Bug #13442: gdk-pixbuf's loaders.cache not reproducible

Bug #13442

gdk-pixbuf's loaders.cache not reproducible

Added by anonym 2017-07-07 19:36:40 . Updated 2017-09-28 18:41:12 .

Status:

Resolved

Priority:

Elevated

Assignee:

Category:

Build system

Target version:

Tails_3.2

Start date:

2017-07-07

Due date:

% Done:

100%

Feature Branch:

bugfix/13442-reproducible-gdk-pixbuf-loaders.cache

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

289

Description

/usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders.cache

See parent ticket for more info.

Files

gdk-pixbuf.diff.txt (1691 B)	lamby, 2017-08-29 18:44:37
diffoscope.html (206305 B)	intrigeri, 2017-09-10 17:34:04
diffoscope.html (319748 B)	intrigeri, 2017-09-11 13:01:52
diffoscope.txt.bz2 (6992 B)	intrigeri, 2017-09-12 09:47:23
loaders.cache.bad (3442 B)	anonym, 2017-09-12 17:31:57
loaders.cache.good (3442 B)	anonym, 2017-09-12 17:31:57
gdk-pixbuf.diff.txt (1146 B)	lamby, 2017-09-13 19:30:33

Subtasks

Related issues

Related to Tails - ~~Bug #14729~~: Fix gdk-pixbuf vulnerability (CVE-2017-2862)

Resolved

2017-09-26

History

#1 Updated by intrigeri 2017-07-18 12:25:27

Target version set to Tails_3.1

(Like parent ticket.)

#2 Updated by anonym 2017-08-07 14:05:28

Target version changed from Tails_3.1 to Tails_3.2

#3 Updated by lamby 2017-08-29 18:45:07

File gdk-pixbuf.diff.txt added
Assignee changed from lamby to anonym
QA Check set to Ready for QA

This has been fixed upstream:

https://bugzilla.gnome.org/show_bug.cgi?id=783592

Attached is a backported patch for the version in stretch.

Enjoy!

#4 Updated by BitingBird 2017-08-30 10:13:36

Status changed from Confirmed to In Progress

#5 Updated by intrigeri 2017-09-07 12:11:50

Priority changed from Normal to Elevated

#6 Updated by anonym 2017-09-07 15:49:42

% Done changed from 0 to 50
Feature Branch set to bugfix/13442-reproducible-gdk-pixbuf-loaders.cache

#7 Updated by intrigeri 2017-09-10 17:34:09

File diffoscope.html added
QA Check changed from Ready for QA to Dev Needed

kurono’s 3.2~alpha2 ISO has a problem in this, see attached diffoscope output.

#8 Updated by intrigeri 2017-09-11 13:01:59

File diffoscope.html added

Another Tails contributor reported FTBR of 3.1~alpha2 with the same problem, diffoscope output attached.

#9 Updated by intrigeri 2017-09-12 09:47:25

File diffoscope.txt.bz2 added

And a third one.

#10 Updated by anonym 2017-09-12 11:05:10

Assignee changed from anonym to lamby

lamby, is there any chance you could try to have a look and provide us a fix before 13:00 2017-09-14 UTC so we might have this fix in Tails 3.2~rc1?

#11 Updated by lamby 2017-09-12 15:31:44

Assignee changed from lamby to anonym

anonym wrote:
> lamby, is there any chance you could try to have a look and provide us a fix before 13:00 2017-09-14 UTC so we might have this fix in Tails 3.2~rc1?

Sure, but can you confirm my patch was applied when building this ISO? I don’t see anything about it being merged here…

#12 Updated by anonym 2017-09-12 16:16:17

Assignee changed from anonym to lamby

The patch was applied to 3.2~alpha2! If you want you can fetch the package and its source used in 3.2-alpha2 by adding these APT sources:

deb http://deb.tails.boum.org/ 3.2-alpha2 main
deb-src http://deb.tails.boum.org/ 3.2-alpha2 main

and fetch the source:

apt source gdk-pixbuf/3.2-alpha2

AFAICT the patch is applied, but IANADD. :)

The reason the status of this ticket wasn’t changed is because the Tails 3.2-alpha2 history will never be merged back anywhere, because it was just a test — in fact, I used it as the test as part of our normal review’n’merge process for this ticket (and the other three similar fixes). The situation is/was this: previously we always saw all these four failures together. With your fixes, we only still see ~~Bug #13442~~ and ~~Bug #13440~~, and they are still always coming together. So I made the assumption that the other two were fixed since they don’t appear at all, and specifically not when the other two occur, and that’s why ~~Bug #13439~~ and ~~Bug #13441~~ now are merged and marked “Fix committed” but not ~~Bug #13440~~ and ~~Bug #13442~~. I hope this makes sense! And I’m sorry for not being transparent enough from the beginning! :S

#13 Updated by anonym 2017-09-12 17:33:02

File loaders.cache.bad added
File loaders.cache.good added

Here’s the good file and one of the bad files (not necessarily the same as in any of the diffoscope reports here).

#14 Updated by anonym 2017-09-12 18:00:50

Another bad one (one week expiry): https://share.riseup.net/#_fOJ_G2fUFwMW8hRwyq91Q

#15 Updated by lamby 2017-09-13 19:32:06

File gdk-pixbuf.diff.txt added
Assignee changed from lamby to anonym

Righto, looks like we need to patch the postinst script too. Forwarded to Debian here:

https://bugs.debian.org/875704

.. also attached.

Enjoy!

#16 Updated by intrigeri 2017-09-13 20:45:32

QA Check changed from Dev Needed to Ready for QA

Amazing :)

#17 Updated by anonym 2017-09-13 21:39:09

Type of work changed from Research to Code

New packages built and uploaded. If Jenkins is fine with the branch, I’ll merge.

#18 Updated by anonym 2017-09-15 10:41:01

Status changed from In Progress to Fix committed
% Done changed from 50 to 100

Applied in changeset commit:6840b98d034c2cbc9aabc3dcf5c58be3f4069a8c.

#19 Updated by anonym 2017-09-15 17:48:56

Assignee deleted (~~anonym~~)
QA Check changed from Ready for QA to Pass

#20 Updated by intrigeri 2017-09-27 07:48:03

related to ~~Bug #14729~~: Fix gdk-pixbuf vulnerability (CVE-2017-2862) added

#21 Updated by anonym 2017-09-28 18:41:13

Status changed from Fix committed to Resolved