From e70bbb43edd9f07a9a81fd6d44154822fe6d440a Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Mon, 10 Jul 2017 14:37:05 +0200 Subject: [PATCH] + gnome-session-3.25.3-1 Update to 3.25.3 --- .gitignore | 1 + ...tialised-variable-in-get_session_key.patch | 47 +++++++++++++++++++ ...Fix-use-after-free-in-initialize_gio.patch | 29 ++++++++++++ ...he-GDBusMethodInvocation-from-being-.patch | 46 ++++++++++++++++++ gnome-session.spec | 15 ++++-- sources | 2 +- 6 files changed, 136 insertions(+), 4 deletions(-) create mode 100644 0001-Fix-use-of-uninitialised-variable-in-get_session_key.patch create mode 100644 0002-Fix-use-after-free-in-initialize_gio.patch create mode 100644 0003-client-Prevent-the-GDBusMethodInvocation-from-being-.patch diff --git a/.gitignore b/.gitignore index 4d1e422..7da3507 100644 --- a/.gitignore +++ b/.gitignore @@ -85,3 +85,4 @@ gnome-session-2.31.6.tar.bz2 /gnome-session-3.23.92.tar.xz /gnome-session-3.24.0.tar.xz /gnome-session-3.24.1.tar.xz +/gnome-session-3.25.3.tar.xz diff --git a/0001-Fix-use-of-uninitialised-variable-in-get_session_key.patch b/0001-Fix-use-of-uninitialised-variable-in-get_session_key.patch new file mode 100644 index 0000000..af7483f --- /dev/null +++ b/0001-Fix-use-of-uninitialised-variable-in-get_session_key.patch @@ -0,0 +1,47 @@ +From 4bb8872e57f1fbf2beece71197303ad4b2975d68 Mon Sep 17 00:00:00 2001 +From: Tomas Popela +Date: Thu, 29 Jun 2017 14:26:52 +0200 +Subject: [PATCH 1/3] Fix use of uninitialised variable in + get_session_keyfile_if_valid() + +The length variable is not set before it's used. Remove the check +for it as it's not needed. + +https://bugzilla.gnome.org/show_bug.cgi?id=784339 +--- + gnome-session/gsm-session-fill.c | 19 ++++++++----------- + 1 file changed, 8 insertions(+), 11 deletions(-) + +diff --git a/gnome-session/gsm-session-fill.c b/gnome-session/gsm-session-fill.c +index bcd9205e..af203bbc 100644 +--- a/gnome-session/gsm-session-fill.c ++++ b/gnome-session/gsm-session-fill.c +@@ -175,17 +175,14 @@ get_session_keyfile_if_valid (const char *path) + goto error; + } + +- /* check that we do have some required components */ +- if (len == 0) { +- list = g_key_file_get_string_list (keyfile, +- GSM_KEYFILE_SESSION_GROUP, +- GSM_KEYFILE_REQUIRED_COMPONENTS_KEY, +- &len, NULL); +- if (list) +- g_strfreev (list); +- if (len == 0) +- g_warning ("Session '%s': no component in the session.", path); +- } ++ list = g_key_file_get_string_list (keyfile, ++ GSM_KEYFILE_SESSION_GROUP, ++ GSM_KEYFILE_REQUIRED_COMPONENTS_KEY, ++ &len, NULL); ++ if (list) ++ g_strfreev (list); ++ if (len == 0) ++ g_warning ("Session '%s': no component in the session.", path); + + return keyfile; + +-- +2.13.0 + diff --git a/0002-Fix-use-after-free-in-initialize_gio.patch b/0002-Fix-use-after-free-in-initialize_gio.patch new file mode 100644 index 0000000..4dc46b7 --- /dev/null +++ b/0002-Fix-use-after-free-in-initialize_gio.patch @@ -0,0 +1,29 @@ +From bc90e8679f9c6bf8af33125586da213cab5dcc59 Mon Sep 17 00:00:00 2001 +From: Tomas Popela +Date: Thu, 29 Jun 2017 14:30:16 +0200 +Subject: [PATCH 2/3] Fix use-after-free in initialize_gio() + +Don't use already freed use_vfs variable in the fuse code, but use the +disable_fuse one. + +https://bugzilla.gnome.org/show_bug.cgi?id=784339 +--- + gnome-session/main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gnome-session/main.c b/gnome-session/main.c +index 89e8f3b5..d28f0df9 100644 +--- a/gnome-session/main.c ++++ b/gnome-session/main.c +@@ -258,7 +258,7 @@ initialize_gio (void) + } + + if (disable_fuse) { +- g_setenv ("GVFS_DISABLE_FUSE", use_vfs, TRUE); ++ g_setenv ("GVFS_DISABLE_FUSE", disable_fuse, TRUE); + g_free (disable_fuse); + } else { + g_unsetenv ("GVFS_DISABLE_FUSE"); +-- +2.13.0 + diff --git a/0003-client-Prevent-the-GDBusMethodInvocation-from-being-.patch b/0003-client-Prevent-the-GDBusMethodInvocation-from-being-.patch new file mode 100644 index 0000000..d9fd13e --- /dev/null +++ b/0003-client-Prevent-the-GDBusMethodInvocation-from-being-.patch @@ -0,0 +1,46 @@ +From 3b216d8bb303eedc01c0a8a317b616a4e6e9e816 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Thu, 29 Jun 2017 17:10:25 +0200 +Subject: [PATCH 3/3] client: Prevent the GDBusMethodInvocation from being + unref-ed twice + +GsmExportedClientPrivate::handle-end-session-response, like every +other gdbus-codegen-ed signal for handling methods on the server-side, +expects a boolean return value from the callback. The lack of a return +value might confuse the generated glue code into thinking that FALSE +was returned and the call wasn't acknowledged. That inserts a call to +g_dbus_method_invocation_return_error. Since we have already called +g_dbus_method_invocation_return_value (via +gsm_exported_client_private_complete_end_session_response), and both +these methods drop GDBus' internal reference on the +GDBusMethodInvocation we may up with a memory error. + +https://bugzilla.gnome.org/show_bug.cgi?id=784349 +--- + gnome-session/gsm-dbus-client.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/gnome-session/gsm-dbus-client.c b/gnome-session/gsm-dbus-client.c +index 6f5099f9..dcf96f0b 100644 +--- a/gnome-session/gsm-dbus-client.c ++++ b/gnome-session/gsm-dbus-client.c +@@ -75,7 +75,7 @@ setup_connection (GsmDBusClient *client) + return TRUE; + } + +-static void ++static gboolean + handle_end_session_response (GsmExportedClientPrivate *skeleton, + GDBusMethodInvocation *invocation, + gboolean is_ok, +@@ -87,6 +87,7 @@ handle_end_session_response (GsmExportedClientPrivate *skeleton, + is_ok, FALSE, FALSE, reason); + + gsm_exported_client_private_complete_end_session_response (skeleton, invocation); ++ return TRUE; + } + + static GObject * +-- +2.13.0 + diff --git a/gnome-session.spec b/gnome-session.spec index f8a5e80..9c0df36 100644 --- a/gnome-session.spec +++ b/gnome-session.spec @@ -8,13 +8,13 @@ %endif Name: gnome-session -Version: 3.24.1 -Release: 2%{?dist} +Version: 3.25.3 +Release: 1%{?dist} Summary: GNOME session manager License: GPLv2+ URL: http://www.gnome.org -Source0: http://download.gnome.org/sources/gnome-session/3.22/%{name}-%{version}.tar.xz +Source0: http://download.gnome.org/sources/gnome-session/3.25/%{name}-%{version}.tar.xz # Blacklist NV30: https://bugzilla.redhat.com/show_bug.cgi?id=745202 Patch1: gnome-session-3.3.92-nv30.patch @@ -30,6 +30,11 @@ Patch7: 0003-manager-kill-off-bus-clients-at-log-out.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1384508 Patch8: 0001-fail-whale-handle-X-server-dying-before-startup.patch +# Patches in 3.25.3+ +Patch9: 0001-Fix-use-of-uninitialised-variable-in-get_session_key.patch +Patch10: 0002-Fix-use-after-free-in-initialize_gio.patch +Patch11: 0003-client-Prevent-the-GDBusMethodInvocation-from-being-.patch + BuildRequires: pkgconfig(egl) BuildRequires: pkgconfig(gl) BuildRequires: pkgconfig(glesv2) @@ -147,6 +152,10 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &>/dev/null || : %{_datadir}/glib-2.0/schemas/org.gnome.SessionManager.gschema.xml %changelog +* Mon Jul 10 2017 Bastien Nocera - 3.25.3-1 ++ gnome-session-3.25.3-1 +- Update to 3.25.3 + * Wed Jun 21 2017 Ray Strode - 3.24.1-2 - Kill bus clients at log out Resolves: #1340203 diff --git a/sources b/sources index 67e49e2..4f54269 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (gnome-session-3.24.1.tar.xz) = 507f9f1cddab37f1b66c72291e1885397f7e8b6bfb7c365f6f1ff827649a71380706fe0e3a8c6e74c3c159349a0eea0aabe3d5c7bbae5b29aeb2d49ae715affb +SHA512 (gnome-session-3.25.3.tar.xz) = 683736a6bde4f6a31a6007445cfa07e64dce1f0d65f11691bf0a2938596782e4de9495cb417850435bbf359b3b470b968ea78c0f04916e2318c3c27c4355431d