libxml2-dev: /usr/bin/xml2-config isn't identical across all arch

Status changed to 'Confirmed' because the bug affects multiple users.

From a cursory look it looks like we should be able to sync libxml2 in quantal. The question is just if we need to fix this in an SRU for precise.

Aron: could you please add just some brief information about the bug as requested in https://wiki.ubuntu.com/StableReleaseUpdates#Procedure so the decision will be a bit easier?

Thanks a lot Aron for your work on the package!

I have ended up to decide remove the "M-A: same" status from libxslt-dev (already present in Debian) and libxml2-dev (still not uploaded).

I think it's current solution by patching those scripts is not reliable enough. Assuming all the architectures will produce identical xml2-config files by this way is a broken idea because from time to time there are some architectures producing scripts that break the whole thing.

Steve, can you have a look at them and propose a new approach if possible? I know when libxml2-dev is co-installable then cross-compile will be easier as people aren't forced to remove native ones.

Hi Aron,

> Steve, can you have a look at them and propose a new approach if
> possible?

Well, your existing proposal is exactly the method that I would have used. I don't see any reason that this would not work across all architectures. What kind of scripts do you expect to be a problem?

Hi Steve,

Sorry for bothering, I've compared the files from all supported Debian arches and fixed it in the latest version in Debian. I guess version 2.8.0+dfsg1-3 is a good candidate to sync.

As I mentioned in private email to Aron, I don't think we can sync yet since there are still some consumers of the .la file (bug #1017486 — help welcomed in fixing the two remaining candidates).

A minimal merge which just keeps the .la file does seem possible though; here's the diff for sponsorship. The control part of the diff is something Debian implemented to build a udeb for Ubuntu. It's not a real Ubuntu change.

Upload Laney's update to quantal, unsubscribing the sponsors since that was the only patch to sponsor and milestoning for the LTS point release, we will need to come with a smaller patch than the update for it

This bug was fixed in the package libxml2 - 2.8.0+dfsg1-4ubuntu1

---------------
libxml2 (2.8.0+dfsg1-4ubuntu1) quantal; urgency=low

  * Merge with Debian (LP: #987502), remaining changes:
    - Don't drop *.la file. Some libraries still depend on it.

libxml2 (2.8.0+dfsg1-4) unstable; urgency=low

  * Sanitize the output of `xml2-config --libs`.

libxml2 (2.8.0+dfsg1-3) unstable; urgency=low

  * Remove odd output of xml2-config --libs (Closes: #675682).
  * Mark libxml2-dev "M-A: same" again, fixed xml2-config
    (Closes: #674474).

libxml2 (2.8.0+dfsg1-2) unstable; urgency=low

  * debian/control:
    - Remove "M-A: same" from libxml2-dev (Closes: #674474).
    - Add "M-A: foreign" to libxml2-doc.
  * debian/rules:
    - Style change on calling dh using --with.
    - Enable all hardening features.
    - The sed command for removing DEB_HOST_MULTIARCH is not reverted
      because it's generally a good idea to avoid it here.
  * lintian-overrides:
    - libxml2: package-name-doesnt-match-sonames
    - python-libxml2-dbg: hardening-no-fortify-functions

libxml2 (2.8.0+dfsg1-1) unstable; urgency=low

  * New upstream release. (Closes: #148220, #590934)
  * Adjust changelog of previous NMU (Closes: #674739).
  * Try to avoid useless space in /usr/bin/xml-config (Closes: #674474).

libxml2 (2.7.8.dfsg-9.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix CVE-2011-3102: off by one pointer access in xpointer.c
    (Closes: #674191).

libxml2 (2.7.8.dfsg-9) unstable; urgency=low

  * Multi-Arch ready. (Closes: #643026)
    - M-A:same packages are libxml2, libxml2-dev and libxml2-dbg.
    - M-A:foreign package is libxml2-utils, others are not M-A.
    - Library files in udeb are still placed under usr/lib directly.
  * New binary: libxml2-utils-dbg.
    Move debuggings symbols of libxml2-utils binaries to another package
    in favor of marking libxml2-dbg as M-A: same. Descriptions of related
    binary packages are slightly modified.
  * Enable hardening for Python modules. (Closes: #664107)
  * Add support for build-arch and build target, essentially make the
    package not FTBFS anymore. (Closes: #668672)
  * Use dh compat 9. Not hardcoding libdir in debian/rules.
  * Port to source format 3.0 to ease future maintenance of patches.
    - Old patches are stored in 01_historical_changes.patch
    - Do not patch Makefile.in directly, use dh_autoreconf with patches to
      configure.in and Makefile.am instead. This will not actually make
      bootstraping a new architecture more difficult since we already have
      gettext and autoconf in deep B-D, porters need to break it anyway.
    - Store doc/examples/index.html in patch to avoid ciculate B-D with
      xsltproc, we should not B-D on it.
  * debian/*.dirs: removed, useless.

libxml2 (2.7.8.dfsg-8) unstable; urgency=high

  * New maintainer (Closes: #654176).
  * Apply upstream patch to add randomization to hashing with large
    dictionaries to mitigate hash DoS (CVE-2012-0841; Closes: #660846)
  * Bump std-ver to 3.9.3, no change needed.

libxml2 (2.7.8.dfsg-7) unstable; urgency=low

  * Team upload.
  * parser.c: Fix an allocation error when copying entit...

see bug #1014197 for the libxslt issue (will probably need to be SRUed as well)

Sorry, but what's the justification for this being an SRU? Yes, the libxml2-dev package is wrongly marked as co-installable, but I don't see how the impact of this warrants an SRU - especially given this:

> [Regression Potential] xml2-config reports the libdir is /usr/lib, while the
> actual ones are /usr/lib/<triplets>. This might break applications whose
> build system can't find libraries correctly in the previous path but relies
> on xml2-config's output. I recommend to use pkg-config instead of this
> script.

That's not an ignorable regression potential; there's a huge number of packages in Ubuntu that build-depend on libxml2-dev, and we don't know which of any of them, or what third-party software, is affected by this change.

Given that this is only a -dev package that's affected, not a runtime package, I don't think it makes sense to SRU this - and I certainly don't think it warrants priority: high.

@Steve: seeing the number of duplicates it seemed a frequent issue. Should we at least drop the Multi−Arch tag from the libxml2-dev then to avoid letting users run into that error?

Re. High, I'm not sure how important libxml2-dev is for cross compilations but I though we would aim at fixing the multiarch issues in the LTS, I'm happy for you to set the priority lower or wontfix the bug though if you think that's not SRU material

So it would be interesting to know how the users who were seeing this bug ran into the problem. It seems unlikely to be due to a deliberate request by the user for libxml2-dev:i386, which is not something users are likely to try to install. I think the libxml2 coinstallability bug, despite definitely being a bug, is a lower priority one; and I'm more interested to understand what's happening, in terms of the package manager, that's putting people in this situation.

I really don't think this particular bug is SRU material though and should be untargeted.

Reading through the duplicates it's not obvious why those users got those i386 dev packages installed ... could anyone who reported the bug or one of the duplicate give some context on what you were doing to run into that bug?

> I really don't think this particular bug is SRU material though and should be untargeted.

Ok, I reduced to low and dropped the LTS.1 milestone

I tried to install libxml2-dev:i386 explicitly (#913381), so that 32-bit wine configure would detect libxml2 on a 64-bit system.

I've updated from version "Ubuntu 10.04.4 LTS" to "Ubuntu 12.04.1 LTS"
I was trying to update our library software (http://download.koha-community.org/koha-3.08.06.tar.gz)

I've done:
sudo dpkg --set-selections < install_misc/ubuntu.12.04.packages

sudo dselect
Option: install

Unpacking libxml2-dev:i386 (desde .../libxml2-dev_2.7.8.dfsg-5.1ubuntu4.2_i386.deb) ...
dpkg: error processing /var/cache/apt/archives/libxml2-dev_2.7.8.dfsg-5.1ubuntu4.2_i386.deb (--unpack):
 './usr/bin/xml2-config' is different from the same file on the system
dpkg-deb: error: subprocess colar was killed by signal (Broken pipe)
Processing 'triggers' to man-db ...
Errors found while processing:
 /var/cache/apt/archives/libxml2-dev_2.7.8.dfsg-5.1ubuntu4.2_i386.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

Upgrading from 10 to 12

$ sudo apt-get -f install dselect
Reading package lists... Done
Building dependency tree
Reading state information... Done
You might want to run 'apt-get -f install' to correct these:
The following packages have unmet dependencies:
 libxslt1-dev:i386 : Depends: libxml2-dev:i386 (>= 2.6.26) but it is not going to be installed
E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution).

$ sudo apt-get -f install
Reading package lists... Done
Building dependency tree
Reading state information... Done
Correcting dependencies... Done
The following packages were automatically installed and are no longer required:
  libp11-kit-dev pkg-config libgudev-1.0-0 librtmp-dev libgpg-error-dev comerr-dev libgnutls-openssl27 python-twisted-web libkrb5-dev libgnutlsxx27 libgssrpc4 libssl-doc libidn11-dev
  libtasn1-3-dev zlib1g-dev os-prober gir1.2-gudev-1.0 libgcrypt11-dev libkadm5clnt-mit8 python-twisted-names libkadm5srv-mit8 libkdb5-6 libgnutls-dev krb5-multidev libldap2-dev
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
  libxml2-dev:i386
The following NEW packages will be installed:
  libxml2-dev:i386
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
487 not fully installed or removed.
Need to get 0 B/761 kB of archives.
After this operation, 2,206 kB of additional disk space will be used.
Do you want to continue [Y/n]? y
(Reading database ... 41132 files and directories currently installed.)
Unpacking libxml2-dev:i386 (from .../libxml2-dev_2.7.8.dfsg-5.1ubuntu4.2_i386.deb) ...
dpkg: error processing /var/cache/apt/archives/libxml2-dev_2.7.8.dfsg-5.1ubuntu4.2_i386.deb (--unpack):
 './usr/bin/xml2-config' is different from the same file on the system
No apport report written because MaxReports is reached already
                                                              dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
Processing triggers for man-db ...
Errors were encountered while processing:
 /var/cache/apt/archives/libxml2-dev_2.7.8.dfsg-5.1ubuntu4.2_i386.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

I really don't know how to fix this issue or if I even need the packages?

Just a user and not a Web Developer.

Thanks

Hi Andrew.

Generally, both versions of the library are needed if one needs multi architecture building option (e.g. x86_64 native build and i386 backsupport (cross)build for 32-bit installations).

I am building my i386 and x86_64 application on Ubuntu 12.04.3 LTS using -m32 and -m64 gcc options.
But running only 64-bit version of the application locally for the matter.

To accomplish this I have done:

Firstly installed libxml2-dev (x86_64)
  sudo apt-get install libxml2-dev

Secondly, move problematic xml2-config
  sudo mv /usr/bin/xml2-config /usr/bin/xml2-config.x86_64

Then install libxml2-dev:i386
  sudo apt-get install libxml2-dev:i386

Rename xml2-config for i386
  sudo mv /usr/bin/xml2-config /usr/bin/xml2-config.i386

Restore x86_64 xml2-config
  sudo cp /usr/bin/xml2-config.x86_64 /usr/bin/xml2-config

Finally, had to call ldconfig to refresh the library paths and gcc builds my application with -m32 and excplicit -m64 (although not needed).

ldconfig reports:
$ ldconfig -p | grep xml2
 libxml2.so.2 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libxml2.so.2
 libxml2.so.2 (libc6) => /usr/lib/i386-linux-gnu/libxml2.so.2
 libxml2.so (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libxml2.so

Hi Darko,

Thank you very much for writing this up for me mate!

I'm not sure I even need this as I'm just an average Net user?

My system is 32 bit but I think I installed this maybe when thinking of
doing a web site???

I tried what you wrote but keep getting errors like it doesn't exist,
though I'm prompted everyday to update and returns a failure.

Here's the output after the first command:

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer
required:
   python3.2 python3.2-minimal
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
   libxml2
The following NEW packages will be installed:
   libxml2-dev
The following packages will be upgraded:
   libxml2
1 upgraded, 1 newly installed, 0 to remove and 5 not upgraded.
Failed to exec method /usr/lib/apt/methods/
E: Method has died unexpectedly!
E: Sub-process returned an error code (100)
E: Method /usr/lib/apt/methods/ did not start correctly

Second command output:

mv: cannot stat `/usr/bin/xml2-config': No such file or directory

and so on it goes pretty much the same from there.

Please see the screenshots from the Update Center too.

I'm really grateful for your help with this mate, I tried to follow the
links to rectify them all but don't have a clue what to do with the
files once downloaded.

Cheers mate!

Andrew

On 13/09/13 01:28, Darko Lombardo wrote:
> Hi Andrew.
>
> Generally, both versions of the library are needed if one needs multi
> architecture building option (e.g. x86_64 native build and i386
> backsupport (cross)build for 32-bit installations).
>
> I am building my i386 and x86_64 application on Ubuntu 12.04.3 LTS using -m32 and -m64 gcc options.
> But running only 64-bit version of the application locally for the matter.
>
> To accomplish this I have done:
>
> Firstly installed libxml2-dev (x86_64)
> sudo apt-get install libxml2-dev
>
> Secondly, move problematic xml2-config
> sudo mv /usr/bin/xml2-config /usr/bin/xml2-config.x86_64
>
> Then install libxml2-dev:i386
> sudo apt-get install libxml2-dev:i386
>
> Rename xml2-config for i386
> sudo mv /usr/bin/xml2-config /usr/bin/xml2-config.i386
>
> Restore x86_64 xml2-config
> sudo cp /usr/bin/xml2-config.x86_64 /usr/bin/xml2-config
>
> Finally, had to call ldconfig to refresh the library paths and gcc
> builds my application with -m32 and excplicit -m64 (although not
> needed).
>
>
> ldconfig reports:
> $ ldconfig -p | grep xml2
> libxml2.so.2 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libxml2.so.2
> libxml2.so.2 (libc6) => /usr/lib/i386-linux-gnu/libxml2.so.2
> libxml2.so (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libxml2.so
>

Hi Andrew.

I do not think your issue is related to this bug at all.

As a user you probably have no need for a libxml2-dev package, only libxml2.

I posted notes in reference to this bug due to a deliberate request by the user (developer) for libxml2-dev:i386 on a 64-bit Ubuntu, which is not something users are likely to try to install.
Like said before, both versions of the library are needed if one needs multiple architecture building option on a 64-bit Ubuntu.

Regarding your problem it is hard to say from the posted information, but more of an apt (Update Manager) issue than libxml2 package issue.
I have seen your message sometimes:
- (maybe) command was not called with 'sudo'
- running out of space on HDD partition
- broken/damaged package

Try to call 'sudo apt-get update' and restart the Update Manager (or the system).
Then retry to upgrade again using the Update Manager.

Hi darko,

Thanks for your help again!

I do believe I don't need this anyway as you say.

Yep I'm running low on HDD space atm and have used the repair broken
packages in boot mode.

I will have more space when I defrag the drive which has windows on it
so I can safely erase Windows and then use Gparted or similar to
rearrange things.
Last time I went to do this, Windows played up and I got some message
saying it was a non registered version??
Was never like that before so will have to look into that.
I haven't used windows since my first run of the previous version of Ubuntu.
I guess the best is to go offline to start windows,then see if I can
defrag maybe even in safe-mode?
Windows is so foreign to me now LOL yet I knew it inside out once.

Any simple command to remove the offending library?

I've searched and cannot understand the lingo, a bit deep for me.

I have sudo'd all commands and the 'apt-get-update' many times with
reboot without success.

Thanks again mate for the support.

Andrew

On 13/09/13 19:18, Darko Lombardo wrote:
> Hi Andrew.
>
> I do not think your issue is related to this bug at all.
>
> As a user you probably have no need for a libxml2-dev package, only
> libxml2.
>
> I posted notes in reference to this bug due to a deliberate request by the user (developer) for libxml2-dev:i386 on a 64-bit Ubuntu, which is not something users are likely to try to install.
> Like said before, both versions of the library are needed if one needs multiple architecture building option on a 64-bit Ubuntu.
>
> Regarding your problem it is hard to say from the posted information, but more of an apt (Update Manager) issue than libxml2 package issue.
> I have seen your message sometimes:
> - (maybe) command was not called with 'sudo'
> - running out of space on HDD partition
> - broken/damaged package
>
> Try to call 'sudo apt-get update' and restart the Update Manager (or the system).
> Then retry to upgrade again using the Update Manager.
>

The Precise Pangolin has reached end of life, so this bug will not be fixed for that release