Bug#941018: ibus 1.5.21-1 does not work with qt5 applications
Simon McVittie
smcv at debian.org
Wed Oct 30 15:04:26 GMT 2019
On Wed, 30 Oct 2019 at 15:45:19 +0100, Gunnar Hjalmarsson wrote:
> Seeing that you included quite a few patches in this update, I have a
> question as regards the stable releases. Are the commits included in
> <https://gitlab.gnome.org/GNOME/glib/merge_requests/1176> a standalone set
> of commits which would be sufficient for patching the stable releases in
> order to fix the IBus/Qt issue? I'm asking with my Ubuntu glasses on at
> first hand (in Ubuntu 16.04 we have glib2.0 2.48...), but the question does
> reasonably apply to Debian too.
I was hoping to let glib2.0 get some testing in unstable before
backporting anything. A build of GLib with amd64, i386, build-time tests,
autopkgtest and piuparts takes about an hour, and I have to do my actual
job as well, so I can't iterate on this particularly rapidly.
How do the security team want to handle this - as a stable update, or
as a DSA? It isn't a security fix in its own right, but it fixes what
is effectively a regression triggered by fixing CVE-2019-14822 in ibus
(#940267, DSA-4525-1).
The functionally important patches for this particular bug are:
* d/p/credentials-Invalid-Linux-struct-ucred-means-no-informati.patch
* d/p/GDBus-prefer-getsockopt-style-credentials-passing-APIs.patch
The first of those might need minor adjustment to apply in the absence
of d/p/gcredentialsprivate-Document-the-various-private-macros.patch, or
we could just apply that one too - it only adds documentation.
The test in d/p/Add-a-test-for-GDBusServer-authentication.patch would
be reassuring to have, but it is known to fail on non-Linux kernels
(a fix is pending review upstream and included in the 2.62.2-2 Debian
package), and might depend on other, less critical GDBus fixes. For what
it's worth, upstream didn't include it in the initial backport of !1176
to the 2.62.x branch.
smcv
More information about the pkg-gnome-maintainers
mailing list