[Touch-packages] [Bug 1907676] Re: segmentation fault when opening fd

Sun, 20 Dec 2020 14:01:05 -0800 

This is fixed in active development release (hirsute):

python-apt (2.1.7) unstable; urgency=medium

  * SECURITY UPDATE: various memory and file descriptor leaks (LP: #1899193)
    - python/arfile.cc, python/generic.h, python/tag.cc, python/tarfile.cc:
      fix file descriptor and memory leaks
    - python/apt_instmodule.cc, python/apt_instmodule.h, python/arfile.h:
      Avoid reference cycle with control,data members in apt_inst.DebFile
      objects
    - tests/test_cve_2020_27351.py: Test cases for DebFile (others not easily
      testable)
  * Regression fixes for the updates merged too:
    - arfile.cc: Fix segmentation fault when opening fd, track lifetime 
correctly
      (Closes: #977000)
    - arfile: Regression: Collect file<->deb/ar reference cycles

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python-apt in Ubuntu.
https://bugs.launchpad.net/bugs/1907676

Title:
  segmentation fault when opening fd

Status in python-apt package in Ubuntu:
  Fix Released
Status in python-apt source package in Xenial:
  New
Status in python-apt source package in Bionic:
  New
Status in python-apt source package in Focal:
  New
Status in python-apt source package in Groovy:
  New
Status in python-apt package in Debian:
  Unknown

Bug description:
  [Impact]

  USN-4668-1 introduced a regression in python-apt when using certain
  APIs with a file handle.

  [Test case]

  # Landscape scenario:
  1) On the Landscape server, create a package profile that installs a single 
package, 'hello' is enough.
  2) On the Landscape server, apply the package profile to a client
  3) On the Landscape client, verify that there is no segfault message on 
'/var/log/kern.log'
  4) On the Landscape server, verify that the activity to apply the package 
profile ends with success.

  Step 3) would show a segfault and step 4), the activity would stay 'In
  Progress' forever.

  # dak scenario:
  dak crashes with a segmentation fault in python3-apt when processing
  uploads or processing the NEW queue on ftp-master; and also on my
  playground server (used to generate the backtrace).

  [Where problems could occurs]

  [Other info]

  See Debian bug:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977000

  Fix:
  
https://salsa.debian.org/apt-team/python-apt/-/commit/3d9af5f196ad6a6c6973ac699a15888d21a9bb52

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1907676/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to