rpms/glib2
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import glib2-2.56.4-157.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-10-15 16:29:36 +00:00 committed by Stepan Oksanichenko
parent ac6698da0f
commit 15c85d1052
2 changed files with 58 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
SOURCES/2244.patch Normal file
View File

@ -0,0 +1,49 @@
From b6036e23b0477be147211b4e21a6b49cd4d6c9a0 Mon Sep 17 00:00:00 2001
From: Jamie Bainbridge <jamie.bainbridge@gmail.com>
Date: Wed, 8 Sep 2021 12:08:17 +1000
Subject: [PATCH] gutils: Avoid segfault in g_get_user_database_entry
g_get_user_database_entry() uses variable pwd to store the contents of
the call to getpwnam_r(), then capitalises the first letter of pw_name
with g_ascii_toupper (pw->pw_name[0]).
However, as per the getpwnam manpage, the result of that call "may point
to a static area". When this happens, GLib is trying to edit static
memory which belongs to a shared library, so segfaults.
Instead, copy pw_name off to a temporary variable, set uppercase on
that variable, and use the variable to join into the desired string.
Free the new variable after it is no longer needed.
Signed-off-by: Jamie Bainbridge <jamie.bainbridge@gmail.com>
---
glib/gutils.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/glib/gutils.c b/glib/gutils.c
index b7a2113d4..4bccd7229 100644
--- a/glib/gutils.c
+++ b/glib/gutils.c
@@ -692,14 +692,17 @@ g_get_user_database_entry (void)
{
gchar **gecos_fields;
gchar **name_parts;
+ gchar *uppercase_pw_name;
/* split the gecos field and substitute '&' */
gecos_fields = g_strsplit (pw->pw_gecos, ",", 0);
name_parts = g_strsplit (gecos_fields[0], "&", 0);
- pw->pw_name[0] = g_ascii_toupper (pw->pw_name[0]);
- e.real_name = g_strjoinv (pw->pw_name, name_parts);
+ uppercase_pw_name = g_strdup (pw->pw_name);
+ uppercase_pw_name[0] = g_ascii_toupper (uppercase_pw_name[0]);
+ e.real_name = g_strjoinv (uppercase_pw_name, name_parts);
g_strfreev (gecos_fields);
g_strfreev (name_parts);
+ g_free (uppercase_pw_name);
}
#endif
--
GitLab

11
SPECS/glib2.spec
View File

@ -5,7 +5,7 @@
Name: glib2 Name: glib2
Version: 2.56.4 Version: 2.56.4
Release: 156%{?dist} Release: 157%{?dist}
Summary: A library of handy utility functions Summary: A library of handy utility functions
License: LGPLv2+ License: LGPLv2+
@ -103,6 +103,9 @@ Patch16: gmain-corruption.patch
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1713 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1713
Patch17: 1713.patch Patch17: 1713.patch
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2244
Patch18: 2244.patch
%description %description
GLib is the low-level core library that forms the basis for projects GLib is the low-level core library that forms the basis for projects
such as GTK+ and GNOME. It provides data structure handling for C, such as GTK+ and GNOME. It provides data structure handling for C,
@ -300,7 +303,11 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
%{_datadir}/installed-tests %{_datadir}/installed-tests
%changelog %changelog
* Thu Jul 01 2021 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.4-15 * Wed Sep 15 2021 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.4-157
- Fix g_get_user_database_entry() crash when used with nss-systemd
- Resolves: #2002126
* Thu Jul 01 2021 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.4-156
- Fix test failure introduced in previous update - Fix test failure introduced in previous update
- Related: #1971533 - Related: #1971533