Bug#771009: unblock: ruby-mysql2/0.3.16-2
Control: tags -1 + confirmed moreinfo On 2014-11-25 22:14, Cédric Boutillier wrote: I would like to ask for a pre-approval for an upload of ruby-mysql2 in order to fix 2 important bugs in Jessie, upon request of upstream. Please go ahead, thanks. If a preapproval is granted, should I then file a new unblock request when the upload is performed? No. Follow-up to this one and remove the moreinfo tag once the package is in unstable. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#771009: unblock: ruby-mysql2/0.3.16-2
Control: tags -1 - moreinfo
Hi!
I've just uploaded ruby-mysql2/0.3.16-2 with the changes indicated in my
previous email. Please unblock this package for migration to Jessie.
unblock: ruby-mysql2/0.3.16-2
Thanks!
Cédric
diff -Nru ruby-mysql2-0.3.16/debian/changelog
ruby-mysql2-0.3.16/debian/changelog
--- ruby-mysql2-0.3.16/debian/changelog 2014-06-15 00:37:29.0 +0200
+++ ruby-mysql2-0.3.16/debian/changelog 2014-11-27 00:04:11.0 +0100
@@ -1,3 +1,15 @@
+ruby-mysql2 (0.3.16-2) unstable; urgency=medium
+
+ * Add upstream patch avoid_openssl_loop.patch to use /dev/null in the
+invalidate_fd function to avoid infinite loop in OpenSSL (Closes: #770891)
+Before, a dummy socket was used instead of /dev/null, which may not absorb
+all writes and lead to an infinite loop.
+ * Add upstream patch correct_mysql_init.patch to correctly initialize the
+MySQL library, to avoid race condition when other threads try to create a
+connection (Closes: #770896)
+
+ -- Cédric Boutillier bou...@debian.org Tue, 25 Nov 2014 17:52:01 +0100
+
ruby-mysql2 (0.3.16-1) unstable; urgency=medium
[ Jérémy Bobbio ]
diff -Nru ruby-mysql2-0.3.16/debian/patches/avoid_openssl_loop.patch
ruby-mysql2-0.3.16/debian/patches/avoid_openssl_loop.patch
--- ruby-mysql2-0.3.16/debian/patches/avoid_openssl_loop.patch 1970-01-01
01:00:00.0 +0100
+++ ruby-mysql2-0.3.16/debian/patches/avoid_openssl_loop.patch 2014-11-25
23:07:16.0 +0100
@@ -0,0 +1,49 @@
+Description: Use /dev/null in invalidate_fd to avoid infinite loop in OpenSSL
+ Thanks to Andy Bakun / @thwarted for identifying the issue and
+ suggesting the /dev/null workaround.
+Author: Aaron Stone aa...@serendipity.cx
+Origin:
upstream,https://github.com/brianmario/mysql2/commit/fc30a7c056e63517f5f66702016941b3902ec0b6.patch
+Reviewed-by: Cédric Boutillier bou...@debian.org
+Last-Update: 2014-08-24
+
+--- a/ext/mysql2/client.c
b/ext/mysql2/client.c
+@@ -167,26 +167,30 @@
+
+ #ifndef _WIN32
+ /*
+- * Redirect clientfd to a dummy socket for mysql_close to
+- * write, shutdown, and close on as a no-op.
+- * We do this hack because we want to call mysql_close to release
+- * memory, but do not want mysql_close to drop connections in the
+- * parent if the socket got shared in fork.
++ * Redirect clientfd to /dev/null for mysql_close and SSL_close to write,
++ * shutdown, and close. The hack is needed to prevent shutdown() from breaking
++ * a socket that may be in use by the parent or other processes after fork.
++ *
++ * /dev/null is used to absorb writes; previously a dummy socket was used, but
++ * it could not abosrb writes and caused openssl to go into an infinite loop.
++ *
+ * Returns Qtrue or Qfalse (success or failure)
++ *
++ * Note: if this function is needed on Windows, use nul instead of
/dev/null
+ */
+ static VALUE invalidate_fd(int clientfd)
+ {
+ #ifdef SOCK_CLOEXEC
+ /* Atomically set CLOEXEC on the new FD in case another thread forks */
+- int sockfd = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
++ int sockfd = open(/dev/null, O_RDWR | O_CLOEXEC);
+ if (sockfd 0) {
+ /* Maybe SOCK_CLOEXEC is defined but not available on this kernel */
+-int sockfd = socket(AF_UNIX, SOCK_STREAM, 0);
++int sockfd = open(/dev/null, O_RDWR);
+ fcntl(sockfd, F_SETFD, FD_CLOEXEC);
+ }
+ #else
+ /* Well we don't have SOCK_CLOEXEC, so just set FD_CLOEXEC quickly */
+- int sockfd = socket(AF_UNIX, SOCK_STREAM, 0);
++ int sockfd = open(/dev/null, O_RDWR);
+ fcntl(sockfd, F_SETFD, FD_CLOEXEC);
+ #endif
+
diff -Nru ruby-mysql2-0.3.16/debian/patches/correct_mysql_init.patch
ruby-mysql2-0.3.16/debian/patches/correct_mysql_init.patch
--- ruby-mysql2-0.3.16/debian/patches/correct_mysql_init.patch 1970-01-01
01:00:00.0 +0100
+++ ruby-mysql2-0.3.16/debian/patches/correct_mysql_init.patch 2014-11-25
23:07:43.0 +0100
@@ -0,0 +1,38 @@
+Description: Added call to mysql_library_init during initialization of the gem
+ This call must be performed before trying to call mysql_init from
+ multiple threads
+ Reference: http://dev.mysql.com/doc/refman/5.1/en/mysql-init.html
+ Minimal reproduction of the problem if mysql_library_init is not called
+
+require 'mysql2'
+
+def connect
+ Mysql2::Client.new()
+end
+
+threads = [0,1].map {
+ Thread.new { connect }
+}
+threads.map(:join)
+puts OK!
+Author: Michael Kruglos mich...@kruglos.com
+Reviewed-by: Cédric Boutillier bou...@debian.org
+Origin:
upstream,https://github.com/brianmario/mysql2/commit/de48627ee89b9dfd7d966f3ea747e95a48085792.patch
+Last-Update: 2014-07-30
+
+--- a/ext/mysql2/client.c
b/ext/mysql2/client.c
+@@ -1237,6 +1237,13 @@
+ }
+ }
+
++ /* Initializing mysql library, so different threads could call Client.new */
++ /* without race condition in the library */
++ if (mysql_library_init(0, NULL, NULL) != 0) {
++
Bug#771009: unblock: ruby-mysql2/0.3.16-2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Dear release team,
I would like to ask for a pre-approval for an upload
of ruby-mysql2 in order to fix 2 important bugs in Jessie, upon request
of upstream.
The two bugs are:
- #770891 possible openssl infinite loop
The current version in Jessie can cause infinite OpenSSL loop, because
of a dummy socket that may not be able to absorb all the write. The
patch proposes to replace the socket by /dev/null.
- #770896 libmysql may not be called correctly during initialization of the gem
The current version of ruby-mysql2 may not completely initialize the
MySQL library, so that different threads that trying to connect to
the database may not succeed because of a race condition. The patch
ensures full initialization of the MySQL library when the Ruby library
is loaded.
These two bugs are fixed by very short patches, converted from upstream
commits.
Please find enclosed the debdiff with the version 0.3.16-2, containing
the changelog entry and the two patches.
If a preapproval is granted, should I then file a new unblock request
when the upload is performed?
Thanks!
Cédric
unblock ruby-mysql2/0.3.16-2
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'testing'), (100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru ruby-mysql2-0.3.16/debian/changelog
ruby-mysql2-0.3.16/debian/changelog
--- ruby-mysql2-0.3.16/debian/changelog 2014-06-15 00:37:29.0 +0200
+++ ruby-mysql2-0.3.16/debian/changelog 2014-11-25 18:02:36.0 +0100
@@ -1,3 +1,15 @@
+ruby-mysql2 (0.3.16-2) unstable; urgency=medium
+
+ * Add upstream patch avoid_openssl_loop.patch to use /dev/null in the
+invalidate_fd function to avoid infinite loop in OpenSSL (Closes: #770891)
+Before, a dummy socket was used instead of /dev/null, which may not absorb
+all writes and lead to an infinite loop.
+ * Add upstream patch correct_mysql_init.patch to correctly initialize the
+MySQL library, to avoid race condition when other threads try to create a
+connection (Closes: #770896)
+
+ -- Cédric Boutillier bou...@debian.org Tue, 25 Nov 2014 17:52:01 +0100
+
ruby-mysql2 (0.3.16-1) unstable; urgency=medium
[ Jérémy Bobbio ]
diff -Nru ruby-mysql2-0.3.16/debian/patches/avoid_openssl_loop.patch
ruby-mysql2-0.3.16/debian/patches/avoid_openssl_loop.patch
--- ruby-mysql2-0.3.16/debian/patches/avoid_openssl_loop.patch 1970-01-01
01:00:00.0 +0100
+++ ruby-mysql2-0.3.16/debian/patches/avoid_openssl_loop.patch 2014-11-25
23:07:16.0 +0100
@@ -0,0 +1,49 @@
+Description: Use /dev/null in invalidate_fd to avoid infinite loop in OpenSSL
+ Thanks to Andy Bakun / @thwarted for identifying the issue and
+ suggesting the /dev/null workaround.
+Author: Aaron Stone aa...@serendipity.cx
+Origin:
upstream,https://github.com/brianmario/mysql2/commit/fc30a7c056e63517f5f66702016941b3902ec0b6.patch
+Reviewed-by: Cédric Boutillier bou...@debian.org
+Last-Update: 2014-08-24
+
+--- a/ext/mysql2/client.c
b/ext/mysql2/client.c
+@@ -167,26 +167,30 @@
+
+ #ifndef _WIN32
+ /*
+- * Redirect clientfd to a dummy socket for mysql_close to
+- * write, shutdown, and close on as a no-op.
+- * We do this hack because we want to call mysql_close to release
+- * memory, but do not want mysql_close to drop connections in the
+- * parent if the socket got shared in fork.
++ * Redirect clientfd to /dev/null for mysql_close and SSL_close to write,
++ * shutdown, and close. The hack is needed to prevent shutdown() from breaking
++ * a socket that may be in use by the parent or other processes after fork.
++ *
++ * /dev/null is used to absorb writes; previously a dummy socket was used, but
++ * it could not abosrb writes and caused openssl to go into an infinite loop.
++ *
+ * Returns Qtrue or Qfalse (success or failure)
++ *
++ * Note: if this function is needed on Windows, use nul instead of
/dev/null
+ */
+ static VALUE invalidate_fd(int clientfd)
+ {
+ #ifdef SOCK_CLOEXEC
+ /* Atomically set CLOEXEC on the new FD in case another thread forks */
+- int sockfd = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
++ int sockfd = open(/dev/null, O_RDWR | O_CLOEXEC);
+ if (sockfd 0) {
+ /* Maybe SOCK_CLOEXEC is defined but not available on this kernel */
+-int sockfd = socket(AF_UNIX, SOCK_STREAM, 0);
++int sockfd = open(/dev/null, O_RDWR);
+ fcntl(sockfd, F_SETFD, FD_CLOEXEC);
+ }
+ #else
+ /* Well we don't have SOCK_CLOEXEC, so just set FD_CLOEXEC quickly */
+- int sockfd = socket(AF_UNIX, SOCK_STREAM, 0);
++ int sockfd = open(/dev/null, O_RDWR);
+ fcntl(sockfd, F_SETFD, FD_CLOEXEC);
+ #endif
+
diff -Nru
