rpms/glib2
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import glib2-2.56.4-11.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-05-06 14:17:05 +00:00 committed by Andrew Lukoshko
commit 45d4e68272
35 changed files with 6609 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/glib-2.56.4.tar.xz

1
.glib2.metadata Normal file
View File

@ -0,0 +1 @@
4064eb1eb5ff626c211e86bc939f8b743ceafaba SOURCES/glib-2.56.4.tar.xz

170
SOURCES/0001-GDBus-prefer-getsockopt-style-credentials-passing-AP.patch Normal file
View File

@ -0,0 +1,170 @@
From ee502dbbe89a5976c32eb8863c9a9d274ddb60e1 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Mon, 14 Oct 2019 08:47:39 +0100
Subject: [PATCH] GDBus: prefer getsockopt()-style credentials-passing APIs
Conceptually, a D-Bus server is really trying to determine the credentials
of (the process that initiated) a connection, not the credentials that
the process had when it sent a particular message. Ideally, it does
this with a getsockopt()-style API that queries the credentials of the
connection's initiator without requiring any particular cooperation from
that process, avoiding a class of possible failures.
The leading '\0' in the D-Bus protocol is primarily a workaround
for platforms where the message-based credentials-passing API is
strictly better than the getsockopt()-style API (for example, on
FreeBSD, SCM_CREDS includes a process ID but getpeereid() does not),
or where the getsockopt()-style API does not exist at all. As a result
libdbus, the reference implementation of D-Bus, does not implement
Linux SCM_CREDENTIALS at all - it has no reason to do so, because the
SO_PEERCRED socket option is equally informative.
This change makes GDBusServer on Linux more closely match the behaviour
of libdbus.
In particular, GNOME/glib#1831 indicates that when a libdbus client
connects to a GDBus server, recvmsg() sometimes yields a SCM_CREDENTIALS
message with cmsg_data={pid=0, uid=65534, gid=65534}. I think this is
most likely a race condition in the early steps to connect:
client server
connect
accept
send '\0' <- race -> set SO_PASSCRED = 1
receive '\0'
If the server wins the race:
client server
connect
accept
set SO_PASSCRED = 1
send '\0'
receive '\0'
then everything is fine. However, if the client wins the race:
client server
connect
accept
send '\0'
set SO_PASSCRED = 1
receive '\0'
then the kernel does not record credentials for the message containing
'\0' (because SO_PASSCRED was 0 at the time). However, by the time the
server receives the message, the kernel knows that credentials are
desired. I would have expected the kernel to omit the credentials header
in this case, but it seems that instead, it synthesizes a credentials
structure with a dummy process ID 0, a dummy uid derived from
/proc/sys/kernel/overflowuid and a dummy gid derived from
/proc/sys/kernel/overflowgid.
In an unconfigured GDBusServer, hitting this race condition results in
falling back to DBUS_COOKIE_SHA1 authentication, which in practice usually
succeeds in authenticating the peer's uid. However, we encourage AF_UNIX
servers on Unix platforms to allow only EXTERNAL authentication as a
security-hardening measure, because DBUS_COOKIE_SHA1 relies on a series
of assumptions including a cryptographically strong PRNG and a shared
home directory with no write access by others, which are not necessarily
true for all operating systems and users. EXTERNAL authentication will
fail if the server cannot determine the client's credentials.
In particular, this caused a regression when CVE-2019-14822 was fixed
in ibus, which appears to be resolved by this commit. Qt clients
(which use libdbus) intermittently fail to connect to an ibus server
(which uses GDBusServer), because ibus no longer allows DBUS_COOKIE_SHA1
authentication or non-matching uids.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: https://gitlab.gnome.org/GNOME/glib/issues/1831
---
gio/gcredentialsprivate.h | 18 ++++++++++++++++++
gio/gdbusauth.c | 27 +++++++++++++++++++++++++--
2 files changed, 43 insertions(+), 2 deletions(-)
diff --git a/gio/gcredentialsprivate.h b/gio/gcredentialsprivate.h
index 06f0aed19..e9ec09b9f 100644
--- a/gio/gcredentialsprivate.h
+++ b/gio/gcredentialsprivate.h
@@ -81,6 +81,18 @@
*/
#undef G_CREDENTIALS_SPOOFING_SUPPORTED
+/*
+ * G_CREDENTIALS_PREFER_MESSAGE_PASSING:
+ *
+ * Defined to 1 if the data structure transferred by the message-passing
+ * API is strictly more informative than the one transferred by the
+ * `getsockopt()`-style API, and hence should be preferred, even for
+ * protocols like D-Bus that are defined in terms of the credentials of
+ * the (process that opened the) socket, as opposed to the credentials
+ * of an individual message.
+ */
+#undef G_CREDENTIALS_PREFER_MESSAGE_PASSING
+
#ifdef __linux__
#define G_CREDENTIALS_SUPPORTED 1
#define G_CREDENTIALS_USE_LINUX_UCRED 1
@@ -100,6 +112,12 @@
#define G_CREDENTIALS_NATIVE_SIZE (sizeof (struct cmsgcred))
#define G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED 1
#define G_CREDENTIALS_SPOOFING_SUPPORTED 1
+/* GLib doesn't implement it yet, but FreeBSD's getsockopt()-style API
+ * is getpeereid(), which is not as informative as struct cmsgcred -
+ * it does not tell us the PID. As a result, libdbus prefers to use
+ * SCM_CREDS, and if we implement getpeereid() in future, we should
+ * do the same. */
+#define G_CREDENTIALS_PREFER_MESSAGE_PASSING 1
#elif defined(__NetBSD__)
#define G_CREDENTIALS_SUPPORTED 1
diff --git a/gio/gdbusauth.c b/gio/gdbusauth.c
index 752ec23fc..14cc5d70e 100644
--- a/gio/gdbusauth.c
+++ b/gio/gdbusauth.c
@@ -31,6 +31,7 @@
#include "gdbusutils.h"
#include "gioenumtypes.h"
#include "gcredentials.h"
+#include "gcredentialsprivate.h"
#include "gdbusprivate.h"
#include "giostream.h"
#include "gdatainputstream.h"
@@ -969,9 +970,31 @@ _g_dbus_auth_run_server (GDBusAuth *auth,
g_data_input_stream_set_newline_type (dis, G_DATA_STREAM_NEWLINE_TYPE_CR_LF);
- /* first read the NUL-byte */
+ /* read the NUL-byte, possibly with credentials attached */
#ifdef G_OS_UNIX
- if (G_IS_UNIX_CONNECTION (auth->priv->stream))
+#ifndef G_CREDENTIALS_PREFER_MESSAGE_PASSING
+ if (G_IS_SOCKET_CONNECTION (auth->priv->stream))
+ {
+ GSocket *sock = g_socket_connection_get_socket (G_SOCKET_CONNECTION (auth->priv->stream));
+
+ local_error = NULL;
+ credentials = g_socket_get_credentials (sock, &local_error);
+
+ if (credentials == NULL && !g_error_matches (local_error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED))
+ {
+ g_propagate_error (error, local_error);
+ goto out;
+ }
+ else
+ {
+ /* Clear the error indicator, so we can retry with
+ * g_unix_connection_receive_credentials() if necessary */
+ g_clear_error (&local_error);
+ }
+ }
+#endif
+
+ if (credentials == NULL && G_IS_UNIX_CONNECTION (auth->priv->stream))
{
local_error = NULL;
credentials = g_unix_connection_receive_credentials (G_UNIX_CONNECTION (auth->priv->stream),
--
2.23.0

56
SOURCES/0001-build-sys-Pass-CFLAGS-to-DTRACE.patch Normal file
View File

@ -0,0 +1,56 @@
From d7233ef81e575e84d831414605ba6368394d88b5 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Mon, 15 Oct 2018 21:50:31 +0000
Subject: [PATCH] build-sys: Pass CFLAGS to $(DTRACE)
Fedora is using https://fedoraproject.org/wiki/Changes/Annobin
to try to ensure that all objects are built with hardening flags.
Pass down `CFLAGS` to ensure the SystemTap objects use them.
---
gio/Makefile.am | 2 +-
glib/Makefile.am | 2 +-
gobject/Makefile.am | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/gio/Makefile.am b/gio/Makefile.am
index fc0b91855..05b20cdef 100644
--- a/gio/Makefile.am
+++ b/gio/Makefile.am
@@ -896,7 +896,7 @@ gio_probes.h: gio_probes.d
< $@.tmp > $@ && rm -f $@.tmp
gio_probes.lo: gio_probes.d
- $(AM_V_GEN) $(LIBTOOL) --mode=compile $(AM_V_lt) --tag=CC $(DTRACE) -G -s $< -o $@
+ $(AM_V_GEN) $(LIBTOOL) --mode=compile $(AM_V_lt) --tag=CC env CFLAGS="$(CFLAGS)" $(DTRACE) -G -s $< -o $@
BUILT_SOURCES += gio_probes.h gio_probes.lo
CLEANFILES += gio_probes.h gio_probes.h.tmp
diff --git a/glib/Makefile.am b/glib/Makefile.am
index 90d33d082..39163aa7f 100644
--- a/glib/Makefile.am
+++ b/glib/Makefile.am
@@ -386,7 +386,7 @@ glib_probes.h: glib_probes.d
< $@.tmp > $@ && rm -f $@.tmp
glib_probes.lo: glib_probes.d
- $(AM_V_GEN) $(LIBTOOL) --mode=compile $(AM_V_lt) --tag=CC $(DTRACE) -G -s $< -o $@
+ $(AM_V_GEN) $(LIBTOOL) --mode=compile $(AM_V_lt) --tag=CC env CFLAGS="$(CFLAGS)" $(DTRACE) -G -s $< -o $@
BUILT_SOURCES += glib_probes.h glib_probes.lo
CLEANFILES += glib_probes.h glib_probes.h.tmp
diff --git a/gobject/Makefile.am b/gobject/Makefile.am
index 4c28acdff..78748e96c 100644
--- a/gobject/Makefile.am
+++ b/gobject/Makefile.am
@@ -119,7 +119,7 @@ gobject_probes.h: gobject_probes.d
< $@.tmp > $@ && rm -f $@.tmp
gobject_probes.lo: gobject_probes.d
- $(AM_V_GEN) $(LIBTOOL) --mode=compile $(AM_V_lt) --tag=CC $(DTRACE) -G -s $< -o $@
+ $(AM_V_GEN) $(LIBTOOL) --mode=compile $(AM_V_lt) --tag=CC env CFLAGS="$(CFLAGS)" $(DTRACE) -G -s $< -o $@
BUILT_SOURCES += gobject_probes.h gobject_probes.lo
CLEANFILES += gobject_probes.h
--
2.21.0

100
SOURCES/0001-codegen-Change-pointer-casting-to-remove-type-punnin.patch Normal file
View File

@ -0,0 +1,100 @@
From 64b76c7ca5cf5b4ede2f4b423114f46141890e1e Mon Sep 17 00:00:00 2001
From: Robert Ancell <robert.ancell@canonical.com>
Date: Fri, 7 Sep 2018 10:19:05 +1200
Subject: [PATCH] codegen: Change pointer casting to remove type-punning
warnings
The existing code was generating code with undefined results that modern compilers warn about:
accounts-generated.c:204:23: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
(GDBusArgInfo **) &_accounts_accounts_method_info_list_cached_users_OUT_ARG_pointers,
---
gio/gdbus-2.0/codegen/codegen.py | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/gio/gdbus-2.0/codegen/codegen.py b/gio/gdbus-2.0/codegen/codegen.py
index e74131cdb..0d95cdcda 100644
--- a/gio/gdbus-2.0/codegen/codegen.py
+++ b/gio/gdbus-2.0/codegen/codegen.py
@@ -1129,10 +1129,10 @@ class CodeGenerator:
'\n')
if len(args) > 0:
- self.outfile.write('static const _ExtendedGDBusArgInfo * const %s_pointers[] =\n'
+ self.outfile.write('static const GDBusArgInfo * const %s_pointers[] =\n'
'{\n'%(prefix))
for a in args:
- self.outfile.write(' &%s_%s,\n'%(prefix, a.name))
+ self.outfile.write(' &%s_%s.parent_struct,\n'%(prefix, a.name))
self.outfile.write(' NULL\n'
'};\n'
'\n')
@@ -1175,10 +1175,10 @@ class CodeGenerator:
self.outfile.write('};\n'
'\n')
- self.outfile.write('static const _ExtendedGDBusMethodInfo * const _%s_method_info_pointers[] =\n'
+ self.outfile.write('static const GDBusMethodInfo * const _%s_method_info_pointers[] =\n'
'{\n'%(i.name_lower))
for m in i.methods:
- self.outfile.write(' &_%s_method_info_%s,\n'%(i.name_lower, m.name_lower))
+ self.outfile.write(' &_%s_method_info_%s.parent_struct,\n'%(i.name_lower, m.name_lower))
self.outfile.write(' NULL\n'
'};\n'
'\n')
@@ -1209,10 +1209,10 @@ class CodeGenerator:
self.outfile.write('};\n'
'\n')
- self.outfile.write('static const _ExtendedGDBusSignalInfo * const _%s_signal_info_pointers[] =\n'
+ self.outfile.write('static const GDBusSignalInfo * const _%s_signal_info_pointers[] =\n'
'{\n'%(i.name_lower))
for s in i.signals:
- self.outfile.write(' &_%s_signal_info_%s,\n'%(i.name_lower, s.name_lower))
+ self.outfile.write(' &_%s_signal_info_%s.parent_struct,\n'%(i.name_lower, s.name_lower))
self.outfile.write(' NULL\n'
'};\n'
'\n')
@@ -1251,10 +1251,10 @@ class CodeGenerator:
self.outfile.write('};\n'
'\n')
- self.outfile.write('static const _ExtendedGDBusPropertyInfo * const _%s_property_info_pointers[] =\n'
+ self.outfile.write('static const GDBusPropertyInfo * const _%s_property_info_pointers[] =\n'
'{\n'%(i.name_lower))
for p in i.properties:
- self.outfile.write(' &_%s_property_info_%s,\n'%(i.name_lower, p.name_lower))
+ self.outfile.write(' &_%s_property_info_%s.parent_struct,\n'%(i.name_lower, p.name_lower))
self.outfile.write(' NULL\n'
'};\n'
'\n')
@@ -1948,7 +1948,7 @@ class CodeGenerator:
self.outfile.write(' const _ExtendedGDBusPropertyInfo *info;\n'
' GVariant *variant;\n'
' g_assert (prop_id != 0 && prop_id - 1 < %d);\n'
- ' info = _%s_property_info_pointers[prop_id - 1];\n'
+ ' info = (const _ExtendedGDBusPropertyInfo *) _%s_property_info_pointers[prop_id - 1];\n'
' variant = g_dbus_proxy_get_cached_property (G_DBUS_PROXY (object), info->parent_struct.name);\n'
' if (info->use_gvariant)\n'
' {\n'
@@ -2001,7 +2001,7 @@ class CodeGenerator:
self.outfile.write(' const _ExtendedGDBusPropertyInfo *info;\n'
' GVariant *variant;\n'
' g_assert (prop_id != 0 && prop_id - 1 < %d);\n'
- ' info = _%s_property_info_pointers[prop_id - 1];\n'
+ ' info = (const _ExtendedGDBusPropertyInfo *) _%s_property_info_pointers[prop_id - 1];\n'
' variant = g_dbus_gvalue_to_gvariant (value, G_VARIANT_TYPE (info->parent_struct.signature));\n'
' g_dbus_proxy_call (G_DBUS_PROXY (object),\n'
' "org.freedesktop.DBus.Properties.Set",\n'
@@ -2887,7 +2887,7 @@ class CodeGenerator:
' if (!_g_value_equal (value, &skeleton->priv->properties[prop_id - 1]))\n'
' {\n'
' if (g_dbus_interface_skeleton_get_connection (G_DBUS_INTERFACE_SKELETON (skeleton)) != NULL)\n'
- ' _%s_schedule_emit_changed (skeleton, _%s_property_info_pointers[prop_id - 1], prop_id, &skeleton->priv->properties[prop_id - 1]);\n'
+ ' _%s_schedule_emit_changed (skeleton, (const _ExtendedGDBusPropertyInfo *) _%s_property_info_pointers[prop_id - 1], prop_id, &skeleton->priv->properties[prop_id - 1]);\n'
' g_value_copy (value, &skeleton->priv->properties[prop_id - 1]);\n'
' g_object_notify_by_pspec (object, pspec);\n'
' }\n'
--
2.19.1

118
SOURCES/0001-credentials-Invalid-Linux-struct-ucred-means-no-info.patch Normal file
View File

@ -0,0 +1,118 @@
From 1485a97d8051b0aa047987f7b0c0bfe4ba4ce55b Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Fri, 18 Oct 2019 10:55:09 +0100
Subject: [PATCH] credentials: Invalid Linux struct ucred means "no
information"
On Linux, if getsockopt SO_PEERCRED is used on a TCP socket, one
might expect it to fail with an appropriate error like ENOTSUP or
EPROTONOSUPPORT. However, it appears that in fact it succeeds, but
yields a credentials structure with pid 0, uid -1 and gid -1. These
are not real process, user and group IDs that can be allocated to a
real process (pid 0 needs to be reserved to give kill(0) its documented
special semantics, and similarly uid and gid -1 need to be reserved for
setresuid() and setresgid()) so it is not meaningful to signal them to
high-level API users.
An API user with Linux-specific knowledge can still inspect these fields
via g_credentials_get_native() if desired.
Similarly, if SO_PASSCRED is used to receive a SCM_CREDENTIALS message
on a receiving Unix socket, but the sending socket had not enabled
SO_PASSCRED at the time that the message was sent, it is possible
for it to succeed but yield a credentials structure with pid 0, uid
/proc/sys/kernel/overflowuid and gid /proc/sys/kernel/overflowgid. Even
if we were to read those pseudo-files, we cannot distinguish between
the overflow IDs and a real process that legitimately has the same IDs
(typically they are set to 'nobody' and 'nogroup', which can be used
by a real process), so we detect this situation by noticing that
pid == 0, and to save syscalls we do not read the overflow IDs from
/proc at all.
This results in a small API change: g_credentials_is_same_user() now
returns FALSE if we compare two credentials structures that are both
invalid. This seems like reasonable, conservative behaviour: if we cannot
prove that they are the same user, we should assume they are not.
Signed-off-by: Simon McVittie <smcv@collabora.com>
---
gio/gcredentials.c | 42 +++++++++++++++++++++++++++++++++++++++---
1 file changed, 39 insertions(+), 3 deletions(-)
diff --git a/gio/gcredentials.c b/gio/gcredentials.c
index c350e3c88..c4794ded7 100644
--- a/gio/gcredentials.c
+++ b/gio/gcredentials.c
@@ -265,6 +265,35 @@ g_credentials_to_string (GCredentials *credentials)
/* ---------------------------------------------------------------------------------------------------- */
+#if G_CREDENTIALS_USE_LINUX_UCRED
+/*
+ * Check whether @native contains invalid data. If getsockopt SO_PEERCRED
+ * is used on a TCP socket, it succeeds but yields a credentials structure
+ * with pid 0, uid -1 and gid -1. Similarly, if SO_PASSCRED is used on a
+ * receiving Unix socket when the sending socket did not also enable
+ * SO_PASSCRED, it can succeed but yield a credentials structure with
+ * pid 0, uid /proc/sys/kernel/overflowuid and gid
+ * /proc/sys/kernel/overflowgid.
+ */
+static gboolean
+linux_ucred_check_valid (struct ucred *native,
+ GError **error)
+{
+ if (native->pid == 0
+ || native->uid == -1
+ || native->gid == -1)
+ {
+ g_set_error_literal (error,
+ G_IO_ERROR,
+ G_IO_ERROR_INVALID_DATA,
+ _("GCredentials contains invalid data"));
+ return FALSE;
+ }
+
+ return TRUE;
+}
+#endif
+
/**
* g_credentials_is_same_user:
* @credentials: A #GCredentials.
@@ -294,7 +323,8 @@ g_credentials_is_same_user (GCredentials *credentials,
ret = FALSE;
#if G_CREDENTIALS_USE_LINUX_UCRED
- if (credentials->native.uid == other_credentials->native.uid)
+ if (linux_ucred_check_valid (&credentials->native, NULL)
+ && credentials->native.uid == other_credentials->native.uid)
ret = TRUE;
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
if (credentials->native.cmcred_euid == other_credentials->native.cmcred_euid)
@@ -453,7 +483,10 @@ g_credentials_get_unix_user (GCredentials *credentials,
g_return_val_if_fail (error == NULL || *error == NULL, -1);
#if G_CREDENTIALS_USE_LINUX_UCRED
- ret = credentials->native.uid;
+ if (linux_ucred_check_valid (&credentials->native, error))
+ ret = credentials->native.uid;
+ else
+ ret = -1;
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
ret = credentials->native.cmcred_euid;
#elif G_CREDENTIALS_USE_NETBSD_UNPCBID
@@ -499,7 +532,10 @@ g_credentials_get_unix_pid (GCredentials *credentials,
g_return_val_if_fail (error == NULL || *error == NULL, -1);
#if G_CREDENTIALS_USE_LINUX_UCRED
- ret = credentials->native.pid;
+ if (linux_ucred_check_valid (&credentials->native, error))
+ ret = credentials->native.pid;
+ else
+ ret = -1;
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
ret = credentials->native.cmcred_pid;
#elif G_CREDENTIALS_USE_NETBSD_UNPCBID
--
2.23.0

129
SOURCES/0001-gbytearray-Do-not-accept-too-large-byte-arrays.patch Normal file
View File

@ -0,0 +1,129 @@
From 89b522ed31837cb2ac107a8961fbb0f2c7fc7ccb Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <qdlacz@gmail.com>
Date: Wed, 10 Feb 2021 23:51:07 +0100
Subject: [PATCH] gbytearray: Do not accept too large byte arrays
GByteArray uses guint for storing the length of the byte array, but it
also has a constructor (g_byte_array_new_take) that takes length as a
gsize. gsize may be larger than guint (64 bits for gsize vs 32 bits
for guint). It is possible to call the function with a value greater
than G_MAXUINT, which will result in silent length truncation. This
may happen as a result of unreffing GBytes into GByteArray, so rather
be loud about it.
(Test case tweaked by Philip Withnall.)
---
glib/garray.c | 6 ++++++
glib/gbytes.c | 4 ++++
glib/tests/bytes.c | 37 +++++++++++++++++++++++++++++++++++--
3 files changed, 45 insertions(+), 2 deletions(-)
diff --git a/glib/garray.c b/glib/garray.c
index aa3c04707..271d85ad8 100644
--- a/glib/garray.c
+++ b/glib/garray.c
@@ -1666,6 +1666,10 @@ g_byte_array_new (void)
* Create byte array containing the data. The data will be owned by the array
* and will be freed with g_free(), i.e. it could be allocated using g_strdup().
*
+ * Do not use it if @len is greater than %G_MAXUINT. #GByteArray
+ * stores the length of its data in #guint, which may be shorter than
+ * #gsize.
+ *
* Since: 2.32
*
* Returns: (transfer full): a new #GByteArray
@@ -1677,6 +1681,8 @@ g_byte_array_new_take (guint8 *data,
GByteArray *array;
GRealArray *real;
+ g_return_val_if_fail (len <= G_MAXUINT, NULL);
+
array = g_byte_array_new ();
real = (GRealArray *)array;
g_assert (real->data == NULL);
diff --git a/glib/gbytes.c b/glib/gbytes.c
index 5141170d7..635b79535 100644
--- a/glib/gbytes.c
+++ b/glib/gbytes.c
@@ -512,6 +512,10 @@ g_bytes_unref_to_data (GBytes *bytes,
* g_bytes_new(), g_bytes_new_take() or g_byte_array_free_to_bytes(). In all
* other cases the data is copied.
*
+ * Do not use it if @bytes contains more than %G_MAXUINT
+ * bytes. #GByteArray stores the length of its data in #guint, which
+ * may be shorter than #gsize, that @bytes is using.
+ *
* Returns: (transfer full): a new mutable #GByteArray containing the same byte data
*
* Since: 2.32
diff --git a/glib/tests/bytes.c b/glib/tests/bytes.c
index 5ea5c2b35..42281307b 100644
--- a/glib/tests/bytes.c
+++ b/glib/tests/bytes.c
@@ -10,12 +10,12 @@
*/
#undef G_DISABLE_ASSERT
-#undef G_LOG_DOMAIN
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "glib.h"
+#include "glib/gstrfuncsprivate.h"
/* Keep in sync with glib/gbytes.c */
struct _GBytes
@@ -333,6 +333,38 @@ test_to_array_transferred (void)
g_byte_array_unref (array);
}
+static void
+test_to_array_transferred_oversize (void)
+{
+ g_test_message ("g_bytes_unref_to_array() can only take GBytes up to "
+ "G_MAXUINT in length; test that longer ones are rejected");
+
+ if (sizeof (guint) >= sizeof (gsize))
+ {
+ g_test_skip ("Skipping test as guint is not smaller than gsize");
+ }
+ else if (g_test_undefined ())
+ {
+ GByteArray *array = NULL;
+ GBytes *bytes = NULL;
+ gpointer data = g_memdup2 (NYAN, N_NYAN);
+ gsize len = ((gsize) G_MAXUINT) + 1;
+
+ bytes = g_bytes_new_take (data, len);
+ g_test_expect_message (G_LOG_DOMAIN, G_LOG_LEVEL_CRITICAL,
+ "g_byte_array_new_take: assertion 'len <= G_MAXUINT' failed");
+ array = g_bytes_unref_to_array (g_steal_pointer (&bytes));
+ g_test_assert_expected_messages ();
+ g_assert_null (array);
+
+ g_free (data);
+ }
+ else
+ {
+ g_test_skip ("Skipping test as testing undefined behaviour is disabled");
+ }
+}
+
static void
test_to_array_two_refs (void)
{
@@ -407,7 +439,8 @@ main (int argc, char *argv[])
g_test_add_func ("/bytes/to-data/transfered", test_to_data_transferred);
g_test_add_func ("/bytes/to-data/two-refs", test_to_data_two_refs);
g_test_add_func ("/bytes/to-data/non-malloc", test_to_data_non_malloc);
- g_test_add_func ("/bytes/to-array/transfered", test_to_array_transferred);
+ g_test_add_func ("/bytes/to-array/transferred", test_to_array_transferred);
+ g_test_add_func ("/bytes/to-array/transferred-oversize", test_to_array_transferred_oversize);
g_test_add_func ("/bytes/to-array/two-refs", test_to_array_two_refs);
g_test_add_func ("/bytes/to-array/non-malloc", test_to_array_non_malloc);
g_test_add_func ("/bytes/null", test_null);
--
2.31.1

83
SOURCES/0001-gcredentialsprivate-Document-the-various-private-mac.patch Normal file
View File

@ -0,0 +1,83 @@
From ef1035d9d86464ea0b5dde60a7a0e190895fdf5b Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Mon, 14 Oct 2019 08:22:24 +0100
Subject: [PATCH] gcredentialsprivate: Document the various private macros
Signed-off-by: Simon McVittie <smcv@collabora.com>
---
gio/gcredentialsprivate.h | 59 +++++++++++++++++++++++++++++++++++++++
1 file changed, 59 insertions(+)
diff --git a/gio/gcredentialsprivate.h b/gio/gcredentialsprivate.h
index 4d1c420a8..06f0aed19 100644
--- a/gio/gcredentialsprivate.h
+++ b/gio/gcredentialsprivate.h
@@ -22,6 +22,65 @@
#include "gio/gcredentials.h"
#include "gio/gnetworking.h"
+/*
+ * G_CREDENTIALS_SUPPORTED:
+ *
+ * Defined to 1 if GCredentials works.
+ */
+#undef G_CREDENTIALS_SUPPORTED
+
+/*
+ * G_CREDENTIALS_USE_LINUX_UCRED, etc.:
+ *
+ * Defined to 1 if GCredentials uses Linux `struct ucred`, etc.
+ */
+#undef G_CREDENTIALS_USE_LINUX_UCRED
+#undef G_CREDENTIALS_USE_FREEBSD_CMSGCRED
+#undef G_CREDENTIALS_USE_NETBSD_UNPCBID
+#undef G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
+#undef G_CREDENTIALS_USE_SOLARIS_UCRED
+
+/*
+ * G_CREDENTIALS_NATIVE_TYPE:
+ *
+ * Defined to one of G_CREDENTIALS_TYPE_LINUX_UCRED, etc.
+ */
+#undef G_CREDENTIALS_NATIVE_TYPE
+
+/*
+ * G_CREDENTIALS_NATIVE_SIZE:
+ *
+ * Defined to the size of the %G_CREDENTIALS_NATIVE_TYPE
+ */
+#undef G_CREDENTIALS_NATIVE_SIZE
+
+/*
+ * G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED:
+ *
+ * Defined to 1 if we have a message-passing API in which credentials
+ * are attached to a particular message, such as `SCM_CREDENTIALS` on Linux
+ * or `SCM_CREDS` on FreeBSD.
+ */
+#undef G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED
+
+/*
+ * G_CREDENTIALS_SOCKET_GET_CREDENTIALS_SUPPORTED:
+ *
+ * Defined to 1 if we have a `getsockopt()`-style API in which one end of
+ * a socket connection can directly query the credentials of the process
+ * that initiated the other end, such as `getsockopt SO_PEERCRED` on Linux
+ * or `getpeereid()` on multiple operating systems.
+ */
+#undef G_CREDENTIALS_SOCKET_GET_CREDENTIALS_SUPPORTED
+
+/*
+ * G_CREDENTIALS_SPOOFING_SUPPORTED:
+ *
+ * Defined to 1 if privileged processes can spoof their credentials when
+ * using the message-passing API.
+ */
+#undef G_CREDENTIALS_SPOOFING_SUPPORTED
+
#ifdef __linux__
#define G_CREDENTIALS_SUPPORTED 1
#define G_CREDENTIALS_USE_LINUX_UCRED 1
--
2.23.0

613
SOURCES/0001-gdbus-codegen-honor-Property.EmitsChangedSignal-anno.patch Normal file
View File

@ -0,0 +1,613 @@
From aea538fe703652fd0a39b2ac9185133849cfdcc4 Mon Sep 17 00:00:00 2001
From: Thomas Jost <schnouki@schnouki.net>
Date: Thu, 13 Dec 2018 03:06:02 -0800
Subject: [PATCH] gdbus-codegen: honor "Property.EmitsChangedSignal"
annotations
Co-Authored-by: Andy Holmes <andrew.g.r.holmes@gmail.com>
---
gio/gdbus-2.0/codegen/codegen.py | 18 ++++++++++-----
gio/gdbus-2.0/codegen/dbustypes.py | 7 ++++++
gio/tests/gdbus-test-codegen.c | 36 +++++++++++++++++++++++++-----
gio/tests/test-codegen.xml | 6 +++++
4 files changed, 56 insertions(+), 11 deletions(-)
diff --git a/gio/gdbus-2.0/codegen/codegen.py b/gio/gdbus-2.0/codegen/codegen.py
index f6892af95..442bd3f5d 100644
--- a/gio/gdbus-2.0/codegen/codegen.py
+++ b/gio/gdbus-2.0/codegen/codegen.py
@@ -638,61 +638,62 @@ class CodeGenerator:
'# include <gio/gunixfdlist.h>\n'
'#endif\n'
'\n')
self.outfile.write('typedef struct\n'
'{\n'
' GDBusArgInfo parent_struct;\n'
' gboolean use_gvariant;\n'
'} _ExtendedGDBusArgInfo;\n'
'\n')
self.outfile.write('typedef struct\n'
'{\n'
' GDBusMethodInfo parent_struct;\n'
' const gchar *signal_name;\n'
' gboolean pass_fdlist;\n'
'} _ExtendedGDBusMethodInfo;\n'
'\n')
self.outfile.write('typedef struct\n'
'{\n'
' GDBusSignalInfo parent_struct;\n'
' const gchar *signal_name;\n'
'} _ExtendedGDBusSignalInfo;\n'
'\n')
self.outfile.write('typedef struct\n'
'{\n'
' GDBusPropertyInfo parent_struct;\n'
' const gchar *hyphen_name;\n'
- ' gboolean use_gvariant;\n'
+ ' guint use_gvariant : 1;\n'
+ ' guint emits_changed_signal : 1;\n'
'} _ExtendedGDBusPropertyInfo;\n'
'\n')
self.outfile.write('typedef struct\n'
'{\n'
' GDBusInterfaceInfo parent_struct;\n'
' const gchar *hyphen_name;\n'
'} _ExtendedGDBusInterfaceInfo;\n'
'\n')
self.outfile.write('typedef struct\n'
'{\n'
' const _ExtendedGDBusPropertyInfo *info;\n'
' guint prop_id;\n'
' GValue orig_value; /* the value before the change */\n'
'} ChangedProperty;\n'
'\n'
'static void\n'
'_changed_property_free (ChangedProperty *data)\n'
'{\n'
' g_value_unset (&data->orig_value);\n'
' g_free (data);\n'
'}\n'
'\n')
self.outfile.write('static gboolean\n'
'_g_strv_equal0 (gchar **a, gchar **b)\n'
'{\n'
' gboolean ret = FALSE;\n'
' guint n;\n'
@@ -933,63 +934,67 @@ class CodeGenerator:
'\n')
# ---
if len(i.properties) > 0:
for p in i.properties:
if p.readable and p.writable:
access = 'G_DBUS_PROPERTY_INFO_FLAGS_READABLE | G_DBUS_PROPERTY_INFO_FLAGS_WRITABLE'
elif p.readable:
access = 'G_DBUS_PROPERTY_INFO_FLAGS_READABLE'
elif p.writable:
access = 'G_DBUS_PROPERTY_INFO_FLAGS_WRITABLE'
else:
access = 'G_DBUS_PROPERTY_INFO_FLAGS_NONE'
num_anno = self.generate_annotations('_%s_property_%s_annotation_info'%(i.name_lower, p.name_lower), p.annotations)
self.outfile.write('static const _ExtendedGDBusPropertyInfo _%s_property_info_%s =\n'
'{\n'
' {\n'
' -1,\n'
' (gchar *) "%s",\n'
' (gchar *) "%s",\n'
' %s,\n'%(i.name_lower, p.name_lower, p.name, p.arg.signature, access))
if num_anno == 0:
self.outfile.write(' NULL\n')
else:
self.outfile.write(' (GDBusAnnotationInfo **) &_%s_property_%s_annotation_info_pointers\n'%(i.name_lower, p.name_lower))
self.outfile.write(' },\n'
' "%s",\n'
%(p.name_hyphen))
if not utils.lookup_annotation(p.annotations, 'org.gtk.GDBus.C.ForceGVariant'):
- self.outfile.write(' FALSE\n')
+ self.outfile.write(' FALSE,\n')
else:
+ self.outfile.write(' TRUE,\n')
+ if p.emits_changed_signal:
self.outfile.write(' TRUE\n')
+ else:
+ self.outfile.write(' FALSE\n')
self.outfile.write('};\n'
'\n')
self.outfile.write('static const GDBusPropertyInfo * const _%s_property_info_pointers[] =\n'
'{\n'%(i.name_lower))
for p in i.properties:
self.outfile.write(' &_%s_property_info_%s.parent_struct,\n'%(i.name_lower, p.name_lower))
self.outfile.write(' NULL\n'
'};\n'
'\n')
num_anno = self.generate_annotations('_%s_annotation_info'%(i.name_lower), i.annotations)
self.outfile.write('static const _ExtendedGDBusInterfaceInfo _%s_interface_info =\n'
'{\n'
' {\n'
' -1,\n'
' (gchar *) "%s",\n'%(i.name_lower, i.name))
if len(i.methods) == 0:
self.outfile.write(' NULL,\n')
else:
self.outfile.write(' (GDBusMethodInfo **) &_%s_method_info_pointers,\n'%(i.name_lower))
if len(i.signals) == 0:
self.outfile.write(' NULL,\n')
else:
self.outfile.write(' (GDBusSignalInfo **) &_%s_signal_info_pointers,\n'%(i.name_lower))
if len(i.properties) == 0:
self.outfile.write(' NULL,\n')
else:
self.outfile.write(' (GDBusPropertyInfo **) &_%s_property_info_pointers,\n'%(i.name_lower))
if num_anno == 0:
@@ -2568,68 +2573,71 @@ class CodeGenerator:
# this allows use of g_object_freeze_notify()/g_object_thaw_notify() ...
# This is useful when updating several properties from another thread than
# where the idle will be emitted from
self.outfile.write('static void\n'
'%s_skeleton_notify (GObject *object,\n'
' GParamSpec *pspec G_GNUC_UNUSED)\n'
'{\n'
' %sSkeleton *skeleton = %s%s_SKELETON (object);\n'
' g_mutex_lock (&skeleton->priv->lock);\n'
' if (skeleton->priv->changed_properties != NULL &&\n'
' skeleton->priv->changed_properties_idle_source == NULL)\n'
' {\n'
' skeleton->priv->changed_properties_idle_source = g_idle_source_new ();\n'
' g_source_set_priority (skeleton->priv->changed_properties_idle_source, G_PRIORITY_DEFAULT);\n'
' g_source_set_callback (skeleton->priv->changed_properties_idle_source, _%s_emit_changed, g_object_ref (skeleton), (GDestroyNotify) g_object_unref);\n'
' g_source_set_name (skeleton->priv->changed_properties_idle_source, "[generated] _%s_emit_changed");\n'
' g_source_attach (skeleton->priv->changed_properties_idle_source, skeleton->priv->context);\n'
' g_source_unref (skeleton->priv->changed_properties_idle_source);\n'
' }\n'
' g_mutex_unlock (&skeleton->priv->lock);\n'
'}\n'
'\n'
%(i.name_lower, i.camel_name, i.ns_upper, i.name_upper, i.name_lower, i.name_lower))
self.outfile.write('static void\n'
'%s_skeleton_set_property (GObject *object,\n'
' guint prop_id,\n'
' const GValue *value,\n'
' GParamSpec *pspec)\n'
'{\n'%(i.name_lower))
- self.outfile.write(' %sSkeleton *skeleton = %s%s_SKELETON (object);\n'
+ self.outfile.write(' const _ExtendedGDBusPropertyInfo *info;\n'
+ ' %sSkeleton *skeleton = %s%s_SKELETON (object);\n'
' g_assert (prop_id != 0 && prop_id - 1 < %d);\n'
+ ' info = (const _ExtendedGDBusPropertyInfo *) _%s_property_info_pointers[prop_id - 1];\n'
' g_mutex_lock (&skeleton->priv->lock);\n'
' g_object_freeze_notify (object);\n'
' if (!_g_value_equal (value, &skeleton->priv->properties[prop_id - 1]))\n'
' {\n'
- ' if (g_dbus_interface_skeleton_get_connection (G_DBUS_INTERFACE_SKELETON (skeleton)) != NULL)\n'
- ' _%s_schedule_emit_changed (skeleton, (const _ExtendedGDBusPropertyInfo *) _%s_property_info_pointers[prop_id - 1], prop_id, &skeleton->priv->properties[prop_id - 1]);\n'
+ ' if (g_dbus_interface_skeleton_get_connection (G_DBUS_INTERFACE_SKELETON (skeleton)) != NULL &&\n'
+ ' info->emits_changed_signal)\n'
+ ' _%s_schedule_emit_changed (skeleton, info, prop_id, &skeleton->priv->properties[prop_id - 1]);\n'
' g_value_copy (value, &skeleton->priv->properties[prop_id - 1]);\n'
' g_object_notify_by_pspec (object, pspec);\n'
' }\n'
' g_mutex_unlock (&skeleton->priv->lock);\n'
' g_object_thaw_notify (object);\n'
%(i.camel_name, i.ns_upper, i.name_upper, len(i.properties), i.name_lower, i.name_lower))
self.outfile.write('}\n'
'\n')
self.outfile.write('static void\n'
'%s_skeleton_init (%sSkeleton *skeleton)\n'
'{\n'
'#if GLIB_VERSION_MAX_ALLOWED >= GLIB_VERSION_2_38\n'
' skeleton->priv = %s_skeleton_get_instance_private (skeleton);\n'
'#else\n'
' skeleton->priv = G_TYPE_INSTANCE_GET_PRIVATE (skeleton, %sTYPE_%s_SKELETON, %sSkeletonPrivate);\n'
'#endif\n\n'
%(i.name_lower, i.camel_name,
i.name_lower,
i.ns_upper, i.name_upper, i.camel_name))
self.outfile.write(' g_mutex_init (&skeleton->priv->lock);\n')
self.outfile.write(' skeleton->priv->context = g_main_context_ref_thread_default ();\n')
if len(i.properties) > 0:
self.outfile.write(' skeleton->priv->properties = g_new0 (GValue, %d);\n'%(len(i.properties)))
n = 0
for p in i.properties:
self.outfile.write(' g_value_init (&skeleton->priv->properties[%d], %s);\n'%(n, p.arg.gtype))
n += 1
self.outfile.write('}\n'
'\n')
diff --git a/gio/gdbus-2.0/codegen/dbustypes.py b/gio/gdbus-2.0/codegen/dbustypes.py
index bfc69f596..359880ff7 100644
--- a/gio/gdbus-2.0/codegen/dbustypes.py
+++ b/gio/gdbus-2.0/codegen/dbustypes.py
@@ -300,89 +300,96 @@ class Signal:
arg_count = 0
for a in self.args:
a.post_process(interface_prefix, cns, cns_upper, cns_lower, arg_count)
arg_count += 1
if utils.lookup_annotation(self.annotations, 'org.freedesktop.DBus.Deprecated') == 'true':
self.deprecated = True
class Property:
def __init__(self, name, signature, access):
self.name = name
self.signature = signature
self.access = access
self.annotations = []
self.arg = Arg('value', self.signature)
self.arg.annotations = self.annotations
self.readable = False
self.writable = False
if self.access == 'readwrite':
self.readable = True
self.writable = True
elif self.access == 'read':
self.readable = True
elif self.access == 'write':
self.writable = True
else:
print_error('Invalid access type "{}"'.format(self.access))
self.doc_string = ''
self.since = ''
self.deprecated = False
+ self.emits_changed_signal = True
def post_process(self, interface_prefix, cns, cns_upper, cns_lower, containing_iface):
if len(self.doc_string) == 0:
self.doc_string = utils.lookup_docs(self.annotations)
if len(self.since) == 0:
self.since = utils.lookup_since(self.annotations)
if len(self.since) == 0:
self.since = containing_iface.since
name = self.name
overridden_name = utils.lookup_annotation(self.annotations, 'org.gtk.GDBus.C.Name')
if utils.is_ugly_case(overridden_name):
self.name_lower = overridden_name.lower()
else:
if overridden_name:
name = overridden_name
self.name_lower = utils.camel_case_to_uscore(name).lower().replace('-', '_')
self.name_hyphen = self.name_lower.replace('_', '-')
# don't clash with the GType getter, e.g.: GType foo_bar_get_type (void); G_GNUC_CONST
if self.name_lower == 'type':
self.name_lower = 'type_'
# recalculate arg
self.arg.annotations = self.annotations
self.arg.post_process(interface_prefix, cns, cns_upper, cns_lower, 0)
if utils.lookup_annotation(self.annotations, 'org.freedesktop.DBus.Deprecated') == 'true':
self.deprecated = True
+ # FIXME: for now we only support 'false' and 'const' on the signal itself, see #674913 and
+ # http://dbus.freedesktop.org/doc/dbus-specification.html#introspection-format
+ # for details
+ if utils.lookup_annotation(self.annotations, 'org.freedesktop.DBus.Property.EmitsChangedSignal') in ('false', 'const'):
+ self.emits_changed_signal = False
+
class Interface:
def __init__(self, name):
self.name = name
self.methods = []
self.signals = []
self.properties = []
self.annotations = []
self.doc_string = ''
self.doc_string_brief = ''
self.since = ''
self.deprecated = False
def post_process(self, interface_prefix, c_namespace):
if len(self.doc_string) == 0:
self.doc_string = utils.lookup_docs(self.annotations)
if len(self.doc_string_brief) == 0:
self.doc_string_brief = utils.lookup_brief_docs(self.annotations)
if len(self.since) == 0:
self.since = utils.lookup_since(self.annotations)
if len(c_namespace) > 0:
if utils.is_ugly_case(c_namespace):
cns = c_namespace.replace('_', '')
cns_upper = c_namespace.upper() + '_'
cns_lower = c_namespace.lower() + '_'
else:
cns = c_namespace
cns_upper = utils.camel_case_to_uscore(c_namespace).upper() + '_'
cns_lower = utils.camel_case_to_uscore(c_namespace).lower() + '_'
else:
diff --git a/gio/tests/gdbus-test-codegen.c b/gio/tests/gdbus-test-codegen.c
index 1c4e83c4c..c906d05ae 100644
--- a/gio/tests/gdbus-test-codegen.c
+++ b/gio/tests/gdbus-test-codegen.c
@@ -1740,103 +1740,127 @@ on_object_proxy_added (GDBusObjectManagerClient *manager,
gpointer user_data)
{
OMData *om_data = user_data;
om_data->num_object_proxy_added_signals += 1;
g_signal_connect (object_proxy,
"interface-added",
G_CALLBACK (on_interface_added),
om_data);
g_signal_connect (object_proxy,
"interface-removed",
G_CALLBACK (on_interface_removed),
om_data);
}
static void
on_object_proxy_removed (GDBusObjectManagerClient *manager,
GDBusObjectProxy *object_proxy,
gpointer user_data)
{
OMData *om_data = user_data;
om_data->num_object_proxy_removed_signals += 1;
g_assert_cmpint (g_signal_handlers_disconnect_by_func (object_proxy,
G_CALLBACK (on_interface_added),
om_data), ==, 1);
g_assert_cmpint (g_signal_handlers_disconnect_by_func (object_proxy,
G_CALLBACK (on_interface_removed),
om_data), ==, 1);
}
static void
-property_d_changed (GObject *object,
- GParamSpec *pspec,
- gpointer user_data)
+property_changed (GObject *object,
+ GParamSpec *pspec,
+ gpointer user_data)
{
gboolean *changed = user_data;
*changed = TRUE;
}
static void
om_check_property_and_signal_emission (GMainLoop *loop,
FooiGenBar *skeleton,
FooiGenBar *proxy)
{
gboolean d_changed = FALSE;
+ gboolean quiet_changed = FALSE;
+ gboolean quiet_too_changed = FALSE;
guint handler;
/* First PropertiesChanged */
g_assert_cmpint (foo_igen_bar_get_i (skeleton), ==, 0);
g_assert_cmpint (foo_igen_bar_get_i (proxy), ==, 0);
foo_igen_bar_set_i (skeleton, 1);
_g_assert_property_notify (proxy, "i");
g_assert_cmpint (foo_igen_bar_get_i (skeleton), ==, 1);
g_assert_cmpint (foo_igen_bar_get_i (proxy), ==, 1);
/* Double-check the gdouble case */
g_assert_cmpfloat (foo_igen_bar_get_d (skeleton), ==, 0.0);
g_assert_cmpfloat (foo_igen_bar_get_d (proxy), ==, 0.0);
foo_igen_bar_set_d (skeleton, 1.0);
_g_assert_property_notify (proxy, "d");
/* Verify that re-setting it to the same value doesn't cause a
* notify on the proxy, by taking advantage of the fact that
* notifications are serialized.
*/
handler = g_signal_connect (proxy, "notify::d",
- G_CALLBACK (property_d_changed), &d_changed);
+ G_CALLBACK (property_changed), &d_changed);
foo_igen_bar_set_d (skeleton, 1.0);
foo_igen_bar_set_i (skeleton, 2);
_g_assert_property_notify (proxy, "i");
g_assert (d_changed == FALSE);
g_signal_handler_disconnect (proxy, handler);
+ /* Verify that re-setting a property with the "EmitsChangedSignal"
+ * set to false doesn't emit a signal. */
+ handler = g_signal_connect (proxy, "notify::quiet",
+ G_CALLBACK (property_changed), &quiet_changed);
+ foo_igen_bar_set_quiet (skeleton, "hush!");
+ foo_igen_bar_set_i (skeleton, 3);
+ _g_assert_property_notify (proxy, "i");
+ g_assert (quiet_changed == FALSE);
+ g_assert_cmpstr (foo_igen_bar_get_quiet (skeleton), ==, "hush!");
+ g_signal_handler_disconnect (proxy, handler);
+
+ /* Also verify that re-setting a property with the "EmitsChangedSignal"
+ * set to 'const' doesn't emit a signal. */
+ handler = g_signal_connect (proxy, "notify::quiet-too",
+ G_CALLBACK (property_changed), &quiet_changed);
+ foo_igen_bar_set_quiet_too (skeleton, "hush too!");
+ foo_igen_bar_set_i (skeleton, 4);
+ _g_assert_property_notify (proxy, "i");
+ g_assert (quiet_too_changed == FALSE);
+ g_assert_cmpstr (foo_igen_bar_get_quiet_too (skeleton), ==, "hush too!");
+ g_signal_handler_disconnect (proxy, handler);
+
/* Then just a regular signal */
foo_igen_bar_emit_another_signal (skeleton, "word");
_g_assert_signal_received (proxy, "another-signal");
}
static void
check_object_manager (void)
{
FooiGenObjectSkeleton *o = NULL;
FooiGenObjectSkeleton *o2 = NULL;
FooiGenObjectSkeleton *o3 = NULL;
GDBusInterfaceSkeleton *i;
GDBusConnection *c;
GDBusObjectManagerServer *manager = NULL;
GDBusNodeInfo *info;
GError *error;
GMainLoop *loop;
OMData *om_data = NULL;
guint om_signal_id = -1;
GDBusObjectManager *pm = NULL;
GList *object_proxies;
GList *proxies;
GDBusObject *op;
GDBusProxy *p;
FooiGenBar *bar_skeleton;
GDBusInterface *iface;
gchar *path, *name, *name_owner;
GDBusConnection *c2;
GDBusObjectManagerClientFlags flags;
@@ -2124,73 +2148,73 @@ check_object_manager (void)
"({objectpath '/managed/first': {'com.acme.Coyote': {'Mood': <''>}}},)");
/* -------------------------------------------------- */
/* create a new object with two interfaces */
o2 = foo_igen_object_skeleton_new ("/managed/second");
i = G_DBUS_INTERFACE_SKELETON (foo_igen_bar_skeleton_new ());
bar_skeleton = FOO_IGEN_BAR (i); /* save for later test */
foo_igen_object_skeleton_set_bar (o2, FOO_IGEN_BAR (i));
g_clear_object (&i);
i = G_DBUS_INTERFACE_SKELETON (foo_igen_bat_skeleton_new ());
foo_igen_object_skeleton_set_bat (o2, FOO_IGEN_BAT (i));
g_clear_object (&i);
/* ... add it */
g_dbus_object_manager_server_export (manager, G_DBUS_OBJECT_SKELETON (o2));
/* ... check we get the InterfacesAdded with _two_ interfaces */
om_data->state = 101;
g_main_loop_run (om_data->loop);
g_assert_cmpint (om_data->state, ==, 102);
g_assert_cmpint (om_data->num_object_proxy_added_signals, ==, 5);
g_assert_cmpint (om_data->num_object_proxy_removed_signals, ==, 3);
g_assert_cmpint (om_data->num_interface_added_signals, ==, 1);
g_assert_cmpint (om_data->num_interface_removed_signals, ==, 1);
/* -------------------------------------------------- */
/* Now that we have a couple of objects with interfaces, check
* that ObjectManager.GetManagedObjects() works
*/
om_check_get_all (c, loop,
- "({objectpath '/managed/first': {'com.acme.Coyote': {'Mood': <''>}}, '/managed/second': {'org.project.Bar': {'y': <byte 0x00>, 'b': <false>, 'n': <int16 0>, 'q': <uint16 0>, 'i': <0>, 'u': <uint32 0>, 'x': <int64 0>, 't': <uint64 0>, 'd': <0.0>, 's': <''>, 'o': <objectpath '/'>, 'g': <signature ''>, 'ay': <b''>, 'as': <@as []>, 'aay': <@aay []>, 'ao': <@ao []>, 'ag': <@ag []>, 'FinallyNormalName': <''>, 'ReadonlyProperty': <''>, 'unset_i': <0>, 'unset_d': <0.0>, 'unset_s': <''>, 'unset_o': <objectpath '/'>, 'unset_g': <signature ''>, 'unset_ay': <b''>, 'unset_as': <@as []>, 'unset_ao': <@ao []>, 'unset_ag': <@ag []>, 'unset_struct': <(0, 0.0, '', objectpath '/', signature '', @ay [], @as [], @ao [], @ag [])>}, 'org.project.Bat': {'force_i': <0>, 'force_s': <''>, 'force_ay': <@ay []>, 'force_struct': <(0,)>}}},)");
+ "({objectpath '/managed/first': {'com.acme.Coyote': {'Mood': <''>}}, '/managed/second': {'org.project.Bar': {'y': <byte 0x00>, 'b': <false>, 'n': <int16 0>, 'q': <uint16 0>, 'i': <0>, 'u': <uint32 0>, 'x': <int64 0>, 't': <uint64 0>, 'd': <0.0>, 's': <''>, 'o': <objectpath '/'>, 'g': <signature ''>, 'ay': <b''>, 'as': <@as []>, 'aay': <@aay []>, 'ao': <@ao []>, 'ag': <@ag []>, 'FinallyNormalName': <''>, 'ReadonlyProperty': <''>, 'quiet': <''>, 'quiet_too': <''>, 'unset_i': <0>, 'unset_d': <0.0>, 'unset_s': <''>, 'unset_o': <objectpath '/'>, 'unset_g': <signature ''>, 'unset_ay': <b''>, 'unset_as': <@as []>, 'unset_ao': <@ao []>, 'unset_ag': <@ag []>, 'unset_struct': <(0, 0.0, '', objectpath '/', signature '', @ay [], @as [], @ao [], @ag [])>}, 'org.project.Bat': {'force_i': <0>, 'force_s': <''>, 'force_ay': <@ay []>, 'force_struct': <(0,)>}}},)");
/* Set connection to NULL, causing everything to be unexported.. verify this.. and
* then set the connection back.. and then check things still work
*/
g_dbus_object_manager_server_set_connection (manager, NULL);
info = introspect (c, g_dbus_connection_get_unique_name (c), "/managed", loop);
g_assert_cmpint (count_interfaces (info), ==, 0); /* nothing */
g_dbus_node_info_unref (info);
g_dbus_object_manager_server_set_connection (manager, c);
om_check_get_all (c, loop,
- "({objectpath '/managed/first': {'com.acme.Coyote': {'Mood': <''>}}, '/managed/second': {'org.project.Bar': {'y': <byte 0x00>, 'b': <false>, 'n': <int16 0>, 'q': <uint16 0>, 'i': <0>, 'u': <uint32 0>, 'x': <int64 0>, 't': <uint64 0>, 'd': <0.0>, 's': <''>, 'o': <objectpath '/'>, 'g': <signature ''>, 'ay': <b''>, 'as': <@as []>, 'aay': <@aay []>, 'ao': <@ao []>, 'ag': <@ag []>, 'FinallyNormalName': <''>, 'ReadonlyProperty': <''>, 'unset_i': <0>, 'unset_d': <0.0>, 'unset_s': <''>, 'unset_o': <objectpath '/'>, 'unset_g': <signature ''>, 'unset_ay': <b''>, 'unset_as': <@as []>, 'unset_ao': <@ao []>, 'unset_ag': <@ag []>, 'unset_struct': <(0, 0.0, '', objectpath '/', signature '', @ay [], @as [], @ao [], @ag [])>}, 'org.project.Bat': {'force_i': <0>, 'force_s': <''>, 'force_ay': <@ay []>, 'force_struct': <(0,)>}}},)");
+ "({objectpath '/managed/first': {'com.acme.Coyote': {'Mood': <''>}}, '/managed/second': {'org.project.Bar': {'y': <byte 0x00>, 'b': <false>, 'n': <int16 0>, 'q': <uint16 0>, 'i': <0>, 'u': <uint32 0>, 'x': <int64 0>, 't': <uint64 0>, 'd': <0.0>, 's': <''>, 'o': <objectpath '/'>, 'g': <signature ''>, 'ay': <b''>, 'as': <@as []>, 'aay': <@aay []>, 'ao': <@ao []>, 'ag': <@ag []>, 'FinallyNormalName': <''>, 'ReadonlyProperty': <''>, 'quiet': <''>, 'quiet_too': <''>, 'unset_i': <0>, 'unset_d': <0.0>, 'unset_s': <''>, 'unset_o': <objectpath '/'>, 'unset_g': <signature ''>, 'unset_ay': <b''>, 'unset_as': <@as []>, 'unset_ao': <@ao []>, 'unset_ag': <@ag []>, 'unset_struct': <(0, 0.0, '', objectpath '/', signature '', @ay [], @as [], @ao [], @ag [])>}, 'org.project.Bat': {'force_i': <0>, 'force_s': <''>, 'force_ay': <@ay []>, 'force_struct': <(0,)>}}},)");
/* Also check that the ObjectManagerClient returns these objects - and
* that they are of the right GType cf. what was requested via
* the generated ::get-proxy-type signal handler
*/
object_proxies = g_dbus_object_manager_get_objects (pm);
g_assert (g_list_length (object_proxies) == 2);
g_list_free_full (object_proxies, g_object_unref);
op = g_dbus_object_manager_get_object (pm, "/managed/first");
g_assert (op != NULL);
g_assert (FOO_IGEN_IS_OBJECT_PROXY (op));
g_assert_cmpstr (g_dbus_object_get_object_path (op), ==, "/managed/first");
proxies = g_dbus_object_get_interfaces (op);
g_assert (g_list_length (proxies) == 1);
g_list_free_full (proxies, g_object_unref);
p = G_DBUS_PROXY (foo_igen_object_get_com_acme_coyote (FOO_IGEN_OBJECT (op)));
g_assert (p != NULL);
g_assert_cmpint (G_TYPE_FROM_INSTANCE (p), ==, FOO_IGEN_TYPE_COM_ACME_COYOTE_PROXY);
g_assert (g_type_is_a (G_TYPE_FROM_INSTANCE (p), FOO_IGEN_TYPE_COM_ACME_COYOTE));
g_clear_object (&p);
p = (GDBusProxy *) g_dbus_object_get_interface (op, "org.project.NonExisting");
g_assert (p == NULL);
g_clear_object (&op);
/* -- */
op = g_dbus_object_manager_get_object (pm, "/managed/second");
g_assert (op != NULL);
g_assert (FOO_IGEN_IS_OBJECT_PROXY (op));
g_assert_cmpstr (g_dbus_object_get_object_path (op), ==, "/managed/second");
proxies = g_dbus_object_get_interfaces (op);
diff --git a/gio/tests/test-codegen.xml b/gio/tests/test-codegen.xml
index 885a21f77..39d8769c7 100644
--- a/gio/tests/test-codegen.xml
+++ b/gio/tests/test-codegen.xml
@@ -79,60 +79,66 @@
<arg type="aay" name="array_of_bytestrings" />
<arg type="a{s(ii)}" name="dict_s_to_pairs" />
</signal>
<signal name="AnotherSignal">
<arg type="s" name="word" />
</signal>
<property name="y" type="y" access="readwrite">
<annotation name="org.gtk.GDBus.DocString" value="&lt;para&gt;Property docs, yah...&lt;/para&gt;&lt;para&gt;Second paragraph.&lt;/para&gt;"/>
</property>
<property name="b" type="b" access="readwrite"/>
<property name="n" type="n" access="readwrite"/>
<property name="q" type="q" access="readwrite"/>
<property name="i" type="i" access="readwrite"/>
<property name="u" type="u" access="readwrite"/>
<property name="x" type="x" access="readwrite"/>
<property name="t" type="t" access="readwrite"/>
<property name="d" type="d" access="readwrite"/>
<property name="s" type="s" access="readwrite"/>
<property name="o" type="o" access="readwrite"/>
<property name="g" type="g" access="readwrite"/>
<property name="ay" type="ay" access="readwrite"/>
<property name="as" type="as" access="readwrite"/>
<property name="aay" type="aay" access="readwrite"/>
<property name="ao" type="ao" access="readwrite"/>
<property name="ag" type="ag" access="readwrite"/>
<property name="FinallyNormalName" type="s" access="readwrite"/>
<property name="ReadonlyProperty" type="s" access="read"/>
<property name="WriteonlyProperty" type="s" access="write"/>
+ <property name="quiet" type="s" access="readwrite">
+ <annotation name="org.freedesktop.DBus.Property.EmitsChangedSignal" value="false"/>
+ </property>
+ <property name="quiet_too" type="s" access="readwrite">
+ <annotation name="org.freedesktop.DBus.Property.EmitsChangedSignal" value="const"/>
+ </property>
<!-- unset properties -->
<property name="unset_i" type="i" access="readwrite"/>
<property name="unset_d" type="d" access="readwrite"/>
<property name="unset_s" type="s" access="readwrite"/>
<property name="unset_o" type="o" access="readwrite"/>
<property name="unset_g" type="g" access="readwrite"/>
<property name="unset_ay" type="ay" access="readwrite"/>
<property name="unset_as" type="as" access="readwrite"/>
<property name="unset_ao" type="ao" access="readwrite"/>
<property name="unset_ag" type="ag" access="readwrite"/>
<property name="unset_struct" type="(idsogayasaoag)" access="readwrite"/>
</interface> <!-- End org.project.Bar -->
<!-- Namespaced -->
<interface name="org.project.Bar.Frobnicator">
<method name="RandomMethod"/>
</interface>
<!-- Empty -->
<interface name="org.project.Baz">
</interface>
<!-- Outside D-Bus prefix -->
<interface name="com.acme.Coyote">
<method name="Run"/>
<method name="Sleep"/>
<method name="Attack"/>
<signal name="Surprised"/>
<property name="Mood" type="s" access="read"/>
--
2.21.0

27
SOURCES/0001-gdbus-unix-addresses-test-don-t-g_debug-when-also-te.patch Normal file
View File

@ -0,0 +1,27 @@
From fe803a6da0c7d73cd689d905258847384e11d1fd Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Mon, 17 Dec 2018 14:36:07 -0500
Subject: [PATCH] gdbus unix addresses test: don't g_debug when also testing
stdout
At the moment the gdbus-unix-addresses test will fail if
G_MESSAGES_DEBUG is set, since the test checks stdout, and the
test has a g_debug call.
This commit drops the g_debug call, which isn't that useful anyway.
---
gio/tests/gdbus-unix-addresses.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/gio/tests/gdbus-unix-addresses.c b/gio/tests/gdbus-unix-addresses.c
index e08328711..d020edd06 100644
--- a/gio/tests/gdbus-unix-addresses.c
+++ b/gio/tests/gdbus-unix-addresses.c
@@ -106,7 +106,6 @@ set_up_mock_dbus_launch (void)
{
path = g_strconcat (g_test_get_dir (G_TEST_BUILT), ":",
g_getenv ("PATH"), NULL);
- g_debug ("PATH=%s", path);
g_setenv ("PATH", path, TRUE);
/* libdbus won't even try X11 autolaunch if DISPLAY is unset; GDBus

53
SOURCES/0001-gfile-Limit-access-to-files-when-copying.patch Normal file
View File

@ -0,0 +1,53 @@
From d8f8f4d637ce43f8699ba94c9b7648beda0ca174 Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Thu, 23 May 2019 10:41:53 +0200
Subject: [PATCH] gfile: Limit access to files when copying
file_copy_fallback creates new files with default permissions and
set the correct permissions after the operation is finished. This
might cause that the files can be accessible by more users during
the operation than expected. Use G_FILE_CREATE_PRIVATE for the new
files to limit access to those files.
---
gio/gfile.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/gio/gfile.c b/gio/gfile.c
index 24b136d80..74b58047c 100644
--- a/gio/gfile.c
+++ b/gio/gfile.c
@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile *source,
out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
FALSE, NULL,
flags & G_FILE_COPY_BACKUP,
- G_FILE_CREATE_REPLACE_DESTINATION,
- info,
+ G_FILE_CREATE_REPLACE_DESTINATION |
+ G_FILE_CREATE_PRIVATE, info,
cancellable, error);
else
out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
- FALSE, 0, info,
+ FALSE, G_FILE_CREATE_PRIVATE, info,
cancellable, error);
}
else if (flags & G_FILE_COPY_OVERWRITE)
@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile *source,
out = (GOutputStream *)g_file_replace (destination,
NULL,
flags & G_FILE_COPY_BACKUP,
- G_FILE_CREATE_REPLACE_DESTINATION,
+ G_FILE_CREATE_REPLACE_DESTINATION |
+ G_FILE_CREATE_PRIVATE,
cancellable, error);
}
else
{
- out = (GOutputStream *)g_file_create (destination, 0, cancellable, error);
+ out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error);
}
if (!out)
--
2.21.0

56
SOURCES/0001-glocalfileoutputstream-Factor-out-a-flag-check.patch Normal file
View File

@ -0,0 +1,56 @@
From 8fef6abe1131da0c8a7211c740a12ebe11cbcc51 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 10 Mar 2021 16:05:55 +0000
Subject: [PATCH 1/3] glocalfileoutputstream: Factor out a flag check
This clarifies the code a little. It introduces no functional changes.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
---
gio/glocalfileoutputstream.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
index 57d2d5dfe..6a70b2a04 100644
--- a/gio/glocalfileoutputstream.c
+++ b/gio/glocalfileoutputstream.c
@@ -751,6 +751,7 @@ handle_overwrite_open (const char *filename,
int res;
int mode;
int errsv;
+ gboolean replace_destination_set = (flags & G_FILE_CREATE_REPLACE_DESTINATION);
mode = mode_from_flags_or_info (flags, reference_info);
@@ -857,8 +858,8 @@ handle_overwrite_open (const char *filename,
* The second strategy consist simply in copying the old file
* to a backup file and rewrite the contents of the file.
*/
-
- if ((flags & G_FILE_CREATE_REPLACE_DESTINATION) ||
+
+ if (replace_destination_set ||
(!(original_stat.st_nlink > 1) && !is_symlink))
{
char *dirname, *tmp_filename;
@@ -877,7 +878,7 @@ handle_overwrite_open (const char *filename,
/* try to keep permissions (unless replacing) */
- if ( ! (flags & G_FILE_CREATE_REPLACE_DESTINATION) &&
+ if (!replace_destination_set &&
(
#ifdef HAVE_FCHOWN
fchown (tmpfd, original_stat.st_uid, original_stat.st_gid) == -1 ||
@@ -1016,7 +1017,7 @@ handle_overwrite_open (const char *filename,
}
}
- if (flags & G_FILE_CREATE_REPLACE_DESTINATION)
+ if (replace_destination_set)
{
g_close (fd, NULL);
--
2.31.1

174
SOURCES/0001-gstrfuncs-Add-internal-g_memdup2-function.patch Normal file
View File

@ -0,0 +1,174 @@
From e23bf51c6a898f5c395ffb388a0287575a3017cb Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 13:30:52 +0000
Subject: [PATCH 01/12] gstrfuncs: Add internal g_memdup2() function
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This will replace the existing `g_memdup()` function for use within
GLib. It has an unavoidable security flaw of taking its `byte_size`
argument as a `guint` rather than as a `gsize`. Most callers will
expect it to be a `gsize`, and may pass in large values which could
silently be truncated, resulting in an undersize allocation compared
to what the caller expects.
This could lead to a classic buffer overflow vulnerability for many
callers of `g_memdup()`.
`g_memdup2()`, in comparison, takes its `byte_size` as a `gsize`.
Spotted by Kevin Backhouse of GHSL.
In GLib 2.68, `g_memdup2()` will be a new public API. In this version
for backport to older stable releases, its a new `static inline` API
in a private header, so that use of `g_memdup()` within GLib can be
fixed without adding a new API in a stable release series.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: GHSL-2021-045
Helps: #2319
---
docs/reference/glib/meson.build | 1 +
glib/gstrfuncsprivate.h | 55 +++++++++++++++++++++++++++++++++
glib/meson.build | 1 +
glib/tests/strfuncs.c | 23 ++++++++++++++
4 files changed, 80 insertions(+)
create mode 100644 glib/gstrfuncsprivate.h
diff --git a/docs/reference/glib/meson.build b/docs/reference/glib/meson.build
index f0f915e96..1a3680941 100644
--- a/docs/reference/glib/meson.build
+++ b/docs/reference/glib/meson.build
@@ -20,6 +20,7 @@ if get_option('gtk_doc')
'gprintfint.h',
'gmirroringtable.h',
'gscripttable.h',
+ 'gstrfuncsprivate.h',
'glib-mirroring-tab',
'gnulib',
'pcre',
diff --git a/glib/gstrfuncsprivate.h b/glib/gstrfuncsprivate.h
new file mode 100644
index 000000000..85c88328a
--- /dev/null
+++ b/glib/gstrfuncsprivate.h
@@ -0,0 +1,55 @@
+/* GLIB - Library of useful routines for C programming
+ * Copyright (C) 1995-1997 Peter Mattis, Spencer Kimball and Josh MacDonald
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <glib.h>
+#include <string.h>
+
+/*
+ * g_memdup2:
+ * @mem: (nullable): the memory to copy.
+ * @byte_size: the number of bytes to copy.
+ *
+ * Allocates @byte_size bytes of memory, and copies @byte_size bytes into it
+ * from @mem. If @mem is %NULL it returns %NULL.
+ *
+ * This replaces g_memdup(), which was prone to integer overflows when
+ * converting the argument from a #gsize to a #guint.
+ *
+ * This static inline version is a backport of the new public API from
+ * GLib 2.68, kept internal to GLib for backport to older stable releases.
+ * See https://gitlab.gnome.org/GNOME/glib/-/issues/2319.
+ *
+ * Returns: (nullable): a pointer to the newly-allocated copy of the memory,
+ * or %NULL if @mem is %NULL.
+ * Since: 2.68
+ */
+static inline gpointer
+g_memdup2 (gconstpointer mem,
+ gsize byte_size)
+{
+ gpointer new_mem;
+
+ if (mem && byte_size != 0)
+ {
+ new_mem = g_malloc (byte_size);
+ memcpy (new_mem, mem, byte_size);
+ }
+ else
+ new_mem = NULL;
+
+ return new_mem;
+}
diff --git a/glib/meson.build b/glib/meson.build
index a2f9da81c..481fd06ff 100644
--- a/glib/meson.build
+++ b/glib/meson.build
@@ -167,6 +167,7 @@ glib_sources = files(
'gslist.c',
'gstdio.c',
'gstrfuncs.c',
+ 'gstrfuncsprivate.h',
'gstring.c',
'gstringchunk.c',
'gtestutils.c',
diff --git a/glib/tests/strfuncs.c b/glib/tests/strfuncs.c
index 7e031bdb1..2aa252946 100644
--- a/glib/tests/strfuncs.c
+++ b/glib/tests/strfuncs.c
@@ -32,6 +32,8 @@
#include <string.h>
#include "glib.h"
+#include "gstrfuncsprivate.h"
+
#if defined (_MSC_VER) && (_MSC_VER <= 1800)
#define isnan(x) _isnan(x)
@@ -199,6 +201,26 @@ test_is_to_digit (void)
#undef TEST_DIGIT
}
+/* Testing g_memdup2() function with various positive and negative cases */
+static void
+test_memdup2 (void)
+{
+ gchar *str_dup = NULL;
+ const gchar *str = "The quick brown fox jumps over the lazy dog";
+
+ /* Testing negative cases */
+ g_assert_null (g_memdup2 (NULL, 1024));
+ g_assert_null (g_memdup2 (str, 0));
+ g_assert_null (g_memdup2 (NULL, 0));
+
+ /* Testing normal usage cases */
+ str_dup = g_memdup2 (str, strlen (str) + 1);
+ g_assert_nonnull (str_dup);
+ g_assert_cmpstr (str, ==, str_dup);
+
+ g_free (str_dup);
+}
+
static void
test_strdup (void)
{
@@ -1726,6 +1748,7 @@ main (int argc,
g_test_init (&argc, &argv, NULL);
g_test_add_func ("/strfuncs/test-is-to-digit", test_is_to_digit);
+ g_test_add_func ("/strfuncs/memdup2", test_memdup2);
g_test_add_func ("/strfuncs/strdup", test_strdup);
g_test_add_func ("/strfuncs/strndup", test_strndup);
g_test_add_func ("/strfuncs/strdup-printf", test_strdup_printf);
--
2.31.1

38
SOURCES/0001-libcharset-Drop-a-redundant-environment-variable.patch Normal file
View File

@ -0,0 +1,38 @@
From a18f091c6c090b93cd816f8cd5be763b6e238632 Mon Sep 17 00:00:00 2001
From: Philip Withnall <withnall@endlessm.com>
Date: Fri, 7 Feb 2020 17:10:23 +0000
Subject: [PATCH] libcharset: Drop a redundant environment variable
It was used for running tests when we built with autotools, but is no
longer used in the Meson build system. If we need something similar in
future, it should be done by adding internal API to override the
directory on a per-call basis, rather than loading a path from a shared
global table every time.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Helps: #1919
---
glib/libcharset/localcharset.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/glib/libcharset/localcharset.c b/glib/libcharset/localcharset.c
index 0c4d544be..ab3a2678d 100644
--- a/glib/libcharset/localcharset.c
+++ b/glib/libcharset/localcharset.c
@@ -117,11 +117,7 @@ _g_locale_get_charset_aliases (void)
const char *base = "charset.alias";
char *file_name;
- /* Make it possible to override the charset.alias location. This is
- necessary for running the testsuite before "make install". */
- dir = getenv ("CHARSETALIASDIR");
- if (dir == NULL || dir[0] == '\0')
- dir = relocate (GLIB_CHARSETALIAS_DIR);
+ dir = relocate (GLIB_CHARSETALIAS_DIR);
/* Concatenate dir and base into freshly allocated file_name. */
{
--
2.31.1

21
SOURCES/0001-spawn-add-shebang-line-to-script.patch Normal file
View File

@ -0,0 +1,21 @@
From 521f9605e0ab019ec9a493153ca0c8fe4267d665 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Mon, 17 Dec 2018 15:46:10 -0500
Subject: [PATCH] spawn: add shebang line to script
downstream tools get confused when the script is missing a shebang
line, and having a shebang line doesn't hurt, so add one.
---
glib/tests/echo-script | 1 +
1 file changed, 1 insertion(+)
diff --git a/glib/tests/echo-script b/glib/tests/echo-script
index c732ed910..b609f2d39 100755
--- a/glib/tests/echo-script
+++ b/glib/tests/echo-script
@@ -1 +1,2 @@
+#!/bin/sh
echo "echo"
--
2.20.0

96
SOURCES/0001-tests-Allocate-gvariant-data-from-the-heap-to-guaran.patch Normal file
View File

@ -0,0 +1,96 @@
From 85c4031696add9797e2334ced20678edcd96c869 Mon Sep 17 00:00:00 2001
From: Mart Raudsepp <leio@gentoo.org>
Date: Wed, 19 Dec 2018 16:22:21 +0200
Subject: [PATCH 1/2] tests: Allocate gvariant data from the heap to guarantee
alignment
On glib-2-58 branch we don't have !455, thus we need aligned data
for the gvariant tests to not fail on i686.
Fixes #1626
---
glib/tests/gvariant.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/glib/tests/gvariant.c b/glib/tests/gvariant.c
index 6e417f6c1..a7b19826d 100644
--- a/glib/tests/gvariant.c
+++ b/glib/tests/gvariant.c
@@ -4664,6 +4664,7 @@ test_stack_dict_init (void)
static void
test_normal_checking_tuples (void)
{
+ gpointer aligned_data;
const guint8 data[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
'a', '(', 'a', 'o', 'a', 'o', 'a', 'a', 'o', 'a', 'a', 'o', ')'
@@ -4672,13 +4673,15 @@ test_normal_checking_tuples (void)
GVariant *variant = NULL;
GVariant *normal_variant = NULL;
- variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, data, size,
+ aligned_data = g_memdup (data, size); /* guarantee alignment */
+ variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, aligned_data, size,
FALSE, NULL, NULL);
g_assert_nonnull (variant);
normal_variant = g_variant_get_normal_form (variant);
g_assert_nonnull (normal_variant);
+ g_free (aligned_data);
g_variant_unref (normal_variant);
g_variant_unref (variant);
}
@@ -4790,6 +4793,7 @@ test_recursion_limits_array_in_variant (void)
static void
test_normal_checking_array_offsets (void)
{
+ gpointer aligned_data;
const guint8 data[] = {
0x07, 0xe5, 0x00, 0x07, 0x00, 0x07, 0x00, 0x00,
'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'g',
@@ -4798,13 +4802,15 @@ test_normal_checking_array_offsets (void)
GVariant *variant = NULL;
GVariant *normal_variant = NULL;
- variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, data, size,
+ aligned_data = g_memdup (data, size); /* guarantee alignment */
+ variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, aligned_data, size,
FALSE, NULL, NULL);
g_assert_nonnull (variant);
normal_variant = g_variant_get_normal_form (variant);
g_assert_nonnull (normal_variant);
+ g_free (aligned_data);
g_variant_unref (normal_variant);
g_variant_unref (variant);
}
@@ -4838,6 +4844,7 @@ test_normal_checking_tuple_offsets (void)
static void
test_normal_checking_empty_object_path (void)
{
+ gpointer aligned_data;
const guint8 data[] = {
0x20, 0x20, 0x00, 0x00, 0x00, 0x00,
'(', 'h', '(', 'a', 'i', 'a', 'b', 'i', 'o', ')', ')',
@@ -4846,13 +4853,15 @@ test_normal_checking_empty_object_path (void)
GVariant *variant = NULL;
GVariant *normal_variant = NULL;
- variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, data, size,
+ aligned_data = g_memdup (data, size); /* guarantee alignment */
+ variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, aligned_data, size,
FALSE, NULL, NULL);
g_assert_nonnull (variant);
normal_variant = g_variant_get_normal_form (variant);
g_assert_nonnull (normal_variant);
+ g_free (aligned_data);
g_variant_unref (normal_variant);
g_variant_unref (variant);
}
--
2.19.1

262
SOURCES/0002-gio-Use-g_memdup2-instead-of-g_memdup-in-obvious-pla.patch Normal file
View File

@ -0,0 +1,262 @@
From d27057acbb26f5b3400677e22a7801bb60a9a134 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 13:37:56 +0000
Subject: [PATCH 02/12] gio: Use g_memdup2() instead of g_memdup() in obvious
places
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Convert all the call sites which use `g_memdup()`s length argument
trivially (for example, by passing a `sizeof()`), so that they use
`g_memdup2()` instead.
In almost all of these cases the use of `g_memdup()` would not have
caused problems, but it will soon be deprecated, so best port away from
it.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
---
gio/gdbusconnection.c | 5 +++--
gio/gdbusinterfaceskeleton.c | 3 ++-
gio/gfile.c | 7 ++++---
gio/gsettingsschema.c | 5 +++--
gio/gwin32registrykey.c | 8 +++++---
gio/tests/async-close-output-stream.c | 6 ++++--
gio/tests/gdbus-export.c | 5 +++--
gio/win32/gwinhttpfile.c | 9 +++++----
8 files changed, 29 insertions(+), 19 deletions(-)
diff --git a/gio/gdbusconnection.c b/gio/gdbusconnection.c
index 6f7e5fefc..117c8df35 100644
--- a/gio/gdbusconnection.c
+++ b/gio/gdbusconnection.c
@@ -119,6 +119,7 @@
#include "gasyncinitable.h"
#include "giostream.h"
#include "gasyncresult.h"
+#include "gstrfuncsprivate.h"
#include "gtask.h"
#ifdef G_OS_UNIX
@@ -3970,7 +3971,7 @@ _g_dbus_interface_vtable_copy (const GDBusInterfaceVTable *vtable)
/* Don't waste memory by copying padding - remember to update this
* when changing struct _GDBusInterfaceVTable in gdbusconnection.h
*/
- return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer));
+ return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer));
}
static void
@@ -3987,7 +3988,7 @@ _g_dbus_subtree_vtable_copy (const GDBusSubtreeVTable *vtable)
/* Don't waste memory by copying padding - remember to update this
* when changing struct _GDBusSubtreeVTable in gdbusconnection.h
*/
- return g_memdup ((gconstpointer) vtable, 3 * sizeof (gpointer));
+ return g_memdup2 ((gconstpointer) vtable, 3 * sizeof (gpointer));
}
static void
diff --git a/gio/gdbusinterfaceskeleton.c b/gio/gdbusinterfaceskeleton.c
index 96bd520aa..672604c49 100644
--- a/gio/gdbusinterfaceskeleton.c
+++ b/gio/gdbusinterfaceskeleton.c
@@ -27,6 +27,7 @@
#include "gdbusprivate.h"
#include "gdbusmethodinvocation.h"
#include "gdbusconnection.h"
+#include "gstrfuncsprivate.h"
#include "gtask.h"
#include "gioerror.h"
@@ -697,7 +698,7 @@ add_connection_locked (GDBusInterfaceSkeleton *interface_,
* properly before building the hooked_vtable, so we create it
* once at the last minute.
*/
- interface_->priv->hooked_vtable = g_memdup (g_dbus_interface_skeleton_get_vtable (interface_), sizeof (GDBusInterfaceVTable));
+ interface_->priv->hooked_vtable = g_memdup2 (g_dbus_interface_skeleton_get_vtable (interface_), sizeof (GDBusInterfaceVTable));
interface_->priv->hooked_vtable->method_call = skeleton_intercept_handle_method_call;
}
diff --git a/gio/gfile.c b/gio/gfile.c
index ff313ebf8..29ebaaa62 100644
--- a/gio/gfile.c
+++ b/gio/gfile.c
@@ -60,6 +60,7 @@
#include "gasyncresult.h"
#include "gioerror.h"
#include "glibintl.h"
+#include "gstrfuncsprivate.h"
/**
@@ -7734,7 +7735,7 @@ measure_disk_usage_progress (gboolean reporting,
g_main_context_invoke_full (g_task_get_context (task),
g_task_get_priority (task),
measure_disk_usage_invoke_progress,
- g_memdup (&progress, sizeof progress),
+ g_memdup2 (&progress, sizeof progress),
g_free);
}
@@ -7752,7 +7753,7 @@ measure_disk_usage_thread (GTask *task,
data->progress_callback ? measure_disk_usage_progress : NULL, task,
&result.disk_usage, &result.num_dirs, &result.num_files,
&error))
- g_task_return_pointer (task, g_memdup (&result, sizeof result), g_free);
+ g_task_return_pointer (task, g_memdup2 (&result, sizeof result), g_free);
else
g_task_return_error (task, error);
}
@@ -7776,7 +7777,7 @@ g_file_real_measure_disk_usage_async (GFile *file,
task = g_task_new (file, cancellable, callback, user_data);
g_task_set_source_tag (task, g_file_real_measure_disk_usage_async);
- g_task_set_task_data (task, g_memdup (&data, sizeof data), g_free);
+ g_task_set_task_data (task, g_memdup2 (&data, sizeof data), g_free);
g_task_set_priority (task, io_priority);
g_task_run_in_thread (task, measure_disk_usage_thread);
diff --git a/gio/gsettingsschema.c b/gio/gsettingsschema.c
index 17b7e3b01..499944395 100644
--- a/gio/gsettingsschema.c
+++ b/gio/gsettingsschema.c
@@ -20,6 +20,7 @@
#include "gsettingsschema-internal.h"
#include "gsettings.h"
+#include "gstrfuncsprivate.h"
#include "gvdb/gvdb-reader.h"
#include "strinfo.c"
@@ -1054,9 +1055,9 @@ g_settings_schema_list_children (GSettingsSchema *schema)
if (g_str_has_suffix (key, "/"))
{
- gint length = strlen (key);
+ gsize length = strlen (key);
- strv[j] = g_memdup (key, length);
+ strv[j] = g_memdup2 (key, length);
strv[j][length - 1] = '\0';
j++;
}
diff --git a/gio/gwin32registrykey.c b/gio/gwin32registrykey.c
index c19fede4e..619fd48af 100644
--- a/gio/gwin32registrykey.c
+++ b/gio/gwin32registrykey.c
@@ -28,6 +28,8 @@
#include <ntstatus.h>
#include <winternl.h>
+#include "gstrfuncsprivate.h"
+
#ifndef _WDMDDK_
typedef enum _KEY_INFORMATION_CLASS {
KeyBasicInformation,
@@ -247,7 +249,7 @@ g_win32_registry_value_iter_copy (const GWin32RegistryValueIter *iter)
new_iter->value_name_size = iter->value_name_size;
if (iter->value_data != NULL)
- new_iter->value_data = g_memdup (iter->value_data, iter->value_data_size);
+ new_iter->value_data = g_memdup2 (iter->value_data, iter->value_data_size);
new_iter->value_data_size = iter->value_data_size;
@@ -268,8 +270,8 @@ g_win32_registry_value_iter_copy (const GWin32RegistryValueIter *iter)
new_iter->value_data_expanded_charsize = iter->value_data_expanded_charsize;
if (iter->value_data_expanded_u8 != NULL)
- new_iter->value_data_expanded_u8 = g_memdup (iter->value_data_expanded_u8,
- iter->value_data_expanded_charsize);
+ new_iter->value_data_expanded_u8 = g_memdup2 (iter->value_data_expanded_u8,
+ iter->value_data_expanded_charsize);
new_iter->value_data_expanded_u8_size = iter->value_data_expanded_charsize;
diff --git a/gio/tests/async-close-output-stream.c b/gio/tests/async-close-output-stream.c
index 5f6620275..d3f97a119 100644
--- a/gio/tests/async-close-output-stream.c
+++ b/gio/tests/async-close-output-stream.c
@@ -24,6 +24,8 @@
#include <stdlib.h>
#include <string.h>
+#include "gstrfuncsprivate.h"
+
#define DATA_TO_WRITE "Hello world\n"
typedef struct
@@ -147,9 +149,9 @@ prepare_data (SetupData *data,
data->expected_size = g_memory_output_stream_get_data_size (G_MEMORY_OUTPUT_STREAM (data->data_stream));
- g_assert_cmpint (data->expected_size, >, 0);
+ g_assert_cmpuint (data->expected_size, >, 0);
- data->expected_output = g_memdup (written, (guint)data->expected_size);
+ data->expected_output = g_memdup2 (written, data->expected_size);
/* then recreate the streams and prepare them for the asynchronous close */
destroy_streams (data);
diff --git a/gio/tests/gdbus-export.c b/gio/tests/gdbus-export.c
index ef0dddeee..a3c842360 100644
--- a/gio/tests/gdbus-export.c
+++ b/gio/tests/gdbus-export.c
@@ -23,6 +23,7 @@
#include <string.h>
#include "gdbus-tests.h"
+#include "gstrfuncsprivate.h"
/* all tests rely on a shared mainloop */
static GMainLoop *loop = NULL;
@@ -652,7 +653,7 @@ subtree_introspect (GDBusConnection *connection,
g_assert_not_reached ();
}
- return g_memdup (interfaces, 2 * sizeof (void *));
+ return g_memdup2 (interfaces, 2 * sizeof (void *));
}
static const GDBusInterfaceVTable *
@@ -708,7 +709,7 @@ dynamic_subtree_introspect (GDBusConnection *connection,
{
const GDBusInterfaceInfo *interfaces[2] = { &dyna_interface_info, NULL };
- return g_memdup (interfaces, 2 * sizeof (void *));
+ return g_memdup2 (interfaces, 2 * sizeof (void *));
}
static const GDBusInterfaceVTable *
diff --git a/gio/win32/gwinhttpfile.c b/gio/win32/gwinhttpfile.c
index d5df16d91..f424d21cc 100644
--- a/gio/win32/gwinhttpfile.c
+++ b/gio/win32/gwinhttpfile.c
@@ -29,6 +29,7 @@
#include "gio/gfile.h"
#include "gio/gfileattribute.h"
#include "gio/gfileinfo.h"
+#include "gstrfuncsprivate.h"
#include "gwinhttpfile.h"
#include "gwinhttpfileinputstream.h"
#include "gwinhttpfileoutputstream.h"
@@ -393,10 +394,10 @@ g_winhttp_file_resolve_relative_path (GFile *file,
child = g_object_new (G_TYPE_WINHTTP_FILE, NULL);
child->vfs = winhttp_file->vfs;
child->url = winhttp_file->url;
- child->url.lpszScheme = g_memdup (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2);
- child->url.lpszHostName = g_memdup (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2);
- child->url.lpszUserName = g_memdup (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2);
- child->url.lpszPassword = g_memdup (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2);
+ child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2);
+ child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2);
+ child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2);
+ child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2);
child->url.lpszUrlPath = wnew_path;
child->url.dwUrlPathLength = wcslen (wnew_path);
child->url.lpszExtraInfo = NULL;
--
2.31.1

278
SOURCES/0002-glocalfileoutputstream-Fix-CREATE_REPLACE_DESTINATIO.patch Normal file
View File

@ -0,0 +1,278 @@
From 6c10e8ce6905e8fcc3466eb8af707b5d0d3bdb85 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 24 Feb 2021 17:36:07 +0000
Subject: [PATCH 2/3] glocalfileoutputstream: Fix CREATE_REPLACE_DESTINATION
with symlinks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The `G_FILE_CREATE_REPLACE_DESTINATION` flag is equivalent to unlinking
the destination file and re-creating it from scratch. That did
previously work, but in the process the code would call `open(O_CREAT)`
on the file. If the file was a dangling symlink, this would create the
destination file (empty). Thats not an intended side-effect, and has
security implications if the symlink is controlled by a lower-privileged
process.
Fix that by not opening the destination file if its a symlink, and
adjusting the rest of the code to cope with
- the fact that `fd == -1` is not an error iff `is_symlink` is true,
- and that `original_stat` will contain the `lstat()` results for the
symlink now, rather than the `stat()` results for its target (again,
iff `is_symlink` is true).
This means that the target of the dangling symlink is no longer created,
which was the bug. The symlink itself continues to be replaced (as
before) with the new file — this is the intended behaviour of
`g_file_replace()`.
The behaviour for non-symlink cases, or cases where the symlink was not
dangling, should be unchanged.
Includes a unit test.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Fixes: #2325
---
gio/glocalfileoutputstream.c | 63 ++++++++++++++-------
gio/tests/file.c | 107 ++++++++++++++++++++++++++++++++++-
2 files changed, 149 insertions(+), 21 deletions(-)
diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
index 6a70b2a04..4a7766f68 100644
--- a/gio/glocalfileoutputstream.c
+++ b/gio/glocalfileoutputstream.c
@@ -779,16 +779,22 @@ handle_overwrite_open (const char *filename,
/* Could be a symlink, or it could be a regular ELOOP error,
* but then the next open will fail too. */
is_symlink = TRUE;
- fd = g_open (filename, open_flags, mode);
+ if (!replace_destination_set)
+ fd = g_open (filename, open_flags, mode);
}
-#else
- fd = g_open (filename, open_flags, mode);
- errsv = errno;
+#else /* if !O_NOFOLLOW */
/* This is racy, but we do it as soon as possible to minimize the race */
is_symlink = g_file_test (filename, G_FILE_TEST_IS_SYMLINK);
+
+ if (!is_symlink || !replace_destination_set)
+ {
+ fd = g_open (filename, open_flags, mode);
+ errsv = errno;
+ }
#endif
- if (fd == -1)
+ if (fd == -1 &&
+ (!is_symlink || !replace_destination_set))
{
char *display_name = g_filename_display_name (filename);
g_set_error (error, G_IO_ERROR,
@@ -800,10 +806,17 @@ handle_overwrite_open (const char *filename,
}
#ifdef G_OS_WIN32
- res = GLIB_PRIVATE_CALL (g_win32_fstat) (fd, &original_stat);
-#else
- res = fstat (fd, &original_stat);
+#error This patch has not been ported to Windows, sorry
#endif
+
+ if (!is_symlink)
+ {
+ res = fstat (fd, &original_stat);
+ }
+ else
+ {
+ res = lstat (filename, &original_stat);
+ }
errsv = errno;
if (res != 0)
@@ -821,16 +834,27 @@ handle_overwrite_open (const char *filename,
if (!S_ISREG (original_stat.st_mode))
{
if (S_ISDIR (original_stat.st_mode))
- g_set_error_literal (error,
- G_IO_ERROR,
- G_IO_ERROR_IS_DIRECTORY,
- _("Target file is a directory"));
- else
- g_set_error_literal (error,
- G_IO_ERROR,
- G_IO_ERROR_NOT_REGULAR_FILE,
- _("Target file is not a regular file"));
- goto err_out;
+ {
+ g_set_error_literal (error,
+ G_IO_ERROR,
+ G_IO_ERROR_IS_DIRECTORY,
+ _("Target file is a directory"));
+ goto err_out;
+ }
+ else if (!is_symlink ||
+#ifdef S_ISLNK
+ !S_ISLNK (original_stat.st_mode)
+#else
+ FALSE
+#endif
+ )
+ {
+ g_set_error_literal (error,
+ G_IO_ERROR,
+ G_IO_ERROR_NOT_REGULAR_FILE,
+ _("Target file is not a regular file"));
+ goto err_out;
+ }
}
if (etag != NULL)
@@ -911,7 +935,8 @@ handle_overwrite_open (const char *filename,
}
}
- g_close (fd, NULL);
+ if (fd >= 0)
+ g_close (fd, NULL);
*temp_filename = tmp_filename;
return tmpfd;
}
diff --git a/gio/tests/file.c b/gio/tests/file.c
index 98eeb85d4..44db6e295 100644
--- a/gio/tests/file.c
+++ b/gio/tests/file.c
@@ -671,8 +671,6 @@ test_replace_cancel (void)
guint count;
GError *error = NULL;
- g_test_bug ("629301");
-
path = g_dir_make_tmp ("g_file_replace_cancel_XXXXXX", &error);
g_assert_no_error (error);
tmpdir = g_file_new_for_path (path);
@@ -779,6 +777,110 @@ test_replace_cancel (void)
g_object_unref (tmpdir);
}
+static void
+test_replace_symlink (void)
+{
+#ifdef G_OS_UNIX
+ gchar *tmpdir_path = NULL;
+ GFile *tmpdir = NULL, *source_file = NULL, *target_file = NULL;
+ GFileOutputStream *stream = NULL;
+ const gchar *new_contents = "this is a test message which should be written to source and not target";
+ gsize n_written;
+ GFileEnumerator *enumerator = NULL;
+ GFileInfo *info = NULL;
+ gchar *contents = NULL;
+ gsize length = 0;
+ GError *local_error = NULL;
+
+ /* Create a fresh, empty working directory. */
+ tmpdir_path = g_dir_make_tmp ("g_file_replace_symlink_XXXXXX", &local_error);
+ g_assert_no_error (local_error);
+ tmpdir = g_file_new_for_path (tmpdir_path);
+
+ g_test_message ("Using temporary directory %s", tmpdir_path);
+ g_free (tmpdir_path);
+
+ /* Create symlink `source` which points to `target`. */
+ source_file = g_file_get_child (tmpdir, "source");
+ target_file = g_file_get_child (tmpdir, "target");
+ g_file_make_symbolic_link (source_file, "target", NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ /* Ensure that `target` doesnt exist */
+ g_assert_false (g_file_query_exists (target_file, NULL));
+
+ /* Replace the `source` symlink with a regular file using
+ * %G_FILE_CREATE_REPLACE_DESTINATION, which should replace it *without*
+ * following the symlink */
+ stream = g_file_replace (source_file, NULL, FALSE /* no backup */,
+ G_FILE_CREATE_REPLACE_DESTINATION, NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ g_output_stream_write_all (G_OUTPUT_STREAM (stream), new_contents, strlen (new_contents),
+ &n_written, NULL, &local_error);
+ g_assert_no_error (local_error);
+ g_assert_cmpint (n_written, ==, strlen (new_contents));
+
+ g_output_stream_close (G_OUTPUT_STREAM (stream), NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ g_clear_object (&stream);
+
+ /* At this point, there should still only be one file: `source`. It should
+ * now be a regular file. `target` should not exist. */
+ enumerator = g_file_enumerate_children (tmpdir,
+ G_FILE_ATTRIBUTE_STANDARD_NAME ","
+ G_FILE_ATTRIBUTE_STANDARD_TYPE,
+ G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ info = g_file_enumerator_next_file (enumerator, NULL, &local_error);
+ g_assert_no_error (local_error);
+ g_assert_nonnull (info);
+
+ g_assert_cmpstr (g_file_info_get_name (info), ==, "source");
+ g_assert_cmpint (g_file_info_get_file_type (info), ==, G_FILE_TYPE_REGULAR);
+
+ g_clear_object (&info);
+
+ info = g_file_enumerator_next_file (enumerator, NULL, &local_error);
+ g_assert_no_error (local_error);
+ g_assert_null (info);
+
+ g_file_enumerator_close (enumerator, NULL, &local_error);
+ g_assert_no_error (local_error);
+ g_clear_object (&enumerator);
+
+ /* Double-check that `target` doesnt exist */
+ g_assert_false (g_file_query_exists (target_file, NULL));
+
+ /* Check the content of `source`. */
+ g_file_load_contents (source_file,
+ NULL,
+ &contents,
+ &length,
+ NULL,
+ &local_error);
+ g_assert_no_error (local_error);
+ g_assert_cmpstr (contents, ==, new_contents);
+ g_assert_cmpuint (length, ==, strlen (new_contents));
+ g_free (contents);
+
+ /* Tidy up. */
+ g_file_delete (source_file, NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ g_file_delete (tmpdir, NULL, &local_error);
+ g_assert_no_error (local_error);
+
+ g_clear_object (&target_file);
+ g_clear_object (&source_file);
+ g_clear_object (&tmpdir);
+#else /* if !G_OS_UNIX */
+ g_test_skip ("Symlink replacement tests can only be run on Unix")
+#endif
+}
+
static void
on_file_deleted (GObject *object,
GAsyncResult *result,
@@ -1170,6 +1272,7 @@ main (int argc, char *argv[])
g_test_add_data_func ("/file/async-create-delete/4096", GINT_TO_POINTER (4096), test_create_delete);
g_test_add_func ("/file/replace-load", test_replace_load);
g_test_add_func ("/file/replace-cancel", test_replace_cancel);
+ g_test_add_func ("/file/replace-symlink", test_replace_symlink);
g_test_add_func ("/file/async-delete", test_async_delete);
#ifdef G_OS_UNIX
g_test_add_func ("/file/copy-preserve-mode", test_copy_preserve_mode);
--
2.31.1

47
SOURCES/0002-gvariant-test-Also-force-alignment-for-tuple-test-da.patch Normal file
View File

@ -0,0 +1,47 @@
From 4ef58e5661849317a1110c9b93957f2c608677dd Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Thu, 3 Jan 2019 08:21:40 +0000
Subject: [PATCH 2/2] gvariant test: Also force alignment for tuple test data
glib!552 (commit 9eed22b3) fixed this for the tests that failed on i686,
but this additional test failed on Debian's s390x port
(IBM z/Architecture, 64-bit big-endian).
Signed-off-by: Simon McVittie <smcv@collabora.com>
---
glib/tests/gvariant.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/glib/tests/gvariant.c b/glib/tests/gvariant.c
index a7b19826d..c4a996c1f 100644
--- a/glib/tests/gvariant.c
+++ b/glib/tests/gvariant.c
@@ -4820,6 +4820,7 @@ test_normal_checking_array_offsets (void)
static void
test_normal_checking_tuple_offsets (void)
{
+ gpointer aligned_data;
const guint8 data[] = {
0x07, 0xe5, 0x00, 0x07, 0x00, 0x07,
'(', 'a', 's', 'a', 's', 'a', 's', 'a', 's', 'a', 's', 'a', 's', ')',
@@ -4828,13 +4829,15 @@ test_normal_checking_tuple_offsets (void)
GVariant *variant = NULL;
GVariant *normal_variant = NULL;
- variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, data, size,
- FALSE, NULL, NULL);
+ aligned_data = g_memdup (data, size); /* guarantee alignment */
+ variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, aligned_data,
+ size, FALSE, NULL, NULL);
g_assert_nonnull (variant);
normal_variant = g_variant_get_normal_form (variant);
g_assert_nonnull (normal_variant);
+ g_free (aligned_data);
g_variant_unref (normal_variant);
g_variant_unref (variant);
}
--
2.19.1

54
SOURCES/0003-glocalfileoutputstream-Add-a-missing-O_CLOEXEC-flag-.patch Normal file
View File

@ -0,0 +1,54 @@
From 7f0b0d7fd744ad2f51236444005db49c80a0293d Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 24 Feb 2021 17:42:24 +0000
Subject: [PATCH 3/3] glocalfileoutputstream: Add a missing O_CLOEXEC flag to
replace()
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
---
gio/glocalfileoutputstream.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
index 4a7766f68..275770fa4 100644
--- a/gio/glocalfileoutputstream.c
+++ b/gio/glocalfileoutputstream.c
@@ -56,6 +56,12 @@
#define O_BINARY 0
#endif
+#ifndef O_CLOEXEC
+#define O_CLOEXEC 0
+#else
+#define HAVE_O_CLOEXEC 1
+#endif
+
struct _GLocalFileOutputStreamPrivate {
char *tmp_filename;
char *original_filename;
@@ -1127,7 +1133,7 @@ _g_local_file_output_stream_replace (const char *filename,
sync_on_close = FALSE;
/* If the file doesn't exist, create it */
- open_flags = O_CREAT | O_EXCL | O_BINARY;
+ open_flags = O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC;
if (readable)
open_flags |= O_RDWR;
else
@@ -1157,8 +1163,11 @@ _g_local_file_output_stream_replace (const char *filename,
set_error_from_open_errno (filename, error);
return NULL;
}
-
-
+#if !defined(HAVE_O_CLOEXEC) && defined(F_SETFD)
+ else
+ fcntl (fd, F_SETFD, FD_CLOEXEC);
+#endif
+
stream = g_object_new (G_TYPE_LOCAL_FILE_OUTPUT_STREAM, NULL);
stream->priv->fd = fd;
stream->priv->sync_on_close = sync_on_close;
--
2.31.1

136
SOURCES/0003-gobject-Use-g_memdup2-instead-of-g_memdup-in-obvious.patch Normal file
View File

@ -0,0 +1,136 @@
From 9d84623c724b9599071fb7f12a189746f7b0ff3f Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 13:39:25 +0000
Subject: [PATCH 03/12] gobject: Use g_memdup2() instead of g_memdup() in
obvious places
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Convert all the call sites which use `g_memdup()`s length argument
trivially (for example, by passing a `sizeof()`), so that they use
`g_memdup2()` instead.
In almost all of these cases the use of `g_memdup()` would not have
caused problems, but it will soon be deprecated, so best port away from
it.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
---
gobject/gsignal.c | 3 ++-
gobject/gtype.c | 9 +++++----
gobject/gtypemodule.c | 3 ++-
gobject/tests/param.c | 4 +++-
4 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/gobject/gsignal.c b/gobject/gsignal.c
index b22dfcca8..92555eb60 100644
--- a/gobject/gsignal.c
+++ b/gobject/gsignal.c
@@ -28,6 +28,7 @@
#include <signal.h>
#include "gsignal.h"
+#include "gstrfuncsprivate.h"
#include "gtype-private.h"
#include "gbsearcharray.h"
#include "gvaluecollector.h"
@@ -1724,7 +1725,7 @@ g_signal_newv (const gchar *signal_name,
node->single_va_closure_is_valid = FALSE;
node->flags = signal_flags & G_SIGNAL_FLAGS_MASK;
node->n_params = n_params;
- node->param_types = g_memdup (param_types, sizeof (GType) * n_params);
+ node->param_types = g_memdup2 (param_types, sizeof (GType) * n_params);
node->return_type = return_type;
node->class_closure_bsa = NULL;
if (accumulator)
diff --git a/gobject/gtype.c b/gobject/gtype.c
index 275a8b60b..9e663ce52 100644
--- a/gobject/gtype.c
+++ b/gobject/gtype.c
@@ -33,6 +33,7 @@
#include "glib-private.h"
#include "gconstructor.h"
+#include "gstrfuncsprivate.h"
#ifdef G_OS_WIN32
#include <windows.h>
@@ -1471,7 +1472,7 @@ type_add_interface_Wm (TypeNode *node,
iholder->next = iface_node_get_holders_L (iface);
iface_node_set_holders_W (iface, iholder);
iholder->instance_type = NODE_TYPE (node);
- iholder->info = info ? g_memdup (info, sizeof (*info)) : NULL;
+ iholder->info = info ? g_memdup2 (info, sizeof (*info)) : NULL;
iholder->plugin = plugin;
/* create an iface entry for this type */
@@ -1732,7 +1733,7 @@ type_iface_retrieve_holder_info_Wm (TypeNode *iface,
INVALID_RECURSION ("g_type_plugin_*", iholder->plugin, NODE_NAME (iface));
check_interface_info_I (iface, instance_type, &tmp_info);
- iholder->info = g_memdup (&tmp_info, sizeof (tmp_info));
+ iholder->info = g_memdup2 (&tmp_info, sizeof (tmp_info));
}
return iholder; /* we don't modify write lock upon returning NULL */
@@ -2013,10 +2014,10 @@ type_iface_vtable_base_init_Wm (TypeNode *iface,
IFaceEntry *pentry = type_lookup_iface_entry_L (pnode, iface);
if (pentry)
- vtable = g_memdup (pentry->vtable, iface->data->iface.vtable_size);
+ vtable = g_memdup2 (pentry->vtable, iface->data->iface.vtable_size);
}
if (!vtable)
- vtable = g_memdup (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size);
+ vtable = g_memdup2 (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size);
entry->vtable = vtable;
vtable->g_type = NODE_TYPE (iface);
vtable->g_instance_type = NODE_TYPE (node);
diff --git a/gobject/gtypemodule.c b/gobject/gtypemodule.c
index c67f789b1..cf877bc0b 100644
--- a/gobject/gtypemodule.c
+++ b/gobject/gtypemodule.c
@@ -19,6 +19,7 @@
#include <stdlib.h>
+#include "gstrfuncsprivate.h"
#include "gtypeplugin.h"
#include "gtypemodule.h"
@@ -436,7 +437,7 @@ g_type_module_register_type (GTypeModule *module,
module_type_info->loaded = TRUE;
module_type_info->info = *type_info;
if (type_info->value_table)
- module_type_info->info.value_table = g_memdup (type_info->value_table,
+ module_type_info->info.value_table = g_memdup2 (type_info->value_table,
sizeof (GTypeValueTable));
return module_type_info->type;
diff --git a/gobject/tests/param.c b/gobject/tests/param.c
index 758289bf8..971cff162 100644
--- a/gobject/tests/param.c
+++ b/gobject/tests/param.c
@@ -2,6 +2,8 @@
#include <glib-object.h>
#include <stdlib.h>
+#include "gstrfuncsprivate.h"
+
static void
test_param_value (void)
{
@@ -851,7 +853,7 @@ main (int argc, char *argv[])
test_path = g_strdup_printf ("/param/implement/subprocess/%d-%d-%d-%d",
data.change_this_flag, data.change_this_type,
data.use_this_flag, data.use_this_type);
- test_data = g_memdup (&data, sizeof (TestParamImplementData));
+ test_data = g_memdup2 (&data, sizeof (TestParamImplementData));
g_test_add_data_func_full (test_path, test_data, test_param_implement_child, g_free);
g_free (test_path);
}
--
2.31.1

284
SOURCES/0004-glib-Use-g_memdup2-instead-of-g_memdup-in-obvious-pl.patch Normal file
View File

@ -0,0 +1,284 @@
From 3bfea0105adc5d946a82995ad439d8119b55dae2 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 13:41:21 +0000
Subject: [PATCH 04/12] glib: Use g_memdup2() instead of g_memdup() in obvious
places
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Convert all the call sites which use `g_memdup()`s length argument
trivially (for example, by passing a `sizeof()` or an existing `gsize`
variable), so that they use `g_memdup2()` instead.
In almost all of these cases the use of `g_memdup()` would not have
caused problems, but it will soon be deprecated, so best port away from
it
In particular, this fixes an overflow within `g_bytes_new()`, identified
as GHSL-2021-045 by GHSL team member Kevin Backhouse.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Fixes: GHSL-2021-045
Helps: #2319
---
glib/gbytes.c | 6 ++++--
glib/gdir.c | 3 ++-
glib/ghash.c | 1 +
glib/giochannel.c | 1 +
glib/gslice.c | 3 ++-
glib/gtestutils.c | 3 ++-
glib/gvariant.c | 7 ++++---
glib/gvarianttype.c | 3 ++-
glib/tests/array-test.c | 4 +++-
glib/tests/option-context.c | 6 ++++--
glib/tests/uri.c | 2 ++
11 files changed, 27 insertions(+), 12 deletions(-)
diff --git a/glib/gbytes.c b/glib/gbytes.c
index 3b14a51cd..5141170d7 100644
--- a/glib/gbytes.c
+++ b/glib/gbytes.c
@@ -33,6 +33,8 @@
#include <string.h>
+#include "gstrfuncsprivate.h"
+
/**
* GBytes:
*
@@ -94,7 +96,7 @@ g_bytes_new (gconstpointer data,
{
g_return_val_if_fail (data != NULL || size == 0, NULL);
- return g_bytes_new_take (g_memdup (data, size), size);
+ return g_bytes_new_take (g_memdup2 (data, size), size);
}
/**
@@ -490,7 +492,7 @@ g_bytes_unref_to_data (GBytes *bytes,
* Copy: Non g_malloc (or compatible) allocator, or static memory,
* so we have to copy, and then unref.
*/
- result = g_memdup (bytes->data, bytes->size);
+ result = g_memdup2 (bytes->data, bytes->size);
*size = bytes->size;
g_bytes_unref (bytes);
}
diff --git a/glib/gdir.c b/glib/gdir.c
index cb4ad0b2f..9d955d57f 100644
--- a/glib/gdir.c
+++ b/glib/gdir.c
@@ -37,6 +37,7 @@
#include "gconvert.h"
#include "gfileutils.h"
#include "gstrfuncs.h"
+#include "gstrfuncsprivate.h"
#include "gtestutils.h"
#include "glibintl.h"
@@ -113,7 +114,7 @@ g_dir_open_with_errno (const gchar *path,
return NULL;
#endif
- return g_memdup (&dir, sizeof dir);
+ return g_memdup2 (&dir, sizeof dir);
}
/**
diff --git a/glib/ghash.c b/glib/ghash.c
index 6bb04a50d..d475e6d64 100644
--- a/glib/ghash.c
+++ b/glib/ghash.c
@@ -34,6 +34,7 @@
#include "glib-private.h"
#include "gstrfuncs.h"
+#include "gstrfuncsprivate.h"
#include "gatomic.h"
#include "gtestutils.h"
#include "gslice.h"
diff --git a/glib/giochannel.c b/glib/giochannel.c
index f01817a83..ec2cada6f 100644
--- a/glib/giochannel.c
+++ b/glib/giochannel.c
@@ -37,6 +37,7 @@
#include "giochannel.h"
#include "gstrfuncs.h"
+#include "gstrfuncsprivate.h"
#include "gtestutils.h"
#include "glibintl.h"
#include "gunicodeprivate.h"
diff --git a/glib/gslice.c b/glib/gslice.c
index 454c8a602..8e2359515 100644
--- a/glib/gslice.c
+++ b/glib/gslice.c
@@ -45,6 +45,7 @@
#include "gmain.h"
#include "gmem.h" /* gslice.h */
#include "gstrfuncs.h"
+#include "gstrfuncsprivate.h"
#include "gutils.h"
#include "gtrashstack.h"
#include "gtestutils.h"
@@ -352,7 +353,7 @@ g_slice_get_config_state (GSliceConfig ckey,
array[i++] = allocator->contention_counters[address];
array[i++] = allocator_get_magazine_threshold (allocator, address);
*n_values = i;
- return g_memdup (array, sizeof (array[0]) * *n_values);
+ return g_memdup2 (array, sizeof (array[0]) * *n_values);
default:
return NULL;
}
diff --git a/glib/gtestutils.c b/glib/gtestutils.c
index 0447dcda5..14e071fce 100644
--- a/glib/gtestutils.c
+++ b/glib/gtestutils.c
@@ -49,6 +49,7 @@
#include "gpattern.h"
#include "grand.h"
#include "gstrfuncs.h"
+#include "gstrfuncsprivate.h"
#include "gtimer.h"
#include "gslice.h"
#include "gspawn.h"
@@ -3397,7 +3398,7 @@ g_test_log_extract (GTestLogBuffer *tbuffer)
if (p <= tbuffer->data->str + mlength)
{
g_string_erase (tbuffer->data, 0, mlength);
- tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup (&msg, sizeof (msg)));
+ tbuffer->msgs = g_slist_prepend (tbuffer->msgs, g_memdup2 (&msg, sizeof (msg)));
return TRUE;
}
diff --git a/glib/gvariant.c b/glib/gvariant.c
index 8be9ce798..45a1a73dc 100644
--- a/glib/gvariant.c
+++ b/glib/gvariant.c
@@ -33,6 +33,7 @@
#include <string.h>
+#include "gstrfuncsprivate.h"
/**
* SECTION:gvariant
@@ -720,7 +721,7 @@ g_variant_new_variant (GVariant *value)
g_variant_ref_sink (value);
return g_variant_new_from_children (G_VARIANT_TYPE_VARIANT,
- g_memdup (&value, sizeof value),
+ g_memdup2 (&value, sizeof value),
1, g_variant_is_trusted (value));
}
@@ -1224,7 +1225,7 @@ g_variant_new_fixed_array (const GVariantType *element_type,
return NULL;
}
- data = g_memdup (elements, n_elements * element_size);
+ data = g_memdup2 (elements, n_elements * element_size);
value = g_variant_new_from_data (array_type, data,
n_elements * element_size,
FALSE, g_free, data);
@@ -1901,7 +1902,7 @@ g_variant_dup_bytestring (GVariant *value,
if (length)
*length = size;
- return g_memdup (original, size + 1);
+ return g_memdup2 (original, size + 1);
}
/**
diff --git a/glib/gvarianttype.c b/glib/gvarianttype.c
index c8433e65a..dbbf7d2d1 100644
--- a/glib/gvarianttype.c
+++ b/glib/gvarianttype.c
@@ -28,6 +28,7 @@
#include <string.h>
+#include "gstrfuncsprivate.h"
/**
* SECTION:gvarianttype
@@ -1174,7 +1175,7 @@ g_variant_type_new_tuple (const GVariantType * const *items,
g_assert (offset < sizeof buffer);
buffer[offset++] = ')';
- return (GVariantType *) g_memdup (buffer, offset);
+ return (GVariantType *) g_memdup2 (buffer, offset);
}
/**
diff --git a/glib/tests/array-test.c b/glib/tests/array-test.c
index 64b996fb8..f784c06f8 100644
--- a/glib/tests/array-test.c
+++ b/glib/tests/array-test.c
@@ -30,6 +30,8 @@
#include <string.h>
#include "glib.h"
+#include "gstrfuncsprivate.h"
+
static void
sum_up (gpointer data,
gpointer user_data)
@@ -913,7 +915,7 @@ byte_array_new_take (void)
GByteArray *gbarray;
guint8 *data;
- data = g_memdup ("woooweeewow", 11);
+ data = g_memdup2 ("woooweeewow", 11);
gbarray = g_byte_array_new_take (data, 11);
g_assert (gbarray->data == data);
g_assert_cmpuint (gbarray->len, ==, 11);
diff --git a/glib/tests/option-context.c b/glib/tests/option-context.c
index a1e7b051c..be214b312 100644
--- a/glib/tests/option-context.c
+++ b/glib/tests/option-context.c
@@ -27,6 +27,8 @@
#include <string.h>
#include <locale.h>
+#include "gstrfuncsprivate.h"
+
static GOptionEntry main_entries[] = {
{ "main-switch", 0, 0,
G_OPTION_ARG_NONE, NULL,
@@ -256,7 +258,7 @@ join_stringv (int argc, char **argv)
static char **
copy_stringv (char **argv, int argc)
{
- return g_memdup (argv, sizeof (char *) * (argc + 1));
+ return g_memdup2 (argv, sizeof (char *) * (argc + 1));
}
static void
@@ -2275,7 +2277,7 @@ test_group_parse (void)
g_option_context_add_group (context, group);
argv = split_string ("program --test arg1 -f arg2 --group-test arg3 --frob arg4 -z arg5", &argc);
- orig_argv = g_memdup (argv, (argc + 1) * sizeof (char *));
+ orig_argv = g_memdup2 (argv, (argc + 1) * sizeof (char *));
retval = g_option_context_parse (context, &argc, &argv, &error);
diff --git a/glib/tests/uri.c b/glib/tests/uri.c
index d292f33bf..77847ae6c 100644
--- a/glib/tests/uri.c
+++ b/glib/tests/uri.c
@@ -27,6 +27,8 @@
#include <string.h>
#include <stdlib.h>
+#include "gstrfuncsprivate.h"
+
typedef struct
{
char *filename;
--
2.31.1

47
SOURCES/0005-gwinhttpfile-Avoid-arithmetic-overflow-when-calculat.patch Normal file
View File

@ -0,0 +1,47 @@
From 14e8a9e9f26d33170ea092cd9eaf63d3d33ec6da Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 16:12:24 +0000
Subject: [PATCH 05/12] gwinhttpfile: Avoid arithmetic overflow when
calculating a size
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The members of `URL_COMPONENTS` (`winhttp_file->url`) are `DWORD`s, i.e.
32-bit unsigned integers. Adding to and multiplying them may cause them
to overflow the unsigned integer bounds, even if the result is passed to
`g_memdup2()` which accepts a `gsize`.
Cast the `URL_COMPONENTS` members to `gsize` first to ensure that the
arithmetic is done in terms of `gsize`s rather than unsigned integers.
Spotted by Sebastian Dröge.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
---
gio/win32/gwinhttpfile.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/gio/win32/gwinhttpfile.c b/gio/win32/gwinhttpfile.c
index f424d21cc..e98031a98 100644
--- a/gio/win32/gwinhttpfile.c
+++ b/gio/win32/gwinhttpfile.c
@@ -394,10 +394,10 @@ g_winhttp_file_resolve_relative_path (GFile *file,
child = g_object_new (G_TYPE_WINHTTP_FILE, NULL);
child->vfs = winhttp_file->vfs;
child->url = winhttp_file->url;
- child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, (winhttp_file->url.dwSchemeLength+1)*2);
- child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, (winhttp_file->url.dwHostNameLength+1)*2);
- child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, (winhttp_file->url.dwUserNameLength+1)*2);
- child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, (winhttp_file->url.dwPasswordLength+1)*2);
+ child->url.lpszScheme = g_memdup2 (winhttp_file->url.lpszScheme, ((gsize) winhttp_file->url.dwSchemeLength + 1) * 2);
+ child->url.lpszHostName = g_memdup2 (winhttp_file->url.lpszHostName, ((gsize) winhttp_file->url.dwHostNameLength + 1) * 2);
+ child->url.lpszUserName = g_memdup2 (winhttp_file->url.lpszUserName, ((gsize) winhttp_file->url.dwUserNameLength + 1) * 2);
+ child->url.lpszPassword = g_memdup2 (winhttp_file->url.lpszPassword, ((gsize) winhttp_file->url.dwPasswordLength + 1) * 2);
child->url.lpszUrlPath = wnew_path;
child->url.dwUrlPathLength = wcslen (wnew_path);
child->url.lpszExtraInfo = NULL;
--
2.31.1

94
SOURCES/0006-gdatainputstream-Handle-stop_chars_len-internally-as.patch Normal file
View File

@ -0,0 +1,94 @@
From 587a525b7eb44e770857cfd4526ebb49ded4e4c8 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 13:49:00 +0000
Subject: [PATCH 06/12] gdatainputstream: Handle stop_chars_len internally as
gsize
Previously it was handled as a `gssize`, which meant that if the
`stop_chars` string was longer than `G_MAXSSIZE` there would be an
overflow.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
---
gio/gdatainputstream.c | 25 +++++++++++++++++--------
1 file changed, 17 insertions(+), 8 deletions(-)
diff --git a/gio/gdatainputstream.c b/gio/gdatainputstream.c
index 9f207b158..f9891bb09 100644
--- a/gio/gdatainputstream.c
+++ b/gio/gdatainputstream.c
@@ -27,6 +27,7 @@
#include "gioenumtypes.h"
#include "gioerror.h"
#include "glibintl.h"
+#include "gstrfuncsprivate.h"
#include <string.h>
@@ -856,7 +857,7 @@ static gssize
scan_for_chars (GDataInputStream *stream,
gsize *checked_out,
const char *stop_chars,
- gssize stop_chars_len)
+ gsize stop_chars_len)
{
GBufferedInputStream *bstream;
const char *buffer;
@@ -952,7 +953,7 @@ typedef struct
gsize checked;
gchar *stop_chars;
- gssize stop_chars_len;
+ gsize stop_chars_len;
gsize length;
} GDataInputStreamReadData;
@@ -1078,12 +1079,17 @@ g_data_input_stream_read_async (GDataInputStream *stream,
{
GDataInputStreamReadData *data;
GTask *task;
+ gsize stop_chars_len_unsigned;
data = g_slice_new0 (GDataInputStreamReadData);
- if (stop_chars_len == -1)
- stop_chars_len = strlen (stop_chars);
- data->stop_chars = g_memdup (stop_chars, stop_chars_len);
- data->stop_chars_len = stop_chars_len;
+
+ if (stop_chars_len < 0)
+ stop_chars_len_unsigned = strlen (stop_chars);
+ else
+ stop_chars_len_unsigned = (gsize) stop_chars_len;
+
+ data->stop_chars = g_memdup2 (stop_chars, stop_chars_len_unsigned);
+ data->stop_chars_len = stop_chars_len_unsigned;
data->last_saw_cr = FALSE;
task = g_task_new (stream, cancellable, callback, user_data);
@@ -1338,17 +1344,20 @@ g_data_input_stream_read_upto (GDataInputStream *stream,
gssize found_pos;
gssize res;
char *data_until;
+ gsize stop_chars_len_unsigned;
g_return_val_if_fail (G_IS_DATA_INPUT_STREAM (stream), NULL);
if (stop_chars_len < 0)
- stop_chars_len = strlen (stop_chars);
+ stop_chars_len_unsigned = strlen (stop_chars);
+ else
+ stop_chars_len_unsigned = (gsize) stop_chars_len;
bstream = G_BUFFERED_INPUT_STREAM (stream);
checked = 0;
- while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len)) == -1)
+ while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len_unsigned)) == -1)
{
if (g_buffered_input_stream_get_available (bstream) ==
g_buffered_input_stream_get_buffer_size (bstream))
--
2.31.1

69
SOURCES/0007-gwin32-Use-gsize-internally-in-g_wcsdup.patch Normal file
View File

@ -0,0 +1,69 @@
From 9878d5eaeb18bc05131dee9a316f74e717626018 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 13:50:37 +0000
Subject: [PATCH 07/12] gwin32: Use gsize internally in g_wcsdup()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This allows it to handle strings up to length `G_MAXSIZE` — previously
it would overflow with such strings.
Update the several copies of it identically.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
---
gio/gwin32registrykey.c | 34 ++++++++++++++++++++++++++--------
1 file changed, 26 insertions(+), 8 deletions(-)
diff --git a/gio/gwin32registrykey.c b/gio/gwin32registrykey.c
index 619fd48af..fbd65311a 100644
--- a/gio/gwin32registrykey.c
+++ b/gio/gwin32registrykey.c
@@ -127,16 +127,34 @@ typedef enum
G_WIN32_REGISTRY_UPDATED_PATH = 1,
} GWin32RegistryKeyUpdateFlag;
+static gsize
+g_utf16_len (const gunichar2 *str)
+{
+ gsize result;
+
+ for (result = 0; str[0] != 0; str++, result++)
+ ;
+
+ return result;
+}
+
static gunichar2 *
-g_wcsdup (const gunichar2 *str,
- gssize str_size)
+g_wcsdup (const gunichar2 *str, gssize str_len)
{
- if (str_size == -1)
- {
- str_size = wcslen (str) + 1;
- str_size *= sizeof (gunichar2);
- }
- return g_memdup (str, str_size);
+ gsize str_len_unsigned;
+ gsize str_size;
+
+ g_return_val_if_fail (str != NULL, NULL);
+
+ if (str_len < 0)
+ str_len_unsigned = g_utf16_len (str);
+ else
+ str_len_unsigned = (gsize) str_len;
+
+ g_assert (str_len_unsigned <= G_MAXSIZE / sizeof (gunichar2) - 1);
+ str_size = (str_len_unsigned + 1) * sizeof (gunichar2);
+
+ return g_memdup2 (str, str_size);
}
/**
--
2.31.1

94
SOURCES/0008-gkeyfilesettingsbackend-Handle-long-keys-when-conver.patch Normal file
View File

@ -0,0 +1,94 @@
From 34f26a016a55a742615538dfe5392e53b61fc46d Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 13:58:32 +0000
Subject: [PATCH 08/12] gkeyfilesettingsbackend: Handle long keys when
converting paths
Previously, the code in `convert_path()` could not handle keys longer
than `G_MAXINT`, and would overflow if that was exceeded.
Convert the code to use `gsize` and `g_memdup2()` throughout, and
change from identifying the position of the final slash in the string
using a signed offset `i`, to using a pointer to the character (and
`strrchr()`). This allows the slash to be at any position in a
`G_MAXSIZE`-long string, without sacrificing a bit of the offset for
indicating whether a slash was found.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
---
gio/gkeyfilesettingsbackend.c | 21 ++++++++++-----------
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
index f74e3682c..063df1ee7 100644
--- a/gio/gkeyfilesettingsbackend.c
+++ b/gio/gkeyfilesettingsbackend.c
@@ -33,6 +33,7 @@
#include "gfilemonitor.h"
#include "gsimplepermission.h"
#include "gsettingsbackendinternal.h"
+#include "gstrfuncsprivate.h"
#include "giomodule-priv.h"
#include "gportalsupport.h"
@@ -145,8 +146,8 @@ convert_path (GKeyfileSettingsBackend *kfsb,
gchar **group,
gchar **basename)
{
- gint key_len = strlen (key);
- gint i;
+ gsize key_len = strlen (key);
+ const gchar *last_slash;
if (key_len < kfsb->prefix_len ||
memcmp (key, kfsb->prefix, kfsb->prefix_len) != 0)
@@ -155,38 +156,36 @@ convert_path (GKeyfileSettingsBackend *kfsb,
key_len -= kfsb->prefix_len;
key += kfsb->prefix_len;
- for (i = key_len; i >= 0; i--)
- if (key[i] == '/')
- break;
+ last_slash = strrchr (key, '/');
if (kfsb->root_group)
{
/* if a root_group was specified, make sure the user hasn't given
* a path that ghosts that group name
*/
- if (i == kfsb->root_group_len && memcmp (key, kfsb->root_group, i) == 0)
+ if (last_slash != NULL && (last_slash - key) == kfsb->root_group_len && memcmp (key, kfsb->root_group, last_slash - key) == 0)
return FALSE;
}
else
{
/* if no root_group was given, ensure that the user gave a path */
- if (i == -1)
+ if (last_slash == NULL)
return FALSE;
}
if (group)
{
- if (i >= 0)
+ if (last_slash != NULL)
{
- *group = g_memdup (key, i + 1);
- (*group)[i] = '\0';
+ *group = g_memdup2 (key, (last_slash - key) + 1);
+ (*group)[(last_slash - key)] = '\0';
}
else
*group = g_strdup (kfsb->root_group);
}
if (basename)
- *basename = g_memdup (key + i + 1, key_len - i);
+ *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key));
return TRUE;
}
--
2.31.1

100
SOURCES/0009-gsocket-Use-gsize-to-track-native-sockaddr-s-size.patch Normal file
View File

@ -0,0 +1,100 @@
From 4d5c5d6af772f5fe6121eec403305a1b4340327d Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 14:00:53 +0000
Subject: [PATCH 09/12] =?UTF-8?q?gsocket:=20Use=20gsize=20to=20track=20nat?=
=?UTF-8?q?ive=20sockaddr=E2=80=99s=20size?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Dont use an `int`, thats potentially too small. In practical terms,
this is not a problem, since no socket address is going to be that big.
By making these changes we can use `g_memdup2()` without warnings,
though. Fewer warnings is good.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
---
gio/gsocket.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/gio/gsocket.c b/gio/gsocket.c
index b4a941eb1..7f41ffd3c 100644
--- a/gio/gsocket.c
+++ b/gio/gsocket.c
@@ -80,6 +80,8 @@
#include "gwin32networking.h"
#endif
+#include "gstrfuncsprivate.h"
+
/**
* SECTION:gsocket
* @short_description: Low-level socket object
@@ -173,7 +175,7 @@ static gboolean g_socket_datagram_based_condition_wait (GDatagramBased
GError **error);
static GSocketAddress *
-cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len);
+cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len);
static gssize
g_socket_receive_message_with_timeout (GSocket *socket,
@@ -270,7 +272,7 @@ struct _GSocketPrivate
struct {
GSocketAddress *addr;
struct sockaddr *native;
- gint native_len;
+ gsize native_len;
guint64 last_used;
} recv_addr_cache[RECV_ADDR_CACHE_SIZE];
};
@@ -5018,14 +5020,14 @@ g_socket_send_messages_with_timeout (GSocket *socket,
}
static GSocketAddress *
-cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len)
+cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len)
{
GSocketAddress *saddr;
gint i;
guint64 oldest_time = G_MAXUINT64;
gint oldest_index = 0;
- if (native_len <= 0)
+ if (native_len == 0)
return NULL;
saddr = NULL;
@@ -5033,7 +5035,7 @@ cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len)
{
GSocketAddress *tmp = socket->priv->recv_addr_cache[i].addr;
gpointer tmp_native = socket->priv->recv_addr_cache[i].native;
- gint tmp_native_len = socket->priv->recv_addr_cache[i].native_len;
+ gsize tmp_native_len = socket->priv->recv_addr_cache[i].native_len;
if (!tmp)
continue;
@@ -5063,7 +5065,7 @@ cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len)
g_free (socket->priv->recv_addr_cache[oldest_index].native);
}
- socket->priv->recv_addr_cache[oldest_index].native = g_memdup (native, native_len);
+ socket->priv->recv_addr_cache[oldest_index].native = g_memdup2 (native, native_len);
socket->priv->recv_addr_cache[oldest_index].native_len = native_len;
socket->priv->recv_addr_cache[oldest_index].addr = g_object_ref (saddr);
socket->priv->recv_addr_cache[oldest_index].last_used = g_get_monotonic_time ();
@@ -5213,6 +5215,9 @@ g_socket_receive_message_with_timeout (GSocket *socket,
{
win32_unset_event_mask (socket, FD_READ);
+ /* addrlen has to be of type int because thats how WSARecvFrom() is defined */
+ G_STATIC_ASSERT (sizeof addr <= G_MAXINT);
+
addrlen = sizeof addr;
if (address)
result = WSARecvFrom (socket->priv->fd,
--
2.31.1

52
SOURCES/0010-gtlspassword-Forbid-very-long-TLS-passwords.patch Normal file
View File

@ -0,0 +1,52 @@
From 4fd0162b758d97855beed09d81c77cb1a1626bd8 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 14:07:39 +0000
Subject: [PATCH 10/12] gtlspassword: Forbid very long TLS passwords
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The public API `g_tls_password_set_value_full()` (and the vfunc it
invokes) can only accept a `gssize` length. Ensure that nul-terminated
strings passed to `g_tls_password_set_value()` cant exceed that length.
Use `g_memdup2()` to avoid an overflow if theyre longer than
`G_MAXUINT` similarly.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
---
gio/gtlspassword.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/gio/gtlspassword.c b/gio/gtlspassword.c
index 1e437a7b6..dbcec41a8 100644
--- a/gio/gtlspassword.c
+++ b/gio/gtlspassword.c
@@ -23,6 +23,7 @@
#include "glibintl.h"
#include "gioenumtypes.h"
+#include "gstrfuncsprivate.h"
#include "gtlspassword.h"
#include <string.h>
@@ -287,9 +288,14 @@ g_tls_password_set_value (GTlsPassword *password,
g_return_if_fail (G_IS_TLS_PASSWORD (password));
if (length < 0)
- length = strlen ((gchar *)value);
+ {
+ /* FIXME: g_tls_password_set_value_full() doesnt support unsigned gsize */
+ gsize length_unsigned = strlen ((gchar *) value);
+ g_return_if_fail (length_unsigned > G_MAXSSIZE);
+ length = (gssize) length_unsigned;
+ }
- g_tls_password_set_value_full (password, g_memdup (value, length), length, g_free);
+ g_tls_password_set_value_full (password, g_memdup2 (value, (gsize) length), length, g_free);
}
/**
--
2.31.1

57
SOURCES/0011-giochannel-Forbid-very-long-line-terminator-strings.patch Normal file
View File

@ -0,0 +1,57 @@
From 0ae8a90a40335257b4f7e1f44498a8b5d4f48aab Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 4 Feb 2021 14:09:40 +0000
Subject: [PATCH 11/12] giochannel: Forbid very long line terminator strings
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The public API `GIOChannel.line_term_len` is only a `guint`. Ensure that
nul-terminated strings passed to `g_io_channel_set_line_term()` cant
exceed that length. Use `g_memdup2()` to avoid a warning (`g_memdup()`
is due to be deprecated), but not to avoid a bug, since its also
limited to `G_MAXUINT`.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
---
glib/giochannel.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/glib/giochannel.c b/glib/giochannel.c
index ec2cada6f..908730fab 100644
--- a/glib/giochannel.c
+++ b/glib/giochannel.c
@@ -885,16 +885,25 @@ g_io_channel_set_line_term (GIOChannel *channel,
const gchar *line_term,
gint length)
{
+ guint length_unsigned;
+
g_return_if_fail (channel != NULL);
g_return_if_fail (line_term == NULL || length != 0); /* Disallow "" */
if (line_term == NULL)
- length = 0;
- else if (length < 0)
- length = strlen (line_term);
+ length_unsigned = 0;
+ else if (length >= 0)
+ length_unsigned = (guint) length;
+ else
+ {
+ /* FIXME: Were constrained by line_term_len being a guint here */
+ gsize length_size = strlen (line_term);
+ g_return_if_fail (length_size > G_MAXUINT);
+ length_unsigned = (guint) length_size;
+ }
g_free (channel->line_term);
- channel->line_term = line_term ? g_memdup (line_term, length) : NULL;
+ channel->line_term = line_term ? g_memdup2 (line_term, length_unsigned) : NULL;
channel->line_term_len = length;
}
--
2.31.1

97
SOURCES/0012-Use-more-g_memdup2.patch Normal file
View File

@ -0,0 +1,97 @@
From 672c3963974bef02740dc3d4ac657876583b170d Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@gnome.org>
Date: Wed, 31 Mar 2021 10:00:46 -0500
Subject: [PATCH 12/12] Use more g_memdup2
This completes the removal of g_memdup() usage for GLib 2.56.
---
gio/gwin32appinfo.c | 3 ++-
glib/ghash.c | 2 +-
glib/tests/gvariant.c | 9 +++++----
3 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/gio/gwin32appinfo.c b/gio/gwin32appinfo.c
index 499bbb351..749b282dc 100644
--- a/gio/gwin32appinfo.c
+++ b/gio/gwin32appinfo.c
@@ -32,6 +32,7 @@
#include <glib/gstdio.h>
#include "glibintl.h"
#include <gio/gwin32registrykey.h>
+#include "gstrfuncsprivate.h"
#include <windows.h>
@@ -472,7 +473,7 @@ g_wcsdup (const gunichar2 *str, gssize str_size)
str_size = wcslen (str) + 1;
str_size *= sizeof (gunichar2);
}
- return g_memdup (str, str_size);
+ return g_memdup2 (str, str_size);
}
#define URL_ASSOCIATIONS L"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\"
diff --git a/glib/ghash.c b/glib/ghash.c
index d475e6d64..608d136f4 100644
--- a/glib/ghash.c
+++ b/glib/ghash.c
@@ -968,7 +968,7 @@ g_hash_table_insert_node (GHashTable *hash_table,
* split the table.
*/
if (G_UNLIKELY (hash_table->keys == hash_table->values && hash_table->keys[node_index] != new_value))
- hash_table->values = g_memdup (hash_table->keys, sizeof (gpointer) * hash_table->size);
+ hash_table->values = g_memdup2 (hash_table->keys, sizeof (gpointer) * hash_table->size);
/* Step 3: Actually do the write */
hash_table->values[node_index] = new_value;
diff --git a/glib/tests/gvariant.c b/glib/tests/gvariant.c
index c4a996c1f..5903b69bc 100644
--- a/glib/tests/gvariant.c
+++ b/glib/tests/gvariant.c
@@ -14,6 +14,7 @@
#include "config.h"
#include <glib/gvariant-internal.h>
+#include <glib/gstrfuncsprivate.h>
#include <string.h>
#include <stdlib.h>
#include <glib.h>
@@ -4673,7 +4674,7 @@ test_normal_checking_tuples (void)
GVariant *variant = NULL;
GVariant *normal_variant = NULL;
- aligned_data = g_memdup (data, size); /* guarantee alignment */
+ aligned_data = g_memdup2 (data, size); /* guarantee alignment */
variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, aligned_data, size,
FALSE, NULL, NULL);
g_assert_nonnull (variant);
@@ -4802,7 +4803,7 @@ test_normal_checking_array_offsets (void)
GVariant *variant = NULL;
GVariant *normal_variant = NULL;
- aligned_data = g_memdup (data, size); /* guarantee alignment */
+ aligned_data = g_memdup2 (data, size); /* guarantee alignment */
variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, aligned_data, size,
FALSE, NULL, NULL);
g_assert_nonnull (variant);
@@ -4829,7 +4830,7 @@ test_normal_checking_tuple_offsets (void)
GVariant *variant = NULL;
GVariant *normal_variant = NULL;
- aligned_data = g_memdup (data, size); /* guarantee alignment */
+ aligned_data = g_memdup2 (data, size); /* guarantee alignment */
variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, aligned_data,
size, FALSE, NULL, NULL);
g_assert_nonnull (variant);
@@ -4856,7 +4857,7 @@ test_normal_checking_empty_object_path (void)
GVariant *variant = NULL;
GVariant *normal_variant = NULL;
- aligned_data = g_memdup (data, size); /* guarantee alignment */
+ aligned_data = g_memdup2 (data, size); /* guarantee alignment */
variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, aligned_data, size,
FALSE, NULL, NULL);
g_assert_nonnull (variant);
--
2.31.1

38
SOURCES/CVE-2019-13012.patch Normal file
View File

@ -0,0 +1,38 @@
From 32ed752130bcbccc008819a7f1ea27651c601ee2 Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Tue, 22 Jan 2019 13:26:31 -0500
Subject: [PATCH 9/9] keyfile settings: Use tighter permissions
When creating directories, create them with 700 permissions,
instead of 777.
Closes: #1658
---
gio/gkeyfilesettingsbackend.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
index f5358818e..3d793f5a8 100644
--- a/gio/gkeyfilesettingsbackend.c
+++ b/gio/gkeyfilesettingsbackend.c
@@ -113,7 +113,8 @@ g_keyfile_settings_backend_keyfile_write (GKeyfileSettingsBackend *kfsb)
contents = g_key_file_to_data (kfsb->keyfile, &length, NULL);
g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE,
- G_FILE_CREATE_REPLACE_DESTINATION,
+ G_FILE_CREATE_REPLACE_DESTINATION |
+ G_FILE_CREATE_PRIVATE,
NULL, NULL, NULL);
compute_checksum (kfsb->digest, contents, length);
@@ -708,7 +709,7 @@ g_keyfile_settings_backend_constructed (GObject *object)
kfsb->permission = g_simple_permission_new (TRUE);
kfsb->dir = g_file_get_parent (kfsb->file);
- g_file_make_directory_with_parents (kfsb->dir, NULL, NULL);
+ g_mkdir_with_parents (g_file_peek_path (kfsb->dir), 0700);
kfsb->file_monitor = g_file_monitor (kfsb->file, G_FILE_MONITOR_NONE, NULL, NULL);
kfsb->dir_monitor = g_file_monitor (kfsb->dir, G_FILE_MONITOR_NONE, NULL, NULL);
--
2.28.0

658
SOURCES/backport-per-desktop-overrides.patch Normal file
View File

@ -0,0 +1,658 @@
From 5634fd61f17d28dfc05cd47cfbd2bd2f21e6d2b1 Mon Sep 17 00:00:00 2001
From: Allison Lortie <desrt@desrt.ca>
Date: Wed, 2 Aug 2017 11:06:03 +0100
Subject: [PATCH 1/4] gsettings: cleanup default value lookup
There are a couple of different ways (and soon one more) to access the
default value of a key. Clean up the various places that access this to
avoid duplication.
https://bugzilla.gnome.org/show_bug.cgi?id=746592
---
gio/gsettings.c | 20 ++++----------------
1 file changed, 4 insertions(+), 16 deletions(-)
diff --git a/gio/gsettings.c b/gio/gsettings.c
index 10d394d69..5e5816d57 100644
--- a/gio/gsettings.c
+++ b/gio/gsettings.c
@@ -1204,10 +1204,7 @@ g_settings_get_value (GSettings *settings,
value = g_settings_read_from_backend (settings, &skey, FALSE, FALSE);
if (value == NULL)
- value = g_settings_schema_key_get_translated_default (&skey);
-
- if (value == NULL)
- value = g_variant_ref (skey.default_value);
+ value = g_settings_schema_key_get_default_value (&skey);
g_settings_schema_key_clear (&skey);
@@ -1304,10 +1301,7 @@ g_settings_get_default_value (GSettings *settings,
value = g_settings_read_from_backend (settings, &skey, FALSE, TRUE);
if (value == NULL)
- value = g_settings_schema_key_get_translated_default (&skey);
-
- if (value == NULL)
- value = g_variant_ref (skey.default_value);
+ value = g_settings_schema_key_get_default_value (&skey);
g_settings_schema_key_clear (&skey);
@@ -1360,10 +1354,7 @@ g_settings_get_enum (GSettings *settings,
value = g_settings_read_from_backend (settings, &skey, FALSE, FALSE);
if (value == NULL)
- value = g_settings_schema_key_get_translated_default (&skey);
-
- if (value == NULL)
- value = g_variant_ref (skey.default_value);
+ value = g_settings_schema_key_get_default_value (&skey);
result = g_settings_schema_key_to_enum (&skey, value);
g_settings_schema_key_clear (&skey);
@@ -1473,10 +1464,7 @@ g_settings_get_flags (GSettings *settings,
value = g_settings_read_from_backend (settings, &skey, FALSE, FALSE);
if (value == NULL)
- value = g_settings_schema_key_get_translated_default (&skey);
-
- if (value == NULL)
- value = g_variant_ref (skey.default_value);
+ value = g_settings_schema_key_get_default_value (&skey);
result = g_settings_schema_key_to_flags (&skey, value);
g_settings_schema_key_clear (&skey);
--
2.21.0
From 89c6e8f4a0bcda4b58dbaea713e62be01cfc2087 Mon Sep 17 00:00:00 2001
From: Allison Lortie <desrt@desrt.ca>
Date: Wed, 2 Aug 2017 11:08:17 +0100
Subject: [PATCH 2/4] gsettingsschema: Allow per-desktop overrides
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Recognise a new 'd' option in schema keys which gives a dictionary of
per-desktop default values. This dictionary is searched for the items
found in XDG_CURRENT_DESKTOP, in the order. If nothing matches (or if
the option is missing) then the default value is used as before.
This feature was requested by Alberts Muktupāvels and this patch is
based on an approach devised by them.
https://bugzilla.gnome.org/show_bug.cgi?id=746592
---
gio/gsettings.c | 21 +++++++++++++++++
gio/gsettingsschema-internal.h | 2 ++
gio/gsettingsschema.c | 41 ++++++++++++++++++++++++++++++++++
3 files changed, 64 insertions(+)
diff --git a/gio/gsettings.c b/gio/gsettings.c
index 5e5816d57..f1130c095 100644
--- a/gio/gsettings.c
+++ b/gio/gsettings.c
@@ -1739,6 +1739,13 @@ g_settings_get_mapped (GSettings *settings,
if (okay) goto okay;
}
+ if ((value = g_settings_schema_key_get_per_desktop_default (&skey)))
+ {
+ okay = mapping (value, &result, user_data);
+ g_variant_unref (value);
+ if (okay) goto okay;
+ }
+
if (mapping (skey.default_value, &result, user_data))
goto okay;
@@ -2647,6 +2654,20 @@ g_settings_binding_key_changed (GSettings *settings,
}
}
+ if (variant == NULL)
+ {
+ variant = g_settings_schema_key_get_per_desktop_default (&binding->key);
+ if (variant &&
+ !binding->get_mapping (&value, variant, binding->user_data))
+ {
+ g_error ("Per-desktop default value for key '%s' in schema '%s' "
+ "was rejected by the binding mapping function.",
+ binding->key.name, g_settings_schema_get_id (binding->key.schema));
+ g_variant_unref (variant);
+ variant = NULL;
+ }
+ }
+
if (variant == NULL)
{
variant = g_variant_ref (binding->key.default_value);
diff --git a/gio/gsettingsschema-internal.h b/gio/gsettingsschema-internal.h
index f54de3b34..5f996b4bc 100644
--- a/gio/gsettingsschema-internal.h
+++ b/gio/gsettingsschema-internal.h
@@ -37,6 +37,7 @@ struct _GSettingsSchemaKey
const GVariantType *type;
GVariant *minimum, *maximum;
GVariant *default_value;
+ GVariant *desktop_overrides;
gint ref_count;
};
@@ -58,6 +59,7 @@ gboolean g_settings_schema_key_type_check (GSettin
GVariant * g_settings_schema_key_range_fixup (GSettingsSchemaKey *key,
GVariant *value);
GVariant * g_settings_schema_key_get_translated_default (GSettingsSchemaKey *key);
+GVariant * g_settings_schema_key_get_per_desktop_default (GSettingsSchemaKey *key);
gint g_settings_schema_key_to_enum (GSettingsSchemaKey *key,
GVariant *value);
diff --git a/gio/gsettingsschema.c b/gio/gsettingsschema.c
index f1274a369..17b7e3b01 100644
--- a/gio/gsettingsschema.c
+++ b/gio/gsettingsschema.c
@@ -27,6 +27,7 @@
#include <glibintl.h>
#include <locale.h>
#include <string.h>
+#include <stdlib.h>
/**
* SECTION:gsettingsschema
@@ -1283,6 +1284,11 @@ g_settings_schema_key_init (GSettingsSchemaKey *key,
endian_fixup (&key->maximum);
break;
+ case 'd':
+ g_variant_get (data, "@a{sv}", &key->desktop_overrides);
+ endian_fixup (&key->desktop_overrides);
+ break;
+
default:
g_warning ("unknown schema extension '%c'", code);
break;
@@ -1303,6 +1309,9 @@ g_settings_schema_key_clear (GSettingsSchemaKey *key)
if (key->maximum)
g_variant_unref (key->maximum);
+ if (key->desktop_overrides)
+ g_variant_unref (key->desktop_overrides);
+
g_variant_unref (key->default_value);
g_settings_schema_unref (key->schema);
@@ -1410,6 +1419,35 @@ g_settings_schema_key_get_translated_default (GSettingsSchemaKey *key)
return value;
}
+GVariant *
+g_settings_schema_key_get_per_desktop_default (GSettingsSchemaKey *key)
+{
+ static const gchar * const *current_desktops;
+ GVariant *value = NULL;
+ gint i;
+
+ if (!key->desktop_overrides)
+ return NULL;
+
+ if (g_once_init_enter (&current_desktops))
+ {
+ const gchar *xdg_current_desktop = g_getenv ("XDG_CURRENT_DESKTOP");
+ gchar **tmp;
+
+ if (xdg_current_desktop != NULL && xdg_current_desktop[0] != '\0')
+ tmp = g_strsplit (xdg_current_desktop, G_SEARCHPATH_SEPARATOR_S, -1);
+ else
+ tmp = g_new0 (gchar *, 0 + 1);
+
+ g_once_init_leave (&current_desktops, (const gchar **) tmp);
+ }
+
+ for (i = 0; value == NULL && current_desktops[i] != NULL; i++)
+ value = g_variant_lookup_value (key->desktop_overrides, current_desktops[i], NULL);
+
+ return value;
+}
+
gint
g_settings_schema_key_to_enum (GSettingsSchemaKey *key,
GVariant *value)
@@ -1698,6 +1736,9 @@ g_settings_schema_key_get_default_value (GSettingsSchemaKey *key)
value = g_settings_schema_key_get_translated_default (key);
+ if (!value)
+ value = g_settings_schema_key_get_per_desktop_default (key);
+
if (!value)
value = g_variant_ref (key->default_value);
--
2.21.0
From 3710e830de015829c086c69181a8703645d577ec Mon Sep 17 00:00:00 2001
From: Allison Lortie <desrt@desrt.ca>
Date: Wed, 2 Aug 2017 11:10:18 +0100
Subject: [PATCH 3/4] glib-compile-schemas: Handle per-desktop overrides
Add a new syntax to override files: if the group name has a ':' in it,
it indicates that we want to override the default values of keys for
only one desktop. For example:
[org.gnome.desktop.interface:Unity]
font-name='Ubuntu 12'
Will override the settings, only if "Unity" is found in
XDG_CURRENT_DESKTOP. Multiple per-desktop overrides can be specified
for a given key: the one which comes first in XDG_CURRENT_DESKTOP will
be used.
https://bugzilla.gnome.org/show_bug.cgi?id=746592
---
gio/glib-compile-schemas.c | 83 ++++++++++++++++++++++++++++++++++----
1 file changed, 75 insertions(+), 8 deletions(-)
diff --git a/gio/glib-compile-schemas.c b/gio/glib-compile-schemas.c
index 2dc8c7171..59fb68ee7 100644
--- a/gio/glib-compile-schemas.c
+++ b/gio/glib-compile-schemas.c
@@ -179,6 +179,8 @@ typedef struct
GString *unparsed_default_value;
GVariant *default_value;
+ GVariantDict *desktop_overrides;
+
GString *strinfo;
gboolean is_enum;
gboolean is_flags;
@@ -731,6 +733,11 @@ key_state_serialise (KeyState *state)
g_variant_builder_add (&builder, "(y(**))", 'r',
state->minimum, state->maximum);
+ /* per-desktop overrides */
+ if (state->desktop_overrides)
+ g_variant_builder_add (&builder, "(y@a{sv})", 'd',
+ g_variant_dict_end (state->desktop_overrides));
+
state->serialised = g_variant_builder_end (&builder);
}
@@ -768,6 +775,9 @@ key_state_free (gpointer data)
if (state->serialised)
g_variant_unref (state->serialised);
+ if (state->desktop_overrides)
+ g_variant_dict_unref (state->desktop_overrides);
+
g_slice_free (KeyState, state);
}
@@ -1878,6 +1888,8 @@ set_overrides (GHashTable *schema_table,
gchar **groups;
gint i;
+ g_debug ("Processing override file '%s'", filename);
+
key_file = g_key_file_new ();
if (!g_key_file_load_from_file (key_file, filename, 0, &error))
{
@@ -1900,18 +1912,31 @@ set_overrides (GHashTable *schema_table,
for (i = 0; groups[i]; i++)
{
const gchar *group = groups[i];
+ const gchar *schema_name;
+ const gchar *desktop_id;
SchemaState *schema;
+ gchar **pieces;
gchar **keys;
gint j;
- schema = g_hash_table_lookup (schema_table, group);
+ pieces = g_strsplit (group, ":", 2);
+ schema_name = pieces[0];
+ desktop_id = pieces[1];
+
+ g_debug ("Processing group '%s' (schema '%s', %s)",
+ group, schema_name, desktop_id ? desktop_id : "all desktops");
+
+ schema = g_hash_table_lookup (schema_table, schema_name);
if (schema == NULL)
- /* Having the schema not be installed is expected to be a
- * common case. Don't even emit an error message about
- * that.
- */
- continue;
+ {
+ /* Having the schema not be installed is expected to be a
+ * common case. Don't even emit an error message about
+ * that.
+ */
+ g_strfreev (pieces);
+ continue;
+ }
keys = g_key_file_get_keys (key_file, group, NULL, NULL);
g_assert (keys != NULL);
@@ -1939,6 +1964,32 @@ set_overrides (GHashTable *schema_table,
fprintf (stderr, _(" and --strict was specified; exiting.\n"));
g_key_file_free (key_file);
+ g_strfreev (pieces);
+ g_strfreev (groups);
+ g_strfreev (keys);
+
+ return FALSE;
+ }
+
+ if (desktop_id != NULL && state->l10n)
+ {
+ /* Let's avoid the n*m case of per-desktop localised
+ * default values, and just forbid it.
+ */
+ fprintf (stderr,
+ _("cannot provide per-desktop overrides for localised "
+ "key '%s' in schema '%s' (override file '%s')"),
+ key, group, filename);
+
+ if (!strict)
+ {
+ fprintf (stderr, _("; ignoring override for this key.\n"));
+ continue;
+ }
+
+ fprintf (stderr, _(" and --strict was specified; exiting.\n"));
+ g_key_file_free (key_file);
+ g_strfreev (pieces);
g_strfreev (groups);
g_strfreev (keys);
@@ -1969,6 +2020,7 @@ set_overrides (GHashTable *schema_table,
fprintf (stderr, _("--strict was specified; exiting.\n"));
g_key_file_free (key_file);
+ g_strfreev (pieces);
g_strfreev (groups);
g_strfreev (keys);
@@ -1997,6 +2049,7 @@ set_overrides (GHashTable *schema_table,
fprintf (stderr, _(" and --strict was specified; exiting.\n"));
g_key_file_free (key_file);
+ g_strfreev (pieces);
g_strfreev (groups);
g_strfreev (keys);
@@ -2025,6 +2078,7 @@ set_overrides (GHashTable *schema_table,
fprintf (stderr, _(" and --strict was specified; exiting.\n"));
g_key_file_free (key_file);
+ g_strfreev (pieces);
g_strfreev (groups);
g_strfreev (keys);
@@ -2032,11 +2086,24 @@ set_overrides (GHashTable *schema_table,
}
}
- g_variant_unref (state->default_value);
- state->default_value = value;
+ if (desktop_id != NULL)
+ {
+ if (state->desktop_overrides == NULL)
+ state->desktop_overrides = g_variant_dict_new (NULL);
+
+ g_variant_dict_insert_value (state->desktop_overrides, desktop_id, value);
+ g_variant_unref (value);
+ }
+ else
+ {
+ g_variant_unref (state->default_value);
+ state->default_value = value;
+ }
+
g_free (string);
}
+ g_strfreev (pieces);
g_strfreev (keys);
}
--
2.21.0
From 2ca9218fb46f32fa02bed43c6e60243c8c5d656f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alberts=20Muktup=C4=81vels?= <alberts.muktupavels@gmail.com>
Date: Tue, 19 Jun 2018 23:39:24 +0300
Subject: [PATCH 4/4] Add a test for per-desktop overrides
---
gio/glib-compile-schemas.c | 1 +
gio/tests/Makefile.am | 2 +
gio/tests/gsettings.c | 106 ++++++++++++++++++-
gio/tests/org.gtk.test.gschema.override.orig | 2 +
gio/tests/org.gtk.test.gschema.xml.orig | 6 ++
5 files changed, 116 insertions(+), 1 deletion(-)
create mode 100644 gio/tests/org.gtk.test.gschema.override.orig
diff --git a/gio/glib-compile-schemas.c b/gio/glib-compile-schemas.c
index 59fb68ee7..00dd64146 100644
--- a/gio/glib-compile-schemas.c
+++ b/gio/glib-compile-schemas.c
@@ -2139,6 +2139,7 @@ main (int argc, char **argv)
/* These options are only for use in the gschema-compile tests */
{ "schema-file", 0, G_OPTION_FLAG_HIDDEN, G_OPTION_ARG_FILENAME_ARRAY, &schema_files, NULL, NULL },
+ { "override-file", 0, G_OPTION_FLAG_HIDDEN, G_OPTION_ARG_FILENAME_ARRAY, &override_files, NULL, NULL },
{ NULL }
};
diff --git a/gio/tests/Makefile.am b/gio/tests/Makefile.am
index 49a19bf4a..b41317ad9 100644
--- a/gio/tests/Makefile.am
+++ b/gio/tests/Makefile.am
@@ -367,12 +367,14 @@ test.mo: de.po
EXTRA_DIST += de.po
dist_uninstalled_test_data += \
org.gtk.test.gschema.xml.orig \
+ org.gtk.test.gschema.override.orig \
org.gtk.schemasourcecheck.gschema.xml \
testenum.h \
enums.xml.template
# Generated while running the testcase itself...
CLEANFILES += \
org.gtk.test.gschema.xml \
+ org.gtk.test.gschema.override \
org.gtk.test.enums.xml \
gsettings.store \
gschemas.compiled \
diff --git a/gio/tests/gsettings.c b/gio/tests/gsettings.c
index 2be4122fe..acdeead4c 100644
--- a/gio/tests/gsettings.c
+++ b/gio/tests/gsettings.c
@@ -2192,6 +2192,7 @@ G_GNUC_END_IGNORE_DEPRECATIONS
"org.gtk.test.range.direct",
"org.gtk.test.mapped",
"org.gtk.test.descriptions",
+ "org.gtk.test.per-desktop",
NULL));
}
@@ -2583,6 +2584,100 @@ test_default_value (void)
g_object_unref (settings);
}
+static gboolean
+string_map_func (GVariant *value,
+ gpointer *result,
+ gpointer user_data)
+{
+ const gchar *str;
+
+ str = g_variant_get_string (value, NULL);
+ *result = g_variant_new_string (str);
+
+ return TRUE;
+}
+
+/* Test that per-desktop values from org.gtk.test.gschema.override
+ * does not change default value if current desktop is not listed in
+ * $XDG_CURRENT_DESKTOP.
+ */
+static void
+test_per_desktop (void)
+{
+ GSettings *settings;
+ TestObject *obj;
+ gpointer p;
+ gchar *str;
+
+ settings = g_settings_new ("org.gtk.test.per-desktop");
+ obj = test_object_new ();
+
+ if (!g_test_subprocess ())
+ {
+ g_test_trap_subprocess ("/gsettings/per-desktop/subprocess", 0, 0);
+ g_test_trap_assert_passed ();
+ }
+
+ str = g_settings_get_string (settings, "desktop");
+ g_assert_cmpstr (str, ==, "GNOME");
+ g_free (str);
+
+ p = g_settings_get_mapped (settings, "desktop", string_map_func, NULL);
+
+ str = g_variant_dup_string (p, NULL);
+ g_assert_cmpstr (str, ==, "GNOME");
+ g_free (str);
+
+ g_variant_unref (p);
+
+ g_settings_bind (settings, "desktop", obj, "string", G_SETTINGS_BIND_DEFAULT);
+
+ g_object_get (obj, "string", &str, NULL);
+ g_assert_cmpstr (str, ==, "GNOME");
+ g_free (str);
+
+ g_object_unref (settings);
+ g_object_unref (obj);
+}
+
+/* Test that per-desktop values from org.gtk.test.gschema.override
+ * are successfully loaded based on the value of $XDG_CURRENT_DESKTOP.
+ */
+static void
+test_per_desktop_subprocess (void)
+{
+ GSettings *settings;
+ TestObject *obj;
+ gpointer p;
+ gchar *str;
+
+ g_setenv ("XDG_CURRENT_DESKTOP", "GNOME-Classic:GNOME", TRUE);
+
+ settings = g_settings_new ("org.gtk.test.per-desktop");
+ obj = test_object_new ();
+
+ str = g_settings_get_string (settings, "desktop");
+ g_assert_cmpstr (str, ==, "GNOME Classic");
+ g_free (str);
+
+ p = g_settings_get_mapped (settings, "desktop", string_map_func, NULL);
+
+ str = g_variant_dup_string (p, NULL);
+ g_assert_cmpstr (str, ==, "GNOME Classic");
+ g_free (str);
+
+ g_variant_unref (p);
+
+ g_settings_bind (settings, "desktop", obj, "string", G_SETTINGS_BIND_DEFAULT);
+
+ g_object_get (obj, "string", &str, NULL);
+ g_assert_cmpstr (str, ==, "GNOME Classic");
+ g_free (str);
+
+ g_object_unref (settings);
+ g_object_unref (obj);
+}
+
static void
test_extended_schema (void)
{
@@ -2603,6 +2698,7 @@ int
main (int argc, char *argv[])
{
gchar *schema_text;
+ gchar *override_text;
gchar *enums;
gint result;
@@ -2625,6 +2721,7 @@ main (int argc, char *argv[])
g_setenv ("XDG_DATA_DIRS", ".", TRUE);
g_setenv ("XDG_DATA_HOME", ".", TRUE);
g_setenv ("GSETTINGS_SCHEMA_DIR", ".", TRUE);
+ g_setenv ("XDG_CURRENT_DESKTOP", "", TRUE);
if (!backend_set)
g_setenv ("GSETTINGS_BACKEND", "memory", TRUE);
@@ -2647,6 +2744,10 @@ main (int argc, char *argv[])
g_assert (g_file_set_contents ("org.gtk.test.gschema.xml", schema_text, -1, NULL));
g_free (schema_text);
+ g_assert (g_file_get_contents (SRCDIR "/org.gtk.test.gschema.override.orig", &override_text, NULL, NULL));
+ g_assert (g_file_set_contents ("org.gtk.test.gschema.override", override_text, -1, NULL));
+ g_free (override_text);
+
/* Meson build defines this, autotools build does not */
#ifndef GLIB_COMPILE_SCHEMAS
#define GLIB_COMPILE_SCHEMAS "../glib-compile-schemas"
@@ -2655,7 +2756,8 @@ main (int argc, char *argv[])
g_remove ("gschemas.compiled");
g_assert (g_spawn_command_line_sync (GLIB_COMPILE_SCHEMAS " --targetdir=. "
"--schema-file=org.gtk.test.enums.xml "
- "--schema-file=org.gtk.test.gschema.xml",
+ "--schema-file=org.gtk.test.gschema.xml "
+ "--override-file=org.gtk.test.gschema.override",
NULL, NULL, &result, NULL));
g_assert (result == 0);
@@ -2736,6 +2838,8 @@ main (int argc, char *argv[])
g_test_add_func ("/gsettings/read-descriptions", test_read_descriptions);
g_test_add_func ("/gsettings/test-extended-schema", test_extended_schema);
g_test_add_func ("/gsettings/default-value", test_default_value);
+ g_test_add_func ("/gsettings/per-desktop", test_per_desktop);
+ g_test_add_func ("/gsettings/per-desktop/subprocess", test_per_desktop_subprocess);
result = g_test_run ();
diff --git a/gio/tests/org.gtk.test.gschema.override.orig b/gio/tests/org.gtk.test.gschema.override.orig
new file mode 100644
index 000000000..6694baace
--- /dev/null
+++ b/gio/tests/org.gtk.test.gschema.override.orig
@@ -0,0 +1,2 @@
+[org.gtk.test.per-desktop:GNOME-Classic]
+desktop = "GNOME Classic"
diff --git a/gio/tests/org.gtk.test.gschema.xml.orig b/gio/tests/org.gtk.test.gschema.xml.orig
index c07558335..fbcdce683 100644
--- a/gio/tests/org.gtk.test.gschema.xml.orig
+++ b/gio/tests/org.gtk.test.gschema.xml.orig
@@ -209,4 +209,10 @@
</key>
</schema>
+ <schema id="org.gtk.test.per-desktop" path="/tests/per-desktop/">
+ <key name="desktop" type="s">
+ <default>"GNOME"</default>
+ </key>
+ </schema>
+
</schemalist>
--
2.21.0

709
SOURCES/ghmac-gnutls.patch Normal file
View File

@ -0,0 +1,709 @@
From 440a178c5aad19050a3d5b5d76881931138af680 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Fri, 7 Jun 2019 18:44:43 +0000
Subject: [PATCH 1/2] ghmac: Split off wrapper functions into ghmac-utils.c
Prep for adding a GnuTLS HMAC implementation; these are just
utility functions that call the "core" API.
---
glib/Makefile.am | 1 +
glib/ghmac-utils.c | 145 +++++++++++++++++++++++++++++++++++++++++++++
glib/ghmac.c | 112 ----------------------------------
glib/meson.build | 1 +
4 files changed, 147 insertions(+), 112 deletions(-)
create mode 100644 glib/ghmac-utils.c
diff --git a/glib/Makefile.am b/glib/Makefile.am
index 8da549c7f..c367b09ad 100644
--- a/glib/Makefile.am
+++ b/glib/Makefile.am
@@ -126,6 +126,7 @@ libglib_2_0_la_SOURCES = \
ggettext.c \
ghash.c \
ghmac.c \
+ ghmac-utils.c \
ghook.c \
ghostutils.c \
giochannel.c \
diff --git a/glib/ghmac-utils.c b/glib/ghmac-utils.c
new file mode 100644
index 000000000..a17359ff1
--- /dev/null
+++ b/glib/ghmac-utils.c
@@ -0,0 +1,145 @@
+/* ghmac.h - data hashing functions
+ *
+ * Copyright (C) 2011 Collabora Ltd.
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "config.h"
+
+#include <string.h>
+
+#include "ghmac.h"
+
+#include "glib/galloca.h"
+#include "gatomic.h"
+#include "gslice.h"
+#include "gmem.h"
+#include "gstrfuncs.h"
+#include "gtestutils.h"
+#include "gtypes.h"
+#include "glibintl.h"
+
+/**
+ * g_compute_hmac_for_data:
+ * @digest_type: a #GChecksumType to use for the HMAC
+ * @key: (array length=key_len): the key to use in the HMAC
+ * @key_len: the length of the key
+ * @data: (array length=length): binary blob to compute the HMAC of
+ * @length: length of @data
+ *
+ * Computes the HMAC for a binary @data of @length. This is a
+ * convenience wrapper for g_hmac_new(), g_hmac_get_string()
+ * and g_hmac_unref().
+ *
+ * The hexadecimal string returned will be in lower case.
+ *
+ * Returns: the HMAC of the binary data as a string in hexadecimal.
+ * The returned string should be freed with g_free() when done using it.
+ *
+ * Since: 2.30
+ */
+gchar *
+g_compute_hmac_for_data (GChecksumType digest_type,
+ const guchar *key,
+ gsize key_len,
+ const guchar *data,
+ gsize length)
+{
+ GHmac *hmac;
+ gchar *retval;
+
+ g_return_val_if_fail (length == 0 || data != NULL, NULL);
+
+ hmac = g_hmac_new (digest_type, key, key_len);
+ if (!hmac)
+ return NULL;
+
+ g_hmac_update (hmac, data, length);
+ retval = g_strdup (g_hmac_get_string (hmac));
+ g_hmac_unref (hmac);
+
+ return retval;
+}
+
+/**
+ * g_compute_hmac_for_bytes:
+ * @digest_type: a #GChecksumType to use for the HMAC
+ * @key: the key to use in the HMAC
+ * @data: binary blob to compute the HMAC of
+ *
+ * Computes the HMAC for a binary @data. This is a
+ * convenience wrapper for g_hmac_new(), g_hmac_get_string()
+ * and g_hmac_unref().
+ *
+ * The hexadecimal string returned will be in lower case.
+ *
+ * Returns: the HMAC of the binary data as a string in hexadecimal.
+ * The returned string should be freed with g_free() when done using it.
+ *
+ * Since: 2.50
+ */
+gchar *
+g_compute_hmac_for_bytes (GChecksumType digest_type,
+ GBytes *key,
+ GBytes *data)
+{
+ gconstpointer byte_data;
+ gsize length;
+ gconstpointer key_data;
+ gsize key_len;
+
+ g_return_val_if_fail (data != NULL, NULL);
+ g_return_val_if_fail (key != NULL, NULL);
+
+ byte_data = g_bytes_get_data (data, &length);
+ key_data = g_bytes_get_data (key, &key_len);
+ return g_compute_hmac_for_data (digest_type, key_data, key_len, byte_data, length);
+}
+
+
+/**
+ * g_compute_hmac_for_string:
+ * @digest_type: a #GChecksumType to use for the HMAC
+ * @key: (array length=key_len): the key to use in the HMAC
+ * @key_len: the length of the key
+ * @str: the string to compute the HMAC for
+ * @length: the length of the string, or -1 if the string is nul-terminated
+ *
+ * Computes the HMAC for a string.
+ *
+ * The hexadecimal string returned will be in lower case.
+ *
+ * Returns: the HMAC as a hexadecimal string.
+ * The returned string should be freed with g_free()
+ * when done using it.
+ *
+ * Since: 2.30
+ */
+gchar *
+g_compute_hmac_for_string (GChecksumType digest_type,
+ const guchar *key,
+ gsize key_len,
+ const gchar *str,
+ gssize length)
+{
+ g_return_val_if_fail (length == 0 || str != NULL, NULL);
+
+ if (length < 0)
+ length = strlen (str);
+
+ return g_compute_hmac_for_data (digest_type, key, key_len,
+ (const guchar *) str, length);
+}
diff --git a/glib/ghmac.c b/glib/ghmac.c
index 9b58fd81c..7db38e34a 100644
--- a/glib/ghmac.c
+++ b/glib/ghmac.c
@@ -329,115 +329,3 @@ g_hmac_get_digest (GHmac *hmac,
g_checksum_update (hmac->digesto, buffer, len);
g_checksum_get_digest (hmac->digesto, buffer, digest_len);
}
-
-/**
- * g_compute_hmac_for_data:
- * @digest_type: a #GChecksumType to use for the HMAC
- * @key: (array length=key_len): the key to use in the HMAC
- * @key_len: the length of the key
- * @data: (array length=length): binary blob to compute the HMAC of
- * @length: length of @data
- *
- * Computes the HMAC for a binary @data of @length. This is a
- * convenience wrapper for g_hmac_new(), g_hmac_get_string()
- * and g_hmac_unref().
- *
- * The hexadecimal string returned will be in lower case.
- *
- * Returns: the HMAC of the binary data as a string in hexadecimal.
- * The returned string should be freed with g_free() when done using it.
- *
- * Since: 2.30
- */
-gchar *
-g_compute_hmac_for_data (GChecksumType digest_type,
- const guchar *key,
- gsize key_len,
- const guchar *data,
- gsize length)
-{
- GHmac *hmac;
- gchar *retval;
-
- g_return_val_if_fail (length == 0 || data != NULL, NULL);
-
- hmac = g_hmac_new (digest_type, key, key_len);
- if (!hmac)
- return NULL;
-
- g_hmac_update (hmac, data, length);
- retval = g_strdup (g_hmac_get_string (hmac));
- g_hmac_unref (hmac);
-
- return retval;
-}
-
-/**
- * g_compute_hmac_for_bytes:
- * @digest_type: a #GChecksumType to use for the HMAC
- * @key: the key to use in the HMAC
- * @data: binary blob to compute the HMAC of
- *
- * Computes the HMAC for a binary @data. This is a
- * convenience wrapper for g_hmac_new(), g_hmac_get_string()
- * and g_hmac_unref().
- *
- * The hexadecimal string returned will be in lower case.
- *
- * Returns: the HMAC of the binary data as a string in hexadecimal.
- * The returned string should be freed with g_free() when done using it.
- *
- * Since: 2.50
- */
-gchar *
-g_compute_hmac_for_bytes (GChecksumType digest_type,
- GBytes *key,
- GBytes *data)
-{
- gconstpointer byte_data;
- gsize length;
- gconstpointer key_data;
- gsize key_len;
-
- g_return_val_if_fail (data != NULL, NULL);
- g_return_val_if_fail (key != NULL, NULL);
-
- byte_data = g_bytes_get_data (data, &length);
- key_data = g_bytes_get_data (key, &key_len);
- return g_compute_hmac_for_data (digest_type, key_data, key_len, byte_data, length);
-}
-
-
-/**
- * g_compute_hmac_for_string:
- * @digest_type: a #GChecksumType to use for the HMAC
- * @key: (array length=key_len): the key to use in the HMAC
- * @key_len: the length of the key
- * @str: the string to compute the HMAC for
- * @length: the length of the string, or -1 if the string is nul-terminated
- *
- * Computes the HMAC for a string.
- *
- * The hexadecimal string returned will be in lower case.
- *
- * Returns: the HMAC as a hexadecimal string.
- * The returned string should be freed with g_free()
- * when done using it.
- *
- * Since: 2.30
- */
-gchar *
-g_compute_hmac_for_string (GChecksumType digest_type,
- const guchar *key,
- gsize key_len,
- const gchar *str,
- gssize length)
-{
- g_return_val_if_fail (length == 0 || str != NULL, NULL);
-
- if (length < 0)
- length = strlen (str);
-
- return g_compute_hmac_for_data (digest_type, key, key_len,
- (const guchar *) str, length);
-}
diff --git a/glib/meson.build b/glib/meson.build
index 9df77b6f9..c7f28b5b6 100644
--- a/glib/meson.build
+++ b/glib/meson.build
@@ -138,6 +138,7 @@ glib_sources = files(
'ggettext.c',
'ghash.c',
'ghmac.c',
+ 'ghmac-utils.c',
'ghook.c',
'ghostutils.c',
'giochannel.c',
--
2.21.0
From 423355787ba9133b310c0b72708024b1428d7d14 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Fri, 7 Jun 2019 19:36:54 +0000
Subject: [PATCH 2/2] Add a gnutls backend for GHmac
For RHEL we want apps to use FIPS-certified crypto libraries,
and HMAC apparently counts as "keyed" and hence needs to
be validated.
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1630260
Replaces: https://gitlab.gnome.org/GNOME/glib/merge_requests/897
This is a build-time option that backs the GHmac API with GnuTLS.
Most distributors ship glib-networking built with GnuTLS, and
most apps use glib-networking, so this isn't a net-new library
in most cases.
However, a fun wrinkle is that the GnuTLS HMAC API doesn't expose
the necessary bits to implement `g_hmac_copy()`; OpenSSL does.
I chose to just make that abort for now since I didn't find
apps using it.
---
glib/Makefile.am | 9 ++-
glib/gchecksum.c | 9 +--
glib/gchecksumprivate.h | 32 +++++++++
glib/ghmac-gnutls.c | 151 ++++++++++++++++++++++++++++++++++++++++
glib/ghmac.c | 1 +
glib/meson.build | 10 ++-
glib/tests/hmac.c | 6 ++
meson.build | 7 ++
meson_options.txt | 5 ++
9 files changed, 221 insertions(+), 9 deletions(-)
create mode 100644 glib/gchecksumprivate.h
create mode 100644 glib/ghmac-gnutls.c
diff --git a/glib/Makefile.am b/glib/Makefile.am
index c367b09ad..b0a721ad0 100644
--- a/glib/Makefile.am
+++ b/glib/Makefile.am
@@ -125,7 +125,7 @@ libglib_2_0_la_SOURCES = \
gfileutils.c \
ggettext.c \
ghash.c \
- ghmac.c \
+ ghmac-gnutls.c \
ghmac-utils.c \
ghook.c \
ghostutils.c \
@@ -352,11 +352,14 @@ pcre_lib = pcre/libpcre.la
pcre_inc =
endif
-libglib_2_0_la_CFLAGS = $(AM_CFLAGS) $(GLIB_HIDDEN_VISIBILITY_CFLAGS) $(LIBSYSTEMD_CFLAGS)
+gnutls_libs = $(shell pkg-config --libs gnutls)
+gnutls_cflags = $(shell pkg-config --cflags gnutls)
+
+libglib_2_0_la_CFLAGS = $(AM_CFLAGS) $(GLIB_HIDDEN_VISIBILITY_CFLAGS) $(LIBSYSTEMD_CFLAGS) $(gnutls_cflags)
libglib_2_0_la_LIBADD = libcharset/libcharset.la $(printf_la) @GIO@ @GSPAWN@ @PLATFORMDEP@ @ICONV_LIBS@ @G_LIBS_EXTRA@ $(pcre_lib) $(G_THREAD_LIBS_EXTRA) $(G_THREAD_LIBS_FOR_GTHREAD) $(LIBSYSTEMD_LIBS)
libglib_2_0_la_DEPENDENCIES = libcharset/libcharset.la $(printf_la) @GIO@ @GSPAWN@ @PLATFORMDEP@ $(glib_win32_res) $(glib_def)
-libglib_2_0_la_LDFLAGS = $(GLIB_LINK_FLAGS) \
+libglib_2_0_la_LDFLAGS = $(GLIB_LINK_FLAGS) $(gnutls_libs) \
$(glib_win32_res_ldflag) \
-version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) \
-export-dynamic $(no_undefined)
diff --git a/glib/gchecksum.c b/glib/gchecksum.c
index 40b1d50e2..2f59d4a66 100644
--- a/glib/gchecksum.c
+++ b/glib/gchecksum.c
@@ -20,7 +20,7 @@
#include <string.h>
-#include "gchecksum.h"
+#include "gchecksumprivate.h"
#include "gslice.h"
#include "gmem.h"
@@ -173,9 +173,9 @@ sha_byte_reverse (guint32 *buffer,
}
#endif /* G_BYTE_ORDER == G_BIG_ENDIAN */
-static gchar *
-digest_to_string (guint8 *digest,
- gsize digest_len)
+gchar *
+gchecksum_digest_to_string (guint8 *digest,
+ gsize digest_len)
{
gint len = digest_len * 2;
gint i;
@@ -195,6 +195,7 @@ digest_to_string (guint8 *digest,
return retval;
}
+#define digest_to_string gchecksum_digest_to_string
/*
* MD5 Checksum
diff --git a/glib/gchecksumprivate.h b/glib/gchecksumprivate.h
new file mode 100644
index 000000000..86c7a3b61
--- /dev/null
+++ b/glib/gchecksumprivate.h
@@ -0,0 +1,32 @@
+/* gstdioprivate.h - Private GLib stdio functions
+ *
+ * Copyright 2017 Руслан Ижбулатов
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __G_CHECKSUMPRIVATE_H__
+#define __G_CHECKSUMPRIVATE_H__
+
+#include "gchecksum.h"
+
+G_BEGIN_DECLS
+
+gchar *
+gchecksum_digest_to_string (guint8 *digest,
+ gsize digest_len);
+
+G_END_DECLS
+
+#endif
\ No newline at end of file
diff --git a/glib/ghmac-gnutls.c b/glib/ghmac-gnutls.c
new file mode 100644
index 000000000..3b4dfb872
--- /dev/null
+++ b/glib/ghmac-gnutls.c
@@ -0,0 +1,160 @@
+/* ghmac.h - data hashing functions
+ *
+ * Copyright (C) 2011 Collabora Ltd.
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "config.h"
+
+#include <string.h>
+#include <gnutls/crypto.h>
+
+#include "ghmac.h"
+
+#include "glib/galloca.h"
+#include "gatomic.h"
+#include "gslice.h"
+#include "gmem.h"
+#include "gstrfuncs.h"
+#include "gchecksumprivate.h"
+#include "gtestutils.h"
+#include "gtypes.h"
+#include "glibintl.h"
+
+struct _GHmac
+{
+ int ref_count;
+ GChecksumType digest_type;
+ gnutls_hmac_hd_t hmac;
+ gchar *digest_str;
+};
+
+GHmac *
+g_hmac_new (GChecksumType digest_type,
+ const guchar *key,
+ gsize key_len)
+{
+ gnutls_mac_algorithm_t algo;
+ GHmac *hmac = g_slice_new0 (GHmac);
+ hmac->ref_count = 1;
+ hmac->digest_type = digest_type;
+
+ switch (digest_type)
+ {
+ case G_CHECKSUM_MD5:
+ algo = GNUTLS_MAC_MD5;
+ break;
+ case G_CHECKSUM_SHA1:
+ algo = GNUTLS_MAC_SHA1;
+ break;
+ case G_CHECKSUM_SHA256:
+ algo = GNUTLS_MAC_SHA256;
+ break;
+ case G_CHECKSUM_SHA384:
+ algo = GNUTLS_MAC_SHA384;
+ break;
+ case G_CHECKSUM_SHA512:
+ algo = GNUTLS_MAC_SHA512;
+ break;
+ default:
+ g_return_val_if_reached (NULL);
+ }
+
+ gnutls_hmac_init (&hmac->hmac, algo, key, key_len);
+
+ return hmac;
+}
+
+GHmac *
+g_hmac_copy (const GHmac *hmac)
+{
+ GHmac *copy;
+
+ g_return_val_if_fail (hmac != NULL, NULL);
+
+ copy = g_slice_new0 (GHmac);
+ copy->ref_count = 1;
+ copy->digest_type = hmac->digest_type;
+ copy->hmac = gnutls_hmac_copy (hmac->hmac);
+
+ return copy;
+}
+
+GHmac *
+g_hmac_ref (GHmac *hmac)
+{
+ g_return_val_if_fail (hmac != NULL, NULL);
+
+ g_atomic_int_inc (&hmac->ref_count);
+
+ return hmac;
+}
+
+void
+g_hmac_unref (GHmac *hmac)
+{
+ g_return_if_fail (hmac != NULL);
+
+ if (g_atomic_int_dec_and_test (&hmac->ref_count))
+ {
+ gnutls_hmac_deinit (hmac->hmac, NULL);
+ g_free (hmac->digest_str);
+ g_slice_free (GHmac, hmac);
+ }
+}
+
+
+void
+g_hmac_update (GHmac *hmac,
+ const guchar *data,
+ gssize length)
+{
+ g_return_if_fail (hmac != NULL);
+ g_return_if_fail (length == 0 || data != NULL);
+
+ gnutls_hmac (hmac->hmac, data, length);
+}
+
+const gchar *
+g_hmac_get_string (GHmac *hmac)
+{
+ guint8 *buffer;
+ gsize digest_len;
+
+ g_return_val_if_fail (hmac != NULL, NULL);
+
+ if (hmac->digest_str)
+ return hmac->digest_str;
+
+ digest_len = g_checksum_type_get_length (hmac->digest_type);
+ buffer = g_alloca (digest_len);
+
+ gnutls_hmac_output (hmac->hmac, buffer);
+ hmac->digest_str = gchecksum_digest_to_string (buffer, digest_len);
+ return hmac->digest_str;
+}
+
+
+void
+g_hmac_get_digest (GHmac *hmac,
+ guint8 *buffer,
+ gsize *digest_len)
+{
+ g_return_if_fail (hmac != NULL);
+
+ gnutls_hmac_output (hmac->hmac, buffer);
+ *digest_len = g_checksum_type_get_length (hmac->digest_type);
+}
diff --git a/glib/ghmac.c b/glib/ghmac.c
index 7db38e34a..b12eb07c4 100644
--- a/glib/ghmac.c
+++ b/glib/ghmac.c
@@ -33,6 +33,7 @@
#include "gtypes.h"
#include "glibintl.h"
+#error "build configuration error"
/**
* SECTION:hmac
diff --git a/glib/meson.build b/glib/meson.build
index c7f28b5b6..a2f9da81c 100644
--- a/glib/meson.build
+++ b/glib/meson.build
@@ -137,7 +137,6 @@ glib_sources = files(
'gfileutils.c',
'ggettext.c',
'ghash.c',
- 'ghmac.c',
'ghmac-utils.c',
'ghook.c',
'ghostutils.c',
@@ -185,6 +184,7 @@ glib_sources = files(
'gunidecomp.c',
'gurifuncs.c',
'gutils.c',
+ 'gchecksumprivate.h',
'guuid.c',
'gvariant.c',
'gvariant-core.c',
@@ -222,6 +222,12 @@ else
glib_dtrace_hdr = []
endif
+if get_option('gnutls')
+ glib_sources += files('ghmac-gnutls.c')
+else
+ glib_sources += files('ghmac.c')
+endif
+
pcre_static_args = []
if use_pcre_static_flag
@@ -238,7 +244,7 @@ libglib = library('glib-2.0',
link_args : platform_ldflags + noseh_link_args,
include_directories : configinc,
link_with : [charset_lib, gnulib_lib],
- dependencies : [pcre, thread_dep, libintl, librt] + libiconv + platform_deps,
+ dependencies : [pcre, thread_dep, libintl, librt] + libiconv + platform_deps + libgnutls_dep,
c_args : ['-DG_LOG_DOMAIN="GLib"', '-DGLIB_COMPILATION'] + pcre_static_args + glib_hidden_visibility_args
)
diff --git a/meson.build b/meson.build
index 0cefee51d..81b16b004 100644
--- a/meson.build
+++ b/meson.build
@@ -1596,6 +1596,13 @@ if host_system == 'linux' and get_option('libmount')
libmount_dep = [dependency('mount', version : '>=2.23', required : true)]
endif
+# gnutls is used optionally by ghmac
+libgnutls_dep = []
+if get_option('gnutls')
+ libgnutls_dep = [dependency('gnutls', version : '>=3.6.9', required : true)]
+ glib_conf.set('HAVE_GNUTLS', 1)
+endif
+
if host_system == 'windows'
winsock2 = cc.find_library('ws2_32')
endif
diff --git a/meson_options.txt b/meson_options.txt
index 4504c6858..d18c42a36 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -34,6 +34,11 @@ option('libmount',
value : true,
description : 'build with libmount support')
+option('gnutls',
+ type : 'boolean',
+ value : false,
+ description : 'build with gnutls support')
+
option('internal_pcre',
type : 'boolean',
value : false,
--
2.21.0

1021
SOURCES/keyfile-backend.patch Normal file
View File

File diff suppressed because it is too large Load Diff

776
SPECS/glib2.spec Normal file
View File

@ -0,0 +1,776 @@
%global _changelog_trimtime %(date +%s -d "1 year ago")
# See https://fedoraproject.org/wiki/Packaging:Python_Appendix#Manual_byte_compilation
%global __python %{__python3}
Name: glib2
Version: 2.56.4
Release: 11%{?dist}
Summary: A library of handy utility functions
License: LGPLv2+
URL: http://www.gtk.org
Source0: http://download.gnome.org/sources/glib/2.56/glib-%{version}.tar.xz
# For ghmac-gnutls.patch
BuildRequires: pkgconfig(gnutls)
BuildRequires: chrpath
BuildRequires: gettext
BuildRequires: perl-interpreter
# for sys/inotify.h
BuildRequires: glibc-devel
BuildRequires: libattr-devel
BuildRequires: libselinux-devel
# for sys/sdt.h
BuildRequires: systemtap-sdt-devel
BuildRequires: pkgconfig(libelf)
BuildRequires: pkgconfig(libffi)
BuildRequires: pkgconfig(libpcre)
BuildRequires: pkgconfig(mount)
BuildRequires: pkgconfig(zlib)
# Bootstrap build requirements
BuildRequires: automake autoconf libtool
BuildRequires: gtk-doc
BuildRequires: python3-devel
# for GIO content-type support
Recommends: shared-mime-info
# Downstream patches
Patch01: 0001-gdbus-unix-addresses-test-don-t-g_debug-when-also-te.patch
# Backported from git master
Patch10: 0001-codegen-Change-pointer-casting-to-remove-type-punnin.patch
Patch11: 0001-spawn-add-shebang-line-to-script.patch
Patch12: 0001-build-sys-Pass-CFLAGS-to-DTRACE.patch
Patch13: 0001-gfile-Limit-access-to-files-when-copying.patch
# Backported from git glib-2-56 branch
Patch20: 0001-tests-Allocate-gvariant-data-from-the-heap-to-guaran.patch
Patch21: 0002-gvariant-test-Also-force-alignment-for-tuple-test-da.patch
# Backported from 2.58 (for 3.32 GNOME rebase)
Patch30: backport-per-desktop-overrides.patch
# https://gitlab.gnome.org/GNOME/glib/merge_requests/903
# https://bugzilla.redhat.com/show_bug.cgi?id=1630260
Patch37: ghmac-gnutls.patch
# Backported from git
Patch40: 0001-gdbus-codegen-honor-Property.EmitsChangedSignal-anno.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1777213
Patch50: 0001-gcredentialsprivate-Document-the-various-private-mac.patch
Patch51: 0001-GDBus-prefer-getsockopt-style-credentials-passing-AP.patch
Patch52: 0001-credentials-Invalid-Linux-struct-ucred-means-no-info.patch
# Mostly from https://gitlab.gnome.org/GNOME/glib/-/commits/master/gio/gkeyfilesettingsbackend.c
Patch60: keyfile-backend.patch
# https://gitlab.gnome.org/GNOME/glib/-/issues/1658
Patch61: CVE-2019-13012.patch
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1927
Patch70: 0001-gstrfuncs-Add-internal-g_memdup2-function.patch
Patch71: 0002-gio-Use-g_memdup2-instead-of-g_memdup-in-obvious-pla.patch
Patch72: 0003-gobject-Use-g_memdup2-instead-of-g_memdup-in-obvious.patch
Patch73: 0004-glib-Use-g_memdup2-instead-of-g_memdup-in-obvious-pl.patch
Patch74: 0005-gwinhttpfile-Avoid-arithmetic-overflow-when-calculat.patch
Patch75: 0006-gdatainputstream-Handle-stop_chars_len-internally-as.patch
Patch76: 0007-gwin32-Use-gsize-internally-in-g_wcsdup.patch
Patch77: 0008-gkeyfilesettingsbackend-Handle-long-keys-when-conver.patch
Patch78: 0009-gsocket-Use-gsize-to-track-native-sockaddr-s-size.patch
Patch79: 0010-gtlspassword-Forbid-very-long-TLS-passwords.patch
Patch80: 0011-giochannel-Forbid-very-long-line-terminator-strings.patch
Patch81: 0012-Use-more-g_memdup2.patch
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942
Patch90: 0001-gbytearray-Do-not-accept-too-large-byte-arrays.patch
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1981
Patch100: 0001-glocalfileoutputstream-Factor-out-a-flag-check.patch
Patch101: 0002-glocalfileoutputstream-Fix-CREATE_REPLACE_DESTINATIO.patch
Patch102: 0003-glocalfileoutputstream-Add-a-missing-O_CLOEXEC-flag-.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1938284
Patch110: 0001-libcharset-Drop-a-redundant-environment-variable.patch
%description
GLib is the low-level core library that forms the basis for projects
such as GTK+ and GNOME. It provides data structure handling for C,
portability wrappers, and interfaces for such runtime functionality
as an event loop, threads, dynamic loading, and an object system.
%package devel
Summary: A library of handy utility functions
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
The glib2-devel package includes the header files for the GLib library.
%package doc
Summary: A library of handy utility functions
Requires: %{name} = %{version}-%{release}
BuildArch: noarch
%description doc
The glib2-doc package includes documentation for the GLib library.
%package fam
Summary: FAM monitoring module for GIO
Requires: %{name}%{?_isa} = %{version}-%{release}
BuildRequires: gamin-devel
%description fam
The glib2-fam package contains the FAM (File Alteration Monitor) module for GIO.
%package static
Summary: glib static
Requires: %{name}-devel = %{version}-%{release}
%description static
The %{name}-static subpackage contains static libraries for %{name}.
%package tests
Summary: Tests for the glib2 package
Requires: %{name}%{?_isa} = %{version}-%{release}
%description tests
The glib2-tests package contains tests that can be used to verify
the functionality of the installed glib2 package.
%prep
%autosetup -n glib-%{version} -p1
# restore timestamps after patching to appease multilib for .pyc files
tar vtf %{SOURCE0} | while read mode user size date time name; do touch -d "$date $time" ../$name; done
%build
autoreconf -f -i
# Bug 1324770: Also explicitly remove PCRE sources since we use --with-pcre=system
rm glib/pcre/*.[ch]
# Support builds of both git snapshots and tarballs packed with autogoo
(if ! test -x configure; then NOCONFIGURE=1 ./autogen.sh; CONFIGFLAGS=--enable-gtk-doc; fi;
%configure $CONFIGFLAGS \
--with-python=%{__python3} \
--with-pcre=system \
--enable-systemtap \
--enable-static \
--enable-installed-tests
)
%make_build
%install
# Use -p to preserve timestamps on .py files to ensure
# they're not recompiled with different timestamps
# to help multilib: https://bugzilla.redhat.com/show_bug.cgi?id=718404
%make_install INSTALL="install -p"
# Also since this is a generated .py file, set it to a known timestamp,
# otherwise it will vary by build time, and thus break multilib -devel
# installs.
touch -r gio/gdbus-2.0/codegen/config.py.in $RPM_BUILD_ROOT/%{_datadir}/glib-2.0/codegen/config.py
# patch0 changes the timestamp of codegen.py; reset it to a known value to not
# break multilib
touch -r gio/gdbus-2.0/codegen/config.py.in $RPM_BUILD_ROOT/%{_datadir}/glib-2.0/codegen/codegen.py
chrpath --delete $RPM_BUILD_ROOT%{_libdir}/*.so
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
rm -f $RPM_BUILD_ROOT%{_libdir}/gio/modules/*.{a,la}
rm -f $RPM_BUILD_ROOT%{_libexecdir}/installed-tests/glib/*.{a,la}
rm -f $RPM_BUILD_ROOT%{_libexecdir}/installed-tests/glib/modules/*.{a,la}
# Remove python files bytecompiled by the build system. rpmbuild regenerates
# them again later in a brp script using the timestamps set above.
rm -f $RPM_BUILD_ROOT%{_datadir}/glib-2.0/gdb/*.{pyc,pyo}
rm -rf $RPM_BUILD_ROOT%{_datadir}/glib-2.0/gdb/__pycache__/
rm -f $RPM_BUILD_ROOT%{_datadir}/glib-2.0/codegen/*.{pyc,pyo}
rm -rf $RPM_BUILD_ROOT%{_datadir}/glib-2.0/codegen/__pycache__/
mv $RPM_BUILD_ROOT%{_bindir}/gio-querymodules $RPM_BUILD_ROOT%{_bindir}/gio-querymodules-%{__isa_bits}
touch $RPM_BUILD_ROOT%{_libdir}/gio/modules/giomodule.cache
# bash-completion scripts need not be executable
chmod 644 $RPM_BUILD_ROOT%{_datadir}/bash-completion/completions/*
%find_lang glib20
%transfiletriggerin -- %{_libdir}/gio/modules
gio-querymodules-%{__isa_bits} %{_libdir}/gio/modules &> /dev/null || :
%transfiletriggerpostun -- %{_libdir}/gio/modules
gio-querymodules-%{__isa_bits} %{_libdir}/gio/modules &> /dev/null || :
%transfiletriggerin -- %{_datadir}/glib-2.0/schemas
glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
%transfiletriggerpostun -- %{_datadir}/glib-2.0/schemas
glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
%files -f glib20.lang
%license COPYING
%doc AUTHORS NEWS README
%{_libdir}/libglib-2.0.so.*
%{_libdir}/libgthread-2.0.so.*
%{_libdir}/libgmodule-2.0.so.*
%{_libdir}/libgobject-2.0.so.*
%{_libdir}/libgio-2.0.so.*
%dir %{_datadir}/bash-completion
%dir %{_datadir}/bash-completion/completions
%{_datadir}/bash-completion/completions/gdbus
%{_datadir}/bash-completion/completions/gsettings
%{_datadir}/bash-completion/completions/gapplication
%dir %{_datadir}/glib-2.0
%dir %{_datadir}/glib-2.0/schemas
%dir %{_libdir}/gio
%dir %{_libdir}/gio/modules
%ghost %{_libdir}/gio/modules/giomodule.cache
%{_bindir}/gio
%{_bindir}/gio-querymodules*
%{_bindir}/glib-compile-schemas
%{_bindir}/gsettings
%{_bindir}/gdbus
%{_bindir}/gapplication
%{_mandir}/man1/gio.1*
%{_mandir}/man1/gio-querymodules.1*
%{_mandir}/man1/glib-compile-schemas.1*
%{_mandir}/man1/gsettings.1*
%{_mandir}/man1/gdbus.1*
%{_mandir}/man1/gapplication.1*
%files devel
%{_libdir}/lib*.so
%{_libdir}/glib-2.0
%{_includedir}/*
%{_datadir}/aclocal/*
%{_libdir}/pkgconfig/*
%{_datadir}/glib-2.0/gdb
%{_datadir}/glib-2.0/gettext
%{_datadir}/glib-2.0/schemas/gschema.dtd
%{_datadir}/glib-2.0/valgrind/glib.supp
%{_datadir}/bash-completion/completions/gresource
%{_bindir}/glib-genmarshal
%{_bindir}/glib-gettextize
%{_bindir}/glib-mkenums
%{_bindir}/gobject-query
%{_bindir}/gtester
%{_bindir}/gdbus-codegen
%{_bindir}/glib-compile-resources
%{_bindir}/gresource
%{_datadir}/glib-2.0/codegen
%attr (0755, root, root) %{_bindir}/gtester-report
%{_mandir}/man1/glib-genmarshal.1*
%{_mandir}/man1/glib-gettextize.1*
%{_mandir}/man1/glib-mkenums.1*
%{_mandir}/man1/gobject-query.1*
%{_mandir}/man1/gtester-report.1*
%{_mandir}/man1/gtester.1*
%{_mandir}/man1/gdbus-codegen.1*
%{_mandir}/man1/glib-compile-resources.1*
%{_mandir}/man1/gresource.1*
%{_datadir}/gdb/
%{_datadir}/gettext/
%{_datadir}/systemtap/
%files doc
%doc %{_datadir}/gtk-doc/html/*
%files fam
%{_libdir}/gio/modules/libgiofam.so
%files static
%{_libdir}/libgio-2.0.a
%{_libdir}/libglib-2.0.a
%{_libdir}/libgmodule-2.0.a
%{_libdir}/libgobject-2.0.a
%{_libdir}/libgthread-2.0.a
%files tests
%{_libexecdir}/installed-tests
%{_datadir}/installed-tests
%changelog
* Tue May 04 2021 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.4-11
- Remove CHARSETALIASDIR environment variable
Resolves: #1938284
* Wed Mar 31 2021 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.4-10
- Fix CVE-2021-27218
Resolves: #1939072
- Fix CVE-2021-27219
Resolves: #1939108
- Fix CVE-2021-28153
Resolves: #1939118
* Tue Nov 10 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.4-9
- Update GHmac patch to implement g_hmac_copy()
Resolves: #1786538
- Update keyfile settings backend
Resolves: #1728896
- Fix CVE-2019-13012
Resolves: #1728632
* Mon Dec 02 2019 Colin Walters <walters@verbum.org> - 2.56.4-8
- Backport patches for GDBus auth
Resolves: #1777213
* Sat Jul 13 2019 Colin Walters <walters@redhat.com> - 2.56.4-7
- Backport patch for CVE-2019-12450
Resolves: #1722101
* Mon Jun 17 2019 Ray Strode <rstrode@redhat.com> - 2.56.4-5
- Backport glib2 change needed for accountsservice dbus
codegen fix
Resolves: #1713081
* Mon Jun 10 2019 Colin Walters <walters@redhat.com> - 2.56.4-4
- Back GHmac with GnuTLS for FIPS
- Resolves: #1630260
* Fri May 31 2019 Florian Müllner <fmuellner@redhat.com> - 2.56.4-3
- Backport per-desktop overrides
- Resolves: #1715951
* Tue Apr 02 2019 Colin Walters <walters@redhat.com> - 2.56.4-2
- Add system LDFLAGS
- Resolves: #1630566
* Mon Jan 14 2019 Kalev Lember <klember@redhat.com> - 2.56.4-1
- Update to 2.56.4
- Resolves: #1660859
* Mon Jan 14 2019 Kalev Lember <klember@redhat.com> - 2.56.1-7
- Remove .la files from -tests subpackage
* Mon Jan 14 2019 Kalev Lember <klember@redhat.com> - 2.56.1-6
- Fix multilib -devel installs
- Related: #1639428
* Mon Jan 14 2019 Kalev Lember <klember@redhat.com> - 2.56.1-5
- Fix gdbus codegen generated proxies breaking strict aliasing rules
- Resolves: #1639428
* Mon Dec 17 2018 Ray Strode <rstrode@redhat.com> - 2.56.1-4
- Ensure shared-mime-info is installed during testing
- Ensure test suite runs as unprivileged user
- Ensure test suite works when debugging is enabled
- Ensure echo-script from spawn test is marked executable
Related: #1625683
* Fri Dec 14 2018 Ray Strode <rstrode@redhat.com> - 2.56.1-3
- rebuild
Related: #1625683
* Mon Dec 10 2018 Josh Boyer <jwboyer@redhat.com> - 2.56.1-2
- Rebuild for CET note fixes
Resolves: #1657311
* Sun Apr 08 2018 Kalev Lember <klember@redhat.com> - 2.56.1-1
- Update to 2.56.1
* Mon Mar 12 2018 Kalev Lember <klember@redhat.com> - 2.56.0-1
- Update to 2.56.0
* Wed Feb 07 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.55.2-3
- Undo disabling mangling
* Wed Feb 07 2018 Kalev Lember <klember@redhat.com> - 2.55.2-2
- Disable brp-mangle-shebangs shebangs
* Wed Feb 07 2018 Kalev Lember <klember@redhat.com> - 2.55.2-1
- Update to 2.55.2
- Drop ldconfig scriptlets
* Wed Jan 31 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.55.1-3
- Switch to %%ldconfig_scriptlets
* Thu Jan 18 2018 Kalev Lember <klember@redhat.com> - 2.55.1-2
- gmain: Partial revert of recent wakeup changes
* Mon Jan 08 2018 Kalev Lember <klember@redhat.com> - 2.55.1-1
- Update to 2.55.1
- Drop upstreamed systemtap multilib fix
* Tue Dec 19 2017 Kalev Lember <klember@redhat.com> - 2.55.0-1
- Update to 2.55.0
* Wed Nov 01 2017 Kalev Lember <klember@redhat.com> - 2.54.2-1
- Update to 2.54.2
* Fri Oct 06 2017 Kalev Lember <klember@redhat.com> - 2.54.1-1
- Update to 2.54.1
* Mon Sep 11 2017 Kalev Lember <klember@redhat.com> - 2.54.0-1
- Update to 2.54.0
* Tue Sep 05 2017 Kalev Lember <klember@redhat.com> - 2.53.7-1
- Update to 2.53.7
* Sat Aug 19 2017 Kalev Lember <klember@redhat.com> - 2.53.6-1
- Update to 2.53.6
* Mon Aug 07 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.53.5-1
- Update to 2.53.5
* Tue Aug 01 2017 Kalev Lember <klember@redhat.com> - 2.53.4-4
- Backport glib-mkenums flags annotation parsing fixes
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.53.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Jul 21 2017 Kalev Lember <klember@redhat.com> - 2.53.4-2
- Revert a GKeyFile introspection ABI change
* Tue Jul 18 2017 Kalev Lember <klember@redhat.com> - 2.53.4-1
- Update to 2.53.4
* Thu Jun 22 2017 Kalev Lember <klember@redhat.com> - 2.53.3-1
- Update to 2.53.3
* Thu Jun 8 2017 Owen Taylor <otaylor@redhat.com> - 2.53.2-2
- Make triggers also compile schemas in /app/share/glib-2.0/schemas
* Wed May 24 2017 Florian Müllner <fmuellner@redhat.com> - 2.53.2-1
- Update to 2.53.2
* Mon May 15 2017 Kalev Lember <klember@redhat.com> - 2.52.2-2
- Backport a gmain GWakeup patch to fix timedatex high CPU usage (#1450628)
* Tue May 09 2017 Kalev Lember <klember@redhat.com> - 2.52.2-1
- Update to 2.52.2
* Tue Apr 11 2017 Colin Walters <walters@verbum.org> - 2.52.1-3
- Backport patches for gmain wakeup for qemu
See: https://bugzilla.gnome.org/show_bug.cgi?id=761102
* Tue Apr 11 2017 Colin Walters <walters@verbum.org> - 2.52.1-2
- Explictly remove PCRE sources
- Related: https://bugzilla.redhat.com/show_bug.cgi?id=1324770
* Tue Apr 11 2017 Kalev Lember <klember@redhat.com> - 2.52.1-1
- Update to 2.52.1
* Mon Mar 20 2017 Kalev Lember <klember@redhat.com> - 2.52.0-1
- Update to 2.52.0
* Thu Mar 16 2017 Kalev Lember <klember@redhat.com> - 2.51.5-1
- Update to 2.51.5
* Thu Mar 02 2017 Kalev Lember <klember@redhat.com> - 2.51.4-2
- Remove the dependency on dbus-launch again (#927212)
* Wed Mar 01 2017 David King <amigadave@amigadave.com> - 2.51.4-1
- Update to 2.51.4
- Add a Requires on dbus-launch (#927212)
- Use pkgconfig for BuildRequires
* Tue Feb 14 2017 Richard Hughes <rhughes@redhat.com> - 2.51.2-1
- Update to 2.51.2
* Mon Feb 13 2017 Richard Hughes <rhughes@redhat.com> - 2.51.1-1
- Update to 2.51.1
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.51.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 2.51.0-2
- Rebuild for Python 3.6
* Sun Oct 30 2016 Kalev Lember <klember@redhat.com> - 2.51.0-1
- Update to 2.51.0
* Wed Oct 12 2016 Kalev Lember <klember@redhat.com> - 2.50.1-1
- Update to 2.50.1
* Mon Sep 19 2016 Kalev Lember <klember@redhat.com> - 2.50.0-1
- Update to 2.50.0
* Tue Sep 13 2016 Kalev Lember <klember@redhat.com> - 2.49.7-1
- Update to 2.49.7
- Don't set group tags
* Sun Aug 28 2016 Kalev Lember <klember@redhat.com> - 2.49.6-1
- Update to 2.49.6
* Thu Aug 18 2016 Kalev Lember <klember@redhat.com> - 2.49.5-1
- Update to 2.49.5
- Own /usr/share/gdb and /usr/share/systemtap directories
* Tue Aug 16 2016 Miro Hrončok <mhroncok@redhat.com> - 2.49.4-3
- Use Python 3 for the RPM Python byte compilation
* Wed Jul 27 2016 Ville Skyttä <ville.skytta@iki.fi> - 2.49.4-2
- Switch to Python 3 (#1286284)
* Thu Jul 21 2016 Kalev Lember <klember@redhat.com> - 2.49.4-1
- Update to 2.49.4
* Sun Jul 17 2016 Kalev Lember <klember@redhat.com> - 2.49.3-1
- Update to 2.49.3
* Wed Jun 22 2016 Richard Hughes <rhughes@redhat.com> - 2.49.2-1
- Update to 2.49.2
* Wed Jun 01 2016 Yaakov Selkowitz <yselkowi@redhat.com> - 2.49.1-2
- Soften shared-mime-info dependency (#1266118)
* Fri May 27 2016 Florian Müllner <fmuellner@redhat.com> - 2.49.1-1
- Update to 2.49.1
* Tue May 10 2016 Kalev Lember <klember@redhat.com> - 2.48.1-1
- Update to 2.48.1
* Wed Apr 06 2016 Colin Walters <walters@redhat.com> - 2.48.0-2
- Explicitly require system pcre, though we happened to default to this now
anyways due to something else pulling PCRE into the buildroot
Closes rhbz#1287266
* Tue Mar 22 2016 Kalev Lember <klember@redhat.com> - 2.48.0-1
- Update to 2.48.0
* Thu Mar 17 2016 Richard Hughes <rhughes@redhat.com> - 2.47.92-1
- Update to 2.47.92
* Wed Feb 24 2016 Colin Walters <walters@redhat.com> - 2.47.6.19.gad2092b-2
- git snapshot to work around https://bugzilla.gnome.org/show_bug.cgi?id=762637
- Add --with-python=/usr/bin/python explicitly to hopefully fix a weird
issue I am seeing where librepo fails to build in epel7 with this due to
us requiring /bin/python.
* Wed Feb 17 2016 Richard Hughes <rhughes@redhat.com> - 2.47.6-1
- Update to 2.47.6
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.47.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Tue Jan 19 2016 David King <amigadave@amigadave.com> - 2.47.5-1
- Update to 2.47.5
* Wed Dec 16 2015 Kalev Lember <klember@redhat.com> - 2.47.4-1
- Update to 2.47.4
* Wed Nov 25 2015 Kalev Lember <klember@redhat.com> - 2.47.3-1
- Update to 2.47.3
* Wed Nov 25 2015 Kalev Lember <klember@redhat.com> - 2.47.2-1
- Update to 2.47.2
* Mon Nov 09 2015 Kevin Fenzi <kevin@scrye.com> - 2.47.1-2
- Add full path redirect output to null and || : to triggers.
* Wed Oct 28 2015 Kalev Lember <klember@redhat.com> - 2.47.1-1
- Update to 2.47.1
* Mon Oct 19 2015 Kalev Lember <klember@redhat.com> - 2.46.1-2
- Backport an upstream fix for app launching under wayland (#1273146)
* Wed Oct 14 2015 Kalev Lember <klember@redhat.com> - 2.46.1-1
- Update to 2.46.1
* Mon Sep 21 2015 Kalev Lember <klember@redhat.com> - 2.46.0-1
- Update to 2.46.0
* Mon Sep 14 2015 Kalev Lember <klember@redhat.com> - 2.45.8-1
- Update to 2.45.8
* Tue Sep 01 2015 Kalev Lember <klember@redhat.com> - 2.45.7-1
- Update to 2.45.7
* Wed Aug 19 2015 Kalev Lember <klember@redhat.com> - 2.45.6-1
- Update to 2.45.6
* Wed Aug 19 2015 Kalev Lember <klember@redhat.com> - 2.45.5-1
- Update to 2.45.5
* Fri Aug 14 2015 Matthias Clasen <mclasen@redhat.com> - 2.45.4-2
- Add file triggers for gio modules and gsettings schemas
* Tue Jul 21 2015 David King <amigadave@amigadave.com> - 2.45.4-1
- Update to 2.45.4
* Wed Jun 24 2015 Kalev Lember <klember@redhat.com> - 2.45.3-2
- Backport a patch to fix notification withdrawing in gnome-software
* Wed Jun 24 2015 David King <amigadave@amigadave.com> - 2.45.3-1
- Update to 2.45.3
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.45.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Tue May 26 2015 David King <amigadave@amigadave.com> - 2.45.2-1
- Update to 2.45.2
* Thu Apr 30 2015 Kalev Lember <kalevlember@gmail.com> - 2.45.1-1
- Update to 2.45.1
* Mon Mar 23 2015 Kalev Lember <kalevlember@gmail.com> - 2.44.0-1
- Update to 2.44.0
* Tue Mar 17 2015 Kalev Lember <kalevlember@gmail.com> - 2.43.92-1
- Update to 2.43.92
* Mon Mar 02 2015 Kalev Lember <kalevlember@gmail.com> - 2.43.91-1
- Update to 2.43.91
* Sat Feb 21 2015 Till Maas <opensource@till.name> - 2.43.90-2
- Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
* Wed Feb 18 2015 David King <amigadave@amigadave.com> - 2.43.90-1
- Update to 2.43.90
- Update man pages glob in files section
* Tue Feb 10 2015 Matthias Clasen <mclasen@redhat.com> - 2.43.4-1
- Update to 2.43.4
* Tue Jan 20 2015 David King <amigadave@amigadave.com> - 2.43.3-1
- Update to 2.43.3
* Wed Dec 17 2014 Kalev Lember <kalevlember@gmail.com> - 2.43.2-1
- Update to 2.43.2
* Tue Nov 25 2014 Kalev Lember <kalevlember@gmail.com> - 2.43.1-1
- Update to 2.43.1
* Thu Oct 30 2014 Florian Müllner <fmuellner@redhat.com> - 2.43.0-1
- Update to 2.43.0
* Mon Sep 22 2014 Kalev Lember <kalevlember@gmail.com> - 2.42.0-1
- Update to 2.42.0
* Tue Sep 16 2014 Kalev Lember <kalevlember@gmail.com> - 2.41.5-1
- Update to 2.41.5
* Thu Sep 4 2014 Matthias Clasen <mclasen@redhat.com> 2.41.4-3
- Don't remove rpath from gdbus-peer test - it doesn't work without it
* Thu Sep 04 2014 Bastien Nocera <bnocera@redhat.com> 2.41.4-2
- Fix banshee getting selected as the default movie player
* Tue Sep 02 2014 Kalev Lember <kalevlember@gmail.com> - 2.41.4-1
- Update to 2.41.4
* Sat Aug 16 2014 Kalev Lember <kalevlember@gmail.com> - 2.41.3-1
- Update to 2.41.3
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.41.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Wed Jul 23 2014 Stef Walter <stefw@redhat.com> - 2.41.2-2
- Fix regression with GDBus array encoding rhbz#1122128
* Mon Jul 14 2014 Kalev Lember <kalevlember@gmail.com> - 2.41.2-1
- Update to 2.41.2
* Sat Jul 12 2014 Tom Callaway <spot@fedoraproject.org> - 2.41.1-2
- fix license handling
* Tue Jun 24 2014 Richard Hughes <rhughes@redhat.com> - 2.41.1-1
- Update to 2.41.1
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.41.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue May 27 2014 Kalev Lember <kalevlember@gmail.com> - 2.41.0-1
- Update to 2.41.0
* Mon Mar 24 2014 Richard Hughes <rhughes@redhat.com> - 2.40.0-1
- Update to 2.40.0
* Tue Mar 18 2014 Richard Hughes <rhughes@redhat.com> - 2.39.92-1
- Update to 2.39.92
* Tue Mar 04 2014 Richard Hughes <rhughes@redhat.com> - 2.39.91-1
- Update to 2.39.91
* Tue Feb 18 2014 Richard Hughes <rhughes@redhat.com> - 2.39.90-1
- Update to 2.39.90
* Tue Feb 04 2014 Richard Hughes <rhughes@redhat.com> - 2.39.4-1
- Update to 2.39.4
* Tue Jan 14 2014 Richard Hughes <rhughes@redhat.com> - 2.39.3-1
- Update to 2.39.3
* Sun Dec 22 2013 Richard W.M. Jones <rjones@redhat.com> - 2.39.2-2
- Re-add static subpackage so that we can build static qemu as
an AArch64 binfmt.
* Tue Dec 17 2013 Richard Hughes <rhughes@redhat.com> - 2.39.2-1
- Update to 2.39.2
* Mon Dec 09 2013 Richard Hughes <rhughes@redhat.com> - 2.39.1-2
- Backport a patch from master to stop gnome-settings-daemon crashing.
* Thu Nov 14 2013 Richard Hughes <rhughes@redhat.com> - 2.39.1-1
- Update to 2.39.1
* Mon Oct 28 2013 Richard Hughes <rhughes@redhat.com> - 2.39.0-1
- Update to 2.39.0
* Tue Sep 24 2013 Kalev Lember <kalevlember@gmail.com> - 2.38.0-1
- Update to 2.38.0
* Tue Sep 17 2013 Kalev Lember <kalevlember@gmail.com> - 2.37.93-1
- Update to 2.37.93
* Mon Sep 02 2013 Kalev Lember <kalevlember@gmail.com> - 2.37.7-1
- Update to 2.37.7
* Wed Aug 21 2013 Debarshi Ray <rishi@fedoraproject.org> - 2.37.6-1
- Update to 2.37.6
* Sat Aug 03 2013 Petr Pisar <ppisar@redhat.com> - 2.37.5-2
- Perl 5.18 rebuild
* Thu Aug 1 2013 Debarshi Ray <rishi@fedoraproject.org> - 2.37.5-1
- Update to 2.37.5
* Wed Jul 17 2013 Petr Pisar <ppisar@redhat.com> - 2.37.4-2
- Perl 5.18 rebuild
* Tue Jul 9 2013 Matthias Clasen <mclasen@redhat.com> - 2.37.4-1
- Update to 2.37.4
* Thu Jun 20 2013 Debarshi Ray <rishi@fedoraproject.org> - 2.37.2-1
- Update to 2.37.2
* Tue May 28 2013 Matthias Clasen <mclasen@redhat.com> - 2.37.1-1
- Update to 2.37.1
- Add a tests subpackage
* Sat May 04 2013 Kalev Lember <kalevlember@gmail.com> - 2.37.0-1
- Update to 2.37.0
* Sat Apr 27 2013 Thorsten Leemhuis <fedora@leemhuis.info> - 2.36.1-2
- Fix pidgin freezes by applying patch from master (#956872)
* Mon Apr 15 2013 Kalev Lember <kalevlember@gmail.com> - 2.36.1-1
- Update to 2.36.1
* Mon Mar 25 2013 Kalev Lember <kalevlember@gmail.com> - 2.36.0-1
- Update to 2.36.0
* Tue Mar 19 2013 Matthias Clasen <mclasen@redhat.com> - 2.35.9-1
- Update to 2.35.9
* Thu Feb 21 2013 Kalev Lember <kalevlember@gmail.com> - 2.35.8-1
- Update to 2.35.8
* Tue Feb 05 2013 Kalev Lember <kalevlember@gmail.com> - 2.35.7-1
- Update to 2.35.7
* Tue Jan 15 2013 Matthias Clasen <mclasen@redhat.com> - 2.35.4-1
- Update to 2.35.4
* Thu Dec 20 2012 Kalev Lember <kalevlember@gmail.com> - 2.35.3-1
- Update to 2.35.3
* Sat Nov 24 2012 Kalev Lember <kalevlember@gmail.com> - 2.35.2-1
- Update to 2.35.2
* Thu Nov 08 2012 Kalev Lember <kalevlember@gmail.com> - 2.35.1-1
- Update to 2.35.1
- Drop upstreamed codegen-in-datadir.patch