Description of problem: Installed both i386 and x86_64 HVM virtual machines and all was working well till I enabled NIS authentication for users. At that point, ntpdate, wget, curl, and a host of other tools started complaining they could not lookup hostnames. Edited /etc/nsswitch.conf, removed "nis" from the list of things that "hosts" use, and everything started working again. Version-Release number of selected component (if applicable): glibc-2.9-2.i686 How reproducible: Most tools that lookup hosts always fail with nis left in nsswitch, for some reason "ping" works OK. Steps to Reproduce: 1. run system-config-authentication 2. activate NIS, configure domain and server 3. host name lookups stop working in most tools Actual results: host lookup failure Expected results: host lookup works :-). Additional info: https://www.redhat.com/archives/fedora-list/2008-November/msg02154.html is the fedora-list message where I first thought the problem was just with ntpdate.
*** Bug 473240 has been marked as a duplicate of this bug. ***
*** Bug 473081 has been marked as a duplicate of this bug. ***
Tom, do your test cases trigger segmentation faults ? I'm not 100% sure this is the same beast as 473081... E.
I haven't seen any segfaults, the programs just all report they couldn't lookup the name.
Created attachment 324891 [details] suggested patch -- fixes 473081 this fixes the following: - the struct parser_data in gethostbyname4 was putting stuff on the stack - an off-by-one in the late memcpy - as an extra safety net, allow for NIS entries with *many* aliases. I've got one out there with more than 128, which overflows parse_list. It's very unclear, in fact, that your bug is this exactly. E.
Created attachment 324897 [details] nis shared lib with fix (x86_64) Tom, this is a binary for you to check. Do: mv /lib64/libnss_nis-2.9.so /tmp/libnss_nis-2.9.so.orig mv libnss_nis-2.9.so /lib64/libnss_nis-2.9.so (no ldconfig necessary).
Somewhat mixed results: I put back the "nis" entry in nsswitch.conf and swapped in the new library, and wget worked fine. No more lookup failures. Unfortunately, I then moved back the original library, and lookups apparently continued to work fine, but I finally tried one wget and it aborted on me (so now I've seen a segfault as well). I then swapped back in the new library again and the same wget that segfaulted worked correctly. I tried it 3 or 4 more times and it worked every time, so maybe the new lib really does fix the problem. Just for good measure, I put back the original library again, and wget started segfaulting again. So it seems URL specific, but with this one example URL the new library does indeed seem to reliably fix things.
(In reply to comment #7) > Unfortunately, I then moved back the original library, and lookups > apparently continued to work fine, but I finally tried one wget and > it aborted on me (so now I've seen a segfault as well). And if you try with something more vanilla, like the testcase in bug 473081, or the extended version that comes in the next attachment ? Could you also post the entry in hosts.byname which matches the request ? E.
Created attachment 324909 [details] test case
Oh wait a minute -- I got confused by your description of things. You're saying that you haven't witnessed any failure with my patched .so, right ? Sounds pretty good then. E.
*** Bug 473279 has been marked as a duplicate of this bug. ***
Yea, I was confused myself at first and just sort of dumped the confusing stream of events into the comment :-). I have definitely not seen a failure with the new library (I was merely confused by sometimes not seeing failures with the old library).
We experienced segmentation faults with ssh. Only 33 hosts in NIS hosts map. Modifying the nsswitch.conf file to look for DNS before NIS works around the issue.
Similar problem for me: after upgrading from fedora 9 to fedora 10 I have a segfault in getaddrinfo when resolving host names via NIS
*** Bug 472121 has been marked as a duplicate of this bug. ***
Binary patch libnss_nis-2.9.so fixes the NIS name resolution bug for me.
Binary patch libnss_nis-2.9.so works for me also.
NOPE, binary patch provided by Emmanuel Thomé DOES NOT work! It works for the little test program (lookup in hosts nis table), but breaks autofs (it needs to look up auto.* tables via NIS).
(In reply to comment #18) > NOPE, binary patch provided by Emmanuel Thomé DOES NOT work! > It works for the little test program (lookup in hosts nis table), but > breaks autofs (it needs to look up auto.* tables via NIS). Likely to be something else then. What symptoms do you see ? I'm using autofs myself, and no problem occurred so far. The .so I provided was a quick hack ; a complete glibc package rebuild (in case it changes anything) can be obtained from http://www.loria.fr/~thome/vrac/glibc-2.9-2.0001.x86_64.rpm ; note that this is a home-brew rpm, by no means official, etc etc. E.
I added the patch from comment #5 and built glibc-2.9-2.1 rpms for i386 and i686. Seems to be working just fine so far. Thanks Emmanuel!
Let's hope we'll get an approval of the patch from Jakub, and see a package entering QA soon... E.
(In reply to comment #19) > (In reply to comment #18) > > NOPE, binary patch provided by Emmanuel Thomé DOES NOT work! > > It works for the little test program (lookup in hosts nis table), but > > breaks autofs (it needs to look up auto.* tables via NIS). This particular case is likely related to using x86_64 binaries on an x86_32 box (commenter info in PM). E.
Sorry... somehow I missed the note about architecture in the attachment name (linbss_nis*). I actually tried it on an x86_32. I am now rebuilding from the .src.rpm but it is taking a ...long... time. Anyway please disregard comment #18 above!
OK for me. I rebuilt from src.rpm... didn't have the nerve to install the whole glibc and instead substituted the /lib/libnss_nis.so-2.9.so. It seems to work just fine! Thank you Emmanuel!
A patch I checked into the glibc upstream cvs should fix the problem.
*** Bug 474943 has been marked as a duplicate of this bug. ***
Please try http://kojipkgs.fedoraproject.org/packages/glibc/2.9/3/
glibc-2.9-3 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/glibc-2.9-3
The glibc-2.9-3 packages solved my sshd segfault problem, thanks.
*** Bug 475379 has been marked as a duplicate of this bug. ***
glibc-2.9-3 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This push to stable doesn't seem to have succeeded.
segv problem is solved. The problem of hosts with many aliases remains, though. See bug 476505.