CVE-2009-2625 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2625): Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
patch: http://svn.apache.org/viewvc?view=rev&revision=781488
Patch applies and tests work. Committed in xerces-c-3.0.1-r1.
Arches, please test and mark stable: =dev-libs/xerces-c-3.0.1-r1 Target keywords : "alpha amd64 ppc ppc64 sparc x86"
>>> Compiling source in /var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1 ... make -j3 make all-recursive make[1]: Entering directory `/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1' Making all in src make[2]: Entering directory `/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/src' Making all in xercesc/util/MsgLoaders/ICU/resources make[3]: Entering directory `/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/src/xercesc/util/MsgLoaders/ICU/resources' /usr/bin/genrb root.txt /usr/bin/pkgdata --name xercesc_messages_3_0 --mode dll -d . -M '"CC=i686-pc-linux-gnu-gcc" "CXX=i686-pc-linux-gnu-g++" "AR=i686-pc-linux-gnu-ar" "RANLIB=i686-pc-linux-gnu-ranlib" "CPPFLAGS=" "CFLAGS=-O2 -march=i686 -pipe" "CXXFLAGS=-O2 -march=i686 -pipe " "LDFLAGS=-Wl,-O1"' ./res-file-list.txt /usr/bin/pkgdata: error in command line argument "-M" Run '/usr/bin/pkgdata --help' for help. make[3]: *** [xercesc_messages.lo] Error 1 make[3]: Leaving directory `/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/src/xercesc/util/MsgLoaders/ICU/resources' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1' make: *** [all] Error 2 * Portage 2.1.6.13 (default/linux/x86/2008.0/desktop, gcc-4.3.2, glibc-2.9_p20081201-r2, 2.6.30-gentoo-r4 i686) ================================================================= System uname: Linux-2.6.30-gentoo-r4-i686-Intel-R-_Core-TM-2_Duo_CPU_T8100_@_2.10GHz-with-gentoo-1.12.11.1 Timestamp of tree: Fri, 07 Aug 2009 16:00:01 +0000 distcc 3.1 i686-pc-linux-gnu [disabled] app-shells/bash: 3.2_p39 dev-java/java-config: 2.1.8-r1 dev-lang/python: 2.4.6, 2.5.4-r3, 2.6.2-r1 dev-python/pycrypto: 2.0.1-r8 dev-util/cmake: 2.6.4 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.13, 2.63-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /opt/openfire/resources/security/ /opt/openjms/config /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/lib/fax /usr/share/config /var/lib/hsqldb /var/spool/fax/etc /var/spool/torque" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-O2 -march=i686 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch userpriv" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="en_EN.UTF8" LC_ALL="en_US.UTF-8" LDFLAGS="-Wl,-O1" LINGUAS="en" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow 3dnowext X acl acpi alsa apache apache2 bash-completion berkdb bluetooth bootsplash branding bzip2 cairo cdr cdrom cli cracklib crypt css cups curl dbus directfb dri dvd dvdr dvi eds emacs emboss encode escreen esd evo fam fat fbcon fbcondecor ffmpeg firefox foomatic fortran gdbm gif gnome gpm gs gstreamer gtk hal iconv imlib ipv6 isdnlog jadetex java5 jpeg jpeg2k kde kpathsea laptop latex ldap libnotify libotf lm_sensors m17n-lib mad mikmod mmx mono mp3 mpeg mudflap musicbrainz ncurses nls nptl nptl-only nptlonly ntfs objc ogg opengl openmp openssh pam pcre pdf perl pmu png ppds pppd preview-latex python qt3 qt3support qt4 quicktime readline reflection reports sdl session smp spell spl sqlite sse ssl startup-notification svg svga sysfs t1lib tcpd test-framework tetex theora tiff tk toolkit-scroll-bars truetype unicode usb userlocales video vorbis win32codecs wmf x86 xft xml xorg xpm xulrunner xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="synaptics mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" LIRC_DEVICES="atiusb" USERLAND="GNU" VIDEO_CARDS="vesa fbdev intel" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
that's the ICU bug which is also present in 3.0.0 and I still didn't have time to investigate
With all USE flags disabled. Compiling src/ThreadTest/ThreadTest.cpp /bin/sh ../libtool --tag=CXX --mode=link i686-pc-linux-gnu-g++ -O2 -march=i686 -pipe -Wl,-O1 -o ThreadTest src/ThreadTest/ThreadTest.o ../src/libxerces-c.la -lnsl i686-pc-linux-gnu-g++ -O2 -march=i686 -pipe -Wl,-O1 -o .libs/ThreadTest src/ThreadTest/ThreadTest.o ../src/.libs/libxerces-c.so -lnsl src/ThreadTest/ThreadTest.o: In function `ThreadFuncs::startThread(void (*)(void*), void*)': ThreadTest.cpp:(.text+0x1eab): undefined reference to `pthread_create' collect2: ld returned 1 exit status make[2]: *** [ThreadTest] Error 1 make[2]: Leaving directory `/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/tests' make[1]: *** [check-am] Error 2 make[1]: Leaving directory `/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/tests' make: *** [check-recursive] Error 1
diff test-results.log ./scripts/sanityTest_ExpectedResult.log 1169,1259c1169,1183 < 1 during parsing: personal.xml < Exception message is: unable to open primary document entity '/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/samples/data/personal.xml' < < Thread 6: Parse Check sum error on file "personal.xml" for parse # 171. Expected c8c6be7a, got 0 < Total number of parses completed is 2101.000000. < Retry checksum is 0 < 2 during parsing: personal.xml < Exception message is: unable to open primary document entity '/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/samples/data/personal.xmlpersonal.xml' < < Thread 3: Parse Check sum error on file "personal.xml" for parse # 0. Expected 44ba9a06, got 0 < during parsing: personal.xml < OutOfMemoryException. < < Thread 4: Parse Check sum error on file "personal.xml" for parse # 0. Expected 44ba9a06, got 0 < Total number of parses completed is 94.000000. < Total number of parses completed is 92.000000. < 3 during parsing: personal.xml < OutOfMemoryException. < < Thread 5: Parse Check sum error on file "personal.xml" for parse # 0. Expected 7352cd96, got 0 < Total number of parses completed is 517.000000. < Retry checksum is 0 < 4 during parsing: personal.xml < OutOfMemoryException. < < Thread 4: Parse Check sum error on file "personal.xml" for parse # 0. Expected c8c6be7a, got 0 < Total number of parses completed is 190.000000. < Retry checksum is 0 < 5 during parsing: personal.xml < Exception message is: markup declaration expected < < Thread 1: Parse Check sum error on file "personal.xml" for parse # 60. Expected 44ba9a06, got 0 < Total number of parses completed is 1185.000000. < 6 during parsing: personal.xml < OutOfMemoryException. < < Thread 8: Parse Check sum error on file "personal.xml" for parse # 0. Expected 7352cd96, got 0 < Total number of parses completed is 267.000000. < Retry checksum is 0 < 7 during parsing: personal.xml < Exception message is: unable to open primary document entity '/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/samples/data/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/samples/data/personal.xml' < during parsing: personal.xml < OutOfMemoryException. < < Thread 4: Parse Check sum error on file "personal.xml" for parse # 0. Expected c8c6be7a, got 0 < Total number of parses completed is 19.000000. < Retry checksum is 0 < 8 during parsing: personal.xml < OutOfMemoryException. < < Thread 7: Parse Check sum error on file "personal.xml" for parse # 0. Expected 44ba9a06, got 0 < during parsing: personal.xml < OutOfMemoryException. < < Thread 6: Parse Check sum error on file "personal.xml" for parse # 0. Expected 44ba9a06, got 0 < Total number of parses completed is 142.000000. < Total number of parses completed is 141.000000. < 910 during parsing: personal-schema.xml < Exception message is: unable to open primary document entity '/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/samples/data/personal-schema.xml/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/samples/data' < < Thread 5: Parse Check sum error on file "personal-schema.xml" for parse # 0. Expected e82bd33c, got 0 < Total number of parses completed is 69.000000. < Retry checksum is 0 < 11 during parsing: personal-schema.xml < Exception message is: unable to open primary document entity '/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/samples/data/personal-schema.xml䇸张䇸忸䇸憠䇸懘䇸搀䇸攘䇸敐䇸杸䇸梠䇸棘䇸欀䇸欸䇸歨䇸涐䇸溨䇸滠䇸瓀䇸癸䇸皨䇸盠䇸矸䇸砰䇸篘䇸紨䇸絠䇸羠䇸肠䇸舸䇸' < < Thread 2: Parse Check sum error on file "personal-schema.xml" for parse # 0. Expected ff8d8c64, got 0 < Total number of parses completed is 30.000000. < 12 during parsing: personal-schema.xml < OutOfMemoryException. < < Thread 6: Parse Check sum error on file "personal-schema.xml" for parse # 0. Expected 93f69ce0, got 0 < Total number of parses completed is 122.000000. < Retry checksum is 0 < 13 during parsing: personal-schema.xml < OutOfMemoryException. < < Thread 8: Parse Check sum error on file "personal-schema.xml" for parse # 0. Expected e82bd33c, got 0 < Total number of parses completed is 161.000000. < Retry checksum is 0 < 14 during parsing: personal-schema.xml < OutOfMemoryException. < < Thread 4: Parse Check sum error on file "personal-schema.xml" for parse # 0. Expected ff8d8c64, got 0 < Total number of parses completed is 0.000000. < 15 during parsing: personal-schema.xml < OutOfMemoryException. < < Thread 9: Parse Check sum error on file "personal-schema.xml" for parse # 0. Expected 93f69ce0, got 0 < Total number of parses completed is 55.000000. < Retry checksum is 0
Apart from that all reverse dependencies are ok, so if the issues are resolved somehow, anyone can mark stable for x86 if nobody of the official team reacts in a timely manner.
same for ppc64, same pthread failure as noted by Christian.
Stable on alpha.
My earlier message was a SNAFU on my side. Fails during make check on alpha: Compiling src/MemHandlerTest/MemoryMonitor.cpp /bin/sh ../libtool --tag=CXX --mode=link alpha-unknown-linux-gnu-g++ -mieee -pipe -O2 -mcpu=ev67 -Wl,-O1 -o MemHandlerTest src/MemHandlerTest/MemoryMonitor.o ../src/libxerces-c.la -lnsl alpha-unknown-linux-gnu-g++ -mieee -pipe -O2 -mcpu=ev67 -Wl,-O1 -o .libs/MemHandlerTest src/MemHandlerTest/MemoryMonitor.o ../src/.libs/libxerces-c.so -lnsl creating MemHandlerTest Compiling src/NetAccessorTest/NetAccessorTest.cpp /bin/sh ../libtool --tag=CXX --mode=link alpha-unknown-linux-gnu-g++ -mieee -pipe -O2 -mcpu=ev67 -Wl,-O1 -o NetAccessorTest src/NetAccessorTest/NetAccessorTest.o ../src/libxerces-c.la -lnsl alpha-unknown-linux-gnu-g++ -mieee -pipe -O2 -mcpu=ev67 -Wl,-O1 -o .libs/NetAccessorTest src/NetAccessorTest/NetAccessorTest.o ../src/.libs/libxerces-c.so -lnsl creating NetAccessorTest Compiling src/ThreadTest/ThreadTest.cpp /bin/sh ../libtool --tag=CXX --mode=link alpha-unknown-linux-gnu-g++ -mieee -pipe -O2 -mcpu=ev67 -Wl,-O1 -o ThreadTest src/ThreadTest/ThreadTest.o ../src/libxerces-c.la -lnsl alpha-unknown-linux-gnu-g++ -mieee -pipe -O2 -mcpu=ev67 -Wl,-O1 -o .libs/ThreadTest src/ThreadTest/ThreadTest.o ../src/.libs/libxerces-c.so -lnsl src/ThreadTest/ThreadTest.o: In function `ThreadFuncs::startThread(void (*)(void*), void*)': (.text+0x2a88): undefined reference to `pthread_create' src/ThreadTest/ThreadTest.o: In function `ThreadFuncs::startThread(void (*)(void*), void*)': (.text+0x2a90): undefined reference to `pthread_create' collect2: ld returned 1 exit status make[2]: *** [ThreadTest] Error 1 make[2]: Leaving directory `/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/tests' make[1]: *** [check-am] Error 2 make[1]: Leaving directory `/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/tests' make: *** [check-recursive] Error 1 emerge --info: Portage 2.1.6.13 (default/linux/alpha/2008.0, gcc-4.3.4, glibc-2.9_p20081201-r2, 2.6.29.5 alpha) ================================================================= System uname: Linux-2.6.29.5-alpha-EV68AL-with-gentoo-2.0.1 Timestamp of tree: Sun, 09 Aug 2009 10:45:01 +0000 distcc 3.1 alpha-unknown-linux-gnu [enabled] app-shells/bash: 4.0_p28 dev-lang/python: 2.6.2-r1, 3.1 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.4.3-r3 sys-apps/sandbox: 2.0 sys-devel/autoconf: 2.63-r1 sys-devel/automake: 1.10.2, 1.11 sys-devel/binutils: 2.19.1-r1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.30-r1 ACCEPT_KEYWORDS="alpha ~alpha" CBUILD="alpha-unknown-linux-gnu" CFLAGS="-mieee -pipe -O2 -mcpu=ev67" CHOST="alpha-unknown-linux-gnu" CONFIG_PROTECT="/etc /var/qmail/alias /var/qmail/control" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-mieee -pipe -O2 -mcpu=ev67" DISTDIR="/usr/portage/distfiles" FEATURES="distcc distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans usepkg userfetch" GENTOO_MIRRORS="http://gentoo.tiscali.nl/ http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/" LDFLAGS="-Wl,-O1" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync5.de.gentoo.org/gentoo-portage" USE="X acl alpha alsa apache2 audiofile bash-completion berkdb bmp bzip2 calendar cdparanoia cdr cli cracklib crypt dio dri encode ethereal exif ffmpeg fftw firefox flac fortran ftp gdbm gpm iconv imlib2 isdnlog jpeg kdeenablefinal libcaca lua mad matroska mmap mng moznocompose moznoirc moznomail mozsvg mpeg mudflap ncurses network-cron nls nptl nptlonly offensive ogg openmp pam pcre pdflib perl png pnm ppds pppd python rar readline recode reflection session sharedmem sockets sox spl ssl svg sysfs szip tcpd tetex theora truetype unicode usb v4l v4l2 vcd vidix vim vim-pager vlm vorbis xcb xorg xosd xpm xvid zlib" ALSA_CARDS="ali5451 als4000 bt87x ca0106 cmipci emu10k1 ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 maestro3 trident usb-audio via82xx ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="vga glint mga nvidia vesa r128 " Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
ppc64 done
Just for your information, the ICU failure has been fixed by patrick.
ppc stable
Still the same error on alpha.
*** Bug 292551 has been marked as a duplicate of this bug. ***
Tests also fail here on amd64 too, maybe xerces-c maintainer should be CCed at least :-/
(In reply to comment #18) > Tests also fail here on amd64 too, maybe xerces-c maintainer should be CCed at > least :-/ > Sorry, it's already in CC list (I wrongly though arfrever was its maintainer :-S) On the other hand, seems that building tests with -j1 workarounds this problem :-D: # diff -u xerces-c-3.0.1-r1.ebuild.orig xerces-c-3.0.1-r1.ebuild --- xerces-c-3.0.1-r1.ebuild.orig 2009-12-19 13:17:05.000000000 +0100 +++ xerces-c-3.0.1-r1.ebuild 2009-12-19 13:17:52.000000000 +0100 @@ -73,6 +73,10 @@ fi } +src_test() { + emake -j1 check || die "emake check failed" +} + src_install () { emake DESTDIR="${D}" install || die "emake failed" Tobias, does this also solve test issue for you? Cpp team, are you ok with this workaround? xerces-c stabilization is a bit urgent since current stable doesn't build at all (apart security problem)
It now fails with a Glibc segfault...I have a 2.10.1-r1 running because of coming stabilisation.
I think I've found the problem: alpha-unknown-linux-gnu-g++ -mieee -pipe -O2 -mcpu=ev67 -Wl,-O1 -o .libs/ThreadTest src/ThreadTest/ThreadTest.o ../src/.libs/libxerces-c.so -lnsl src/ThreadTest/ThreadTest.o: In function `ThreadFuncs::startThread(void (*)(void*), void*)': (.text+0x2b28): undefined reference to `pthread_create' src/ThreadTest/ThreadTest.o: In function `ThreadFuncs::startThread(void (*)(void*), void*)': (.text+0x2b30): undefined reference to `pthread_create' collect2: ld returned 1 exit status make: *** [ThreadTest] Error 1 monolith tests # alpha-unknown-linux-gnu-g++ -mieee -pipe -O2 -mcpu=ev67 -Wl,-O1 -lpthread -o .libs/ThreadTest src/ThreadTest/ThreadTest.o ../src/.libs/libxerces-c.so -lnsl monolith tests # The test suite misses a -lpthread in a crucial spot. I hand-edited tests/Makefile and added said lib to LIBS= and the the test suite went through with this result: *** glibc detected *** /space/portage/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/tests/.libs/lt-ThreadTest: free(): invalid next size (fast): 0x0000000120075120 *** ======= Backtrace: ========= /lib/libc.so.6.1[0x200007a37ec] Plus assorted OutOfMemory Exceptions (which is kinda weird on a machine with 8G of RAM and 6G of available memory while testing).
In my case I now (with glibc-2.10.1) get this error (with sandbox involved :-/): /bin/sh ../libtool --tag=CXX --mode=link x86_64-pc-linux-gnu-g++ -march=native -O2 -pipe -Wl,-O1 -o XSValueTest src/XSValueTest/XSValueTest.o ../src/libxerces-c.la -lnsl -lpthread -L/usr/lib -licuuc -licudata -L/usr/lib -licuuc -licudata x86_64-pc-linux-gnu-g++ -march=native -O2 -pipe -Wl,-O1 -o .libs/XSValueTest src/XSValueTest/XSValueTest.o ../src/.libs/libxerces-c.so -lnsl -lpthread -L/usr/lib -licuuc -licudata creating XSValueTest make[2]: Leaving directory `/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/tests' make[1]: Leaving directory `/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/tests' Making check in samples make[1]: Entering directory `/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/samples' make[1]: Nothing to be done for `check'. make[1]: Leaving directory `/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/samples' make[1]: Entering directory `/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1' make[1]: Nothing to be done for `check-am'. make[1]: Leaving directory `/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1' rm -f test-results.log export PATH=/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/samples:/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/tests:"/usr/lib/ccache/bin:/usr/lib64/portage/bin/ebuild-helpers:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.3.4" && export XERCESC_NLS_HOME=/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/src/.libs && cd . && perl scripts/sanityTest.pl 2>&1 | /bin/sed 's/ *[0-9][0-9]* *ms */{timing removed}/' 1> /var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/test-results.log diff test-results.log ./scripts/sanityTest_ExpectedResult.log 1169,1178c1169,1178 < 123Test Run Successfully < 456Test Run Successfully < 789Test Run Successfully < 10sandbox memory corruption free(0x000000000d966008): Invalid argument < /usr/lib/libsandbox.so[0x2afe0ac5aa92] < /usr/lib/libsandbox.so[0x2afe0ac5a4f7] < /usr/lib/libsandbox.so[0x2afe0ac5b64b] < /usr/lib/libsandbox.so(fopen+0x111)[0x2afe0ac5e991] < /var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/src/.libs/libxerces-c-3.0.so(_ZN11xercesc_3_012PosixFileMgr8fileOpenEPKtbPNS_13MemoryManagerE+0x43)[0x2afe0b11e773] < /var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1/src/.libs/libxerces-c-3.0.so(_ZN11xercesc_3_018BinFileInputStreamC1EPKtPNS_13MemoryManagerE+0x3b)[0x2afe0afa461b] --- > 1Test Run Successfully > 2Test Run Successfully > 3Test Run Successfully > 4Test Run Successfully > 5Test Run Successfully > 6Test Run Successfully > 7Test Run Successfully > 8Test Run Successfully > 9Test Run Successfully > 10Test Run Successfully make: *** [check] Error 1 * ERROR: dev-libs/xerces-c-3.0.1-r1 failed: * Make check failed. See above for details. * * Call stack: * ebuild.sh, line 54: Called src_test * environment, line 2381: Called _eapi0_src_test * ebuild.sh, line 619: Called die * The specific snippet of code: * hasq test $FEATURES && die "Make check failed. See above for details." * * If you need support, post the output of 'emerge --info =dev-libs/xerces-c-3.0.1-r1', * the complete build log and the output of 'emerge -pqv =dev-libs/xerces-c-3.0.1-r1'. * The complete build log is located at '/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/temp/build.log'. * The ebuild environment file is located at '/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/temp/environment'. * S: '/var/tmp/portage/dev-libs/xerces-c-3.0.1-r1/work/xerces-c-3.0.1'
I got the same failure like christian when "Compiling src/ThreadTest/ThreadTest.cpp" but imho its quite normal with USE=-threads! if i remove that test from the tests/Makefile, then it runs through the whole "make check" here on x86!
(In reply to comment #23) > I got the same failure like christian when "Compiling > src/ThreadTest/ThreadTest.cpp" but imho its quite normal with USE=-threads! > > if i remove that test from the tests/Makefile, then it runs through the whole > "make check" here on x86! Let's assume the test is broken and not the package...someone remove it and get this thing out of the door!
Created attachment 216831 [details, diff] Removes the thread-testresult from the expected testresults I just introduced the USE="test" and sed away the ThreadTest from the tests/Makefile and apply the patch for the expected test-results... This works over here on x86 with USE=-threads. Have fun! ;-) --- /usr/portage/dev-libs/xerces-c/xerces-c-3.0.1-r1.ebuild 2009-12-07 19:36:30.000000000 +0100 +++ xerces-c/xerces-c-3.0.1-r1.ebuild 2010-01-18 20:08:18.000000000 +0100 @@ -12,7 +12,7 @@ LICENSE="Apache-2.0" SLOT="0" KEYWORDS="~alpha ~amd64 hppa ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" -IUSE="curl debug doc iconv icu libwww threads elibc_Darwin elibc_FreeBSD" +IUSE="test curl debug doc iconv icu libwww threads elibc_Darwin elibc_FreeBSD" RDEPEND="icu? ( dev-libs/icu ) curl? ( net-misc/curl ) @@ -37,6 +37,10 @@ epatch "${FILESDIR}/${P}-CVE-2009-2625.patch" epatch "${FILESDIR}/${P}-libicu.patch" + if use test && ! use threads ; then + sed -i 's/ThreadTest$(EXEEXT) XSerializerTest$(EXEEXT)/XSerializerTest$(EXEEXT)/g' tests/Makefile.in || die "sed failed" + epatch "${FILESDIR}/${P}-thread.patch" + fi } src_configure() {
Thanks Andreas. I've added the patch you provided.
*** Bug 303813 has been marked as a duplicate of this bug. ***
*** Bug 303851 has been marked as a duplicate of this bug. ***
x86 stable
OK, so precisely what does it take to get a build marked stable on an arch? I tried opening a new bug (bug #303813) since they didn't want to address this in bug #269659. The current "stable" xerces-c is broken on amd64, requiring the addition of ~amd64 in package.keywords and the atom ">=dev-libs/xerces-c-3.0.2*" to package.mask to get it to build correctly and not choose a less tested/stable version. Considering that the currently marked "stable" version (3.0.0-r1, see bug #269659) is broken, the breaking of the API between 2.x and 3.0 preventing you from going back further, in addition to this vulnerability, can't we get it marked stable on amd64 any faster?
(In reply to comment #30) > OK, so precisely what does it take to get a build marked stable on an arch? I > tried opening a new bug (bug #303813) since they didn't want to address this in > bug #269659. The current "stable" xerces-c is broken on amd64, requiring the > addition of ~amd64 in package.keywords and the atom > ">=dev-libs/xerces-c-3.0.2*" to package.mask to get it to build correctly and > not choose a less tested/stable version. Considering that the currently marked > "stable" version (3.0.0-r1, see bug #269659) is broken, the breaking of the API > between 2.x and 3.0 preventing you from going back further, in addition to this > vulnerability, can't we get it marked stable on amd64 any faster? > This bug here is the stabilization request to fix the security bug (note the STABLEREQ in Keywords) which also brings the fix for bug #269659 to the stable tree. Now you just have to wait that someone from the amd64-team has time to test the package. If you are not happy with waiting you can either start to help by becoming an arch-tester or use an other distro as you already mentioned in bug #303813 instead of just moaning and pissing off people.
Created attachment 218983 [details] build.log In my case, tests are still failing :-( USE: amd64 elibc_glibc iconv icu kernel_linux multilib test threads userland_GNU I have threads enabled
hmm, looks like a parallel build issue.
Created attachment 218997 [details] build.log It also fails even running tests with "emake -j1" :-(
dev-libs/xerces-c-3.0.1-r1 compiles just fine on my amd64 machine with gcc 4.3.4 (and 4.4.3), glibc-2.10.1-r1 and the following USE flags: USE="iconv icu (multilib) test threads -curl -debug -doc -libwww" KERNEL="linux" USERLAND="GNU"
alpha/sparc stable
Should we ignore bug 319867 and go ahead with this?
amd64 stable Even with tests failing because: 1. Current stable xerces-c is broken with current stable icu 2. It seems to work ok since I am using it on all my boxes since a lot of time 3. This is a security bug 4. All the other arches stabilized it even with tests failing
GLSA Vote: Yes.
Vote: NO. DoS only.
Age + DoS -> GLSA Vote: No.
(In reply to comment #41) > Age + DoS -> GLSA Vote: No. > Thanks, guys. Two no votes = closing noglsa.
