Bug#894795: kde-full currently uninstallable

[Michael Karcher]

Package: kde-full
Version: 5:100
Severity: serious

Dear Maintainer,

kde-full from meta-kde 5:100 depends on kdepim 4:17.12.xxx, but
meta-kde provides the packages kdepim in Version 4:17.08.xxx.
Two untested fixes (choose one!) have been provided at
  https://salsa.debian.org/qt-kde-team/kde/meta-kde/merge_requests/4
and
  https://salsa.debian.org/qt-kde-team/kde/meta-kde/merge_requests/3

I ran reportbug on a system with kdepim 5:99 installed (as 5:100 is
uninstallable), so the dependency list below does contain a kdepim
version that is in conflict with kde-full 5:100.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.16.0-rc6-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages kde-full depends on:
ii  kde-plasma-desktop   5:100
ii  kde-standard 5:100
ii  kdeadmin 4:17.08.3+5.100
ii  kdeedu   4:17.08.3+5.100
ii  kdegames 4:17.08.3+5.100
ii  kdegraphics  4:17.08.3+5.100
ii  kdemultimedia4:17.08.3+5.100
ii  kdenetwork   4:17.08.3+5.100
ii  kdepim   4:17.08.3+5.100
ii  kdeutils 4:17.08.3+5.100
ii  plasma-workspace-wallpapers  4:5.12.1-1

Versions of packages kde-full recommends:
pn  kdeaccessibility  
pn  kdesdk
pn  kdetoys   
pn  kdewebdev 

Versions of packages kde-full suggests:
pn  calligra  
ii  xorg  1:7.7+19

-- no debconf information

Bug#703281: rygel security issue

[Michael Karcher]

Package: rygel
Version: 0.14.3-2
Followup-For: Bug #703281

This behaviour is caused by the global (system wide) configuration file
/etc/rygel.conf containing "upnp-enabled=true". That file is used as
template for the local (user specific) configuration file, which is written
when you exit rygel-preferences.

On the other hand, to avoid messing with autostart settings of a user that
did not enable UPnP his/herself, rygel-preferences treats the parameter
"upnp-enabled" as false, if it was loaded from the global configuration
file.

This behaviour has been introduced in commit
https://git.gnome.org/browse/rygel/commit/src/ui?id=4ab1d1f905f38b17cf162c6b34b763a40a292b4e

A short-term fix would be to ship with "upnp-enabled=false" in the global
configuration file. Which might even actually be what Debian wants. I did 
not track down whether the global "true" setting already makes the UPnP
interface available while rygel is running.

Regards,
  Michael Karcher

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.7.0+ (SMP w/2 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages rygel depends on:
ii  libc62.16-0experimental1
ii  libgee2  0.6.4-2
ii  libglib2.0-0 2.34.3-1
ii  libgssdp-1.0-3   0.12.1-2
ii  libgstreamer-plugins-base0.10-0  0.10.36-1.1
ii  libgstreamer0.10-0   0.10.36-1.1
ii  libgupnp-1.0-4   0.18.3-1
ii  libgupnp-av-1.0-20.10.2-1
ii  libgupnp-dlna-1.0-2  0.6.6-1
ii  libsoup2.4-1 2.40.1-1
ii  libsqlite3-0 3.7.13-1
ii  libunistring00.9.3-5
ii  libuuid1 2.20.1-5.3
ii  libxml2  2.8.0+dfsg1-7+nmu1

Versions of packages rygel recommends:
ii  gstreamer0.10-ffmpeg0.10.13-5
ii  gstreamer0.10-plugins-base  0.10.36-1.1
ii  gstreamer0.10-plugins-ugly  0.10.19-2+b2

Versions of packages rygel suggests:
pn  rygel-mediathek
pn  rygel-playbin  
ii  rygel-preferences  0.14.3-2
pn  rygel-tracker  
ii  tumbler0.1.25-1+b1

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#704769: FTBFS on s390x sid buildds.

[Michael Karcher]

Package: libarchive
Severity: normal


The test failures are caused by a bug in libarchive on big-endian 64 bit
architectures, as already suspected. There indeed is an upstream fix for
it, it is in commit da058d4b1a240a3381f37f99ef9edd982e34cabc fixing the
data type of some variable passed to an ioctl call.

The failure is not related to ext3 vs. ext4, but most likely indicates
that the buildd does not use tmpfs on /tmp. The bug does not manifest
on tmpfs file systems, and the testsuite is running in a subdir of
/tmp, which can be overriden using TMPDIR. Running it with TMPDIR
set to a ext3-backed directory makes it fail on the porterbox, too.

The upstream diff from the mentioned commit is attached.

Regards,
  Michael Karcher

-- System Information:
Debian Release: 6.0.7
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-0.bpo.1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
commit da058d4b1a240a3381f37f99ef9edd982e34cabc
Author: Andreas Schwab 
Date:   Wed Aug 29 15:41:51 2012 +0200

Fix more uses of EXT2_IOC_[GS]ETFLAGS

diff --git a/libarchive/archive_read_disk_posix.c b/libarchive/archive_read_disk_posix.c
index 698600e..652deb9 100644
--- a/libarchive/archive_read_disk_posix.c
+++ b/libarchive/archive_read_disk_posix.c
@@ -984,7 +984,7 @@ next_entry(struct archive_read_disk *a, struct tree *t,
 #elif defined(EXT2_IOC_GETFLAGS) && defined(EXT2_NODUMP_FL) &&\
   defined(HAVE_WORKING_EXT2_IOC_GETFLAGS)
 		if (S_ISREG(st->st_mode) || S_ISDIR(st->st_mode)) {
-			unsigned long stflags;
+			int stflags;
 
 			t->entry_fd = open_on_current_dir(t,
 			tree_current_access_path(t), O_RDONLY | O_NONBLOCK);
diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c
index d79b0f6..6b8bfde 100644
--- a/libarchive/archive_write_disk_posix.c
+++ b/libarchive/archive_write_disk_posix.c
@@ -2403,8 +2403,8 @@ set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
 {
 	int		 ret;
 	int		 myfd = fd;
-	unsigned long newflags, oldflags;
-	unsigned long sf_mask = 0;
+	int newflags, oldflags;
+	int sf_mask = 0;
 
 	if (set == 0  && clear == 0)
 		return (ARCHIVE_OK);

Bug#624507: #624507 - Started looping and continuously rewriting metadata file - Debian Bug report logs

[Michael Karcher]

Indeed that looping behaviour is not bound to occur only on remote file
systems, but it is caused by the current version of the database file
(like "home") not referring to the redo log (like "home-01234567.log")
that is currently opened by the gvfsd (because it was referred to by the
database at the time gvfsd opened the database).

The usual reason for this mismatch is that the database has been
replaced by a different version referring a different redo log file, but
it could be due to data corruption, too. As long as the data base (and
the redo log) is only used on a single system, the kernel (mostly?)
ensures that once a redo log has been rotated into the data base, the
"this redo log is rotated"-Bit is also seen by all other processes using
the same redo log. This is why the bug usually does not appear in the
single-system setup.
There at least two different possible scenarios, how the mismatch could
arise on a local file system, too:
 a) The local file system is exported, and the log has been rotated by a
remote machine.
 b) The gvfs-metadata database directory has been restored from a backup
while gvfsd-metadata was running.

The temporary fix of disabling the metadata recording on remote file
systems would help in scenario a, but not in scenario b.

Regards,
  Michael Karcher


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#634261: [sparc] iceweasel: Bus Error in setbuf()

[Michael Karcher]

A summary of the current situation:

There are historic programs and libraries relying on the old FILE
structure. These programs and libraries assume that any 4-byte aligned
FILE structure is acceptable, because that was the case with libio 2.0

Most programs and libraries are compiled with libio 2.1. At least on
sparc, this means that FILE objects now need to be aligned on an 8-byte
boundary. The compiler assumes this alignment when generating code using
libio 2.1 (or newer) headers.

The alignment difference is the cause that even though glibc maintainers
took a lot of effort to make the old and the new structure compatible,
there can be unexpected problems on sparc, because it seems like the
alignment issue was not considered at that time.

There is no silver bullet - either we have an 8-byte alignment
requirement, which keeps compatibility with all libio 2.1 code, or we
relax the requirement to 4-byte alignment (by splitting the 64-bit
offset field and implementing the 64-bit-arithmetic by hand), which will
re-enable full compatibility with libio 2.0 code. Especially as libio
2.0 and libio 2.1 libraries can be dynamically mixed, and all code
expects that FILE* pointers of the old and new variant are
interchangable for the narrow-character interface, there is some mess
outside of glibc already that can never be fixed.

A way to minimize the symptoms of this bug is to notice that most, if
not all, FILE structures are allocated inside libc. As long as libc code
controls the address of FILE objects, it can ensure 8-byte alignment,
even for the legacy structures. So my recommendation is:

1. keep not forcing old FILE* to be 8-byte-aligned

Forcing it would make the legacy function (versioned GLIBC_2.0) unable
to cope with (unaligned) objects they currently can cope with


2. do force 8-byte-alignment on the legacy stdin/stdout/stderr

This will make the legacy standard streams compatible with current code


3. do force 8-byte aligment on functions generating FILE structures
(like fopen), even in the legacy interface.

This will make all stream objects allocated in libc functions (which
probably will be all stream objects you encounter) compatible with
current code.


I am completely aware (as pointed out above) that this is not a perfect
fix, but it should be a good enough fix that no observable problems
occur, even if you mix libio 2.0 and libio 2.1 code.

And finally:
4. implement a lintian check that shared objects (programs and
libraries) importing any GLIBC_2.1 or later versioned symbol also
contain an *unversioned* export of _IO_stdin_used on those architectures
where libio 2.0-compatibility is enabled (for example i386, but not
amd64).

In my oppinion, this bug is definitely not release critical, because the
only thing that is broken is a compatiblity layer for programs more than
10 years old. This would count as "a particular option (or menu item)"
of libc6, furthermore not affecting the "core functionality of the
package". So the priority should be normal or minor.

A build process that mangles the export of _IO_stdin_used is (as defined
by the libc ABI, even if not explicitly written down) broken. The bug in
this case was caused by such a kind of broken build process in the
Mozilla applications that already has been fixed. We are still waiting
for a real manifestation of the original bug, which should occur with
libio 2.0 programs only.

Regards,
  Michael Karcher


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#695614: CVE-2012-6303: buffer overflows

[Michael Karcher]

The attached patch fixes the buffer overrun for the fixed-size header
buffer.
--- snack-2.2.10-dfsg1/generic/jkSoundFile.c	2005-12-14 12:29:38.0 +0100
+++ snack-2.2.10-dfsg1+karcher/generic/jkSoundFile.c	2013-01-02 00:29:56.836287036 +0100
@@ -1796,7 +1796,14 @@
 GetHeaderBytes(Sound *s, Tcl_Interp *interp, Tcl_Channel ch, char *buf, 
 	   int len)
 {
-  int rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead);
+  int rlen;
+
+  if (len > max(CHANNEL_HEADER_BUFFER, HEADBUF)){
+Tcl_AppendResult(interp, "Excessive header size", NULL);
+return TCL_ERROR;
+  }
+
+  rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead);
 
   if (rlen < len - s->firstNRead){
 Tcl_AppendResult(interp, "Failed reading header bytes", NULL);

Bug#634261: [sparc] iceweasel: Bus Error in setbuf()

[Michael Karcher]

Am Sonntag, den 23.12.2012, 00:13 +0100 schrieb John Paul Adrian
Glaubitz:
> > I don't completely follow, so I'll just ask: do you mean that this is
> > a case of ABI misuse, with poor error reporting?
One could phrase it this way.

> As far I understand the problem, the Mozilla developers provide a
> version script to the linker to control which symbols get
> exported. This helps speeding up the load process of the binary and
> reduces the memory footprint.
This is correct.

> What the Mozilla developers didn't seem to put into account is that if
> you prevent the symbol _IO_stdin_used from being exported from your
> binary, parts of the ABI of the standard C library will change and it
> will behave like an older version which causes the unaligned access
> which results in a CPU trap.
And this is mostly correct. libc puts lots of effort in providing a
stable ABI. A big change in libc was the introduction of libio 2.1. It
introduced support for wide-character streams and 64 bit offsets. These
changes required an incompatible change to the FILE structure.

Because of this, the FILE APIs exist in two variants in glibc[1], if
backward compatibility is enabled. The new variant is tagged with the
version GLIBC_2.1, while the old one is tagged GLIBC_2.0. For the three
standard streams, there are two differently *named*, not just
differently *versioned* objects, namely _IO_stdin_ for the old version
and _IO_2_1_stdin_ for the new version, while the pointer stdin itself
is not version dependent. This might be to make sure that "stdin" itself
has the same value regardless of the version of libc that is imported.

If a program compiled against the glibc 2.1 (or newer) development
files, it will automatically refer to the new functions (i.e. link to
the GLIBC_2.1 version of _IO_file_setbuf and so on), while programs and
libraries compiled with old glibc 2.0 development files will refer to
the GLIBC_2.0 version of these functions.

The tricky part are the std* pointers:

If a source file is compiled with new development headers and refers to
stdin, stdout or stderr, some magic makes the compiler or linker emit a
definition of the symbol "_IO_stdin_used" in that module. glibc itself
defines it as a *weak* external symbol. The consequence is that if the
symbol is not defined anywhere, it just resolves to address 0, but if it
is defined in one or more modules, it resolves to a valid address in one
of these modules. The resolution of external global variables in ELF
systems is internally performed by a GOT lookup (which is the strange
code for &_IO_stdin_used observed on disassembling) at runtime.

The logic in glibc is that if the new libio functions are used with
stdin, there will be a reference to _IO_stdin_used. But if there are no
references to _IO_stdin_used, the compatibility layer will kick in, and
make the stdin/stdout/stderr pointers by pointers to the compatibility
objects.

As it happens, the compatibility objects do not contain any 64 bit
field, and require a 4-byte-alignent on sparc, while the modern objects
(which are in fact the compatibility objects with some extra fields
appended) have a 64 bit field containing the current file offset. This
makes gcc on sparc require an 8-byte-alignment. gcc compiles functions
that work on the new FILE structure with the internal assumption that
these objects are aligned as they should, so it expects
8-byte-alignment. The old functions on the other hand work fine with the
new structures, stricter aligned, unless the code tries to access the
vtable pointer, which is at different location in the old and new
object, and most likely the cause to have both versions.

It might have been the intention of the libio developers that (unless
vtable accesses happen) the old objects can be processed by the new
functions, and in that case, glibc is buggy, as it relies on undefined
behaviour. Aussuming that intention, it expects that a pointer to the
short file structure can be used as a pointer to the long file
structure, which is not something you are granted by the C standard.

> > Can you describe what iceweasel was doing wrong?  Is this documented
> > so future coders know not to make the same mistake?  Is the version in
> > squeeze affected?  How about the version in wheezy?
> It seems to have been fixed in Firefox 10 which is part of Wheezy:

There seems to be no official documentation on it, but hiding the
_IO_stdin_used symbol (it still is there, but not visible for dynamic
loading) violates internal glibc assumptions and breaks on sparc.

Regards,
  Michael Karcher

[1] This is why Bernhard R. Link observed the two different alignof
values. You choose between the two variants of FILE/_IO_FILE by defining
or not defining _IO_USE_OLD_IO_FILE. In oldstdfile.c, the symbol is
defined, while in genops.c, it is not defined.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org