[Touch-packages] [Bug 1838890] Re: Suspected memory leak in xenial backport of fix for CVE-2019-13012
This bug was fixed in the package glib2.0 - 2.32.4-0ubuntu1.4 --- glib2.0 (2.32.4-0ubuntu1.4) precise-security; urgency=medium * SECURITY REGRESSION: regression in last security update (LP: #1838890) - debian/patches/CVE-2019-13012-regression.patch: fix a memory leak introduced by the last security update while not properly handled the g_file_get_patch function in gio/gkeyfilesettingsbackend.c. -- leo.barb...@canonical.com (Leonidas S. Barbosa) Mon, 05 Aug 2019 12:54:19 -0300 ** Changed in: glib2.0 (Ubuntu Precise) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to glib2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1838890 Title: Suspected memory leak in xenial backport of fix for CVE-2019-13012 Status in glib2.0 package in Ubuntu: In Progress Status in glib2.0 source package in Precise: Fix Released Status in glib2.0 source package in Trusty: In Progress Status in glib2.0 source package in Xenial: Fix Released Bug description: (This is only from source code inspection, not tested in real use - I don't actually use Ubuntu.) The upstream fix for CVE-2019-13012 included this change: - g_file_make_directory_with_parents (kfsb->dir, NULL, NULL); + g_mkdir_with_parents (g_file_peek_path (kfsb->dir), 0700); However, g_file_peek_path() was only introduced in GLib 2.56. The backport in the xenial package has this instead: - g_file_make_directory_with_parents (kfsb->dir, NULL, NULL); + g_mkdir_with_parents (g_file_get_path (kfsb->dir), 0700); This is not equivalent. The difference between g_file_peek_path() and the older g_file_get_path() is that g_file_get_path() makes a copy, which must be freed with g_free() after use. As a result, there is now a memory leak. A non-leaky backport would look something like this, which is what I've done in a proposed backport for Debian 9 'stretch': + char *dir; ... - g_file_make_directory_with_parents (kfsb->dir, NULL, NULL); + dir = g_file_get_path (kfsb->dir); + g_mkdir_with_parents (dir, 0700); + g_free (dir); To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/1838890/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1838890] Re: Suspected memory leak in xenial backport of fix for CVE-2019-13012
This bug was fixed in the package glib2.0 - 2.48.2-0ubuntu4.4 --- glib2.0 (2.48.2-0ubuntu4.4) xenial-security; urgency=medium * SECURITY REGRESSION: regression in last security update (LP: #1838890) - debian/patches/CVE-2019-13012-regression.patch: fix a memory leak introduced by the last security update while not properly handled the g_file_get_patch function in gio/gkeyfilesettingsbackend.c. -- leo.barb...@canonical.com (Leonidas S. Barbosa) Mon, 05 Aug 2019 12:09:36 -0300 ** Changed in: glib2.0 (Ubuntu Xenial) Status: In Progress => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-13012 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to glib2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1838890 Title: Suspected memory leak in xenial backport of fix for CVE-2019-13012 Status in glib2.0 package in Ubuntu: In Progress Status in glib2.0 source package in Precise: In Progress Status in glib2.0 source package in Trusty: In Progress Status in glib2.0 source package in Xenial: Fix Released Bug description: (This is only from source code inspection, not tested in real use - I don't actually use Ubuntu.) The upstream fix for CVE-2019-13012 included this change: - g_file_make_directory_with_parents (kfsb->dir, NULL, NULL); + g_mkdir_with_parents (g_file_peek_path (kfsb->dir), 0700); However, g_file_peek_path() was only introduced in GLib 2.56. The backport in the xenial package has this instead: - g_file_make_directory_with_parents (kfsb->dir, NULL, NULL); + g_mkdir_with_parents (g_file_get_path (kfsb->dir), 0700); This is not equivalent. The difference between g_file_peek_path() and the older g_file_get_path() is that g_file_get_path() makes a copy, which must be freed with g_free() after use. As a result, there is now a memory leak. A non-leaky backport would look something like this, which is what I've done in a proposed backport for Debian 9 'stretch': + char *dir; ... - g_file_make_directory_with_parents (kfsb->dir, NULL, NULL); + dir = g_file_get_path (kfsb->dir); + g_mkdir_with_parents (dir, 0700); + g_free (dir); To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/1838890/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1838890] Re: Suspected memory leak in xenial backport of fix for CVE-2019-13012
** Changed in: glib2.0 (Ubuntu) Status: New => In Progress ** Also affects: glib2.0 (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: glib2.0 (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: glib2.0 (Ubuntu Trusty) Importance: Undecided Status: New ** Changed in: glib2.0 (Ubuntu Precise) Status: New => In Progress ** Changed in: glib2.0 (Ubuntu Trusty) Status: New => In Progress ** Changed in: glib2.0 (Ubuntu Xenial) Status: New => In Progress ** Changed in: glib2.0 (Ubuntu Precise) Assignee: (unassigned) => Leonidas S. Barbosa (leosilvab) ** Changed in: glib2.0 (Ubuntu Trusty) Assignee: (unassigned) => Leonidas S. Barbosa (leosilvab) ** Changed in: glib2.0 (Ubuntu Xenial) Assignee: (unassigned) => Leonidas S. Barbosa (leosilvab) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to glib2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1838890 Title: Suspected memory leak in xenial backport of fix for CVE-2019-13012 Status in glib2.0 package in Ubuntu: In Progress Status in glib2.0 source package in Precise: In Progress Status in glib2.0 source package in Trusty: In Progress Status in glib2.0 source package in Xenial: In Progress Bug description: (This is only from source code inspection, not tested in real use - I don't actually use Ubuntu.) The upstream fix for CVE-2019-13012 included this change: - g_file_make_directory_with_parents (kfsb->dir, NULL, NULL); + g_mkdir_with_parents (g_file_peek_path (kfsb->dir), 0700); However, g_file_peek_path() was only introduced in GLib 2.56. The backport in the xenial package has this instead: - g_file_make_directory_with_parents (kfsb->dir, NULL, NULL); + g_mkdir_with_parents (g_file_get_path (kfsb->dir), 0700); This is not equivalent. The difference between g_file_peek_path() and the older g_file_get_path() is that g_file_get_path() makes a copy, which must be freed with g_free() after use. As a result, there is now a memory leak. A non-leaky backport would look something like this, which is what I've done in a proposed backport for Debian 9 'stretch': + char *dir; ... - g_file_make_directory_with_parents (kfsb->dir, NULL, NULL); + dir = g_file_get_path (kfsb->dir); + g_mkdir_with_parents (dir, 0700); + g_free (dir); To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/1838890/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1838890] Re: Suspected memory leak in xenial backport of fix for CVE-2019-13012
** Changed in: glib2.0 (Ubuntu) Assignee: (unassigned) => Leonidas S. Barbosa (leosilvab) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to glib2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1838890 Title: Suspected memory leak in xenial backport of fix for CVE-2019-13012 Status in glib2.0 package in Ubuntu: New Bug description: (This is only from source code inspection, not tested in real use - I don't actually use Ubuntu.) The upstream fix for CVE-2019-13012 included this change: - g_file_make_directory_with_parents (kfsb->dir, NULL, NULL); + g_mkdir_with_parents (g_file_peek_path (kfsb->dir), 0700); However, g_file_peek_path() was only introduced in GLib 2.56. The backport in the xenial package has this instead: - g_file_make_directory_with_parents (kfsb->dir, NULL, NULL); + g_mkdir_with_parents (g_file_get_path (kfsb->dir), 0700); This is not equivalent. The difference between g_file_peek_path() and the older g_file_get_path() is that g_file_get_path() makes a copy, which must be freed with g_free() after use. As a result, there is now a memory leak. A non-leaky backport would look something like this, which is what I've done in a proposed backport for Debian 9 'stretch': + char *dir; ... - g_file_make_directory_with_parents (kfsb->dir, NULL, NULL); + dir = g_file_get_path (kfsb->dir); + g_mkdir_with_parents (dir, 0700); + g_free (dir); To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/1838890/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1838890] Re: Suspected memory leak in xenial backport of fix for CVE-2019-13012
Thanks for the report Simon! Leo, could you have a look? ** Changed in: glib2.0 (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to glib2.0 in Ubuntu. https://bugs.launchpad.net/bugs/1838890 Title: Suspected memory leak in xenial backport of fix for CVE-2019-13012 Status in glib2.0 package in Ubuntu: New Bug description: (This is only from source code inspection, not tested in real use - I don't actually use Ubuntu.) The upstream fix for CVE-2019-13012 included this change: - g_file_make_directory_with_parents (kfsb->dir, NULL, NULL); + g_mkdir_with_parents (g_file_peek_path (kfsb->dir), 0700); However, g_file_peek_path() was only introduced in GLib 2.56. The backport in the xenial package has this instead: - g_file_make_directory_with_parents (kfsb->dir, NULL, NULL); + g_mkdir_with_parents (g_file_get_path (kfsb->dir), 0700); This is not equivalent. The difference between g_file_peek_path() and the older g_file_get_path() is that g_file_get_path() makes a copy, which must be freed with g_free() after use. As a result, there is now a memory leak. A non-leaky backport would look something like this, which is what I've done in a proposed backport for Debian 9 'stretch': + char *dir; ... - g_file_make_directory_with_parents (kfsb->dir, NULL, NULL); + dir = g_file_get_path (kfsb->dir); + g_mkdir_with_parents (dir, 0700); + g_free (dir); To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/1838890/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp