Bug 1678825

Summary: Incorrect handling of windowBits for gzip streams
Product: Red Hat Enterprise Linux 7 Reporter: Jan Staněk <jstanek>
Component: zlibAssignee: Petr Kubat <pkubat>
Status: CLOSED WONTFIX QA Contact: RHEL CS Apps Subsystem QE <rhel-cs-apps-subsystem-qe>
Severity: high Docs Contact:
Priority: unspecified    
Version: 7.7CC: databases-maint, hhorak, jstanek, odubaj, panovotn, praiskup
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-07-04 08:49:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1677710, 1696153    
Attachments:
Description Flags
Upstream fix none

Description Jan Staněk 2019-02-19 16:44:49 UTC 
Created attachment 1536415 [details]
Upstream fix

High-level overview: In the zlib version included in RHEL 7, the zlib contains a bug related to setting the inflate/deflate sliding window size. This manifests in the NodeJS package manager `npm` included in the rh-nodejs10 software collections as a regular error when working with gzipped streams (see bug #1677710 for details).

Lower-level details: According to zlib upstream, there is a bug in automatic window size settings in zlib versions < 1.2.9. In certain cases the window size should be retrieved from stream header. In some of the cases the header is not present at all (upstream notes gzip streams explicitly), which leads to this bug.


Version-Release number of selected component (if applicable):
zlib-1.2.7-18.el7

How reproducible: consistently

Steps to Reproduce (using npm from rh-nodejs10, which uses zlib):
1. npm info npm (or any other *existing* package)

Actual results:
npm ERR! code Z_DATA_ERROR
npm ERR! errno -3
npm ERR! invalid distance too far back

Expected results:
npm.0 | Artistic-2.0 | deps: 122 | versions: 308
a package manager for JavaScript
...snip...

Additional info:
Upstream fixed this via the attached commit/patch.
Comment 2 Pavel Raiskup 2019-03-04 08:59:56 UTC 
Why the official /usr/bin/npm installed by
https://rpm.nodesource.com/setup_10.x works out of box?
Comment 3 Jan Staněk 2019-03-04 10:45:45 UTC 
The upstream bundles the zlib, and the version bundled with nodejs-10 (currently 1.2.11, according to git messages) already contains the fix necessary for the npm to work as expected. We unbundle this and use system zlib, which on RHEL 7 currently contains the issue that triggers this.
Comment 6 Honza Horak 2019-07-01 15:45:47 UTC 
It looks like the nodejs part of this issue was solved by bundling the zlib from nodejs project, and since it doesn't look like a problem for other issues, I'd support the idea of closing this WONTFIX for now in RHEL-7. We should just make sure this issue is fixed in RHEL-8 -- is that the case?
Comment 7 Ondrej Dubaj 2019-07-04 08:49:20 UTC 
Thank you for reporting this issue!

As this bug is fixed in RHEL-8 and also in upstream and does not really
have a real functional impact on end users. Given the priority of this
bug is not considered high by engineering, and given the RHEL-7 is close
to the Maintenance Support 1 phase, it is not probable that it will be
fixed in the upcoming releases for RHEL-7. Therefore, closing it as WONTFIX.

The official life cycle policy can be reviewed here:
http://redhat.com/rhel/lifecycle. If this issue remains an important
requirement, please contact Red Hat Customer Support to request a
re-evaluation of the issue, citing a clear business justification.