diff --git a/backport-0001-CVE-2021-28153.patch b/backport-0001-CVE-2021-28153.patch deleted file mode 100644 index 95cda13981543d86e63bd3e576e318ebf460fcce..0000000000000000000000000000000000000000 --- a/backport-0001-CVE-2021-28153.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 78420a75aeb70569a8cd79fa0fea7b786b6f785f Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Wed, 24 Feb 2021 17:33:38 +0000 -Subject: [PATCH 1/5] glocalfileoutputstream: Fix a typo in a comment - -Signed-off-by: Philip Withnall - -Conflict:NA -Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/01c5468e10707cbf78e6e83bbcf1ce9c866f2885 ---- - gio/glocalfileoutputstream.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c -index f34c3e439..e3d31d6b3 100644 ---- a/gio/glocalfileoutputstream.c -+++ b/gio/glocalfileoutputstream.c -@@ -854,7 +854,7 @@ handle_overwrite_open (const char *filename, - mode = mode_from_flags_or_info (flags, reference_info); - - /* We only need read access to the original file if we are creating a backup. -- * We also add O_CREATE to avoid a race if the file was just removed */ -+ * We also add O_CREAT to avoid a race if the file was just removed */ - if (create_backup || readable) - open_flags = O_RDWR | O_CREAT | O_BINARY; - else --- -GitLab diff --git a/backport-0002-CVE-2021-28153.patch b/backport-0002-CVE-2021-28153.patch deleted file mode 100644 index fbfc9f0269102e530a8a6593e2351af087eff076..0000000000000000000000000000000000000000 --- a/backport-0002-CVE-2021-28153.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 32d3d02a50e7dcec5f4cf7908e7ac88d575d8fc5 Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Wed, 24 Feb 2021 17:34:32 +0000 -Subject: [PATCH 2/5] tests: Stop using g_test_bug_base() in file tests -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Since a following commit is going to add a new test which references -Gitlab, so it鈥檚 best to move the URI bases inside the test cases. - -Signed-off-by: Philip Withnall - -Conflict:NA -Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/01c5468e10707cbf78e6e83bbcf1ce9c866f2885 ---- - gio/tests/file.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/gio/tests/file.c b/gio/tests/file.c -index d8769656c..39d51dadb 100644 ---- a/gio/tests/file.c -+++ b/gio/tests/file.c -@@ -686,7 +686,7 @@ test_replace_cancel (void) - guint count; - GError *error = NULL; - -- g_test_bug ("629301"); -+ g_test_bug ("https://bugzilla.gnome.org/629301"); - - path = g_dir_make_tmp ("g_file_replace_cancel_XXXXXX", &error); - g_assert_no_error (error); -@@ -1785,8 +1785,6 @@ main (int argc, char *argv[]) - { - g_test_init (&argc, &argv, NULL); - -- g_test_bug_base ("http://bugzilla.gnome.org/"); -- - g_test_add_func ("/file/basic", test_basic); - g_test_add_func ("/file/build-filename", test_build_filename); - g_test_add_func ("/file/parent", test_parent); --- -GitLab diff --git a/backport-0003-CVE-2021-28153.patch b/backport-0003-CVE-2021-28153.patch deleted file mode 100644 index 3af74bffc1010d6333f62e62972ea1937723dd93..0000000000000000000000000000000000000000 --- a/backport-0003-CVE-2021-28153.patch +++ /dev/null @@ -1,59 +0,0 @@ -From ce0eb088a68171eed3ac217cb92a72e36eb57d1b Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Wed, 10 Mar 2021 16:05:55 +0000 -Subject: [PATCH 3/5] glocalfileoutputstream: Factor out a flag check - -This clarifies the code a little. It introduces no functional changes. - -Signed-off-by: Philip Withnall - -Conflict:NA -Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/01c5468e10707cbf78e6e83bbcf1ce9c866f2885 ---- - gio/glocalfileoutputstream.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c -index beb8fee..8b087f7 100644 ---- a/gio/glocalfileoutputstream.c -+++ b/gio/glocalfileoutputstream.c -@@ -847,6 +847,7 @@ handle_overwrite_open (const char *filename, - int res; - int mode; - int errsv; -+ gboolean replace_destination_set = (flags & G_FILE_CREATE_REPLACE_DESTINATION); - - mode = mode_from_flags_or_info (flags, reference_info); - -@@ -953,8 +954,8 @@ handle_overwrite_open (const char *filename, - * The second strategy consist simply in copying the old file - * to a backup file and rewrite the contents of the file. - */ -- -- if ((flags & G_FILE_CREATE_REPLACE_DESTINATION) || -+ -+ if (replace_destination_set || - (!(original_stat.st_nlink > 1) && !is_symlink)) - { - char *dirname, *tmp_filename; -@@ -973,7 +974,7 @@ handle_overwrite_open (const char *filename, - - /* try to keep permissions (unless replacing) */ - -- if ( ! (flags & G_FILE_CREATE_REPLACE_DESTINATION) && -+ if (!replace_destination_set && - ( - #ifdef HAVE_FCHOWN - fchown (tmpfd, original_stat.st_uid, original_stat.st_gid) == -1 || -@@ -1112,7 +1113,7 @@ handle_overwrite_open (const char *filename, - } - } - -- if (flags & G_FILE_CREATE_REPLACE_DESTINATION) -+ if (replace_destination_set) - { - g_close (fd, NULL); - --- -2.23.0 - diff --git a/backport-0004-CVE-2021-28153.patch b/backport-0004-CVE-2021-28153.patch deleted file mode 100644 index df0f68f45ea9bf534199dc7e619542ed292ba7f1..0000000000000000000000000000000000000000 --- a/backport-0004-CVE-2021-28153.patch +++ /dev/null @@ -1,283 +0,0 @@ -From 317b3b587058a05dca95d56dac26568c5b098d33 Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Wed, 24 Feb 2021 17:36:07 +0000 -Subject: [PATCH 4/5] glocalfileoutputstream: Fix CREATE_REPLACE_DESTINATION - with symlinks -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The `G_FILE_CREATE_REPLACE_DESTINATION` flag is equivalent to unlinking -the destination file and re-creating it from scratch. That did -previously work, but in the process the code would call `open(O_CREAT)` -on the file. If the file was a dangling symlink, this would create the -destination file (empty). That鈥檚 not an intended side-effect, and has -security implications if the symlink is controlled by a lower-privileged -process. - -Fix that by not opening the destination file if it鈥檚 a symlink, and -adjusting the rest of the code to cope with - - the fact that `fd == -1` is not an error iff `is_symlink` is true, - - and that `original_stat` will contain the `lstat()` results for the - symlink now, rather than the `stat()` results for its target (again, - iff `is_symlink` is true). - -This means that the target of the dangling symlink is no longer created, -which was the bug. The symlink itself continues to be replaced (as -before) with the new file 鈥� this is the intended behaviour of -`g_file_replace()`. - -The behaviour for non-symlink cases, or cases where the symlink was not -dangling, should be unchanged. - -Includes a unit test. - -Signed-off-by: Philip Withnall - -Fixes: #2325 - -Conflict:NA -Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/01c5468e10707cbf78e6e83bbcf1ce9c866f2885 - ---- - gio/glocalfileoutputstream.c | 65 +++++++++++++++------ - gio/tests/file.c | 108 +++++++++++++++++++++++++++++++++++ - 2 files changed, 156 insertions(+), 17 deletions(-) - -diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c -index 8b087f7..e6edb5e 100644 ---- a/gio/glocalfileoutputstream.c -+++ b/gio/glocalfileoutputstream.c -@@ -875,16 +875,22 @@ handle_overwrite_open (const char *filename, - /* Could be a symlink, or it could be a regular ELOOP error, - * but then the next open will fail too. */ - is_symlink = TRUE; -- fd = g_open (filename, open_flags, mode); -+ if (!replace_destination_set) -+ fd = g_open (filename, open_flags, mode); - } --#else -- fd = g_open (filename, open_flags, mode); -- errsv = errno; -+#else /* if !O_NOFOLLOW */ - /* This is racy, but we do it as soon as possible to minimize the race */ - is_symlink = g_file_test (filename, G_FILE_TEST_IS_SYMLINK); -+ -+ if (!is_symlink || !replace_destination_set) -+ { -+ fd = g_open (filename, open_flags, mode); -+ errsv = errno; -+ } - #endif - -- if (fd == -1) -+ if (fd == -1 && -+ (!is_symlink || !replace_destination_set)) - { - char *display_name = g_filename_display_name (filename); - g_set_error (error, G_IO_ERROR, -@@ -894,13 +900,26 @@ handle_overwrite_open (const char *filename, - g_free (display_name); - return -1; - } -- -+ -+ if (!is_symlink) -+ { - #ifdef G_OS_WIN32 -- res = GLIB_PRIVATE_CALL (g_win32_fstat) (fd, &original_stat); -+ res = GLIB_PRIVATE_CALL (g_win32_fstat) (fd, &original_stat); - #else -- res = fstat (fd, &original_stat); -+ res = fstat (fd, &original_stat); - #endif -- errsv = errno; -+ errsv = errno; -+ } -+ else -+ { -+#ifdef G_OS_WIN32 -+ res = GLIB_PRIVATE_CALL (g_win32_fstat) (filename, &original_stat); -+#else -+ res = fstat (filename, &original_stat); -+#endif -+ errsv = errno; -+ } -+ - - if (res != 0) - { -@@ -917,16 +936,27 @@ handle_overwrite_open (const char *filename, - if (!S_ISREG (original_stat.st_mode)) - { - if (S_ISDIR (original_stat.st_mode)) -- g_set_error_literal (error, -- G_IO_ERROR, -- G_IO_ERROR_IS_DIRECTORY, -- _("Target file is a directory")); -- else -- g_set_error_literal (error, -+ { -+ g_set_error_literal (error, -+ G_IO_ERROR, -+ G_IO_ERROR_IS_DIRECTORY, -+ _("Target file is a directory")); -+ goto err_out; -+ } -+ else if (!is_symlink || -+#ifdef S_ISLNK -+ !S_ISLNK (original_stat.st_mode) -+#else -+ FALSE -+#endif -+ ) -+ { -+ g_set_error_literal (error, - G_IO_ERROR, - G_IO_ERROR_NOT_REGULAR_FILE, - _("Target file is not a regular file")); -- goto err_out; -+ goto err_out; -+ } - } - - if (etag != NULL) -@@ -1007,7 +1037,8 @@ handle_overwrite_open (const char *filename, - } - } - -- g_close (fd, NULL); -+ if (fd >= 0) -+ g_close (fd, NULL); - *temp_filename = tmp_filename; - return tmpfd; - } -diff --git a/gio/tests/file.c b/gio/tests/file.c -index d51ac6d..51b665f 100644 ---- a/gio/tests/file.c -+++ b/gio/tests/file.c -@@ -804,6 +804,113 @@ test_replace_cancel (void) - g_object_unref (tmpdir); - } - -+static void -+test_replace_symlink (void) -+{ -+#ifdef G_OS_UNIX -+ gchar *tmpdir_path = NULL; -+ GFile *tmpdir = NULL, *source_file = NULL, *target_file = NULL; -+ GFileOutputStream *stream = NULL; -+ const gchar *new_contents = "this is a test message which should be written to source and not target"; -+ gsize n_written; -+ GFileEnumerator *enumerator = NULL; -+ GFileInfo *info = NULL; -+ gchar *contents = NULL; -+ gsize length = 0; -+ GError *local_error = NULL; -+ -+ g_test_bug ("https://gitlab.gnome.org/GNOME/glib/-/issues/2325"); -+ g_test_summary ("Test that G_FILE_CREATE_REPLACE_DESTINATION doesn’t follow symlinks"); -+ -+ /* Create a fresh, empty working directory. */ -+ tmpdir_path = g_dir_make_tmp ("g_file_replace_symlink_XXXXXX", &local_error); -+ g_assert_no_error (local_error); -+ tmpdir = g_file_new_for_path (tmpdir_path); -+ -+ g_test_message ("Using temporary directory %s", tmpdir_path); -+ g_free (tmpdir_path); -+ -+ /* Create symlink `source` which points to `target`. */ -+ source_file = g_file_get_child (tmpdir, "source"); -+ target_file = g_file_get_child (tmpdir, "target"); -+ g_file_make_symbolic_link (source_file, "target", NULL, &local_error); -+ g_assert_no_error (local_error); -+ -+ /* Ensure that `target` doesn’t exist */ -+ g_assert_false (g_file_query_exists (target_file, NULL)); -+ -+ /* Replace the `source` symlink with a regular file using -+ * %G_FILE_CREATE_REPLACE_DESTINATION, which should replace it *without* -+ * following the symlink */ -+ stream = g_file_replace (source_file, NULL, FALSE /* no backup */, -+ G_FILE_CREATE_REPLACE_DESTINATION, NULL, &local_error); -+ g_assert_no_error (local_error); -+ -+ g_output_stream_write_all (G_OUTPUT_STREAM (stream), new_contents, strlen (new_contents), -+ &n_written, NULL, &local_error); -+ g_assert_no_error (local_error); -+ g_assert_cmpint (n_written, ==, strlen (new_contents)); -+ -+ g_output_stream_close (G_OUTPUT_STREAM (stream), NULL, &local_error); -+ g_assert_no_error (local_error); -+ -+ g_clear_object (&stream); -+ -+ /* At this point, there should still only be one file: `source`. It should -+ * now be a regular file. `target` should not exist. */ -+ enumerator = g_file_enumerate_children (tmpdir, -+ G_FILE_ATTRIBUTE_STANDARD_NAME "," -+ G_FILE_ATTRIBUTE_STANDARD_TYPE, -+ G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, NULL, &local_error); -+ g_assert_no_error (local_error); -+ -+ info = g_file_enumerator_next_file (enumerator, NULL, &local_error); -+ g_assert_no_error (local_error); -+ g_assert_nonnull (info); -+ -+ g_assert_cmpstr (g_file_info_get_name (info), ==, "source"); -+ g_assert_cmpint (g_file_info_get_file_type (info), ==, G_FILE_TYPE_REGULAR); -+ -+ g_clear_object (&info); -+ -+ info = g_file_enumerator_next_file (enumerator, NULL, &local_error); -+ g_assert_no_error (local_error); -+ g_assert_null (info); -+ -+ g_file_enumerator_close (enumerator, NULL, &local_error); -+ g_assert_no_error (local_error); -+ g_clear_object (&enumerator); -+ -+ /* Double-check that `target` doesn’t exist */ -+ g_assert_false (g_file_query_exists (target_file, NULL)); -+ -+ /* Check the content of `source`. */ -+ g_file_load_contents (source_file, -+ NULL, -+ &contents, -+ &length, -+ NULL, -+ &local_error); -+ g_assert_no_error (local_error); -+ g_assert_cmpstr (contents, ==, new_contents); -+ g_assert_cmpuint (length, ==, strlen (new_contents)); -+ g_free (contents); -+ -+ /* Tidy up. */ -+ g_file_delete (source_file, NULL, &local_error); -+ g_assert_no_error (local_error); -+ -+ g_file_delete (tmpdir, NULL, &local_error); -+ g_assert_no_error (local_error); -+ -+ g_clear_object (&target_file); -+ g_clear_object (&source_file); -+ g_clear_object (&tmpdir); -+#else /* if !G_OS_UNIX */ -+ g_test_skip ("Symlink replacement tests can only be run on Unix") -+#endif -+} -+ - static void - on_file_deleted (GObject *object, - GAsyncResult *result, -@@ -1752,6 +1859,7 @@ main (int argc, char *argv[]) - g_test_add_data_func ("/file/async-create-delete/4096", GINT_TO_POINTER (4096), test_create_delete); - g_test_add_func ("/file/replace-load", test_replace_load); - g_test_add_func ("/file/replace-cancel", test_replace_cancel); -+ g_test_add_func ("/file/replace-symlink", test_replace_symlink); - g_test_add_func ("/file/async-delete", test_async_delete); - #ifdef G_OS_UNIX - g_test_add_func ("/file/copy-preserve-mode", test_copy_preserve_mode); --- -2.23.0 - diff --git a/backport-0005-CVE-2021-28153.patch b/backport-0005-CVE-2021-28153.patch deleted file mode 100644 index 2e819beb4b690d8f46acbcc761f91a48e99c83bb..0000000000000000000000000000000000000000 --- a/backport-0005-CVE-2021-28153.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 6c6439261bc7a8a0627519848a7222b3e1bd4ffe Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Wed, 24 Feb 2021 17:42:24 +0000 -Subject: [PATCH 5/5] glocalfileoutputstream: Add a missing O_CLOEXEC flag to - replace() - -Signed-off-by: Philip Withnall - -Conflict:NA -Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/01c5468e10707cbf78e6e83bbcf1ce9c866f2885 ---- - gio/glocalfileoutputstream.c | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - -diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c -index a2c7e3cc0..4c512ea81 100644 ---- a/gio/glocalfileoutputstream.c -+++ b/gio/glocalfileoutputstream.c -@@ -63,6 +63,12 @@ - #define O_BINARY 0 - #endif - -+#ifndef O_CLOEXEC -+#define O_CLOEXEC 0 -+#else -+#define HAVE_O_CLOEXEC 1 -+#endif -+ - struct _GLocalFileOutputStreamPrivate { - char *tmp_filename; - char *original_filename; -@@ -1239,7 +1245,7 @@ _g_local_file_output_stream_replace (const char *filename, - sync_on_close = FALSE; - - /* If the file doesn't exist, create it */ -- open_flags = O_CREAT | O_EXCL | O_BINARY; -+ open_flags = O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC; - if (readable) - open_flags |= O_RDWR; - else -@@ -1269,8 +1275,11 @@ _g_local_file_output_stream_replace (const char *filename, - set_error_from_open_errno (filename, error); - return NULL; - } -- -- -+#if !defined(HAVE_O_CLOEXEC) && defined(F_SETFD) -+ else -+ fcntl (fd, F_SETFD, FD_CLOEXEC); -+#endif -+ - stream = g_object_new (G_TYPE_LOCAL_FILE_OUTPUT_STREAM, NULL); - stream->priv->fd = fd; - stream->priv->sync_on_close = sync_on_close; --- -GitLab diff --git a/backport-CVE-2020-35457.patch b/backport-CVE-2020-35457.patch deleted file mode 100644 index 66b1b281e638f2653e62fdedc742ebf4fbcfecf6..0000000000000000000000000000000000000000 --- a/backport-CVE-2020-35457.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 63c5b62f0a984fac9a9700b12f54fe878e016a5d Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Wed, 2 Sep 2020 12:38:09 +0100 -Subject: [PATCH] goption: Add a precondition to avoid GOptionEntry list - overflow -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -reason:Add a precondition to avoid GOptionEntry list overflow -Conflict:NA -Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d - -Signed-off-by: Philip Withnall - -Fixes: #2197 ---- - glib/goption.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/glib/goption.c b/glib/goption.c -index 9f5b977c4..bb9093a33 100644 ---- a/glib/goption.c -+++ b/glib/goption.c -@@ -2422,6 +2422,8 @@ g_option_group_add_entries (GOptionGroup *group, - - for (n_entries = 0; entries[n_entries].long_name != NULL; n_entries++) ; - -+ g_return_if_fail (n_entries <= G_MAXSIZE - group->n_entries); -+ - group->entries = g_renew (GOptionEntry, group->entries, group->n_entries + n_entries); - - /* group->entries could be NULL in the trivial case where we add no --- -GitLab - diff --git a/backport-CVE-2021-27218.patch b/backport-CVE-2021-27218.patch deleted file mode 100644 index 86f4cdb1c9bb6f7ed10dda6d4babbaea483079a3..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-27218.patch +++ /dev/null @@ -1,60 +0,0 @@ -From acb7b0ec69f26a7df10af3992359890b09f076e8 Mon Sep 17 00:00:00 2001 -From: Krzesimir Nowak -Date: Wed, 10 Feb 2021 23:51:07 +0100 -Subject: [PATCH] gbytearray: Do not accept too large byte arrays - -GByteArray uses guint for storing the length of the byte array, but it -also has a constructor (g_byte_array_new_take) that takes length as a -gsize. gsize may be larger than guint (64 bits for gsize vs 32 bits -for guint). It is possible to call the function with a value greater -than G_MAXUINT, which will result in silent length truncation. This -may happen as a result of unreffing GBytes into GByteArray, so rather -be loud about it. - -(Test case tweaked by Philip Withnall.) ---- - glib/garray.c | 6 ++++++ - glib/gbytes.c | 4 ++++ - 2 files changed, 10 insertions(+) - -diff --git a/glib/garray.c b/glib/garray.c -index de720210c..2b66f16a6 100644 ---- a/glib/garray.c -+++ b/glib/garray.c -@@ -2261,6 +2261,10 @@ g_byte_array_steal (GByteArray *array, - * Create byte array containing the data. The data will be owned by the array - * and will be freed with g_free(), i.e. it could be allocated using g_strdup(). - * -+ * Do not use it if @len is greater than %G_MAXUINT. #GByteArray -+ * stores the length of its data in #guint, which may be shorter than -+ * #gsize. -+ * - * Since: 2.32 - * - * Returns: (transfer full): a new #GByteArray -@@ -2272,6 +2276,8 @@ g_byte_array_new_take (guint8 *data, - GByteArray *array; - GRealArray *real; - -+ g_return_val_if_fail (len <= G_MAXUINT, NULL); -+ - array = g_byte_array_new (); - real = (GRealArray *)array; - g_assert (real->data == NULL); -diff --git a/glib/gbytes.c b/glib/gbytes.c -index 00fd79155..aaadf451b 100644 ---- a/glib/gbytes.c -+++ b/glib/gbytes.c -@@ -519,6 +519,10 @@ g_bytes_unref_to_data (GBytes *bytes, - * g_bytes_new(), g_bytes_new_take() or g_byte_array_free_to_bytes(). In all - * other cases the data is copied. - * -+ * Do not use it if @bytes contains more than %G_MAXUINT -+ * bytes. #GByteArray stores the length of its data in #guint, which -+ * may be shorter than #gsize, that @bytes is using. -+ * - * Returns: (transfer full): a new mutable #GByteArray containing the same byte data - * - * Since: 2.32 --- -GitLab diff --git a/backport-CVE-2021-27219.patch b/backport-CVE-2021-27219.patch deleted file mode 100644 index 8420bd7bf7e518c369fbd7c2e642a8131272d008..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-27219.patch +++ /dev/null @@ -1,808 +0,0 @@ -From f8cf0b8672209e0b829542e194e302f1de169929 Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Thu, 4 Feb 2021 13:30:52 +0000 -Subject: [PATCH 01/11] gstrfuncs: Add g_memdup2() function - -This will replace the existing `g_memdup()` function, which has an -unavoidable security flaw of taking its `byte_size` argument as a -`guint` rather than as a `gsize`. Most callers will expect it to be a -`gsize`, and may pass in large values which could silently be truncated, -resulting in an undersize allocation compared to what the caller -expects. - -This could lead to a classic buffer overflow vulnerability for many -callers of `g_memdup()`. - -`g_memdup2()`, in comparison, takes its `byte_size` as a `gsize`. - -Spotted by Kevin Backhouse of GHSL. - -Signed-off-by: Philip Withnall -Helps: GHSL-2021-045 -Helps: #2319 - -reason:Fix CVE-2021-27219 - -Conflict:NA -Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/20cfc75d148e3be0c026cc7eff3a9cdb72bf5c56 - -diff -Naur a/docs/reference/glib/glib-sections.txt b/docs/reference/glib/glib-sections.txt ---- a/docs/reference/glib/glib-sections.txt 2021-03-06 09:46:03.657000000 +0800 -+++ b/docs/reference/glib/glib-sections.txt 2021-03-05 14:58:36.022000000 +0800 -@@ -1275,6 +1275,7 @@ - - g_memmove - g_memdup -+g_memdup2 - - - GMemVTable -diff -Naur a/gio/gdatainputstream.c b/gio/gdatainputstream.c ---- a/gio/gdatainputstream.c 2021-03-06 09:46:03.661000000 +0800 -+++ b/gio/gdatainputstream.c 2021-03-05 15:10:26.335000000 +0800 -@@ -856,7 +856,7 @@ - scan_for_chars (GDataInputStream *stream, - gsize *checked_out, - const char *stop_chars, -- gssize stop_chars_len) -+ gsize stop_chars_len) - { - GBufferedInputStream *bstream; - const char *buffer; -@@ -952,7 +952,7 @@ - gsize checked; - - gchar *stop_chars; -- gssize stop_chars_len; -+ gsize stop_chars_len; - gsize length; - } GDataInputStreamReadData; - -@@ -1078,12 +1078,16 @@ - { - GDataInputStreamReadData *data; - GTask *task; -+ gsize stop_chars_len_unsigned; - - data = g_slice_new0 (GDataInputStreamReadData); -- if (stop_chars_len == -1) -- stop_chars_len = strlen (stop_chars); -- data->stop_chars = g_memdup (stop_chars, stop_chars_len); -- data->stop_chars_len = stop_chars_len; -+ if (stop_chars_len < 0) -+ stop_chars_len_unsigned = strlen (stop_chars); -+ else -+ stop_chars_len_unsigned = (gsize) stop_chars_len; -+ -+ data->stop_chars = g_memdup2 (stop_chars, stop_chars_len_unsigned); -+ data->stop_chars_len = stop_chars_len_unsigned; - data->last_saw_cr = FALSE; - - task = g_task_new (stream, cancellable, callback, user_data); -@@ -1338,17 +1342,20 @@ - gssize found_pos; - gssize res; - char *data_until; -+ gsize stop_chars_len_unsigned; - - g_return_val_if_fail (G_IS_DATA_INPUT_STREAM (stream), NULL); - - if (stop_chars_len < 0) -- stop_chars_len = strlen (stop_chars); -+ stop_chars_len_unsigned = strlen (stop_chars); -+ else -+ stop_chars_len_unsigned = (gsize) stop_chars_len; - - bstream = G_BUFFERED_INPUT_STREAM (stream); - - checked = 0; - -- while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len)) == -1) -+ while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len_unsigned)) == -1) - { - if (g_buffered_input_stream_get_available (bstream) == - g_buffered_input_stream_get_buffer_size (bstream)) -diff -Naur a/gio/gdbusconnection.c b/gio/gdbusconnection.c ---- a/gio/gdbusconnection.c 2021-03-06 09:46:03.663000000 +0800 -+++ b/gio/gdbusconnection.c 2021-03-05 15:14:19.973000000 +0800 -@@ -3997,7 +3997,7 @@ - /* Don't waste memory by copying padding - remember to update this - * when changing struct _GDBusInterfaceVTable in gdbusconnection.h - */ -- return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer)); -+ return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer)); - } - - static void -@@ -4014,7 +4014,7 @@ - /* Don't waste memory by copying padding - remember to update this - * when changing struct _GDBusSubtreeVTable in gdbusconnection.h - */ -- return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer)); -+ return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer)); - } - - static void -diff -Naur a/gio/gdbusinterfaceskeleton.c b/gio/gdbusinterfaceskeleton.c ---- a/gio/gdbusinterfaceskeleton.c 2021-03-06 09:46:03.663000000 +0800 -+++ b/gio/gdbusinterfaceskeleton.c 2021-03-05 15:36:52.369000000 +0800 -@@ -701,7 +701,7 @@ - * properly before building the hooked_vtable, so we create it - * once at the last minute. - */ -- interface_->priv->hooked_vtable = g_memdup (g_dbus_interface_skeleton_get_vtable (interface_), sizeof (GDBusInterfaceVTable)); -+ interface_->priv->hooked_vtable = g_memdup2 (g_dbus_interface_skeleton_get_vtable (interface_), sizeof (GDBusInterfaceVTable)); - interface_->priv->hooked_vtable->method_call = skeleton_intercept_handle_method_call; - } - -diff -Naur a/gio/gfile.c b/gio/gfile.c ---- a/gio/gfile.c 2021-03-06 09:46:03.666000000 +0800 -+++ b/gio/gfile.c 2021-03-05 15:44:25.759000000 +0800 -@@ -7884,7 +7884,7 @@ - g_main_context_invoke_full (g_task_get_context (task), - g_task_get_priority (task), - measure_disk_usage_invoke_progress, -- g_memdup (&progress, sizeof progress), -+ g_memdup2 (&progress, sizeof progress), - g_free); - } - -@@ -7902,7 +7902,7 @@ - data->progress_callback ? measure_disk_usage_progress : NULL, task, - &result.disk_usage, &result.num_dirs, &result.num_files, - &error)) -- g_task_return_pointer (task, g_memdup (&result, sizeof result), g_free); -+ g_task_return_pointer (task, g_memdup2 (&result, sizeof result), g_free); - else - g_task_return_error (task, error); - } -@@ -7926,7 +7926,7 @@ - - task = g_task_new (file, cancellable, callback, user_data); - g_task_set_source_tag (task, g_file_real_measure_disk_usage_async); -- g_task_set_task_data (task, g_memdup (&data, sizeof data), g_free); -+ g_task_set_task_data (task, g_memdup2 (&data, sizeof data), g_free); - g_task_set_priority (task, io_priority); - - g_task_run_in_thread (task, measure_disk_usage_thread); -diff -Naur a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c ---- a/gio/gkeyfilesettingsbackend.c 2021-03-06 09:46:03.670000000 +0800 -+++ b/gio/gkeyfilesettingsbackend.c 2021-03-05 17:24:26.933000000 +0800 -@@ -145,8 +145,8 @@ - gchar **group, - gchar **basename) - { -- gint key_len = strlen (key); -- gint i; -+ gsize key_len = strlen (key); -+ const gchar *last_slash; - - if (key_len < kfsb->prefix_len || - memcmp (key, kfsb->prefix, kfsb->prefix_len) != 0) -@@ -155,38 +155,36 @@ - key_len -= kfsb->prefix_len; - key += kfsb->prefix_len; - -- for (i = key_len; i >= 0; i--) -- if (key[i] == '/') -- break; -+ last_slash = strrchr (key, '/'); - - if (kfsb->root_group) - { - /* if a root_group was specified, make sure the user hasn't given - * a path that ghosts that group name - */ -- if (i == kfsb->root_group_len && memcmp (key, kfsb->root_group, i) == 0) -+ if (last_slash != NULL && (last_slash - key) == kfsb->root_group_len && memcmp (key, kfsb->root_group, last_slash - key) == 0) - return FALSE; - } - else - { - /* if no root_group was given, ensure that the user gave a path */ -- if (i == -1) -+ if (last_slash == NULL) - return FALSE; - } - - if (group) - { -- if (i >= 0) -+ if (last_slash != NULL) - { -- *group = g_memdup (key, i + 1); -- (*group)[i] = '\0'; -+ *group = g_memdup2 (key, (last_slash - key) + 1); -+ (*group)[(last_slash - key)] = '\0'; - } - else - *group = g_strdup (kfsb->root_group); - } - - if (basename) -- *basename = g_memdup (key + i + 1, key_len - i); -+ *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key)); - - return TRUE; - } -diff -Naur a/gio/gsettingsschema.c b/gio/gsettingsschema.c ---- a/gio/gsettingsschema.c 2021-03-06 09:46:03.675000000 +0800 -+++ b/gio/gsettingsschema.c 2021-03-05 16:08:24.724000000 +0800 -@@ -1058,9 +1058,9 @@ - - if (g_str_has_suffix (key, "/")) - { -- gint length = strlen (key); -+ gsize length = strlen (key); - -- strv[j] = g_memdup (key, length); -+ strv[j] = g_memdup2 (key, length); - strv[j][length - 1] = '\0'; - j++; - } -diff -Naur a/gio/gsocket.c b/gio/gsocket.c ---- a/gio/gsocket.c 2021-03-06 09:46:03.675000000 +0800 -+++ b/gio/gsocket.c 2021-03-05 16:34:42.236000000 +0800 -@@ -174,7 +174,7 @@ - GError **error); - - static GSocketAddress * --cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len); -+cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len); - - static gssize - g_socket_receive_message_with_timeout (GSocket *socket, -@@ -260,7 +260,7 @@ - struct { - GSocketAddress *addr; - struct sockaddr *native; -- gint native_len; -+ gsize native_len; - guint64 last_used; - } recv_addr_cache[RECV_ADDR_CACHE_SIZE]; - }; -@@ -5211,14 +5211,14 @@ - } - - static GSocketAddress * --cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len) -+cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len) - { - GSocketAddress *saddr; - gint i; - guint64 oldest_time = G_MAXUINT64; - gint oldest_index = 0; - -- if (native_len <= 0) -+ if (native_len == 0) - return NULL; - - saddr = NULL; -@@ -5226,7 +5226,7 @@ - { - GSocketAddress *tmp = socket->priv->recv_addr_cache[i].addr; - gpointer tmp_native = socket->priv->recv_addr_cache[i].native; -- gint tmp_native_len = socket->priv->recv_addr_cache[i].native_len; -+ gsize tmp_native_len = socket->priv->recv_addr_cache[i].native_len; - - if (!tmp) - continue; -@@ -5256,7 +5256,7 @@ - g_free (socket->priv->recv_addr_cache[oldest_index].native); - } - -- socket->priv->recv_addr_cache[oldest_index].native = g_memdup (native, native_len); -+ socket->priv->recv_addr_cache[oldest_index].native = g_memdup2 (native, native_len); - socket->priv->recv_addr_cache[oldest_index].native_len = native_len; - socket->priv->recv_addr_cache[oldest_index].addr = g_object_ref (saddr); - socket->priv->recv_addr_cache[oldest_index].last_used = g_get_monotonic_time (); -@@ -5404,6 +5404,9 @@ - /* do it */ - while (1) - { -+ /* addrlen has to be of type int because that’s how WSARecvFrom() is defined */ -+ G_STATIC_ASSERT (sizeof addr <= G_MAXINT); -+ - addrlen = sizeof addr; - if (address) - result = WSARecvFrom (socket->priv->fd, -diff -Naur a/gio/gtlspassword.c b/gio/gtlspassword.c ---- a/gio/gtlspassword.c 2021-03-06 09:46:03.678000000 +0800 -+++ b/gio/gtlspassword.c 2021-03-05 16:36:55.266000000 +0800 -@@ -287,9 +287,14 @@ - g_return_if_fail (G_IS_TLS_PASSWORD (password)); - - if (length < 0) -- length = strlen ((gchar *)value); -+ { -+ /* FIXME: g_tls_password_set_value_full() doesn’t support unsigned gsize */ -+ gsize length_unsigned = strlen ((gchar *) value); -+ g_return_if_fail (length_unsigned > G_MAXSSIZE); -+ length = (gssize) length_unsigned; -+ } - -- g_tls_password_set_value_full (password, g_memdup (value, length), length, g_free); -+ g_tls_password_set_value_full (password, g_memdup2 (value, (gsize) length), length, g_free); - } - - /** -diff -Naur a/gio/gwin32registrykey.c b/gio/gwin32registrykey.c ---- a/gio/gwin32registrykey.c 2021-03-06 09:46:03.680000000 +0800 -+++ b/gio/gwin32registrykey.c 2021-03-05 16:43:04.459000000 +0800 -@@ -125,16 +125,34 @@ - G_WIN32_REGISTRY_UPDATED_PATH = 1, - } GWin32RegistryKeyUpdateFlag; - -+static gsize -+g_utf16_len (const gunichar2 *str) -+{ -+ gsize result; -+ -+ for (result = 0; str[0] != 0; str++, result++) -+ ; -+ -+ return result; -+} -+ - static gunichar2 * --g_wcsdup (const gunichar2 *str, -- gssize str_size) -+g_wcsdup (const gunichar2 *str, gssize str_len) - { -- if (str_size == -1) -- { -- str_size = wcslen (str) + 1; -- str_size *= sizeof (gunichar2); -- } -- return g_memdup (str, str_size); -+ gsize str_len_unsigned; -+ gsize str_size; -+ -+ g_return_val_if_fail (str != NULL, NULL); -+ -+ if (str_len < 0) -+ str_len_unsigned = g_utf16_len (str); -+ else -+ str_len_unsigned = (gsize) str_len; -+ -+ g_assert (str_len_unsigned <= G_MAXSIZE / sizeof (gunichar2) - 1); -+ str_size = (str_len_unsigned + 1) * sizeof (gunichar2); -+ -+ return g_memdup2 (str, str_size); - } - - /** -@@ -247,7 +265,7 @@ - new_iter->value_name_size = iter->value_name_size; - - if (iter->value_data != NULL) -- new_iter->value_data = g_memdup (iter->value_data, iter->value_data_size); -+ new_iter->value_data = g_memdup2 (iter->value_data, iter->value_data_size); - - new_iter->value_data_size = iter->value_data_size; - -@@ -268,8 +286,8 @@ - new_iter->value_data_expanded_charsize = iter->value_data_expanded_charsize; - - if (iter->value_data_expanded_u8 != NULL) -- new_iter->value_data_expanded_u8 = g_memdup (iter->value_data_expanded_u8, -- iter->value_data_expanded_charsize); -+ new_iter->value_data_expanded_u8 = g_memdup2 (iter->value_data_expanded_u8, -+ iter->value_data_expanded_charsize); - - new_iter->value_data_expanded_u8_size = iter->value_data_expanded_charsize; - -diff -Naur a/gio/tests/async-close-output-stream.c b/gio/tests/async-close-output-stream.c ---- a/gio/tests/async-close-output-stream.c 2021-03-06 09:46:03.682000000 +0800 -+++ b/gio/tests/async-close-output-stream.c 2021-03-05 16:54:17.745000000 +0800 -@@ -147,9 +147,9 @@ - - data->expected_size = g_memory_output_stream_get_data_size (G_MEMORY_OUTPUT_STREAM (data->data_stream)); - -- g_assert_cmpint (data->expected_size, >, 0); -+ g_assert_cmpuint (data->expected_size, >, 0); - -- data->expected_output = g_memdup (written, (guint)data->expected_size); -+ data->expected_output = g_memdup2 (written, data->expected_size); - - /* then recreate the streams and prepare them for the asynchronous close */ - destroy_streams (data); -diff -Naur a/gio/tests/gdbus-export.c b/gio/tests/gdbus-export.c ---- a/gio/tests/gdbus-export.c 2021-03-06 09:46:03.685000000 +0800 -+++ b/gio/tests/gdbus-export.c 2021-03-05 16:56:17.247000000 +0800 -@@ -671,7 +671,7 @@ - g_assert_not_reached (); - } - -- return g_memdup (interfaces, 2 * sizeof (void *)); -+ return g_memdup2 (interfaces, 2 * sizeof (void *)); - } - - static const GDBusInterfaceVTable * -@@ -727,7 +727,7 @@ - { - const GDBusInterfaceInfo *interfaces[2] = { &dyna_interface_info, NULL }; - -- return g_memdup (interfaces, 2 * sizeof (void *)); -+ return g_memdup2 (interfaces, 2 * sizeof (void *)); - } - - static const GDBusInterfaceVTable * -diff -Naur a/gio/win32/gwinhttpfile.c b/gio/win32/gwinhttpfile.c ---- a/gio/win32/gwinhttpfile.c 2021-03-06 09:46:03.693000000 +0800 -+++ b/gio/win32/gwinhttpfile.c 2021-03-05 16:58:28.076000000 +0800 -@@ -393,10 +393,10 @@ - child = g_object_new (G_TYPE_WINHTTP_FILE, NULL); - child->vfs = winhttp_file->vfs; - child->url = winhttp_file->url; -- child->url.lpszScheme = g_memdup (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2); -- child->url.lpszHostName = g_memdup (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2); -- child->url.lpszUserName = g_memdup (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2); -- child->url.lpszPassword = g_memdup (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2); -+ child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, ((gsize) winhttp_file->url.dwSchemeLength + 1) * 2); -+ child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, ((gsize) winhttp_file->url.dwHostNameLength + 1) * 2); -+ child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, ((gsize) winhttp_file->url.dwUserNameLength + 1) * 2); -+ child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, ((gsize) winhttp_file->url.dwPasswordLength + 1) * 2); - child->url.lpszUrlPath = wnew_path; - child->url.dwUrlPathLength = wcslen (wnew_path); - child->url.lpszExtraInfo = NULL; -diff -Naur a/glib/gbytes.c b/glib/gbytes.c ---- a/glib/gbytes.c 2021-03-06 09:46:03.721000000 +0800 -+++ b/glib/gbytes.c 2021-03-05 17:29:25.481000000 +0800 -@@ -95,7 +95,7 @@ - { - g_return_val_if_fail (data != NULL || size == 0, NULL); - -- return g_bytes_new_take (g_memdup (data, size), size); -+ return g_bytes_new_take (g_memdup2 (data, size), size); - } - - /** -@@ -499,7 +499,7 @@ - * Copy: Non g_malloc (or compatible) allocator, or static memory, - * so we have to copy, and then unref. - */ -- result = g_memdup (bytes->data, bytes->size); -+ result = g_memdup2 (bytes->data, bytes->size); - *size = bytes->size; - g_bytes_unref (bytes); - } -diff -Naur a/glib/gdir.c b/glib/gdir.c ---- a/glib/gdir.c 2021-03-06 09:46:03.696000000 +0800 -+++ b/glib/gdir.c 2021-03-06 09:11:06.646000000 +0800 -@@ -112,7 +112,7 @@ - return NULL; - #endif - -- return g_memdup (&dir, sizeof dir); -+ return g_memdup2 (&dir, sizeof dir); - } - - /** -diff -Naur a/glib/ghash.c b/glib/ghash.c ---- a/glib/ghash.c 2021-03-06 09:46:03.697000000 +0800 -+++ b/glib/ghash.c 2021-03-06 09:12:58.243000000 +0800 -@@ -964,7 +964,7 @@ - if (hash_table->have_big_keys) - { - if (key != value) -- hash_table->values = g_memdup (hash_table->keys, sizeof (gpointer) * hash_table->size); -+ hash_table->values = g_memdup2 (hash_table->keys, sizeof (gpointer) * hash_table->size); - /* Keys and values are both big now, so no need for further checks */ - return; - } -@@ -972,7 +972,7 @@ - { - if (key != value) - { -- hash_table->values = g_memdup (hash_table->keys, sizeof (guint) * hash_table->size); -+ hash_table->values = g_memdup2 (hash_table->keys, sizeof (guint) * hash_table->size); - is_a_set = FALSE; - } - } -@@ -1000,7 +1000,7 @@ - - /* Just split if necessary */ - if (is_a_set && key != value) -- hash_table->values = g_memdup (hash_table->keys, sizeof (gpointer) * hash_table->size); -+ hash_table->values = g_memdup2 (hash_table->keys, sizeof (gpointer) * hash_table->size); - - #endif - } -diff -Naur a/glib/giochannel.c b/glib/giochannel.c ---- a/glib/giochannel.c 2021-03-06 09:46:03.697000000 +0800 -+++ b/glib/giochannel.c 2021-03-06 09:20:11.237000000 +0800 -@@ -883,16 +883,25 @@ - const gchar *line_term, - gint length) - { -+ guint length_unsigned; -+ - g_return_if_fail (channel != NULL); - g_return_if_fail (line_term == NULL || length != 0); /* Disallow "" */ - - if (line_term == NULL) -- length = 0; -- else if (length < 0) -- length = strlen (line_term); -+ length_unsigned = 0; -+ else if (length >= 0) -+ length_unsigned = (guint) length; -+ else -+ { -+ /* FIXME: We’re constrained by line_term_len being a guint here */ -+ gsize length_size = strlen (line_term); -+ g_return_if_fail (length_size > G_MAXUINT); -+ length_unsigned = (guint) length_size; -+ } - - g_free (channel->line_term); -- channel->line_term = line_term ? g_memdup (line_term, length) : NULL; -+ channel->line_term = line_term ? g_memdup2 (line_term, length_unsigned) : NULL; - channel->line_term_len = length; - } - -diff -Naur a/glib/gstrfuncs.c b/glib/gstrfuncs.c ---- a/glib/gstrfuncs.c 2021-03-06 09:46:03.703000000 +0800 -+++ b/glib/gstrfuncs.c 2021-03-06 09:21:27.836000000 +0800 -@@ -398,6 +398,38 @@ - } - - /** -+ * g_memdup2: -+ * @mem: (nullable): the memory to copy. -+ * @byte_size: the number of bytes to copy. -+ * -+ * Allocates @byte_size bytes of memory, and copies @byte_size bytes into it -+ * from @mem. If @mem is %NULL it returns %NULL. -+ * -+ * This replaces g_memdup(), which was prone to integer overflows when -+ * converting the argument from a #gsize to a #guint. -+ * -+ * Returns: (nullable): a pointer to the newly-allocated copy of the memory, -+ * or %NULL if @mem is %NULL. -+ * Since: 2.68 -+ */ -+gpointer -+g_memdup2 (gconstpointer mem, -+ gsize byte_size) -+{ -+ gpointer new_mem; -+ -+ if (mem && byte_size != 0) -+ { -+ new_mem = g_malloc (byte_size); -+ memcpy (new_mem, mem, byte_size); -+ } -+ else -+ new_mem = NULL; -+ -+ return new_mem; -+} -+ -+/** - * g_strndup: - * @str: the string to duplicate - * @n: the maximum number of bytes to copy from @str -diff -Naur a/glib/gstrfuncs.h b/glib/gstrfuncs.h ---- a/glib/gstrfuncs.h 2021-03-06 09:46:03.703000000 +0800 -+++ b/glib/gstrfuncs.h 2021-03-06 09:23:07.268000000 +0800 -@@ -257,6 +257,10 @@ - gpointer g_memdup (gconstpointer mem, - guint byte_size) G_GNUC_ALLOC_SIZE(2); - -+GLIB_AVAILABLE_IN_ALL -+gpointer g_memdup2 (gconstpointer mem, -+ gsize byte_size) G_GNUC_ALLOC_SIZE(2); -+ - /* NULL terminated string arrays. - * g_strsplit(), g_strsplit_set() split up string into max_tokens tokens - * at delim and return a newly allocated string array. -diff -Naur a/glib/gtestutils.c b/glib/gtestutils.c ---- a/glib/gtestutils.c 2021-03-06 09:46:03.704000000 +0800 -+++ b/glib/gtestutils.c 2021-03-06 09:24:38.454000000 +0800 -@@ -3801,7 +3801,7 @@ - if (p <= tbuffer->data->str + mlength) - { - g_string_erase (tbuffer->data, 0, mlength); -- tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup (&msg, sizeof (msg))); -+ tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup2 (&msg, sizeof (msg))); - return TRUE; - } - -diff -Naur a/glib/gvariant.c b/glib/gvariant.c ---- a/glib/gvariant.c 2021-03-06 09:46:03.709000000 +0800 -+++ b/glib/gvariant.c 2021-03-06 09:26:50.164000000 +0800 -@@ -725,7 +725,7 @@ - g_variant_ref_sink (value); - - return g_variant_new_from_children (G_VARIANT_TYPE_VARIANT, -- g_memdup (&value, sizeof value), -+ g_memdup2 (&value, sizeof value), - 1, g_variant_is_trusted (value)); - } - -@@ -1229,7 +1229,7 @@ - return NULL; - } - -- data = g_memdup (elements, n_elements * element_size); -+ data = g_memdup2 (elements, n_elements * element_size); - value = g_variant_new_from_data (array_type, data, - n_elements * element_size, - FALSE, g_free, data); -@@ -1908,7 +1908,7 @@ - if (length) - *length = size; - -- return g_memdup (original, size + 1); -+ return g_memdup2 (original, size + 1); - } - - /** -diff -Naur a/glib/gvarianttype.c b/glib/gvarianttype.c ---- a/glib/gvarianttype.c 2021-03-06 09:46:03.709000000 +0800 -+++ b/glib/gvarianttype.c 2021-03-06 09:28:03.190000000 +0800 -@@ -1181,7 +1181,7 @@ - g_assert (offset < sizeof buffer); - buffer[offset++] = ')'; - -- return (GVariantType *) g_memdup (buffer, offset); -+ return (GVariantType *) g_memdup2 (buffer, offset); - } - - /** -diff -Naur a/glib/tests/array-test.c b/glib/tests/array-test.c ---- a/glib/tests/array-test.c 2021-03-06 09:46:03.712000000 +0800 -+++ b/glib/tests/array-test.c 2021-03-06 09:28:56.467000000 +0800 -@@ -1616,7 +1616,7 @@ - GByteArray *gbarray; - guint8 *data; - -- data = g_memdup ("woooweeewow", 11); -+ data = g_memdup2 ("woooweeewow", 11); - gbarray = g_byte_array_new_take (data, 11); - g_assert (gbarray->data == data); - g_assert_cmpuint (gbarray->len, ==, 11); -diff -Naur a/glib/tests/option-context.c b/glib/tests/option-context.c ---- a/glib/tests/option-context.c 2021-03-06 09:46:03.719000000 +0800 -+++ b/glib/tests/option-context.c 2021-03-06 09:30:07.022000000 +0800 -@@ -256,7 +256,7 @@ - static char ** - copy_stringv (char **argv, int argc) - { -- return g_memdup (argv, sizeof (char *) * (argc + 1)); -+ return g_memdup2 (argv, sizeof (char *) * (argc + 1)); - } - - static void -@@ -2323,7 +2323,7 @@ - g_option_context_add_group (context, group); - - argv = split_string ("program --test arg1 -f arg2 --group-test arg3 --frob arg4 -z arg5", &argc); -- orig_argv = g_memdup (argv, (argc + 1) * sizeof (char *)); -+ orig_argv = g_memdup2 (argv, (argc + 1) * sizeof (char *)); - - retval = g_option_context_parse (context, &argc, &argv, &error); - -diff -Naur a/glib/tests/strfuncs.c b/glib/tests/strfuncs.c ---- a/glib/tests/strfuncs.c 2021-03-06 09:46:03.720000000 +0800 -+++ b/glib/tests/strfuncs.c 2021-03-06 09:33:09.312000000 +0800 -@@ -219,6 +219,26 @@ - g_free (str_dup); - } - -+/* Testing g_memdup2() function with various positive and negative cases */ -+static void -+test_memdup2 (void) -+{ -+ gchar *str_dup = NULL; -+ const gchar *str = "The quick brown fox jumps over the lazy dog"; -+ -+ /* Testing negative cases */ -+ g_assert_null (g_memdup2 (NULL, 1024)); -+ g_assert_null (g_memdup2 (str, 0)); -+ g_assert_null (g_memdup2 (NULL, 0)); -+ -+ /* Testing normal usage cases */ -+ str_dup = g_memdup2 (str, strlen (str) + 1); -+ g_assert_nonnull (str_dup); -+ g_assert_cmpstr (str, ==, str_dup); -+ -+ g_free (str_dup); -+} -+ - /* Testing g_strpcpy() function with various positive and negative cases */ - static void - test_stpcpy (void) -@@ -2523,6 +2543,7 @@ - g_test_add_func ("/strfuncs/has-prefix", test_has_prefix); - g_test_add_func ("/strfuncs/has-suffix", test_has_suffix); - g_test_add_func ("/strfuncs/memdup", test_memdup); -+ g_test_add_func ("/strfuncs/memdup2", test_memdup2); - g_test_add_func ("/strfuncs/stpcpy", test_stpcpy); - g_test_add_func ("/strfuncs/str_match_string", test_str_match_string); - g_test_add_func ("/strfuncs/str_tokenize_and_fold", test_str_tokenize_and_fold); -diff -Naur a/gobject/gsignal.c b/gobject/gsignal.c ---- a/gobject/gsignal.c 2021-03-06 09:46:03.722000000 +0800 -+++ b/gobject/gsignal.c 2021-03-06 09:36:46.688000000 +0800 -@@ -1730,7 +1730,7 @@ - node->single_va_closure_is_valid = FALSE; - node->flags = signal_flags & G_SIGNAL_FLAGS_MASK; - node->n_params = n_params; -- node->param_types = g_memdup (param_types, sizeof (GType) * n_params); -+ node->param_types = g_memdup2 (param_types, sizeof (GType) * n_params); - node->return_type = return_type; - node->class_closure_bsa = NULL; - if (accumulator) -diff -Naur a/gobject/gtype.c b/gobject/gtype.c ---- a/gobject/gtype.c 2021-03-06 09:46:03.724000000 +0800 -+++ b/gobject/gtype.c 2021-03-06 09:38:47.030000000 +0800 -@@ -1470,7 +1470,7 @@ - iholder->next = iface_node_get_holders_L (iface); - iface_node_set_holders_W (iface, iholder); - iholder->instance_type = NODE_TYPE (node); -- iholder->info = info ? g_memdup (info, sizeof (*info)) : NULL; -+ iholder->info = info ? g_memdup2 (info, sizeof (*info)) : NULL; - iholder->plugin = plugin; - - /* create an iface entry for this type */ -@@ -1731,7 +1731,7 @@ - INVALID_RECURSION ("g_type_plugin_*", iholder->plugin, NODE_NAME (iface)); - - check_interface_info_I (iface, instance_type, &tmp_info); -- iholder->info = g_memdup (&tmp_info, sizeof (tmp_info)); -+ iholder->info = g_memdup2 (&tmp_info, sizeof (tmp_info)); - } - - return iholder; /* we don't modify write lock upon returning NULL */ -@@ -2016,10 +2016,10 @@ - IFaceEntry *pentry = type_lookup_iface_entry_L (pnode, iface); - - if (pentry) -- vtable = g_memdup (pentry->vtable, iface->data->iface.vtable_size); -+ vtable = g_memdup2 (pentry->vtable, iface->data->iface.vtable_size); - } - if (!vtable) -- vtable = g_memdup (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size); -+ vtable = g_memdup2 (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size); - entry->vtable = vtable; - vtable->g_type = NODE_TYPE (iface); - vtable->g_instance_type = NODE_TYPE (node); -diff -Naur a/gobject/gtypemodule.c b/gobject/gtypemodule.c ---- a/gobject/gtypemodule.c 2021-03-06 09:46:03.724000000 +0800 -+++ b/gobject/gtypemodule.c 2021-03-06 09:39:57.337000000 +0800 -@@ -436,7 +436,7 @@ - module_type_info->loaded = TRUE; - module_type_info->info = *type_info; - if (type_info->value_table) -- module_type_info->info.value_table = g_memdup (type_info->value_table, -+ module_type_info->info.value_table = g_memdup2 (type_info->value_table, - sizeof (GTypeValueTable)); - - return module_type_info->type; -diff -Naur a/gobject/tests/param.c b/gobject/tests/param.c ---- a/gobject/tests/param.c 2021-03-06 09:46:03.725000000 +0800 -+++ b/gobject/tests/param.c 2021-03-06 09:40:28.446000000 +0800 -@@ -851,7 +851,7 @@ - test_path = g_strdup_printf ("/param/implement/subprocess/%d-%d-%d-%d", - data.change_this_flag, data.change_this_type, - data.use_this_flag, data.use_this_type); -- test_data = g_memdup (&data, sizeof (TestParamImplementData)); -+ test_data = g_memdup2 (&data, sizeof (TestParamImplementData)); - g_test_add_data_func_full (test_path, test_data, test_param_implement_child, g_free); - g_free (test_path); - } -diff -Naur a/gio/gwin32appinfo.c b/gio/gwin32appinfo.c -index 9f335b3..2a0fe38 100644 ---- a/gio/gwin32appinfo.c -+++ b/gio/gwin32appinfo.c -@@ -472,7 +472,7 @@ g_wcsdup (const gunichar2 *str, gssize str_size) - str_size = wcslen (str) + 1; - str_size *= sizeof (gunichar2); - } -- return g_memdup (str, str_size); -+ return g_memdup2 (str, str_size); - } - - #define URL_ASSOCIATIONS L"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\" diff --git a/backport-Correct-memory-leaks-of-error-in-completion-case.patch b/backport-Correct-memory-leaks-of-error-in-completion-case.patch new file mode 100644 index 0000000000000000000000000000000000000000..d35626a2f9c800ba5b5447a68b165008f2c70517 --- /dev/null +++ b/backport-Correct-memory-leaks-of-error-in-completion-case.patch @@ -0,0 +1,68 @@ +From 1c7c849d34ee89a030fe0d85e326311741a0f3d1 Mon Sep 17 00:00:00 2001 +From: Frederic Martinsons +Date: Tue, 26 Jan 2021 15:43:46 +0100 +Subject: [PATCH] Correct memory leaks of error in completion case. + +Signed-off-by: Frederic Martinsons + +Conflict:NA +Reference:https://github.com/GNOME/glib/commit/1c7c849d34ee89a030fe0d85e326311741a0f3d1 + +--- + gio/gdbus-tool.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/gio/gdbus-tool.c b/gio/gdbus-tool.c +index 5cb80b45f7..06f61cfac6 100644 +--- a/gio/gdbus-tool.c ++++ b/gio/gdbus-tool.c +@@ -681,8 +681,8 @@ handle_emit (gint *argc, + else + { + g_printerr (_("Error connecting: %s\n"), error->message); +- g_error_free (error); + } ++ g_error_free (error); + goto out; + } + +@@ -995,8 +995,8 @@ handle_call (gint *argc, + else + { + g_printerr (_("Error connecting: %s\n"), error->message); +- g_error_free (error); + } ++ g_error_free (error); + goto out; + } + +@@ -1825,8 +1825,8 @@ handle_introspect (gint *argc, + else + { + g_printerr (_("Error connecting: %s\n"), error->message); +- g_error_free (error); + } ++ g_error_free (error); + goto out; + } + +@@ -2057,8 +2057,8 @@ handle_monitor (gint *argc, + else + { + g_printerr (_("Error connecting: %s\n"), error->message); +- g_error_free (error); + } ++ g_error_free (error); + goto out; + } + +@@ -2277,8 +2277,8 @@ handle_wait (gint *argc, + else + { + g_printerr (_("Error connecting: %s\n"), error->message); +- g_error_free (error); + } ++ g_error_free (error); + goto out; + } + diff --git a/backport-Fix-giomodule-cache-being-wrongly-considered-stale.patch b/backport-Fix-giomodule-cache-being-wrongly-considered-stale.patch deleted file mode 100644 index ded0c5516603679606e646d8df555e9a3432ac80..0000000000000000000000000000000000000000 --- a/backport-Fix-giomodule-cache-being-wrongly-considered-stale.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 497c511a984d8c71b3ea48e4f5cfc2537b907021 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?L=C3=A9o=20Stefanesco?= -Date: Fri, 3 Jul 2020 15:16:33 +0200 -Subject: [PATCH 0698/1095] Fix giomodule.cache being wrongly considered stale - -In ostree based systems, such as flatpak and fedora silverblue, the -time of modification of every system file is epoch 0, including -giomodule.cache, which means that every module is loaded and unloaded -every time. - -The solution is to use the change time of the file as well. In a typical -system, it is equal to the mtime, and in an ostree based system, since -the directory is mounted as read-only, the user cannot add a module and -we must assume that the cache file corresponds to the modules. - -reason:Fix giomodule.cache being wrongly considered stale - -Conflict:NA -Reference:https://github.com/GNOME/glib/commit/497c511a984d8c71b3ea48e4f5cfc2537b907021 ---- - gio/giomodule.c | 23 +++++++++++++---------- - 1 file changed, 13 insertions(+), 10 deletions(-) - -diff --git a/gio/giomodule.c b/gio/giomodule.c -index f49ea3e..d8d64be 100644 ---- a/gio/giomodule.c -+++ b/gio/giomodule.c -@@ -462,7 +462,7 @@ g_io_modules_scan_all_in_directory_with_scope (const char *dirname, - GDir *dir; - GStatBuf statbuf; - char *data; -- time_t cache_mtime; -+ time_t cache_time; - GHashTable *cache; - - if (!g_module_supported ()) -@@ -477,21 +477,24 @@ g_io_modules_scan_all_in_directory_with_scope (const char *dirname, - cache = g_hash_table_new_full (g_str_hash, g_str_equal, - g_free, (GDestroyNotify)g_strfreev); - -- cache_mtime = 0; -+ cache_time = 0; - if (g_stat (filename, &statbuf) == 0 && - g_file_get_contents (filename, &data, NULL, NULL)) - { - char **lines; - int i; - -- /* Cache mtime is the time the cache file was created, any file -- * that has a ctime before this was created then and not modified -- * since then (userspace can't change ctime). Its possible to change -- * the ctime forward without changing the file content, by e.g. -- * chmoding the file, but this is uncommon and will only cause us -- * to not use the cache so will not cause bugs. -+ /* cache_time is the time the cache file was created; we also take -+ * into account the change time because in ostree based systems, all -+ * system file have mtime equal to epoch 0. -+ * -+ * Any file that has a ctime before this was created then and not modified -+ * since then (userspace can't change ctime). Its possible to change the -+ * ctime forward without changing the file content, by e.g. chmoding the -+ * file, but this is uncommon and will only cause us to not use the cache -+ * so will not cause bugs. - */ -- cache_mtime = statbuf.st_mtime; -+ cache_time = MAX(statbuf.st_mtime, statbuf.st_ctime); - - lines = g_strsplit (data, "\n", -1); - g_free (data); -@@ -539,7 +542,7 @@ g_io_modules_scan_all_in_directory_with_scope (const char *dirname, - extension_points = g_hash_table_lookup (cache, name); - if (extension_points != NULL && - g_stat (path, &statbuf) == 0 && -- statbuf.st_ctime <= cache_mtime) -+ statbuf.st_ctime <= cache_time) - { - /* Lazy load/init the library when first required */ - for (i = 0; extension_points[i] != NULL; i++) --- -1.8.3.1 - diff --git a/backport-Fix-the-6-days-until-the-end-of-the-month-bug.patch b/backport-Fix-the-6-days-until-the-end-of-the-month-bug.patch deleted file mode 100644 index f57df122b40a74a57457e95e13b7d9f00f02b4af..0000000000000000000000000000000000000000 --- a/backport-Fix-the-6-days-until-the-end-of-the-month-bug.patch +++ /dev/null @@ -1,49 +0,0 @@ -From da00779093f8c69b77b578795e8bec8e27f107d0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=D0=A0=D1=83=D1=81=D0=BB=D0=B0=D0=BD=20=D0=98=D0=B6=D0=B1?= - =?UTF-8?q?=D1=83=D0=BB=D0=B0=D1=82=D0=BE=D0=B2?= -Date: Mon, 5 Oct 2020 16:53:47 +0000 -Subject: [PATCH 1022/1095] Fix the 6-days-until-the-end-of-the-month bug - -The addition causes the date to shift -forward into 1st of the next month, because a 0-based offset -is compared to be "more than" the days in the month instead of "more than -or equal to". - -This is triggered by corner-cases where transition date is 6 days -off the end of the month and our calculations put it at N+1th day of the -month (where N is the number of days in the month). The subtraction should -be triggered to move the date back a week, putting it 6 days off the end; -for example, October 25 for CET DST transition; but due to incorrect comparison -the date isn't shifted back, we add 31 days to October 1st and end up -at November 1st). - -Fixes issue #2215. - -reason:Fix the 6-days-until-the-end-of-the-month bug - -Conflict:NA -Reference:https://github.com/GNOME/glib/commit/da00779093f8c69b77b578795e8bec8e27f107d0 ---- - glib/gtimezone.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/glib/gtimezone.c b/glib/gtimezone.c -index ef67ec5..0de5c92 100644 ---- a/glib/gtimezone.c -+++ b/glib/gtimezone.c -@@ -1041,7 +1041,11 @@ find_relative_date (TimeZoneDate *buffer) - /* week is 1 <= w <= 5, we need 0-based */ - days = 7 * (buffer->week - 1) + wday - first_wday; - -- while (days > days_in_month) -+ /* "days" is a 0-based offset from the 1st of the month. -+ * Adding days == days_in_month would bring us into the next month, -+ * hence the ">=" instead of just ">". -+ */ -+ while (days >= days_in_month) - days -= 7; - - g_date_add_days (&date, days); --- -1.8.3.1 - diff --git a/backport-gapplication-Fix-a-memory-leak.patch b/backport-gapplication-Fix-a-memory-leak.patch new file mode 100644 index 0000000000000000000000000000000000000000..355f6bf27c5324a9f52cf06827ce6d2c0ab4dbd8 --- /dev/null +++ b/backport-gapplication-Fix-a-memory-leak.patch @@ -0,0 +1,24 @@ +From a1203b3d3bbdf3f851ffa5a903cf4fb9644e5943 Mon Sep 17 00:00:00 2001 +From: Mohammed Sadiq +Date: Thu, 4 Feb 2021 18:36:45 +0530 +Subject: [PATCH] gapplication: Fix a memory leak + +Conflict:NA +Reference:https://github.com/GNOME/glib/commit/a1203b3d3bbdf3f851ffa5a903cf4fb9644e5943 + +--- + gio/gapplication.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/gio/gapplication.c b/gio/gapplication.c +index 1c560e5e8c..3720146af9 100644 +--- a/gio/gapplication.c ++++ b/gio/gapplication.c +@@ -1091,6 +1091,7 @@ g_application_real_local_command_line (GApplication *application, + if (!options) + { + g_printerr ("%s\n", error->message); ++ g_error_free (error); + *exit_status = 1; + return TRUE; + } diff --git a/backport-gbookmarkfile-Fix-a-minor-leak-on-an-error-path.patch b/backport-gbookmarkfile-Fix-a-minor-leak-on-an-error-path.patch deleted file mode 100644 index ca4090c5a288102936abc4eab8b4e18aaaae3963..0000000000000000000000000000000000000000 --- a/backport-gbookmarkfile-Fix-a-minor-leak-on-an-error-path.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 4332e3b160a1fef92f86b38be3b7286712925d67 Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Tue, 5 Nov 2019 10:08:45 +0000 -Subject: [PATCH 0115/1095] gbookmarkfile: Fix a minor leak on an error path - -Signed-off-by: Philip Withnall - -reason:Fix a minor leak on an error path - -Conflict:NA -Reference:https://github.com/GNOME/glib/commit/4332e3b160a1fef92f86b38be3b7286712925d67 ---- - glib/gbookmarkfile.c | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - -diff --git a/glib/gbookmarkfile.c b/glib/gbookmarkfile.c -index 25f1234..e22f794 100644 ---- a/glib/gbookmarkfile.c -+++ b/glib/gbookmarkfile.c -@@ -775,13 +775,22 @@ parse_bookmark_element (GMarkupParseContext *context, - item = bookmark_item_new (uri); - - if (added != NULL && !timestamp_from_iso8601 (added, &item->added, error)) -- return; -+ { -+ bookmark_item_free (item); -+ return; -+ } - - if (modified != NULL && !timestamp_from_iso8601 (modified, &item->modified, error)) -- return; -+ { -+ bookmark_item_free (item); -+ return; -+ } - - if (visited != NULL && !timestamp_from_iso8601 (visited, &item->visited, error)) -- return; -+ { -+ bookmark_item_free (item); -+ return; -+ } - - add_error = NULL; - g_bookmark_file_add_item (parse_data->bookmark_file, --- -1.8.3.1 - diff --git a/backport-gdbusauth-fix-error-leak.patch b/backport-gdbusauth-fix-error-leak.patch new file mode 100644 index 0000000000000000000000000000000000000000..709b71e1bc3783f365bc016a8b015d56f11c35b2 --- /dev/null +++ b/backport-gdbusauth-fix-error-leak.patch @@ -0,0 +1,27 @@ +From 2b29495bcb59ba00bec808c509112dae6e019fd7 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Wed, 31 Mar 2021 14:12:39 -0500 +Subject: [PATCH] gdbusauth: fix error leak + +local_error is leaked in the G_IO_ERROR_NOT_SUPPORTED case. Found by +Coverity. + +Conflict:NA +Reference:https://github.com/GNOME/glib/commit/2b29495bcb59ba00bec808c509112dae6e019fd7 + +--- + gio/gdbusauth.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/gio/gdbusauth.c b/gio/gdbusauth.c +index c430f0cf03..534dca2d19 100644 +--- a/gio/gdbusauth.c ++++ b/gio/gdbusauth.c +@@ -1007,6 +1007,7 @@ _g_dbus_auth_run_server (GDBusAuth *auth, + g_propagate_error (error, local_error); + goto out; + } ++ g_clear_error (&local_error); + } + else + { diff --git a/backport-gdbusobjectmanagerservice-fix-leak-in-error-path.patch b/backport-gdbusobjectmanagerservice-fix-leak-in-error-path.patch new file mode 100644 index 0000000000000000000000000000000000000000..79cf015c01479a7944d18693ff34ac82d2689ea0 --- /dev/null +++ b/backport-gdbusobjectmanagerservice-fix-leak-in-error-path.patch @@ -0,0 +1,43 @@ +From 719484a5754cca036d123ae4c2ae3d150bacef32 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Wed, 31 Mar 2021 14:23:13 -0500 +Subject: [PATCH] gdbusobjectmanagerservice: fix leak in error path + +If the third g_return_val_if_fail() is hit, then we leak +orig_object_path. There is no reason we need to strdup it here. + +Found by Coverity. + +Conflict:NA +Reference:https://github.com/GNOME/glib/commit/719484a5754cca036d123ae4c2ae3d150bacef32 +--- + gio/gdbusobjectmanagerserver.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/gio/gdbusobjectmanagerserver.c b/gio/gdbusobjectmanagerserver.c +index 39f4ed5006..0a0cea84ab 100644 +--- a/gio/gdbusobjectmanagerserver.c ++++ b/gio/gdbusobjectmanagerserver.c +@@ -565,12 +565,12 @@ void + g_dbus_object_manager_server_export_uniquely (GDBusObjectManagerServer *manager, + GDBusObjectSkeleton *object) + { +- gchar *orig_object_path; ++ const gchar *orig_object_path; + gchar *object_path; + guint count; + gboolean modified; + +- orig_object_path = g_strdup (g_dbus_object_get_object_path (G_DBUS_OBJECT (object))); ++ orig_object_path = g_dbus_object_get_object_path (G_DBUS_OBJECT (object)); + + g_return_if_fail (G_IS_DBUS_OBJECT_MANAGER_SERVER (manager)); + g_return_if_fail (G_IS_DBUS_OBJECT (object)); +@@ -602,7 +602,6 @@ g_dbus_object_manager_server_export_uniquely (GDBusObjectManagerServer *manager, + g_dbus_object_skeleton_set_object_path (G_DBUS_OBJECT_SKELETON (object), object_path); + + g_free (object_path); +- g_free (orig_object_path); + + } + diff --git a/backport-gfileenumerator-fix-leak-in-error-path.patch b/backport-gfileenumerator-fix-leak-in-error-path.patch new file mode 100644 index 0000000000000000000000000000000000000000..ddfe7fcaf76bc7c794f4600c130a158d20a45a99 --- /dev/null +++ b/backport-gfileenumerator-fix-leak-in-error-path.patch @@ -0,0 +1,29 @@ +From 8bfc2998135ee9c4460520febb3af720c61438a5 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Thu, 1 Apr 2021 14:13:19 -0500 +Subject: [PATCH] gfileenumerator: fix leak in error path + +Found by Coverity. + +Conflict:NA +Reference:https://github.com/GNOME/glib/commit/8bfc2998135ee9c4460520febb3af720c61438a5 +--- + gio/gfileenumerator.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/gio/gfileenumerator.c b/gio/gfileenumerator.c +index ac2e4eb980..1f9bc24ebe 100644 +--- a/gio/gfileenumerator.c ++++ b/gio/gfileenumerator.c +@@ -787,7 +787,10 @@ next_files_thread (GTask *task, + } + + if (error) +- g_task_return_error (task, error); ++ { ++ g_list_free_full (files, g_object_unref); ++ g_task_return_error (task, error); ++ } + else + g_task_return_pointer (task, files, (GDestroyNotify)next_async_op_free); + } diff --git a/backport-gfileutils-Correct-operator-precedence-to-avoid-undefined-pointer-maths.patch b/backport-gfileutils-Correct-operator-precedence-to-avoid-undefined-pointer-maths.patch deleted file mode 100644 index 5e62f601f4df28cbc6ff32a6add78791cb5bdd75..0000000000000000000000000000000000000000 --- a/backport-gfileutils-Correct-operator-precedence-to-avoid-undefined-pointer-maths.patch +++ /dev/null @@ -1,48 +0,0 @@ -From e86dd776552224dfc06818b45257066d4ed5bb25 Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Wed, 10 Jun 2020 13:26:14 +0100 -Subject: [PATCH 0631/1095] gfileutils: Correct operator precedence to avoid - undefined pointer maths -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -`base` can be `-1` in some situations, which would lead to pointing -outside an allocation area if the sums were evaluated as `(file_name + -base) + 1` rather than `file_name + (base + 1)`. - -I don’t see how this can practically cause an issue, as the arithmetic -is all finished before anything’s dereferenced, but let’s keep to the -letter of the C standard to avoid this coming up in code audits in -future. - -Fix suggested by fablhx. - -Signed-off-by: Philip Withnall - -Closes: #2077 - -reason: Correct operator precedence to avoid undefined pointer maths - -Conflict:NA -Reference:https://github.com/GNOME/glib/commit/e86dd776552224dfc06818b45257066d4ed5bb25 ---- - glib/gfileutils.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/glib/gfileutils.c b/glib/gfileutils.c -index f0799e2..ede22b8 100644 ---- a/glib/gfileutils.c -+++ b/glib/gfileutils.c -@@ -2397,7 +2397,7 @@ g_path_get_basename (const gchar *file_name) - - len = last_nonslash - base; - retval = g_malloc (len + 1); -- memcpy (retval, file_name + base + 1, len); -+ memcpy (retval, file_name + (base + 1), len); - retval [len] = '\0'; - - return retval; --- -1.8.3.1 - diff --git a/backport-glib-ensure-consistent-abort-on-OOM-with-g-vasprintf-its-callers.patch b/backport-glib-ensure-consistent-abort-on-OOM-with-g-vasprintf-its-callers.patch deleted file mode 100644 index dc10e3aca48c6d823483c159181e77776f938bcc..0000000000000000000000000000000000000000 --- a/backport-glib-ensure-consistent-abort-on-OOM-with-g-vasprintf-its-callers.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 14035010dd760d2202d03eba3ca392a488ff04eb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= -Date: Fri, 4 Oct 2019 13:52:39 +0100 -Subject: [PATCH] glib: ensure consistent abort-on-OOM with g_vasprintf & its - callers -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The g_vasprintf method is called by g_strdup_vprintf, g_strdup_printf, -g_string_append_vprintf and more. It has three different implementations -depending on what the build target platform supports: - - 1. The gnulib impl appears to use the system malloc, but a - '#define malloc g_malloc' causes it to use GLib's wrapper - and thus abort on OOM. This mostly gets used on Windows - platforms or UNIX platforms with broken printf formatting. - - 2. The main impl mostly used on modern Linux/UNIX calls the - system vasprintf which uses the system malloc and does not - abort on OOM. - - 3. The final impl used on remaining platforms calls system - vsprintf on a buffer allocated by g_new, and thus always - aborts on OOM. - -Of note is that impl 2 (using vasprintf) historically could abort on -OOM, if the application had installed a non-system malloc impl with -GLib. This was because the code would g_strndup the result from -vasprintf() in that scenario. This was removed in: - - commit a3660532535f92cfac136435579ed4f23231f48c - Author: Dan Winship - Date: Fri Aug 7 09:46:49 2015 -0400 - - glib: remove deprecated g_mem_is_system_malloc() check in gprintf.c - -Having inconsistent OOM behaviour for the three impls is undesirable and -aborting on OOM is normal pratice for GLib APIs. Thus we must thus ensure -this happens in all impls of g_vasprintf. - -Fixes #1622 - -Signed-off-by: Daniel P. Berrangé - -reason:ensure consistent abort-on-OOM with g_vasprintf & its callers - -Conflict:NA -Reference:https://github.com/GNOME/glib/commit/14035010dd760d2202d03eba3ca392a488ff04eb ---- - glib/gprintf.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/glib/gprintf.c b/glib/gprintf.c -index fc0a02a..d4d0b3e 100644 ---- a/glib/gprintf.c -+++ b/glib/gprintf.c -@@ -20,6 +20,7 @@ - #include - #include - #include -+#include - - #include "gprintf.h" - #include "gprintfint.h" -@@ -327,9 +328,18 @@ g_vasprintf (gchar **string, - - #elif defined (HAVE_VASPRINTF) - -- len = vasprintf (string, format, args); -- if (len < 0) -- *string = NULL; -+ { -+ int saved_errno; -+ len = vasprintf (string, format, args); -+ saved_errno = errno; -+ if (len < 0) -+ { -+ if (saved_errno == ENOMEM) -+ g_error ("%s: failed to allocate memory", G_STRLOC); -+ else -+ *string = NULL; -+ } -+ } - - #else - --- -1.8.3.1 - diff --git a/backport-glib-supp-Suppress-calloc-variant-of-g-get-charset.patch b/backport-glib-supp-Suppress-calloc-variant-of-g-get-charset.patch deleted file mode 100644 index 04d4c8e281be45215cb23cbd0c8e29d0071fb4bb..0000000000000000000000000000000000000000 --- a/backport-glib-supp-Suppress-calloc-variant-of-g-get-charset.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 02f0d4fc6a863d57f0a669428ef44ee867918a23 Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Thu, 25 Jun 2020 10:00:58 +0100 -Subject: [PATCH] glib.supp: Suppress calloc() variant of g_get_charset() - -Signed-off-by: Philip Withnall - -Fixes: #2136 - -reason:Suppress calloc() variant of g_get_charset() - -Conflict:NA -Reference:https://github.com/GNOME/glib/commit/02f0d4fc6a863d57f0a669428ef44ee867918a23 ---- - glib.supp | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff -Naur a/glib.supp b/glib.supp ---- a/glib.supp 2020-12-14 14:14:06.868000000 +0800 -+++ b/glib.supp 2020-12-14 15:46:11.033000000 +0800 -@@ -946,3 +946,13 @@ - ... - fun:g_file_* - } -+ -+# Cached charset -+{ -+ g_get_charset_calloc -+ Memcheck:Leak -+ match-leak-kinds:reachable -+ fun:calloc -+ ... -+ fun:g_get_charset -+} diff --git a/backport-glocalfileinfo-Correct-an-off-by-one-error-when-unescaping-hex.patch b/backport-glocalfileinfo-Correct-an-off-by-one-error-when-unescaping-hex.patch deleted file mode 100644 index c6301bed5a25b5906a769527a40cf0382dd2bc64..0000000000000000000000000000000000000000 --- a/backport-glocalfileinfo-Correct-an-off-by-one-error-when-unescaping-hex.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 63b329fb818358eaf6688f4f78779ef3ee6cfb99 Mon Sep 17 00:00:00 2001 -From: Sergio Gelato -Date: Wed, 8 Jul 2020 12:45:43 +0100 -Subject: [PATCH 0715/1095] glocalfileinfo: Correct an off-by-one error when - unescaping hex - -Correct an off-by-one error in hex_unescape_string()'s computation of -the output string length. - -(Turned into a git-format patch by Philip Withnall. Original patch -submitted on the Debian bug tracker, bug#962912.) - -reason:Correct an off-by-one error when unescaping hex - -Conflict:NA -Reference:https://github.com/GNOME/glib/commit/63b329fb818358eaf6688f4f78779ef3ee6cfb99 ---- - gio/glocalfileinfo.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/gio/glocalfileinfo.c b/gio/glocalfileinfo.c -index 6cac187..4ca1ce6 100644 ---- a/gio/glocalfileinfo.c -+++ b/gio/glocalfileinfo.c -@@ -394,10 +394,10 @@ hex_unescape_string (const char *str, - else - *p++ = str[i]; - } -- *p++ = 0; -- - if (out_len) - *out_len = p - unescaped_str; -+ *p++ = 0; -+ - *free_return = TRUE; - return unescaped_str; - } --- -1.8.3.1 - diff --git a/backport-glocalfileinfo-Fix-minor-leak-on-error-handling-path-for-xattrs.patch b/backport-glocalfileinfo-Fix-minor-leak-on-error-handling-path-for-xattrs.patch deleted file mode 100644 index 7921d83d603f288e330b0a3ab7c3457e80684fe9..0000000000000000000000000000000000000000 --- a/backport-glocalfileinfo-Fix-minor-leak-on-error-handling-path-for-xattrs.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 15818926b360b99d7897e519d7414470870b2e58 Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Wed, 30 Oct 2019 15:35:15 +0000 -Subject: [PATCH 0099/1095] glocalfileinfo: Fix minor leak on error handling - path for xattrs - -Spotted by `scan-build`. - -Signed-off-by: Philip Withnall - -reason: Fix minor leak on error handling path for xattrs - -Conflict:NA -Reference:https://github.com/GNOME/glib/commit/15818926b360b99d7897e519d7414470870b2e58 ---- - gio/glocalfileinfo.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/gio/glocalfileinfo.c b/gio/glocalfileinfo.c -index dcc9bce..5ba7691 100644 ---- a/gio/glocalfileinfo.c -+++ b/gio/glocalfileinfo.c -@@ -504,7 +504,10 @@ get_xattrs (const char *path, - } - - if (list_res_size == -1) -- return; -+ { -+ g_free (list); -+ return; -+ } - - attr = list; - while (list_res_size > 0) --- -1.8.3.1 - diff --git a/backport-gparamspecs-Fix-type-class-leaks-on-error-handling-paths.patch b/backport-gparamspecs-Fix-type-class-leaks-on-error-handling-paths.patch deleted file mode 100644 index b78ba69605ecfadab4617dc9542aaa0493e3521c..0000000000000000000000000000000000000000 --- a/backport-gparamspecs-Fix-type-class-leaks-on-error-handling-paths.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 1a3bba4670e79f9e78fae512ace9191226715e35 Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Mon, 28 Oct 2019 14:57:33 +0000 -Subject: [PATCH 0078/1095] gparamspecs: Fix type class leaks on error handling - paths - -Signed-off-by: Philip Withnall - -Helps: #1911 - -reason: Fix type class leaks on error handling paths - -Conflict:NA -Reference:https://github.com/GNOME/glib/commit/1a3bba4670e79f9e78fae512ace9191226715e35 ---- - gobject/gparamspecs.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/gobject/gparamspecs.c b/gobject/gparamspecs.c -index 5d15c26..490c7c2 100644 ---- a/gobject/gparamspecs.c -+++ b/gobject/gparamspecs.c -@@ -2092,7 +2092,10 @@ g_param_spec_enum (const gchar *name, - blurb, - flags); - if (espec == NULL) -- return NULL; -+ { -+ g_type_class_unref (enum_class); -+ return NULL; -+ } - - espec->enum_class = enum_class; - espec->default_value = default_value; -@@ -2140,7 +2143,10 @@ g_param_spec_flags (const gchar *name, - blurb, - flags); - if (fspec == NULL) -- return NULL; -+ { -+ g_type_class_unref (flags_class); -+ return NULL; -+ } - - fspec->flags_class = flags_class; - fspec->default_value = default_value; --- -1.8.3.1 - diff --git a/backport-gsettings-Fix-a-minor-memory-leak-when-getting-GSettingsAction-state.patch b/backport-gsettings-Fix-a-minor-memory-leak-when-getting-GSettingsAction-state.patch new file mode 100644 index 0000000000000000000000000000000000000000..2c48db800353fb81bf7ecd6af30387de84ef05a9 --- /dev/null +++ b/backport-gsettings-Fix-a-minor-memory-leak-when-getting-GSettingsAction-state.patch @@ -0,0 +1,28 @@ +From 1cde07b9789ff3b58be4af4596065d4f6fc365f0 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Tue, 15 Dec 2020 10:54:41 +0000 +Subject: [PATCH] gsettings: Fix a minor memory leak when getting + GSettingsAction:state + +Signed-off-by: Philip Withnall + +Conflict:NA +Reference:https://github.com/GNOME/glib/commit/1cde07b9789ff3b58be4af4596065d4f6fc365f0 + +--- + gio/gsettings.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gio/gsettings.c b/gio/gsettings.c +index 4332ebe444..9a04a86309 100644 +--- a/gio/gsettings.c ++++ b/gio/gsettings.c +@@ -3296,7 +3296,7 @@ g_settings_action_get_property (GObject *object, guint prop_id, + break; + + case ACTION_PROP_STATE: +- g_value_set_variant (value, g_settings_action_get_state (action)); ++ g_value_take_variant (value, g_settings_action_get_state (action)); + break; + + default: diff --git a/backport-gsignal-Plug-g-signal-connect-object-leak.patch b/backport-gsignal-Plug-g-signal-connect-object-leak.patch deleted file mode 100644 index 9445a044da9ba8cb824219dd2459e54be7d3c209..0000000000000000000000000000000000000000 --- a/backport-gsignal-Plug-g-signal-connect-object-leak.patch +++ /dev/null @@ -1,39 +0,0 @@ -From d691c2ebd269e394457d6367db14cf2cc22bc281 Mon Sep 17 00:00:00 2001 -From: Ray Strode -Date: Tue, 13 Oct 2020 09:24:02 -0400 -Subject: [PATCH 0999/1095] gsignal: Plug g_signal_connect_object leak - -commit 916297be799ee001b4a214cc52c3b960bb0b5deb added a hash table -to provide constant time lookups of signal handlers. - -Unfortunately, that commit neglected to remove handlers from -g_signal_connect_object calls from the hash table that are -disconnected implicitly when the associated object goes away. - -This commit addresses that bug by changing the closure invalidate -handler associated with the signal connection to properly remove the -handler from the hash table. - -reason:Plug g_signal_connect_object leak - -Conflict:NA -Reference:https://github.com/GNOME/glib/commit/d691c2ebd269e394457d6367db14cf2cc22bc281 ---- - gobject/gsignal.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/gobject/gsignal.c b/gobject/gsignal.c -index ebf5b3c..41599eb 100644 ---- a/gobject/gsignal.c -+++ b/gobject/gsignal.c -@@ -3916,6 +3916,7 @@ invalid_closure_notify (gpointer instance, - g_assert (handler != NULL); - g_assert (handler->closure == closure); - -+ g_hash_table_remove (g_handlers, handler); - handler->sequential_number = 0; - handler->block_count = 1; - handler_unref_R (signal_id, instance, handler); --- -1.8.3.1 - diff --git a/backport-gtestutils-Fix-a-minor-memory-leak.patch b/backport-gtestutils-Fix-a-minor-memory-leak.patch deleted file mode 100644 index 4ee4bc1c16a8747a5c0ba64270c610c0495bce18..0000000000000000000000000000000000000000 --- a/backport-gtestutils-Fix-a-minor-memory-leak.patch +++ /dev/null @@ -1,35 +0,0 @@ -From b639687b60fb0bd1e2addfa960c3532bf3ebf2a3 Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Tue, 18 Aug 2020 09:33:06 +0100 -Subject: [PATCH 0861/1095] gtestutils: Fix a minor memory leak - -Coverity CID: #1430603 -Signed-off-by: Philip Withnall - -reason:gtestutils: Fix a minor memory leak - -Conflict:NA -Reference:https://github.com/GNOME/glib/commit/b639687b60fb0bd1e2addfa960c3532bf3ebf2a3 ---- - glib/gtestutils.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/glib/gtestutils.c b/glib/gtestutils.c -index 8ca995c..3b03e98 100644 ---- a/glib/gtestutils.c -+++ b/glib/gtestutils.c -@@ -1530,7 +1530,10 @@ void - - test_prgname = g_path_get_basename (g_get_prgname ()); - if (*test_prgname == '\0') -- test_prgname = g_strdup ("unknown"); -+ { -+ g_free (test_prgname); -+ test_prgname = g_strdup ("unknown"); -+ } - tmpl = g_strdup_printf ("test_%s_XXXXXX", test_prgname); - g_free (test_prgname); - --- -1.8.3.1 - diff --git a/backport-gthread-Destroy-value-after-replacing-it.patch b/backport-gthread-Destroy-value-after-replacing-it.patch deleted file mode 100644 index 0d65b4c0cda7c3c57fe2e4ba160a763183b08b85..0000000000000000000000000000000000000000 --- a/backport-gthread-Destroy-value-after-replacing-it.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 8c76bec77985be7f4c81a052ec649232341369f6 Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Wed, 30 Sep 2020 16:16:11 +0100 -Subject: [PATCH] gthread: Destroy value after replacing it in - g_private_replace() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -If the old value is destroyed before updating the TLS value in pthreads -(or the Windows equivalent) then there’s a risk of infinite recursion if -`g_private_replace()` is called from within the `GDestroyNotify`. - -Avoid that by destroying the old value after doing the TLS update. - -Thanks to Matthias Clasen for diagnosing the issue. - -Signed-off-by: Philip Withnall - -Fixes: #2210 - -reason:gtestutils: Destroy value after replacing it in g_private_replace() - -Conflict:NA -Reference:https://github.com/GNOME/glib/commit/8c76bec77985be7f4c81a052ec649232341369f6 ---- - glib/gthread-posix.c | 5 +++-- - glib/gthread-win32.c | 2 +- - 2 files changed, 4 insertions(+), 3 deletions(-) - -diff --git a/glib/gthread-posix.c b/glib/gthread-posix.c -index f360559..f09f58a 100644 ---- a/glib/gthread-posix.c -+++ b/glib/gthread-posix.c -@@ -1116,11 +1116,12 @@ g_private_replace (GPrivate *key, - gint status; - - old = pthread_getspecific (*impl); -- if (old && key->notify) -- key->notify (old); - - if G_UNLIKELY ((status = pthread_setspecific (*impl, value)) != 0) - g_thread_abort (status, "pthread_setspecific"); -+ -+ if (old && key->notify) -+ key->notify (old); - } - - /* {{{1 GThread */ -diff --git a/glib/gthread-win32.c b/glib/gthread-win32.c -index 54f74f2..0c37dc6 100644 ---- a/glib/gthread-win32.c -+++ b/glib/gthread-win32.c -@@ -373,9 +373,9 @@ g_private_replace (GPrivate *key, - gpointer old; - - old = TlsGetValue (impl); -+ TlsSetValue (impl, value); - if (old && key->notify) - key->notify (old); -- TlsSetValue (impl, value); - } - - /* {{{1 GThread */ --- -1.8.3.1 - diff --git a/backport-gtimezone-support-footers-in-TZif-files.patch b/backport-gtimezone-support-footers-in-TZif-files.patch deleted file mode 100644 index b2fc51384c19a14419627e4feb5415982e98581b..0000000000000000000000000000000000000000 --- a/backport-gtimezone-support-footers-in-TZif-files.patch +++ /dev/null @@ -1,175 +0,0 @@ -From 25d950b61f92f25cc9ab20d683aa4d6969f93098 Mon Sep 17 00:00:00 2001 -From: Paul Eggert -Date: Thu, 16 Jul 2020 12:41:49 -0700 -Subject: [PATCH 0734/1095] gtimezone: support footers in TZif files - -Since tzcode95f (1995), TZif files have had a trailing -TZ string, used for timestamps after the last transition. -This string is specified in Internet RFC 8536 section 3.3. -init_zone_from_iana_info has ignored this string, causing it -to mishandle timestamps past the year 2038. With zic's new -b -slim flag, init_zone_from_iana_info would even mishandle current -timestamps. Fix this by parsing the trailing TZ string and adding -its transitions. - -Closes #2129 - -reason:support footers in TZif files - -Conflict:NA -Reference:https://github.com/GNOME/glib/commit/25d950b61f92f25cc9ab20d683aa4d6969f93098 ---- - glib/gtimezone.c | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 93 insertions(+), 3 deletions(-) - -diff --git a/glib/gtimezone.c b/glib/gtimezone.c -index 80f3882..fcf1057 100644 ---- a/glib/gtimezone.c -+++ b/glib/gtimezone.c -@@ -203,6 +203,10 @@ static GTimeZone *tz_local = NULL; - there's no point in getting carried - away. */ - -+#ifdef G_OS_UNIX -+static GTimeZone *parse_footertz (const gchar *, size_t); -+#endif -+ - /** - * g_time_zone_unref: - * @tz: a #GTimeZone -@@ -555,7 +559,12 @@ init_zone_from_iana_info (GTimeZone *gtz, - guint8 *tz_transitions, *tz_type_index, *tz_ttinfo; - guint8 *tz_abbrs; - gsize timesize = sizeof (gint32); -- const struct tzhead *header = g_bytes_get_data (zoneinfo, &size); -+ gconstpointer header_data = g_bytes_get_data (zoneinfo, &size); -+ const gchar *data = header_data; -+ const struct tzhead *header = header_data; -+ GTimeZone *footertz = NULL; -+ guint extra_time_count = 0, extra_type_count = 0; -+ gint64 last_explicit_transition_time; - - g_return_if_fail (size >= sizeof (struct tzhead) && - memcmp (header, "TZif", 4) == 0); -@@ -576,6 +585,30 @@ init_zone_from_iana_info (GTimeZone *gtz, - time_count = guint32_from_be(header->tzh_timecnt); - type_count = guint32_from_be(header->tzh_typecnt); - -+ if (header->tzh_version >= '2') -+ { -+ const gchar *footer = (((const gchar *) (header + 1)) -+ + guint32_from_be(header->tzh_ttisgmtcnt) -+ + guint32_from_be(header->tzh_ttisstdcnt) -+ + 12 * guint32_from_be(header->tzh_leapcnt) -+ + 9 * time_count -+ + 6 * type_count -+ + guint32_from_be(header->tzh_charcnt)); -+ const gchar *footerlast; -+ size_t footerlen; -+ g_return_if_fail (footer <= data + size - 2 && footer[0] == '\n'); -+ footerlast = memchr (footer + 1, '\n', data + size - (footer + 1)); -+ g_return_if_fail (footerlast); -+ footerlen = footerlast + 1 - footer; -+ if (footerlen != 2) -+ { -+ footertz = parse_footertz (footer, footerlen); -+ g_return_if_fail (footertz); -+ extra_type_count = footertz->t_info->len; -+ extra_time_count = footertz->transitions->len; -+ } -+ } -+ - tz_transitions = ((guint8 *) (header) + sizeof (*header)); - tz_type_index = tz_transitions + timesize * time_count; - tz_ttinfo = tz_type_index + time_count; -@@ -583,9 +616,9 @@ init_zone_from_iana_info (GTimeZone *gtz, - - gtz->name = g_steal_pointer (&identifier); - gtz->t_info = g_array_sized_new (FALSE, TRUE, sizeof (TransitionInfo), -- type_count); -+ type_count + extra_type_count); - gtz->transitions = g_array_sized_new (FALSE, TRUE, sizeof (Transition), -- time_count); -+ time_count + extra_time_count); - - for (index = 0; index < type_count; index++) - { -@@ -604,11 +637,46 @@ init_zone_from_iana_info (GTimeZone *gtz, - trans.time = gint64_from_be (((gint64_be*)tz_transitions)[index]); - else - trans.time = gint32_from_be (((gint32_be*)tz_transitions)[index]); -+ last_explicit_transition_time = trans.time; - trans.info_index = tz_type_index[index]; - g_assert (trans.info_index >= 0); - g_assert ((guint) trans.info_index < gtz->t_info->len); - g_array_append_val (gtz->transitions, trans); - } -+ -+ if (footertz) -+ { -+ /* Append footer time types. Don't bother to coalesce -+ duplicates with existing time types. */ -+ for (index = 0; index < extra_type_count; index++) -+ { -+ TransitionInfo t_info; -+ TransitionInfo *footer_t_info -+ = &g_array_index (footertz->t_info, TransitionInfo, index); -+ t_info.gmt_offset = footer_t_info->gmt_offset; -+ t_info.is_dst = footer_t_info->is_dst; -+ t_info.abbrev = g_steal_pointer (&footer_t_info->abbrev); -+ g_array_append_val (gtz->t_info, t_info); -+ } -+ -+ /* Append footer transitions that follow the last explicit -+ transition. */ -+ for (index = 0; index < extra_time_count; index++) -+ { -+ Transition *footer_transition -+ = &g_array_index (footertz->transitions, Transition, index); -+ if (time_count <= 0 -+ || last_explicit_transition_time < footer_transition->time) -+ { -+ Transition trans; -+ trans.time = footer_transition->time; -+ trans.info_index = type_count + footer_transition->info_index; -+ g_array_append_val (gtz->transitions, trans); -+ } -+ } -+ -+ g_time_zone_unref (footertz); -+ } - } - - #elif defined (G_OS_WIN32) -@@ -1504,6 +1572,28 @@ rules_from_identifier (const gchar *identifier, - return create_ruleset_from_rule (rules, &tzr); - } - -+#ifdef G_OS_UNIX -+static GTimeZone * -+parse_footertz (const gchar *footer, size_t footerlen) -+{ -+ gchar *tzstring = g_strndup (footer + 1, footerlen - 2); -+ GTimeZone *footertz = NULL; -+ gchar *ident; -+ TimeZoneRule *rules; -+ guint rules_num = rules_from_identifier (tzstring, &ident, &rules); -+ g_free (ident); -+ g_free (tzstring); -+ if (rules_num > 1) -+ { -+ footertz = g_slice_new0 (GTimeZone); -+ init_zone_from_rules (footertz, rules, rules_num, NULL); -+ footertz->ref_count++; -+ } -+ g_free (rules); -+ return footertz; -+} -+#endif -+ - /* Construction {{{1 */ - /** - * g_time_zone_new: --- -1.8.3.1 - diff --git a/backport-gvdb-builder-Initialise-some-memory-to-zero-in-the-bloom-filter.patch b/backport-gvdb-builder-Initialise-some-memory-to-zero-in-the-bloom-filter.patch deleted file mode 100644 index bf81e026ffae14c1232e62e33521089fc9d98d68..0000000000000000000000000000000000000000 --- a/backport-gvdb-builder-Initialise-some-memory-to-zero-in-the-bloom-filter.patch +++ /dev/null @@ -1,41 +0,0 @@ -From ea64c739239faea463f3cb9154a12cc4532ba525 Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Wed, 18 Mar 2020 09:15:59 +0000 -Subject: [PATCH 0506/1095] gvdb-builder: Initialise some memory to zero in the - bloom filter -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Until a bloom filter is implemented, we need to ensure that all the -memory returned by `file_builder_allocate()` is initialised, since it’s -not initialised at allocation time. - -Signed-off-by: Philip Withnall - -Fixes: #2 - -reason:Initialise some memory to zero in the bloom filter - -Conflict:NA -Reference:https://github.com/GNOME/glib/commit/ea64c739239faea463f3cb9154a12cc4532ba525 ---- - gio/gvdb/gvdb-builder.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/gio/gvdb/gvdb-builder.c b/gio/gvdb/gvdb-builder.c -index 2383e60..aa29d22 100644 ---- a/gio/gvdb/gvdb-builder.c -+++ b/gio/gvdb/gvdb-builder.c -@@ -339,6 +339,8 @@ file_builder_allocate_for_hash (FileBuilder *fb, - #undef chunk - - memset (*bloom_filter, 0, n_bloom_words * sizeof (guint32_le)); -+ memset (*hash_buckets, 0, n_buckets * sizeof (guint32_le)); -+ memset (*hash_items, 0, n_items * sizeof (struct gvdb_hash_item)); - - /* NOTE - the code to actually fill in the bloom filter here is missing. - * Patches welcome! --- -2.23.0 - diff --git a/backport-portal-Read-flatpak-info-in-thread-safe-fashion.patch b/backport-portal-Read-flatpak-info-in-thread-safe-fashion.patch deleted file mode 100644 index 80858571a02820e71199cd8136a11a9d9701c1ab..0000000000000000000000000000000000000000 --- a/backport-portal-Read-flatpak-info-in-thread-safe-fashion.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 4b3183435bc14daca21bced6d51ac81493649c11 Mon Sep 17 00:00:00 2001 -From: Will Thompson -Date: Mon, 13 Jul 2020 16:26:44 +0100 -Subject: [PATCH 0722/1095] portal: Read /.flatpak-info in thread-safe fashion - -There is no guarantee that this function would not be called -concurrently. Particularly since flatpak_info_read was set to TRUE -before /.flatpak-info is actually read from disk, there is a potential -race where a second thread would return default values for the various -flags set from that file. - -Fixes #2159 - -reason:Read /.flatpak-info in thread-safe fashion - -Conflict:NA -Reference:https://github.com/GNOME/glib/commit/4b3183435bc14daca21bced6d51ac81493649c11 ---- - gio/gportalsupport.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/gio/gportalsupport.c b/gio/gportalsupport.c -index b0a94b3..233f6af 100644 ---- a/gio/gportalsupport.c -+++ b/gio/gportalsupport.c -@@ -20,7 +20,6 @@ - - #include "gportalsupport.h" - --static gboolean flatpak_info_read; - static gboolean use_portal; - static gboolean network_available; - static gboolean dconf_access; -@@ -28,13 +27,12 @@ static gboolean dconf_access; - static void - read_flatpak_info (void) - { -+ static gsize flatpak_info_read = 0; - const gchar *path = "/.flatpak-info"; - -- if (flatpak_info_read) -+ if (!g_once_init_enter (&flatpak_info_read)) - return; - -- flatpak_info_read = TRUE; -- - if (g_file_test (path, G_FILE_TEST_EXISTS)) - { - GKeyFile *keyfile; -@@ -77,6 +75,8 @@ read_flatpak_info (void) - network_available = TRUE; - dconf_access = TRUE; - } -+ -+ g_once_init_leave (&flatpak_info_read, 1); - } - - gboolean --- -1.8.3.1 - diff --git a/glib-2.62.5.tar.xz b/glib-2.66.8.tar.xz similarity index 39% rename from glib-2.62.5.tar.xz rename to glib-2.66.8.tar.xz index f8ab5fa4fdd911c05262f16e9aa9e922a356afd9..967f3dfc0e89c66aa7f6846c05d8a49115795813 100644 Binary files a/glib-2.62.5.tar.xz and b/glib-2.66.8.tar.xz differ diff --git a/glib2.spec b/glib2.spec index 5ba52242873bd92d7634e3a3b947ca150c6cbb83..e2ecfb1769113811cc66c32fc42911981236d455 100644 --- a/glib2.spec +++ b/glib2.spec @@ -1,40 +1,24 @@ Name: glib2 -Version: 2.62.5 -Release: 7 +Version: 2.66.8 +Release: 1 Summary: The core library that forms the basis for projects such as GTK+ and GNOME License: LGPLv2+ URL: http://www.gtk.org -Source0: http://download.gnome.org/sources/glib/2.62/glib-%{version}.tar.xz +Source0: http://download.gnome.org/sources/glib/2.66/glib-%{version}.tar.xz Patch9001: fix-accidentally-delete-temp-file-within-dtrace.patch -Patch6000: backport-CVE-2020-35457.patch -Patch6001: backport-glib-ensure-consistent-abort-on-OOM-with-g-vasprintf-its-callers.patch -Patch6002: backport-gparamspecs-Fix-type-class-leaks-on-error-handling-paths.patch -Patch6003: backport-glocalfileinfo-Fix-minor-leak-on-error-handling-path-for-xattrs.patch -Patch6004: backport-gbookmarkfile-Fix-a-minor-leak-on-an-error-path.patch -Patch6005: backport-gvdb-builder-Initialise-some-memory-to-zero-in-the-bloom-filter.patch -Patch6006: backport-gfileutils-Correct-operator-precedence-to-avoid-undefined-pointer-maths.patch -Patch6007: backport-glib-supp-Suppress-calloc-variant-of-g-get-charset.patch -Patch6008: backport-Fix-giomodule-cache-being-wrongly-considered-stale.patch -Patch6009: backport-glocalfileinfo-Correct-an-off-by-one-error-when-unescaping-hex.patch -Patch6010: backport-portal-Read-flatpak-info-in-thread-safe-fashion.patch -Patch6011: backport-gtimezone-support-footers-in-TZif-files.patch -Patch6012: backport-gtestutils-Fix-a-minor-memory-leak.patch -Patch6013: backport-gthread-Destroy-value-after-replacing-it.patch -Patch6014: backport-gsocketclient-set-IP-BIND-ADDRESS-NO-PORT-if-binding.patch -Patch6015: backport-gsocketclient-emit-RESOLVING-RESOLVED-events-only-once.patch -Patch6016: backport-gsocketclient-Crash-on-error-if-error-is-missing.patch -Patch6017: backport-gsocketclient-return-best-errors-possible.patch -Patch6018: backport-gsignal-Plug-g-signal-connect-object-leak.patch -Patch6019: backport-Fix-the-6-days-until-the-end-of-the-month-bug.patch -Patch6020: backport-gsocketclient-fix-crash-when-async-connectio-step-fails.patch -Patch6021: backport-CVE-2021-27218.patch -Patch6022: backport-CVE-2021-27219.patch -Patch6023: backport-0001-CVE-2021-28153.patch -Patch6024: backport-0002-CVE-2021-28153.patch -Patch6025: backport-0003-CVE-2021-28153.patch -Patch6026: backport-0004-CVE-2021-28153.patch -Patch6027: backport-0005-CVE-2021-28153.patch + +Patch6001: backport-gsocketclient-set-IP-BIND-ADDRESS-NO-PORT-if-binding.patch +Patch6002: backport-gsocketclient-emit-RESOLVING-RESOLVED-events-only-once.patch +Patch6003: backport-gsocketclient-Crash-on-error-if-error-is-missing.patch +Patch6004: backport-gsocketclient-return-best-errors-possible.patch +Patch6005: backport-gsocketclient-fix-crash-when-async-connectio-step-fails.patch +Patch6006: backport-Correct-memory-leaks-of-error-in-completion-case.patch +Patch6007: backport-gapplication-Fix-a-memory-leak.patch +Patch6008: backport-gdbusauth-fix-error-leak.patch +Patch6009: backport-gdbusobjectmanagerservice-fix-leak-in-error-path.patch +Patch6010: backport-gfileenumerator-fix-leak-in-error-path.patch +Patch6011: backport-gsettings-Fix-a-minor-memory-leak-when-getting-GSettingsAction-state.patch BuildRequires: chrpath gcc gcc-c++ gettext perl-interpreter %ifnarch i686 @@ -153,7 +137,6 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %{_datadir}/bash-completion/completions/gsettings %{_bindir}/gio -%{_bindir}/gio-launch-desktop %{_bindir}/gio-querymodules* %{_bindir}/glib-compile-schemas %{_bindir}/gsettings @@ -205,6 +188,12 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %endif %changelog +* Sat Jun 5 2021 wangkerong - 2.66.8-1 +- Type:NA +- Id:NA +- SUG:NA +- DESC:Upgrade to 2.66.8 + * Fri May 21 2021 hanhui - 2.62.5-7 - add i686 options,round community patches @@ -281,4 +270,4 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : - DESC:fix CVE-2019-12450 CVE-2019-13012 * Thu Sep 19 2019 Lijin Yang - 2.58.1-2 -- Package init \ No newline at end of file +- Package init diff --git a/glib2.yaml b/glib2.yaml new file mode 100644 index 0000000000000000000000000000000000000000..67fb2b53cbdd866f6a218b94ea91b1d097e31da8 --- /dev/null +++ b/glib2.yaml @@ -0,0 +1,4 @@ +version_control: github +src_repo: GNOME/glib +tag_prefix: "^" +seperator: "."