Hello bugproxy, or anyone else affected, Accepted zlib into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/zlib/1:1.2.11.dfsg- 2ubuntu1.1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-focal. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: zlib (Ubuntu Focal) Status: New => Fix Committed ** Tags added: verification-needed verification-needed-focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zlib in Ubuntu. https://bugs.launchpad.net/bugs/1893170 Title: [Ubuntu 20.10] zlib: DFLTCC compression level switching issues Status in Ubuntu on IBM z Systems: In Progress Status in zlib package in Ubuntu: Fix Released Status in zlib source package in Focal: Fix Committed Status in zlib source package in Groovy: Fix Released Bug description: SRU Justification: ================== [Impact] * This SRU fixes a combination of multiple issues: * zlib DFLTCC compression level switching can corrupt data because hardware and software compression states become desynchronized. (LP 1893170) * Since zlib is not working on all s390x system configurations support for switching between software and hardware compression is required especially for Java. (LP 1882494) * zlib on s390x may produce incomplete raw streams (but not gzip/zlib). (LP 1889059) [Test Case] * Since especially DFLTCC requires a s390x generation z15 or LinuxONE III the tests need to be done by IBM. * IBM has a set of tests available, that exercise public zlib APIs by calling them in different sequences with different buffer sizes and flush modes. * Partially these come from the IBM z/OS team, who developed their own zlib support for the hardware accelerator, and partially they are developed by the IBM Linux team based on issues encountered during development as well as fuzzing. * IBM also uses the zlib-ng test-suite as well as squash and stress- ng. * Compress data using zlib/DFLTCC with different compression level and verify state and if data got corrupted or not. (LP 1893170) * On a system with patched zlib package, switch between hardware and software compression and use zlib via the java.util.zip package (http://java.sun.com/developer/technicalArticles/Programming/compression/). (LP 1882494) * On a z15 system with hardware acceleration compression (DFLTCC) enabled, create a raw (negative windowBits value) stream with zlib. Then check if EOBS is missing or truncated. (LP 1889059) [Regression Potential] * There is a certain risk for regressions with the modifications that are introduced by the four LP bugs. * In case the package fails entirely, it will have (in worst case) an impact on all zlib, gzip and DFLTCC compression/decompression functions, that are very wide spread (gzip, tar cfz, everything with zlib) in Linux and would virtually make the system unusable. * If potential issues are limited to hardware assisted compression (which is more likely, since these patches are mostly about hw assisted compression), then issues would be limited to systems that provide this feature (latest s390x generation only). * A switch back to software got introduced (by setting DFLTCC=0 environment variable) that will help to mitigate a potential negative impact of the hw assisted compression. * Only the latest s390x generation (z15 and LinuxONE III) supports hardware assisted DFLTCC and is potentially affected. * A patched test package was made available and got successfully tested by IBM. All four bugs were finally considered as solved with zlib (1:1.2.11.dfsg-2ubuntu2~ppa2) available here: https://launchpad.net/~mwhudson/+archive/ubuntu/devirt/+packages?field.name_filter=zlib __________ Description: zlib: DFLTCC compression level switching issues Symptom: Switching compression levels corrupts data Problem: Hardware and software compression states become desynchronized. Solution: Improve compression state synchronization. Since zlib project does not accept patches at the moment, the fix has been integrated into the DFLTCC pull request: https://github.com/madler/zlib/pull/410 The commitid is 992a7afc3edfa511dff0650d1c545b11bf64e655. Reproduction: Not possible with popular command line tools. The issues were discovered using example_call_fuzzer from: https://github.com/iii-i/zlib-ng/tree/fuzz/test/fuzz/ This needs also be applied against 20.04 ! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1893170/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
