Hi,
I woke up Saturday morning unable to boot my freshly upgraded 5.6 with grub hanging at "GRUB". After getting the boot loader fixed I experienced crashes in evolution. Downgrading glibc to 2.5-58 seems to fix these issues. Anyone else seeing this?
Leonard.
On Sat, Apr 16, 2011 at 6:14 PM, Leonard den Ottolander leonard@den.ottolander.nl wrote:
Hi,
I woke up Saturday morning unable to boot my freshly upgraded 5.6 with grub hanging at "GRUB". After getting the boot loader fixed I experienced crashes in evolution. Downgrading glibc to 2.5-58 seems to fix these issues. Anyone else seeing this?
Yes, this is a known issue:
https://bugzilla.redhat.com/show_bug.cgi?id=693882
See also:
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=30939&forum=3...
Akemi
Hi Akemi,
On Sat, 2011-04-16 at 18:18 -0700, Akemi Yagi wrote:
See also:
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=30939&forum=3...
Please don't take this the wrong way, but not everybody reads the forums. Perhaps it is possible to give a heads up about such breakage via the CentOS general or announce mailing list before such a broken package is released into the wild? That would actually make it an advantage to swim down stream :-) .
I would like to advice everyone to avoid this update by adding exclude=glibc*2.5-58.el5_6.2 nscd*2.5-58.el5_6.2 to their updates channel config - added it to base just to be sure - until upstream releases a fix.
Regards, Leonard.
2011/4/17 Leonard den Ottolander leonard@den.ottolander.nl:
Hi Akemi,
On Sat, 2011-04-16 at 18:18 -0700, Akemi Yagi wrote:
See also:
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=30939&forum=3...
Please don't take this the wrong way, but not everybody reads the forums. Perhaps it is possible to give a heads up about such breakage via the CentOS general or announce mailing list before such a broken package is released into the wild? That would actually make it an advantage to swim down stream :-) .
I would like to advice everyone to avoid this update by adding exclude=glibc*2.5-58.el5_6.2 nscd*2.5-58.el5_6.2 to their updates channel config - added it to base just to be sure - until upstream releases a fix.
Regards, Leonard.
Does this also affects grub? if so, then this is very critical, it can trash my rhel installations :/
-- Eero
Hello Eero,
On Sun, 2011-04-17 at 18:27 +0300, Eero Volotinen wrote:
Does this also affects grub? if so, then this is very critical, it can trash my rhel installations :/
Well I am not sure, it could be a coincidence, but on my Sempron (i686) system I had to fix a broken grub (hanging at "GRUB") after last Friday's update (it included a kernel upgrade too). Only after I fixed grub I noticed the issues with evolution and gnome panels.
So, again, I'm not sure if these issues are related, but since they happened with/after the same update I thought is was worth noting.
Regards, Leonard.
----- Original Message -----
From: "Eero Volotinen" eero.volotinen@iki.fi To: "CentOS mailing list" centos@centos.org Sent: Sunday, April 17, 2011 8:27:45 AM Subject: Re: [CentOS] glibc-2.5-58.el5_6.2.i686 broken?
2011/4/17 Leonard den Ottolander leonard@den.ottolander.nl:
Hi Akemi,
On Sat, 2011-04-16 at 18:18 -0700, Akemi Yagi wrote:
See also:
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=30939&forum=3...
Please don't take this the wrong way, but not everybody reads the forums. Perhaps it is possible to give a heads up about such breakage via the CentOS general or announce mailing list before such a broken package is released into the wild? That would actually make it an advantage to swim down stream :-) .
I would like to advice everyone to avoid this update by adding exclude=glibc*2.5-58.el5_6.2 nscd*2.5-58.el5_6.2 to their updates channel config - added it to base just to be sure
until upstream releases a fix.
Regards, Leonard.
Does this also affects grub? if so, then this is very critical, it can trash my rhel installations :/
-- Eero
I have updated about a dozen systems and rebooted without issue. I don't think it has anything to do with glibc.
David.
On Sun, Apr 17, 2011 at 7:52 AM, Leonard den Ottolander leonard@den.ottolander.nl wrote:
Hi Akemi,
On Sat, 2011-04-16 at 18:18 -0700, Akemi Yagi wrote:
See also:
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=30939&forum=3...
Please don't take this the wrong way, but not everybody reads the forums. Perhaps it is possible to give a heads up about such breakage via the CentOS general or announce mailing list before such a broken package is released into the wild? That would actually make it an advantage to swim down stream :-) .
Perhaps, I could have sent a similar warning to this mailing list (but not the announcement list which is restricted to core admins). My main focus was Forum users for which I work as a moderator.
I would like to advice everyone to avoid this update by adding exclude=glibc*2.5-58.el5_6.2 nscd*2.5-58.el5_6.2 to their updates channel config - added it to base just to be sure - until upstream releases a fix.
It should be noted that those who are not affected by the bug are advised to update glibc because it has 4 security fixes (some local, some remote prev escalation issues). For those who cannot update, there is a "better than nothing" solution. As detailed in the bugzilla entry, the patch causing the crash has been identified. So, a compromised solution is to build glibc without the bad patch. This way you get at least the other 3 security fixes (better than none). Such a version provided by Scientific Linux (for testing) seems to be working well from what I have seen.
I and others discussed this issue with Karanbir on the centos-devel IRC. We'll see if CentOS decide to offer the customized version of glibc (presumably in the testing repo).
Akemi
Am 17.04.2011 16:52, schrieb Leonard den Ottolander:
Hi Akemi,
On Sat, 2011-04-16 at 18:18 -0700, Akemi Yagi wrote:
See also:
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=30939&forum=3...
Please don't take this the wrong way, but not everybody reads the forums. Perhaps it is possible to give a heads up about such breakage
Please don't take it wrong but Akemi gave you the link because not everyone reads the forums and the issue was discussed there.
I would like to advice everyone to avoid this update by adding exclude=glibc*2.5-58.el5_6.2 nscd*2.5-58.el5_6.2 to their updates channel config - added it to base just to be sure - until upstream releases a fix.
I would like to advice everyone to install the glibc package. The security impact of not doing so is too high. Only one who is affected by Evolution breakage should not do so.
Again please don't take it wrong but I think the tone of this thread is wrong, the security fix is just too important.
Rainer
Hello Rainer,
On Sun, 2011-04-17 at 19:08 +0200, Rainer Traut wrote:
Please don't take it wrong but Akemi gave you the link because not everyone reads the forums and the issue was discussed there.
Which is highly appreciated, but it happened *after* I reported these issues, so it hardly counts as a heads up. That said, I did not mean to state this request as a demand in any kind or form, nor was it directed at just Akemi. It's a general request that if people are aware of breakage in upcoming updates to report it to this list.
I think I set a good example by reporting the breakage in xorg-x11-server-utils.
I would like to advice everyone to install the glibc package. The security impact of not doing so is too high. Only one who is affected by Evolution breakage should not do so.
Again please don't take it wrong but I think the tone of this thread is wrong, the security fix is just too important.
The issue is a bit more severe than just breaking evolution. It also breaks the gnome desktop by crashing gnome panels. Although I have no explanation of the grub breakage that occurred after these updates on my perhaps somewhat old and odd Sempron system I thought it might be related. As I haven't seen anyone else reports such issues it might have just been a fluke.
You are correct that I should have phrased my recommendation a bit less generally, but then I am not stopping anyone from making their own (informed) decisions.
Regards, Leonard.
Leonard den Ottolander wrote on 04/17/2011 01:37 PM:
...It's a general request that if people are aware of breakage in upcoming updates to report it to this list.
Agree. I would advocate posting it to this list and making it part of the Announcement post as well. This issue was discussed on IRC channels (#centos-devel and/or #centos-qa - don't remember with certainty) and Akemi made the forum post, so it was known by those who were paying attention to those specific venues. A wider reporting of an issue of this magnitude is certainly warranted.
I think I set a good example by reporting the breakage in xorg-x11-server-utils.
Also mentioned in the forum thread, and thanks.
...
The issue is a bit more severe than just breaking evolution. It also breaks the gnome desktop by crashing gnome panels.
The use of the SL5 packages is working well for me - also discussed extensively in the forum thread. Linked again here:
https://www.centos.org/modules/newbb/viewtopic.php?topic_id=30939&forum=...
Phil
On Sun, Apr 17, 2011 at 9:52 AM, Leonard den Ottolander leonard@den.ottolander.nl wrote:
Please don't take this the wrong way, but not everybody reads the forums. Perhaps it is possible to give a heads up about such breakage via the CentOS general or announce mailing list before such a broken package is released into the wild? That would actually make it an advantage to swim down stream :-) .
Hi Leonard,
When the issue came up for me, I went to CentOS.org with the intent of posting a question about the bug, but found the announcement right at the top. I didn't think to echo it on the mailing list because I always assumed that those on the mailing list were more informed than those who use the forum. You make a good point. But these upstream bugs are pretty rare -- the most common problems I've found with CentOS are issues with the add-on repositories for non-core applications -- and that's usually a matter of updates in the pipes.
BTW, has anyone been able to figure out a pattern with this particular bug? My two computers with nVidia video chips have the problem, my laptop and my brother's computer (both running on Intel video chips) don't have the problem. I'm curious if all those who have this issue are using nVidia cards.
Thanks.
On 04/17/2011 09:52 AM, Leonard den Ottolander wrote:
Hi Akemi,
On Sat, 2011-04-16 at 18:18 -0700, Akemi Yagi wrote:
See also:
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=30939&forum=3...
Please don't take this the wrong way, but not everybody reads the forums. Perhaps it is possible to give a heads up about such breakage via the CentOS general or announce mailing list before such a broken package is released into the wild? That would actually make it an advantage to swim down stream :-) .
I would like to advice everyone to avoid this update by adding exclude=glibc*2.5-58.el5_6.2 nscd*2.5-58.el5_6.2 to their updates channel config - added it to base just to be sure - until upstream releases a fix.
It is nice to post info about this and any other thing we might know of when we can ... but lets look at something logically for a second.
Where is it (besides their bugzilla) that upstream warns customers of this known issue? I am all for fixing things and posting things and such, but CentOS (with no SLA) is now being held to a higher standard than upstream (with paid customers)?
If someone encounters a problem, we have a bugs database where they should enter that issue. They should also go to the upstream bugzilla and look for the issue there ... and put a link to that in the centos bugs entry as well.
With CentOS, the users are the ones who are needed to answer the bugs entries ... that is the whole point of the Community in CentOS. The forums, the bugs database (and also this list, nothing wrong with this kind of info here too) are all user (community) driven.
This is what we mean by CentOS being a Community distribution. We "build it" and release it ... and everything else is Community based.
I will certainly build and release a "fixed" version of this in the testing repo if that is something that we want to do as a group.
Johnny Hughes wrote:
On 04/17/2011 09:52 AM, Leonard den Ottolander wrote:
<snip>
I would like to advice everyone to avoid this update by adding exclude=glibc*2.5-58.el5_6.2 nscd*2.5-58.el5_6.2 to their updates channel config - added it to base just to be sure - until upstream releases a fix.
<snip> So, glibc's broken? Or is the xserver broken as well? And in either case, is it only the 32-bit version broken?
mark, holding off on updating to 5.6 on all his systems....
On Mon, Apr 18, 2011 at 11:36 AM, m.roth@5-cent.us wrote:
Johnny Hughes wrote:
On 04/17/2011 09:52 AM, Leonard den Ottolander wrote:
<snip> >> I would like to advice everyone to avoid this update by adding >> exclude=glibc*2.5-58.el5_6.2 nscd*2.5-58.el5_6.2 >> to their updates channel config - added it to base just to be sure - >> until upstream releases a fix. <snip> So, glibc's broken? Or is the xserver broken as well? And in either case, is it only the 32-bit version broken?
mark, holding off on updating to 5.6 on all his systems....
There is a known issue with one of the security updates on that version of glibc.
That said, it's still *highly* recommended that you update. There are four CVEs closed by this glibc update, one of which is potentially a remote privilege escalation (and that one is NOT the one that is causing the issue).
If, for some reason, you cannot update then you should seriously consider whether or not those systems can connect to the Internet, or if you should get the glibc from Scientific Linux that has the 3 patches that do not cause an issue in the meantime.
Tom Sorensen
Tom Sorensen wrote:
On Mon, Apr 18, 2011 at 11:36 AM, m.roth@5-cent.us wrote:
Johnny Hughes wrote:
On 04/17/2011 09:52 AM, Leonard den Ottolander wrote:
<snip> >> I would like to advice everyone to avoid this update by adding >> exclude=glibc*2.5-58.el5_6.2 nscd*2.5-58.el5_6.2 >> to their updates channel config - added it to base just to be sure - >> until upstream releases a fix. <snip> So, glibc's broken? Or is the xserver broken as well? And in either case, is it only the 32-bit version broken?
mark, holding off on updating to 5.6 on all his systems....
There is a known issue with one of the security updates on that version of glibc.
That said, it's still *highly* recommended that you update. There are four CVEs closed by this glibc update, one of which is potentially a remote privilege escalation (and that one is NOT the one that is causing the issue).
<snip> Except for a handful, all of my systems are on 5.5. I don't have to update until this is fixed....
mark
<snip> Except for a handful, all of my systems are on 5.5. I don't have to update until this is fixed....
Then you are probably vulnerable to the CVEs.... you do realise that '5.5' stopped getting updates when 5.6 was released?
Apart from a specific costly situation upstream there is only '5' and updates apply to the last point release...
On Mon, Apr 18, 2011 at 4:16 PM, Tom Sorensen tsorensen@gmail.com wrote:
There is a known issue with one of the security updates on that version of glibc.
That said, it's still *highly* recommended that you update. There are four CVEs closed by this glibc update, one of which is potentially a remote privilege escalation (and that one is NOT the one that is causing the issue).
If, for some reason, you cannot update then you should seriously consider whether or not those systems can connect to the Internet, or if you should get the glibc from Scientific Linux that has the 3 patches that do not cause an issue in the meantime.
For clarification, this bug is only known to be affecting Evolution and Gnome-Panel, correct? If so, for most servers, the update should not be a concern. I've updated four desktops -- the two with Intel video chips are not affected at all. The two with nVidia chipsets and proprietary nVidia drivers *are* affected. Since I don't use Evolution, the "work-around" for me is to issue the "pkill gnome-panel" command. Usually doing this once will fix it, but sometimes it requires a couple shots.
I dual-boot into Linux Mint 10 (so I can remotely support my father who uses Linux Mint -- I need to be able to replicate his errors when he has them). It has a very similar issue, except, in its case, both Nautilus and Gnome-Panel do not come up. I have to go to a tty terminal and issue the "pkill nautilus" and "pkill gnome-panel" commands. I didn't have this problem *until* I updated the video driver to nVidia's proprietary one. So, again, it appears it might have something to do with the nVidia's driver.
At any rate, there are work-arounds -- for those who use Evolution, the SL update is probably the best. I'm kind of surprised that Red Hat has not issued a fix yet.
On Mon, Apr 18, 2011 at 07:07:04PM -0500, Ron Blizzard wrote:
On Mon, Apr 18, 2011 at 4:16 PM, Tom Sorensen tsorensen@gmail.com wrote:
There is a known issue with one of the security updates on that version of glibc.
That said, it's still *highly* recommended that you update. There are four CVEs closed by this glibc update, one of which is potentially a remote privilege escalation (and that one is NOT the one that is causing the issue).
If, for some reason, you cannot update then you should seriously consider whether or not those systems can connect to the Internet, or if you should get the glibc from Scientific Linux that has the 3 patches that do not cause an issue in the meantime.
For clarification, this bug is only known to be affecting Evolution and Gnome-Panel, correct? If so, for most servers, the update should not be a concern. I've updated four desktops -- the two with Intel video chips are not affected at all. The two with nVidia chipsets and proprietary nVidia drivers *are* affected. Since I don't use Evolution, the "work-around" for me is to issue the "pkill gnome-panel" command. Usually doing this once will fix it, but sometimes it requires a couple shots.
I dual-boot into Linux Mint 10 (so I can remotely support my father who uses Linux Mint -- I need to be able to replicate his errors when he has them). It has a very similar issue, except, in its case, both Nautilus and Gnome-Panel do not come up. I have to go to a tty terminal and issue the "pkill nautilus" and "pkill gnome-panel" commands. I didn't have this problem *until* I updated the video driver to nVidia's proprietary one. So, again, it appears it might have something to do with the nVidia's driver.
At any rate, there are work-arounds -- for those who use Evolution, the SL update is probably the best. I'm kind of surprised that Red Hat has not issued a fix yet.
What works for me is, after I log in and find the panels are empty, do CTRL-ALT-BACKSPACE then log in again and the panels are working. A fairly low-pain workaround.
On Mon, Apr 18, 2011 at 7:21 PM, fred smith fredex@fcshome.stoneham.ma.us wrote:
What works for me is, after I log in and find the panels are empty, do CTRL-ALT-BACKSPACE then log in again and the panels are working. A fairly low-pain workaround.
It is for me also (with the pkill gnome-panel work-around). The only reason I'm a bit surprised is that this sort of thing is so rare for Red Hat.
On Mon, Apr 18, 2011 at 07:07:04PM -0500, Ron Blizzard wrote:
At any rate, there are work-arounds -- for those who use Evolution, the SL update is probably the best. I'm kind of surprised that Red Hat has not issued a fix yet.
There is an update in QA at Redhat now to address these issues.
John
On 04/18/2011 07:51 PM, John R. Dennison wrote:
On Mon, Apr 18, 2011 at 07:07:04PM -0500, Ron Blizzard wrote:
At any rate, there are work-arounds -- for those who use Evolution, the SL update is probably the best. I'm kind of surprised that Red Hat has not issued a fix yet.
There is an update in QA at Redhat now to address these issues.
Do you know a bug entry with the patch (and/or SRPM) that they are using?
On Mon, Apr 18, 2011 at 10:25:58PM -0500, Johnny Hughes wrote:
Do you know a bug entry with the patch (and/or SRPM) that they are using?
No. I hit someone I know in Raleigh up about it on Saturday and he mentioned it was in QA.
John
On Mon, Apr 18, 2011 at 10:25 PM, Johnny Hughes johnny@centos.org wrote:
On 04/18/2011 07:51 PM, John R. Dennison wrote:
There is an update in QA at Redhat now to address these issues.
Do you know a bug entry with the patch (and/or SRPM) that they are using?
This may not be what you're looking for, but it's the link to bug posted on the forum.
https://bugzilla.redhat.com/show_bug.cgi?id=693882
On 04/19/2011 05:13 AM, Ron Blizzard wrote:
On Mon, Apr 18, 2011 at 10:25 PM, Johnny Hughes johnny@centos.org wrote:
On 04/18/2011 07:51 PM, John R. Dennison wrote:
There is an update in QA at Redhat now to address these issues.Do you know a bug entry with the patch (and/or SRPM) that they are using?
This may not be what you're looking for, but it's the link to bug posted on the forum.
Thanks ... the only thing there is the considerable work done by Troy Dawson on this, figuring out which of the patches to leave out to get Evolution and gnome-panel working again.
I can't see anything from RH though. Maybe in one of the "closed to the public" bugs.
At Mon, 18 Apr 2011 19:07:04 -0500 CentOS mailing list centos@centos.org wrote:
On Mon, Apr 18, 2011 at 4:16 PM, Tom Sorensen tsorensen@gmail.com wrote:
There is a known issue with one of the security updates on that version of glibc.
That said, it's still *highly* recommended that you update. There are four CVEs closed by this glibc update, one of which is potentially a remote privilege escalation (and that one is NOT the one that is causing the issue).
If, for some reason, you cannot update then you should seriously consider whether or not those systems can connect to the Internet, or if you should get the glibc from Scientific Linux that has the 3 patches that do not cause an issue in the meantime.
For clarification, this bug is only known to be affecting Evolution and Gnome-Panel, correct? If so, for most servers, the update should not be a concern. I've updated four desktops -- the two with Intel video chips are not affected at all. The two with nVidia chipsets and proprietary nVidia drivers *are* affected. Since I don't use
Are only the nVidia chipsets + *proprietary* nVidia drivers? And only Evolution and Gnome-Panel? And is it 32-bit AND 64-bit or only 32-bit (or only 64-bit)?
I have a batch of 32-bit diskless workstations, powered by a 32-bit server (all but one uses an Intel video chip, and the last is something else -- not nVidia), one regular workstation (don't think it is nVidia either). A 32-bit laptop with a ATI video chip and a 64-bit desktop with a nVidia video chip, but NOT the proprietary nVidia driver (I have no use for 3D accel and refuse to mess with nVidia's proprietary drivers). All of these machines are still at CentOS 5.5, but I'd like to update them to 5.6. Oh, the laptop and the 64-bit workstation are *my* machines and *I* don't use *any* desktop manager (neither GNome nore KDE) on either machine.
Oh, no one uses Evolution on any of these machines (one person uses Thunderbird).
Evolution, the "work-around" for me is to issue the "pkill gnome-panel" command. Usually doing this once will fix it, but sometimes it requires a couple shots.
I dual-boot into Linux Mint 10 (so I can remotely support my father who uses Linux Mint -- I need to be able to replicate his errors when he has them). It has a very similar issue, except, in its case, both Nautilus and Gnome-Panel do not come up. I have to go to a tty terminal and issue the "pkill nautilus" and "pkill gnome-panel" commands. I didn't have this problem *until* I updated the video driver to nVidia's proprietary one. So, again, it appears it might have something to do with the nVidia's driver.
Hmmm. Proprietary drivers are something I avoid...
At any rate, there are work-arounds -- for those who use Evolution, the SL update is probably the best. I'm kind of surprised that Red Hat has not issued a fix yet.
On Mon, Apr 18, 2011 at 10:48 PM, Robert Heller heller@deepsoft.com wrote:
Are only the nVidia chipsets + *proprietary* nVidia drivers? And only Evolution and Gnome-Panel? And is it 32-bit AND 64-bit or only 32-bit (or only 64-bit)?
I can't say -- this is just my personal experience. The two machines that are affected are 32-bit with nVidia video cards and proprietary drivers. The two that are not affected are using Intel video chips. I think it only affects Gnome-Panel and Evolution -- so it's a pretty selective bug to start with.
I have a batch of 32-bit diskless workstations, powered by a 32-bit server (all but one uses an Intel video chip, and the last is something else -- not nVidia), one regular workstation (don't think it is nVidia either). A 32-bit laptop with a ATI video chip and a 64-bit desktop with a nVidia video chip, but NOT the proprietary nVidia driver (I have no use for 3D accel and refuse to mess with nVidia's proprietary drivers). All of these machines are still at CentOS 5.5, but I'd like to update them to 5.6. Oh, the laptop and the 64-bit workstation are *my* machines and *I* don't use *any* desktop manager (neither GNome nore KDE) on either machine.
Oh, no one uses Evolution on any of these machines (one person uses Thunderbird).
Again, I'm merely asking others whether this bug is selective as far as video chips go pr not (I'm trying to find a pattern).. Don't not come to any conclusions based on my four machines.
On Tue, Apr 19, 2011 at 05:26:17AM -0500, Ron Blizzard wrote:
On Mon, Apr 18, 2011 at 10:48 PM, Robert Heller heller@deepsoft.com wrote:
Are only the nVidia chipsets + *proprietary* nVidia drivers? And only Evolution and Gnome-Panel? And is it 32-bit AND 64-bit or only 32-bit (or only 64-bit)?
I can't say -- this is just my personal experience. The two machines that are affected are 32-bit with nVidia video cards and proprietary drivers. The two that are not affected are using Intel video chips. I think it only affects Gnome-Panel and Evolution -- so it's a pretty selective bug to start with.
The machine I have seen the bug also has an old nVidia card.
Mihai
On 04/18/2011 10:48 PM, Robert Heller wrote:
At Mon, 18 Apr 2011 19:07:04 -0500 CentOS mailing list centos@centos.org wrote:
On Mon, Apr 18, 2011 at 4:16 PM, Tom Sorensen tsorensen@gmail.com wrote:
There is a known issue with one of the security updates on that version of glibc.
That said, it's still *highly* recommended that you update. There are four CVEs closed by this glibc update, one of which is potentially a remote privilege escalation (and that one is NOT the one that is causing the issue).
If, for some reason, you cannot update then you should seriously consider whether or not those systems can connect to the Internet, or if you should get the glibc from Scientific Linux that has the 3 patches that do not cause an issue in the meantime.
For clarification, this bug is only known to be affecting Evolution and Gnome-Panel, correct? If so, for most servers, the update should not be a concern. I've updated four desktops -- the two with Intel video chips are not affected at all. The two with nVidia chipsets and proprietary nVidia drivers *are* affected. Since I don't use
Are only the nVidia chipsets + *proprietary* nVidia drivers? And only Evolution and Gnome-Panel? And is it 32-bit AND 64-bit or only 32-bit (or only 64-bit)?
I have a batch of 32-bit diskless workstations, powered by a 32-bit server (all but one uses an Intel video chip, and the last is something else -- not nVidia), one regular workstation (don't think it is nVidia either). A 32-bit laptop with a ATI video chip and a 64-bit desktop with a nVidia video chip, but NOT the proprietary nVidia driver (I have no use for 3D accel and refuse to mess with nVidia's proprietary drivers). All of these machines are still at CentOS 5.5, but I'd like to update them to 5.6. Oh, the laptop and the 64-bit workstation are *my* machines and *I* don't use *any* desktop manager (neither GNome nore KDE) on either machine.
Oh, no one uses Evolution on any of these machines (one person uses Thunderbird).
I am using this gilbc on my x86_64 laptop with the proprietary NVIDIA drivers (Quadro FX 1800M video on a Dell M4500n laptop). I am not having any gnome-panel issues and I do not use Evolution, so not sure about that.
There are no issues reported where the glibc is affecting non X clients.
Evolution, the "work-around" for me is to issue the "pkill gnome-panel" command. Usually doing this once will fix it, but sometimes it requires a couple shots.
I dual-boot into Linux Mint 10 (so I can remotely support my father who uses Linux Mint -- I need to be able to replicate his errors when he has them). It has a very similar issue, except, in its case, both Nautilus and Gnome-Panel do not come up. I have to go to a tty terminal and issue the "pkill nautilus" and "pkill gnome-panel" commands. I didn't have this problem *until* I updated the video driver to nVidia's proprietary one. So, again, it appears it might have something to do with the nVidia's driver.
Hmmm. Proprietary drivers are something I avoid...
At any rate, there are work-arounds -- for those who use Evolution, the SL update is probably the best. I'm kind of surprised that Red Hat has not issued a fix yet.
I have built the SL version of glibc for i386/i686 and the one for x86_64 is building now. I stick them on http://people.centos.org/hughesjr/ when they are done.
At Tue, 19 Apr 2011 05:49:59 -0500 CentOS mailing list centos@centos.org wrote:
On 04/18/2011 10:48 PM, Robert Heller wrote:
At Mon, 18 Apr 2011 19:07:04 -0500 CentOS mailing list centos@centos.org wrote:
On Mon, Apr 18, 2011 at 4:16 PM, Tom Sorensen tsorensen@gmail.com wrote:
There is a known issue with one of the security updates on that version of glibc.
That said, it's still *highly* recommended that you update. There are four CVEs closed by this glibc update, one of which is potentially a remote privilege escalation (and that one is NOT the one that is causing the issue).
If, for some reason, you cannot update then you should seriously consider whether or not those systems can connect to the Internet, or if you should get the glibc from Scientific Linux that has the 3 patches that do not cause an issue in the meantime.
For clarification, this bug is only known to be affecting Evolution and Gnome-Panel, correct? If so, for most servers, the update should not be a concern. I've updated four desktops -- the two with Intel video chips are not affected at all. The two with nVidia chipsets and proprietary nVidia drivers *are* affected. Since I don't use
Are only the nVidia chipsets + *proprietary* nVidia drivers? And only Evolution and Gnome-Panel? And is it 32-bit AND 64-bit or only 32-bit (or only 64-bit)?
I have a batch of 32-bit diskless workstations, powered by a 32-bit server (all but one uses an Intel video chip, and the last is something else -- not nVidia), one regular workstation (don't think it is nVidia either). A 32-bit laptop with a ATI video chip and a 64-bit desktop with a nVidia video chip, but NOT the proprietary nVidia driver (I have no use for 3D accel and refuse to mess with nVidia's proprietary drivers). All of these machines are still at CentOS 5.5, but I'd like to update them to 5.6. Oh, the laptop and the 64-bit workstation are *my* machines and *I* don't use *any* desktop manager (neither GNome nore KDE) on either machine.
Oh, no one uses Evolution on any of these machines (one person uses Thunderbird).
I am using this gilbc on my x86_64 laptop with the proprietary NVIDIA drivers (Quadro FX 1800M video on a Dell M4500n laptop). I am not having any gnome-panel issues and I do not use Evolution, so not sure about that.
There are no issues reported where the glibc is affecting non X clients.
*I* found a new X client that I *guess* is affected: xrdb (which I suspect almost no one actually uses anymore). I get this error from xrdb:
sh: -c: line 0: unexpected EOF while looking for matching `"' sh: -c: line 1: syntax error: unexpected end of file
I upgraded my (32-bit) laptop to CentOS 5.6 and now my .Xdefaults file is no longer being loaded. Everything else seems to be working just fine. Once I get to a high speed WiFi hot spot, I'll download the temp fix glibc files and install them and see if that fixes things.
Evolution, the "work-around" for me is to issue the "pkill gnome-panel" command. Usually doing this once will fix it, but sometimes it requires a couple shots.
I dual-boot into Linux Mint 10 (so I can remotely support my father who uses Linux Mint -- I need to be able to replicate his errors when he has them). It has a very similar issue, except, in its case, both Nautilus and Gnome-Panel do not come up. I have to go to a tty terminal and issue the "pkill nautilus" and "pkill gnome-panel" commands. I didn't have this problem *until* I updated the video driver to nVidia's proprietary one. So, again, it appears it might have something to do with the nVidia's driver.
Hmmm. Proprietary drivers are something I avoid...
At any rate, there are work-arounds -- for those who use Evolution, the SL update is probably the best. I'm kind of surprised that Red Hat has not issued a fix yet.
I have built the SL version of glibc for i386/i686 and the one for x86_64 is building now. I stick them on http://people.centos.org/hughesjr/ when they are done.
Content-Description: OpenPGP digital signature
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iD8DBQFNrWjXTKkMgmrBY7MRAvc5AKCGz0ykKCetd/6VPc+yXz1aQE5+aACfQT8S 4kMnu8329c9ZzusKRl46zXc= =4HRl -----END PGP SIGNATURE-----
MIME-Version: 1.0
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 4/19/2011 11:38 AM, Robert Heller wrote:
I am using this gilbc on my x86_64 laptop with the proprietary NVIDIA drivers (Quadro FX 1800M video on a Dell M4500n laptop). I am not having any gnome-panel issues and I do not use Evolution, so not sure about that.
There are no issues reported where the glibc is affecting non X clients.
*I* found a new X client that I *guess* is affected: xrdb (which I suspect almost no one actually uses anymore). I get this error from xrdb:
sh: -c: line 0: unexpected EOF while looking for matching `"' sh: -c: line 1: syntax error: unexpected end of file
Different problem. http://rhn.redhat.com/errata/RHBA-2011-0454.html
See the thread with the subject: Heads up: Bugged update xorg-x11-server-utils-7.1-5.el5_6.1 upcoming
And that fix is on the way.
On Tue, Apr 19, 2011 at 12:38:50PM -0400, Robert Heller wrote: <please trim your quotes>
*I* found a new X client that I *guess* is affected: xrdb (which I suspect almost no one actually uses anymore). I get this error from xrdb:
sh: -c: line 0: unexpected EOF while looking for matching `"' sh: -c: line 1: syntax error: unexpected end of file
I upgraded my (32-bit) laptop to CentOS 5.6 and now my .Xdefaults file is no longer being loaded. Everything else seems to be working just fine. Once I get to a high speed WiFi hot spot, I'll download the temp fix glibc files and install them and see if that fixes things.
the fixed xorg-x11-server-utils is already pushed. http://bugs.centos.org/view.php?id=4819
https://bugzilla.redhat.com/show_bug.cgi?id=695603
Tru
On Tuesday, April 19, 2011 02:07:04 AM Ron Blizzard wrote:
On Mon, Apr 18, 2011 at 4:16 PM, Tom Sorensen tsorensen@gmail.com wrote:
There is a known issue with one of the security updates on that version of glibc.
That said, it's still *highly* recommended that you update. There are four CVEs closed by this glibc update, one of which is potentially a remote privilege escalation (and that one is NOT the one that is causing the issue).
If, for some reason, you cannot update then you should seriously consider whether or not those systems can connect to the Internet, or if you should get the glibc from Scientific Linux that has the 3 patches that do not cause an issue in the meantime.
For clarification, this bug is only known to be affecting Evolution and Gnome-Panel, correct?
Those are the only known problems with this glibc version. We've been running ~2000 servers with the update and no problems for ~2 weeks.
/Peter
If so, for most servers, the update should not be a concern.
...
2011/4/19 Peter Kjellström cap@nsc.liu.se:
On Tuesday, April 19, 2011 02:07:04 AM Ron Blizzard wrote:
For clarification, this bug is only known to be affecting Evolution and Gnome-Panel, correct?
Those are the only known problems with this glibc version. We've been running ~2000 servers with the update and no problems for ~2 weeks.
That's what I thought -- non-graphical servers are fine.
Thanks.
Ron Blizzard wrote:
2011/4/19 Peter Kjellström cap@nsc.liu.se:
On Tuesday, April 19, 2011 02:07:04 AM Ron Blizzard wrote:
For clarification, this bug is only known to be affecting Evolution and Gnome-Panel, correct?
Those are the only known problems with this glibc version. We've been running ~2000 servers with the update and no problems for ~2 weeks.
That's what I thought -- non-graphical servers are fine.
What about tunneling through ssh, say, running firefox on a server, rather than on my workstation, but viewing it on my workstation?
mark "if a train stops at a train station, and a bus stops at a bus station, then about workstations..."
On Tuesday, April 19, 2011 05:06:49 PM m.roth@5-cent.us wrote:
Ron Blizzard wrote:
2011/4/19 Peter Kjellström cap@nsc.liu.se:
On Tuesday, April 19, 2011 02:07:04 AM Ron Blizzard wrote:
For clarification, this bug is only known to be affecting Evolution and Gnome-Panel, correct?
Those are the only known problems with this glibc version. We've been running ~2000 servers with the update and no problems for ~2 weeks.
That's what I thought -- non-graphical servers are fine.
What about tunneling through ssh, say, running firefox on a server, rather than on my workstation, but viewing it on my workstation?
There has been no reports indicating any problems with firefox. It would however be interesting to know if running evolution in this fashion would work or not.
/Peter
On 4/18/2011 10:18 AM, Johnny Hughes wrote:
Where is it (besides their bugzilla) that upstream warns customers of this known issue? I am all for fixing things and posting things and such, but CentOS (with no SLA) is now being held to a higher standard than upstream (with paid customers)?
Good question, and I'd be very surprised if there is no answer. Killing evolution and Gnome panel should be a very visible issue and CentOS has the dubious luxury of some time elapsing before updates are duplicated to become aware of any bad effects.
On 18.4.2011 17:40, Les Mikesell wrote:
On 4/18/2011 10:18 AM, Johnny Hughes wrote:
Where is it (besides their bugzilla) that upstream warns customers of this known issue? I am all for fixing things and posting things and such, but CentOS (with no SLA) is now being held to a higher standard than upstream (with paid customers)?
Good question, and I'd be very surprised if there is no answer. Killing evolution and Gnome panel should be a very visible issue and CentOS has the dubious luxury of some time elapsing before updates are duplicated to become aware of any bad effects.
It is a divided community. One reads forum the other one reads mail, which is unfortunate. In a perfect world there would be a forum to mailing list and reverse gateway, maybe.
On 04/18/2011 10:40 AM, Les Mikesell wrote:
On 4/18/2011 10:18 AM, Johnny Hughes wrote:
Where is it (besides their bugzilla) that upstream warns customers of this known issue? I am all for fixing things and posting things and such, but CentOS (with no SLA) is now being held to a higher standard than upstream (with paid customers)?
Good question, and I'd be very surprised if there is no answer. Killing evolution and Gnome panel should be a very visible issue and CentOS has the dubious luxury of some time elapsing before updates are duplicated to become aware of any bad effects.
This is true ... and Les, I'll appoint you as the guy who reads all the redhat bug reports and updates this list when there is an issue.
This is EXACTLY the kind of thing that any CentOS user can do to help the project.
This is the kind of help we need.
Not giving access to the build system for everyone in the world, but things like this. People to scour the RedHat bugzilla and create/update pointers in the CentOS one.
On 4/19/2011 7:12 AM, Johnny Hughes wrote:
Good question, and I'd be very surprised if there is no answer. Killing evolution and Gnome panel should be a very visible issue and CentOS has the dubious luxury of some time elapsing before updates are duplicated to become aware of any bad effects.
This is true ... and Les, I'll appoint you as the guy who reads all the redhat bug reports and updates this list when there is an issue.
I don't think I see the right place to look for early warnings for things with real user impact yet. Is there a place where RHEL users complain in public or ask if others have similar problems before officially reporting bugs? I don't think I can prioritize the 700,000 bugs listed in the tracker and the errata listing doesn't appear until after the fix is released.
On 04/16/2011 08:18 PM, Akemi Yagi wrote:
On Sat, Apr 16, 2011 at 6:14 PM, Leonard den Ottolander leonard@den.ottolander.nl wrote:
Hi,
I woke up Saturday morning unable to boot my freshly upgraded 5.6 with grub hanging at "GRUB". After getting the boot loader fixed I experienced crashes in evolution. Downgrading glibc to 2.5-58 seems to fix these issues. Anyone else seeing this?
Yes, this is a known issue:
https://bugzilla.redhat.com/show_bug.cgi?id=693882
See also:
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=30939&forum=3...
I have created some RPMS that should fix the gnome-panel and evolution issues.
Some warnings about these:
1. They leave CVE-2011-0536 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0536) unpatched.
2. These need to be manually downloaded and installed:
http://people.centos.org/hughesjr/c5.glibc-2.5-58.el5_6.2/
You can see which packages you need with command:
rpm -qa | grep 2.5-58.el5_6.2 | sort
3. These packages are signed with the CentOS Testing repo key:
http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing
=====================
Do not use this unless you have the problem BECAUSE they roll back a patch for a known escalation vulerability (which is why they are not easy to install).
You would install by downloading the RPMs you found that you need via set 2 above and use this command to install:
rpm -Uvh <package1> <package2>
====================
If you have already installed the Scientific Linux packages by Troy Dawson then you do not need to install these packages as the libraries are the same.
Thanks, Johnny Hughes
Many thanks for the rpm's. I had some evolution stored documents that I really needed. I've applied them to two systems.
Is it possible that the gnome panel problem is only on CRT's and not LEDs? Seems like one of my systems fixed itself when I changed monitors.
On Sun, Apr 17, 2011 at 03:14:11AM +0200, Leonard den Ottolander wrote:
I woke up Saturday morning unable to boot my freshly upgraded 5.6 with grub hanging at "GRUB". After getting the boot loader fixed I experienced crashes in evolution. Downgrading glibc to 2.5-58 seems to fix these issues. Anyone else seeing this?
https://bugzilla.redhat.com/show_bug.cgi?id=693882
I've heard from an OOB source that a fix is in QA at Redhat now.
John
Hello John,
On Sat, 2011-04-16 at 20:19 -0500, John R. Dennison wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=693882
I've heard from an OOB source that a fix is in QA at Redhat now.
Is this somehow related to how my grub got broken? Or is that a different issue? Or just a coincidence :) ?
Leonard.
On Sun, Apr 17, 2011 at 03:37:38AM +0200, Leonard den Ottolander wrote:
Is this somehow related to how my grub got broken? Or is that a different issue? Or just a coincidence :) ?
That I don't know, sorry. I've not seen references to that particular problem being related to the glibc issue but to be honest I've not done a lot of looking into it.
John
-
Akemi Yagi -
David C. Miller -
Eero Volotinen -
fred smith -
James Hogarth -
John R. Dennison -
Johnny Hughes -
Leonard den Ottolander -
Les Mikesell -
m.roth@5-cent.us -
Markus Falb -
Mihai T. Lazarescu -
Peter Kjellström -
Phil Schaffner -
Rainer Traut -
Reynolds McClatchey -
Robert Heller -
Ron Blizzard -
Tom Sorensen -
Tru Huynh