diff --git a/backport-0001-CVE-2021-28153.patch b/backport-0001-CVE-2021-28153.patch deleted file mode 100644 index 95cda13981543d86e63bd3e576e318ebf460fcce..0000000000000000000000000000000000000000 --- a/backport-0001-CVE-2021-28153.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 78420a75aeb70569a8cd79fa0fea7b786b6f785f Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Wed, 24 Feb 2021 17:33:38 +0000 -Subject: [PATCH 1/5] glocalfileoutputstream: Fix a typo in a comment - -Signed-off-by: Philip Withnall - -Conflict:NA -Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/01c5468e10707cbf78e6e83bbcf1ce9c866f2885 ---- - gio/glocalfileoutputstream.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c -index f34c3e439..e3d31d6b3 100644 ---- a/gio/glocalfileoutputstream.c -+++ b/gio/glocalfileoutputstream.c -@@ -854,7 +854,7 @@ handle_overwrite_open (const char *filename, - mode = mode_from_flags_or_info (flags, reference_info); - - /* We only need read access to the original file if we are creating a backup. -- * We also add O_CREATE to avoid a race if the file was just removed */ -+ * We also add O_CREAT to avoid a race if the file was just removed */ - if (create_backup || readable) - open_flags = O_RDWR | O_CREAT | O_BINARY; - else --- -GitLab diff --git a/backport-0002-CVE-2021-28153.patch b/backport-0002-CVE-2021-28153.patch deleted file mode 100644 index fbfc9f0269102e530a8a6593e2351af087eff076..0000000000000000000000000000000000000000 --- a/backport-0002-CVE-2021-28153.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 32d3d02a50e7dcec5f4cf7908e7ac88d575d8fc5 Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Wed, 24 Feb 2021 17:34:32 +0000 -Subject: [PATCH 2/5] tests: Stop using g_test_bug_base() in file tests -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Since a following commit is going to add a new test which references -Gitlab, so it鈥檚 best to move the URI bases inside the test cases. - -Signed-off-by: Philip Withnall - -Conflict:NA -Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/01c5468e10707cbf78e6e83bbcf1ce9c866f2885 ---- - gio/tests/file.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/gio/tests/file.c b/gio/tests/file.c -index d8769656c..39d51dadb 100644 ---- a/gio/tests/file.c -+++ b/gio/tests/file.c -@@ -686,7 +686,7 @@ test_replace_cancel (void) - guint count; - GError *error = NULL; - -- g_test_bug ("629301"); -+ g_test_bug ("https://bugzilla.gnome.org/629301"); - - path = g_dir_make_tmp ("g_file_replace_cancel_XXXXXX", &error); - g_assert_no_error (error); -@@ -1785,8 +1785,6 @@ main (int argc, char *argv[]) - { - g_test_init (&argc, &argv, NULL); - -- g_test_bug_base ("http://bugzilla.gnome.org/"); -- - g_test_add_func ("/file/basic", test_basic); - g_test_add_func ("/file/build-filename", test_build_filename); - g_test_add_func ("/file/parent", test_parent); --- -GitLab diff --git a/backport-0003-CVE-2021-28153.patch b/backport-0003-CVE-2021-28153.patch deleted file mode 100644 index 3af74bffc1010d6333f62e62972ea1937723dd93..0000000000000000000000000000000000000000 --- a/backport-0003-CVE-2021-28153.patch +++ /dev/null @@ -1,59 +0,0 @@ -From ce0eb088a68171eed3ac217cb92a72e36eb57d1b Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Wed, 10 Mar 2021 16:05:55 +0000 -Subject: [PATCH 3/5] glocalfileoutputstream: Factor out a flag check - -This clarifies the code a little. It introduces no functional changes. - -Signed-off-by: Philip Withnall - -Conflict:NA -Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/01c5468e10707cbf78e6e83bbcf1ce9c866f2885 ---- - gio/glocalfileoutputstream.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c -index beb8fee..8b087f7 100644 ---- a/gio/glocalfileoutputstream.c -+++ b/gio/glocalfileoutputstream.c -@@ -847,6 +847,7 @@ handle_overwrite_open (const char *filename, - int res; - int mode; - int errsv; -+ gboolean replace_destination_set = (flags & G_FILE_CREATE_REPLACE_DESTINATION); - - mode = mode_from_flags_or_info (flags, reference_info); - -@@ -953,8 +954,8 @@ handle_overwrite_open (const char *filename, - * The second strategy consist simply in copying the old file - * to a backup file and rewrite the contents of the file. - */ -- -- if ((flags & G_FILE_CREATE_REPLACE_DESTINATION) || -+ -+ if (replace_destination_set || - (!(original_stat.st_nlink > 1) && !is_symlink)) - { - char *dirname, *tmp_filename; -@@ -973,7 +974,7 @@ handle_overwrite_open (const char *filename, - - /* try to keep permissions (unless replacing) */ - -- if ( ! (flags & G_FILE_CREATE_REPLACE_DESTINATION) && -+ if (!replace_destination_set && - ( - #ifdef HAVE_FCHOWN - fchown (tmpfd, original_stat.st_uid, original_stat.st_gid) == -1 || -@@ -1112,7 +1113,7 @@ handle_overwrite_open (const char *filename, - } - } - -- if (flags & G_FILE_CREATE_REPLACE_DESTINATION) -+ if (replace_destination_set) - { - g_close (fd, NULL); - --- -2.23.0 - diff --git a/backport-0004-CVE-2021-28153.patch b/backport-0004-CVE-2021-28153.patch deleted file mode 100644 index df0f68f45ea9bf534199dc7e619542ed292ba7f1..0000000000000000000000000000000000000000 --- a/backport-0004-CVE-2021-28153.patch +++ /dev/null @@ -1,283 +0,0 @@ -From 317b3b587058a05dca95d56dac26568c5b098d33 Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Wed, 24 Feb 2021 17:36:07 +0000 -Subject: [PATCH 4/5] glocalfileoutputstream: Fix CREATE_REPLACE_DESTINATION - with symlinks -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The `G_FILE_CREATE_REPLACE_DESTINATION` flag is equivalent to unlinking -the destination file and re-creating it from scratch. That did -previously work, but in the process the code would call `open(O_CREAT)` -on the file. If the file was a dangling symlink, this would create the -destination file (empty). That鈥檚 not an intended side-effect, and has -security implications if the symlink is controlled by a lower-privileged -process. - -Fix that by not opening the destination file if it鈥檚 a symlink, and -adjusting the rest of the code to cope with - - the fact that `fd == -1` is not an error iff `is_symlink` is true, - - and that `original_stat` will contain the `lstat()` results for the - symlink now, rather than the `stat()` results for its target (again, - iff `is_symlink` is true). - -This means that the target of the dangling symlink is no longer created, -which was the bug. The symlink itself continues to be replaced (as -before) with the new file 鈥� this is the intended behaviour of -`g_file_replace()`. - -The behaviour for non-symlink cases, or cases where the symlink was not -dangling, should be unchanged. - -Includes a unit test. - -Signed-off-by: Philip Withnall - -Fixes: #2325 - -Conflict:NA -Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/01c5468e10707cbf78e6e83bbcf1ce9c866f2885 - ---- - gio/glocalfileoutputstream.c | 65 +++++++++++++++------ - gio/tests/file.c | 108 +++++++++++++++++++++++++++++++++++ - 2 files changed, 156 insertions(+), 17 deletions(-) - -diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c -index 8b087f7..e6edb5e 100644 ---- a/gio/glocalfileoutputstream.c -+++ b/gio/glocalfileoutputstream.c -@@ -875,16 +875,22 @@ handle_overwrite_open (const char *filename, - /* Could be a symlink, or it could be a regular ELOOP error, - * but then the next open will fail too. */ - is_symlink = TRUE; -- fd = g_open (filename, open_flags, mode); -+ if (!replace_destination_set) -+ fd = g_open (filename, open_flags, mode); - } --#else -- fd = g_open (filename, open_flags, mode); -- errsv = errno; -+#else /* if !O_NOFOLLOW */ - /* This is racy, but we do it as soon as possible to minimize the race */ - is_symlink = g_file_test (filename, G_FILE_TEST_IS_SYMLINK); -+ -+ if (!is_symlink || !replace_destination_set) -+ { -+ fd = g_open (filename, open_flags, mode); -+ errsv = errno; -+ } - #endif - -- if (fd == -1) -+ if (fd == -1 && -+ (!is_symlink || !replace_destination_set)) - { - char *display_name = g_filename_display_name (filename); - g_set_error (error, G_IO_ERROR, -@@ -894,13 +900,26 @@ handle_overwrite_open (const char *filename, - g_free (display_name); - return -1; - } -- -+ -+ if (!is_symlink) -+ { - #ifdef G_OS_WIN32 -- res = GLIB_PRIVATE_CALL (g_win32_fstat) (fd, &original_stat); -+ res = GLIB_PRIVATE_CALL (g_win32_fstat) (fd, &original_stat); - #else -- res = fstat (fd, &original_stat); -+ res = fstat (fd, &original_stat); - #endif -- errsv = errno; -+ errsv = errno; -+ } -+ else -+ { -+#ifdef G_OS_WIN32 -+ res = GLIB_PRIVATE_CALL (g_win32_fstat) (filename, &original_stat); -+#else -+ res = fstat (filename, &original_stat); -+#endif -+ errsv = errno; -+ } -+ - - if (res != 0) - { -@@ -917,16 +936,27 @@ handle_overwrite_open (const char *filename, - if (!S_ISREG (original_stat.st_mode)) - { - if (S_ISDIR (original_stat.st_mode)) -- g_set_error_literal (error, -- G_IO_ERROR, -- G_IO_ERROR_IS_DIRECTORY, -- _("Target file is a directory")); -- else -- g_set_error_literal (error, -+ { -+ g_set_error_literal (error, -+ G_IO_ERROR, -+ G_IO_ERROR_IS_DIRECTORY, -+ _("Target file is a directory")); -+ goto err_out; -+ } -+ else if (!is_symlink || -+#ifdef S_ISLNK -+ !S_ISLNK (original_stat.st_mode) -+#else -+ FALSE -+#endif -+ ) -+ { -+ g_set_error_literal (error, - G_IO_ERROR, - G_IO_ERROR_NOT_REGULAR_FILE, - _("Target file is not a regular file")); -- goto err_out; -+ goto err_out; -+ } - } - - if (etag != NULL) -@@ -1007,7 +1037,8 @@ handle_overwrite_open (const char *filename, - } - } - -- g_close (fd, NULL); -+ if (fd >= 0) -+ g_close (fd, NULL); - *temp_filename = tmp_filename; - return tmpfd; - } -diff --git a/gio/tests/file.c b/gio/tests/file.c -index d51ac6d..51b665f 100644 ---- a/gio/tests/file.c -+++ b/gio/tests/file.c -@@ -804,6 +804,113 @@ test_replace_cancel (void) - g_object_unref (tmpdir); - } - -+static void -+test_replace_symlink (void) -+{ -+#ifdef G_OS_UNIX -+ gchar *tmpdir_path = NULL; -+ GFile *tmpdir = NULL, *source_file = NULL, *target_file = NULL; -+ GFileOutputStream *stream = NULL; -+ const gchar *new_contents = "this is a test message which should be written to source and not target"; -+ gsize n_written; -+ GFileEnumerator *enumerator = NULL; -+ GFileInfo *info = NULL; -+ gchar *contents = NULL; -+ gsize length = 0; -+ GError *local_error = NULL; -+ -+ g_test_bug ("https://gitlab.gnome.org/GNOME/glib/-/issues/2325"); -+ g_test_summary ("Test that G_FILE_CREATE_REPLACE_DESTINATION doesn’t follow symlinks"); -+ -+ /* Create a fresh, empty working directory. */ -+ tmpdir_path = g_dir_make_tmp ("g_file_replace_symlink_XXXXXX", &local_error); -+ g_assert_no_error (local_error); -+ tmpdir = g_file_new_for_path (tmpdir_path); -+ -+ g_test_message ("Using temporary directory %s", tmpdir_path); -+ g_free (tmpdir_path); -+ -+ /* Create symlink `source` which points to `target`. */ -+ source_file = g_file_get_child (tmpdir, "source"); -+ target_file = g_file_get_child (tmpdir, "target"); -+ g_file_make_symbolic_link (source_file, "target", NULL, &local_error); -+ g_assert_no_error (local_error); -+ -+ /* Ensure that `target` doesn’t exist */ -+ g_assert_false (g_file_query_exists (target_file, NULL)); -+ -+ /* Replace the `source` symlink with a regular file using -+ * %G_FILE_CREATE_REPLACE_DESTINATION, which should replace it *without* -+ * following the symlink */ -+ stream = g_file_replace (source_file, NULL, FALSE /* no backup */, -+ G_FILE_CREATE_REPLACE_DESTINATION, NULL, &local_error); -+ g_assert_no_error (local_error); -+ -+ g_output_stream_write_all (G_OUTPUT_STREAM (stream), new_contents, strlen (new_contents), -+ &n_written, NULL, &local_error); -+ g_assert_no_error (local_error); -+ g_assert_cmpint (n_written, ==, strlen (new_contents)); -+ -+ g_output_stream_close (G_OUTPUT_STREAM (stream), NULL, &local_error); -+ g_assert_no_error (local_error); -+ -+ g_clear_object (&stream); -+ -+ /* At this point, there should still only be one file: `source`. It should -+ * now be a regular file. `target` should not exist. */ -+ enumerator = g_file_enumerate_children (tmpdir, -+ G_FILE_ATTRIBUTE_STANDARD_NAME "," -+ G_FILE_ATTRIBUTE_STANDARD_TYPE, -+ G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, NULL, &local_error); -+ g_assert_no_error (local_error); -+ -+ info = g_file_enumerator_next_file (enumerator, NULL, &local_error); -+ g_assert_no_error (local_error); -+ g_assert_nonnull (info); -+ -+ g_assert_cmpstr (g_file_info_get_name (info), ==, "source"); -+ g_assert_cmpint (g_file_info_get_file_type (info), ==, G_FILE_TYPE_REGULAR); -+ -+ g_clear_object (&info); -+ -+ info = g_file_enumerator_next_file (enumerator, NULL, &local_error); -+ g_assert_no_error (local_error); -+ g_assert_null (info); -+ -+ g_file_enumerator_close (enumerator, NULL, &local_error); -+ g_assert_no_error (local_error); -+ g_clear_object (&enumerator); -+ -+ /* Double-check that `target` doesn’t exist */ -+ g_assert_false (g_file_query_exists (target_file, NULL)); -+ -+ /* Check the content of `source`. */ -+ g_file_load_contents (source_file, -+ NULL, -+ &contents, -+ &length, -+ NULL, -+ &local_error); -+ g_assert_no_error (local_error); -+ g_assert_cmpstr (contents, ==, new_contents); -+ g_assert_cmpuint (length, ==, strlen (new_contents)); -+ g_free (contents); -+ -+ /* Tidy up. */ -+ g_file_delete (source_file, NULL, &local_error); -+ g_assert_no_error (local_error); -+ -+ g_file_delete (tmpdir, NULL, &local_error); -+ g_assert_no_error (local_error); -+ -+ g_clear_object (&target_file); -+ g_clear_object (&source_file); -+ g_clear_object (&tmpdir); -+#else /* if !G_OS_UNIX */ -+ g_test_skip ("Symlink replacement tests can only be run on Unix") -+#endif -+} -+ - static void - on_file_deleted (GObject *object, - GAsyncResult *result, -@@ -1752,6 +1859,7 @@ main (int argc, char *argv[]) - g_test_add_data_func ("/file/async-create-delete/4096", GINT_TO_POINTER (4096), test_create_delete); - g_test_add_func ("/file/replace-load", test_replace_load); - g_test_add_func ("/file/replace-cancel", test_replace_cancel); -+ g_test_add_func ("/file/replace-symlink", test_replace_symlink); - g_test_add_func ("/file/async-delete", test_async_delete); - #ifdef G_OS_UNIX - g_test_add_func ("/file/copy-preserve-mode", test_copy_preserve_mode); --- -2.23.0 - diff --git a/backport-0005-CVE-2021-28153.patch b/backport-0005-CVE-2021-28153.patch deleted file mode 100644 index 2e819beb4b690d8f46acbcc761f91a48e99c83bb..0000000000000000000000000000000000000000 --- a/backport-0005-CVE-2021-28153.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 6c6439261bc7a8a0627519848a7222b3e1bd4ffe Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Wed, 24 Feb 2021 17:42:24 +0000 -Subject: [PATCH 5/5] glocalfileoutputstream: Add a missing O_CLOEXEC flag to - replace() - -Signed-off-by: Philip Withnall - -Conflict:NA -Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/01c5468e10707cbf78e6e83bbcf1ce9c866f2885 ---- - gio/glocalfileoutputstream.c | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - -diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c -index a2c7e3cc0..4c512ea81 100644 ---- a/gio/glocalfileoutputstream.c -+++ b/gio/glocalfileoutputstream.c -@@ -63,6 +63,12 @@ - #define O_BINARY 0 - #endif - -+#ifndef O_CLOEXEC -+#define O_CLOEXEC 0 -+#else -+#define HAVE_O_CLOEXEC 1 -+#endif -+ - struct _GLocalFileOutputStreamPrivate { - char *tmp_filename; - char *original_filename; -@@ -1239,7 +1245,7 @@ _g_local_file_output_stream_replace (const char *filename, - sync_on_close = FALSE; - - /* If the file doesn't exist, create it */ -- open_flags = O_CREAT | O_EXCL | O_BINARY; -+ open_flags = O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC; - if (readable) - open_flags |= O_RDWR; - else -@@ -1269,8 +1275,11 @@ _g_local_file_output_stream_replace (const char *filename, - set_error_from_open_errno (filename, error); - return NULL; - } -- -- -+#if !defined(HAVE_O_CLOEXEC) && defined(F_SETFD) -+ else -+ fcntl (fd, F_SETFD, FD_CLOEXEC); -+#endif -+ - stream = g_object_new (G_TYPE_LOCAL_FILE_OUTPUT_STREAM, NULL); - stream->priv->fd = fd; - stream->priv->sync_on_close = sync_on_close; --- -GitLab diff --git a/backport-CVE-2020-35457.patch b/backport-CVE-2020-35457.patch deleted file mode 100644 index 66b1b281e638f2653e62fdedc742ebf4fbcfecf6..0000000000000000000000000000000000000000 --- a/backport-CVE-2020-35457.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 63c5b62f0a984fac9a9700b12f54fe878e016a5d Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Wed, 2 Sep 2020 12:38:09 +0100 -Subject: [PATCH] goption: Add a precondition to avoid GOptionEntry list - overflow -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -reason:Add a precondition to avoid GOptionEntry list overflow -Conflict:NA -Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d - -Signed-off-by: Philip Withnall - -Fixes: #2197 ---- - glib/goption.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/glib/goption.c b/glib/goption.c -index 9f5b977c4..bb9093a33 100644 ---- a/glib/goption.c -+++ b/glib/goption.c -@@ -2422,6 +2422,8 @@ g_option_group_add_entries (GOptionGroup *group, - - for (n_entries = 0; entries[n_entries].long_name != NULL; n_entries++) ; - -+ g_return_if_fail (n_entries <= G_MAXSIZE - group->n_entries); -+ - group->entries = g_renew (GOptionEntry, group->entries, group->n_entries + n_entries); - - /* group->entries could be NULL in the trivial case where we add no --- -GitLab - diff --git a/backport-CVE-2021-27218.patch b/backport-CVE-2021-27218.patch deleted file mode 100644 index 86f4cdb1c9bb6f7ed10dda6d4babbaea483079a3..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-27218.patch +++ /dev/null @@ -1,60 +0,0 @@ -From acb7b0ec69f26a7df10af3992359890b09f076e8 Mon Sep 17 00:00:00 2001 -From: Krzesimir Nowak -Date: Wed, 10 Feb 2021 23:51:07 +0100 -Subject: [PATCH] gbytearray: Do not accept too large byte arrays - -GByteArray uses guint for storing the length of the byte array, but it -also has a constructor (g_byte_array_new_take) that takes length as a -gsize. gsize may be larger than guint (64 bits for gsize vs 32 bits -for guint). It is possible to call the function with a value greater -than G_MAXUINT, which will result in silent length truncation. This -may happen as a result of unreffing GBytes into GByteArray, so rather -be loud about it. - -(Test case tweaked by Philip Withnall.) ---- - glib/garray.c | 6 ++++++ - glib/gbytes.c | 4 ++++ - 2 files changed, 10 insertions(+) - -diff --git a/glib/garray.c b/glib/garray.c -index de720210c..2b66f16a6 100644 ---- a/glib/garray.c -+++ b/glib/garray.c -@@ -2261,6 +2261,10 @@ g_byte_array_steal (GByteArray *array, - * Create byte array containing the data. The data will be owned by the array - * and will be freed with g_free(), i.e. it could be allocated using g_strdup(). - * -+ * Do not use it if @len is greater than %G_MAXUINT. #GByteArray -+ * stores the length of its data in #guint, which may be shorter than -+ * #gsize. -+ * - * Since: 2.32 - * - * Returns: (transfer full): a new #GByteArray -@@ -2272,6 +2276,8 @@ g_byte_array_new_take (guint8 *data, - GByteArray *array; - GRealArray *real; - -+ g_return_val_if_fail (len <= G_MAXUINT, NULL); -+ - array = g_byte_array_new (); - real = (GRealArray *)array; - g_assert (real->data == NULL); -diff --git a/glib/gbytes.c b/glib/gbytes.c -index 00fd79155..aaadf451b 100644 ---- a/glib/gbytes.c -+++ b/glib/gbytes.c -@@ -519,6 +519,10 @@ g_bytes_unref_to_data (GBytes *bytes, - * g_bytes_new(), g_bytes_new_take() or g_byte_array_free_to_bytes(). In all - * other cases the data is copied. - * -+ * Do not use it if @bytes contains more than %G_MAXUINT -+ * bytes. #GByteArray stores the length of its data in #guint, which -+ * may be shorter than #gsize, that @bytes is using. -+ * - * Returns: (transfer full): a new mutable #GByteArray containing the same byte data - * - * Since: 2.32 --- -GitLab diff --git a/backport-CVE-2021-27219.patch b/backport-CVE-2021-27219.patch deleted file mode 100644 index 8420bd7bf7e518c369fbd7c2e642a8131272d008..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-27219.patch +++ /dev/null @@ -1,808 +0,0 @@ -From f8cf0b8672209e0b829542e194e302f1de169929 Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Thu, 4 Feb 2021 13:30:52 +0000 -Subject: [PATCH 01/11] gstrfuncs: Add g_memdup2() function - -This will replace the existing `g_memdup()` function, which has an -unavoidable security flaw of taking its `byte_size` argument as a -`guint` rather than as a `gsize`. Most callers will expect it to be a -`gsize`, and may pass in large values which could silently be truncated, -resulting in an undersize allocation compared to what the caller -expects. - -This could lead to a classic buffer overflow vulnerability for many -callers of `g_memdup()`. - -`g_memdup2()`, in comparison, takes its `byte_size` as a `gsize`. - -Spotted by Kevin Backhouse of GHSL. - -Signed-off-by: Philip Withnall -Helps: GHSL-2021-045 -Helps: #2319 - -reason:Fix CVE-2021-27219 - -Conflict:NA -Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/20cfc75d148e3be0c026cc7eff3a9cdb72bf5c56 - -diff -Naur a/docs/reference/glib/glib-sections.txt b/docs/reference/glib/glib-sections.txt ---- a/docs/reference/glib/glib-sections.txt 2021-03-06 09:46:03.657000000 +0800 -+++ b/docs/reference/glib/glib-sections.txt 2021-03-05 14:58:36.022000000 +0800 -@@ -1275,6 +1275,7 @@ - - g_memmove - g_memdup -+g_memdup2 - - - GMemVTable -diff -Naur a/gio/gdatainputstream.c b/gio/gdatainputstream.c ---- a/gio/gdatainputstream.c 2021-03-06 09:46:03.661000000 +0800 -+++ b/gio/gdatainputstream.c 2021-03-05 15:10:26.335000000 +0800 -@@ -856,7 +856,7 @@ - scan_for_chars (GDataInputStream *stream, - gsize *checked_out, - const char *stop_chars, -- gssize stop_chars_len) -+ gsize stop_chars_len) - { - GBufferedInputStream *bstream; - const char *buffer; -@@ -952,7 +952,7 @@ - gsize checked; - - gchar *stop_chars; -- gssize stop_chars_len; -+ gsize stop_chars_len; - gsize length; - } GDataInputStreamReadData; - -@@ -1078,12 +1078,16 @@ - { - GDataInputStreamReadData *data; - GTask *task; -+ gsize stop_chars_len_unsigned; - - data = g_slice_new0 (GDataInputStreamReadData); -- if (stop_chars_len == -1) -- stop_chars_len = strlen (stop_chars); -- data->stop_chars = g_memdup (stop_chars, stop_chars_len); -- data->stop_chars_len = stop_chars_len; -+ if (stop_chars_len < 0) -+ stop_chars_len_unsigned = strlen (stop_chars); -+ else -+ stop_chars_len_unsigned = (gsize) stop_chars_len; -+ -+ data->stop_chars = g_memdup2 (stop_chars, stop_chars_len_unsigned); -+ data->stop_chars_len = stop_chars_len_unsigned; - data->last_saw_cr = FALSE; - - task = g_task_new (stream, cancellable, callback, user_data); -@@ -1338,17 +1342,20 @@ - gssize found_pos; - gssize res; - char *data_until; -+ gsize stop_chars_len_unsigned; - - g_return_val_if_fail (G_IS_DATA_INPUT_STREAM (stream), NULL); - - if (stop_chars_len < 0) -- stop_chars_len = strlen (stop_chars); -+ stop_chars_len_unsigned = strlen (stop_chars); -+ else -+ stop_chars_len_unsigned = (gsize) stop_chars_len; - - bstream = G_BUFFERED_INPUT_STREAM (stream); - - checked = 0; - -- while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len)) == -1) -+ while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len_unsigned)) == -1) - { - if (g_buffered_input_stream_get_available (bstream) == - g_buffered_input_stream_get_buffer_size (bstream)) -diff -Naur a/gio/gdbusconnection.c b/gio/gdbusconnection.c ---- a/gio/gdbusconnection.c 2021-03-06 09:46:03.663000000 +0800 -+++ b/gio/gdbusconnection.c 2021-03-05 15:14:19.973000000 +0800 -@@ -3997,7 +3997,7 @@ - /* Don't waste memory by copying padding - remember to update this - * when changing struct _GDBusInterfaceVTable in gdbusconnection.h - */ -- return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer)); -+ return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer)); - } - - static void -@@ -4014,7 +4014,7 @@ - /* Don't waste memory by copying padding - remember to update this - * when changing struct _GDBusSubtreeVTable in gdbusconnection.h - */ -- return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer)); -+ return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer)); - } - - static void -diff -Naur a/gio/gdbusinterfaceskeleton.c b/gio/gdbusinterfaceskeleton.c ---- a/gio/gdbusinterfaceskeleton.c 2021-03-06 09:46:03.663000000 +0800 -+++ b/gio/gdbusinterfaceskeleton.c 2021-03-05 15:36:52.369000000 +0800 -@@ -701,7 +701,7 @@ - * properly before building the hooked_vtable, so we create it - * once at the last minute. - */ -- interface_->priv->hooked_vtable = g_memdup (g_dbus_interface_skeleton_get_vtable (interface_), sizeof (GDBusInterfaceVTable)); -+ interface_->priv->hooked_vtable = g_memdup2 (g_dbus_interface_skeleton_get_vtable (interface_), sizeof (GDBusInterfaceVTable)); - interface_->priv->hooked_vtable->method_call = skeleton_intercept_handle_method_call; - } - -diff -Naur a/gio/gfile.c b/gio/gfile.c ---- a/gio/gfile.c 2021-03-06 09:46:03.666000000 +0800 -+++ b/gio/gfile.c 2021-03-05 15:44:25.759000000 +0800 -@@ -7884,7 +7884,7 @@ - g_main_context_invoke_full (g_task_get_context (task), - g_task_get_priority (task), - measure_disk_usage_invoke_progress, -- g_memdup (&progress, sizeof progress), -+ g_memdup2 (&progress, sizeof progress), - g_free); - } - -@@ -7902,7 +7902,7 @@ - data->progress_callback ? measure_disk_usage_progress : NULL, task, - &result.disk_usage, &result.num_dirs, &result.num_files, - &error)) -- g_task_return_pointer (task, g_memdup (&result, sizeof result), g_free); -+ g_task_return_pointer (task, g_memdup2 (&result, sizeof result), g_free); - else - g_task_return_error (task, error); - } -@@ -7926,7 +7926,7 @@ - - task = g_task_new (file, cancellable, callback, user_data); - g_task_set_source_tag (task, g_file_real_measure_disk_usage_async); -- g_task_set_task_data (task, g_memdup (&data, sizeof data), g_free); -+ g_task_set_task_data (task, g_memdup2 (&data, sizeof data), g_free); - g_task_set_priority (task, io_priority); - - g_task_run_in_thread (task, measure_disk_usage_thread); -diff -Naur a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c ---- a/gio/gkeyfilesettingsbackend.c 2021-03-06 09:46:03.670000000 +0800 -+++ b/gio/gkeyfilesettingsbackend.c 2021-03-05 17:24:26.933000000 +0800 -@@ -145,8 +145,8 @@ - gchar **group, - gchar **basename) - { -- gint key_len = strlen (key); -- gint i; -+ gsize key_len = strlen (key); -+ const gchar *last_slash; - - if (key_len < kfsb->prefix_len || - memcmp (key, kfsb->prefix, kfsb->prefix_len) != 0) -@@ -155,38 +155,36 @@ - key_len -= kfsb->prefix_len; - key += kfsb->prefix_len; - -- for (i = key_len; i >= 0; i--) -- if (key[i] == '/') -- break; -+ last_slash = strrchr (key, '/'); - - if (kfsb->root_group) - { - /* if a root_group was specified, make sure the user hasn't given - * a path that ghosts that group name - */ -- if (i == kfsb->root_group_len && memcmp (key, kfsb->root_group, i) == 0) -+ if (last_slash != NULL && (last_slash - key) == kfsb->root_group_len && memcmp (key, kfsb->root_group, last_slash - key) == 0) - return FALSE; - } - else - { - /* if no root_group was given, ensure that the user gave a path */ -- if (i == -1) -+ if (last_slash == NULL) - return FALSE; - } - - if (group) - { -- if (i >= 0) -+ if (last_slash != NULL) - { -- *group = g_memdup (key, i + 1); -- (*group)[i] = '\0'; -+ *group = g_memdup2 (key, (last_slash - key) + 1); -+ (*group)[(last_slash - key)] = '\0'; - } - else - *group = g_strdup (kfsb->root_group); - } - - if (basename) -- *basename = g_memdup (key + i + 1, key_len - i); -+ *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key)); - - return TRUE; - } -diff -Naur a/gio/gsettingsschema.c b/gio/gsettingsschema.c ---- a/gio/gsettingsschema.c 2021-03-06 09:46:03.675000000 +0800 -+++ b/gio/gsettingsschema.c 2021-03-05 16:08:24.724000000 +0800 -@@ -1058,9 +1058,9 @@ - - if (g_str_has_suffix (key, "/")) - { -- gint length = strlen (key); -+ gsize length = strlen (key); - -- strv[j] = g_memdup (key, length); -+ strv[j] = g_memdup2 (key, length); - strv[j][length - 1] = '\0'; - j++; - } -diff -Naur a/gio/gsocket.c b/gio/gsocket.c ---- a/gio/gsocket.c 2021-03-06 09:46:03.675000000 +0800 -+++ b/gio/gsocket.c 2021-03-05 16:34:42.236000000 +0800 -@@ -174,7 +174,7 @@ - GError **error); - - static GSocketAddress * --cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len); -+cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len); - - static gssize - g_socket_receive_message_with_timeout (GSocket *socket, -@@ -260,7 +260,7 @@ - struct { - GSocketAddress *addr; - struct sockaddr *native; -- gint native_len; -+ gsize native_len; - guint64 last_used; - } recv_addr_cache[RECV_ADDR_CACHE_SIZE]; - }; -@@ -5211,14 +5211,14 @@ - } - - static GSocketAddress * --cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len) -+cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len) - { - GSocketAddress *saddr; - gint i; - guint64 oldest_time = G_MAXUINT64; - gint oldest_index = 0; - -- if (native_len <= 0) -+ if (native_len == 0) - return NULL; - - saddr = NULL; -@@ -5226,7 +5226,7 @@ - { - GSocketAddress *tmp = socket->priv->recv_addr_cache[i].addr; - gpointer tmp_native = socket->priv->recv_addr_cache[i].native; -- gint tmp_native_len = socket->priv->recv_addr_cache[i].native_len; -+ gsize tmp_native_len = socket->priv->recv_addr_cache[i].native_len; - - if (!tmp) - continue; -@@ -5256,7 +5256,7 @@ - g_free (socket->priv->recv_addr_cache[oldest_index].native); - } - -- socket->priv->recv_addr_cache[oldest_index].native = g_memdup (native, native_len); -+ socket->priv->recv_addr_cache[oldest_index].native = g_memdup2 (native, native_len); - socket->priv->recv_addr_cache[oldest_index].native_len = native_len; - socket->priv->recv_addr_cache[oldest_index].addr = g_object_ref (saddr); - socket->priv->recv_addr_cache[oldest_index].last_used = g_get_monotonic_time (); -@@ -5404,6 +5404,9 @@ - /* do it */ - while (1) - { -+ /* addrlen has to be of type int because that’s how WSARecvFrom() is defined */ -+ G_STATIC_ASSERT (sizeof addr <= G_MAXINT); -+ - addrlen = sizeof addr; - if (address) - result = WSARecvFrom (socket->priv->fd, -diff -Naur a/gio/gtlspassword.c b/gio/gtlspassword.c ---- a/gio/gtlspassword.c 2021-03-06 09:46:03.678000000 +0800 -+++ b/gio/gtlspassword.c 2021-03-05 16:36:55.266000000 +0800 -@@ -287,9 +287,14 @@ - g_return_if_fail (G_IS_TLS_PASSWORD (password)); - - if (length < 0) -- length = strlen ((gchar *)value); -+ { -+ /* FIXME: g_tls_password_set_value_full() doesn’t support unsigned gsize */ -+ gsize length_unsigned = strlen ((gchar *) value); -+ g_return_if_fail (length_unsigned > G_MAXSSIZE); -+ length = (gssize) length_unsigned; -+ } - -- g_tls_password_set_value_full (password, g_memdup (value, length), length, g_free); -+ g_tls_password_set_value_full (password, g_memdup2 (value, (gsize) length), length, g_free); - } - - /** -diff -Naur a/gio/gwin32registrykey.c b/gio/gwin32registrykey.c ---- a/gio/gwin32registrykey.c 2021-03-06 09:46:03.680000000 +0800 -+++ b/gio/gwin32registrykey.c 2021-03-05 16:43:04.459000000 +0800 -@@ -125,16 +125,34 @@ - G_WIN32_REGISTRY_UPDATED_PATH = 1, - } GWin32RegistryKeyUpdateFlag; - -+static gsize -+g_utf16_len (const gunichar2 *str) -+{ -+ gsize result; -+ -+ for (result = 0; str[0] != 0; str++, result++) -+ ; -+ -+ return result; -+} -+ - static gunichar2 * --g_wcsdup (const gunichar2 *str, -- gssize str_size) -+g_wcsdup (const gunichar2 *str, gssize str_len) - { -- if (str_size == -1) -- { -- str_size = wcslen (str) + 1; -- str_size *= sizeof (gunichar2); -- } -- return g_memdup (str, str_size); -+ gsize str_len_unsigned; -+ gsize str_size; -+ -+ g_return_val_if_fail (str != NULL, NULL); -+ -+ if (str_len < 0) -+ str_len_unsigned = g_utf16_len (str); -+ else -+ str_len_unsigned = (gsize) str_len; -+ -+ g_assert (str_len_unsigned <= G_MAXSIZE / sizeof (gunichar2) - 1); -+ str_size = (str_len_unsigned + 1) * sizeof (gunichar2); -+ -+ return g_memdup2 (str, str_size); - } - - /** -@@ -247,7 +265,7 @@ - new_iter->value_name_size = iter->value_name_size; - - if (iter->value_data != NULL) -- new_iter->value_data = g_memdup (iter->value_data, iter->value_data_size); -+ new_iter->value_data = g_memdup2 (iter->value_data, iter->value_data_size); - - new_iter->value_data_size = iter->value_data_size; - -@@ -268,8 +286,8 @@ - new_iter->value_data_expanded_charsize = iter->value_data_expanded_charsize; - - if (iter->value_data_expanded_u8 != NULL) -- new_iter->value_data_expanded_u8 = g_memdup (iter->value_data_expanded_u8, -- iter->value_data_expanded_charsize); -+ new_iter->value_data_expanded_u8 = g_memdup2 (iter->value_data_expanded_u8, -+ iter->value_data_expanded_charsize); - - new_iter->value_data_expanded_u8_size = iter->value_data_expanded_charsize; - -diff -Naur a/gio/tests/async-close-output-stream.c b/gio/tests/async-close-output-stream.c ---- a/gio/tests/async-close-output-stream.c 2021-03-06 09:46:03.682000000 +0800 -+++ b/gio/tests/async-close-output-stream.c 2021-03-05 16:54:17.745000000 +0800 -@@ -147,9 +147,9 @@ - - data->expected_size = g_memory_output_stream_get_data_size (G_MEMORY_OUTPUT_STREAM (data->data_stream)); - -- g_assert_cmpint (data->expected_size, >, 0); -+ g_assert_cmpuint (data->expected_size, >, 0); - -- data->expected_output = g_memdup (written, (guint)data->expected_size); -+ data->expected_output = g_memdup2 (written, data->expected_size); - - /* then recreate the streams and prepare them for the asynchronous close */ - destroy_streams (data); -diff -Naur a/gio/tests/gdbus-export.c b/gio/tests/gdbus-export.c ---- a/gio/tests/gdbus-export.c 2021-03-06 09:46:03.685000000 +0800 -+++ b/gio/tests/gdbus-export.c 2021-03-05 16:56:17.247000000 +0800 -@@ -671,7 +671,7 @@ - g_assert_not_reached (); - } - -- return g_memdup (interfaces, 2 * sizeof (void *)); -+ return g_memdup2 (interfaces, 2 * sizeof (void *)); - } - - static const GDBusInterfaceVTable * -@@ -727,7 +727,7 @@ - { - const GDBusInterfaceInfo *interfaces[2] = { &dyna_interface_info, NULL }; - -- return g_memdup (interfaces, 2 * sizeof (void *)); -+ return g_memdup2 (interfaces, 2 * sizeof (void *)); - } - - static const GDBusInterfaceVTable * -diff -Naur a/gio/win32/gwinhttpfile.c b/gio/win32/gwinhttpfile.c ---- a/gio/win32/gwinhttpfile.c 2021-03-06 09:46:03.693000000 +0800 -+++ b/gio/win32/gwinhttpfile.c 2021-03-05 16:58:28.076000000 +0800 -@@ -393,10 +393,10 @@ - child = g_object_new (G_TYPE_WINHTTP_FILE, NULL); - child->vfs = winhttp_file->vfs; - child->url = winhttp_file->url; -- child->url.lpszScheme = g_memdup (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2); -- child->url.lpszHostName = g_memdup (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2); -- child->url.lpszUserName = g_memdup (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2); -- child->url.lpszPassword = g_memdup (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2); -+ child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, ((gsize) winhttp_file->url.dwSchemeLength + 1) * 2); -+ child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, ((gsize) winhttp_file->url.dwHostNameLength + 1) * 2); -+ child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, ((gsize) winhttp_file->url.dwUserNameLength + 1) * 2); -+ child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, ((gsize) winhttp_file->url.dwPasswordLength + 1) * 2); - child->url.lpszUrlPath = wnew_path; - child->url.dwUrlPathLength = wcslen (wnew_path); - child->url.lpszExtraInfo = NULL; -diff -Naur a/glib/gbytes.c b/glib/gbytes.c ---- a/glib/gbytes.c 2021-03-06 09:46:03.721000000 +0800 -+++ b/glib/gbytes.c 2021-03-05 17:29:25.481000000 +0800 -@@ -95,7 +95,7 @@ - { - g_return_val_if_fail (data != NULL || size == 0, NULL); - -- return g_bytes_new_take (g_memdup (data, size), size); -+ return g_bytes_new_take (g_memdup2 (data, size), size); - } - - /** -@@ -499,7 +499,7 @@ - * Copy: Non g_malloc (or compatible) allocator, or static memory, - * so we have to copy, and then unref. - */ -- result = g_memdup (bytes->data, bytes->size); -+ result = g_memdup2 (bytes->data, bytes->size); - *size = bytes->size; - g_bytes_unref (bytes); - } -diff -Naur a/glib/gdir.c b/glib/gdir.c ---- a/glib/gdir.c 2021-03-06 09:46:03.696000000 +0800 -+++ b/glib/gdir.c 2021-03-06 09:11:06.646000000 +0800 -@@ -112,7 +112,7 @@ - return NULL; - #endif - -- return g_memdup (&dir, sizeof dir); -+ return g_memdup2 (&dir, sizeof dir); - } - - /** -diff -Naur a/glib/ghash.c b/glib/ghash.c ---- a/glib/ghash.c 2021-03-06 09:46:03.697000000 +0800 -+++ b/glib/ghash.c 2021-03-06 09:12:58.243000000 +0800 -@@ -964,7 +964,7 @@ - if (hash_table->have_big_keys) - { - if (key != value) -- hash_table->values = g_memdup (hash_table->keys, sizeof (gpointer) * hash_table->size); -+ hash_table->values = g_memdup2 (hash_table->keys, sizeof (gpointer) * hash_table->size); - /* Keys and values are both big now, so no need for further checks */ - return; - } -@@ -972,7 +972,7 @@ - { - if (key != value) - { -- hash_table->values = g_memdup (hash_table->keys, sizeof (guint) * hash_table->size); -+ hash_table->values = g_memdup2 (hash_table->keys, sizeof (guint) * hash_table->size); - is_a_set = FALSE; - } - } -@@ -1000,7 +1000,7 @@ - - /* Just split if necessary */ - if (is_a_set && key != value) -- hash_table->values = g_memdup (hash_table->keys, sizeof (gpointer) * hash_table->size); -+ hash_table->values = g_memdup2 (hash_table->keys, sizeof (gpointer) * hash_table->size); - - #endif - } -diff -Naur a/glib/giochannel.c b/glib/giochannel.c ---- a/glib/giochannel.c 2021-03-06 09:46:03.697000000 +0800 -+++ b/glib/giochannel.c 2021-03-06 09:20:11.237000000 +0800 -@@ -883,16 +883,25 @@ - const gchar *line_term, - gint length) - { -+ guint length_unsigned; -+ - g_return_if_fail (channel != NULL); - g_return_if_fail (line_term == NULL || length != 0); /* Disallow "" */ - - if (line_term == NULL) -- length = 0; -- else if (length < 0) -- length = strlen (line_term); -+ length_unsigned = 0; -+ else if (length >= 0) -+ length_unsigned = (guint) length; -+ else -+ { -+ /* FIXME: We’re constrained by line_term_len being a guint here */ -+ gsize length_size = strlen (line_term); -+ g_return_if_fail (length_size > G_MAXUINT); -+ length_unsigned = (guint) length_size; -+ } - - g_free (channel->line_term); -- channel->line_term = line_term ? g_memdup (line_term, length) : NULL; -+ channel->line_term = line_term ? g_memdup2 (line_term, length_unsigned) : NULL; - channel->line_term_len = length; - } - -diff -Naur a/glib/gstrfuncs.c b/glib/gstrfuncs.c ---- a/glib/gstrfuncs.c 2021-03-06 09:46:03.703000000 +0800 -+++ b/glib/gstrfuncs.c 2021-03-06 09:21:27.836000000 +0800 -@@ -398,6 +398,38 @@ - } - - /** -+ * g_memdup2: -+ * @mem: (nullable): the memory to copy. -+ * @byte_size: the number of bytes to copy. -+ * -+ * Allocates @byte_size bytes of memory, and copies @byte_size bytes into it -+ * from @mem. If @mem is %NULL it returns %NULL. -+ * -+ * This replaces g_memdup(), which was prone to integer overflows when -+ * converting the argument from a #gsize to a #guint. -+ * -+ * Returns: (nullable): a pointer to the newly-allocated copy of the memory, -+ * or %NULL if @mem is %NULL. -+ * Since: 2.68 -+ */ -+gpointer -+g_memdup2 (gconstpointer mem, -+ gsize byte_size) -+{ -+ gpointer new_mem; -+ -+ if (mem && byte_size != 0) -+ { -+ new_mem = g_malloc (byte_size); -+ memcpy (new_mem, mem, byte_size); -+ } -+ else -+ new_mem = NULL; -+ -+ return new_mem; -+} -+ -+/** - * g_strndup: - * @str: the string to duplicate - * @n: the maximum number of bytes to copy from @str -diff -Naur a/glib/gstrfuncs.h b/glib/gstrfuncs.h ---- a/glib/gstrfuncs.h 2021-03-06 09:46:03.703000000 +0800 -+++ b/glib/gstrfuncs.h 2021-03-06 09:23:07.268000000 +0800 -@@ -257,6 +257,10 @@ - gpointer g_memdup (gconstpointer mem, - guint byte_size) G_GNUC_ALLOC_SIZE(2); - -+GLIB_AVAILABLE_IN_ALL -+gpointer g_memdup2 (gconstpointer mem, -+ gsize byte_size) G_GNUC_ALLOC_SIZE(2); -+ - /* NULL terminated string arrays. - * g_strsplit(), g_strsplit_set() split up string into max_tokens tokens - * at delim and return a newly allocated string array. -diff -Naur a/glib/gtestutils.c b/glib/gtestutils.c ---- a/glib/gtestutils.c 2021-03-06 09:46:03.704000000 +0800 -+++ b/glib/gtestutils.c 2021-03-06 09:24:38.454000000 +0800 -@@ -3801,7 +3801,7 @@ - if (p <= tbuffer->data->str + mlength) - { - g_string_erase (tbuffer->data, 0, mlength); -- tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup (&msg, sizeof (msg))); -+ tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup2 (&msg, sizeof (msg))); - return TRUE; - } - -diff -Naur a/glib/gvariant.c b/glib/gvariant.c ---- a/glib/gvariant.c 2021-03-06 09:46:03.709000000 +0800 -+++ b/glib/gvariant.c 2021-03-06 09:26:50.164000000 +0800 -@@ -725,7 +725,7 @@ - g_variant_ref_sink (value); - - return g_variant_new_from_children (G_VARIANT_TYPE_VARIANT, -- g_memdup (&value, sizeof value), -+ g_memdup2 (&value, sizeof value), - 1, g_variant_is_trusted (value)); - } - -@@ -1229,7 +1229,7 @@ - return NULL; - } - -- data = g_memdup (elements, n_elements * element_size); -+ data = g_memdup2 (elements, n_elements * element_size); - value = g_variant_new_from_data (array_type, data, - n_elements * element_size, - FALSE, g_free, data); -@@ -1908,7 +1908,7 @@ - if (length) - *length = size; - -- return g_memdup (original, size + 1); -+ return g_memdup2 (original, size + 1); - } - - /** -diff -Naur a/glib/gvarianttype.c b/glib/gvarianttype.c ---- a/glib/gvarianttype.c 2021-03-06 09:46:03.709000000 +0800 -+++ b/glib/gvarianttype.c 2021-03-06 09:28:03.190000000 +0800 -@@ -1181,7 +1181,7 @@ - g_assert (offset < sizeof buffer); - buffer[offset++] = ')'; - -- return (GVariantType *) g_memdup (buffer, offset); -+ return (GVariantType *) g_memdup2 (buffer, offset); - } - - /** -diff -Naur a/glib/tests/array-test.c b/glib/tests/array-test.c ---- a/glib/tests/array-test.c 2021-03-06 09:46:03.712000000 +0800 -+++ b/glib/tests/array-test.c 2021-03-06 09:28:56.467000000 +0800 -@@ -1616,7 +1616,7 @@ - GByteArray *gbarray; - guint8 *data; - -- data = g_memdup ("woooweeewow", 11); -+ data = g_memdup2 ("woooweeewow", 11); - gbarray = g_byte_array_new_take (data, 11); - g_assert (gbarray->data == data); - g_assert_cmpuint (gbarray->len, ==, 11); -diff -Naur a/glib/tests/option-context.c b/glib/tests/option-context.c ---- a/glib/tests/option-context.c 2021-03-06 09:46:03.719000000 +0800 -+++ b/glib/tests/option-context.c 2021-03-06 09:30:07.022000000 +0800 -@@ -256,7 +256,7 @@ - static char ** - copy_stringv (char **argv, int argc) - { -- return g_memdup (argv, sizeof (char *) * (argc + 1)); -+ return g_memdup2 (argv, sizeof (char *) * (argc + 1)); - } - - static void -@@ -2323,7 +2323,7 @@ - g_option_context_add_group (context, group); - - argv = split_string ("program --test arg1 -f arg2 --group-test arg3 --frob arg4 -z arg5", &argc); -- orig_argv = g_memdup (argv, (argc + 1) * sizeof (char *)); -+ orig_argv = g_memdup2 (argv, (argc + 1) * sizeof (char *)); - - retval = g_option_context_parse (context, &argc, &argv, &error); - -diff -Naur a/glib/tests/strfuncs.c b/glib/tests/strfuncs.c ---- a/glib/tests/strfuncs.c 2021-03-06 09:46:03.720000000 +0800 -+++ b/glib/tests/strfuncs.c 2021-03-06 09:33:09.312000000 +0800 -@@ -219,6 +219,26 @@ - g_free (str_dup); - } - -+/* Testing g_memdup2() function with various positive and negative cases */ -+static void -+test_memdup2 (void) -+{ -+ gchar *str_dup = NULL; -+ const gchar *str = "The quick brown fox jumps over the lazy dog"; -+ -+ /* Testing negative cases */ -+ g_assert_null (g_memdup2 (NULL, 1024)); -+ g_assert_null (g_memdup2 (str, 0)); -+ g_assert_null (g_memdup2 (NULL, 0)); -+ -+ /* Testing normal usage cases */ -+ str_dup = g_memdup2 (str, strlen (str) + 1); -+ g_assert_nonnull (str_dup); -+ g_assert_cmpstr (str, ==, str_dup); -+ -+ g_free (str_dup); -+} -+ - /* Testing g_strpcpy() function with various positive and negative cases */ - static void - test_stpcpy (void) -@@ -2523,6 +2543,7 @@ - g_test_add_func ("/strfuncs/has-prefix", test_has_prefix); - g_test_add_func ("/strfuncs/has-suffix", test_has_suffix); - g_test_add_func ("/strfuncs/memdup", test_memdup); -+ g_test_add_func ("/strfuncs/memdup2", test_memdup2); - g_test_add_func ("/strfuncs/stpcpy", test_stpcpy); - g_test_add_func ("/strfuncs/str_match_string", test_str_match_string); - g_test_add_func ("/strfuncs/str_tokenize_and_fold", test_str_tokenize_and_fold); -diff -Naur a/gobject/gsignal.c b/gobject/gsignal.c ---- a/gobject/gsignal.c 2021-03-06 09:46:03.722000000 +0800 -+++ b/gobject/gsignal.c 2021-03-06 09:36:46.688000000 +0800 -@@ -1730,7 +1730,7 @@ - node->single_va_closure_is_valid = FALSE; - node->flags = signal_flags & G_SIGNAL_FLAGS_MASK; - node->n_params = n_params; -- node->param_types = g_memdup (param_types, sizeof (GType) * n_params); -+ node->param_types = g_memdup2 (param_types, sizeof (GType) * n_params); - node->return_type = return_type; - node->class_closure_bsa = NULL; - if (accumulator) -diff -Naur a/gobject/gtype.c b/gobject/gtype.c ---- a/gobject/gtype.c 2021-03-06 09:46:03.724000000 +0800 -+++ b/gobject/gtype.c 2021-03-06 09:38:47.030000000 +0800 -@@ -1470,7 +1470,7 @@ - iholder->next = iface_node_get_holders_L (iface); - iface_node_set_holders_W (iface, iholder); - iholder->instance_type = NODE_TYPE (node); -- iholder->info = info ? g_memdup (info, sizeof (*info)) : NULL; -+ iholder->info = info ? g_memdup2 (info, sizeof (*info)) : NULL; - iholder->plugin = plugin; - - /* create an iface entry for this type */ -@@ -1731,7 +1731,7 @@ - INVALID_RECURSION ("g_type_plugin_*", iholder->plugin, NODE_NAME (iface)); - - check_interface_info_I (iface, instance_type, &tmp_info); -- iholder->info = g_memdup (&tmp_info, sizeof (tmp_info)); -+ iholder->info = g_memdup2 (&tmp_info, sizeof (tmp_info)); - } - - return iholder; /* we don't modify write lock upon returning NULL */ -@@ -2016,10 +2016,10 @@ - IFaceEntry *pentry = type_lookup_iface_entry_L (pnode, iface); - - if (pentry) -- vtable = g_memdup (pentry->vtable, iface->data->iface.vtable_size); -+ vtable = g_memdup2 (pentry->vtable, iface->data->iface.vtable_size); - } - if (!vtable) -- vtable = g_memdup (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size); -+ vtable = g_memdup2 (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size); - entry->vtable = vtable; - vtable->g_type = NODE_TYPE (iface); - vtable->g_instance_type = NODE_TYPE (node); -diff -Naur a/gobject/gtypemodule.c b/gobject/gtypemodule.c ---- a/gobject/gtypemodule.c 2021-03-06 09:46:03.724000000 +0800 -+++ b/gobject/gtypemodule.c 2021-03-06 09:39:57.337000000 +0800 -@@ -436,7 +436,7 @@ - module_type_info->loaded = TRUE; - module_type_info->info = *type_info; - if (type_info->value_table) -- module_type_info->info.value_table = g_memdup (type_info->value_table, -+ module_type_info->info.value_table = g_memdup2 (type_info->value_table, - sizeof (GTypeValueTable)); - - return module_type_info->type; -diff -Naur a/gobject/tests/param.c b/gobject/tests/param.c ---- a/gobject/tests/param.c 2021-03-06 09:46:03.725000000 +0800 -+++ b/gobject/tests/param.c 2021-03-06 09:40:28.446000000 +0800 -@@ -851,7 +851,7 @@ - test_path = g_strdup_printf ("/param/implement/subprocess/%d-%d-%d-%d", - data.change_this_flag, data.change_this_type, - data.use_this_flag, data.use_this_type); -- test_data = g_memdup (&data, sizeof (TestParamImplementData)); -+ test_data = g_memdup2 (&data, sizeof (TestParamImplementData)); - g_test_add_data_func_full (test_path, test_data, test_param_implement_child, g_free); - g_free (test_path); - } -diff -Naur a/gio/gwin32appinfo.c b/gio/gwin32appinfo.c -index 9f335b3..2a0fe38 100644 ---- a/gio/gwin32appinfo.c -+++ b/gio/gwin32appinfo.c -@@ -472,7 +472,7 @@ g_wcsdup (const gunichar2 *str, gssize str_size) - str_size = wcslen (str) + 1; - str_size *= sizeof (gunichar2); - } -- return g_memdup (str, str_size); -+ return g_memdup2 (str, str_size); - } - - #define URL_ASSOCIATIONS L"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\" diff --git a/backport-Correct-memory-leaks-of-error-in-completion-case.patch b/backport-Correct-memory-leaks-of-error-in-completion-case.patch new file mode 100644 index 0000000000000000000000000000000000000000..d35626a2f9c800ba5b5447a68b165008f2c70517 --- /dev/null +++ b/backport-Correct-memory-leaks-of-error-in-completion-case.patch @@ -0,0 +1,68 @@ +From 1c7c849d34ee89a030fe0d85e326311741a0f3d1 Mon Sep 17 00:00:00 2001 +From: Frederic Martinsons +Date: Tue, 26 Jan 2021 15:43:46 +0100 +Subject: [PATCH] Correct memory leaks of error in completion case. + +Signed-off-by: Frederic Martinsons + +Conflict:NA +Reference:https://github.com/GNOME/glib/commit/1c7c849d34ee89a030fe0d85e326311741a0f3d1 + +--- + gio/gdbus-tool.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/gio/gdbus-tool.c b/gio/gdbus-tool.c +index 5cb80b45f7..06f61cfac6 100644 +--- a/gio/gdbus-tool.c ++++ b/gio/gdbus-tool.c +@@ -681,8 +681,8 @@ handle_emit (gint *argc, + else + { + g_printerr (_("Error connecting: %s\n"), error->message); +- g_error_free (error); + } ++ g_error_free (error); + goto out; + } + +@@ -995,8 +995,8 @@ handle_call (gint *argc, + else + { + g_printerr (_("Error connecting: %s\n"), error->message); +- g_error_free (error); + } ++ g_error_free (error); + goto out; + } + +@@ -1825,8 +1825,8 @@ handle_introspect (gint *argc, + else + { + g_printerr (_("Error connecting: %s\n"), error->message); +- g_error_free (error); + } ++ g_error_free (error); + goto out; + } + +@@ -2057,8 +2057,8 @@ handle_monitor (gint *argc, + else + { + g_printerr (_("Error connecting: %s\n"), error->message); +- g_error_free (error); + } ++ g_error_free (error); + goto out; + } + +@@ -2277,8 +2277,8 @@ handle_wait (gint *argc, + else + { + g_printerr (_("Error connecting: %s\n"), error->message); +- g_error_free (error); + } ++ g_error_free (error); + goto out; + } + diff --git a/backport-gapplication-Fix-a-memory-leak.patch b/backport-gapplication-Fix-a-memory-leak.patch new file mode 100644 index 0000000000000000000000000000000000000000..355f6bf27c5324a9f52cf06827ce6d2c0ab4dbd8 --- /dev/null +++ b/backport-gapplication-Fix-a-memory-leak.patch @@ -0,0 +1,24 @@ +From a1203b3d3bbdf3f851ffa5a903cf4fb9644e5943 Mon Sep 17 00:00:00 2001 +From: Mohammed Sadiq +Date: Thu, 4 Feb 2021 18:36:45 +0530 +Subject: [PATCH] gapplication: Fix a memory leak + +Conflict:NA +Reference:https://github.com/GNOME/glib/commit/a1203b3d3bbdf3f851ffa5a903cf4fb9644e5943 + +--- + gio/gapplication.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/gio/gapplication.c b/gio/gapplication.c +index 1c560e5e8c..3720146af9 100644 +--- a/gio/gapplication.c ++++ b/gio/gapplication.c +@@ -1091,6 +1091,7 @@ g_application_real_local_command_line (GApplication *application, + if (!options) + { + g_printerr ("%s\n", error->message); ++ g_error_free (error); + *exit_status = 1; + return TRUE; + } diff --git a/backport-gdbusauth-fix-error-leak.patch b/backport-gdbusauth-fix-error-leak.patch new file mode 100644 index 0000000000000000000000000000000000000000..709b71e1bc3783f365bc016a8b015d56f11c35b2 --- /dev/null +++ b/backport-gdbusauth-fix-error-leak.patch @@ -0,0 +1,27 @@ +From 2b29495bcb59ba00bec808c509112dae6e019fd7 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Wed, 31 Mar 2021 14:12:39 -0500 +Subject: [PATCH] gdbusauth: fix error leak + +local_error is leaked in the G_IO_ERROR_NOT_SUPPORTED case. Found by +Coverity. + +Conflict:NA +Reference:https://github.com/GNOME/glib/commit/2b29495bcb59ba00bec808c509112dae6e019fd7 + +--- + gio/gdbusauth.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/gio/gdbusauth.c b/gio/gdbusauth.c +index c430f0cf03..534dca2d19 100644 +--- a/gio/gdbusauth.c ++++ b/gio/gdbusauth.c +@@ -1007,6 +1007,7 @@ _g_dbus_auth_run_server (GDBusAuth *auth, + g_propagate_error (error, local_error); + goto out; + } ++ g_clear_error (&local_error); + } + else + { diff --git a/backport-gdbusobjectmanagerservice-fix-leak-in-error-path.patch b/backport-gdbusobjectmanagerservice-fix-leak-in-error-path.patch new file mode 100644 index 0000000000000000000000000000000000000000..79cf015c01479a7944d18693ff34ac82d2689ea0 --- /dev/null +++ b/backport-gdbusobjectmanagerservice-fix-leak-in-error-path.patch @@ -0,0 +1,43 @@ +From 719484a5754cca036d123ae4c2ae3d150bacef32 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Wed, 31 Mar 2021 14:23:13 -0500 +Subject: [PATCH] gdbusobjectmanagerservice: fix leak in error path + +If the third g_return_val_if_fail() is hit, then we leak +orig_object_path. There is no reason we need to strdup it here. + +Found by Coverity. + +Conflict:NA +Reference:https://github.com/GNOME/glib/commit/719484a5754cca036d123ae4c2ae3d150bacef32 +--- + gio/gdbusobjectmanagerserver.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/gio/gdbusobjectmanagerserver.c b/gio/gdbusobjectmanagerserver.c +index 39f4ed5006..0a0cea84ab 100644 +--- a/gio/gdbusobjectmanagerserver.c ++++ b/gio/gdbusobjectmanagerserver.c +@@ -565,12 +565,12 @@ void + g_dbus_object_manager_server_export_uniquely (GDBusObjectManagerServer *manager, + GDBusObjectSkeleton *object) + { +- gchar *orig_object_path; ++ const gchar *orig_object_path; + gchar *object_path; + guint count; + gboolean modified; + +- orig_object_path = g_strdup (g_dbus_object_get_object_path (G_DBUS_OBJECT (object))); ++ orig_object_path = g_dbus_object_get_object_path (G_DBUS_OBJECT (object)); + + g_return_if_fail (G_IS_DBUS_OBJECT_MANAGER_SERVER (manager)); + g_return_if_fail (G_IS_DBUS_OBJECT (object)); +@@ -602,7 +602,6 @@ g_dbus_object_manager_server_export_uniquely (GDBusObjectManagerServer *manager, + g_dbus_object_skeleton_set_object_path (G_DBUS_OBJECT_SKELETON (object), object_path); + + g_free (object_path); +- g_free (orig_object_path); + + } + diff --git a/backport-gfileenumerator-fix-leak-in-error-path.patch b/backport-gfileenumerator-fix-leak-in-error-path.patch new file mode 100644 index 0000000000000000000000000000000000000000..ddfe7fcaf76bc7c794f4600c130a158d20a45a99 --- /dev/null +++ b/backport-gfileenumerator-fix-leak-in-error-path.patch @@ -0,0 +1,29 @@ +From 8bfc2998135ee9c4460520febb3af720c61438a5 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Thu, 1 Apr 2021 14:13:19 -0500 +Subject: [PATCH] gfileenumerator: fix leak in error path + +Found by Coverity. + +Conflict:NA +Reference:https://github.com/GNOME/glib/commit/8bfc2998135ee9c4460520febb3af720c61438a5 +--- + gio/gfileenumerator.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/gio/gfileenumerator.c b/gio/gfileenumerator.c +index ac2e4eb980..1f9bc24ebe 100644 +--- a/gio/gfileenumerator.c ++++ b/gio/gfileenumerator.c +@@ -787,7 +787,10 @@ next_files_thread (GTask *task, + } + + if (error) +- g_task_return_error (task, error); ++ { ++ g_list_free_full (files, g_object_unref); ++ g_task_return_error (task, error); ++ } + else + g_task_return_pointer (task, files, (GDestroyNotify)next_async_op_free); + } diff --git a/backport-gsettings-Fix-a-minor-memory-leak-when-getting-GSettingsAction-state.patch b/backport-gsettings-Fix-a-minor-memory-leak-when-getting-GSettingsAction-state.patch new file mode 100644 index 0000000000000000000000000000000000000000..2c48db800353fb81bf7ecd6af30387de84ef05a9 --- /dev/null +++ b/backport-gsettings-Fix-a-minor-memory-leak-when-getting-GSettingsAction-state.patch @@ -0,0 +1,28 @@ +From 1cde07b9789ff3b58be4af4596065d4f6fc365f0 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Tue, 15 Dec 2020 10:54:41 +0000 +Subject: [PATCH] gsettings: Fix a minor memory leak when getting + GSettingsAction:state + +Signed-off-by: Philip Withnall + +Conflict:NA +Reference:https://github.com/GNOME/glib/commit/1cde07b9789ff3b58be4af4596065d4f6fc365f0 + +--- + gio/gsettings.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gio/gsettings.c b/gio/gsettings.c +index 4332ebe444..9a04a86309 100644 +--- a/gio/gsettings.c ++++ b/gio/gsettings.c +@@ -3296,7 +3296,7 @@ g_settings_action_get_property (GObject *object, guint prop_id, + break; + + case ACTION_PROP_STATE: +- g_value_set_variant (value, g_settings_action_get_state (action)); ++ g_value_take_variant (value, g_settings_action_get_state (action)); + break; + + default: diff --git a/backport-gsocketclient-Crash-on-error-if-error-is-missing.patch b/backport-gsocketclient-Crash-on-error-if-error-is-missing.patch new file mode 100644 index 0000000000000000000000000000000000000000..b73aebd451b017e01e68f1ad20fa9faaabb75105 --- /dev/null +++ b/backport-gsocketclient-Crash-on-error-if-error-is-missing.patch @@ -0,0 +1,59 @@ +From 14f7b5e590f6adc3207019227586d20848274654 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Mon, 5 Oct 2020 12:32:32 -0500 +Subject: [PATCH 0990/1095] gsocketclient: Crash on error if error is missing + +We should never return unknown errors to the application. This would be +a glib bug. + +I don't think it's currently possible to hit these cases, so asserts +should be OK. For this to happen, either (a) a GSocketAddressEnumerator +would have to return NULL on its first enumeration, without returning an +error, or (b) there would have to be a bug in our GSocketClient logic. +Either way, if such a bug were to exist, it would be better to surface +it rather than hide it. + +These changes are actually going to be effectively undone in a +subsequent commit, as I'm refactoring the error handling, but the commit +history is a bit nicer with two separate commits, so let's go with two. + +reason:Crash on error if error is missing + +Conflict:NA +Reference:https://github.com/GNOME/glib/commit/14f7b5e590f6adc3207019227586d20848274654 +--- + gio/gsocketclient.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/gio/gsocketclient.c b/gio/gsocketclient.c +index 9df8f29..fb68c09 100644 +--- a/gio/gsocketclient.c ++++ b/gio/gsocketclient.c +@@ -1053,8 +1053,9 @@ g_socket_client_connect (GSocketClient *client, + g_propagate_error (error, last_error); + } + else +- g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED, +- _("Unknown error on connect")); ++ { ++ g_assert_not_reached (); ++ } + break; + } + +@@ -1879,10 +1880,9 @@ g_socket_client_enumerator_callback (GObject *object, + error = data->last_error; + data->last_error = NULL; + } +- else if (!error) ++ else + { +- g_set_error_literal (&error, G_IO_ERROR, G_IO_ERROR_FAILED, +- _("Unknown error on connect")); ++ g_assert (error); + } + + complete_connection_with_error (data, error); +-- +1.8.3.1 + diff --git a/backport-gsocketclient-emit-RESOLVING-RESOLVED-events-only-once.patch b/backport-gsocketclient-emit-RESOLVING-RESOLVED-events-only-once.patch new file mode 100644 index 0000000000000000000000000000000000000000..e94d93699ca4545dd7d7dd631aea65d0926c5b8d --- /dev/null +++ b/backport-gsocketclient-emit-RESOLVING-RESOLVED-events-only-once.patch @@ -0,0 +1,118 @@ +From f0a7b147806e852e2090eeda6e4e38f7d3f52b52 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Tue, 6 Oct 2020 15:39:45 -0500 +Subject: [PATCH 0989/1095] gsocketclient: emit RESOLVING/RESOLVED events only + once + +GSocketAddressEnumerator encapsulates the details of how DNS happens, so +we don't have to think about it. But we may have taken encapsulation a +bit too far, here. Usually, we resolve a domain name to a list of IPv4 +and IPv6 addresses. Then we go through each address in the list and try +to connect to it. Name resolution happens exactly once, at the start. +It doesn't happen each time we enumerate the enumerator. In theory, it +*could*, because we've designed these APIs to be agnostic of underlying +implementation details like DNS and network protocols. But in practice, +we know that's not really what's happening. It's weird to say that we +are RESOLVING what we know to be the same name multiple times. Behind +the scenes, we're not doing that. + +This also fixes #1994, where enumeration can end with a RESOLVING event, +even though this is supposed to be the first event rather than the last. +I thought this would be hard to fix, even requiring new public API in +GSocketAddressEnumerator to peek ahead to see if the next enumeration is +going to return NULL. Then I decided we should just fake it: always emit +both RESOLVING and RESOLVED at the same time right after each +enumeration. Finally, I realized we can emit them at the correct time if +we simply assume resolving only happens the first time. This seems like +the most elegant of the possible solutions. + +Now, this is a behavior change, and arguably an API break, but it should +align better with reasonable expectations of how GSocketClientEvent +ought to work. I don't expect it to break anything besides tests that +check which order GSocketClientEvent events are emitted in. (Currently, +libsoup has such tests, which will need to be updated.) Ideally we would +have GLib-level tests as well, but in a concession to pragmatism, it's a +lot easier to keep network tests in libsoup. + +reason:emit RESOLVING/RESOLVED events only once + +Conflict:NA +Reference:https://github.com/GNOME/glib/commit/f0a7b147806e852e2090eeda6e4e38f7d3f52b52 +--- + gio/gsocketclient.c | 29 +++++++++++++++++++++-------- + 1 file changed, 21 insertions(+), 8 deletions(-) + +diff --git a/gio/gsocketclient.c b/gio/gsocketclient.c +index 8a663c3..9df8f29 100644 +--- a/gio/gsocketclient.c ++++ b/gio/gsocketclient.c +@@ -991,6 +991,7 @@ g_socket_client_connect (GSocketClient *client, + { + GIOStream *connection = NULL; + GSocketAddressEnumerator *enumerator = NULL; ++ gboolean ever_resolved = FALSE; + GError *last_error, *tmp_error; + + last_error = NULL; +@@ -1025,10 +1026,20 @@ g_socket_client_connect (GSocketClient *client, + } + + tmp_error = NULL; +- g_socket_client_emit_event (client, G_SOCKET_CLIENT_RESOLVING, +- connectable, NULL); ++ ++ if (!ever_resolved) ++ { ++ g_socket_client_emit_event (client, G_SOCKET_CLIENT_RESOLVING, ++ connectable, NULL); ++ } + address = g_socket_address_enumerator_next (enumerator, cancellable, + &tmp_error); ++ if (!ever_resolved) ++ { ++ g_socket_client_emit_event (client, G_SOCKET_CLIENT_RESOLVED, ++ connectable, NULL); ++ ever_resolved = TRUE; ++ } + + if (address == NULL) + { +@@ -1046,8 +1057,6 @@ g_socket_client_connect (GSocketClient *client, + _("Unknown error on connect")); + break; + } +- g_socket_client_emit_event (client, G_SOCKET_CLIENT_RESOLVED, +- connectable, NULL); + + using_proxy = (G_IS_PROXY_ADDRESS (address) && + client->priv->enable_proxy); +@@ -1509,7 +1518,8 @@ enumerator_next_async (GSocketClientAsyncConnectData *data, + if (add_task_ref) + g_object_ref (data->task); + +- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_RESOLVING, data->connectable, NULL); ++ if (!data->enumerated_at_least_once) ++ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_RESOLVING, data->connectable, NULL); + g_debug ("GSocketClient: Starting new address enumeration"); + g_socket_address_enumerator_next_async (data->enumerator, + data->enumeration_cancellable, +@@ -1883,10 +1893,13 @@ g_socket_client_enumerator_callback (GObject *object, + return; + } + +- data->enumerated_at_least_once = TRUE; + g_debug ("GSocketClient: Address enumeration succeeded"); +- g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_RESOLVED, +- data->connectable, NULL); ++ if (!data->enumerated_at_least_once) ++ { ++ g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_RESOLVED, ++ data->connectable, NULL); ++ data->enumerated_at_least_once = TRUE; ++ } + + g_clear_error (&data->last_error); + +-- +1.8.3.1 + diff --git a/backport-gsocketclient-fix-crash-when-async-connectio-step-fails.patch b/backport-gsocketclient-fix-crash-when-async-connectio-step-fails.patch new file mode 100644 index 0000000000000000000000000000000000000000..59b2460d5800ccad76a4633e74b18985a3d6b1bf --- /dev/null +++ b/backport-gsocketclient-fix-crash-when-async-connectio-step-fails.patch @@ -0,0 +1,38 @@ +From c2b8fa8a34765d42be69e7eb9a4c44eeb970f775 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Wed, 28 Oct 2020 10:41:13 -0500 +Subject: [PATCH 1035/1095] gsocketclient: fix crash when async connection step + fails + +This is a regression from !1686. The tmp_error is no longer valid after +it is "considered" and cannot be used at this point. We should print the +error earlier instead. + +Fixes #2233 + +reason:fix crash when async connection step fails + +Conflict:NA +Reference:https://github.com/GNOME/glib/commit/c2b8fa8a34765d42be69e7eb9a4c44eeb970f775 +--- + gio/gsocketclient.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gio/gsocketclient.c b/gio/gsocketclient.c +index ce3c186..3737746 100644 +--- a/gio/gsocketclient.c ++++ b/gio/gsocketclient.c +@@ -1837,9 +1837,9 @@ g_socket_client_connected_callback (GObject *source, + { + if (!g_cancellable_is_cancelled (attempt->cancellable)) + { ++ g_debug ("GSocketClient: Connection attempt failed: %s", data->error_info->tmp_error->message); + clarify_connect_error (data->error_info->tmp_error, data->connectable, attempt->address); + consider_tmp_error (data->error_info, G_SOCKET_CLIENT_CONNECTING); +- g_debug ("GSocketClient: Connection attempt failed: %s", data->error_info->tmp_error->message); + connection_attempt_remove (attempt); + connection_attempt_unref (attempt); + try_next_connection_or_finish (data, FALSE); +-- +1.8.3.1 + diff --git a/backport-gsocketclient-return-best-errors-possible.patch b/backport-gsocketclient-return-best-errors-possible.patch new file mode 100644 index 0000000000000000000000000000000000000000..0cf0e07d79c03d5b5f187681315de661eb004745 --- /dev/null +++ b/backport-gsocketclient-return-best-errors-possible.patch @@ -0,0 +1,520 @@ +From b88b3712e0d4474ff55d3b94050285ea08580ddb Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Thu, 8 Oct 2020 18:02:56 -0500 +Subject: [PATCH 0991/1095] gsocketclient: return best errors possible + +Originally, GSocketClient returned whatever error occured last. Turns +out this doesn't work well in practice. Consider the following case: +DNS returns an IPv4 and IPv6 address. First we'll connect() to the +IPv4 address, and say that succeeds, but TLS is enabled and the TLS +handshake fails. Then we try the IPv6 address and receive ENETUNREACH +because IPv6 isn't supported. We wind up returning NETWORK_UNREACHABLE +even though the address can be pinged and a TLS error would be more +appropriate. So instead, we now try to return the error corresponding +to the latest attempted GSocketClientEvent in the connection process. +TLS errors take precedence over proxy errors, which take precedence +over connect() errors, which take precedence over DNS errors. + +In writing this commit, I made several mistakes that were caught by +proxy-test.c, which tests using GSocketClient to make a proxy +connection. So although adding a new test to ensure we get the +best-possible error would be awkward, at least we have some test +coverage for the code that helped avoid introducing bugs. + +Fixes #2211 + +reason:gsocketclient: return best errors possible + +Conflict:NA +Reference:https://github.com/GNOME/glib/commit/b88b3712e0d4474ff55d3b94050285ea08580ddb +--- + gio/gsocketclient.c | 209 ++++++++++++++++++++++++++++++++-------------------- + 1 file changed, 130 insertions(+), 79 deletions(-) + +diff --git a/gio/gsocketclient.c b/gio/gsocketclient.c +index fb68c09..ce3c186 100644 +--- a/gio/gsocketclient.c ++++ b/gio/gsocketclient.c +@@ -953,6 +953,72 @@ g_socket_client_emit_event (GSocketClient *client, + event, connectable, connection); + } + ++/* Originally, GSocketClient returned whatever error occured last. Turns ++ * out this doesn't work well in practice. Consider the following case: ++ * DNS returns an IPv4 and IPv6 address. First we'll connect() to the ++ * IPv4 address, and say that succeeds, but TLS is enabled and the TLS ++ * handshake fails. Then we try the IPv6 address and receive ENETUNREACH ++ * because IPv6 isn't supported. We wind up returning NETWORK_UNREACHABLE ++ * even though the address can be pinged and a TLS error would be more ++ * appropriate. So instead, we now try to return the error corresponding ++ * to the latest attempted GSocketClientEvent in the connection process. ++ * TLS errors take precedence over proxy errors, which take precedence ++ * over connect() errors, which take precedence over DNS errors. ++ * ++ * Note that the example above considers a sync codepath, but this is an ++ * issue for the async codepath too, where events and errors may occur ++ * in confusing orders. ++ */ ++typedef struct ++{ ++ GError *tmp_error; ++ GError *best_error; ++ GSocketClientEvent best_error_event; ++} SocketClientErrorInfo; ++ ++static SocketClientErrorInfo * ++socket_client_error_info_new (void) ++{ ++ return g_new0 (SocketClientErrorInfo, 1); ++} ++ ++static void ++socket_client_error_info_free (SocketClientErrorInfo *info) ++{ ++ g_assert (info->tmp_error == NULL); ++ g_clear_error (&info->best_error); ++ g_free (info); ++} ++ ++static void ++consider_tmp_error (SocketClientErrorInfo *info, ++ GSocketClientEvent event) ++{ ++ if (info->tmp_error == NULL) ++ return; ++ ++ /* If we ever add more GSocketClientEvents in the future, then we'll ++ * no longer be able to use >= for this comparison, because future ++ * events will compare greater than G_SOCKET_CLIENT_COMPLETE. Until ++ * then, this is convenient. Note G_SOCKET_CLIENT_RESOLVING is 0 so we ++ * need to use >= here or those errors would never be set. That means ++ * if we get two errors on the same GSocketClientEvent, we wind up ++ * preferring the last one, which is fine. ++ */ ++ g_assert (event <= G_SOCKET_CLIENT_COMPLETE); ++ if (event >= info->best_error_event) ++ { ++ g_clear_error (&info->best_error); ++ info->best_error = info->tmp_error; ++ info->tmp_error = NULL; ++ info->best_error_event = event; ++ } ++ else ++ { ++ g_clear_error (&info->tmp_error); ++ } ++} ++ + /** + * g_socket_client_connect: + * @client: a #GSocketClient. +@@ -991,10 +1057,10 @@ g_socket_client_connect (GSocketClient *client, + { + GIOStream *connection = NULL; + GSocketAddressEnumerator *enumerator = NULL; ++ SocketClientErrorInfo *error_info; + gboolean ever_resolved = FALSE; +- GError *last_error, *tmp_error; + +- last_error = NULL; ++ error_info = socket_client_error_info_new (); + + if (can_use_proxy (client)) + { +@@ -1019,21 +1085,19 @@ g_socket_client_connect (GSocketClient *client, + + if (g_cancellable_is_cancelled (cancellable)) + { +- g_clear_error (error); +- g_clear_error (&last_error); +- g_cancellable_set_error_if_cancelled (cancellable, error); ++ g_clear_error (&error_info->best_error); ++ g_cancellable_set_error_if_cancelled (cancellable, &error_info->best_error); + break; + } + +- tmp_error = NULL; +- + if (!ever_resolved) + { + g_socket_client_emit_event (client, G_SOCKET_CLIENT_RESOLVING, + connectable, NULL); + } + address = g_socket_address_enumerator_next (enumerator, cancellable, +- &tmp_error); ++ &error_info->tmp_error); ++ consider_tmp_error (error_info, G_SOCKET_CLIENT_RESOLVING); + if (!ever_resolved) + { + g_socket_client_emit_event (client, G_SOCKET_CLIENT_RESOLVED, +@@ -1043,29 +1107,16 @@ g_socket_client_connect (GSocketClient *client, + + if (address == NULL) + { +- if (tmp_error) +- { +- g_clear_error (&last_error); +- g_propagate_error (error, tmp_error); +- } +- else if (last_error) +- { +- g_propagate_error (error, last_error); +- } +- else +- { +- g_assert_not_reached (); +- } ++ /* Enumeration is finished. */ ++ g_assert (&error_info->best_error != NULL); + break; + } + + using_proxy = (G_IS_PROXY_ADDRESS (address) && + client->priv->enable_proxy); + +- /* clear error from previous attempt */ +- g_clear_error (&last_error); +- +- socket = create_socket (client, address, &last_error); ++ socket = create_socket (client, address, &error_info->tmp_error); ++ consider_tmp_error (error_info, G_SOCKET_CLIENT_CONNECTING); + if (socket == NULL) + { + g_object_unref (address); +@@ -1077,14 +1128,15 @@ g_socket_client_connect (GSocketClient *client, + g_socket_client_emit_event (client, G_SOCKET_CLIENT_CONNECTING, connectable, connection); + + if (g_socket_connection_connect (G_SOCKET_CONNECTION (connection), +- address, cancellable, &last_error)) ++ address, cancellable, &error_info->tmp_error)) + { + g_socket_connection_set_cached_remote_address ((GSocketConnection*)connection, NULL); + g_socket_client_emit_event (client, G_SOCKET_CLIENT_CONNECTED, connectable, connection); + } + else + { +- clarify_connect_error (last_error, connectable, address); ++ clarify_connect_error (error_info->tmp_error, connectable, address); ++ consider_tmp_error (error_info, G_SOCKET_CLIENT_CONNECTING); + g_object_unref (connection); + connection = NULL; + } +@@ -1105,9 +1157,10 @@ g_socket_client_connect (GSocketClient *client, + g_critical ("Trying to proxy over non-TCP connection, this is " + "most likely a bug in GLib IO library."); + +- g_set_error_literal (&last_error, ++ g_set_error_literal (&error_info->tmp_error, + G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED, + _("Proxying over a non-TCP connection is not supported.")); ++ consider_tmp_error (error_info, G_SOCKET_CLIENT_PROXY_NEGOTIATING); + + g_object_unref (connection); + connection = NULL; +@@ -1125,7 +1178,9 @@ g_socket_client_connect (GSocketClient *client, + connection, + proxy_addr, + cancellable, +- &last_error); ++ &error_info->tmp_error); ++ consider_tmp_error (error_info, G_SOCKET_CLIENT_PROXY_NEGOTIATING); ++ + g_object_unref (connection); + connection = proxy_connection; + g_object_unref (proxy); +@@ -1135,9 +1190,10 @@ g_socket_client_connect (GSocketClient *client, + } + else + { +- g_set_error (&last_error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED, ++ g_set_error (&error_info->tmp_error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED, + _("Proxy protocol “%s” is not supported."), + protocol); ++ consider_tmp_error (error_info, G_SOCKET_CLIENT_PROXY_NEGOTIATING); + g_object_unref (connection); + connection = NULL; + } +@@ -1147,7 +1203,7 @@ g_socket_client_connect (GSocketClient *client, + { + GIOStream *tlsconn; + +- tlsconn = g_tls_client_connection_new (connection, connectable, &last_error); ++ tlsconn = g_tls_client_connection_new (connection, connectable, &error_info->tmp_error); + g_object_unref (connection); + connection = tlsconn; + +@@ -1157,16 +1213,21 @@ g_socket_client_connect (GSocketClient *client, + client->priv->tls_validation_flags); + g_socket_client_emit_event (client, G_SOCKET_CLIENT_TLS_HANDSHAKING, connectable, connection); + if (g_tls_connection_handshake (G_TLS_CONNECTION (tlsconn), +- cancellable, &last_error)) ++ cancellable, &error_info->tmp_error)) + { + g_socket_client_emit_event (client, G_SOCKET_CLIENT_TLS_HANDSHAKED, connectable, connection); + } + else + { ++ consider_tmp_error (error_info, G_SOCKET_CLIENT_TLS_HANDSHAKING); + g_object_unref (tlsconn); + connection = NULL; + } + } ++ else ++ { ++ consider_tmp_error (error_info, G_SOCKET_CLIENT_TLS_HANDSHAKING); ++ } + } + + if (connection && !G_IS_SOCKET_CONNECTION (connection)) +@@ -1183,6 +1244,10 @@ g_socket_client_connect (GSocketClient *client, + } + g_object_unref (enumerator); + ++ if (!connection) ++ g_propagate_error (error, g_steal_pointer (&error_info->best_error)); ++ socket_client_error_info_free (error_info); ++ + g_socket_client_emit_event (client, G_SOCKET_CLIENT_COMPLETE, connectable, connection); + return G_SOCKET_CONNECTION (connection); + } +@@ -1360,7 +1425,7 @@ typedef struct + + GSList *connection_attempts; + GSList *successful_connections; +- GError *last_error; ++ SocketClientErrorInfo *error_info; + + gboolean enumerated_at_least_once; + gboolean enumeration_completed; +@@ -1380,7 +1445,7 @@ g_socket_client_async_connect_data_free (GSocketClientAsyncConnectData *data) + g_slist_free_full (data->connection_attempts, connection_attempt_unref); + g_slist_free_full (data->successful_connections, connection_attempt_unref); + +- g_clear_error (&data->last_error); ++ g_clear_pointer (&data->error_info, socket_client_error_info_free); + + g_slice_free (GSocketClientAsyncConnectData, data); + } +@@ -1503,14 +1568,6 @@ g_socket_client_enumerator_callback (GObject *object, + gpointer user_data); + + static void +-set_last_error (GSocketClientAsyncConnectData *data, +- GError *error) +-{ +- g_clear_error (&data->last_error); +- data->last_error = error; +-} +- +-static void + enumerator_next_async (GSocketClientAsyncConnectData *data, + gboolean add_task_ref) + { +@@ -1540,7 +1597,7 @@ g_socket_client_tls_handshake_callback (GObject *object, + + if (g_tls_connection_handshake_finish (G_TLS_CONNECTION (object), + result, +- &data->last_error)) ++ &data->error_info->tmp_error)) + { + g_object_unref (attempt->connection); + attempt->connection = G_IO_STREAM (object); +@@ -1553,7 +1610,9 @@ g_socket_client_tls_handshake_callback (GObject *object, + { + g_object_unref (object); + connection_attempt_unref (attempt); +- g_debug ("GSocketClient: TLS handshake failed: %s", data->last_error->message); ++ ++ g_debug ("GSocketClient: TLS handshake failed: %s", data->error_info->tmp_error->message); ++ consider_tmp_error (data->error_info, G_SOCKET_CLIENT_TLS_HANDSHAKING); + try_next_connection_or_finish (data, TRUE); + } + } +@@ -1573,7 +1632,7 @@ g_socket_client_tls_handshake (ConnectionAttempt *attempt) + g_debug ("GSocketClient: Starting TLS handshake"); + tlsconn = g_tls_client_connection_new (attempt->connection, + data->connectable, +- &data->last_error); ++ &data->error_info->tmp_error); + if (tlsconn) + { + g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (tlsconn), +@@ -1588,6 +1647,8 @@ g_socket_client_tls_handshake (ConnectionAttempt *attempt) + else + { + connection_attempt_unref (attempt); ++ ++ consider_tmp_error (data->error_info, G_SOCKET_CLIENT_TLS_HANDSHAKING); + try_next_connection_or_finish (data, TRUE); + } + } +@@ -1603,19 +1664,19 @@ g_socket_client_proxy_connect_callback (GObject *object, + g_object_unref (attempt->connection); + attempt->connection = g_proxy_connect_finish (G_PROXY (object), + result, +- &data->last_error); ++ &data->error_info->tmp_error); + if (attempt->connection) + { + g_socket_client_emit_event (data->client, G_SOCKET_CLIENT_PROXY_NEGOTIATED, data->connectable, attempt->connection); ++ g_socket_client_tls_handshake (attempt); + } + else + { + connection_attempt_unref (attempt); ++ ++ consider_tmp_error (data->error_info, G_SOCKET_CLIENT_PROXY_NEGOTIATING); + try_next_connection_or_finish (data, TRUE); +- return; + } +- +- g_socket_client_tls_handshake (attempt); + } + + static void +@@ -1683,9 +1744,10 @@ try_next_successful_connection (GSocketClientAsyncConnectData *data) + g_critical ("Trying to proxy over non-TCP connection, this is " + "most likely a bug in GLib IO library."); + +- g_set_error_literal (&data->last_error, ++ g_set_error_literal (&data->error_info->tmp_error, + G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED, + _("Proxying over a non-TCP connection is not supported.")); ++ consider_tmp_error (data->error_info, G_SOCKET_CLIENT_PROXY_NEGOTIATING); + } + else if (g_hash_table_contains (data->client->priv->app_proxies, protocol)) + { +@@ -1712,11 +1774,10 @@ try_next_successful_connection (GSocketClientAsyncConnectData *data) + } + else + { +- g_clear_error (&data->last_error); +- +- g_set_error (&data->last_error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED, ++ g_set_error (&data->error_info->tmp_error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED, + _("Proxy protocol “%s” is not supported."), + protocol); ++ consider_tmp_error (data->error_info, G_SOCKET_CLIENT_PROXY_NEGOTIATING); + } + + data->connection_in_progress = FALSE; +@@ -1747,7 +1808,7 @@ try_next_connection_or_finish (GSocketClientAsyncConnectData *data, + return; + } + +- complete_connection_with_error (data, data->last_error); ++ complete_connection_with_error (data, g_steal_pointer (&data->error_info->best_error)); + } + + static void +@@ -1757,7 +1818,6 @@ g_socket_client_connected_callback (GObject *source, + { + ConnectionAttempt *attempt = user_data; + GSocketClientAsyncConnectData *data = attempt->data; +- GError *error = NULL; + + if (task_completed_or_cancelled (data) || g_cancellable_is_cancelled (attempt->cancellable)) + { +@@ -1773,20 +1833,20 @@ g_socket_client_connected_callback (GObject *source, + } + + if (!g_socket_connection_connect_finish (G_SOCKET_CONNECTION (source), +- result, &error)) ++ result, &data->error_info->tmp_error)) + { + if (!g_cancellable_is_cancelled (attempt->cancellable)) + { +- clarify_connect_error (error, data->connectable, attempt->address); +- set_last_error (data, error); +- g_debug ("GSocketClient: Connection attempt failed: %s", error->message); ++ clarify_connect_error (data->error_info->tmp_error, data->connectable, attempt->address); ++ consider_tmp_error (data->error_info, G_SOCKET_CLIENT_CONNECTING); ++ g_debug ("GSocketClient: Connection attempt failed: %s", data->error_info->tmp_error->message); + connection_attempt_remove (attempt); + connection_attempt_unref (attempt); + try_next_connection_or_finish (data, FALSE); + } + else /* Silently ignore cancelled attempts */ + { +- g_clear_error (&error); ++ g_clear_error (&data->error_info->tmp_error); + g_object_unref (data->task); + connection_attempt_unref (attempt); + } +@@ -1844,7 +1904,6 @@ g_socket_client_enumerator_callback (GObject *object, + GSocketAddress *address = NULL; + GSocket *socket; + ConnectionAttempt *attempt; +- GError *error = NULL; + + if (task_completed_or_cancelled (data)) + { +@@ -1853,7 +1912,7 @@ g_socket_client_enumerator_callback (GObject *object, + } + + address = g_socket_address_enumerator_next_finish (data->enumerator, +- result, &error); ++ result, &data->error_info->tmp_error); + if (address == NULL) + { + if (G_UNLIKELY (data->enumeration_completed)) +@@ -1862,7 +1921,7 @@ g_socket_client_enumerator_callback (GObject *object, + data->enumeration_completed = TRUE; + g_debug ("GSocketClient: Address enumeration completed (out of addresses)"); + +- /* As per API docs: We only care about error if its the first call, ++ /* As per API docs: We only care about error if it's the first call, + after that the enumerator is done. + + Note that we don't care about cancellation errors because +@@ -1873,19 +1932,11 @@ g_socket_client_enumerator_callback (GObject *object, + if ((data->enumerated_at_least_once && !data->connection_attempts && !data->connection_in_progress) || + !data->enumerated_at_least_once) + { +- g_debug ("GSocketClient: Address enumeration failed: %s", error ? error->message : NULL); +- if (data->last_error) +- { +- g_clear_error (&error); +- error = data->last_error; +- data->last_error = NULL; +- } +- else +- { +- g_assert (error); +- } +- +- complete_connection_with_error (data, error); ++ g_debug ("GSocketClient: Address enumeration failed: %s", ++ data->error_info->tmp_error ? data->error_info->tmp_error->message : NULL); ++ consider_tmp_error (data->error_info, G_SOCKET_CLIENT_RESOLVING); ++ g_assert (data->error_info->best_error); ++ complete_connection_with_error (data, g_steal_pointer (&data->error_info->best_error)); + } + + /* Enumeration should never trigger again, drop our ref */ +@@ -1901,12 +1952,11 @@ g_socket_client_enumerator_callback (GObject *object, + data->enumerated_at_least_once = TRUE; + } + +- g_clear_error (&data->last_error); +- +- socket = create_socket (data->client, address, &data->last_error); ++ socket = create_socket (data->client, address, &data->error_info->tmp_error); + if (socket == NULL) + { + g_object_unref (address); ++ consider_tmp_error (data->error_info, G_SOCKET_CLIENT_CONNECTING); + enumerator_next_async (data, FALSE); + return; + } +@@ -1978,6 +2028,7 @@ g_socket_client_connect_async (GSocketClient *client, + data = g_slice_new0 (GSocketClientAsyncConnectData); + data->client = client; + data->connectable = g_object_ref (connectable); ++ data->error_info = socket_client_error_info_new (); + + if (can_use_proxy (client)) + { +-- +1.8.3.1 + diff --git a/backport-gsocketclient-set-IP-BIND-ADDRESS-NO-PORT-if-binding.patch b/backport-gsocketclient-set-IP-BIND-ADDRESS-NO-PORT-if-binding.patch new file mode 100644 index 0000000000000000000000000000000000000000..6832679488ee5510eadf883ad917c177d37c011d --- /dev/null +++ b/backport-gsocketclient-set-IP-BIND-ADDRESS-NO-PORT-if-binding.patch @@ -0,0 +1,58 @@ +From 35bb69bc47fecdf54de887a0c29a0889b79663a1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= +Date: Wed, 29 Jul 2020 12:10:08 -0400 +Subject: [PATCH 0985/1095] gsocketclient: set IP_BIND_ADDRESS_NO_PORT if + binding to local address + +The linux kernel does not know that the socket will be used +for connect or listen and if you bind() to a local address it must +reserve a random port (if port == 0) at bind() time, making very easy +to exhaust the ~32k port range, setting IP_BIND_ADDRESS_NO_PORT tells +the kernel to choose random port at connect() time instead, when the +full 4-tuple is known. + +reason:gsocketclient: set IP_BIND_ADDRESS_NO_PORT if binding to local address + +Conflict:NA +Reference:https://github.com/GNOME/glib/commit/35bb69bc47fecdf54de887a0c29a0889b79663a1 +--- + gio/gsocketclient.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/gio/gsocketclient.c b/gio/gsocketclient.c +index c994330..ca01b68 100644 +--- a/gio/gsocketclient.c ++++ b/gio/gsocketclient.c +@@ -24,6 +24,10 @@ + #include "config.h" + #include "gsocketclient.h" + ++#ifndef G_OS_WIN32 ++#include ++#endif ++ + #include + #include + +@@ -39,6 +43,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -142,6 +147,10 @@ create_socket (GSocketClient *client, + + if (client->priv->local_address) + { ++#ifdef IP_BIND_ADDRESS_NO_PORT ++ g_socket_set_option (socket, IPPROTO_IP, IP_BIND_ADDRESS_NO_PORT, 1, NULL); ++#endif ++ + if (!g_socket_bind (socket, + client->priv->local_address, + FALSE, +-- +1.8.3.1 + diff --git a/glib-2.62.5.tar.xz b/glib-2.66.8.tar.xz similarity index 39% rename from glib-2.62.5.tar.xz rename to glib-2.66.8.tar.xz index f8ab5fa4fdd911c05262f16e9aa9e922a356afd9..967f3dfc0e89c66aa7f6846c05d8a49115795813 100644 Binary files a/glib-2.62.5.tar.xz and b/glib-2.66.8.tar.xz differ diff --git a/glib2.spec b/glib2.spec index d54f8620e61c9c9a24ae140096560331d529e2bd..e2ecfb1769113811cc66c32fc42911981236d455 100644 --- a/glib2.spec +++ b/glib2.spec @@ -1,27 +1,37 @@ Name: glib2 -Version: 2.62.5 -Release: 6 +Version: 2.66.8 +Release: 1 Summary: The core library that forms the basis for projects such as GTK+ and GNOME License: LGPLv2+ URL: http://www.gtk.org -Source0: http://download.gnome.org/sources/glib/2.62/glib-%{version}.tar.xz +Source0: http://download.gnome.org/sources/glib/2.66/glib-%{version}.tar.xz Patch9001: fix-accidentally-delete-temp-file-within-dtrace.patch -Patch6000: backport-CVE-2020-35457.patch -Patch6001: backport-CVE-2021-27218.patch -Patch6002: backport-CVE-2021-27219.patch -Patch6003: backport-0001-CVE-2021-28153.patch -Patch6004: backport-0002-CVE-2021-28153.patch -Patch6005: backport-0003-CVE-2021-28153.patch -Patch6006: backport-0004-CVE-2021-28153.patch -Patch6007: backport-0005-CVE-2021-28153.patch - -BuildRequires: chrpath gcc gcc-c++ gettext gtk-doc perl-interpreter + +Patch6001: backport-gsocketclient-set-IP-BIND-ADDRESS-NO-PORT-if-binding.patch +Patch6002: backport-gsocketclient-emit-RESOLVING-RESOLVED-events-only-once.patch +Patch6003: backport-gsocketclient-Crash-on-error-if-error-is-missing.patch +Patch6004: backport-gsocketclient-return-best-errors-possible.patch +Patch6005: backport-gsocketclient-fix-crash-when-async-connectio-step-fails.patch +Patch6006: backport-Correct-memory-leaks-of-error-in-completion-case.patch +Patch6007: backport-gapplication-Fix-a-memory-leak.patch +Patch6008: backport-gdbusauth-fix-error-leak.patch +Patch6009: backport-gdbusobjectmanagerservice-fix-leak-in-error-path.patch +Patch6010: backport-gfileenumerator-fix-leak-in-error-path.patch +Patch6011: backport-gsettings-Fix-a-minor-memory-leak-when-getting-GSettingsAction-state.patch + +BuildRequires: chrpath gcc gcc-c++ gettext perl-interpreter +%ifnarch i686 +BUildRequires: gtk-doc +%endif BUildRequires: glibc-devel libattr-devel libselinux-devel meson BuildRequires: systemtap-sdt-devel pkgconfig(libelf) pkgconfig(libffi) BuildRequires: pkgconfig(libpcre) pkgconfig(mount) pkgconfig(zlib) BuildRequires: python3-devel gamin-devel Requires: %{name}-help +%ifarch i686 +BuildRequires: libxslt +%endif Provides: %{name}-fam = %{version}-%{release} Obsoletes: %{name}-fam < %{version}-%{release} @@ -48,6 +58,7 @@ Obsoletes: %{name}-tests < %{version}-%{release} %description devel Development and test files for the GLib library. +%ifnarch i686 %package help Summary: help document for the glib2 package Buildarch: noarch @@ -56,14 +67,20 @@ Obsoletes: %{name}-doc < %{version}-%{release} %description help help document for the glib2 package. +%endif %prep %autosetup -n glib-%{version} -p1 %build rm glib/pcre/*.[ch] -%meson --default-library=both -Dman=true -Ddtrace=true \ - -Dsystemtap=true -Dgtk_doc=true -Dfam=true -Dinstalled_tests=true +%meson --default-library=both -Ddtrace=true \ +%ifarch i686 + -Dman=false -Dgtk_doc=false \ +%else + -Dman=true -Dgtk_doc=true \ +%endif + -Dsystemtap=true -Dfam=true -Dinstalled_tests=true %meson_build @@ -81,6 +98,16 @@ mv %{buildroot}%{_bindir}/gio-querymodules %{buildroot}%{_bindir}/gio-querymodu touch %{buildroot}%{_libdir}/gio/modules/giomodule.cache %find_lang glib20 +#remove rpath +chrpath -d %{buildroot}%{_libexecdir}/installed-tests/glib/gdbus-peer + +mkdir -p $RPM_BUILD_ROOT/etc/ld.so.conf.d +echo %{_libexecdir}/installed-tests/glib > $RPM_BUILD_ROOT/etc/ld.so.conf.d/%{name}-%{_arch}.conf + +%ldconfig_scriptlets devel + + + %transfiletriggerin -- %{_libdir}/gio/modules gio-querymodules-%{__isa_bits} %{_libdir}/gio/modules &> /dev/null || : @@ -110,7 +137,6 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %{_datadir}/bash-completion/completions/gsettings %{_bindir}/gio -%{_bindir}/gio-launch-desktop %{_bindir}/gio-querymodules* %{_bindir}/glib-compile-schemas %{_bindir}/gsettings @@ -118,6 +144,8 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %{_bindir}/gapplication %files devel +%defattr(-,root,root) +%config(noreplace) /etc/ld.so.conf.d/* %{_libdir}/lib*.so %{_libdir}/glib-2.0 %{_libdir}/pkgconfig/* @@ -145,13 +173,30 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %{_bindir}/glib-compile-resources %{_bindir}/gresource %attr (0755, root, root) %{_bindir}/gtester-report - +%ifarch i686 +%exclude %{_libexecdir}/installed-tests/glib/libgdbus-example-objectmanager.a +%exclude %{_datadir}/glib-2.0/codegen/__pycache__ +%exclude %{_datadir}/glib-2.0/gdb/__pycache__ +%exclude %{_datadir}/installed-tests/glib/static-link.test +%endif + +%ifnarch i686 %files help %defattr(-,root,root) %{_mandir}/man1/* %doc %{_datadir}/gtk-doc/html/* +%endif %changelog +* Sat Jun 5 2021 wangkerong - 2.66.8-1 +- Type:NA +- Id:NA +- SUG:NA +- DESC:Upgrade to 2.66.8 + +* Fri May 21 2021 hanhui - 2.62.5-7 +- add i686 options,round community patches + * Tue Apr 13 2021 hanhui - 2.62.5-6 - Type:cve - Id:CVE-2021-28153 diff --git a/glib2.yaml b/glib2.yaml new file mode 100644 index 0000000000000000000000000000000000000000..67fb2b53cbdd866f6a218b94ea91b1d097e31da8 --- /dev/null +++ b/glib2.yaml @@ -0,0 +1,4 @@ +version_control: github +src_repo: GNOME/glib +tag_prefix: "^" +seperator: "."