ports/127616: security/py-xmlsec misconstrues CFLAGS from xmlsec on 64 bit platforms
Tom Evans
tevans.uk at googlemail.com
Wed Sep 24 16:40:04 UTC 2008
>Number: 127616
>Category: ports
>Synopsis: security/py-xmlsec misconstrues CFLAGS from xmlsec on 64 bit platforms
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Wed Sep 24 16:40:03 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Tom Evans
>Release: 7.0 RELEASE
>Organization:
Mintel International
>Environment:
FreeBSD xxxxx.mintel.co.uk 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Fri Mar 7 01:52:33 UTC 2008 root at xxxx.usdmm.com:/usr/obj/usr/src/sys/PE1950 amd64
>Description:
py-xmlsec uses pkg-config to retrieve the CFLAGS required for compiling against libxmlsec1. It then marshalls them into an array for distutils.core.Extension to build and install the python module.
However, it has a bug where by py-xmlsec's setup.py reads in a CFLAG define present on 64bit configurations of xmlsec1, which is only specified as "-DXMLSEC_NO_SIZE_T" by xmlsec1's pkg-config. It passes this to distutils as the tuple '(XMLSEC_NO_SIZE_T)', which is interpreted by distutils as being a CFLAG undefine, and is passed into the build phase as "-UXMLSEC_NO_SIZE_T". This causes missized structures to be passed between the two, leading very quickly to a seg fault.
>How-To-Repeat:
(on amd64)
cd /usr/ports/security/py-xmlsec
make clean all install
echo -e "import xmlsec\nprint xmlsec.keyDataRsaId().getName()" | python -
Segmentation fault: 11 (core dumped)
>Fix:
Replace security/py-xmlsec/files/patch-setup.py with attached patch (I hate patches of patches!)
Patch attached with submission follows:
--- setup.py.orig 2006-01-01 17:43:37.000000000 +0000
+++ setup.py 2008-09-24 17:07:42.000000000 +0100
@@ -71,22 +71,22 @@
# the crypto engine name : openssl, gnutls or nss
xmlsec1_crypto = "openssl"
-if 'build' in sys.argv:
- msg = '\nChoose a crypto engine :\n' \
- ' 1. OpenSSL\n' \
- ' 2. GnuTLS\n' \
- ' 3. NSS\n' \
- 'Your choice : '
- reply = raw_input(msg)
- choice = None
- if reply:
- choice = reply[0]
- if choice == '1':
- xmlsec1_crypto = "openssl"
- elif choice == '2':
- xmlsec1_crypto = "gnutls"
- elif choice == '3':
- xmlsec1_crypto = "nss"
+#if 'build' in sys.argv:
+# msg = '\nChoose a crypto engine :\n' \
+# ' 1. OpenSSL\n' \
+# ' 2. GnuTLS\n' \
+# ' 3. NSS\n' \
+# 'Your choice : '
+# reply = raw_input(msg)
+# choice = None
+# if reply:
+# choice = reply[0]
+# if choice == '1':
+# xmlsec1_crypto = "openssl"
+# elif choice == '2':
+# xmlsec1_crypto = "gnutls"
+# elif choice == '3':
+# xmlsec1_crypto = "nss"
define_macros = []
include_dirs = []
@@ -104,7 +104,10 @@
if flag[2:] not in include_dirs:
include_dirs.append(flag[2:])
elif flag[:2] == "-D":
- t = tuple(flag[2:].split('='))
+ t = flag[2:].split('=')
+ if (len(t) == 1):
+ t.append('1')
+ t = tuple(t)
if t not in define_macros:
define_macros.append(t)
else:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list