corrupted json payload when adding a device

Bug #1879272 reported by Andreas Tobler on 2020-05-18
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gpsd (Ubuntu)
Medium
Christian Ehrhardt 
Focal
Medium
Christian Ehrhardt 

Bug Description

[Impact]

 * Broken in 3.20 (>=Focal) by upstream the socket which is meant to
   produce json output has one of its messages violating the json format.

 * This leads to applications relying on the integrity of these messages to
   fail.

 * Fix by backporting a small upstream commit

[Test Case]

Start without a device like /etc/defaul/gpsd
  DEVICES=""

Attach a json watcher like to gpsd like
$ telnet localhost 2947
then enter
?WATCH={"enable":true,"json":true};

This looks like:

$ telnet localhost 2947
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
{"class":"VERSION","release":"3.20","rev":"3.20","proto_major":3,"proto_minor":14}
?WATCH={"enable":true,"json":true};
{"class":"DEVICES","devices":[]}
{"class":"WATCH","enable":true,"json":true,"nmea":false,"raw":0,"scaled":false,"timing":false,"split24":false,"pps":false}

Then on another console attach the device:
$ sudo gpsdctl add /dev/ttyUSB0

In the telnet socket watch you will see:
  {"class":"DEVICE","path":"/dev/ttyUSB0","activated":2020-05-20T05:42:54.598Z}

And the last element in this is violating JSON.
With the fix this no more happens.

[Other Info]

 * n/a

---

Could you please add the patch to this issue to the ubuntu package:

https://gitlab.com/gpsd/gpsd/-/issues/77

TIA,
Andreas

andreast@atobuntu:~$ lsb_release -rd
Description: Ubuntu 20.04 LTS
Release: 20.04

The installed packet version is 3.20-8

Related branches

Thanks for reporting this bug and also the provided upstream patch. Just to make it clear this is the mentioned patch:

https://gitlab.com/gpsd/gpsd/-/commit/733495192307d43c9e3bdd9e1b202045e66d998b

tags: added: server-next
Changed in gpsd (Ubuntu Focal):
status: New → Triaged
Changed in gpsd (Ubuntu):
status: New → Triaged
Changed in gpsd (Ubuntu Focal):
importance: Undecided → Medium
Changed in gpsd (Ubuntu):
importance: Undecided → Medium
Andreas Tobler (andreastt) wrote :

Yes, this is the mentioned patch.

Thanks for reporting this Andreas, I'll take a look.

Note: The fix is not yet in a released version but will be in 3.21 once it is released.

Changed in gpsd (Ubuntu):
assignee: nobody → Christian Ehrhardt  (paelzer)

Repro steps:

Start without a device like /etc/defaul/gpsd
  DEVICES=""

Attach a json watcher like to gpsd like
$ telnet localhost 2947
then enter
?WATCH={"enable":true,"json":true};

This looks like:

$ telnet localhost 2947
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
{"class":"VERSION","release":"3.20","rev":"3.20","proto_major":3,"proto_minor":14}
?WATCH={"enable":true,"json":true};
{"class":"DEVICES","devices":[]}
{"class":"WATCH","enable":true,"json":true,"nmea":false,"raw":0,"scaled":false,"timing":false,"split24":false,"pps":false}

Then on another console attach the device:
$ sudo gpsdctl add /dev/ttyUSB0

In the telnet socket watch you will see:
  {"class":"DEVICE","path":"/dev/ttyUSB0","activated":2020-05-20T05:42:54.598Z}

And the last element in this is violating JSON.
With the fix this no more happens.

@Andreas - I could reproduce this and I'm fine going on with the fix. Yet I haven't seen any "impact" like what doesn't work because of this. It will be easy to fix it for Ubuntu 20.10 and onwards, but for the SRU [1] I'll need to describe the impact to justify it - if you could help me on that I'd appreciate.

[1]: https://wiki.ubuntu.com/StableReleaseUpdates

Reported a fix to Debian https://salsa.debian.org/debian-gps-team/pkg-gpsd/-/merge_requests/8 in case they want it as well - Bernd can pick it up that way or in 3.21 when it is released some time later.

For Ubuntu I already have these prepared:
https://code.launchpad.net/~paelzer/ubuntu/+source/gpsd/+git/gpsd/+merge/384232
https://code.launchpad.net/~paelzer/ubuntu/+source/gpsd/+git/gpsd/+merge/384233

With a PPA to test at:
https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4069/

Andreas Tobler (andreastt) wrote :

@Christian, thanks for taking care of this issue.

Well, if you rely on the output of the control socket of gpsd then you get corrupt json payload if a gps device is added to gpsd. We rely on this output and our application fails if it can't parse the json payload which results in a non working application on our side.

The issue is a regression in gpsd, it was working fine in 3.19 and before.

Bernd Zeimetz (bzed) wrote :

Fixed in 3.20-12

Thanks Andreas I think I can use this for the SRU.

Bernd already merged my branch and uploaded debian/3.20-12 which is currently building in Debian and Groovy. So soon all that will be left is the SRU to Focal which need a teammate to check my branch for errors.

Changed in gpsd (Ubuntu Focal):
assignee: nobody → Christian Ehrhardt  (paelzer)
Changed in gpsd (Ubuntu):
status: Triaged → In Progress
description: updated

FYI: Added the SRU template to the description

FYI - Tested against the PPA with the SRU test steps:
  {"class":"DEVICE","path":"/dev/ttyUSB0","activated":"2020-05-20T08:49:45.631Z"}
Working now

Changed in gpsd (Ubuntu Focal):
status: Triaged → In Progress

FYI the groovy fix is ready in proposed but it's release is entangled with qtbase-opensource-src transition. So it might take a few more days to appear in groovy.

Being that far is ok as SRU prereq, so I uploaded the change for SRU review into Focal-unapproved as well now.

Hello Andreas, or anyone else affected,

Accepted gpsd into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gpsd/3.20-8ubuntu0.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in gpsd (Ubuntu Focal):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-focal
Andreas Tobler (andreastt) wrote :

The version gpsd-3.20-8ubuntu0.2 fixes my issue. The test was adding a device and parsing the json output from the ctrl socket.
Thanks a lot,
Andreas

tags: added: verification-done-focal
removed: verification-needed-focal

Test worked for me as well, thanks Andreas for the fast test on your side as well.

tags: added: verification-done
removed: verification-needed
Changed in gpsd (Ubuntu):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gpsd - 3.20-12

---------------
gpsd (3.20-12) unstable; urgency=medium

  [ Bernd Zeimetz ]
  * [b7a30c42] Disable reprotest on CI for now.
    Until somebody comes up with a fix.

  [ Christian Ehrhardt ]
  * [fccbcc8f] fix json missing quotes on device add (LP: #1879272)
    Signed-off-by: Christian Ehrhardt <email address hidden>

 -- Bernd Zeimetz <email address hidden> Wed, 20 May 2020 09:04:54 +0200

Changed in gpsd (Ubuntu):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gpsd - 3.20-8ubuntu0.2

---------------
gpsd (3.20-8ubuntu0.2) focal; urgency=medium

  * fix json missing quotes on device add (LP: #1879272)

 -- Christian Ehrhardt <email address hidden> Wed, 20 May 2020 08:23:02 +0200

Changed in gpsd (Ubuntu Focal):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for gpsd has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers