Bug#856064: libdbd-mysql-perl: reads of floats currupted as 0
On Saturday 25 February 2017 22:45:25 gregor herrmann wrote: > On Sat, 25 Feb 2017 01:18:04 +0100, p...@cpan.org wrote: > > But if you are fixing "regressions" from older versions, consider apply > > also fix for zerofill. > > Since Debian is in deep freeze, I'm just trying to fix reported RC > bugs. If you think the mentioned zerofill bug is worth having it in > stretch, please file a bug with the appropriate severity and backport > the fix to apply against 4.041 after applying the float conversion > patch (or before, then the conversion patch needs changes). I created debian bug 856250, but I do not know which severity or flags should be there. If you decide to include fix for that bug too, I can prepare backported patch...
Bug#856064: libdbd-mysql-perl: reads of floats currupted as 0
Hi, On Sun, Feb 26, 2017 at 09:49:44PM +0100, gregor herrmann wrote: > > So from my point of view, as it is two days until the 1st of March right > > now (at least in my timezone) we need to get a fixed version of > > libdbd-mysql-perl in unstable by tomorrow at the latest. Is this going > > to be possible? > > Sure, I just uploaded 4.041-2 to unstable. Unblocked libdbd-mysql-perl. > Thanks for handling all this stuff! Cheers, Ivo
Bug#856064: libdbd-mysql-perl: reads of floats currupted as 0
On Mon, 27 Feb 2017 07:37:53 +1100, Brian May wrote: > Brian Maywrites: > > amavisd-new has already been removed from testing. I think the chances > > of getting it back in are remote - however I have asked the release team > > - see #856067. > > The release gods^h^h^h^h^h team has spoken. They say they will accept > amavisd-new back in the archive: > > "Not in a point release, but I'll cut you a deal: if the underlying bug in > libdbd-mysql-perl is fixed (but *without* the additional fixes Pali > mentions), and an unblock bug opened before 1st March, I'll unblock > amavisd-new and amavisd-milter for stretch." > > "(no precedents, subject to future developments, blah, blah, etc, etc)." Cool. > So from my point of view, as it is two days until the 1st of March right > now (at least in my timezone) we need to get a fixed version of > libdbd-mysql-perl in unstable by tomorrow at the latest. Is this going > to be possible? Sure, I just uploaded 4.041-2 to unstable. Thanks for handling all this stuff! Cheers, gregor -- .''`. https://info.comodo.priv.at/ - Debian Developer https://www.debian.org : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06 `. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe `- NP: Donovan: Living for the lovelight signature.asc Description: Digital Signature
Bug#856064: libdbd-mysql-perl: reads of floats currupted as 0
Brian Maywrites: > amavisd-new has already been removed from testing. I think the chances > of getting it back in are remote - however I have asked the release team > - see #856067. The release gods^h^h^h^h^h team has spoken. They say they will accept amavisd-new back in the archive: "Not in a point release, but I'll cut you a deal: if the underlying bug in libdbd-mysql-perl is fixed (but *without* the additional fixes Pali mentions), and an unblock bug opened before 1st March, I'll unblock amavisd-new and amavisd-milter for stretch." "(no precedents, subject to future developments, blah, blah, etc, etc)." So from my point of view, as it is two days until the 1st of March right now (at least in my timezone) we need to get a fixed version of libdbd-mysql-perl in unstable by tomorrow at the latest. Is this going to be possible? Thanks. -- Brian May
Bug#856064: libdbd-mysql-perl: reads of floats currupted as 0
gregor herrmannwrites: > Brian, do you have a chance to test this version against amavisd-new? I am not able to test this myself. If however you can make a version available for testing (experimental maybe?) I can ask people to test it. > Since Debian is in deep freeze, I'm just trying to fix reported RC > bugs. If you think the mentioned zerofill bug is worth having it in > stretch, please file a bug with the appropriate severity and backport > the fix to apply against 4.041 after applying the float conversion > patch (or before, then the conversion patch needs changes). Just some extra information I neglected to mention before: amavisd-new has already been removed from testing. I think the chances of getting it back in are remote - however I have asked the release team - see #856067. Even if amavisd-new doesn't get included, if this bug gets fixed it might help distribute amavisd-new some other way (maybe outside Debian). -- Brian May
Bug#856064: libdbd-mysql-perl: reads of floats currupted as 0
On Sat, 25 Feb 2017 01:18:04 +0100, p...@cpan.org wrote: > > > Upstream patch: > > > https://github.com/perl5-dbi/DBD-mysql/pull/102 > > > > This patch doesn't apply against 4.041-1 in Debian (or 4.041 > > upstream), and neither against the master branch in the upstream repo > > (so unless I'm missing something, this pull request won't work > > as-is), > > That patch in github PR 102 applies cleanly on DBD-mysql master branch. > It is based on top of master branch. Patch is not merged yet. I probably hadn't updated one of the git trees, sorry for that. > > Pali, could you perhaps come up with a patch that applies against > > 4.041? > This one is for libdbd-mysql-perl_4.041-1.dsc: Thanks very much! Patch added to our git repo. Brian, do you have a chance to test this version against amavisd-new? > But if you are fixing "regressions" from older versions, consider apply > also fix for zerofill. Since Debian is in deep freeze, I'm just trying to fix reported RC bugs. If you think the mentioned zerofill bug is worth having it in stretch, please file a bug with the appropriate severity and backport the fix to apply against 4.041 after applying the float conversion patch (or before, then the conversion patch needs changes). Cheers, gregor -- .''`. https://info.comodo.priv.at/ - Debian Developer https://www.debian.org : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06 `. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe `- NP: Sinéad O'Connor: All Apologies signature.asc Description: Digital Signature
Bug#856064: libdbd-mysql-perl: reads of floats currupted as 0
Hi! On Saturday 25 February 2017 00:41:31 gregor herrmann wrote: > On Sat, 25 Feb 2017 09:29:23 +1100, Brian May wrote: > > Package: libdbd-mysql-perl > > Version: 4.041-1 > > Severity: grave > > Justification: causes non-serious data loss > > > > When reading floats from mysql, they are always read as 0. > > Thanks for the bug report and all the information! > > > Upstream patch: > > https://github.com/perl5-dbi/DBD-mysql/pull/102 > > This patch doesn't apply against 4.041-1 in Debian (or 4.041 > upstream), and neither against the master branch in the upstream repo > (so unless I'm missing something, this pull request won't work > as-is), That patch in github PR 102 applies cleanly on DBD-mysql master branch. It is based on top of master branch. Patch is not merged yet. Note that nobody was able to create any test which cause this problem yet. The only one affected application (which was reported) is amavis. Seems unbelievable but it is truth. > as Pali's master has been massively rewritten since then. [0] Yes, there are more bug fixes in DBD-mysql. E.g. zerofill support fixed in commit dc4d40b1df2f05b9e23105ab6d7b98c77eb318de which worked for 10 years until 4.040: https://rt.cpan.org/Public/Bug/Display.html?id=118977 (even it was not explicitly supported). Or fixed UTF-8 support which was broken for a long time: https://github.com/perl5-dbi/DBD-mysql/pull/67 > From looking at the comments in the diff I could possibly find the > places in the shipped dbdimp.c to make this build somehow, but I'm > rather reluctant to do this blindly. Replace "(void) SvNV(sv); SvNOK_only(sv);" by "sv_setnv(sv, SvNV(sv));". And similarly also for IV and UV. > Pali, could you perhaps come up with a patch that applies against > 4.041? This one is for libdbd-mysql-perl_4.041-1.dsc: --- dbdimp.c +++ dbdimp.c @@ -4250,8 +4250,7 @@ process: switch (mysql_to_perl_type(fields[i].type)) { case MYSQL_TYPE_DOUBLE: /* Coerce to dobule and set scalar as NV */ - (void) SvNV(sv); - SvNOK_only(sv); + sv_setnv(sv, SvNV(sv)); break; case MYSQL_TYPE_LONG: @@ -4259,13 +4258,11 @@ process: /* Coerce to integer and set scalar as UV resp. IV */ if (fields[i].flags & UNSIGNED_FLAG) { -(void) SvUV(sv); -SvIOK_only_UV(sv); +sv_setuv(sv, SvUV(sv)); } else { -(void) SvIV(sv); -SvIOK_only(sv); +sv_setiv(sv, SvIV(sv)); } break; But if you are fixing "regressions" from older versions, consider apply also fix for zerofill. > > Cheers, > gregor > > [0] especially caea0b774028650c0cbd9d8f9c4a0b47831116df changes the > variable types in the switch/case construct
Bug#856064: libdbd-mysql-perl: reads of floats currupted as 0
On Sat, 25 Feb 2017 09:29:23 +1100, Brian May wrote: > Package: libdbd-mysql-perl > Version: 4.041-1 > Severity: grave > Justification: causes non-serious data loss > > When reading floats from mysql, they are always read as 0. Thanks for the bug report and all the information! > Upstream patch: > https://github.com/perl5-dbi/DBD-mysql/pull/102 This patch doesn't apply against 4.041-1 in Debian (or 4.041 upstream), and neither against the master branch in the upstream repo (so unless I'm missing something, this pull request won't work as-is), as Pali's master has been massively rewritten since then. [0] From looking at the comments in the diff I could possibly find the places in the shipped dbdimp.c to make this build somehow, but I'm rather reluctant to do this blindly. Pali, could you perhaps come up with a patch that applies against 4.041? Cheers, gregor [0] especially caea0b774028650c0cbd9d8f9c4a0b47831116df changes the variable types in the switch/case construct -- .''`. https://info.comodo.priv.at/ - Debian Developer https://www.debian.org : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06 `. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe `- NP: Led Zeppelin: Kashmir signature.asc Description: Digital Signature
Bug#856064: libdbd-mysql-perl: reads of floats currupted as 0
Brian Maywrites: > Possibly only happens in Perl's tainted mode; I have asked for > confirmation. Actually is a fair bit more complicated then that. See: https://github.com/perl5-dbi/DBD-mysql/issues/78#issuecomment-282425847 The fix is simple. Understanding what the bug breaks is a lot more complicated. -- Brian May
Bug#856064: libdbd-mysql-perl: reads of floats currupted as 0
Package: libdbd-mysql-perl Version: 4.041-1 Severity: grave Justification: causes non-serious data loss When reading floats from mysql, they are always read as 0. As values are currupted and as it is the cause of a grave bug in another package, I have set this to grave. Possibly only happens in Perl's tainted mode; I have asked for confirmation. Upstream bug report: https://github.com/perl5-dbi/DBD-mysql/issues/78 Upstream patch: https://github.com/perl5-dbi/DBD-mysql/pull/102 This is the cause of a RC bug against amavisd-new: https://bugs.debian.org/847311 -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (100, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libdbd-mysql-perl depends on: ii libc6 2.24-9 ii libdbi-perl [perl-dbdabi-94] 1.636-1+b1 ii libmariadbclient1810.1.21-5 ii perl 5.24.1-1 ii perl-base [perlapi-5.24.1]5.24.1-1 libdbd-mysql-perl recommends no packages. libdbd-mysql-perl suggests no packages. -- no debconf information