[Bug 1848202] Re: Use after free in gdbus leads to eds segfaults

Launchpad Bug Tracker 1848202 at bugs.launchpad.net
Mon Mar 23 23:35:05 UTC 2020 

This bug was fixed in the package glib2.0 - 2.62.4-1~ubuntu19.10.1

---------------
glib2.0 (2.62.4-1~ubuntu19.10.1) eoan; urgency=medium

  * No-change backport from unstable to eoan (LP: #1850932).
    + Contains fix for LP: #1844853 - "IBus no longer works in Qt applications
      after upgrade"

glib2.0 (2.62.4-1) unstable; urgency=medium

  * Team upload

  [ Steve Langasek ]
  * debian/tests/build: Make cross-test friendly (Closes: #946355)

  [ Iain Lane ]
  * debian/tests/build: Style fixes

  [ Simon McVittie ]
  * New upstream release

glib2.0 (2.62.3-2) unstable; urgency=medium

  * Team upload
  * Rename pkg.glib2.0.noinsttest build profile to noinsttest.
    This is now registered on <https://wiki.debian.org/BuildProfileSpec>.

glib2.0 (2.62.3-1) unstable; urgency=medium

  * Team upload
  * New upstream release
    - Drop patches that were applied upstream
  * Don't build libglib2.0-tests under pkg.glib2.0.noinsttest build profile.
    This is a prototype of the proposed standard build profile noinsttest.
    If the build profiles include both nocheck and pkg.glib2.0.noinsttest,
    we can drop the libdbus-1-dev build-dependency without harming test
    coverage or altering the contents of binary packages.
  * d/gbp.conf: Use upstream/2.62.x branch

glib2.0 (2.62.2-3) unstable; urgency=medium

  * Team upload

  [ Iain Lane ]
  * control: Drop `debian/experimental` from Vcs-*

  [ Simon McVittie ]
  * Build-depend on libdbus-1-dev for better test coverage
  * Update to upstream commit 2.62.2-28-g3cf25070e:
    - d/p/goption-Relax-assertion-to-avoid-being-broken-by-kdeinit5.patch:
      Fix assertion failure when called from a process that overwrites its
      argv, such as kdeinit5
    - d/p/gdbus-peer-Specifically-listen-on-127.0.0.1.patch:
      Improve reliability of gdbus-peer test in some container environments
    - d/p/gdbusserver-Delete-socket-and-nonce-file-when-stopping-se.patch,
      d/p/gdbusserver-Keep-a-strong-reference-to-the-server-in-call.patch,
      d/p/gdbusauthmechanismsha1-Remove-unnecessary-g_warning-calls.patch,
      d/p/gdbusauthmechanismsha1-Create-.dbus-keyrings-directory-re.patch,
      d/p/tests-Move-main-loop-and-test-GUID-into-test-functions-in.patch,
      d/p/tests-Isolate-directories-in-gdbus-peer-test.patch,
      d/p/gdbus-peer-test-Improve-diagnostics-if-g_rmdir-fails.patch,
      d/p/gdbus-peer-test-Stop-GDBusServer-before-tearing-down-temp.patch,
      d/p/gdbus-peer-test-Use-unix-dir-address-if-exact-format-does.patch,
      d/p/gdbus-server-auth-test-Create-temporary-directory-for-Uni.patch:
      Mark as applied upstream in 2.62.x branch
  * d/p/gdbus-server-auth-test-Include-gcredentialsprivate.h.patch:
    Apply patch from 2.63.x to fix missing coverage in test for #941018
  * d/p/Make-ld-executable-configurable.patch:
    Apply patch from 2.63.x to use cross ld where necessary
  * d/p/gdbus-server-auth-test-Create-temporary-directory-for-Uni.patch:
    Mark as applied upstream in 2.63.x branch
  * Improve patch metadata: use more URLs for bug references

glib2.0 (2.62.2-2) unstable; urgency=medium

  * Team upload
  * Update to upstream commit 2.62.2-14-gfcbb88823:
    - d/p/gdesktopappinfo-Allocate-DesktopFileDir-structs-dynamical.patch,
      d/p/gdesktopappinfo-Cancel-file-monitor-when-resetting-a-Desk.patch,
      d/p/glocalfilemonitor-Keep-a-weak-ref-to-the-monitor-in-GFile.patch:
      Fix intermittent test failures for GDesktopAppInfo (Closes: #941550)
    - d/p/gvariant-Limit-recursion-in-g_variant_parse.patch:
      Ensure that parsing a text-format GVariant does not run out of stack
      space
    - d/p/tests-Use-objcopy-from-the-cross-compilation-file-if-conf.patch,
      d/p/docs-Add-objcopy-to-example-cross-compilation-file.patch:
      Use the appropriate architecture's objcopy when cross-compiling
    - d/p/gtestutils-Add-additional-non-NULL-check-in-g_assert_cmpm.patch:
      Avoid false positive NULL dereference warnings in g_assert_cmpmem()
    - d/p/gspawn-Port-to-g_poll-from-select.patch:
      Fix launching subprocesses when a very large number of fds are open
    - d/p/gcredentialsprivate-Document-the-various-private-macros.patch,
      d/p/credentials-Invalid-Linux-struct-ucred-means-no-informati.patch,
      d/p/GDBus-prefer-getsockopt-style-credentials-passing-APIs.patch:
      Ensure libdbus clients can authenticate with a GDBusServer like the
      one in ibus (Closes: #941018)
  * d/p/gdbusserver-Delete-socket-and-nonce-file-when-stopping-se.patch,
    d/p/gdbusserver-Keep-a-strong-reference-to-the-server-in-call.patch,
    d/p/Add-a-test-for-GDBusServer-authentication.patch:
    Backport regression test for #941018 from upstream git master
  * d/p/gdbusauthmechanismsha1-Remove-unnecessary-g_warning-calls.patch,
    d/p/gdbusauthmechanismsha1-Create-.dbus-keyrings-directory-re.patch,
    d/p/tests-Move-main-loop-and-test-GUID-into-test-functions-in.patch,
    d/p/tests-Isolate-directories-in-gdbus-peer-test.patch:
    Backport reliability fixes for gdbus-peer test from upstream git master
  * d/p/gdbus-peer-test-Improve-diagnostics-if-g_rmdir-fails.patch,
    d/p/gdbus-peer-test-Stop-GDBusServer-before-tearing-down-temp.patch,
    d/p/gdbus-peer-test-Use-unix-dir-address-if-exact-format-does.patch,
    d/p/gdbus-server-auth-test-Create-temporary-directory-for-Uni.patch:
    Add some proposed patches to improve GDBus unit tests
  * d/p/debian/mimeapps-test-Mark-as-flaky.patch:
    Drop patch, hopefully no longer needed with #941550 fixed
  * d/p/debian/taptestrunner-Stop-looking-like-an-executable-script.patch:
    Make taptestrunner non-executable to avoid a Lintian warning

glib2.0 (2.62.2-1) unstable; urgency=medium

  * New upstream release
    + Fixes use after free when calling g_dbus_connection_flush_sync() in a
      dedicated thread (LP: #1848202)

 -- Iain Lane <iain at orangesquash.org.uk>  Wed, 05 Feb 2020 16:43:07
+0000

** Changed in: glib2.0 (Ubuntu Eoan)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glib2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1848202

Title:
  Use after free in gdbus leads to eds segfaults

Status in GLib:
  Fix Released
Status in glib2.0 package in Ubuntu:
  Fix Released
Status in glib2.0 source package in Eoan:
  Fix Released

Bug description:
  [ Description ]

  The Ubuntu Error Tracker has been receiving reports about a problem regarding evolution-data-server.  This problem was most recently seen with package version 3.34.1-1, the problem page at https://errors.ubuntu.com/problem/b1f62616406e36e521fd1fb1d2be4ac2fe9a2cda contains more details, including versions of packages affected, stacktrace or traceback, and individual crash reports.
  If you do not have access to the Ubuntu Error Tracker and are a software developer, you can request it at http://forms.canonical.com/reports/.

  [ Fix ]

  This bug was fixed upstream in 2.62.2 (see the links below). That
  update is being issues to eoan.

  [ QA ]

  Under https://wiki.ubuntu.com/StableReleaseUpdates/GNOME, we don't
  need to explicitly test that this bug is fixed. Nevertheless, to
  verify this bug please give the desktop a good workout. Ideally
  install the SRU and use your machine as you would normally for a
  variety of tasks. Make sure there are no regressions.

  [ Regression potential ]

  1) The changes involve mutexes and stuff, which is error prone.

  2) It's GLib, a core library, so any bad regressions will be really
  serious for the desktop as a whole.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glib/+bug/1848202/+subscriptions

More information about the foundations-bugs mailing list