Debian Bug report logs - #977000
python3-apt: dak crashes after security update

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Ansgar <ansgar@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: python3-apt: dak crashes after security update

Date: Wed, 09 Dec 2020 22:43:57 +0100

[Message part 1 (text/plain, inline)]

Package: python3-apt
Version: 1.8.4.2
Severity: grave
Tags: security
Justification: renders package unusable

dak crashes with a segmentation fault in python3-apt when processing
uploads or processing the NEW queue on ftp-master; and also on my
playground server (used to generate the backtrace).

$ gdb --batch -n -ex 'set pagination off' -ex run -ex bt -ex 'bt full' \
    -args /usr/bin/python3 ~dak/dak/dak/dak.py examine-package \
    python3-apt_1.8.4.2_amd64.deb &> dak-segfault.txt

produced the attached backtrace.

The problematic line seems to be:

+---
|     return apt_inst.DebFile(fh).control.extractdata("control")
+---[ https://salsa.debian.org/ftp-team/dak/-/blob/891420d6c0c46472f25585ac05760dabc84e74ad/daklib/utils.py#L939 ]

and indeed

$ gdb --args python3 -c 'import apt_inst; apt_inst.DebFile(open("python3-apt_1.8.4.2_amd64.deb")).control.extractdata("control")'

also reproduces the segmentation fault.

Ansgar

-- System Information:
Debian Release: 10.7
Architecture: amd64 (x86_64)

Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages python3-apt depends on:
ii  libapt-inst2.0     1.8.2.2
ii  libapt-pkg5.0      1.8.2.2
ii  libc6              2.28-10
ii  libgcc1            1:8.3.0-6
ii  libstdc++6         8.3.0-6
ii  python-apt-common  1.8.4.2
ii  python3            3.7.3-1

Versions of packages python3-apt recommends:
pn  iso-codes    <none>
pn  lsb-release  <none>

Versions of packages python3-apt suggests:
ii  apt              1.8.2.2
pn  python-apt-doc   <none>
ii  python3-apt-dbg  1.8.4.2

-- no debconf information

[dak-segfault.txt (text/plain, attachment)]

Message #8 received at 977000-submitter@bugs.debian.org (full text, mbox, reply):

From: Julian Andres Klode <noreply@salsa.debian.org>

To: 977000-submitter@bugs.debian.org

Subject: Bug#977000 marked as pending in python-apt

Date: Wed, 09 Dec 2020 22:10:21 +0000

Control: tag -1 pending

Hello,

Bug #977000 in python-apt reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/apt-team/python-apt/-/commit/3d9af5f196ad6a6c6973ac699a15888d21a9bb52

------------------------------------------------------------------------
arfile.cc: Fix segmentation fault when opening fd, track lifetime
correctly

The lines that created self->Fd and that then made use of it were
swapped, causing a segmentation fault.

Also the life of the file object was tracked incorrectly, causing
the file to be closed if it was a temporary one.

Closes: #977000
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/977000

Message #13 received at 977000-submitter@bugs.debian.org (full text, mbox, reply):

From: Julian Andres Klode <noreply@salsa.debian.org>

To: 977000-submitter@bugs.debian.org

Subject: Bug#977000 marked as pending in python-apt

Date: Wed, 09 Dec 2020 22:15:33 +0000

Control: tag -1 pending

Hello,

Bug #977000 in python-apt reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/apt-team/python-apt/-/commit/e37237d09fd24ed9072aa308bf10edb10ae74711

------------------------------------------------------------------------
arfile.cc: Fix segmentation fault when opening fd, track lifetime
correctly

The lines that created self->Fd and that then made use of it were
swapped, causing a segmentation fault.

Also the life of the file object was tracked incorrectly, causing
the file to be closed if it was a temporary one.

Closes: #977000
(cherry picked from commit 3d9af5f196ad6a6c6973ac699a15888d21a9bb52)
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/977000

Message #18 received at 977000-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 977000-close@bugs.debian.org

Subject: Bug#977000: fixed in python-apt 2.1.7

Date: Thu, 10 Dec 2020 14:49:14 +0000

Source: python-apt
Source-Version: 2.1.7
Done: Julian Andres Klode <jak@debian.org>

We believe that the bug you reported is fixed in the latest version of
python-apt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 977000@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julian Andres Klode <jak@debian.org> (supplier of updated python-apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 10 Dec 2020 15:35:32 +0100
Source: python-apt
Architecture: source
Version: 2.1.7
Distribution: unstable
Urgency: medium
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Closes: 977000
Changes:
 python-apt (2.1.7) unstable; urgency=medium
 .
   * SECURITY UPDATE: various memory and file descriptor leaks (LP: #1899193)
     - python/arfile.cc, python/generic.h, python/tag.cc, python/tarfile.cc:
       fix file descriptor and memory leaks
     - python/apt_instmodule.cc, python/apt_instmodule.h, python/arfile.h:
       Avoid reference cycle with control,data members in apt_inst.DebFile
       objects
     - tests/test_cve_2020_27351.py: Test cases for DebFile (others not easily
       testable)
   * Regression fixes for the updates merged too:
     - arfile.cc: Fix segmentation fault when opening fd, track lifetime correctly
       (Closes: #977000)
     - arfile: Regression: Collect file<->deb/ar reference cycles
Checksums-Sha1:
 2a2b6564547b4f4328d9c06b2006ae71dfab46fa 2366 python-apt_2.1.7.dsc
 fcdb331ea837c72c3aaf288f05c3d60d26b647b0 345376 python-apt_2.1.7.tar.xz
 3f1fd50d400c1df29e578253bcdf22f558038c07 9452 python-apt_2.1.7_source.buildinfo
Checksums-Sha256:
 12947293ba2b3ef33e36e8bf39a692ce17d2bf3495459e84c8f6289d224953bc 2366 python-apt_2.1.7.dsc
 f5ede02141d0a1978ca96cf4a75d7096327318ef96cf2e13012fadde8d690915 345376 python-apt_2.1.7.tar.xz
 880740bb5c1679248b4aa5667cd00fdb8d7714452ec79bd7a4a3b4915affda52 9452 python-apt_2.1.7_source.buildinfo
Files:
 8a5ef18accf76135209c8f23bfec9aae 2366 python optional python-apt_2.1.7.dsc
 222d78e9a2f312216e9504a711ab53a3 345376 python optional python-apt_2.1.7.tar.xz
 fab632b0bf65b532a88b6b0f7422e2ee 9452 python optional python-apt_2.1.7_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAl/SMvEPHGpha0BkZWJp
YW4ub3JnAAoJEG+kWN0dsD9xjcQQAJI7aeJVnkwcU7NV5Lbm8ojZGkvfHFjhXSqu
c+AkTsAoq3A3xxgj3bwCDoNvfaG9NIuGoxhqPflgT4MRirjdl4sQOqN7O2xVzKv+
KOs03Da7m5SP+TKorvxm0+LbvNIerQ82KReR8A7lqhe33P+7O1uwD+hk7iANIULP
JmnsnIAWLr7kf1wSY25AoeEEzqJ1MFIWdj30bp+bd4Grn4rRoNLheboMdbQricVP
XIDr6Hq1/url9Ukyaiiq9FUGVcesKPNi1kfrKM0HZQtOnGkG3WOO99fgUEwdYLRh
uAElUga36N5Q912FLnUNx/j2WRjdAyCU3gPuWILRkgg6/6sOsR89Nn6udjK2K8VH
7D6nO3e4tGNA0E/nVKSJ7WCEaXIAV+n5xBne6KGs5CW+JYHPqlDcJ6CK6vP/NdVz
AZjSMnmwuM2aoRtOnLXwC1FkYRERGw1aoTlc9D9CJSk/sGUjCBRNL0cNLy/feo0u
NNMuj62wYKppxyKF4AD6poAbo2kqMr5sUvxuq1q7W0vw8O1PYOUOzNca1LSuGEOl
U9uX5BuRC48W1O1z4YNeuuQNMYxu0QsCQYwMW+1TvBPmoZA0TdvuAKmJhoo6fIw2
YRmjXvrmnSOvCB8ngPXkjbjMfvpXhC1jClzBGSMWqkW73TzzkWjjr4i5UQv6Vd+Z
Ja7DiosA
=vP3N
-----END PGP SIGNATURE-----

Message #23 received at 977000-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 977000-close@bugs.debian.org

Subject: Bug#977000: fixed in python-apt 1.8.4.3

Date: Mon, 28 Dec 2020 13:53:34 +0000

Source: python-apt
Source-Version: 1.8.4.3
Done: Julian Andres Klode <jak@debian.org>

We believe that the bug you reported is fixed in the latest version of
python-apt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 977000@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julian Andres Klode <jak@debian.org> (supplier of updated python-apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 22 Dec 2020 20:38:06 +0100
Source: python-apt
Architecture: source
Version: 1.8.4.3
Distribution: buster-security
Urgency: high
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Closes: 977000
Changes:
 python-apt (1.8.4.3) buster-security; urgency=high
 .
   * REGRESSION UPDATE: Passing a file descriptor to apt_inst.ArFile or
     apt_inst.DebFile caused a segmentation fault (Closes: #977000):
     - python/arfile.cc: Fix segmentation fault when opening fd, track lifetime
       correctly
   * REGRESSION UPDATE: arfile: Collect file<->deb/ar reference cycles
Checksums-Sha1:
 01b3778b5479276b92e94271b14cbab43cf8ba41 2459 python-apt_1.8.4.3.dsc
 dbc4901b967673a32429b3d360789e7b16f27279 345036 python-apt_1.8.4.3.tar.xz
 67168c49238b319beed5f460d82bf5fc873a2870 10229 python-apt_1.8.4.3_source.buildinfo
Checksums-Sha256:
 114a4bc4f8d13ab6b8772af6c2f5786340d42ac2d94f1196afcb809b5816ff55 2459 python-apt_1.8.4.3.dsc
 69ea6bdb0b0f23f58be63af51c4f8da24000051e710f0a927d6a936677d097eb 345036 python-apt_1.8.4.3.tar.xz
 4c55e2fa719921db6f912736819d738f0c40fdb6920b972051c02391aa5f3d20 10229 python-apt_1.8.4.3_source.buildinfo
Files:
 859d624cfdafd7b4168de8f0cbe56c98 2459 python optional python-apt_1.8.4.3.dsc
 fa51ebb09b7c73043b5080a0e612ecd8 345036 python optional python-apt_1.8.4.3.tar.xz
 cdbc9af2e3cf458ca91010ce8141433a 10229 python optional python-apt_1.8.4.3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAl/iVIMPHGpha0BkZWJp
YW4ub3JnAAoJEG+kWN0dsD9xDdMQAJaNF72pFJAGczjMHc4Hyr8jFZXq7jDp1H4E
ko3E3uYC1fw1iTVlJHuQUlZ4pW1fss4EncnzobNjBKxdUmyqzAJM60stk8VeWvlx
a2chLr3H33pmnVrrEB7oF5CP4cE0rUS09qxVcCsoy1sz9J/er6AlXh44Uc3miUpS
tc//nThRnaf+5oj7Oy7M+jUkBuYGx0xvq8OZx7n8ybVs2BeI2OlFyYXOg5UDs0VH
IVuuV8tr6PVkRuZymbzl1VObdZhnMUW0OvGYlf1ADfe9amxKsbkdkkm6CFjaDvVo
k908ViS72LlTqH7IZhNWI4ZLZb+6yVPX6hZecrcwDB+iTuJZksgux+uAAvT7pUD8
tr33P0VWTmRGh1dGg34LETH5ycXHHXXiUDuVnOZb20esE/CTpvclQwOvdQzhn3bz
vTTb6k7F1Jv7hw1sY9JyDp+udsVnAlITNdw8uqSswsxPo8XqVJ1USZ5yJen9yLMI
YsvJatHWEa4ByEsVfKbnVq920EymOHdCYwI9oP2Z3w/f/t7oNMJOMUoHZgRwSB/B
fLUIFeO+xMQMvZHh/53TnG1BtJyzXZ7crT5FVV8kMbSpgVUz99A5opMSwNo5FCbM
ylbbA2kbqNEP7zVVliiCoax6mG8ftDxCNxVkmfPr1hyLh6Juy2ehPBK9mAtQ8wvh
94swd/Uw
=hq7+
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.