Ubuntu
ibus package

IBus no longer works in Qt applications after upgrade

Bug #1844853 reported by Adam Kastner
24
This bug affects 3 people
Affects Status Importance Assigned to Milestone
GLib
Fix Released
Unknown
ibus
Fix Released
Unknown
glib2.0 (Debian)
Fix Released
Unknown
glib2.0 (Ubuntu)
Fix Released
High
Unassigned
Xenial
Fix Released
High
Gunnar Hjalmarsson
Bionic
Fix Released
High
Gunnar Hjalmarsson
Disco
Won't Fix
Undecided
Unassigned
Eoan
Fix Released
High
Gunnar Hjalmarsson
Focal
Fix Released
High
Unassigned
ibus (Ubuntu)
Fix Released
High
Unassigned
Focal
Fix Released
High
Unassigned

Bug Description

[Impact]

IBus was broken for Qt applications as a regression due to the fix of CVE-2019-14822. As a result the IBus patch was disabled temporarily, which fixed IBus from a usability POV.

The real fix has been made in glib2.0, and the updates in -proposed will allow the IBus patch to be re-enabled.

[Test Case]

 * On a standard Ubuntu {eoan,disco,bionic,xenial} installation
   - Upgrade the glib2.0 packages from
     {eoan,disco,bionic,xenial}-proposed
   - Upgrade the ibus packages from
     https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa
   - Install some IBus input method, e.g. ibus-libpinyin
   - Install some Qt application, e.g. Kate

* Relogin (maybe reboot)

* Add the input method to the input sources

* Open the Qt app and try to input something using the IBus IM

=> Find that the transliteration works as expected

[Regression Potential]

The applicable patches origin from glib upstream:
https://gitlab.gnome.org/GNOME/glib/merge_requests/1176
Consequently the changes have been reviewed by the glib maintainer, but also tested by the IBus maintainer, by me (gunnarhj), and - of course - the author Simon McVittie. The changes have been in Debian unstable since 2019-10-30.

[Original description]

Kubuntu Release 18.04.3 LTS

Expected behavior:
ibus continues working as before after applying security update 1.5.17-ubuntu5.1 from version 1.5.17-ubuntu5.

Observed behavior:
ibus is not usable anymore in Qt applications.

After updating ibus and the related packages ibus-gtk, ibus-gtk3, libibus-1.0-5 and gir1.2-ibus-1.0 all from version 1.5.17-ubuntu5 to 1.5.17-ubuntu5.1, I can no longer use ibus in Qt applications. Using shift-space no longer changes the selected input method and even when i switch to the mozc input method in a gtk application, i can not use it in any Qt applications.
When starting qtconfig in a terminal, I also get the following message:

Bus::open: Connect ibus failed!
IBusInputContext::createInputContext: no connection to ibus-daemon

This bug was not present in version 1.5.17-3ubuntu5 and I also confirmed that downgrading the packages to version 1.5.17-3ubuntu4 restores ibus functionality in Qt applications.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: ibus 1.5.17-3ubuntu5.1
ProcVersionSignature: Ubuntu 5.0.0-30.32~18.04.1-generic 5.0.21
Uname: Linux 5.0.0-30-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.20.9-0ubuntu7.7
Architecture: amd64
CurrentDesktop: KDE
Date: Sat Sep 21 07:58:56 2019
InstallationDate: Installed on 2019-06-28 (84 days ago)
InstallationMedia: Kubuntu 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210)
SourcePackage: ibus
UpgradeStatus: No upgrade log present (probably fresh install)

See original description

CVE References

Revision history for this message
Adam Kastner (adamkast) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ibus (Ubuntu):
status: New → Confirmed
Sebastien Bacher (seb128)
tags: added: regression-update
Changed in ibus (Ubuntu):
importance: Undecided → High
Bug Watch Updater (bug-watch-updater)
Changed in ibus:
status: Unknown → New
Revision history for this message
Gunnar Hjalmarsson (gunnarhj) wrote :

The problem is not bionic specific (ibus 1.5.17). Myself has confirmed it both on 19.04 (with ibus 1.5.19) and 19.10 (with ibus 1.5.21).

So the upstream commit which was backported breaks Qt, and AFAIK the problem hasn't been resolved upstream yet.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ibus - 1.5.11-1ubuntu2.3

---------------
ibus (1.5.11-1ubuntu2.3) xenial-security; urgency=medium

  * SECURITY UPDATE: ibus regression in Qt applications (LP: #1844853)
    - debian/patches/CVE-2019-14822.patch: disabled pending further
      investigation.

 -- Marc Deslauriers <email address hidden> Mon, 23 Sep 2019 13:31:22 +0200

Changed in ibus (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ibus - 1.5.17-3ubuntu5.2

---------------
ibus (1.5.17-3ubuntu5.2) bionic-security; urgency=medium

  * SECURITY UPDATE: ibus regression in Qt applications (LP: #1844853)
    - debian/patches/CVE-2019-14822.patch: disabled pending further
      investigation.

 -- Marc Deslauriers <email address hidden> Mon, 23 Sep 2019 13:30:51 +0200

Changed in ibus (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ibus - 1.5.19-1ubuntu2.2

---------------
ibus (1.5.19-1ubuntu2.2) disco-security; urgency=medium

  * SECURITY UPDATE: ibus regression in Qt applications (LP: #1844853)
    - debian/patches/CVE-2019-14822.patch: disabled pending further
      investigation.

 -- Marc Deslauriers <email address hidden> Mon, 23 Sep 2019 13:29:28 +0200

Changed in ibus (Ubuntu):
status: Confirmed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in ibus:
status: New → Fix Released
Revision history for this message
Gunnar Hjalmarsson (gunnarhj) wrote :

On 2019-09-25 03:13, Bug Watch Updater wrote:
> ** Changed in: ibus
> Status: New => Fix Released

There is no upstream fix yet. The upstream issue was closed by mistake.

Bug Watch Updater (bug-watch-updater)
Changed in ibus (Debian):
status: Unknown → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in ibus:
status: Fix Released → New
Revision history for this message
Archisman Panigrahi (apandada1) wrote :

The issue is present in ibus version 1.5.17-3ubuntu5.2 running in KDE Neon (based on Ubuntu 18.04)

Bug Watch Updater (bug-watch-updater)
Changed in ibus:
status: New → Fix Released
Gunnar Hjalmarsson (gunnarhj)
Changed in glib2.0 (Ubuntu):
importance: Undecided → High
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in glib:
status: Unknown → New
Bug Watch Updater (bug-watch-updater)
Changed in glib:
status: New → Fix Released
Gunnar Hjalmarsson (gunnarhj)
affects: ibus (Debian) → glib2.0 (Debian)
Bug Watch Updater (bug-watch-updater)
Changed in glib2.0 (Debian):
status: Confirmed → Fix Released
Sebastien Bacher (seb128)
Changed in glib2.0 (Ubuntu):
status: Confirmed → Fix Committed
Gunnar Hjalmarsson (gunnarhj)
description: updated
no longer affects: ibus (Ubuntu Xenial)
no longer affects: ibus (Ubuntu Bionic)
no longer affects: ibus (Ubuntu Disco)
no longer affects: ibus (Ubuntu Eoan)
Changed in glib2.0 (Ubuntu Xenial):
assignee: nobody → Gunnar Hjalmarsson (gunnarhj)
importance: Undecided → High
status: New → In Progress
Changed in glib2.0 (Ubuntu Bionic):
assignee: nobody → Gunnar Hjalmarsson (gunnarhj)
importance: Undecided → High
status: New → In Progress
Changed in glib2.0 (Ubuntu Disco):
assignee: nobody → Gunnar Hjalmarsson (gunnarhj)
importance: Undecided → High
status: New → In Progress
Gunnar Hjalmarsson (gunnarhj)
Changed in glib2.0 (Ubuntu Eoan):
assignee: nobody → Gunnar Hjalmarsson (gunnarhj)
importance: Undecided → High
status: New → In Progress
Revision history for this message
Gunnar Hjalmarsson (gunnarhj) wrote :

Hmm.. Since the security team plans to let the ibus packages break on previous libglib2.0-0, I dropped the step in the test case to reproduce the previous bug.

description: updated
Revision history for this message
Iain Lane (laney) wrote :

I've sponsored all the SRUs now. I also backported the testcase for bionic. On xenial the same testcase *hangs*. That is likely to be due to some assumptions about gdbus that aren't true back then, but be sure to verify this release extra carefully.

Gunnar Hjalmarsson (gunnarhj)
description: updated
Revision history for this message
Alex Murray (alexmurray) wrote :

@gunnarhj - updated packages for ibus are now available in the ubuntu-security-proposed PPA at https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa

Also I note the bug descriptions lists ibus in Focal as Fix Released - but the latest version in focal (1.5.21-1~exp2ubuntu2) is the one with the patch reverted - would you like me to upload an updated focal version as well to the above PPA?

Revision history for this message
Gunnar Hjalmarsson (gunnarhj) wrote :

Thanks Alex!

On 2019-11-04 02:55, Alex Murray wrote:
> Also I note the bug descriptions lists ibus in Focal as Fix Released
> - but the latest version in focal (1.5.21-1~exp2ubuntu2) is the one
> with the patch reverted

Yeah.. ibus without specified series was marked "Fix Released" when the CVE patch was disabled, and when I targeted to series for glib2.0, it happened for ibus too (I removed all series bug focal). So there is really no message in it.

> would you like me to upload an updated focal version as well to the
> above PPA?

It's not needed for the SRU verification. Alternatively you could just upload to focal as soon as glib2.0 2.62.2-2 makes it to focal-release (it's stuck in -proposed right now).

(On IRC I was also talking about another ibus change in focal, which will require an apparmor change, but let's deal with that separately to not complicate things too much.)

Revision history for this message
Łukasz Zemczak (sil2100) wrote : Please test proposed package

Hello Adam, or anyone else affected,

Accepted glib2.0 into eoan-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/glib2.0/2.62.2-2~ubuntu19.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-eoan to verification-done-eoan. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-eoan. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in glib2.0 (Ubuntu Eoan):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-eoan
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Hello Adam, or anyone else affected,

Accepted glib2.0 into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/glib2.0/2.56.4-0ubuntu0.18.04.5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in glib2.0 (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed-bionic
Revision history for this message
Gunnar Hjalmarsson (gunnarhj) wrote :

I verified the test case using
- version 2.62.2-2~ubuntu19.10.1 of libglib2.0-{0,bin,data} from
  eoan-proposed
- version 1.5.21-1~exp2ubuntu2.1 of the ibus packages from
  ppa:ubuntu-security-proposed/ppa

Could successfully input Bangla characters in Kate using ibus-avro.

tags: added: verification-done-eoan
removed: verification-needed-eoan
Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (glib2.0/2.56.4-0ubuntu0.18.04.5)

All autopkgtests for the newly accepted glib2.0 (2.56.4-0ubuntu0.18.04.5) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

gvfs/1.36.1-0ubuntu1.3.3 (ppc64el, amd64)
cairo/unknown (armhf)
firefox/70.0.1+build1-0ubuntu0.18.04.1 (armhf)
pinentry/1.1.0-1 (amd64)
policykit-1/unknown (armhf)
systemd/237-3ubuntu10.31 (s390x)
cmake-extras/1.3+17.04.20170310-1ubuntu4 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#glib2.0

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (glib2.0/2.62.2-2~ubuntu19.10.1)

All autopkgtests for the newly accepted glib2.0 (2.62.2-2~ubuntu19.10.1) for eoan have finished running.
The following regressions have been reported in tests triggered by the package:

indicator-session/17.3.20+19.10.20190921-0ubuntu1 (arm64)
sbd/1.4.0-18-g5e3283c-1ubuntu1 (i386)
cairo/unknown (armhf)
netplan.io/0.98-0ubuntu1 (ppc64el)
apport/2.20.11-0ubuntu8.2 (amd64)
snapd-glib/unknown (armhf)
firefox/70.0.1+build1-0ubuntu0.19.10.1 (armhf)
bumblebee/unknown (armhf)
glib2.0/2.62.2-2~ubuntu19.10.1 (i386)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/eoan/update_excuses.html#glib2.0

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Timo Aaltonen (tjaalton) wrote : Please test proposed package

Hello Adam, or anyone else affected,

Accepted glib2.0 into disco-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/glib2.0/2.60.4-0ubuntu0.19.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-disco to verification-done-disco. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-disco. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in glib2.0 (Ubuntu Disco):
status: In Progress → Fix Committed
tags: added: verification-needed-disco
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

Hello Adam, or anyone else affected,

Accepted glib2.0 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/glib2.0/2.48.2-0ubuntu4.5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in glib2.0 (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed-xenial
Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (glib2.0/2.48.2-0ubuntu4.5)

All autopkgtests for the newly accepted glib2.0 (2.48.2-0ubuntu4.5) for xenial have finished running.
The following regressions have been reported in tests triggered by the package:

gvfs/1.28.2-1ubuntu1~16.04.3 (s390x)
dbus-test-runner/15.04.0+15.10.20151002-0ubuntu1 (arm64)
libreoffice/1:5.1.6~rc2-0ubuntu1~xenial10 (i386)
libglib-object-introspection-perl/0.040-2 (armhf)
network-manager/1.2.6-0ubuntu0.16.04.3 (ppc64el)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/xenial/update_excuses.html#glib2.0

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (glib2.0/2.60.4-0ubuntu0.19.04.2)

All autopkgtests for the newly accepted glib2.0 (2.60.4-0ubuntu0.19.04.2) for disco have finished running.
The following regressions have been reported in tests triggered by the package:

apport/2.20.10-0ubuntu27.3 (i386, amd64)
awesome/4.3-4 (armhf)
graphviz/unknown (armhf)
vlc/unknown (armhf)
systemd/240-6ubuntu5.7 (i386, amd64)
umockdev/0.12.1-2 (amd64)
udisks2/2.8.2-1 (arm64)
gtk+3.0/3.24.8-1ubuntu1 (armhf)
glib2.0/2.60.4-0ubuntu0.19.04.2 (i386)
sbd/1.3.1-4 (i386)
firefox/70.0.1+build1-0ubuntu0.19.04.1 (armhf)
lazarus/unknown (armhf)
dbus-test-runner/15.04.0+19.04.20190115-0ubuntu1 (ppc64el)
gvfs/1.40.1-1ubuntu0.1 (ppc64el)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/disco/update_excuses.html#glib2.0

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Gunnar Hjalmarsson (gunnarhj)
Changed in glib2.0 (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Please test proposed package

Hello Adam, or anyone else affected,

Accepted glib2.0 into eoan-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/glib2.0/2.62.3-2~ubuntu19.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-eoan to verification-done-eoan. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-eoan. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

tags: added: verification-needed-eoan
removed: verification-done-eoan
Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (glib2.0/2.62.3-2~ubuntu19.10.1)

All autopkgtests for the newly accepted glib2.0 (2.62.3-2~ubuntu19.10.1) for eoan have finished running.
The following regressions have been reported in tests triggered by the package:

automake-1.16/1:1.16.1-4ubuntu3 (s390x)
libreoffice/1:6.3.4-0ubuntu0.19.10.1 (ppc64el)
umockdev/0.13.2-1 (armhf, i386)
asterisk/1:16.2.1~dfsg-2build2 (arm64)
tracker/2.3.0-1 (armhf)
glib2.0/2.62.3-2~ubuntu19.10.1 (i386)
cmake-extras/1.3+17.04.20170310-5 (armhf)
netplan.io/0.98-0ubuntu1 (ppc64el, i386)
dbus-test-runner/15.04.0+19.04.20190115-0ubuntu1 (armhf, i386)
sbd/1.4.0-18-g5e3283c-1ubuntu1 (amd64, i386)
ocaml-cairo2/unknown (armhf)
netplan.io/unknown (armhf)
gvfs/1.42.1-1ubuntu1 (arm64)
openssh/1:8.0p1-6build1 (amd64, armhf, arm64, s390x, i386, ppc64el)
snapd-glib/1.49-0ubuntu1.19.10.0 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/eoan/update_excuses.html#glib2.0

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Steve Langasek (vorlon) wrote : Please test proposed package

Hello Adam, or anyone else affected,

Accepted glib2.0 into eoan-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/glib2.0/2.62.4-1~ubuntu19.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-eoan to verification-done-eoan. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-eoan. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (glib2.0/2.62.3-2~ubuntu19.10.1)

All autopkgtests for the newly accepted glib2.0 (2.62.3-2~ubuntu19.10.1) for eoan have finished running.
The following regressions have been reported in tests triggered by the package:

tracker/2.3.0-1 (armhf)
snapd-glib/1.49-0ubuntu1.19.10.0 (armhf)
sbd/1.4.0-18-g5e3283c-1ubuntu1 (amd64)
gvfs/1.42.1-1ubuntu1 (arm64)
glib2.0/2.62.3-2~ubuntu19.10.1 (i386)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/eoan/update_excuses.html#glib2.0

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (glib2.0/2.62.4-1~ubuntu19.10.1)

All autopkgtests for the newly accepted glib2.0 (2.62.4-1~ubuntu19.10.1) for eoan have finished running.
The following regressions have been reported in tests triggered by the package:

openssh/1:8.0p1-6build1 (i386, ppc64el, amd64, arm64, s390x, armhf)
openjdk-8/unknown (amd64, armhf)
libreoffice/unknown (i386)
dbus-python/unknown (armhf)
modemmanager-qt/unknown (amd64)
graphene/1.10.0-1 (arm64)
firefox/73.0+build3-0ubuntu0.19.10.1 (arm64)
gvfs/1.42.1-1ubuntu1 (arm64)
cmake-extras/1.3+17.04.20170310-5 (armhf)
glib2.0/2.62.4-1~ubuntu19.10.1 (i386)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/eoan/update_excuses.html#glib2.0

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Is anyone actively working on the glib2.0 SRUs? We are blocked on them for our ibus security update...

Revision history for this message
Gunnar Hjalmarsson (gunnarhj) wrote :

@Marc: Please see my short conversation with Alex on IRC:

https://irclogs.ubuntu.com/2020/02/11/%23ubuntu-desktop.html

I will ask Laney about the current status.

Revision history for this message
Iain Lane (laney) wrote :

I think everything other than eoan can be released: all the test failures are unrelated.

For eoan, I'll check out what is happening with glib2.0's own tests/i386. I thought the .4 version was going to fix that. :(

Revision history for this message
Gunnar Hjalmarsson (gunnarhj) wrote :

I have verified the testcase

- on bionic using version 2.56.4-0ubuntu0.18.04.5 of the libglib2.0-* packages from bionic-proposed and version 1.5.17-3ubuntu5.3 of the ibus packages from ppa:ubuntu-security-proposed/ppa

- on xenial using version 2.48.2-0ubuntu4.5 of the libglib2.0-* packages from xenial-proposed and version 1.5.11-1ubuntu2.4 of the ibus packages from ppa:ubuntu-security-proposed/ppa

As regards the autopkgtest failures, please see comment #29.

Marked the disco bug task as "Won't Fix" since disco is EOL.

tags: added: verification-done-bionic verification-done-xenial
removed: verification-needed-bionic verification-needed-xenial
Changed in glib2.0 (Ubuntu Disco):
assignee: Gunnar Hjalmarsson (gunnarhj) → nobody
importance: High → Undecided
status: Fix Committed → Won't Fix
Revision history for this message
Gunnar Hjalmarsson (gunnarhj) wrote :

I have verified the testcase on eoan using version 2.62.4-1~ubuntu19.10.1 of the libglib2.0-* packages from eoan-proposed and version 1.5.21-1~exp2ubuntu2.1 of the ibus packages from ppa:ubuntu-security-proposed/ppa.

As regards the autopkgtest failure, please see:

https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/1850932/comments/12

tags: added: verification-done-eoan
removed: verification-needed-eoan
Marc Deslauriers (mdeslaur)
tags: removed: verification-needed verification-needed-disco
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package glib2.0 - 2.48.2-0ubuntu4.5

---------------
glib2.0 (2.48.2-0ubuntu4.5) xenial; urgency=medium

  * d/p/gcredentialsprivate-Document-the-various-private-macros.patch,
    d/p/credentials-Invalid-Linux-struct-ucred-means-no-informati.patch,
    d/p/GDBus-prefer-getsockopt-style-credentials-passing-APIs.patch:
    - Ensure libdbus clients can authenticate with a GDBusServer like
      the one in ibus. The patches cherry picked from 2.62.2-2 in focal
      in order to allow the ibus fix of CVE-2019-14822 to be re-enabled
      without breaking ibus for Qt applications (LP: #1844853).

 -- Gunnar Hjalmarsson <email address hidden> Thu, 31 Oct 2019 00:48:00 +0100

Changed in glib2.0 (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for glib2.0 has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package glib2.0 - 2.56.4-0ubuntu0.18.04.5

---------------
glib2.0 (2.56.4-0ubuntu0.18.04.5) bionic; urgency=medium

  [ Gunnar Hjalmarsson ]
  * d/p/gcredentialsprivate-Document-the-various-private-macros.patch,
    d/p/credentials-Invalid-Linux-struct-ucred-means-no-informati.patch,
    d/p/GDBus-prefer-getsockopt-style-credentials-passing-APIs.patch:
    - Ensure libdbus clients can authenticate with a GDBusServer like
      the one in ibus. The patches cherry picked from 2.62.2-2 in focal
      in order to allow the ibus fix of CVE-2019-14822 to be re-enabled
      without breaking ibus for Qt applications (LP: #1844853).

  [ Iain Lane ]
  * d/p/Add-a-test-for-GDBusServer-authentication.patch: Additionally backport
    this commit to add a test for the above fixes.
    + BD on libdbus-1-dev so that the above test gets run properly.

 -- Gunnar Hjalmarsson <email address hidden> Thu, 31 Oct 2019 00:16:00 +0100

Changed in glib2.0 (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (5.8 KiB)

This bug was fixed in the package glib2.0 - 2.62.4-1~ubuntu19.10.1

---------------
glib2.0 (2.62.4-1~ubuntu19.10.1) eoan; urgency=medium

  * No-change backport from unstable to eoan (LP: #1850932).
    + Contains fix for LP: #1844853 - "IBus no longer works in Qt applications
      after upgrade"

glib2.0 (2.62.4-1) unstable; urgency=medium

  * Team upload

  [ Steve Langasek ]
  * debian/tests/build: Make cross-test friendly (Closes: #946355)

  [ Iain Lane ]
  * debian/tests/build: Style fixes

  [ Simon McVittie ]
  * New upstream release

glib2.0 (2.62.3-2) unstable; urgency=medium

  * Team upload
  * Rename pkg.glib2.0.noinsttest build profile to noinsttest.
    This is now registered on <https://wiki.debian.org/BuildProfileSpec>.

glib2.0 (2.62.3-1) unstable; urgency=medium

  * Team upload
  * New upstream release
    - Drop patches that were applied upstream
  * Don't build libglib2.0-tests under pkg.glib2.0.noinsttest build profile.
    This is a prototype of the proposed standard build profile noinsttest.
    If the build profiles include both nocheck and pkg.glib2.0.noinsttest,
    we can drop the libdbus-1-dev build-dependency without harming test
    coverage or altering the contents of binary packages.
  * d/gbp.conf: Use upstream/2.62.x branch

glib2.0 (2.62.2-3) unstable; urgency=medium

  * Team upload

  [ Iain Lane ]
  * control: Drop `debian/experimental` from Vcs-*

  [ Simon McVittie ]
  * Build-depend on libdbus-1-dev for better test coverage
  * Update to upstream commit 2.62.2-28-g3cf25070e:
    - d/p/goption-Relax-assertion-to-avoid-being-broken-by-kdeinit5.patch:
      Fix assertion failure when called from a process that overwrites its
      argv, such as kdeinit5
    - d/p/gdbus-peer-Specifically-listen-on-127.0.0.1.patch:
      Improve reliability of gdbus-peer test in some container environments
    - d/p/gdbusserver-Delete-socket-and-nonce-file-when-stopping-se.patch,
      d/p/gdbusserver-Keep-a-strong-reference-to-the-server-in-call.patch,
      d/p/gdbusauthmechanismsha1-Remove-unnecessary-g_warning-calls.patch,
      d/p/gdbusauthmechanismsha1-Create-.dbus-keyrings-directory-re.patch,
      d/p/tests-Move-main-loop-and-test-GUID-into-test-functions-in.patch,
      d/p/tests-Isolate-directories-in-gdbus-peer-test.patch,
      d/p/gdbus-peer-test-Improve-diagnostics-if-g_rmdir-fails.patch,
      d/p/gdbus-peer-test-Stop-GDBusServer-before-tearing-down-temp.patch,
      d/p/gdbus-peer-test-Use-unix-dir-address-if-exact-format-does.patch,
      d/p/gdbus-server-auth-test-Create-temporary-directory-for-Uni.patch:
      Mark as applied upstream in 2.62.x branch
  * d/p/gdbus-server-auth-test-Include-gcredentialsprivate.h.patch:
    Apply patch from 2.63.x to fix missing coverage in test for #941018
  * d/p/Make-ld-executable-configurable.patch:
    Apply patch from 2.63.x to use cross ld where necessary
  * d/p/gdbus-server-auth-test-Create-temporary-directory-for-Uni.patch:
    Mark as applied upstream in 2.63.x branch
  * Improve patch metadata: use more URLs for bug references

glib2.0 (2.62.2-2) unstable; urgency=medium

  * Team upload
  * Update to upstream commit 2.62.2-14-gfcbb88823:
    - d/p/gdeskto...

Read more...

Changed in glib2.0 (Ubuntu Eoan):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.