Ubuntu
bind9 package

Merge ~ahasenack/ubuntu/+source/bind9:bionic-rtld-deepbind-1769440 into ubuntu/+source/bind9:ubuntu/bionic-devel

  1. Git
  2. lp:~ahasenack/ubuntu/+source/bind9
  3. bionic-rtld-deepbind-1769440
  4. Merge into ubuntu/bionic-devel
Proposed by Andreas Hasenack
Status: Merged
Approved by: Andreas Hasenack
Approved revision: ca2cf950b1884e5e8442415dcedbd2eafb8d65fb
Merged at revision: ca2cf950b1884e5e8442415dcedbd2eafb8d65fb
Proposed branch: ~ahasenack/ubuntu/+source/bind9:bionic-rtld-deepbind-1769440
Merge into: ubuntu/+source/bind9:ubuntu/bionic-devel
Diff against target: 60 lines (+38/-0)
3 files modified
debian/changelog (+8/-0)
debian/patches/series (+1/-0)
debian/patches/skip-rtld-deepbind-for-dyndb.diff (+29/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Canonical Server Core Reviewers Pending
Review via email: mp+356439@code.launchpad.net

Description of the change

Cherry pick from cosmic's bd16d30d40b8487c6f79afe317d79a0dea204a6f, same fix. There is a small offset that I kept.

Bug has the SRU template with testing instructions. It's a bit complicated, since it involves installing freeipa and a VM (not lxd) must be used.

Bileto ticket: https://bileto.ubuntu.com/#/ticket/3467
PPA: ppa:ci-train-ppa-service/3467

There is currently an armhf regression with resource-agents/1:4.1.0~rc1-1ubuntu1. Looking at the testing history, it seems to be a recurring failure. I don't have access to an armhf system to verify what is going on, but it looks like installing ldirectord is failing there for some reason.

Other tests are still running and I will re-evaluate once they are all done.

To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I just noticed that the patch file has some issues:
- two "Description" fields
- diff "noise"
- the author is actually someone from Redhat, not Karl. See https://bugzilla.redhat.com/show_bug.cgi?id=1410433#c4, which points at https://pagure.io/fedora-bind/c/3d5ea105bd877f0069452e450320f8877b01cb52?branch=master

Should I fix these issues here, even though they already exist in the cosmic package? i.e., keep the patch as a cherry-pick, or change it?

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

yeah, I'd ask to fix this up.
- second description should go away, IMHO "not-needed" is the right entry at forwarded for this case
- The origin is actually either
   https://pagure.io/fedora-bind/blob/3d5ea105bd877f0069452e450320f8877b01cb52/f/bind-9.11-rh1410433.patch
  or
  https://salsa.debian.org/dns-team/bind9/blob/afc6b5fe2e359e4e7eadc256cd94481965418b4b/debian/patches/skip-rtld-deepbind-for-dyndb.diff
- and yes Author is only needed if we massively backport-change (and even then you can carry Original-Author) - both not needed here

Furthermore the changelog entry does not refer to the patch being added, that should also be fixed up IMHO

review: Needs Fixing
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks for the review.

Since the overall change is small, I pushed --force my updates. Please take another look.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

looks much better now +1

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks, tagged and uploaded.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 6451196..c044c8d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
1bind9 (1:9.11.3+dfsg-1ubuntu1.3) bionic; urgency=medium
2
3 [ Karl Stenerud ]
4 * d/p/skip-rtld-deepbind-for-dyndb.diff: fix named-pkcs11 crashing on
5 startup. Thanks to Petr Menšík <pemensik@redhat.com> (LP: #1769440)
6
7 -- Andreas Hasenack <andreas@canonical.com> Wed, 10 Oct 2018 14:33:34 -0300
8
1bind9 (1:9.11.3+dfsg-1ubuntu1.2) bionic-security; urgency=medium9bind9 (1:9.11.3+dfsg-1ubuntu1.2) bionic-security; urgency=medium
210
3 * SECURITY UPDATE: denial of service crash when deny-answer-aliases11 * SECURITY UPDATE: denial of service crash when deny-answer-aliases
diff --git a/debian/patches/series b/debian/patches/series
index f33db52..53637f6 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -15,3 +15,4 @@ CVE-2018-5738.patch
15CVE-2018-5740-1.patch15CVE-2018-5740-1.patch
16CVE-2018-5740-2.patch16CVE-2018-5740-2.patch
17CVE-2018-5740-3.patch17CVE-2018-5740-3.patch
18skip-rtld-deepbind-for-dyndb.diff
diff --git a/debian/patches/skip-rtld-deepbind-for-dyndb.diff b/debian/patches/skip-rtld-deepbind-for-dyndb.diff
18new file mode 10064419new file mode 100644
index 0000000..7e87582
--- /dev/null
+++ b/debian/patches/skip-rtld-deepbind-for-dyndb.diff
@@ -0,0 +1,29 @@
1Description: RTLD_DEEPBIND conflicts with pkcs11 libraries, skip it for dyndb
2 The crash manifested itself when deploying FreeIPA, as described in the
3 Ubuntu bug. This is a distro-only patch because of the way bind9 is built, so
4 no forwarding is needed.
5 .
6 Debian applied the same patch to its bind9 package at
7 https://salsa.debian.org/dns-team/bind9/commit/afc6b5fe2e359e4e7eadc256cd94481965418b4b
8Author: Petr Menšík <pemensik@redhat.com>
9Origin: https://pagure.io/fedora-bind/blob/3d5ea105bd877f0069452e450320f8877b01cb52/f/bind-9.11-rh1410433.patch
10Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1410433
11Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769440
12Forwarded: not-needed
13Last-Update: 2018-10-11
14---
15This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
16diff --git a/lib/dns/dyndb.c b/lib/dns/dyndb.c
17index e21a84c7..ac18162c 100644
18--- a/lib/dns/dyndb.c
19+++ b/lib/dns/dyndb.c
20@@ -133,9 +133,6 @@ load_library(isc_mem_t *mctx, const char *filename, const char *instname,
21 instname, filename);
22
23 flags = RTLD_NOW|RTLD_LOCAL;
24-#ifdef RTLD_DEEPBIND
25- flags |= RTLD_DEEPBIND;
26-#endif
27
28 handle = dlopen(filename, flags);
29 if (handle == NULL)

Subscribers

People subscribed via source and target branches