segmentation fault when opening fd

The current situation of python-apt is somewhat critical as no packages can be pushed via Landscape to machines at the moment. This is causing landscape-package-changer to segfault as follows:

[apport-retrace]
Core was generated by `/usr/bin/python3 /usr/bin/landscape-package-changer --quiet'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 ararchive_new (type=0x7f652626e0a0 <PyDebFile_Type>, args=<optimized out>, kwds=<optimized out>)
at python/arfile.cc:438

This seems to be a fix candidate:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977000
https://salsa.debian.org/apt-team/python-apt/-/commit/3d9af5f196ad6a6c6973ac699a15888d21a9bb52

- Eric

Hello,

I have tested with the test package 1.6.5ubuntu0.4+testpkg20201220b1 provided by ~slashd on his ppa[1] on bionic with all updates applied and this fixes the segmentation fault issue.

Steps to test:
1) On the LDS server, create a package profile that installs a single package, 'hello' is enough.
2) On the LDS server, apply the package profile to a client
3) On the LDS client, verify that there is no segfault message on '/var/log/kern.log'
4) On the LDS server, verify that the activity to apply the package profile ends with success.

Before ~slashd fix, step 3) would show a segfault and step 4), the activity would stay 'In Progress' forever.

[1] https://launchpad.net/~slashd/+archive/ubuntu/sruverif

Yes the security team has the packages ready to go out for a week now essentially.

This package is 'native' and I don't want for instance to introduce 'quilt' before talking to the maintainer.

@julian, how do you want to proceed to fix this bug in python-apt ?

- Eric

They prepared the updates on the same day as the fix (well the full regression fix with the follow-up commits) but did not roll out the fix so far because only dak reported a regression and codesearch did not yield any other users of that interface.

Eric, the updates are built ready in the security team PPA since Dec 10 and only need to be released. I've subscribed security team, but you might want to talk to them directly.

@julian, thanks for the quick reply. Will do.

This is fixed in active development release (hirsute):

python-apt (2.1.7) unstable; urgency=medium

  * SECURITY UPDATE: various memory and file descriptor leaks (LP: #1899193)
    - python/arfile.cc, python/generic.h, python/tag.cc, python/tarfile.cc:
      fix file descriptor and memory leaks
    - python/apt_instmodule.cc, python/apt_instmodule.h, python/arfile.h:
      Avoid reference cycle with control,data members in apt_inst.DebFile
      objects
    - tests/test_cve_2020_27351.py: Test cases for DebFile (others not easily
      testable)
  * Regression fixes for the updates merged too:
    - arfile.cc: Fix segmentation fault when opening fd, track lifetime correctly
      (Closes: #977000)
    - arfile: Regression: Collect file<->deb/ar reference cycles

There are updates for this issue built in the security team PPA here:

https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages

I have run tests on Xenial, Bionic and Focal, exactly the same as on comment #2, this time with the packages from the ubuntu-security-proposed PPA show on comment #9 and I can confirm that this fixes the issues as well.

This bug was fixed in the package python-apt - 2.1.3ubuntu1.3

---------------
python-apt (2.1.3ubuntu1.3) groovy-security; urgency=medium

  * REGRESSION UPDATE: Passing a file descriptor to apt_inst.ArFile or
    apt_inst.DebFile caused a segmentation fault (LP: #1907676)
    - python/arfile.cc: Fix segmentation fault when opening fd, track
      lifetime correctly

 -- Marc Deslauriers <email address hidden> Thu, 10 Dec 2020 09:43:25 -0500

This bug was fixed in the package python-apt - 1.1.0~beta1ubuntu0.16.04.11

---------------
python-apt (1.1.0~beta1ubuntu0.16.04.11) xenial-security; urgency=medium

  * REGRESSION UPDATE: Passing a file descriptor to apt_inst.ArFile or
    apt_inst.DebFile caused a segmentation fault (LP: #1907676)
    - python/arfile.cc: Fix segmentation fault when opening fd, track
      lifetime correctly

 -- Marc Deslauriers <email address hidden> Thu, 10 Dec 2020 09:48:37 -0500

This bug was fixed in the package python-apt - 1.6.5ubuntu0.5

---------------
python-apt (1.6.5ubuntu0.5) bionic-security; urgency=medium

  * REGRESSION UPDATE: Passing a file descriptor to apt_inst.ArFile or
    apt_inst.DebFile caused a segmentation fault (LP: #1907676)
    - python/arfile.cc: Fix segmentation fault when opening fd, track
      lifetime correctly

 -- Marc Deslauriers <email address hidden> Thu, 10 Dec 2020 09:48:08 -0500

This bug was fixed in the package python-apt - 2.0.0ubuntu0.20.04.3

---------------
python-apt (2.0.0ubuntu0.20.04.3) focal-security; urgency=medium

  * REGRESSION UPDATE: Passing a file descriptor to apt_inst.ArFile or
    apt_inst.DebFile caused a segmentation fault (LP: #1907676)
    - python/arfile.cc: Fix segmentation fault when opening fd, track
      lifetime correctly

 -- Marc Deslauriers <email address hidden> Thu, 10 Dec 2020 09:46:50 -0500