Bug#743612: pu: package libxml2/2.8.0+dfsg1-7+nmu3

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#743612: pu: package libxml2/2.8.0+dfsg1-7+nmu3
From: Josselin Mouette <joss@debian.org>
Date: Fri, 4 Apr 2014 10:03:20 +0200
Message-id: <[🔎] 20140404080319.GA5012@malsain.org>
Reply-to: Josselin Mouette <joss@debian.org>, 743612@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: debian-xml-sgml-pkgs@lists.alioth.debian.org

Hi,

I think I have found the likely cause for some (most?) of the infamous 
“oops! something has gone wrong” error messages in wheezy.

Please consider accepting this new version of libxml2.

Thanks,
-- 
 .''`.        Josselin Mouette
: :' :
`. `'
  `-

diff -Nru libxml2-2.8.0+dfsg1/debian/changelog libxml2-2.8.0+dfsg1/debian/changelog
--- libxml2-2.8.0+dfsg1/debian/changelog	2013-10-13 07:40:45.000000000 +0200
+++ libxml2-2.8.0+dfsg1/debian/changelog	2014-04-04 09:48:36.000000000 +0200
@@ -1,3 +1,12 @@
+libxml2 (2.8.0+dfsg1-7+nmu3) stable; urgency=low
+
+  * Non-maintainer upload with maintainer’s approval.
+  * 0007-Fix-pthread-memory-corruption.patch: patch stolen from the 
+    upstream repository. Fix memory corruption when re-using the libxml2 
+    from threaded applications. Closes: #742258.
+
+ -- Josselin Mouette <joss@debian.org>  Fri, 04 Apr 2014 09:25:16 +0200
+
 libxml2 (2.8.0+dfsg1-7+nmu2) stable-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru libxml2-2.8.0+dfsg1/debian/patches/0007-Fix-pthread-memory-corruption.patch libxml2-2.8.0+dfsg1/debian/patches/0007-Fix-pthread-memory-corruption.patch
--- libxml2-2.8.0+dfsg1/debian/patches/0007-Fix-pthread-memory-corruption.patch	1970-01-01 01:00:00.000000000 +0100
+++ libxml2-2.8.0+dfsg1/debian/patches/0007-Fix-pthread-memory-corruption.patch	2014-04-04 09:40:02.000000000 +0200
@@ -0,0 +1,32 @@
+From 7a2215dbcd4882e45f618c5f78f8d975b7c47ed3 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Tue, 4 Sep 2012 12:05:17 +0800
+Subject: Fix reuse of xmlInitParser
+
+While xmlCleanupParser() should not be used unless complete control
+is insured over the programe making sure libxml2 is not in use anywhere
+It should still be usable, and allow a sequence of
+    xmlInitParser();
+    xmlCleanupParser();
+calls if needed, the problem is that the thread key wasn't reallocated
+on subsequent xmlinitParser() calls leading to corruption of pthread
+keys used by the program.
+
+* threads.c: make sure xmlCleanupParser() reset the pthread_once()
+             global variable driving thread key allocation.
+
+diff --git a/threads.c b/threads.c
+index 6d25565..f206149 100644
+--- a/threads.c
++++ b/threads.c
+@@ -915,6 +915,7 @@ xmlCleanupThreads(void)
+ #ifdef HAVE_PTHREAD_H
+     if ((libxml_is_threaded)  && (pthread_key_delete != NULL))
+         pthread_key_delete(globalkey);
++    once_control = PTHREAD_ONCE_INIT;
+ #elif defined(HAVE_WIN32_THREADS) && !defined(HAVE_COMPILER_TLS) && (!defined(LIBXML_STATIC) || defined(LIBXML_STATIC_FOR_DLL))
+     if (globalkey != TLS_OUT_OF_INDEXES) {
+         xmlGlobalStateCleanupHelperParams *p;
+-- 
+cgit v0.10.1
+
diff -Nru libxml2-2.8.0+dfsg1/debian/patches/series libxml2-2.8.0+dfsg1/debian/patches/series
--- libxml2-2.8.0+dfsg1/debian/patches/series	2013-10-13 07:40:49.000000000 +0200
+++ libxml2-2.8.0+dfsg1/debian/patches/series	2014-04-04 09:25:11.000000000 +0200
@@ -4,5 +4,6 @@
 0004-Fix-entities-local-buffers-size-problems.patch
 0005-Fix-a-failure-to-report-xmlreader-parsing-failures.patch
 0006-Fix-potential-out-of-bound-access.patch
+0007-Fix-pthread-memory-corruption.patch
 cve-2013-0338-0339.patch
 cve-2013-2877.patch

>From 7a2215dbcd4882e45f618c5f78f8d975b7c47ed3 Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Tue, 4 Sep 2012 12:05:17 +0800
Subject: Fix reuse of xmlInitParser

While xmlCleanupParser() should not be used unless complete control
is insured over the programe making sure libxml2 is not in use anywhere
It should still be usable, and allow a sequence of
    xmlInitParser();
    xmlCleanupParser();
calls if needed, the problem is that the thread key wasn't reallocated
on subsequent xmlinitParser() calls leading to corruption of pthread
keys used by the program.

* threads.c: make sure xmlCleanupParser() reset the pthread_once()
             global variable driving thread key allocation.

diff --git a/threads.c b/threads.c
index 6d25565..f206149 100644
--- a/threads.c
+++ b/threads.c
@@ -915,6 +915,7 @@ xmlCleanupThreads(void)
 #ifdef HAVE_PTHREAD_H
     if ((libxml_is_threaded)  && (pthread_key_delete != NULL))
         pthread_key_delete(globalkey);
+    once_control = PTHREAD_ONCE_INIT;
 #elif defined(HAVE_WIN32_THREADS) && !defined(HAVE_COMPILER_TLS) && (!defined(LIBXML_STATIC) || defined(LIBXML_STATIC_FOR_DLL))
     if (globalkey != TLS_OUT_OF_INDEXES) {
         xmlGlobalStateCleanupHelperParams *p;
-- 
cgit v0.10.1

Reply to:

Follow-Ups:
- Bug#743612: pu: package libxml2/2.8.0+dfsg1-7+nmu3
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Processed: Re: Bug#743612: pu: package libxml2/2.8.0+dfsg1-7+nmu3
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Processed: Re: Bug#743612: pu: package libxml2/2.8.0+dfsg1-7+nmu3
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#743587: transition: gnome-online-accounts
Next by Date: Bug#741587: wheezy-pu: package quassel/0.8.0-1+deb7u1
Previous by thread: Processed: Re: Bug#743587: transition: gnome-online-accounts
Next by thread: Bug#743612: pu: package libxml2/2.8.0+dfsg1-7+nmu3
Index(es):
- Date
- Thread