[Touch-packages] [Bug 2059078] Re: proposed-migration for faketime 0.9.10-2.1ubuntu1

Mon, 08 Apr 2024 09:45:09 -0700 

This bug was fixed in the package bash - 5.2.21-2ubuntu4

---------------
bash (5.2.21-2ubuntu4) noble; urgency=medium

  * No-change rebuild for CVE-2024-3094

 -- Steve Langasek <steve.langa...@ubuntu.com>  Sun, 31 Mar 2024
08:41:03 +0000

** Changed in: bash (Ubuntu)
       Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-3094

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/2059078

Title:
  proposed-migration for faketime 0.9.10-2.1ubuntu1

Status in bash package in Ubuntu:
  Fix Released
Status in faketime package in Ubuntu:
  New
Status in sssd package in Ubuntu:
  New

Bug description:
  faketime 0.9.10-2.1ubuntu1 is stuck in -proposed with build failures
  on armhf.

  On armhf, the testsuite confusingly fails with a stack smash error.
  But this error happens in bash, which isn't even meant to be the
  process under test.

  Minimal reproducer:
  # LD_PRELOAD=./src/libfaketime.so.1 bash -c 'exit 0'
  *** stack smashing detected ***: terminated
  Aborted (core dumped)
  #

  Confusingly, ltrace shows different results for the newly-built binary
  than from one built without 64-bit time_t.

  # LD_PRELOAD=./src/libfaketime.so.1 ltrace --library '*faketime*' bash -c 
'exit 0'
  bash->getrandom(0x1f3bf08, 1, 0x9683b0, 0)       = 0xc8202
  bash->getrandom(0xc8203, 0xf7fad53c, 1023, 0xf7eef801) = 0xc8202
  *** stack smashing detected ***: terminated
  --- SIGABRT (Aborted) ---
  +++ killed by SIGABRT +++
  # LD_PRELOAD=/usr/lib/arm-linux-gnueabihf/faketime/libfaketime.so.1 ltrace 
--library '*faketime*' bash -c 'exit 0' 
  bash->gettimeofday(0x8b07a0, 0)                  = 0
  bash->getpid()                                   = 819717
  bash->gettimeofday(0xffb88714, 0)                = 0
  bash->getpid()                                   = 819717
  bash->gettimeofday(0xffb8871c, 0)                = 0
  bash->getpid()                                   = 819717
  +++ exited (status 0) +++
  #

  Unsetting -DFAKE_RANDOM in debian/rules does not fix the problem
  however.

  So simply loading the LD_PRELOAD library without executing it seems to
  be enough to break bash.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/2059078/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to