Hello Alex, or anyone else affected, Accepted gvfs into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gvfs/1.36.1-0ubuntu1.2 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: gvfs (Ubuntu Bionic) Status: New => Fix Committed ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gvfs in Ubuntu. https://bugs.launchpad.net/bugs/1798725 Title: gvfs may crash when parsing non-valid UTF8 in autorun.inf Status in gvfs package in Ubuntu: Fix Released Status in gvfs source package in Bionic: Fix Committed Status in gvfs source package in Cosmic: Fix Committed Bug description: * Impact gvfs can be made to segfault by being provided an invalid autorun.inf * Test Case Use the proof of concept from bellow to generate an invalid autorun.inf and place it on an usb drive, connect the drive to the computer, gvfs shouldn't hit a segfault * Regression potential Check that the autorun feature keeps working ----------------------- Reported upstream at https://bugs.exim.org/show_bug.cgi?id=2330 - libpcre3 can be made to crash when matching the pattern \s*= when the context is n\xff= Able to reproduce on current Bionic using the PoC attached (which is copied directly from the upstream bug report) - in a fresh Bionic VM: $ sudo apt install build-essential libgtk2.0-dev $ cd PCRE_PoC $ ./compilePoC.sh $ ./PoC Content: ------------------- n�= ------------------- Pattern: ------------------- \s*= --------------------- Segmentation fault (core dumped) Haven't yet tested the second PoC via an external disk autorun.inf and gvfs-udisks2-volume-monitor. Also haven't tested in Cosmic / older releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/1798725/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
