backport patch, fix some issues
This commit is contained in:
zhangzikang1992
parent
cd0017f40b
commit
ff8bf30090
@ -0,0 +1,44 @@
|
||||
From bf7d941088b4860a93f3ea0f3202f495a9fd0667 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Holy <oholy@redhat.com>
|
||||
Date: Mon, 19 Feb 2024 13:38:00 +0100
|
||||
Subject: [PATCH] gcontextspecificgroup: Wait until stop_func is done
|
||||
|
||||
Currently, the `stop_func` is executed on an extra thread, and the
|
||||
`g_context_specific_group_remove` function returns before the `stop_func`
|
||||
finishes. It may happen that the `stop_func` is never executed if the
|
||||
program terminates soon after calling it. Let's wait until the `stop_func`
|
||||
is done.
|
||||
|
||||
Fixes: https://gitlab.gnome.org/GNOME/glib/-/issues/3258
|
||||
---
|
||||
gio/gcontextspecificgroup.c | 14 ++------------
|
||||
1 file changed, 2 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/gio/gcontextspecificgroup.c b/gio/gcontextspecificgroup.c
|
||||
index e1def3bbb..41a35de86 100644
|
||||
--- a/gio/gcontextspecificgroup.c
|
||||
+++ b/gio/gcontextspecificgroup.c
|
||||
@@ -153,18 +153,8 @@ g_context_specific_group_request_state (GContextSpecificGroup *group,
|
||||
}
|
||||
}
|
||||
|
||||
- /* we only block for positive transitions */
|
||||
- if (requested_state)
|
||||
- {
|
||||
- while (group->requested_state != group->effective_state)
|
||||
- g_cond_wait (&group->cond, &group->lock);
|
||||
-
|
||||
- /* there is no way this could go back to FALSE because the object
|
||||
- * that we just created in this thread would have to have been
|
||||
- * destroyed again (from this thread) before that could happen.
|
||||
- */
|
||||
- g_assert (group->effective_state);
|
||||
- }
|
||||
+ while (group->requested_state != group->effective_state)
|
||||
+ g_cond_wait (&group->cond, &group->lock);
|
||||
}
|
||||
|
||||
gpointer
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@ -0,0 +1,43 @@
|
||||
From 8966099e9bef3fd3481f87bb7ad933f5cacad885 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= <mail@3v1n0.net>
|
||||
Date: Wed, 8 May 2024 22:53:51 +0200
|
||||
Subject: [PATCH] gdbusmessage: Clean the cached arg0 when setting the message
|
||||
body
|
||||
|
||||
We're now caching arg0 but such value is not cleared when a new body is
|
||||
set as it's in the connection filter test cases where we've a leak as
|
||||
highlighted by both valgrind and leak sanitizer
|
||||
---
|
||||
gio/gdbusmessage.c | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/gio/gdbusmessage.c b/gio/gdbusmessage.c
|
||||
index 0b77dc607..331e68d45 100644
|
||||
--- a/gio/gdbusmessage.c
|
||||
+++ b/gio/gdbusmessage.c
|
||||
@@ -1167,10 +1167,12 @@ g_dbus_message_set_body (GDBusMessage *message,
|
||||
|
||||
if (message->body != NULL)
|
||||
g_variant_unref (message->body);
|
||||
+
|
||||
+ g_clear_pointer (&message->arg0_cache, g_variant_unref);
|
||||
+
|
||||
if (body == NULL)
|
||||
{
|
||||
message->body = NULL;
|
||||
- message->arg0_cache = NULL;
|
||||
g_dbus_message_set_signature (message, NULL);
|
||||
}
|
||||
else
|
||||
@@ -1184,8 +1186,6 @@ g_dbus_message_set_body (GDBusMessage *message,
|
||||
if (g_variant_is_of_type (message->body, G_VARIANT_TYPE_TUPLE) &&
|
||||
g_variant_n_children (message->body) > 0)
|
||||
message->arg0_cache = g_variant_get_child_value (message->body, 0);
|
||||
- else
|
||||
- message->arg0_cache = NULL;
|
||||
|
||||
type_string = g_variant_get_type_string (body);
|
||||
type_string_len = strlen (type_string);
|
||||
--
|
||||
2.27.0
|
||||
|
||||
29
backport-gresources-fix-memory-leak-from-libelf.patch
Normal file
29
backport-gresources-fix-memory-leak-from-libelf.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From aa8ed92fba93f6213eab8f50754f427550797bfc Mon Sep 17 00:00:00 2001
|
||||
From: Maxim Moskalets <Maxim.Moskalets@kaspersky.com>
|
||||
Date: Sat, 3 Feb 2024 15:16:56 +0300
|
||||
Subject: [PATCH] gresources: fix memory leak from libelf
|
||||
|
||||
Memory was leaking when allocating it inside libelf and losing the pointer to it (it was an automatic variable) when returning NULL from the get_elf function in some cases
|
||||
|
||||
Closes #3242
|
||||
|
||||
Signed-off-by: Maxim Moskalets <Maxim.Moskalets@kaspersky.com>
|
||||
---
|
||||
gio/gresource-tool.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/gio/gresource-tool.c b/gio/gresource-tool.c
|
||||
index fa7bdedb5..44b1f3f02 100644
|
||||
--- a/gio/gresource-tool.c
|
||||
+++ b/gio/gresource-tool.c
|
||||
@@ -165,6 +165,7 @@ get_elf (const gchar *file,
|
||||
|
||||
if (elf_kind (elf) != ELF_K_ELF)
|
||||
{
|
||||
+ elf_end (elf);
|
||||
g_close (*fd, NULL);
|
||||
*fd = -1;
|
||||
return NULL;
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@ -0,0 +1,36 @@
|
||||
From 9a661ab970d194afc59f9b7cdf603fe4bd66505d Mon Sep 17 00:00:00 2001
|
||||
From: Philip Withnall <pwithnall@gnome.org>
|
||||
Date: Mon, 26 Feb 2024 15:26:03 +0000
|
||||
Subject: [PATCH] gsocketclient: Fix a use-after-free in
|
||||
g_socket_client_connected_callback()
|
||||
|
||||
The ref held by `data->task` may be the last one on the `GTask`. The
|
||||
`GTask` stores `attempt->data` as its task data, and so when the `GTask`
|
||||
is finalised, `attempt->data` is too. `connection_attempt_remove()`
|
||||
needs to access `attempt->data`, so must be called before the
|
||||
`g_object_unref()` in this situation.
|
||||
|
||||
Signed-off-by: Philip Withnall <pwithnall@gnome.org>
|
||||
|
||||
Fixes: #3266
|
||||
---
|
||||
gio/gsocketclient.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/gio/gsocketclient.c b/gio/gsocketclient.c
|
||||
index 1127e4599..d4231599a 100644
|
||||
--- a/gio/gsocketclient.c
|
||||
+++ b/gio/gsocketclient.c
|
||||
@@ -1879,8 +1879,8 @@ g_socket_client_connected_callback (GObject *source,
|
||||
|
||||
if (task_completed_or_cancelled (data) || g_cancellable_is_cancelled (attempt->cancellable))
|
||||
{
|
||||
- g_object_unref (data->task);
|
||||
connection_attempt_unref (attempt);
|
||||
+ g_object_unref (data->task);
|
||||
return;
|
||||
}
|
||||
|
||||
--
|
||||
2.27.0
|
||||
|
||||
13
glib2.spec
13
glib2.spec
@ -1,6 +1,6 @@
|
||||
Name: glib2
|
||||
Version: 2.78.3
|
||||
Release: 2
|
||||
Release: 3
|
||||
Summary: The core library that forms the basis for projects such as GTK+ and GNOME
|
||||
License: LGPLv2+
|
||||
URL: https://www.gtk.org
|
||||
@ -13,6 +13,10 @@ Patch3: backport-gutils-Fix-an-unlikely-minor-leak-in-g_build_user_data_dir.pat
|
||||
|
||||
Patch6001: backport-CVE-2024-34397.patch
|
||||
Patch6002: backport-gdbusconnection-Allow-name-owners-to-have-the-syntax-of-a-well-known-name.patch
|
||||
Patch6003: backport-gdbusmessage-Clean-the-cached-arg0-when-setting-the-message-body.patch
|
||||
Patch6004: backport-gsocketclient-Fix-a-use-after-free-in-g_socket_client_connected_callback.patch
|
||||
Patch6005: backport-gcontextspecificgroup-Wait-until-stop_func-is-done.patch
|
||||
Patch6006: backport-gresources-fix-memory-leak-from-libelf.patch
|
||||
|
||||
BuildRequires: chrpath gcc gcc-c++ gettext perl-interpreter
|
||||
BUildRequires: glibc-devel libattr-devel libselinux-devel meson
|
||||
@ -197,6 +201,13 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Sep 9 2024 zhangzikang <zhangzikang@kylinos.cn> - 2.78.3-3
|
||||
- backport patch:
|
||||
backport-gdbusmessage-Clean-the-cached-arg0-when-setting-the-message-body.patch
|
||||
backport-gsocketclient-Fix-a-use-after-free-in-g_socket_client_connected_callback.patch
|
||||
backport-gcontextspecificgroup-Wait-until-stop_func-is-done.patch
|
||||
backport-gresources-fix-memory-leak-from-libelf.patch
|
||||
|
||||
* Tue Jun 18 2024 hanhuihui <hanhuihui5@huawei.com> - 2.78.3-2
|
||||
- fix CVE-2024-34397
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user