!190 Backport patch, fix some issues

From: @zhangzikang1992 Reviewed-by: @dillon_chen Signed-off-by: @dillon_chen
2024-09-14 01:27:23 +00:00 · 2024-09-14 01:27:23 +00:00 · 97e760d0e6
commit 97e760d0e6
parent cd0017f40b ff8bf30090
5 changed files with 164 additions and 1 deletions
--- a/backport-gcontextspecificgroup-Wait-until-stop_func-is-done.patch
+++ b/backport-gcontextspecificgroup-Wait-until-stop_func-is-done.patch
@ -0,0 +1,44 @@
+From bf7d941088b4860a93f3ea0f3202f495a9fd0667 Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Mon, 19 Feb 2024 13:38:00 +0100
+Subject: [PATCH] gcontextspecificgroup: Wait until stop_func is done
+
+Currently, the `stop_func` is executed on an extra thread, and the
+`g_context_specific_group_remove` function returns before the `stop_func`
+finishes. It may happen that the `stop_func` is never executed if the
+program terminates soon after calling it. Let's wait until the `stop_func`
+is done.
+
+Fixes: https://gitlab.gnome.org/GNOME/glib/-/issues/3258
+---
+ gio/gcontextspecificgroup.c | 14 ++------------
+ 1 file changed, 2 insertions(+), 12 deletions(-)
+
+diff --git a/gio/gcontextspecificgroup.c b/gio/gcontextspecificgroup.c
+index e1def3bbb..41a35de86 100644
+--- a/gio/gcontextspecificgroup.c
+++ b/gio/gcontextspecificgroup.c
+@@ -153,18 +153,8 @@ g_context_specific_group_request_state (GContextSpecificGroup *group,
+         }
+     }
+ 
+-  /* we only block for positive transitions */
+-  if (requested_state)
+-    {
+-      while (group->requested_state != group->effective_state)
+-        g_cond_wait (&group->cond, &group->lock);
+-
+-      /* there is no way this could go back to FALSE because the object
+-       * that we just created in this thread would have to have been
+-       * destroyed again (from this thread) before that could happen.
+-       */
+-      g_assert (group->effective_state);
+-    }
+  while (group->requested_state != group->effective_state)
+    g_cond_wait (&group->cond, &group->lock);
+ }
+ 
+ gpointer
+-- 
+2.27.0
+
--- a/backport-gdbusmessage-Clean-the-cached-arg0-when-setting-the-message-body.patch
+++ b/backport-gdbusmessage-Clean-the-cached-arg0-when-setting-the-message-body.patch
@ -0,0 +1,43 @@
+From 8966099e9bef3fd3481f87bb7ad933f5cacad885 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= <mail@3v1n0.net>
+Date: Wed, 8 May 2024 22:53:51 +0200
+Subject: [PATCH] gdbusmessage: Clean the cached arg0 when setting the message
+ body
+
+We're now caching arg0 but such value is not cleared when a new body is
+set as it's in the connection filter test cases where we've a leak as
+highlighted by both valgrind and leak sanitizer
+---
+ gio/gdbusmessage.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/gio/gdbusmessage.c b/gio/gdbusmessage.c
+index 0b77dc607..331e68d45 100644
+--- a/gio/gdbusmessage.c
+++ b/gio/gdbusmessage.c
+@@ -1167,10 +1167,12 @@ g_dbus_message_set_body (GDBusMessage  *message,
+ 
+   if (message->body != NULL)
+     g_variant_unref (message->body);
+
+  g_clear_pointer (&message->arg0_cache, g_variant_unref);
+
+   if (body == NULL)
+     {
+       message->body = NULL;
+-      message->arg0_cache = NULL;
+       g_dbus_message_set_signature (message, NULL);
+     }
+   else
+@@ -1184,8 +1186,6 @@ g_dbus_message_set_body (GDBusMessage  *message,
+       if (g_variant_is_of_type (message->body, G_VARIANT_TYPE_TUPLE) &&
+           g_variant_n_children (message->body) > 0)
+         message->arg0_cache = g_variant_get_child_value (message->body, 0);
+-      else
+-        message->arg0_cache = NULL;
+ 
+       type_string = g_variant_get_type_string (body);
+       type_string_len = strlen (type_string);
+-- 
+2.27.0
+
--- a/backport-gresources-fix-memory-leak-from-libelf.patch
+++ b/backport-gresources-fix-memory-leak-from-libelf.patch
@ -0,0 +1,29 @@
+From aa8ed92fba93f6213eab8f50754f427550797bfc Mon Sep 17 00:00:00 2001
+From: Maxim Moskalets <Maxim.Moskalets@kaspersky.com>
+Date: Sat, 3 Feb 2024 15:16:56 +0300
+Subject: [PATCH] gresources: fix memory leak from libelf
+
+Memory was leaking when allocating it inside libelf and losing the pointer to it (it was an automatic variable) when returning NULL from the get_elf function in some cases
+
+Closes #3242
+
+Signed-off-by: Maxim Moskalets <Maxim.Moskalets@kaspersky.com>
+---
+ gio/gresource-tool.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/gio/gresource-tool.c b/gio/gresource-tool.c
+index fa7bdedb5..44b1f3f02 100644
+--- a/gio/gresource-tool.c
+++ b/gio/gresource-tool.c
+@@ -165,6 +165,7 @@ get_elf (const gchar *file,
+ 
+   if (elf_kind (elf) != ELF_K_ELF)
+     {
+      elf_end (elf);
+       g_close (*fd, NULL);
+       *fd = -1;
+       return NULL;
+-- 
+2.27.0
+
--- a/backport-gsocketclient-Fix-a-use-after-free-in-g_socket_client_connected_callback.patch
+++ b/backport-gsocketclient-Fix-a-use-after-free-in-g_socket_client_connected_callback.patch
@ -0,0 +1,36 @@
+From 9a661ab970d194afc59f9b7cdf603fe4bd66505d Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@gnome.org>
+Date: Mon, 26 Feb 2024 15:26:03 +0000
+Subject: [PATCH] gsocketclient: Fix a use-after-free in
+ g_socket_client_connected_callback()
+
+The ref held by `data->task` may be the last one on the `GTask`. The
+`GTask` stores `attempt->data` as its task data, and so when the `GTask`
+is finalised, `attempt->data` is too. `connection_attempt_remove()`
+needs to access `attempt->data`, so must be called before the
+`g_object_unref()` in this situation.
+
+Signed-off-by: Philip Withnall <pwithnall@gnome.org>
+
+Fixes: #3266
+---
+ gio/gsocketclient.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gio/gsocketclient.c b/gio/gsocketclient.c
+index 1127e4599..d4231599a 100644
+--- a/gio/gsocketclient.c
+++ b/gio/gsocketclient.c
+@@ -1879,8 +1879,8 @@ g_socket_client_connected_callback (GObject      *source,
+ 
+   if (task_completed_or_cancelled (data) || g_cancellable_is_cancelled (attempt->cancellable))
+     {
+-      g_object_unref (data->task);
+       connection_attempt_unref (attempt);
+      g_object_unref (data->task);
+       return;
+     }
+ 
+-- 
+2.27.0
+
--- a/glib2.spec
+++ b/glib2.spec
@ -1,6 +1,6 @@
 Name:           glib2
 Version:        2.78.3
-Release:        2
+Release:        3
 Summary:        The core library that forms the basis for projects such as GTK+ and GNOME
 License:        LGPLv2+
 URL:            https://www.gtk.org
@ -13,6 +13,10 @@ Patch3:  backport-gutils-Fix-an-unlikely-minor-leak-in-g_build_user_data_dir.pat

 Patch6001:  backport-CVE-2024-34397.patch
 Patch6002:  backport-gdbusconnection-Allow-name-owners-to-have-the-syntax-of-a-well-known-name.patch
+Patch6003:  backport-gdbusmessage-Clean-the-cached-arg0-when-setting-the-message-body.patch
+Patch6004:  backport-gsocketclient-Fix-a-use-after-free-in-g_socket_client_connected_callback.patch
+Patch6005:  backport-gcontextspecificgroup-Wait-until-stop_func-is-done.patch
+Patch6006:  backport-gresources-fix-memory-leak-from-libelf.patch

 BuildRequires:  chrpath gcc gcc-c++ gettext perl-interpreter
 BUildRequires:  glibc-devel libattr-devel libselinux-devel meson
@ -197,6 +201,13 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
 %endif

 %changelog
+* Mon Sep 9 2024 zhangzikang <zhangzikang@kylinos.cn> - 2.78.3-3
+- backport patch:
+    backport-gdbusmessage-Clean-the-cached-arg0-when-setting-the-message-body.patch
+    backport-gsocketclient-Fix-a-use-after-free-in-g_socket_client_connected_callback.patch
+    backport-gcontextspecificgroup-Wait-until-stop_func-is-done.patch
+    backport-gresources-fix-memory-leak-from-libelf.patch
+
 * Tue Jun 18 2024 hanhuihui <hanhuihui5@huawei.com> - 2.78.3-2
 - fix CVE-2024-34397