--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: camlzip version 1.07 needed for zlib >= 1.2.9
- From: Stephen McCamant <mccamant@cs.umn.edu>
- Date: Wed, 30 May 2018 16:50:26 -0500
- Message-id: <23311.7330.817670.849604@dio.cs.umn.edu>
Package: libzip-ocaml
Version: 1.06-2+b1
I'd like to request that the Debian package of camlzip (libzip-ocaml)
be updated at least to the latest numbered release, version 1.07. The
reason this is significant is that older versions of camlzip up
through 1.06 will no longer work reliably with recent versions of zlib
(I think 1.2.9 and higher), such as version 1.2.11 now in testing.
The problem can be subtle to reproduce, because it is related to
garbage collection. camlzip versions <= 1.06 allocated a zlib stream
object using OCaml's garbage-collected heap, which means that the
object could be moved around in memory. Though this may have been
contrary to the usual expectations of a C library, it was AFAIK not a
practical problem with older zlib versions. However in more recent
zlib versions, there is a sanity check that asserts that the
back-pointer from the internal state object to the stream object is
consistent with the stream object pointer passed to zlib interface
routines. If the OCaml garbage collector has moved the object, the
back-pointer is not updated because the OCaml GC does not know about
the internal state object. Thus this check will fail, causing the
interface routine to return an error code.
The particular case I care about is a large application that uses
camlzip to write compressed log files. The application works correctly
on older systems, such as Ubuntu 16.04 which has camlzip 1.05 and zlib
1.2.8. It also works correctly when writing a small log file, as does
a small test program, probably since in these small programs no
garbage collection happens while the zlib stream is open. But in the
larger program, in the midst of writing a longer stream of text to a
compressed output stream, the program will die with the following
uncaught exception:
Fatal error: exception Gzip.Error("error during compression")
The zlib error code is not exposed in the Gzip.Error exception
message, but with a debugger I can see that it is Z_STREAM_ERROR,
caused by the failure of the check "s->strm != strm" (i.e.,
"strm->state->strm != strm") in deflateStateCheck.
This class of problems (which also affects decompression in other
programs) is discussed on the upstream Github issue tracker at:
https://github.com/xavierleroy/camlzip/issues/1
The other Github issues from other projects that reference that one
give some indication of how this problem can lead to hard-to-debug
failures in other OCaml-based programs.
The fix is in upstream pull request #2; right after it was merged on
January 23rd, 2017, the version number was incremented to 1.07.
-- Stephen
-- System Information:
Debian Release: buster/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'oldoldstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.16.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libzip-ocaml depends on:
ii libc6 2.27-3
ii ocaml-base-nox [ocaml-base-nox-4.05.0] 4.05.0-10+b1
ii zlib1g 1:1.2.11.dfsg-1
--- End Message ---
--- Begin Message ---
Source: camlzip
Source-Version: 1.07-1
We believe that the bug you reported is fixed in the latest version of
camlzip, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 900445@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ralf Treinen <treinen@debian.org> (supplier of updated camlzip package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 08 Jun 2018 21:23:26 +0200
Source: camlzip
Binary: libzip-ocaml libzip-ocaml-dev
Architecture: source
Version: 1.07-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OCaml Maintainers <debian-ocaml-maint@lists.debian.org>
Changed-By: Ralf Treinen <treinen@debian.org>
Description:
libzip-ocaml - OCaml compression libraries (runtime libraries)
libzip-ocaml-dev - OCaml compression libraries (development files)
Closes: 900445
Changes:
camlzip (1.07-1) unstable; urgency=medium
.
* New upstream release (closes: #900445)
- refreshed patch 0003-Add-plain_uncompress.patch
* updated debian/watch to github
* updated homepage to github
* updated Vcs-* fields to salsa
* Standards-Version 4.1.4:
- https in d/copyright format header
* rewrite installation:
- debian/rules: use install-findlib from upstream's makefile, and move
manually dll* into stublibs
- adjusted d/*.install.in accordingly
- d/control: add build-dependency on ocaml-findlib
- drop patch 0001-Build-system-for-Debian
* d/rules: drop explicit building of zip.{cmxa,cmxs} since it is done
now by the upstream Makefile
* debhelper compat level 11
* Dropped patch 0002-Use-an-installed-camlzip-for-tests as we now have
as-installed tests for that
* Bumped version of build-dependency ocaml, following upstream instructions
* Dropped build-dependency on dpkg-dev since it was constrained >= a version
from 2006
Checksums-Sha1:
6096aa987878173214fe0db92489caad11a9c8a5 2131 camlzip_1.07-1.dsc
dc6bf21fd12b527e06df2e3f5ee9655585e46a44 26652 camlzip_1.07.orig.tar.gz
0811796fa69afcd68b8fc9e81a5a7955e416786b 6160 camlzip_1.07-1.debian.tar.xz
445a82039e2c2b7fe0bc7f9c1c2d1e64e19054a4 5872 camlzip_1.07-1_source.buildinfo
Checksums-Sha256:
e790f6a18bb92b2dd2115016f6ea32090a2995ad8780c5619e5851bead88b035 2131 camlzip_1.07-1.dsc
2f4df4df258b8bca89176a5c4200a6920eccb3134f3df70d61a67e16fd1fbfdd 26652 camlzip_1.07.orig.tar.gz
602ecdaa6bca56d25d9c46029b939a2a5d05bac01a163144cb4b32dbc7a3833b 6160 camlzip_1.07-1.debian.tar.xz
1461ccd4d6f695af886ec14f002a07dc562a6998e44a786d723238f180fec0eb 5872 camlzip_1.07-1_source.buildinfo
Files:
441bf9b0bc7b4aeba62721788b36bac2 2131 ocaml optional camlzip_1.07-1.dsc
8babccb584dfd4eb7b98901122e818a9 26652 ocaml optional camlzip_1.07.orig.tar.gz
6e25517e7b65a3406872d6025652ad50 6160 ocaml optional camlzip_1.07-1.debian.tar.xz
81749e879cc76eeb62989ff5fafd5f72 5872 ocaml optional camlzip_1.07-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEAgVIKeEtDyqOZI5idFxHZtTKzf8FAlsa3KAACgkQdFxHZtTK
zf9rDhAAoY3aoSLpVfGinR/kk7ElEPsuDQ7ijG3eWBJ4zsgkxb2yOzOjQWl89b/a
HuWApJgWvA4dJiKgEIL6S12SKKW2ARnYp6+c9SCyeCYKvIndSRZtjc536D6MHbJH
egtNwoit6mWrfNVZWJ+DIUAm2A9Tt4MRa7VDkyHp+GlT4CIZhjBjgq10P3IZtQzB
A/wDo7toz4oc+btR+D2+fOBdl/ObxjCu0zT/Ci7onDBB7KOEDR0s5pLrWUZcz5y9
PNtQOpowPOBj0d7JLVfPJZMTY1pkTNx5tDE33ol+bLCOURYxMqIhwensyJTGNSZg
9NEn/kenmStqDUXuza2gP7jBCsBt2z5nUifZUt8QxUFr3olw+et+qgdnMLGJke5t
FeGzTwWu0lvPvUmhb3j4D2yEE1+Fk9Qeti7+B+G9FljGYmjMHa9049/MLBHcXK+N
ALcQOZXGFzfcCdyUZntuy/GCwrMZLRSpLNjNRXIjgNToMJYOVGyK4QEFM6pIEcPG
6VLYHDJ1mZc31agDFfiYFEAaW7nH/qUjleP8Yaz8ZAcuInnVlHo8t09hHMynR2iK
XjrGuPuYFv+D0y7EJPHS2H83IoP2wvO6Pdzxx50Jlx2wqFOiGXKTcbJjpf3JPmtr
QnqmkW4Jfj1HUVX06cZm8HegqARMYEU/DpgLhk8/8hNs6t9S/W4=
=xGwT
-----END PGP SIGNATURE-----
--- End Message ---