Bug 664863

Summary: py-xmlsec misconstrues CFLAGS from xmlsec on 64 bit platforms
Product: [Fedora] Fedora Reporter: Dan Young <dyoung>
Component: pyxmlsecAssignee: Lubomir Rintel <lkundrak>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 14CC: dyoung, lkundrak
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: pyxmlsec-0.3.0-8.fc14 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-02-14 20:31:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
CFLAGS setup.py patch none

Description Dan Young 2010-12-21 22:44:12 UTC 
Created attachment 470093 [details]
CFLAGS setup.py patch

Description of problem:
This is largely copied from this bug filed in the FreeBSD bug tracker:
http://www.freebsd.org/cgi/query-pr.cgi?pr=127616

py-xmlsec uses pkg-config to retrieve the CFLAGS required for compiling against libxmlsec1. It then marshalls them into an array for distutils.core.Extension to build and install the python module.

However, it has a bug where by py-xmlsec's setup.py reads in a CFLAG define present on 64bit configurations of xmlsec1, which is only specified as "-DXMLSEC_NO_SIZE_T" by xmlsec1's pkg-config. It passes this to distutils as the tuple '(XMLSEC_NO_SIZE_T)', which is interpreted by distutils as being a CFLAG undefine, and is passed into the build phase as "-UXMLSEC_NO_SIZE_T". This causes missized structures to be passed between the two, leading very quickly to a seg fault.

Version-Release number of selected component (if applicable):
0.3.0-7

How reproducible:
Always.

Steps to Reproduce:
1. python
2. import xmlsec
3. print xmlsec.keyDataRsaId().getName()"
  
Actual results:
Segmentation fault (core dumped)

Expected results:
rsa

Additional info:
Here's the upstream bug, though it appears this project has languished for some time now, as it's still open a year after it was submitted:
https://labs.libre-entreprise.org/tracker/index.php?func=detail&aid=1920&group_id=17&atid=149

Also, this bug appears to manifest in the EPEL5 package as well. 

I can confirm that the patch from the FreeBSD bug tracker fixes this. I've attached it without the part where the strip out the GnuTLS and NSS crypto options.
Comment 1 Dan Young 2011-01-26 00:00:59 UTC 
Ping?
Comment 2 Fedora Update System 2011-02-02 23:08:11 UTC 
pyxmlsec-0.3.0-8.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/pyxmlsec-0.3.0-8.fc14
Comment 3 Fedora Update System 2011-02-03 20:26:44 UTC 
pyxmlsec-0.3.0-8.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update pyxmlsec'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/pyxmlsec-0.3.0-8.fc14
Comment 4 Fedora Update System 2011-02-14 20:31:20 UTC 
pyxmlsec-0.3.0-8.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.