C format string specifications mismatch in translations crashes libxine based apps in some loales

So that's what all those knotify-related crashes in xine during the Intrepid cycle were all about...

Hmm,

unsure if i have the same problem. I've got a new version of xine-lib on dec, 16th, 2008 and the trouble began. Since them most KDE apps that uses phonon crashs (amarok, digikam, etc.) I also have a backtrace of the digikam crash which i attach. As you could see the crash happens because of phonon and xine-libs.

I'm also not able to open "System Settings -> Sound" (also crashing). I'm only unsure because changing the language using Systems Settings does not help.

Notice, i'm using a regular Kubuntu 8.10 installation 64-bit. 2.6.27-9-generic #1 SMP Thu Nov 20 22:15:32 UTC 2008 x86_64 GNU/Linux and got the problem because of a normal adept-get upgrade.

I will make some further tests.

Oliver

ok,

This bugs has reached real installations.

If i enter

export LANG=C.UTF-8

and start amarok, everything works fine. Using LANG=en_US.UTF-8 instead does not help. Is there a way to ge libxine of last week back?

Oliver

Does anybody reproduce this crash from jaunty? Does anybody reproduce this crash on i386?

Assuming default installation comes with translation for libxine I can't reproduce on jaunty i386 (german)

Discovered here that langpack-o-matic doesn't set --check-c-format (Rosetta does enforce this though).

dpkg.log for the update from 4.1.3 to 4.1.4
problem startet with the update packages
Regression appeared between 2009/01/14 12:59 and 2009/01/14 22:56

This bug was fixed in the package xine-lib - 1.1.15-0ubuntu8

---------------
xine-lib (1.1.15-0ubuntu8) jaunty; urgency=low

  * New dpatch, 10_translation-fixes, fixes missing "%s" to protect against
    broken translations; LP: #290768.

 -- Loic Minier <email address hidden> Thu, 15 Jan 2009 17:48:20 +0100

Merged in trunk, so fixed in langpack-o-matic.

One reported told me this happens with konsole, systemsettings, dolphin etc.; this points at a kdebase-runtime or kdelibs issue, but downgrading the kdebase-runtime package didn't help.

I'm short of what to try downgrading; this reported also tried downgrading phonon-backend-xine.

Accepted xine-lib into intrepid-proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

An updated xine-lib was uploaded to intrepid-proposed; please test it there and report any regression or whether it fixes the bug.

So whether or not xine-lib fixes this for your, we're highly interested in knowing which intrepid-updates update or intrepid-proposed update triggered the regression; thanks in advance!

Accepted language-pack-gnome-it-base into intrepid-proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Package xine-lib - 1.1.15-0ubuntu3intrepid1 fixes the locale problem for me. Thanks

Package libxine1 1.1.15-0ubuntu3intrepid1 from proposed fixes this problem for me..

Thanks
Oliver

Package xine-lib - 1.1.15-0ubuntu3intrepid1 fixes the locale problem for me too.

Thanks
Christian

Accepted language-pack-gnome-de-base into intrepid-proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

libxine 1.1.15-0ubuntu3intrepid1 fixes the problem for me too
Thanks
tom

language-pack-gnome-de-base and language-pack-gnome-it-base are uninstallable; see bug #317934.

SRU team: what's your preference in addressing this? Loosening the dep in these one shot -base langpacks uploads (what I'd prefer doing), or SRU-ing the non-base langpacks as well (no change)?

Loïc Minier [2009-01-17 11:23 -0000]:
> SRU team: what's your preference in addressing this? Loosening the dep
> in these one shot -base langpacks uploads (what I'd prefer doing)

That is fine for me.

Loic, were these manually fixed translations fixed in Rosetta as well? If not, they'll just get overwritten again on next update.

Martin, some were but perhaps not all; I think Arne fixed the first 2 identified -it strings and all (2) -de strings. I'm not sure whether he fixed all 5 -it strings.

We need to review all strings which look like they use C formats specifiers anyway; note that I've added --check-format to langpack-o-matic to catch the ones which are flagged c-format.

This needs to get merged with the xine-lib security update that just came out for Intrepid.
Attached is the debdiff for the security update.

Reopening, shadowed by security update.

Thanks Loic for merging. Please test this version:

 xine-lib (1.1.15-0ubuntu3.1intrepid1) intrepid-proposed; urgency=low
 .
   * Merge 1.1.15-0ubuntu3.1.
 .
 xine-lib (1.1.15-0ubuntu3.1) intrepid-security; urgency=low
 .
   * SECURITY UPDATE: backported security fixes from upstream xine-lib hg repo:
     - debian/patches/01_SECURITY_invalid_track_type.dpatch: Avoid segfault on
       invalid track type in Matroska files.
     - debian/patches/02_SECURITY_ffmpeg_video_overflow.dpatch: Heap buffer
       overflow in the ffmpeg video decoder.
     - debian/patches/03_SECURITY_ffmpeg_audio_overflow.dpatch: Integer overflow
       in the ffmpeg audio decoder
     - debian/patches/04_SECURITY_cdda_server_overflow.dpatch: Integer overflow
       in the the CDDA server.
     - debian/patches/05_SECURITY_CVE-2008-5234.dpatch: Heap overflow and
       unchecked malloc in Quicktime atom parsing. (CVE-2008-5234, CVE-2008-5242)
     - debian/patches/06_SECURITY_CVE-2008-5236.dpatch: Buffer overflows in
       Matroska, Real and RealAudio demuxers. (CVE-2008-5236)
     - debian/patches/07_SECURITY_CVE-2008-5237.dpatch: Integer overflows in
       MNG and QT demuxers. (CVE-2008-5237)
     - debian/patches/08_SECURITY_CVE-2008-5239.dpatch: Out-of-bounds reads and
       heap-based buffer overflows from unchecked or incompletely-checked read
       function results. (CVE-2008-5239)
     - debian/patches/09_SECURITY_CVE-2008-5240.dpatch: Unchecked malloc using
       untrusted values. (CVE-2008-5240)
     - debian/patches/10_SECURITY_CVE-2008-5241.dpatch: Integer underflow in qt
       compressed atom handling. (CVE-2008-5241)
     - debian/patches/11_SECURITY_CVE-2008-5243.dpatch: Buffer indexing using
       untrusted or unchecked values. (CVE-2008-5243)
 .
 xine-lib (1.1.15-0ubuntu3intrepid1) intrepid-proposed; urgency=low
 .
   * New dpatch, 10_translation-fixes, fixes missing "%s" to protect against
     broken translations; LP: #290768.

Just for the record, I couldn't ever reproduce the issue myself, even when I tried within an intrepid virtual machine with libxine1-all-plugins installed.

So far, we had a first xine-lib upload which didn't make it to -updates due to a -security release coming first; this was confirmed as solving the issue. We had the first langpacks which were uninstallable, then the second langpacks which I could confirm as installable and would expect to fix the issue, but these weren't confirmed as fixing the issue yet. Then I reuploaded the xine-lib fix on top of the security update and reuploaded, but the binaries weren't checked.

Finally, there were other unrelated xine-lib crashers reported after the security update, might be due to non-Ubuntu plugins.

So either the SRU team should trust the changes and copy the updates, or we should get confirmation from people with the bug that the langpacks alone and the new xine-lib alone fix the issue for them.

Loïc Minier [2009-02-15 14:20 -0000]:
> So either the SRU team should trust the changes and copy the updates, or
> we should get confirmation from people with the bug that the langpacks
> alone and the new xine-lib alone fix the issue for them.

At least I need some confirmation that the current -proposed xine-lib
packages still work otherwise, i. e. don't introduce regressions due
to being mis-built or similar.

Hmm,

i thought i told it already. the current libxine from proposed fixes the problem for me.

Oliver

This bug was fixed in the package xine-lib - 1.1.15-0ubuntu3.1intrepid1

---------------
xine-lib (1.1.15-0ubuntu3.1intrepid1) intrepid-proposed; urgency=low

  * Merge 1.1.15-0ubuntu3.1.

xine-lib (1.1.15-0ubuntu3.1) intrepid-security; urgency=low

  * SECURITY UPDATE: backported security fixes from upstream xine-lib hg repo:
    - debian/patches/01_SECURITY_invalid_track_type.dpatch: Avoid segfault on
      invalid track type in Matroska files.
    - debian/patches/02_SECURITY_ffmpeg_video_overflow.dpatch: Heap buffer
      overflow in the ffmpeg video decoder.
    - debian/patches/03_SECURITY_ffmpeg_audio_overflow.dpatch: Integer overflow
      in the ffmpeg audio decoder
    - debian/patches/04_SECURITY_cdda_server_overflow.dpatch: Integer overflow
      in the the CDDA server.
    - debian/patches/05_SECURITY_CVE-2008-5234.dpatch: Heap overflow and
      unchecked malloc in Quicktime atom parsing. (CVE-2008-5234, CVE-2008-5242)
    - debian/patches/06_SECURITY_CVE-2008-5236.dpatch: Buffer overflows in
      Matroska, Real and RealAudio demuxers. (CVE-2008-5236)
    - debian/patches/07_SECURITY_CVE-2008-5237.dpatch: Integer overflows in
      MNG and QT demuxers. (CVE-2008-5237)
    - debian/patches/08_SECURITY_CVE-2008-5239.dpatch: Out-of-bounds reads and
      heap-based buffer overflows from unchecked or incompletely-checked read
      function results. (CVE-2008-5239)
    - debian/patches/09_SECURITY_CVE-2008-5240.dpatch: Unchecked malloc using
      untrusted values. (CVE-2008-5240)
    - debian/patches/10_SECURITY_CVE-2008-5241.dpatch: Integer underflow in qt
      compressed atom handling. (CVE-2008-5241)
    - debian/patches/11_SECURITY_CVE-2008-5243.dpatch: Buffer indexing using
      untrusted or unchecked values. (CVE-2008-5243)

xine-lib (1.1.15-0ubuntu3intrepid1) intrepid-proposed; urgency=low

  * New dpatch, 10_translation-fixes, fixes missing "%s" to protect against
    broken translations; LP: #290768.

 -- Loic Minier <email address hidden> Tue, 27 Jan 2009 14:35:33 +0100