diff --git a/2244.patch b/2244.patch new file mode 100644 index 0000000..cb55031 --- /dev/null +++ b/2244.patch @@ -0,0 +1,49 @@ +From b6036e23b0477be147211b4e21a6b49cd4d6c9a0 Mon Sep 17 00:00:00 2001 +From: Jamie Bainbridge +Date: Wed, 8 Sep 2021 12:08:17 +1000 +Subject: [PATCH] gutils: Avoid segfault in g_get_user_database_entry + +g_get_user_database_entry() uses variable pwd to store the contents of +the call to getpwnam_r(), then capitalises the first letter of pw_name +with g_ascii_toupper (pw->pw_name[0]). + +However, as per the getpwnam manpage, the result of that call "may point +to a static area". When this happens, GLib is trying to edit static +memory which belongs to a shared library, so segfaults. + +Instead, copy pw_name off to a temporary variable, set uppercase on +that variable, and use the variable to join into the desired string. +Free the new variable after it is no longer needed. + +Signed-off-by: Jamie Bainbridge +--- + glib/gutils.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/glib/gutils.c b/glib/gutils.c +index b7a2113d4..4bccd7229 100644 +--- a/glib/gutils.c ++++ b/glib/gutils.c +@@ -692,14 +692,17 @@ g_get_user_database_entry (void) + { + gchar **gecos_fields; + gchar **name_parts; ++ gchar *uppercase_pw_name; + + /* split the gecos field and substitute '&' */ + gecos_fields = g_strsplit (pw->pw_gecos, ",", 0); + name_parts = g_strsplit (gecos_fields[0], "&", 0); +- pw->pw_name[0] = g_ascii_toupper (pw->pw_name[0]); +- e.real_name = g_strjoinv (pw->pw_name, name_parts); ++ uppercase_pw_name = g_strdup (pw->pw_name); ++ uppercase_pw_name[0] = g_ascii_toupper (uppercase_pw_name[0]); ++ e.real_name = g_strjoinv (uppercase_pw_name, name_parts); + g_strfreev (gecos_fields); + g_strfreev (name_parts); ++ g_free (uppercase_pw_name); + } + #endif + +-- +GitLab + diff --git a/glib2.spec b/glib2.spec index 5cec4ef..e02ad27 100644 --- a/glib2.spec +++ b/glib2.spec @@ -1,6 +1,6 @@ Name: glib2 Version: 2.68.4 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A library of handy utility functions License: LGPLv2+ @@ -21,9 +21,12 @@ Patch1: 1596.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1965 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2194 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2222 -Patch3: 1965.patch -Patch4: 2194.patch -Patch5: 2222.patch +Patch2: 1965.patch +Patch3: 2194.patch +Patch4: 2222.patch + +# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2244 +Patch5: 2244.patch BuildRequires: chrpath BuildRequires: gcc @@ -110,9 +113,6 @@ the functionality of the installed glib2 package. # Bug 1324770: Also explicitly remove PCRE sources since we use --with-pcre=system rm glib/pcre/*.[ch] -# We cannot build with GnuTLS in Fedora since there is no gnutls-static -# subpackage. (glib2-static is needed by qemu in Fedora, but not in RHEL.) -# Accordingly, we can't build a usable glib2-static in RHEL. %meson \ -Dman=true \ -Ddtrace=true \ @@ -244,6 +244,10 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %{_datadir}/installed-tests %changelog +* Wed Sep 15 2021 Michael Catanzaro - 2.68.4-2 +- Fix g_get_user_database_entry() crash when used with nss-systemd +- Resolves: #2004711 + * Sat Aug 21 2021 Kalev Lember - 2.68.4-1 - Update to 2.68.4