Fixing bug #1795668 breaks thumbnail creation on 32-bit Ubuntu

Bug #1807127 reported by Eugene Romanenko on 2018-12-06
268
This bug affects 2 people
Affects Status Importance Assigned to Milestone
gnome-desktop3 (Ubuntu)
Critical
Unassigned
Bionic
High
Steve Beattie
Cosmic
Critical
Jeremy Bicha

Bug Description

Impact
======
Thumbnailing doesn't work on Ubuntu 18.04 LTS or 18.10 on 32-bit installs.

Test Case
=========
Install Ubuntu 18.10 32-bit
Install the update. Log out and log back in.
Download a picture from the internet.
Open your file browser to the directory that contains the picture. The file should show a thumbnail preview.

Regression Potential
====================
This fix was cherry-picked to the stable gnome-3-30 branch.
It was additionally tested by Iain Lane on usrmerged and non-usrmerged systems. (We don't support usrmerge for Ubuntu 18.04 LTS or 18.10.)

Other Info
==========
Triaged as Critical for 18.04 LTS since this was a regression introduced in the security update that backported the bubblewrap hardening to the gnome-desktop3 thumbnailer.

Original Bug Report
===================
Fixing bug #1795668 breaks thumbnail creation on 32-bit Ubuntu.

Looks like same issue in upstream - https://bugzilla.redhat.com/show_bug.cgi?id=1651952

Cause - bubblewrap runs with --ro-bind /lib64 option, then fails.
Workaround - create empty /lib64 directory at root.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: libgnome-desktop-3-17 3.28.2-0ubuntu1.1
ProcVersionSignature: Ubuntu 4.15.0-42.45-generic 4.15.18
Uname: Linux 4.15.0-42-generic i686
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: i386
CurrentDesktop: ubuntu:GNOME
Date: Thu Dec 6 12:07:28 2018
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: gnome-desktop3
UpgradeStatus: No upgrade log present (probably fresh install)

Eugene Romanenko (eros2) wrote :
Eugene Romanenko (eros2) on 2018-12-06
description: updated
Jeremy Bicha (jbicha) on 2018-12-06
tags: added: regression-update
Jeremy Bicha (jbicha) wrote :

I have forwarded the issue to GNOME at https://gitlab.gnome.org/GNOME/gnome-desktop/issues/89

Jeremy Bicha (jbicha) on 2018-12-06
Changed in gnome-desktop3 (Ubuntu):
importance: Undecided → Critical
Iain Lane (laney) wrote :

I submitted a fix to upstream: https://gitlab.gnome.org/GNOME/gnome-desktop/merge_requests/20, let's see what they say.

Jeremy Bicha (jbicha) on 2018-12-10
Changed in gnome-desktop3 (Ubuntu Cosmic):
importance: Undecided → Critical
Changed in gnome-desktop3 (Ubuntu Bionic):
importance: Undecided → Critical
Changed in gnome-desktop3 (Ubuntu):
status: New → Triaged
Changed in gnome-desktop3 (Ubuntu Bionic):
status: New → Triaged
Changed in gnome-desktop3 (Ubuntu Cosmic):
status: New → Triaged
Jeremy Bicha (jbicha) on 2018-12-11
Changed in gnome-desktop3 (Ubuntu):
status: Triaged → Fix Committed
Jeremy Bicha (jbicha) wrote :

Security Team, would you be interested in sponsoring directly from our git branch for bionic-security?

gbp clone https://git.launchpad.net/~ubuntu-desktop/ubuntu/+source/gnome-desktop3

git checkout ubuntu/bionic

I am guessing we'll just do a regular SRU for cosmic. What do you think?

information type: Public → Public Security
Changed in gnome-desktop3 (Ubuntu Bionic):
status: Triaged → Confirmed
Changed in gnome-desktop3 (Ubuntu Cosmic):
assignee: nobody → Jeremy Bicha (jbicha)
Jeremy Bicha (jbicha) on 2018-12-11
Changed in gnome-desktop3 (Ubuntu Bionic):
importance: Critical → High
Jeremy Bicha (jbicha) on 2018-12-11
description: updated
Changed in gnome-desktop3 (Ubuntu Cosmic):
status: Triaged → In Progress
Steve Beattie (sbeattie) on 2018-12-11
Changed in gnome-desktop3 (Ubuntu Bionic):
assignee: nobody → Steve Beattie (sbeattie)
Steve Beattie (sbeattie) wrote :

For bionic, I've uploaded the gnome-desktop3 package with the fix for 32bit systems to the ubuntu-security-proposed ppa (https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/) for people to test. Any feedback would be appreciated.

Thanks!

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnome-desktop3 - 3.30.2-3ubuntu1

---------------
gnome-desktop3 (3.30.2-3ubuntu1) disco; urgency=medium

  * Merge with Debian. Remaining changes:
    - Add 04_compute_average_color.patch: Compute the avergage color in
      gnome-desktop itself, not in unity to fix some races (LP #963140)
    - Add tweak_color_computation.patch, Patch from Gord, no patch header,
      no bug link.
    - Add git_revert_draw_background.patch
    - Add ubuntu_language.patch, Port relevant bits from gnome-control-center's
      52_region_language.patch, as required for gnome 3.8+ region panel
    - Add ubuntu_language_list_from_SUPPORTED.patch,
      Add API to get list of available languages from SUPPORTED file.
      To be used by gnome 3.8 region panel language installation.
    - Add gnomebg_hidpi_image.patch,
      gnome_bg_create_surface: always honor device scale, that fixes the
      wallpaper rendering in HiDPI config under ubiquity (LP: #1382291)
    - debian/control.in: Don't depend on bubblewrap
    - debian/libgnome-desktop-3-17.symbols:
      + Add symbols included in Ubuntu patches
    - Update Vcs fields and debian/gbp.conf for Ubuntu

gnome-desktop3 (3.30.2-3) unstable; urgency=medium

  * Cherry-pick thumbnail-Fix-use-after-free-when-getting-a-preview-icon.patch:
    - Fix from gnome-3-30 branch for a potential crash bug

gnome-desktop3 (3.30.2-2) unstable; urgency=medium

  * Cherry-pick thumbnail-Handle-non-usrmerged-systems.patch:
    - Fix thumbnailer on 32-bit systems where /lib64 is not available. Also
      improve handling of usrmerged and non-usrmerged systems. (LP: #1807127)

 -- Jeremy Bicha <email address hidden> Tue, 11 Dec 2018 10:45:20 -0500

Changed in gnome-desktop3 (Ubuntu):
status: Fix Committed → Fix Released
paz (mozit) wrote :

Hello @Steve,
Checked your pkg/ppa in Bionic 32 bit - all back to normal
Thanks for your quick fix.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnome-desktop3 - 3.28.2-0ubuntu1.2

---------------
gnome-desktop3 (3.28.2-0ubuntu1.2) bionic-security; urgency=medium

  * Cherry-pick thumbnail-Handle-non-usrmerged-systems.patch:
    - Fix thumbnailer on 32-bit systems where /lib64 is not available. This
      fixes a regression introduced in the previous update. (LP: #1807127)

 -- Jeremy Bicha <email address hidden> Tue, 11 Dec 2018 10:19:39 -0500

Changed in gnome-desktop3 (Ubuntu Bionic):
status: Confirmed → Fix Released

Hello Eugene, or anyone else affected,

Accepted gnome-desktop3 into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gnome-desktop3/3.30.2-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in gnome-desktop3 (Ubuntu Cosmic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-cosmic
pt123 (pt123) wrote :

Proposed working on Bionic (18.04) 32 bit system

Sebastien Bacher (seb128) wrote :

On cosmic the SRU fixes the thumbnail creation, but starting from a command line nautilus shows those G_IS_OBJECT (object) warnings

#0 g_log (log_domain=0xb70fd07b "GLib-GObject",
    log_level=G_LOG_LEVEL_CRITICAL,
    format=0xb7f186b2 "%s: assertion '%s' failed")
    at ../../../../glib/gmessages.c:1412
#1 0xb7ec9249 in g_return_if_fail_warning (
    log_domain=0xb70fd07b "GLib-GObject",
    pretty_function=0xb7100334 <__func__.14497> "g_object_ref",
    expression=0xb70ff236 "G_IS_OBJECT (object)")
    at ../../../../glib/gmessages.c:2762
#2 0xb70d1990 in g_object_ref (_object=0x0)
    at ../../../../gobject/gobject.c:3212
#3 0xb6ff93f4 in get_preview_thumbnail (size=<optimized out>,
    uri=<optimized out>) at gnome-desktop-thumbnail.c:972
#4 gnome_desktop_thumbnail_factory_generate_thumbnail (factory=0xb70158,
    uri=0x9565a0 "file:///usr/share/backgrounds/Ross_Jones_Rockpool_(Sydney)_by_Chris_Carignan.jpg", mime_type=0x8d88a0 "image/jpeg")
    at gnome-desktop-thumbnail.c:1058
#5 0x0048dc13 in ?? ()
#6 0xb71aa7bf in g_task_thread_pool_thread (thread_data=0xabf290,
    pool_data=0x0) at ../../../../gio/gtask.c:1331
#7 0xb7eeb30d in g_thread_pool_thread_proxy (data=0x620ba0)
    at ../../../../glib/gthreadpool.c:307
#8 0xb7eea8ba in g_thread_proxy (data=0x78c780)
    at ../../../../glib/gthread.c:784
#9 0xb6a22fed in start_thread (arg=0xadeecb40) at pthread_create.c:486
#10 0xb6936a76 in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:108

Unsure if that should block the SRU though? (there is no warning when using the bionic libgnome-desktop-3-17 version (pre-bubblewrap changes)

Jeremy Bicha (jbicha) wrote :

Seb, I can duplicate the issue you found. I suggest we just drop thumbnail-Fix-use-after-free-when-getting-a-preview-icon.patch. It also added a leftover debug line "got a preview thumbnail" (that was removed in a later commit).

Sebastien Bacher (seb128) wrote :

@Jeremy, the fix makes sense to keep since it's a potential segfault, the warning problem just got fixed upstream with that commit
https://gitlab.gnome.org/GNOME/gnome-desktop/commit/bbae26a6
We should rather add that change to the SRU (and drop the g_message call)

Jeremy Bicha (jbicha) wrote :

Ok, let's wait for the merge proposal to be accepted:
https://gitlab.gnome.org/GNOME/gnome-desktop/merge_requests/29

Jeremy Bicha (jbicha) wrote :

Sorry about the delay. I have uploaded a new version to the cosmic UNAPPROVED queue that should fix the identified regression.

Brian Murray (brian-murray) wrote :

Hello Eugene, or anyone else affected,

Accepted gnome-desktop3 into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gnome-desktop3/3.30.2.1-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Marc Deslauriers (mdeslaur) wrote :

What's the status of this SRU? We're awaiting on this to prepare a security update...

Marc Deslauriers (mdeslaur) wrote :

This package has been superseded by the following security update:

https://usn.ubuntu.com/3994-1/

The current packages in -proposed needs to be respun to include the security fix.

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers