Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 235529 - gdm-2.20.7 crash with libxml2-2.6.32-r1 (ABI break affecting librsvg and more)
Summary: gdm-2.20.7 crash with libxml2-2.6.32-r1 (ABI break affecting librsvg and more)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] GNOME (show other bugs)
Hardware: x86 Linux
: High normal (vote)
Assignee: Gentoo Linux Gnome Desktop Team
URL: http://bugzilla.gnome.org/show_bug.cg...
Whiteboard:
Keywords:
Depends on:
Blocks: CVE-2008-3281 237413
  Show dependency tree
 
Reported: 2008-08-23 12:33 UTC by chengqiang
Modified: 2008-10-03 20:51 UTC (History)
6 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description chengqiang 2008-08-23 12:33:00 UTC
After upgrade to libxml2-2.6.32-r1 from libxml2-2.6.32 for security fix, gdm crush when start with 
the error message on dialog:
"The greeter application appears to be crashing. Attempting to use a different one."





Reproducible: Always

Steps to Reproduce:
1. upgrade libxml2 to 2.6.32-r1
2. restart gdm
3.  




Portage 2.1.4.4 (default/linux/x86/2008.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.25-gentoo-r7 i686)
=================================================================
System uname: 2.6.25-gentoo-r7 i686 AMD Athlon(tm) 64 X2 Dual Core Processor 3600+
Timestamp of tree: Sat, 23 Aug 2008 03:46:01 +0000
distcc[614] (dcc_mkdir) ERROR: mkdir /var/tmp/portage/.distcc/state failed: No such file or directory [disabled]
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p33
dev-java/java-config: 1.3.7, 2.1.6
dev-lang/python:     2.4.4-r14, 2.5.2-r7
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 2.0.0
sys-apps/openrc:     9999
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r2
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1
sys-devel/binutils:  2.18-r3
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.26
virtual/os-headers:  2.6.23-r3
ACCEPT_KEYWORDS="x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=athlon64 -msse3 -O2 -pipe -fomit-frame-pointer -mno-tls-direct-seg-refs"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/bind"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-march=athlon64 -msse3 -O2 -pipe -fomit-frame-pointer -mno-tls-direct-seg-refs"
DISTDIR="/usr/portage/distfiles"
FEATURES="buildsyspkg ccache distlocks metadata-transfer parallel-fetch sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="http://61.135.158.199 http://distfiles.gentoo.org"
LANG="zh_CN.UTF-8"
LDFLAGS="-Wl,--hash-style=both"
LINGUAS="zh_CN"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/layman/pro-audio /usr/portage/local/layman/gnome /usr/portage/local/layman/emacs"
SYNC="rsync://61.135.158.199/gentoo-portage"
USE="3dnow 3dnowext X acl alsa arts avi berkdb bitmap-fonts bluetooth bzip2 cairo cdr cjk cli cracklib crypt dbus dlloader dri dvd dvdr eds emboss encode esd exif fam ffmpeg firefox flac fortran gdbm gif gnome gnutella gpm gstreamer gtk gtk2 hal hddtemp hvm iconv ipv6 isdnlog jpeg libg++ mad midi mikmod mmx mp3 mpeg mudflap ncurses nls nptl nptlonly ogg opengl openmp pam pcre pdflib perl png pppd python quicktime rar readline real reflection sdl session spell spl sqlite sse sse2 ssl startup-notification svg sysfs tcl tcpd tiff timidity tk truetype truetype-fonts type1-fonts udev unicode vhosts vorbis win32codecs x264 x86 xattr xml xorg xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="zh_CN" USERLAND="GNU" VIDEO_CARDS="nvidia vesa"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Mart Raudsepp gentoo-dev 2008-08-23 12:57:38 UTC
Noticed indepently too now :(
Assessing the situation now, as -r1 is supposed to be fixing a security bug
Comment 2 Priit Laes (IRC: plaes) 2008-08-23 12:59:11 UTC
Upstream is http://bugzilla.gnome.org/show_bug.cgi?id=549087
Comment 3 Mart Raudsepp gentoo-dev 2008-08-23 15:04:08 UTC
I have package.masked libxml-2.6.32-r1 until this is sorted out.
gdm not working is a worse DoS than a chance of the other possible DoS that the patch in libxml2-2.6.32-r1 fixes.
Comment 4 Hans de Graaff gentoo-dev 2008-08-24 09:39:59 UTC
I think that this goes beyond just gdm. When I upgraded to libxml2 yesterday I found that my panel died after a while.

I tried to fix that by logging out and in, but then noticed that gdm had the problem described in this bug. I don't really have time to dive into this at the moment, but reverting to libxml2-2.6.32 fixed things again.
Comment 5 Mart Raudsepp gentoo-dev 2008-08-25 11:18:30 UTC
Yes, other things using librsvg to parse stuff including entities are affected as well. A recompile of librsvg might help too, but for now we just have libxml-2.6.32-r1 p.masked until we commit a version of the patch that doesn't break ABI.
Also on the relevant debian bug there is mentions of strigi (KDE4 stuff) breaking on this too.
Comment 6 Mart Raudsepp gentoo-dev 2008-08-25 11:22:19 UTC
To clarify further, panels and the like die only if you use a gtk+ theme that uses SVGs and entities in a manner that causes this. Probably when using the gtk+ theme engine librsvg provides.
I am aware of all the details, I just need to take time to figure out what patch to take that doesn't break ABI. There are a few patches floating around that abuse an already existing struct field instead of adding a new one (nbEntities)
Comment 7 Mart Raudsepp gentoo-dev 2008-09-25 01:30:33 UTC
Turned out libxml2-2.7.0 restored ABI before release without it being mentioned in the relevant bugs that I monitored or looked at. libxml2-2.7.1 is now in the tree, and the problematic 2.7.32-r1 is removed.
Comment 8 Pun 2008-10-03 06:17:05 UTC
(In reply to comment #7)
> Turned out libxml2-2.7.0 restored ABI before release without it being mentioned
> in the relevant bugs that I monitored or looked at. libxml2-2.7.1 is now in the
> tree, and the problematic 2.7.32-r1 is removed.
> 

I'm afraid it isn't. I still have gdm 2.20.7 and 2.20.8 segfaulting with dmesg saying that gdm segfaults in librsvg. (tried both librsvg 2.20.2 and 2.20.3) Also tried reemerging gdm and librsvg. With libxml2-2.6.32 everything works.
Comment 9 Mart Raudsepp gentoo-dev 2008-10-03 07:18:28 UTC
Works great for me and supposedly all the arch teams when upgrading from a working 2.6.32 to 2.7.1. As we can't reproduce you will need to provide quite a bit more information for us to be able to do anything.
Comment 10 Pun 2008-10-03 20:51:09 UTC
(In reply to comment #9)
> Works great for me and supposedly all the arch teams when upgrading from a
> working 2.6.32 to 2.7.1. As we can't reproduce you will need to provide quite a
> bit more information for us to be able to do anything.
> 

Finally made it work by unprelinking all the packages involved, ummerging gdm, libxml2, librsvg and emerging them again. Sorry for false alert. [but dynamic libraries in Linux are surprising me more and more.]