Highlighted
Contributor.
Contributor.
170 views

Two glibc branches in OES2018SP2?

Hi,

last night another batch of updates has been released for OES2018SP2. But even though SMT notified me that there is glibc update, a "zypper patch" doesn't install any glibc updates on an OES2018SP2 machine. The reason seems to be that the installed glibc from OES2018-SP2-Pool has a higher version number than the glibc from OES2018-SP2-SLES12-SP5-Updates:

 

# zypper se -s glibc|grep glibc[^-]
i+ | glibc | package | 2.22-105.16 | x86_64 | OES2018-SP2-Pool
v | glibc | package | 2.22-100.27.3 | x86_64 | OES2018-SP2-SLES12-SP5-Updates
v | glibc | package | 2.22-100.24.3 | x86_64 | OES2018-SP2-SLES12-SP5-Updates
v | glibc | package | 2.22-100.21.5 | x86_64 | OES2018-SP2-SLES12-SP5-Updates
v | glibc | package | 2.22-100.15.4 | x86_64 | OES2018-SP2-SLES12-SP5-Pool
| glibc | srcpackage | 2.22-100.27.3 | noarch | OES2018-SP2-SLES12-SP5-Updates
| glibc | srcpackage | 2.22-100.24.3 | noarch | OES2018-SP2-SLES12-SP5-Updates
| glibc | srcpackage | 2.22-100.21.5 | noarch | OES2018-SP2-SLES12-SP5-Updates

 

Is this intentional? Are there really different glibc branches in OES2018SP2?

 

Franz

Labels (1)
0 Likes
5 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Two glibc branches in OES2018SP2?

@lauterbach

Welcome to the forums.  When you do the search for patches using Zypper, it's going to find all of the places where patches exist.  Everything in the scrpackage branch are source files.  All you need to install are the ones in the package branch.

Pam

0 Likes
Highlighted
Contributor.
Contributor.

Re: Two glibc branches in OES2018SP2?

Hi,

I'm not talking about the source packages, I'm talking about the installed glibc-2.22-105.16 ("105") vs the available glibc-2.22-100.27.3 ("100"). Clearly the "100" branch is newer than the "105" branch, but it won't be installed because for zypper/rpm "105" > "100".

But on an SMT server "100" newer than "105" can be easily confirmed:

# rpm -qp --changelog '/srv/www/htdocs/repo/$RCE/OES2018-SP2-SLES12-SP5-Updates/sle-12-x86_64/x86_64/glibc-devel-2.22-100.27.3.x86_64.rpm' | head -40
* Tue May 12 2020 **PERSONAL INFORMATION REMOVED**
- nptl-setxid-race.patch: nptl: wait for pending setxid request also in
detached thread (bsc#1162930, BZ #25942)

* Wed Apr 08 2020 **PERSONAL INFORMATION REMOVED**
- fork-remove-assertion.patch: fork: Remove bogus parent PID assertions
(bsc#1162721, BZ #21386)

* Wed Mar 25 2020 **PERSONAL INFORMATION REMOVED**
- backtrace-powerpc.patch: Fix array overflow in backtrace on PowerPC
(CVE-2020-1751, bsc#1158996, BZ #25423)
- glob-use-after-free.patch: Fix use-after-free in glob when expanding
~user (CVE-2020-1752, bsc#1167631, BZ #25414)

* Thu Mar 05 2020 **PERSONAL INFORMATION REMOVED**
- ldbl-96-rem-pio2l.patch: Avoid ldbl-96 stack corruption from range
reduction of pseudo-zero (CVE-2020-10029, bsc#1165784, BZ #25487)

* Tue Jan 07 2020 **PERSONAL INFORMATION REMOVED**
- posix-Add-internal-symbols-for-posix_spawn-interface.patch,
glibc-2.26-Assume-that-pipe2-is-always-available.patch,
glibc-2.29-posix-Use-posix_spawn-on-popen.patch: Use posix_spawn on
popen (bsc#1149332, BZ #22834)

* Mon Dec 09 2019 **PERSONAL INFORMATION REMOVED**
- s390-strstr-page-boundary.patch: S390: Fix handling of needles crossing
a page in strstr z15 ifunc-variant (bsc#1157893, BZ #25226)

* Wed Jun 05 2019 **PERSONAL INFORMATION REMOVED**
- ldconfig-concurrency.patch: Avoid concurrency problem in ldconfig
(bsc#1117993, BZ #23973)

* Mon May 13 2019 **PERSONAL INFORMATION REMOVED**
- 0031-S390-Use-mvcle-for-copies-1MB-on-32bit-with-default-.patch,
0032-S390-Use-64bit-instruction-to-check-for-copies-of-1M.patch,
0033-S390-Do-not-call-memcpy-memcmp-memset-within-libc.so.patch,
0034-S390-Implement-mempcpy-with-help-of-memcpy.-BZ-19765.patch,
0035-S390-Do-not-clobber-r13-with-memcpy-on-31bit-with-co.patch,
0036-s390-Refactor-ifunc-resolvers-due-to-false-debuginfo.patch,
0037-S390-Add-configure-check-to-detect-z10-as-mininum-ar.patch,

# rpm -qp --changelog '/srv/www/htdocs/repo/$RCE/OES2018-SP2-Pool/sle-12-x86_64/x86_64/glibc-devel-2.22-105.16.x86_64.rpm' | head -20
* Wed Jun 05 2019 **PERSONAL INFORMATION REMOVED**
- ldconfig-concurrency.patch: Avoid concurrency problem in ldconfig
(bsc#1117993, BZ #23973)

* Mon May 13 2019 **PERSONAL INFORMATION REMOVED**
- 0031-S390-Use-mvcle-for-copies-1MB-on-32bit-with-default-.patch,
0032-S390-Use-64bit-instruction-to-check-for-copies-of-1M.patch,
0033-S390-Do-not-call-memcpy-memcmp-memset-within-libc.so.patch,
0034-S390-Implement-mempcpy-with-help-of-memcpy.-BZ-19765.patch,
0035-S390-Do-not-clobber-r13-with-memcpy-on-31bit-with-co.patch,
0036-s390-Refactor-ifunc-resolvers-due-to-false-debuginfo.patch,
0037-S390-Add-configure-check-to-detect-z10-as-mininum-ar.patch,
0038-S390-Use-hwcap-instead-of-dl_hwcap-in-ifunc-resolver.patch,
0039-S390-Unify-31-64bit-memcpy.patch,
0040-S390-Refactor-memcpy-mempcpy-ifunc-handling.patch,
0041-S390-Remove-s390-specific-implementation-of-bcopy.patch,
0042-S390-Use-memcpy-for-forward-cases-in-memmove.patch,
0043-S390-Add-configure-check-to-detect-z13-as-mininum-ar.patch,
0044-S390-Add-z13-memmove-ifunc-variant.patch,
0045-S390-Add-z13-strstr-ifunc-variant.patch,

 

I just noticed that this also affects some CVE fixes, so "100" is not just newer than "105", "100" is also more secure.

 

Franz

 

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Two glibc branches in OES2018SP2?

@lauterbach

Your best bet is to open an SR.  

Pam

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Two glibc branches in OES2018SP2?

I'd really suggest to open a SR on this as this must get resolved somehow, likely by bumping something on the OES2018-SP2-Pool. The SLES12SP5 channels for OES and native SLES agree. Please post the SR number here (or via PM, if you prefer) so that we can follow up on this.

 

0 Likes
Highlighted
Contributor.
Contributor.

Re: Two glibc branches in OES2018SP2?

Opened as SR 101298823921.
I've investigated a bit and for OES2018SP2 these 3 glibc patches have not been applied:

SUSE-SLE-SERVER-12-SP5-2020-832
SUSE-SLE-SERVER-12-SP5-2020-1169
SUSE-SLE-SERVER-12-SP5-2020-1490
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.