* [SECURITY] libidn
@ 2016-09-26 15:18 Yaakov Selkowitz
2016-09-30 6:44 ` Dr. Volker Zell
0 siblings, 1 reply; 21+ messages in thread
From: Yaakov Selkowitz @ 2016-09-26 15:18 UTC (permalink / raw)
To: cygwin-apps
Dr. Volker,
Several security vulnerabilities have been announced for libidn, which
are fixed in 1.33:
https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
--
Yaakov
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [SECURITY] libidn
2016-09-26 15:18 [SECURITY] libidn Yaakov Selkowitz
@ 2016-09-30 6:44 ` Dr. Volker Zell
2016-12-29 20:49 ` Yaakov Selkowitz
0 siblings, 1 reply; 21+ messages in thread
From: Dr. Volker Zell @ 2016-09-30 6:44 UTC (permalink / raw)
To: cygwin-apps
>>>>> Yaakov Selkowitz writes:
> Dr. Volker,
> Several security vulnerabilities have been announced for libidn, which are fixed
> in 1.33:
> https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
Noted (and also your other mails), will work on it as soon as real work permits.
Ciao
Volker
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [SECURITY] libidn
2016-09-30 6:44 ` Dr. Volker Zell
@ 2016-12-29 20:49 ` Yaakov Selkowitz
2017-01-03 10:54 ` [SECURITY] libidn - locale specific error in test suite Dr. Volker Zell
0 siblings, 1 reply; 21+ messages in thread
From: Yaakov Selkowitz @ 2016-12-29 20:49 UTC (permalink / raw)
To: cygwin-apps
On 2016-09-30 01:43, Dr. Volker Zell wrote:
>>>>>> Yaakov Selkowitz writes:
>
> > Dr. Volker,
> > Several security vulnerabilities have been announced for libidn, which are fixed
> > in 1.33:
>
> > https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
>
> Noted (and also your other mails), will work on it as soon as real work permits.
Ping?
--
Yaakov
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [SECURITY] libidn - locale specific error in test suite
2016-12-29 20:49 ` Yaakov Selkowitz
@ 2017-01-03 10:54 ` Dr. Volker Zell
2017-01-09 14:26 ` Corinna Vinschen
2017-01-19 20:43 ` Yaakov Selkowitz
0 siblings, 2 replies; 21+ messages in thread
From: Dr. Volker Zell @ 2017-01-03 10:54 UTC (permalink / raw)
To: cygwin-apps
On 29.12.2016 21:49, Yaakov Selkowitz wrote:
> On 2016-09-30 01:43, Dr. Volker Zell wrote:
>>>>>>> Yaakov Selkowitz writes:
>>
>> > Dr. Volker,
>> > Several security vulnerabilities have been announced for
>> libidn, which are fixed
>> > in 1.33:
>>
>> >
>> https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
>>
>> Noted (and also your other mails), will work on it as soon as real
>> work permits.
>
> Ping?
>
Hi
Just tried packaging libidn-1.33 and found a locale specific error in
the test suite (Which was working fine with my latest build). When
running under strace I get:
....
--- Process 8320 thread 6244 created
--- Process 8320 loaded E:\bin\cygwin1.dll at 0000000180040000
1 1 [main] test-localename (8320)
**********************************************
37 38 [main] test-localename (8320) Program name:
D:\misc\src\cygwin\libidn-1.33-1.x86_64\build\lib\gltests\.libs\test-localename.exe
(windows pid 8320)
20 58 [main] test-localename (8320) OS version: Windows NT-10.0
15 73 [main] test-localename (8320)
**********************************************
66 139 [main] test-localename (8320) sigprocmask: 0 =
sigprocmask (0, 0x0, 0x1802E4BB0)
117 256 [main] test-localename 8320 child_copy: cygheap - hp
0x154 low 0x180304408, high 0x18030FAB0, res 1
19 275 [main] test-localename 8320 child_copy: done
53 328 [main] test-localename 8320 open_shared: name shared.5, n
5, shared 0x180030000 (wanted 0x180030000), h 0xB8, *m 6
25 353 [main] test-localename 8320 user_heap_info::init: heap
base 0x600000000, heap top 0x600000000, heap size 0x20000000 (536870912)
20 373 [main] test-localename 8320 open_shared: name (null), n
1, shared 0x180020000 (wanted 0x180020000), h 0xBC, *m 6
17 390 [main] test-localename 8320 user_info::create: opening
user shared for '' at 0x180020000
16 406 [main] test-localename 8320 user_info::create: user
shared version AB1FCCE8
32 438 [main] test-localename (8320) open_shared: name (null), n
11148, shared 0x180010000 (wanted 0x180010000), h 0x150, *m 6
30 468 [main] test-localename 11148 pinfo::thisproc: myself
dwProcessId 8320
62 530 [main] test-localename 11148 time: 1483438254 = time(0x0)
103 633 [main] test-localename 11148 open_shared: name
cygpid.8320, n 8320, shared 0x20000 (wanted 0x0), h 0xC8, *m 5
22 655 [main] test-localename 11148
fhandler_pty_slave::fixup_after_fork: /dev/pty4 inherited, usecount 2
19 674 [main] test-localename 11148
fhandler_base::fixup_after_exec: here for
'/cygdrive/d/misc/src/cygwin/libidn-1.33-1.x86_64/build/lib/gltests/LOG'
19 693 [main] test-localename 11148
fhandler_base::fixup_after_exec: here for
'/cygdrive/d/misc/src/cygwin/libidn-1.33-1.x86_64/build/lib/gltests/LOG'
18 711 [main] test-localename 11148 child_info::ready: signalled
0x134 that I was ready
2618 31577 [main] test-localename 11148! child_info::sync: pid 8320,
WFMO returned 0, exit_code 0x103, res 1
22 31599 [main] test-localename 11148!
fhandler_base::close_with_arch: line 1140: /dev/pty4<0x18030C188>
usecount + -1 = 1
32 743 [main] test-localename 11148 fhandler_pipe::create: name
\\.\pipe\cygwin-70dc0fd8e2b3a5e0-8320-sigwait, size 11440, mode
PIPE_TYPE_MESSAGE
16 31615 [main] test-localename 11148!
fhandler_base::close_with_arch: not closing archetype
13 31628 [main] test-localename 11148! fhandler_base::close:
closing
'/cygdrive/d/misc/src/cygwin/libidn-1.33-1.x86_64/build/lib/gltests/LOG'
handle 0x258
17 31645 [main] test-localename 11148! fhandler_base::close:
closing
'/cygdrive/d/misc/src/cygwin/libidn-1.33-1.x86_64/build/lib/gltests/LOG'
handle 0x218
18 31663 [main] test-localename 11148! proc_subproc: args: 1,
-2145378112
59 802 [main] test-localename 11148 fhandler_pipe::create: pipe
read handle 0xDC
21 823 [main] test-localename 11148 fhandler_pipe::create:
CreateFile: name \\.\pipe\cygwin-70dc0fd8e2b3a5e0-8320-sigwait
--- Process 11148 thread 8740 created
44 867 [main] test-localename 11148 fhandler_pipe::create: pipe
write handle 0xE0
26 893 [main] test-localename 11148 dll_crt0_0: finished
dll_crt0_0 initialization
93 31756 [main] test-localename 11148! pinfo::wait: created
tracking thread for pid 11148, winpid 0x2080, rd_proc_pipe 0x160
33 31789 [main] test-localename 11148! proc_subproc: added pid
11148 to proc table, slot 0
27 31816 [main] test-localename 11148! proc_subproc: returning 1
--- Process 8320 thread 8488 created
75 31891 [waitproc] test-localename 11148! cygthread::stub: thread
'waitproc', id 0x2224, stack_ptr 0xDBCCD0
137 1030 [sig] test-localename 11148 wait_sig: entering ReadFile
loop, my_readsig 0xDC, my_sendsig 0xE0
145 1175 [main] test-localename 11148 sigprocmask: 0 = sigprocmask
(0, 0x0, 0x600000150)
78 1253 [main] test-localename 11148 _cygwin_istext_for_stdio: fd
0: opened as binary
17 1270 [main] test-localename 11148 _cygwin_istext_for_stdio: fd
1: opened as binary
14 1284 [main] test-localename 11148 _cygwin_istext_for_stdio: fd
2: opened as binary
65 1349 [main] test-localename 11148 parse_options: glob (called
func)
26 1375 [main] test-localename 11148 parse_options: returning
14 1389 [main] test-localename 11148 pinfo_init: pid 11148, pgid
10352, process_state 0xC1
15 1404 [main] test-localename 11148 App version: 2006.1, api: 0.305
15 1419 [main] test-localename 11148 DLL version: 2006.1, api: 0.305
14 1433 [main] test-localename 11148 DLL build: 2016-12-16 11:55
68 1501 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0409
126 1627 [main] test-localename 11148 __set_errno: void
dll_crt0_1(void*):979 setting errno 0
183 1810 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0409
37 1847 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0409
49 1896 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0409
58 1954 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0409
48 2002 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0409
60 2062 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0409
97 2159 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0000
68 2227 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0000
67 2294 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0000
67 2361 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0000
71 2432 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0000
231 2663 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0000
36 2699 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0000
35 2734 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0000
36 2770 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0000
35 2805 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0000
90 2895 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0000
46 2941 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0000
46 2987 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0000
82 3069 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0000
55 3124 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0000
51 3175 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0000
106 3281 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0407
53 3334 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0407
62 3396 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0407
57 3453 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0407
48 3501 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0407
81 3582 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x040C
76 3658 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0000
67 3725 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0000
68 3793 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0000
67 3860 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x0000
76 3936 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x040C
37 3973 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x040C
47 4020 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x040C
49 4069 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x040C
58 4127 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x040C
61 4188 [main] test-localename 11148 __get_lcid_from_locale:
LCID=0x040C
/cygdrive/d/misc/src/cygwin/libidn-1.33-1.x86_64/src/libidn-1.33/lib/gltests/test-localename.c
162 4350 [main] test-localename 11148 write: 94 = write(2,
0x100406058, 94)
: 37 4387 [main] test-localename 11148 write: 1 = write(2,
0x1004060B9, 1)
183 32 4419 [main] test-localename 11148 write: 3 = write(2,
0xFFFFC9F1, 3)
: assertion ' 30 4449 [main] test-localename 11148 write: 13 =
write(2, 0x1004060BC, 13)
strcmp (name, "fr_FR.UTF-8") == 0 30 4479 [main] test-localename
11148 write: 33 = write(2, 0x100406168, 33)
' failed
30 4509 [main] test-localename 11148 write: 9 = write(2,
0x1004060CB, 9)
83 4592 [main] test-localename 11148 set_signal_mask: setmask 0,
newmask FFFFFFFFFFFEFEDF, mask_bits 0
16 4608 [main] test-localename 11148 kill0: kill (11148, 6)
17 4625 [main] test-localename 11148 sig_send: sendsig 0xE0, pid
11148, signal 6, its_me 1
17 4642 [main] test-localename 11148 sig_send: wakeup 0x108
18 4660 [main] test-localename 11148 sig_send: Waiting for
pack.wakeup 0x108
18 4678 [sig] test-localename 11148 sigpacket::process: signal 6
processing
20 4698 [sig] test-localename 11148 init_cygheap::find_tls: sig 6
16 4714 [sig] test-localename 11148 sigpacket::process: using tls
0xFFFFCE00
39 4753 [sig] test-localename 11148 sigpacket::process: signal 6,
signal handler 0x18005CD90
15 4768 [sig] test-localename 11148 sigpacket::setup_handler:
controlled interrupt. stackptr 0xFFFFE458, stack 0xFFFFE458,
stackptr[-1] 0xFFFFE458
19 4787 [sig] test-localename 11148 proc_subproc: args: 5, 1
15 4802 [sig] test-localename 11148 proc_subproc: clear waiting
threads
15 4817 [sig] test-localename 11148 proc_subproc: finished clearing
15 4832 [sig] test-localename 11148 proc_subproc: returning 1
14 4846 [sig] test-localename 11148 _cygtls::interrupt_setup:
armed signal_arrived 0x120, signal 6
15 4861 [sig] test-localename 11148 sigpacket::setup_handler:
signal 6 delivered
15 4876 [sig] test-localename 11148 sigpacket::process: returning 1
15 4891 [sig] test-localename 11148 wait_sig: signalling
pack.wakeup 0x108
18 4909 [main] test-localename 11148 set_process_mask_delta:
oldmask FFFFFFFFFFFEFEDF, newmask FFFFFFFFFFFEFEDF, deltamask 0
28 4937 [main] test-localename 11148 signal_exit: exiting due to
signal 6
5032 [main] test-localename 11148
cygwin_exception::open_stackdumpfile: Dumping stack trace to
test-localename.exe.stackdump
95 5032 [main] test-localename 11148
cygwin_exception::open_stackdumpfile: Dumping stack trace to
test-localename.exe.stackdump
1199536 1204568 [main] test-localename 11148 signal_exit: about to call
do_exit (86)
84 1204652 [main] test-localename 11148 do_exit: do_exit (134),
exit_state 2
...
The source code can be found in the file (after unpacking of
https://ftp.gnu.org/gnu/libidn/libidn-1.33.tar.gz)
o .../libidn-1.33-1.x86_64/src/libidn-1.33/lib/gltests/test-localename.c
My cygcheck output - http://volkerzell.de/cygwin/tmp/cygcheck-03.01.2017
Ciao
Volker
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [SECURITY] libidn - locale specific error in test suite
2017-01-03 10:54 ` [SECURITY] libidn - locale specific error in test suite Dr. Volker Zell
@ 2017-01-09 14:26 ` Corinna Vinschen
2017-01-18 12:13 ` Dr. Volker Zell
2017-01-19 20:43 ` Yaakov Selkowitz
1 sibling, 1 reply; 21+ messages in thread
From: Corinna Vinschen @ 2017-01-09 14:26 UTC (permalink / raw)
To: cygwin-apps
[-- Attachment #1: Type: text/plain, Size: 1602 bytes --]
On Jan 3 11:53, Dr. Volker Zell wrote:
> On 29.12.2016 21:49, Yaakov Selkowitz wrote:
> > On 2016-09-30 01:43, Dr. Volker Zell wrote:
> > > > > > > > Yaakov Selkowitz writes:
> > >
> > > > Dr. Volker,
> > > > Several security vulnerabilities have been announced for
> > > libidn, which are fixed
> > > > in 1.33:
> > >
> > > >
> > > https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
> > >
> > > Noted (and also your other mails), will work on it as soon as real
> > > work permits.
> >
> > Ping?
> >
>
> Hi
>
> Just tried packaging libidn-1.33 and found a locale specific error in the
> test suite (Which was working fine with my latest build). When running under
> strace I get:
> [...]
> : 37 4387 [main] test-localename 11148 write: 1 = write(2, 0x1004060B9,
> 1)
> 183 32 4419 [main] test-localename 11148 write: 3 = write(2,
> 0xFFFFC9F1, 3)
> : assertion ' 30 4449 [main] test-localename 11148 write: 13 = write(2,
> 0x1004060BC, 13)
> strcmp (name, "fr_FR.UTF-8") == 0 30 4479 [main] test-localename 11148
> write: 33 = write(2, 0x100406168, 33)
> ' failed
> [...]
>
> The source code can be found in the file (after unpacking of
> https://ftp.gnu.org/gnu/libidn/libidn-1.33.tar.gz)
>
> o .../libidn-1.33-1.x86_64/src/libidn-1.33/lib/gltests/test-localename.c
Do you have a self-contained testcase, by any chance?
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [SECURITY] libidn - locale specific error in test suite
2017-01-09 14:26 ` Corinna Vinschen
@ 2017-01-18 12:13 ` Dr. Volker Zell
2017-01-18 15:24 ` Eric Blake
0 siblings, 1 reply; 21+ messages in thread
From: Dr. Volker Zell @ 2017-01-18 12:13 UTC (permalink / raw)
To: cygwin-apps
On 09.01.2017 15:26, Corinna Vinschen wrote:
> On Jan 3 11:53, Dr. Volker Zell wrote:
>> On 29.12.2016 21:49, Yaakov Selkowitz wrote:
>>> On 2016-09-30 01:43, Dr. Volker Zell wrote:
>>>>>>>>> Yaakov Selkowitz writes:
>>>>
>>>> > Dr. Volker,
>>>> > Several security vulnerabilities have been announced for
>>>> libidn, which are fixed
>>>> > in 1.33:
>>>>
>>>> >
>>>> https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
>>>>
>>>> Noted (and also your other mails), will work on it as soon as real
>>>> work permits.
>>>
>>> Ping?
>>>
>>
>> Hi
>>
>> Just tried packaging libidn-1.33 and found a locale specific error in the
>> test suite (Which was working fine with my latest build). When running under
>> strace I get:
>> [...]
>> : 37 4387 [main] test-localename 11148 write: 1 = write(2, 0x1004060B9,
>> 1)
>> 183 32 4419 [main] test-localename 11148 write: 3 = write(2,
>> 0xFFFFC9F1, 3)
>> : assertion ' 30 4449 [main] test-localename 11148 write: 13 = write(2,
>> 0x1004060BC, 13)
>> strcmp (name, "fr_FR.UTF-8") == 0 30 4479 [main] test-localename 11148
>> write: 33 = write(2, 0x100406168, 33)
>> ' failed
>> [...]
>>
>> The source code can be found in the file (after unpacking of
>> https://ftp.gnu.org/gnu/libidn/libidn-1.33.tar.gz)
>>
>> o .../libidn-1.33-1.x86_64/src/libidn-1.33/lib/gltests/test-localename.c
>
> Do you have a self-contained testcase, by any chance?
No, just the testcase from the testsuite in libidn.
Ciao
Volker
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [SECURITY] libidn - locale specific error in test suite
2017-01-18 12:13 ` Dr. Volker Zell
@ 2017-01-18 15:24 ` Eric Blake
2017-01-19 10:39 ` Corinna Vinschen
2017-01-19 17:40 ` Eric Blake
0 siblings, 2 replies; 21+ messages in thread
From: Eric Blake @ 2017-01-18 15:24 UTC (permalink / raw)
To: cygwin-apps
[-- Attachment #1.1: Type: text/plain, Size: 673 bytes --]
On 01/18/2017 06:12 AM, Dr. Volker Zell wrote:
>>>
>>> The source code can be found in the file (after unpacking of
>>> https://ftp.gnu.org/gnu/libidn/libidn-1.33.tar.gz)
>>>
>>> o
>>> .../libidn-1.33-1.x86_64/src/libidn-1.33/lib/gltests/test-localename.c
>>
>> Do you have a self-contained testcase, by any chance?
>
> No, just the testcase from the testsuite in libidn.
The test comes from gnulib, so I'm familiar with ideas on how to try and
whittle it down to a smaller self-contained test. I'll see if I can
spend a moment on it today.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [SECURITY] libidn - locale specific error in test suite
2017-01-18 15:24 ` Eric Blake
@ 2017-01-19 10:39 ` Corinna Vinschen
2017-01-19 17:40 ` Eric Blake
1 sibling, 0 replies; 21+ messages in thread
From: Corinna Vinschen @ 2017-01-19 10:39 UTC (permalink / raw)
To: cygwin-apps
[-- Attachment #1: Type: text/plain, Size: 823 bytes --]
On Jan 18 09:23, Eric Blake wrote:
> On 01/18/2017 06:12 AM, Dr. Volker Zell wrote:
>
> >>>
> >>> The source code can be found in the file (after unpacking of
> >>> https://ftp.gnu.org/gnu/libidn/libidn-1.33.tar.gz)
> >>>
> >>> o
> >>> .../libidn-1.33-1.x86_64/src/libidn-1.33/lib/gltests/test-localename.c
> >>
> >> Do you have a self-contained testcase, by any chance?
> >
> > No, just the testcase from the testsuite in libidn.
>
> The test comes from gnulib, so I'm familiar with ideas on how to try and
> whittle it down to a smaller self-contained test. I'll see if I can
> spend a moment on it today.
Much appreciated.
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [SECURITY] libidn - locale specific error in test suite
2017-01-18 15:24 ` Eric Blake
2017-01-19 10:39 ` Corinna Vinschen
@ 2017-01-19 17:40 ` Eric Blake
2017-01-19 18:19 ` Corinna Vinschen
1 sibling, 1 reply; 21+ messages in thread
From: Eric Blake @ 2017-01-19 17:40 UTC (permalink / raw)
To: cygwin-apps
[-- Attachment #1.1: Type: text/plain, Size: 1690 bytes --]
On 01/18/2017 09:23 AM, Eric Blake wrote:
> On 01/18/2017 06:12 AM, Dr. Volker Zell wrote:
>
>>>>
>>>> The source code can be found in the file (after unpacking of
>>>> https://ftp.gnu.org/gnu/libidn/libidn-1.33.tar.gz)
>>>>
>>>> o
>>>> .../libidn-1.33-1.x86_64/src/libidn-1.33/lib/gltests/test-localename.c
>>>
>>> Do you have a self-contained testcase, by any chance?
>>
>> No, just the testcase from the testsuite in libidn.
>
> The test comes from gnulib, so I'm familiar with ideas on how to try and
> whittle it down to a smaller self-contained test. I'll see if I can
> spend a moment on it today.
>
After stepping through a debugger, it looks like this is a bug in gnulib
and not cygwin. Gnulib is trying to test that its own function
gl_locale_name() can track the use of uselocale() to set a thread-local
locale that overrides the global locale. It has platform specific code
for various platforms (glibc uses nl_langinfo(), BSD uses querylocale(),
Sun uses getlocalename_l() - surprisingly none of the platforms use
nl_langinfo_l()!), then falls back to probing the environment. As long
as cygwin lacked uselocale(), then probing the environment was correct.
But now that cygwin supports uselocale(), the gnulib code needs to add a
cygwin-specific clause to its list of various platform methods.
I'll propose a patch to upstream gnulib, and cc this list - any project
using gnulib will have to backport that patch or wait for a new upstream
release of that project that uses newer gnulib if it wants to work
around the bug.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [SECURITY] libidn - locale specific error in test suite
2017-01-19 17:40 ` Eric Blake
@ 2017-01-19 18:19 ` Corinna Vinschen
2017-01-19 20:17 ` Eric Blake
2017-01-19 20:34 ` Eric Blake
0 siblings, 2 replies; 21+ messages in thread
From: Corinna Vinschen @ 2017-01-19 18:19 UTC (permalink / raw)
To: cygwin-apps
[-- Attachment #1: Type: text/plain, Size: 1875 bytes --]
On Jan 19 11:40, Eric Blake wrote:
> On 01/18/2017 09:23 AM, Eric Blake wrote:
> > On 01/18/2017 06:12 AM, Dr. Volker Zell wrote:
> >
> >>>>
> >>>> The source code can be found in the file (after unpacking of
> >>>> https://ftp.gnu.org/gnu/libidn/libidn-1.33.tar.gz)
> >>>>
> >>>> o
> >>>> .../libidn-1.33-1.x86_64/src/libidn-1.33/lib/gltests/test-localename.c
> >>>
> >>> Do you have a self-contained testcase, by any chance?
> >>
> >> No, just the testcase from the testsuite in libidn.
> >
> > The test comes from gnulib, so I'm familiar with ideas on how to try and
> > whittle it down to a smaller self-contained test. I'll see if I can
> > spend a moment on it today.
> >
>
> After stepping through a debugger, it looks like this is a bug in gnulib
> and not cygwin. Gnulib is trying to test that its own function
> gl_locale_name() can track the use of uselocale() to set a thread-local
> locale that overrides the global locale. It has platform specific code
> for various platforms (glibc uses nl_langinfo(), BSD uses querylocale(),
> Sun uses getlocalename_l() - surprisingly none of the platforms use
> nl_langinfo_l()!), then falls back to probing the environment. As long
> as cygwin lacked uselocale(), then probing the environment was correct.
> But now that cygwin supports uselocale(), the gnulib code needs to add a
> cygwin-specific clause to its list of various platform methods.
>
> I'll propose a patch to upstream gnulib, and cc this list - any project
> using gnulib will have to backport that patch or wait for a new upstream
> release of that project that uses newer gnulib if it wants to work
> around the bug.
Thanks for letting us know!
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [SECURITY] libidn - locale specific error in test suite
2017-01-19 18:19 ` Corinna Vinschen
@ 2017-01-19 20:17 ` Eric Blake
2017-01-19 21:02 ` Corinna Vinschen
2017-01-19 20:34 ` Eric Blake
1 sibling, 1 reply; 21+ messages in thread
From: Eric Blake @ 2017-01-19 20:17 UTC (permalink / raw)
To: cygwin-apps
[-- Attachment #1.1: Type: text/plain, Size: 1882 bytes --]
On 01/19/2017 12:19 PM, Corinna Vinschen wrote:
>>> The test comes from gnulib, so I'm familiar with ideas on how to try and
>>> whittle it down to a smaller self-contained test. I'll see if I can
>>> spend a moment on it today.
>>>
>>
>> After stepping through a debugger, it looks like this is a bug in gnulib
>> and not cygwin. Gnulib is trying to test that its own function
>> gl_locale_name() can track the use of uselocale() to set a thread-local
>> locale that overrides the global locale. It has platform specific code
>> for various platforms (glibc uses nl_langinfo(), BSD uses querylocale(),
>> Sun uses getlocalename_l() - surprisingly none of the platforms use
>> nl_langinfo_l()!), then falls back to probing the environment. As long
>> as cygwin lacked uselocale(), then probing the environment was correct.
>> But now that cygwin supports uselocale(), the gnulib code needs to add a
>> cygwin-specific clause to its list of various platform methods.
>>
>> I'll propose a patch to upstream gnulib, and cc this list - any project
>> using gnulib will have to backport that patch or wait for a new upstream
>> release of that project that uses newer gnulib if it wants to work
>> around the bug.
>
> Thanks for letting us know!
Actually, Cygwin (or newlib) will need a patch, too. glibc provides the
macro NL_LOCALE_NAME, which can be used as follows:
locale = newlocale(...);
uselocale(locale);
nl_langinfo_l(NL_LOCALE_NAME(LC_MESSAGES), locale);
to recover the name of the LC_MESSAGES portion of the locale object.
As Cygwin lacks that macro, there is NO way to access the locale name of
what went into constructing a thread-local locale without peeking into
the internal guts of the opaque locale_t object.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [SECURITY] libidn - locale specific error in test suite
2017-01-19 18:19 ` Corinna Vinschen
2017-01-19 20:17 ` Eric Blake
@ 2017-01-19 20:34 ` Eric Blake
1 sibling, 0 replies; 21+ messages in thread
From: Eric Blake @ 2017-01-19 20:34 UTC (permalink / raw)
To: cygwin-apps
[-- Attachment #1.1: Type: text/plain, Size: 635 bytes --]
On 01/19/2017 12:19 PM, Corinna Vinschen wrote:
>> I'll propose a patch to upstream gnulib, and cc this list - any project
>> using gnulib will have to backport that patch or wait for a new upstream
>> release of that project that uses newer gnulib if it wants to work
>> around the bug.
>
> Thanks for letting us know!
Proposed gnulib patch; can be applied to any project that uses gnulib
and wants to avoid the test-localename failure during 'make check'.
https://cygwin.com/ml/cygwin/2017-01/msg00259.html
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [SECURITY] libidn - locale specific error in test suite
2017-01-03 10:54 ` [SECURITY] libidn - locale specific error in test suite Dr. Volker Zell
2017-01-09 14:26 ` Corinna Vinschen
@ 2017-01-19 20:43 ` Yaakov Selkowitz
2017-02-22 18:58 ` Yaakov Selkowitz
1 sibling, 1 reply; 21+ messages in thread
From: Yaakov Selkowitz @ 2017-01-19 20:43 UTC (permalink / raw)
To: cygwin-apps
On 2017-01-03 04:53, Dr. Volker Zell wrote:
> Just tried packaging libidn-1.33 and found a locale specific error in
> the test suite (Which was working fine with my latest build). When
> running under strace I get:
Dr. Volker,
Since the bug discovered by this test is unrelated to libidn itself,
there should be no need to hold back the libidn release therefor.
--
Yaakov
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [SECURITY] libidn - locale specific error in test suite
2017-01-19 20:17 ` Eric Blake
@ 2017-01-19 21:02 ` Corinna Vinschen
2017-01-19 21:17 ` Eric Blake
0 siblings, 1 reply; 21+ messages in thread
From: Corinna Vinschen @ 2017-01-19 21:02 UTC (permalink / raw)
To: cygwin-apps
[-- Attachment #1: Type: text/plain, Size: 2281 bytes --]
On Jan 19 14:17, Eric Blake wrote:
> On 01/19/2017 12:19 PM, Corinna Vinschen wrote:
>
> >>> The test comes from gnulib, so I'm familiar with ideas on how to try and
> >>> whittle it down to a smaller self-contained test. I'll see if I can
> >>> spend a moment on it today.
> >>>
> >>
> >> After stepping through a debugger, it looks like this is a bug in gnulib
> >> and not cygwin. Gnulib is trying to test that its own function
> >> gl_locale_name() can track the use of uselocale() to set a thread-local
> >> locale that overrides the global locale. It has platform specific code
> >> for various platforms (glibc uses nl_langinfo(), BSD uses querylocale(),
> >> Sun uses getlocalename_l() - surprisingly none of the platforms use
> >> nl_langinfo_l()!), then falls back to probing the environment. As long
> >> as cygwin lacked uselocale(), then probing the environment was correct.
> >> But now that cygwin supports uselocale(), the gnulib code needs to add a
> >> cygwin-specific clause to its list of various platform methods.
> >>
> >> I'll propose a patch to upstream gnulib, and cc this list - any project
> >> using gnulib will have to backport that patch or wait for a new upstream
> >> release of that project that uses newer gnulib if it wants to work
> >> around the bug.
> >
> > Thanks for letting us know!
>
> Actually, Cygwin (or newlib) will need a patch, too. glibc provides the
> macro NL_LOCALE_NAME, which can be used as follows:
>
> locale = newlocale(...);
> uselocale(locale);
> nl_langinfo_l(NL_LOCALE_NAME(LC_MESSAGES), locale);
>
> to recover the name of the LC_MESSAGES portion of the locale object.
>
> As Cygwin lacks that macro, there is NO way to access the locale name of
> what went into constructing a thread-local locale without peeking into
> the internal guts of the opaque locale_t object.
Question: Why is that needed outside of testcases? If you called
newlocale you know how it has been constructed. The info should be
available. I have no problems to take glibc emulating stuff, but is
there a real-world example?
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [SECURITY] libidn - locale specific error in test suite
2017-01-19 21:02 ` Corinna Vinschen
@ 2017-01-19 21:17 ` Eric Blake
2017-01-20 8:36 ` Corinna Vinschen
0 siblings, 1 reply; 21+ messages in thread
From: Eric Blake @ 2017-01-19 21:17 UTC (permalink / raw)
To: cygwin-apps
[-- Attachment #1.1: Type: text/plain, Size: 1478 bytes --]
On 01/19/2017 03:02 PM, Corinna Vinschen wrote:
>>>> After stepping through a debugger, it looks like this is a bug in gnulib
>>>> and not cygwin. Gnulib is trying to test that its own function
>>>> gl_locale_name() can track the use of uselocale() to set a thread-local
>>>> locale that overrides the global locale.
>> nl_langinfo_l(NL_LOCALE_NAME(LC_MESSAGES), locale);
>>
>> to recover the name of the LC_MESSAGES portion of the locale object.
>>
>> As Cygwin lacks that macro, there is NO way to access the locale name of
>> what went into constructing a thread-local locale without peeking into
>> the internal guts of the opaque locale_t object.
>
> Question: Why is that needed outside of testcases? If you called
> newlocale you know how it has been constructed. The info should be
> available. I have no problems to take glibc emulating stuff, but is
> there a real-world example?
Yes. Consider a library-writer that wants to do something in the correct
locale. Here, you have a logical separation from the main app that
calls newlocale()/uselocale() and the library code that now wants to
reconstruct what the current locale is. So being able to reconstruct
the names of the thread-local locale via gl_locale_name() makes the
library less coupled to the main app's setup. In particular, at least
gettext wants to use it.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [SECURITY] libidn - locale specific error in test suite
2017-01-19 21:17 ` Eric Blake
@ 2017-01-20 8:36 ` Corinna Vinschen
0 siblings, 0 replies; 21+ messages in thread
From: Corinna Vinschen @ 2017-01-20 8:36 UTC (permalink / raw)
To: cygwin-apps
[-- Attachment #1: Type: text/plain, Size: 1647 bytes --]
On Jan 19 15:17, Eric Blake wrote:
> On 01/19/2017 03:02 PM, Corinna Vinschen wrote:
> >>>> After stepping through a debugger, it looks like this is a bug in gnulib
> >>>> and not cygwin. Gnulib is trying to test that its own function
> >>>> gl_locale_name() can track the use of uselocale() to set a thread-local
> >>>> locale that overrides the global locale.
>
> >> nl_langinfo_l(NL_LOCALE_NAME(LC_MESSAGES), locale);
> >>
> >> to recover the name of the LC_MESSAGES portion of the locale object.
> >>
> >> As Cygwin lacks that macro, there is NO way to access the locale name of
> >> what went into constructing a thread-local locale without peeking into
> >> the internal guts of the opaque locale_t object.
> >
> > Question: Why is that needed outside of testcases? If you called
> > newlocale you know how it has been constructed. The info should be
> > available. I have no problems to take glibc emulating stuff, but is
> > there a real-world example?
>
> Yes. Consider a library-writer that wants to do something in the correct
> locale. Here, you have a logical separation from the main app that
> calls newlocale()/uselocale() and the library code that now wants to
> reconstruct what the current locale is. So being able to reconstruct
> the names of the thread-local locale via gl_locale_name() makes the
> library less coupled to the main app's setup. In particular, at least
> gettext wants to use it.
Ok, makes sense.
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [SECURITY] libidn - locale specific error in test suite
2017-01-19 20:43 ` Yaakov Selkowitz
@ 2017-02-22 18:58 ` Yaakov Selkowitz
2017-03-10 22:01 ` Yaakov Selkowitz
2017-03-10 22:02 ` Yaakov Selkowitz
0 siblings, 2 replies; 21+ messages in thread
From: Yaakov Selkowitz @ 2017-02-22 18:58 UTC (permalink / raw)
To: cygwin-apps
On 2017-01-19 14:42, Yaakov Selkowitz wrote:
> On 2017-01-03 04:53, Dr. Volker Zell wrote:
>> Just tried packaging libidn-1.33 and found a locale specific error in
>> the test suite (Which was working fine with my latest build). When
>> running under strace I get:
>
> Dr. Volker,
>
> Since the bug discovered by this test is unrelated to libidn itself,
> there should be no need to hold back the libidn release therefor.
Ping?
--
Yaakov
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [SECURITY] libidn - locale specific error in test suite
2017-02-22 18:58 ` Yaakov Selkowitz
@ 2017-03-10 22:01 ` Yaakov Selkowitz
2017-03-24 19:00 ` Yaakov Selkowitz
2017-03-10 22:02 ` Yaakov Selkowitz
1 sibling, 1 reply; 21+ messages in thread
From: Yaakov Selkowitz @ 2017-03-10 22:01 UTC (permalink / raw)
To: cygwin-apps
On 2017-02-22 12:58, Yaakov Selkowitz wrote:
> On 2017-01-19 14:42, Yaakov Selkowitz wrote:
>> On 2017-01-03 04:53, Dr. Volker Zell wrote:
>>> Just tried packaging libidn-1.33 and found a locale specific error in
>>> the test suite (Which was working fine with my latest build). When
>>> running under strace I get:
>>
>> Dr. Volker,
>>
>> Since the bug discovered by this test is unrelated to libidn itself,
>> there should be no need to hold back the libidn release therefor.
>
> Ping?
Ping 2?
--
Yaakov
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [SECURITY] libidn - locale specific error in test suite
2017-02-22 18:58 ` Yaakov Selkowitz
2017-03-10 22:01 ` Yaakov Selkowitz
@ 2017-03-10 22:02 ` Yaakov Selkowitz
1 sibling, 0 replies; 21+ messages in thread
From: Yaakov Selkowitz @ 2017-03-10 22:02 UTC (permalink / raw)
To: cygwin-apps
On 2017-02-22 12:58, Yaakov Selkowitz wrote:
> On 2017-01-19 14:42, Yaakov Selkowitz wrote:
>> On 2017-01-03 04:53, Dr. Volker Zell wrote:
>>> Just tried packaging libidn-1.33 and found a locale specific error in
>>> the test suite (Which was working fine with my latest build). When
>>> running under strace I get:
>>
>> Dr. Volker,
>>
>> Since the bug discovered by this test is unrelated to libidn itself,
>> there should be no need to hold back the libidn release therefor.
>
> Ping?
Ping 2?
--
Yaakov
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [SECURITY] libidn - locale specific error in test suite
2017-03-10 22:01 ` Yaakov Selkowitz
@ 2017-03-24 19:00 ` Yaakov Selkowitz
2017-05-03 21:38 ` Yaakov Selkowitz
0 siblings, 1 reply; 21+ messages in thread
From: Yaakov Selkowitz @ 2017-03-24 19:00 UTC (permalink / raw)
To: cygwin-apps
On 2017-03-10 16:01, Yaakov Selkowitz wrote:
> On 2017-02-22 12:58, Yaakov Selkowitz wrote:
>> On 2017-01-19 14:42, Yaakov Selkowitz wrote:
>>> On 2017-01-03 04:53, Dr. Volker Zell wrote:
>>>> Just tried packaging libidn-1.33 and found a locale specific error in
>>>> the test suite (Which was working fine with my latest build). When
>>>> running under strace I get:
>>>
>>> Dr. Volker,
>>>
>>> Since the bug discovered by this test is unrelated to libidn itself,
>>> there should be no need to hold back the libidn release therefor.
>>
>> Ping?
>
> Ping 2?
Ping 3?
--
Yaakov
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [SECURITY] libidn - locale specific error in test suite
2017-03-24 19:00 ` Yaakov Selkowitz
@ 2017-05-03 21:38 ` Yaakov Selkowitz
0 siblings, 0 replies; 21+ messages in thread
From: Yaakov Selkowitz @ 2017-05-03 21:38 UTC (permalink / raw)
To: cygwin-apps
On 2017-03-24 14:00, Yaakov Selkowitz wrote:
> On 2017-03-10 16:01, Yaakov Selkowitz wrote:
>> On 2017-02-22 12:58, Yaakov Selkowitz wrote:
>>> On 2017-01-19 14:42, Yaakov Selkowitz wrote:
>>>> On 2017-01-03 04:53, Dr. Volker Zell wrote:
>>>>> Just tried packaging libidn-1.33 and found a locale specific error in
>>>>> the test suite (Which was working fine with my latest build). When
>>>>> running under strace I get:
>>>>
>>>> Dr. Volker,
>>>>
>>>> Since the bug discovered by this test is unrelated to libidn itself,
>>>> there should be no need to hold back the libidn release therefor.
>>>
>>> Ping?
>>
>> Ping 2?
>
> Ping 3?
I have uploaded the latest version of libidn to fix these issues.
--
Yaakov
^ permalink raw reply [flat|nested] 21+ messages in thread
end of thread, other threads:[~2017-05-03 21:38 UTC | newest]
Thread overview: 21+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-09-26 15:18 [SECURITY] libidn Yaakov Selkowitz
2016-09-30 6:44 ` Dr. Volker Zell
2016-12-29 20:49 ` Yaakov Selkowitz
2017-01-03 10:54 ` [SECURITY] libidn - locale specific error in test suite Dr. Volker Zell
2017-01-09 14:26 ` Corinna Vinschen
2017-01-18 12:13 ` Dr. Volker Zell
2017-01-18 15:24 ` Eric Blake
2017-01-19 10:39 ` Corinna Vinschen
2017-01-19 17:40 ` Eric Blake
2017-01-19 18:19 ` Corinna Vinschen
2017-01-19 20:17 ` Eric Blake
2017-01-19 21:02 ` Corinna Vinschen
2017-01-19 21:17 ` Eric Blake
2017-01-20 8:36 ` Corinna Vinschen
2017-01-19 20:34 ` Eric Blake
2017-01-19 20:43 ` Yaakov Selkowitz
2017-02-22 18:58 ` Yaakov Selkowitz
2017-03-10 22:01 ` Yaakov Selkowitz
2017-03-24 19:00 ` Yaakov Selkowitz
2017-05-03 21:38 ` Yaakov Selkowitz
2017-03-10 22:02 ` Yaakov Selkowitz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).