000..7e87582
29--- /dev/null
30+++ b/debian/patches/skip-rtld-deepbind-for-dyndb.diff
31@@ -0,0 +1,29 @@
32+Description: RTLD_DEEPBIND conflicts with pkcs11 libraries, skip it for dyndb
33+ The crash manifested itself when deploying FreeIPA, as described in the
34+ Ubuntu bug. This is a distro-only patch because of the way bind9 is built, so
35+ no forwarding is needed.
36+ .
37+ Debian applied the same patch to its bind9 package at
38+ https://salsa.debian.org/dns-team/bind9/commit/afc6b5fe2e359e4e7eadc256cd94481965418b4b
39+Author: Petr Menšík <pemensik@redhat.com>
40+Origin: https://pagure.io/fedora-bind/blob/3d5ea105bd877f0069452e450320f8877b01cb52/f/bind-9.11-rh1410433.patch
41+Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1410433
42+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769440
43+Forwarded: not-needed
44+Last-Update: 2018-10-11
45+---
46+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
47+diff --git a/lib/dns/dyndb.c b/lib/dns/dyndb.c
48+index e21a84c7..ac18162c 100644
49+--- a/lib/dns/dyndb.c
50++++ b/lib/dns/dyndb.c
51+@@ -133,9 +133,6 @@ load_library(isc_mem_t *mctx, const char *filename, const char *instname,
52+ instname, filename);
53+
54+ flags = RTLD_NOW|RTLD_LOCAL;
55+-#ifdef RTLD_DEEPBIND
56+- flags |= RTLD_DEEPBIND;
57+-#endif
58+
59+ handle = dlopen(filename, flags);
60+ if (handle == NULL)

Subscribers

People subscribed via source and target branches