diff --git a/backport-add-OOM-handling-in-mimemagic.patch b/backport-add-OOM-handling-in-mimemagic.patch new file mode 100644 index 0000000000000000000000000000000000000000..3b69c4eaf39d14f385313d5cd383b8932db004da --- /dev/null +++ b/backport-add-OOM-handling-in-mimemagic.patch @@ -0,0 +1,52 @@ +From 9f1c59eef2e21b5a80c22d44deec2cba884cdfce Mon Sep 17 00:00:00 2001 +From: Egor Bychin +Date: Mon, 11 Oct 2021 15:31:01 +0300 +Subject: [PATCH] add OOM handling in mimemagic + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/9f1c59eef2e21b5a80c22d44deec2cba884cdfce + +--- + gio/xdgmime/xdgmimemagic.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/gio/xdgmime/xdgmimemagic.c b/gio/xdgmime/xdgmimemagic.c +index c68e27bedb..08b2c6da4f 100644 +--- a/gio/xdgmime/xdgmimemagic.c ++++ b/gio/xdgmime/xdgmimemagic.c +@@ -103,6 +103,8 @@ _xdg_mime_magic_matchlet_new (void) + XdgMimeMagicMatchlet *matchlet; + + matchlet = malloc (sizeof (XdgMimeMagicMatchlet)); ++ if (matchlet == NULL) ++ return NULL; + + matchlet->indent = 0; + matchlet->offset = 0; +@@ -355,6 +357,11 @@ _xdg_mime_magic_parse_magic_line (FILE *magic_file, + return XDG_MIME_MAGIC_ERROR; + + matchlet = _xdg_mime_magic_matchlet_new (); ++ ++ /* OOM */ ++ if (matchlet == NULL) ++ return XDG_MIME_MAGIC_ERROR; ++ + matchlet->indent = indent; + matchlet->offset = _xdg_mime_magic_read_a_number (magic_file, &end_of_file); + if (end_of_file) +@@ -767,6 +774,11 @@ _xdg_mime_magic_read_magic_file (XdgMimeMagic *mime_magic, + { + case XDG_MIME_MAGIC_SECTION: + match = _xdg_mime_magic_match_new (); ++ ++ /* OOM */ ++ if (match == NULL) ++ return; ++ + state = _xdg_mime_magic_parse_header (magic_file, match); + if (state == XDG_MIME_MAGIC_EOF || state == XDG_MIME_MAGIC_ERROR) + _xdg_mime_magic_match_free (match); +-- +GitLab + diff --git a/backport-application-Unset-the-registered-state-after-shutting-down.patch b/backport-application-Unset-the-registered-state-after-shutting-down.patch new file mode 100644 index 0000000000000000000000000000000000000000..7101ea9ea3a92b0a6a016e9e674a37f9c378b9cf --- /dev/null +++ b/backport-application-Unset-the-registered-state-after-shutting-down.patch @@ -0,0 +1,140 @@ +From 63873c0eb114faf6696874fe577912af687d67cf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= +Date: Wed, 21 Apr 2021 06:17:36 +0200 +Subject: [PATCH] application: Unset the registered state after shutting down + +An application that has been shut down is still marked as registered +even if its implementation has been already destroyed. + +This may lead to unguarded crashes when calling functions that have +assumptions for being used with registered applications. + +So, when an application is registered, mark it as unregistered just +before destroying its implementation and after being shut down, so that +we follow the registration process in reversed order. + +Added tests + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/63873c0eb114faf6696874fe577912af687d67cf + +--- + gio/gapplication.c | 7 ++++ + gio/tests/gapplication.c | 76 ++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 83 insertions(+) + +diff --git a/gio/gapplication.c b/gio/gapplication.c +index 8e65176354..bf4a4cb650 100644 +--- a/gio/gapplication.c ++++ b/gio/gapplication.c +@@ -2578,6 +2578,13 @@ g_application_run (GApplication *application, + + if (application->priv->impl) + { ++ if (application->priv->is_registered) ++ { ++ application->priv->is_registered = FALSE; ++ ++ g_object_notify (G_OBJECT (application), "is-registered"); ++ } ++ + g_application_impl_flush (application->priv->impl); + g_application_impl_destroy (application->priv->impl); + application->priv->impl = NULL; +diff --git a/gio/tests/gapplication.c b/gio/tests/gapplication.c +index 900e7ac977..6f1a27e0f3 100644 +--- a/gio/tests/gapplication.c ++++ b/gio/tests/gapplication.c +@@ -576,6 +576,81 @@ test_quit (void) + g_free (binpath); + } + ++typedef struct ++{ ++ gboolean shutdown; ++ GParamSpec *notify_spec; /* (owned) (nullable) */ ++} RegisteredData; ++ ++static void ++on_registered_shutdown (GApplication *app, ++ gpointer user_data) ++{ ++ RegisteredData *registered_data = user_data; ++ ++ registered_data->shutdown = TRUE; ++} ++ ++static void ++on_registered_notify (GApplication *app, ++ GParamSpec *spec, ++ gpointer user_data) ++{ ++ RegisteredData *registered_data = user_data; ++ registered_data->notify_spec = g_param_spec_ref (spec); ++ ++ if (g_application_get_is_registered (app)) ++ g_assert_false (registered_data->shutdown); ++ else ++ g_assert_true (registered_data->shutdown); ++} ++ ++static void ++test_registered (void) ++{ ++ char *binpath = g_test_build_filename (G_TEST_BUILT, "unimportant", NULL); ++ gchar *argv[] = { binpath, NULL }; ++ RegisteredData registered_data = { FALSE, NULL }; ++ GApplication *app; ++ ++ app = g_application_new (NULL, G_APPLICATION_FLAGS_NONE); ++ g_signal_connect (app, "activate", G_CALLBACK (noappid_activate), NULL); ++ g_signal_connect (app, "shutdown", G_CALLBACK (on_registered_shutdown), ®istered_data); ++ g_signal_connect (app, "notify::is-registered", G_CALLBACK (on_registered_notify), ®istered_data); ++ ++ g_assert_null (registered_data.notify_spec); ++ ++ g_assert_true (g_application_register (app, NULL, NULL)); ++ g_assert_true (g_application_get_is_registered (app)); ++ ++ g_assert_nonnull (registered_data.notify_spec); ++ g_assert_cmpstr (registered_data.notify_spec->name, ==, "is-registered"); ++ g_clear_pointer (®istered_data.notify_spec, g_param_spec_unref); ++ ++ g_assert_false (registered_data.shutdown); ++ ++ g_application_run (app, 1, argv); ++ ++ g_assert_true (registered_data.shutdown); ++ g_assert_false (g_application_get_is_registered (app)); ++ g_assert_nonnull (registered_data.notify_spec); ++ g_assert_cmpstr (registered_data.notify_spec->name, ==, "is-registered"); ++ g_clear_pointer (®istered_data.notify_spec, g_param_spec_unref); ++ ++ /* Register it again */ ++ registered_data.shutdown = FALSE; ++ g_assert_true (g_application_register (app, NULL, NULL)); ++ g_assert_true (g_application_get_is_registered (app)); ++ g_assert_nonnull (registered_data.notify_spec); ++ g_assert_cmpstr (registered_data.notify_spec->name, ==, "is-registered"); ++ g_clear_pointer (®istered_data.notify_spec, g_param_spec_unref); ++ g_assert_false (registered_data.shutdown); ++ ++ g_object_unref (app); ++ ++ g_free (binpath); ++} ++ + static void + on_activate (GApplication *app) + { +@@ -1136,6 +1211,7 @@ main (int argc, char **argv) + g_test_add_func ("/gapplication/properties", properties); + g_test_add_func ("/gapplication/app-id", appid); + g_test_add_func ("/gapplication/quit", test_quit); ++ g_test_add_func ("/gapplication/registered", test_registered); + g_test_add_func ("/gapplication/local-actions", test_local_actions); + /* g_test_add_func ("/gapplication/remote-actions", test_remote_actions); */ + g_test_add_func ("/gapplication/local-command-line", test_local_command_line); +-- +GitLab + diff --git a/backport-gapplication-fix-arguments-leak-in-error-path.patch b/backport-gapplication-fix-arguments-leak-in-error-path.patch new file mode 100644 index 0000000000000000000000000000000000000000..6d833df6f6567d37162770176d4b5f05b3fae1c7 --- /dev/null +++ b/backport-gapplication-fix-arguments-leak-in-error-path.patch @@ -0,0 +1,44 @@ +From 65b4bc30eb38b1484533a2ee08f7229a9e961af8 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Wed, 31 Mar 2021 11:44:23 -0500 +Subject: [PATCH] gapplication: fix arguments leak in error path + +If this g_return_val_if_fail() is ever hit, then we leak arguments. +This is not very important because if your code hits +g_return_val_if_fail() you are invoking undefined behavior, a rather +more serious problem, but let's replace it with g_critical() to be +robust. + +This includes a small behavior change: it returns 1 rather than 0 in +this error case. + +Found by Coverity. + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/65b4bc30eb38b1484533a2ee08f7229a9e961af8 + +--- + gio/gapplication.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/gio/gapplication.c b/gio/gapplication.c +index 5a43202a5d..8e65176354 100644 +--- a/gio/gapplication.c ++++ b/gio/gapplication.c +@@ -2524,7 +2524,12 @@ g_application_run (GApplication *application, + + context = g_main_context_default (); + acquired_context = g_main_context_acquire (context); +- g_return_val_if_fail (acquired_context, 0); ++ if (!acquired_context) ++ { ++ g_critical ("g_application_run() cannot acquire the default main context because it is already acquired by another thread!"); ++ g_strfreev (arguments); ++ return 1; ++ } + + if (!G_APPLICATION_GET_CLASS (application) + ->local_command_line (application, &arguments, &status)) +-- +GitLab + diff --git a/backport-gdtlsconnection-Fix-a-check-for-a-vfunc-being-implemented.patch b/backport-gdtlsconnection-Fix-a-check-for-a-vfunc-being-implemented.patch new file mode 100644 index 0000000000000000000000000000000000000000..99ba4614c46ed047a5bb1a9bafa73c915c39f426 --- /dev/null +++ b/backport-gdtlsconnection-Fix-a-check-for-a-vfunc-being-implemented.patch @@ -0,0 +1,32 @@ +From be57c5d14c771361482917f4cb35851a07d19a8e Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 29 Apr 2021 13:17:05 +0100 +Subject: [PATCH] gdtlsconnection: Fix a check for a vfunc being implemented + +It was checking the wrong vfunc; likely a copy/paste error. + +Signed-off-by: Philip Withnall + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/be57c5d14c771361482917f4cb35851a07d19a8e + +--- + gio/gdtlsconnection.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gio/gdtlsconnection.c b/gio/gdtlsconnection.c +index 4bbc88d7a7..136e317b13 100644 +--- a/gio/gdtlsconnection.c ++++ b/gio/gdtlsconnection.c +@@ -1069,7 +1069,7 @@ g_dtls_connection_get_negotiated_protocol (GDtlsConnection *conn) + GDtlsConnectionInterface *iface; + + iface = G_DTLS_CONNECTION_GET_INTERFACE (conn); +- if (iface->set_advertised_protocols == NULL) ++ if (iface->get_negotiated_protocol == NULL) + return NULL; + + return iface->get_negotiated_protocol (conn); +-- +GitLab + diff --git a/backport-glocalfileinfo-Fix-atime-mtime-mix.patch b/backport-glocalfileinfo-Fix-atime-mtime-mix.patch new file mode 100644 index 0000000000000000000000000000000000000000..8badc4c4027d786c22182f14fd1997c76de074b3 --- /dev/null +++ b/backport-glocalfileinfo-Fix-atime-mtime-mix.patch @@ -0,0 +1,28 @@ +From 5a032f32ea77d81c012841dde88b070f55037f25 Mon Sep 17 00:00:00 2001 +From: Egor Bychin +Date: Mon, 11 Oct 2021 13:56:43 +0300 +Subject: [PATCH] glocalfileinfo: Fix atime/mtime mix due to bad copy/paste + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/5a032f32ea77d81c012841dde88b070f55037f25 + +--- + gio/glocalfileinfo.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gio/glocalfileinfo.c b/gio/glocalfileinfo.c +index 3867ca684a..d3b327a19c 100644 +--- a/gio/glocalfileinfo.c ++++ b/gio/glocalfileinfo.c +@@ -2650,7 +2650,7 @@ set_mtime_atime (char *filename, + { + if (lazy_stat (filename, &statbuf, &got_stat) == 0) + { +- times[0].tv_sec = statbuf.st_mtime; ++ times[0].tv_sec = statbuf.st_atime; + #if defined (HAVE_STRUCT_STAT_ST_ATIMENSEC) + times[0].tv_usec = statbuf.st_atimensec / 1000; + #elif defined (HAVE_STRUCT_STAT_ST_ATIM_TV_NSEC) +-- +GitLab + diff --git a/backport-gopenuriportal-Fix-GVariantBuilder-and-string-leakage.patch b/backport-gopenuriportal-Fix-GVariantBuilder-and-string-leakage.patch new file mode 100644 index 0000000000000000000000000000000000000000..097ab8bb8cded6caf9a7a2940f388bc42189f30a --- /dev/null +++ b/backport-gopenuriportal-Fix-GVariantBuilder-and-string-leakage.patch @@ -0,0 +1,29 @@ +From 9dc7475f93c5c63fff66999d228407e13a47d5d3 Mon Sep 17 00:00:00 2001 +From: Egor Bychin +Date: Mon, 11 Oct 2021 14:00:03 +0300 +Subject: [PATCH] gopenuriportal: Fix GVariantBuilder and string leakage on + g_open failure + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/9dc7475f93c5c63fff66999d228407e13a47d5d3 + +--- + gio/gopenuriportal.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/gio/gopenuriportal.c b/gio/gopenuriportal.c +index be68569ed8..6ef8f037c3 100644 +--- a/gio/gopenuriportal.c ++++ b/gio/gopenuriportal.c +@@ -108,6 +108,8 @@ g_openuri_portal_open_uri (const char *uri, + errsv = errno; + if (fd == -1) + { ++ g_free (path); ++ g_variant_builder_clear (&opt_builder); + g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errsv), + "Failed to open '%s'", path); + return FALSE; +-- +GitLab + diff --git a/backport-gproxyaddressenumerator-Fix-string-leakage-on-an-invalid-input.patch b/backport-gproxyaddressenumerator-Fix-string-leakage-on-an-invalid-input.patch new file mode 100644 index 0000000000000000000000000000000000000000..8652e45edb88ba559bf257121c3d3eb7e081fb41 --- /dev/null +++ b/backport-gproxyaddressenumerator-Fix-string-leakage-on-an-invalid-input.patch @@ -0,0 +1,47 @@ +From a50e605d52534f604776e56fd181ace98b6a0166 Mon Sep 17 00:00:00 2001 +From: Egor Bychin +Date: Mon, 11 Oct 2021 14:02:33 +0300 +Subject: [PATCH] gproxyaddressenumerator: Fix string leakage on an invalid + input + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/a50e605d52534f604776e56fd181ace98b6a0166 + +--- + gio/gproxyaddressenumerator.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/gio/gproxyaddressenumerator.c b/gio/gproxyaddressenumerator.c +index d3de4940c9..654baade57 100644 +--- a/gio/gproxyaddressenumerator.c ++++ b/gio/gproxyaddressenumerator.c +@@ -262,8 +262,12 @@ g_proxy_address_enumerator_next (GSocketAddressEnumerator *enumerator, + } + dest_protocol = g_uri_parse_scheme (priv->dest_uri); + +- g_return_val_if_fail (G_IS_INET_SOCKET_ADDRESS (priv->proxy_address), +- NULL); ++ if (!G_IS_INET_SOCKET_ADDRESS (priv->proxy_address)) ++ { ++ g_free (dest_hostname); ++ g_free (dest_protocol); ++ } ++ g_return_val_if_fail (G_IS_INET_SOCKET_ADDRESS (priv->proxy_address), NULL); + + inetsaddr = G_INET_SOCKET_ADDRESS (priv->proxy_address); + inetaddr = g_inet_socket_address_get_address (inetsaddr); +@@ -352,6 +356,11 @@ return_result (GTask *task) + } + dest_protocol = g_uri_parse_scheme (priv->dest_uri); + ++ if (!G_IS_INET_SOCKET_ADDRESS (priv->proxy_address)) ++ { ++ g_free (dest_hostname); ++ g_free (dest_protocol); ++ } + g_return_if_fail (G_IS_INET_SOCKET_ADDRESS (priv->proxy_address)); + + inetsaddr = G_INET_SOCKET_ADDRESS (priv->proxy_address); +-- +GitLab + diff --git a/backport-gsocks5proxy-Fix-buffer-overflow-on-a-really-long-domain-name.patch b/backport-gsocks5proxy-Fix-buffer-overflow-on-a-really-long-domain-name.patch new file mode 100644 index 0000000000000000000000000000000000000000..af277b7a6a0481ae1fc34c3c3ffd582b0483d3af --- /dev/null +++ b/backport-gsocks5proxy-Fix-buffer-overflow-on-a-really-long-domain-name.patch @@ -0,0 +1,73 @@ +From b32727d43d9d11aa017f1f29648ad5019376537c Mon Sep 17 00:00:00 2001 +From: Egor Bychin +Date: Mon, 11 Oct 2021 14:07:01 +0300 +Subject: [PATCH] gsocks5proxy: Fix buffer overflow on a really long domain + name + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/b32727d43d9d11aa017f1f29648ad5019376537c + +--- + gio/gsocks5proxy.c | 23 +++++++++++++---------- + 1 file changed, 13 insertions(+), 10 deletions(-) + +diff --git a/gio/gsocks5proxy.c b/gio/gsocks5proxy.c +index 873db7ea6d..948ac8b8b8 100644 +--- a/gio/gsocks5proxy.c ++++ b/gio/gsocks5proxy.c +@@ -328,7 +328,7 @@ set_connect_msg (guint8 *msg, + * + * The parser only requires 4 bytes. + */ +-#define SOCKS5_CONN_REP_LEN 255 ++#define SOCKS5_CONN_REP_LEN 257 + static gboolean + parse_connect_reply (const guint8 *data, gint *atype, GError **error) + { +@@ -509,7 +509,7 @@ g_socks5_proxy_connect (GProxy *proxy, + guint8 data[SOCKS5_CONN_REP_LEN]; + gint atype; + +- if (!g_input_stream_read_all (in, data, 4, NULL, ++ if (!g_input_stream_read_all (in, data, 4 /* VER, REP, RSV, ATYP */, NULL, + cancellable, error)) + goto error; + +@@ -519,23 +519,26 @@ g_socks5_proxy_connect (GProxy *proxy, + switch (atype) + { + case SOCKS5_ATYP_IPV4: +- if (!g_input_stream_read_all (in, data, 6, NULL, +- cancellable, error)) ++ if (!g_input_stream_read_all (in, data, ++ 4 /* IPv4 length */ + 2 /* port */, ++ NULL, cancellable, error)) + goto error; + break; + + case SOCKS5_ATYP_IPV6: +- if (!g_input_stream_read_all (in, data, 18, NULL, +- cancellable, error)) ++ if (!g_input_stream_read_all (in, data, ++ 16 /* IPv6 length */ + 2 /* port */, ++ NULL, cancellable, error)) + goto error; + break; + + case SOCKS5_ATYP_DOMAINNAME: +- if (!g_input_stream_read_all (in, data, 1, NULL, +- cancellable, error)) ++ if (!g_input_stream_read_all (in, data, 1 /* domain name length */, ++ NULL, cancellable, error)) + goto error; +- if (!g_input_stream_read_all (in, data, data[0] + 2, NULL, +- cancellable, error)) ++ if (!g_input_stream_read_all (in, data, ++ data[0] /* domain name length */ + 2 /* port */, ++ NULL, cancellable, error)) + goto error; + break; + } +-- +GitLab + diff --git a/backport-gsocks5proxy-Handle-EOF-when-reading-from-a-stream.patch b/backport-gsocks5proxy-Handle-EOF-when-reading-from-a-stream.patch new file mode 100644 index 0000000000000000000000000000000000000000..dc9123970001cc30f9a7bee62f0e8fccee9a746f --- /dev/null +++ b/backport-gsocks5proxy-Handle-EOF-when-reading-from-a-stream.patch @@ -0,0 +1,110 @@ +From 40a46d1346fdd4e07c648ba1ee78dedd9bfa33ad Mon Sep 17 00:00:00 2001 +From: Benjamin Berg +Date: Tue, 6 Apr 2021 16:52:23 +0200 +Subject: [PATCH] gsocks5proxy: Handle EOF when reading from a stream + +The code did not handle EOF (0 byte read) correctly. This can e.g. cause +an infinite loop if an incorrect socks proxy is configured. + +Add the appropriate checks and return an G_IO_ERROR_CONNECTION_CLOSED +error if EOF is encountered. + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/40a46d1346fdd4e07c648ba1ee78dedd9bfa33ad + +--- + gio/gsocks5proxy.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 50 insertions(+) + +diff --git a/gio/gsocks5proxy.c b/gio/gsocks5proxy.c +index 09b7fcac29..873db7ea6d 100644 +--- a/gio/gsocks5proxy.c ++++ b/gio/gsocks5proxy.c +@@ -717,6 +717,16 @@ nego_reply_read_cb (GObject *source, + return; + } + ++ if (read == 0) ++ { ++ g_task_return_new_error (task, ++ G_IO_ERROR, ++ G_IO_ERROR_CONNECTION_CLOSED, ++ "Connection to SOCKSv5 proxy server lost"); ++ g_object_unref (task); ++ return; ++ } ++ + data->offset += read; + + if (data->offset == data->length) +@@ -821,6 +831,16 @@ auth_reply_read_cb (GObject *source, + return; + } + ++ if (read == 0) ++ { ++ g_task_return_new_error (task, ++ G_IO_ERROR, ++ G_IO_ERROR_CONNECTION_CLOSED, ++ "Connection to SOCKSv5 proxy server lost"); ++ g_object_unref (task); ++ return; ++ } ++ + data->offset += read; + + if (data->offset == data->length) +@@ -923,6 +943,16 @@ connect_reply_read_cb (GObject *source, + return; + } + ++ if (read == 0) ++ { ++ g_task_return_new_error (task, ++ G_IO_ERROR, ++ G_IO_ERROR_CONNECTION_CLOSED, ++ "Connection to SOCKSv5 proxy server lost"); ++ g_object_unref (task); ++ return; ++ } ++ + data->offset += read; + + if (data->offset == data->length) +@@ -983,6 +1013,16 @@ connect_addr_len_read_cb (GObject *source, + return; + } + ++ if (read == 0) ++ { ++ g_task_return_new_error (task, ++ G_IO_ERROR, ++ G_IO_ERROR_CONNECTION_CLOSED, ++ "Connection to SOCKSv5 proxy server lost"); ++ g_object_unref (task); ++ return; ++ } ++ + data->length = data->buffer[0] + 2; + data->offset = 0; + +@@ -1009,6 +1049,16 @@ connect_addr_read_cb (GObject *source, + return; + } + ++ if (read == 0) ++ { ++ g_task_return_new_error (task, ++ G_IO_ERROR, ++ G_IO_ERROR_CONNECTION_CLOSED, ++ "Connection to SOCKSv5 proxy server lost"); ++ g_object_unref (task); ++ return; ++ } ++ + data->offset += read; + + if (data->offset == data->length) +-- +GitLab + diff --git a/backport-gthread-posix-Free-a-memory-leak-on-error-path.patch b/backport-gthread-posix-Free-a-memory-leak-on-error-path.patch new file mode 100644 index 0000000000000000000000000000000000000000..41232948f4955d1380de97023bdd3f02e375280d --- /dev/null +++ b/backport-gthread-posix-Free-a-memory-leak-on-error-path.patch @@ -0,0 +1,27 @@ +From d129395fe2f22f12004526bc11ca7d407f42e4ab Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?GOUJON=20=C3=89van?= +Date: Thu, 22 Jul 2021 16:41:09 +0200 +Subject: [PATCH] g_system_thread_new: Free a memory leak on error path + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/d129395fe2f22f12004526bc11ca7d407f42e4ab + +--- + glib/gthread-posix.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/glib/gthread-posix.c b/glib/gthread-posix.c +index 3d69767e67..8e2e66db54 100644 +--- a/glib/gthread-posix.c ++++ b/glib/gthread-posix.c +@@ -1331,6 +1331,7 @@ g_system_thread_new (GThreadFunc proxy, + { + g_set_error (error, G_THREAD_ERROR, G_THREAD_ERROR_AGAIN, + "Error creating thread: %s", g_strerror (ret)); ++ g_free (thread->thread.name); + g_slice_free (GThreadPosix, thread); + return NULL; + } +-- +GitLab + diff --git a/backport-gtype-Fix-pointer-being-dereferenced-despite-NULL-check.patch b/backport-gtype-Fix-pointer-being-dereferenced-despite-NULL-check.patch new file mode 100644 index 0000000000000000000000000000000000000000..4877e527a9827c3319681bb46141f0674f87432b --- /dev/null +++ b/backport-gtype-Fix-pointer-being-dereferenced-despite-NULL-check.patch @@ -0,0 +1,35 @@ +From 5419228f632af830d9117c142a1c7c1a9708cc08 Mon Sep 17 00:00:00 2001 +From: Egor Bychin +Date: Mon, 11 Oct 2021 14:26:20 +0300 +Subject: [PATCH] gtype: Fix pointer being dereferenced despite NULL check + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/5419228f632af830d9117c142a1c7c1a9708cc08 + +--- + gobject/gtype.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/gobject/gtype.c b/gobject/gtype.c +index 34f62ecba5..26ec30b7b7 100644 +--- a/gobject/gtype.c ++++ b/gobject/gtype.c +@@ -3159,11 +3159,14 @@ g_type_class_peek_parent (gpointer g_class) + g_return_val_if_fail (g_class != NULL, NULL); + + node = lookup_type_node_I (G_TYPE_FROM_CLASS (g_class)); ++ ++ g_return_val_if_fail (node != NULL, NULL); ++ + /* We used to acquire a read lock here. That is not necessary, since + * parent->data->class.class is constant as long as the derived class + * exists. + */ +- if (node && node->is_classed && node->data && NODE_PARENT_TYPE (node)) ++ if (node->is_classed && node->data && NODE_PARENT_TYPE (node)) + { + node = lookup_type_node_I (NODE_PARENT_TYPE (node)); + class = node->data->class.class; +-- +GitLab + diff --git a/backport-gutils-Avoid-segfault-in-g_get_user_database_entry.patch b/backport-gutils-Avoid-segfault-in-g_get_user_database_entry.patch new file mode 100644 index 0000000000000000000000000000000000000000..3e978a0092f77fb069b226379ab78286f4101198 --- /dev/null +++ b/backport-gutils-Avoid-segfault-in-g_get_user_database_entry.patch @@ -0,0 +1,58 @@ +From bb40105fe95b5d95e31715ddb210380d381a1e26 Mon Sep 17 00:00:00 2001 +From: Jamie Bainbridge +Date: Wed, 8 Sep 2021 12:08:17 +1000 +Subject: [PATCH] gutils: Avoid segfault in g_get_user_database_entry + +g_get_user_database_entry() capitalises the first letter of pw_name +with g_ascii_toupper (pw->pw_name[0]). + +However, the manpage for getpwnam() and getpwuid() says the result of +those calls "may point to a static area". GLib is then trying to edit +static memory which belongs to a shared library, so segfaults. + +The reentrant variants of the above calls are supposed to fill the user +buffer supplied to them, however Michael Catanzaro also found a bug in +systemd where the data is not copied to the user buffer and still points +to static memory, resulting in the same sort of segfault. See: +https://github.com/systemd/systemd/issues/20679 + +Solve both these cases in GLib by copying pw_name off to a temporary +variable, set uppercase on that variable, and use the variable to join +into the desired string. Free the variable after it is no longer needed. + +Signed-off-by: Jamie Bainbridge + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/bb40105fe95b5d95e31715ddb210380d381a1e26 + +--- + glib/gutils.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/glib/gutils.c b/glib/gutils.c +index b7a2113d41..4bccd72297 100644 +--- a/glib/gutils.c ++++ b/glib/gutils.c +@@ -692,14 +692,17 @@ g_get_user_database_entry (void) + { + gchar **gecos_fields; + gchar **name_parts; ++ gchar *uppercase_pw_name; + + /* split the gecos field and substitute '&' */ + gecos_fields = g_strsplit (pw->pw_gecos, ",", 0); + name_parts = g_strsplit (gecos_fields[0], "&", 0); +- pw->pw_name[0] = g_ascii_toupper (pw->pw_name[0]); +- e.real_name = g_strjoinv (pw->pw_name, name_parts); ++ uppercase_pw_name = g_strdup (pw->pw_name); ++ uppercase_pw_name[0] = g_ascii_toupper (uppercase_pw_name[0]); ++ e.real_name = g_strjoinv (uppercase_pw_name, name_parts); + g_strfreev (gecos_fields); + g_strfreev (name_parts); ++ g_free (uppercase_pw_name); + } + #endif + +-- +GitLab + diff --git a/backport-gvariant-Fix-memory-leak-on-a-TYPE-CHECK-failure.patch b/backport-gvariant-Fix-memory-leak-on-a-TYPE-CHECK-failure.patch new file mode 100644 index 0000000000000000000000000000000000000000..50392fc47533342e7529139adfca2cf627664eac --- /dev/null +++ b/backport-gvariant-Fix-memory-leak-on-a-TYPE-CHECK-failure.patch @@ -0,0 +1,34 @@ +From 05dffc1a7f562e9c8c6c21b67f99204f7a7b4e27 Mon Sep 17 00:00:00 2001 +From: Egor Bychin +Date: Mon, 11 Oct 2021 14:20:26 +0300 +Subject: [PATCH] gvariant: Fix memory leak on a TYPE_CHECK failure + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/05dffc1a7f562e9c8c6c21b67f99204f7a7b4e27 + +--- + glib/gvariant.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/glib/gvariant.c b/glib/gvariant.c +index a9bb99c647..4a9704c19c 100644 +--- a/glib/gvariant.c ++++ b/glib/gvariant.c +@@ -800,7 +800,13 @@ g_variant_new_array (const GVariantType *child_type, + + for (i = 0; i < n_children; i++) + { +- TYPE_CHECK (children[i], child_type, NULL); ++ if G_UNLIKELY (!g_variant_is_of_type (children[i], child_type)) ++ { ++ while (i != 0) ++ g_variant_unref (my_children[--i]); ++ g_free (my_children); ++ g_return_val_if_fail (g_variant_is_of_type (children[i], child_type), NULL); ++ } + my_children[i] = g_variant_ref_sink (children[i]); + trusted &= g_variant_is_trusted (children[i]); + } +-- +GitLab + diff --git a/backport-gvariant-Fix-pointers-being-dereferenced-despite-NULL-checks.patch b/backport-gvariant-Fix-pointers-being-dereferenced-despite-NULL-checks.patch new file mode 100644 index 0000000000000000000000000000000000000000..29217873ea7ccf6e7020a389d6d87c2f53c70caf --- /dev/null +++ b/backport-gvariant-Fix-pointers-being-dereferenced-despite-NULL-checks.patch @@ -0,0 +1,61 @@ +From 7f6ce4d8d234996b523b71abef139f1c80c88254 Mon Sep 17 00:00:00 2001 +From: Egor Bychin +Date: Mon, 11 Oct 2021 14:24:12 +0300 +Subject: [PATCH] gvariant: Fix pointers being dereferenced despite NULL checks + +Conflict:NA +Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/7f6ce4d8d234996b523b71abef139f1c80c88254 + +--- + glib/gvariant.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/glib/gvariant.c b/glib/gvariant.c +index 4a9704c19c..5fa6a82685 100644 +--- a/glib/gvariant.c ++++ b/glib/gvariant.c +@@ -3196,8 +3196,7 @@ struct heap_builder + #define GVSB_MAGIC ((gsize) 1033660112u) + #define GVSB_MAGIC_PARTIAL ((gsize) 2942751021u) + #define GVHB_MAGIC ((gsize) 3087242682u) +-#define is_valid_builder(b) (b != NULL && \ +- GVSB(b)->magic == GVSB_MAGIC) ++#define is_valid_builder(b) (GVSB(b)->magic == GVSB_MAGIC) + #define is_valid_heap_builder(b) (GVHB(b)->magic == GVHB_MAGIC) + + /* Just to make sure that by adding a union to GVariantBuilder, we +@@ -3207,7 +3206,9 @@ G_STATIC_ASSERT (sizeof (GVariantBuilder) == sizeof (gsize[16])); + static gboolean + ensure_valid_builder (GVariantBuilder *builder) + { +- if (is_valid_builder (builder)) ++ if (builder == NULL) ++ return FALSE; ++ else if (is_valid_builder (builder)) + return TRUE; + if (builder->u.s.partial_magic == GVSB_MAGIC_PARTIAL) + { +@@ -3853,8 +3854,7 @@ struct heap_dict + #define GVSD_MAGIC ((gsize) 2579507750u) + #define GVSD_MAGIC_PARTIAL ((gsize) 3488698669u) + #define GVHD_MAGIC ((gsize) 2450270775u) +-#define is_valid_dict(d) (d != NULL && \ +- GVSD(d)->magic == GVSD_MAGIC) ++#define is_valid_dict(d) (GVSD(d)->magic == GVSD_MAGIC) + #define is_valid_heap_dict(d) (GVHD(d)->magic == GVHD_MAGIC) + + /* Just to make sure that by adding a union to GVariantDict, we didn't +@@ -3864,7 +3864,9 @@ G_STATIC_ASSERT (sizeof (GVariantDict) == sizeof (gsize[16])); + static gboolean + ensure_valid_dict (GVariantDict *dict) + { +- if (is_valid_dict (dict)) ++ if (dict == NULL) ++ return FALSE; ++ else if (is_valid_dict (dict)) + return TRUE; + if (dict->u.s.partial_magic == GVSD_MAGIC_PARTIAL) + { +-- +GitLab + diff --git a/glib2.spec b/glib2.spec index b3f8c6214717c76418af8d697b695aa501e1541d..2ae34121595fff3171c7c11818e23fbe77c41ed4 100644 --- a/glib2.spec +++ b/glib2.spec @@ -1,6 +1,6 @@ Name: glib2 Version: 2.68.1 -Release: 11 +Release: 12 Summary: The core library that forms the basis for projects such as GTK+ and GNOME License: LGPLv2+ URL: http://www.gtk.org @@ -10,7 +10,21 @@ Patch6000: backport-correctly-use-3-parameters-for-clise-range.patch Patch6001: backport-fix-a-memory-leak.patch Patch6002: backport-gfileenumerator-fix-leak-in-error-path.patch Patch6003: backport-gdbusobjectmanagerservice-fix-leak-in-error-path.patch -Patch6004: backport-gdbusauth-fix-error-leak.patch +Patch6004: backport-gdbusauth-fix-error-leak.patch +Patch6005: backport-gapplication-fix-arguments-leak-in-error-path.patch +Patch6006: backport-gsocks5proxy-Handle-EOF-when-reading-from-a-stream.patch +Patch6007: backport-application-Unset-the-registered-state-after-shutting-down.patch +Patch6008: backport-gdtlsconnection-Fix-a-check-for-a-vfunc-being-implemented.patch +Patch6009: backport-gthread-posix-Free-a-memory-leak-on-error-path.patch +Patch6010: backport-gutils-Avoid-segfault-in-g_get_user_database_entry.patch +Patch6011: backport-glocalfileinfo-Fix-atime-mtime-mix.patch +Patch6012: backport-gopenuriportal-Fix-GVariantBuilder-and-string-leakage.patch +Patch6013: backport-gproxyaddressenumerator-Fix-string-leakage-on-an-invalid-input.patch +Patch6014: backport-gsocks5proxy-Fix-buffer-overflow-on-a-really-long-domain-name.patch +Patch6015: backport-gvariant-Fix-memory-leak-on-a-TYPE-CHECK-failure.patch +Patch6016: backport-gvariant-Fix-pointers-being-dereferenced-despite-NULL-checks.patch +Patch6017: backport-gtype-Fix-pointer-being-dereferenced-despite-NULL-check.patch +Patch6018: backport-add-OOM-handling-in-mimemagic.patch BuildRequires: chrpath gcc gcc-c++ gettext perl-interpreter BUildRequires: glibc-devel libattr-devel libselinux-devel meson @@ -80,8 +94,6 @@ rm glib/pcre/*.[ch] %meson_build -find . -name *.dtrace-temp.c -exec rm -f {} \; - %check %meson_test @@ -178,6 +190,11 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %endif %changelog +* Thu Apr 28 2022 hanhui - 2.68.1-12 +- Type:bugfix +- DESC:fix issues found by svace static code analyzer + fix segfault,memory leak,EOF,arguments leak + * Wed Apr 6 2022 hanhui - 2.68.1-11 - DESC:fix gfileenumerator/gdbusobjectmanagerservice/gdbusauth of memory leak