[precise SRU] crash due to improper handling of "/" in GSettings

Bug #1154370 reported by desrt on 2013-03-12
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
glib2.0 (Ubuntu)
Undecided
Unassigned

Bug Description

GSettings in GLib 2.32.3 has a bug where the "changed" signal is emitted for child settings objects as if they were keys ending with "/".

That was fixed upstream and merged into the glib-2-32 stable branch here: https://git.gnome.org/browse/glib/commit/?h=glib-2-32&id=e6f659a898595ba944bd02f0509b14694d1c26e7

GLib 2.32.4 was since released and contains the fix.

This fix is needed because there exists software (muffin) that contains code along these lines:

void
change_event_handler (GSettings *settings, const gchar *key, gpointer user_data)
{
  ...
  g_settings_get_value (settings, key);
  ...
}

and it's invalid to pass a key containing "/" to g_settings_get_value() (causing crashes).

This only happens when entire paths are reset (such as when running 'dconf update'). That makes the issue relatively rare but it's affecting corporate deployments (Google, specifically).

We should either do an SRU with just the patch linked to above to (ideally) QA and SRU the entire GLib 2.32.4 release to precise.

desrt (desrt) on 2013-03-12
affects: ubuntu → glib2.0 (Ubuntu)
Changed in glib2.0 (Ubuntu):
milestone: none → precise-updates
Margarita Manterola (marga-9) wrote :

Hi,

I was affected by this bug (cinnamon died when running dconf update), and after applying the above mentioned patch (e6f659a898595ba944bd02f0509b14694d1c26e7) the bug was solved.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in glib2.0 (Ubuntu):
status: New → Confirmed
Margarita Manterola (marga-9) wrote :

There's currently an upload of glib2.0 in the unaccepted precise queue. Version is 2.32.4-0ubuntu1. This package includes the fix needed for this bug.

Hello Ryan, or anyone else affected,

Accepted glib2.0 into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/glib2.0/2.32.4-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed
Margarita Manterola (marga-9) wrote :

Hi,

I can confirm that the proposed package fixes the issue.

--
Cheers,
Marga

Mark Russell (marrusl) on 2013-04-17
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package glib2.0 - 2.32.4-0ubuntu1

---------------
glib2.0 (2.32.4-0ubuntu1) precise; urgency=low

  * New upstream release (LP: #1154657)
    + GSettings: Don't crash due to incorrect handling of "/" (LP: #1154370)
    + gio: Stop ignoring defaults.list wrongly (LP: #901171)
  * Update watch file to track 2.32 series for Precise
  * debian/control{,.in}: Require libelf-dev >= 0.8.12, per configure.ac
  * gnetworkmonitor_dont_leak_networks.patch: Drop, included in this release.
  * Install bash completion files into /etc/bash_completion.d; overriding an
    upstream change (not appropriate for Precise) to install into
    /usr/share/bash-completion/completions. This change also names the
    completion files correctly (after the commands they are completing for),
    so they will start working now.
 -- Iain Lane <email address hidden> Wed, 13 Mar 2013 10:45:56 +0000

Changed in glib2.0 (Ubuntu):
status: Confirmed → Fix Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers