ports/127616: security/py-xmlsec misconstrues CFLAGS from xmlsec on 64 bit platforms

Tom Evans tevans.uk at googlemail.com
Wed Sep 24 16:40:04 UTC 2008 

>Number:         127616
>Category:       ports
>Synopsis:       security/py-xmlsec misconstrues CFLAGS from xmlsec on 64 bit platforms
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 24 16:40:03 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Tom Evans
>Release:        7.0 RELEASE
>Organization:
Mintel International
>Environment:
FreeBSD xxxxx.mintel.co.uk 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Fri Mar  7 01:52:33 UTC 2008     root at xxxx.usdmm.com:/usr/obj/usr/src/sys/PE1950  amd64
>Description:
py-xmlsec uses pkg-config to retrieve the CFLAGS required for compiling against libxmlsec1. It then marshalls them into an array for distutils.core.Extension to build and install the python module.

However, it has a bug where by py-xmlsec's setup.py reads in a CFLAG define present on 64bit configurations of xmlsec1, which is only specified as "-DXMLSEC_NO_SIZE_T" by xmlsec1's pkg-config. It passes this to distutils as the tuple '(XMLSEC_NO_SIZE_T)', which is interpreted by distutils as being a CFLAG undefine, and is passed into the build phase as "-UXMLSEC_NO_SIZE_T". This causes missized structures to be passed between the two, leading very quickly to a seg fault.

>How-To-Repeat:
(on amd64)
cd /usr/ports/security/py-xmlsec
make clean all install
echo -e "import xmlsec\nprint xmlsec.keyDataRsaId().getName()" | python -
Segmentation fault: 11 (core dumped)
>Fix:
Replace security/py-xmlsec/files/patch-setup.py with attached patch (I hate patches of patches!)

Patch attached with submission follows:

--- setup.py.orig	2006-01-01 17:43:37.000000000 +0000
+++ setup.py	2008-09-24 17:07:42.000000000 +0100
@@ -71,22 +71,22 @@
 
 # the crypto engine name : openssl, gnutls or nss
 xmlsec1_crypto = "openssl"
-if 'build' in sys.argv:
-    msg = '\nChoose a crypto engine :\n' \
-          '   1. OpenSSL\n' \
-          '   2. GnuTLS\n' \
-          '   3. NSS\n' \
-          'Your choice : '
-    reply = raw_input(msg)
-    choice = None
-    if reply:
-        choice = reply[0]
-    if choice == '1':
-        xmlsec1_crypto = "openssl"
-    elif choice == '2':
-        xmlsec1_crypto = "gnutls"
-    elif choice == '3':
-        xmlsec1_crypto = "nss"
+#if 'build' in sys.argv:
+#    msg = '\nChoose a crypto engine :\n' \
+#          '   1. OpenSSL\n' \
+#          '   2. GnuTLS\n' \
+#          '   3. NSS\n' \
+#          'Your choice : '
+#    reply = raw_input(msg)
+#    choice = None
+#    if reply:
+#        choice = reply[0]
+#    if choice == '1':
+#        xmlsec1_crypto = "openssl"
+#    elif choice == '2':
+#        xmlsec1_crypto = "gnutls"
+#    elif choice == '3':
+#        xmlsec1_crypto = "nss"
 
 define_macros = []
 include_dirs  = []
@@ -104,7 +104,10 @@
             if flag[2:] not in include_dirs:
                 include_dirs.append(flag[2:])
         elif flag[:2] == "-D":
-            t = tuple(flag[2:].split('='))
+            t = flag[2:].split('=')
+            if (len(t) == 1):
+                t.append('1')
+            t = tuple(t)
             if t not in define_macros:
                 define_macros.append(t)
         else:


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list