From a3f21c1849e4db817fbce22ee55498ace4d1f3a6 Mon Sep 17 00:00:00 2001 From: Tomas Bzatek Date: Tue, 21 Jun 2011 12:49:19 +0200 Subject: [PATCH] Fix fortify fail in gsd-color-manager.c (#714625) --- ...ttings-daemon-3.1.3-color-widestring.patch | 81 +++++++++++++++++++ gnome-settings-daemon.spec | 9 ++- 2 files changed, 89 insertions(+), 1 deletion(-) create mode 100644 gnome-settings-daemon-3.1.3-color-widestring.patch diff --git a/gnome-settings-daemon-3.1.3-color-widestring.patch b/gnome-settings-daemon-3.1.3-color-widestring.patch new file mode 100644 index 0000000..03ca675 --- /dev/null +++ b/gnome-settings-daemon-3.1.3-color-widestring.patch @@ -0,0 +1,81 @@ +From ac60d0ae037096859cf452d074e9bd345974c786 Mon Sep 17 00:00:00 2001 +From: Richard Hughes +Date: Mon, 20 Jun 2011 16:41:28 +0000 +Subject: color: Fix a potential buffer-overflow when converting to wide text + +Thanks to fortify protection, g-s-d fails to build for some distros. +Copy the fix from Colin that went into colord a few days ago. +--- +diff --git a/plugins/color/gsd-color-manager.c b/plugins/color/gsd-color-manager.c +index 0b1c882..0391175 100644 +--- a/plugins/color/gsd-color-manager.c ++++ b/plugins/color/gsd-color-manager.c +@@ -87,10 +87,10 @@ typedef struct { + GQuark + gsd_color_manager_error_quark (void) + { +- static GQuark quark = 0; +- if (!quark) +- quark = g_quark_from_static_string ("gsd_color_manager_error"); +- return quark; ++ static GQuark quark = 0; ++ if (!quark) ++ quark = g_quark_from_static_string ("gsd_color_manager_error"); ++ return quark; + } + + static GcmEdid * +@@ -492,17 +492,46 @@ out: + } + + #ifdef HAVE_NEW_LCMS ++static wchar_t * ++utf8_to_wchar_t (const char *src) ++{ ++ gsize len; ++ gsize converted; ++ wchar_t *buf = NULL; ++ ++ len = mbstowcs (NULL, src, 0); ++ if (len < 0) { ++ g_warning ("Invalid UTF-8 in string %s", src); ++ goto out; ++ } ++ len += 1; ++ buf = g_malloc (sizeof (wchar_t) * len); ++ converted = mbstowcs (buf, src, len - 1); ++ g_assert (converted != -1); ++ buf[converted] = '\0'; ++out: ++ return buf; ++} ++ + static cmsBool + _cmsDictAddEntryAscii (cmsHANDLE dict, + const gchar *key, + const gchar *value) + { +- cmsBool ret; +- wchar_t mb_key[1024]; +- wchar_t mb_value[1024]; +- mbstowcs (mb_key, key, sizeof (mb_key)); +- mbstowcs (mb_value, value, sizeof (mb_value)); ++ cmsBool ret = FALSE; ++ wchar_t *mb_key = NULL; ++ wchar_t *mb_value = NULL; ++ ++ mb_key = utf8_to_wchar_t (key); ++ if (mb_key == NULL) ++ goto out; ++ mb_value = utf8_to_wchar_t (value); ++ if (mb_value == NULL) ++ goto out; + ret = cmsDictAddEntry (dict, mb_key, mb_value, NULL, NULL); ++out: ++ g_free (mb_key); ++ g_free (mb_value); + return ret; + } + #endif /* HAVE_NEW_LCMS */ +-- +cgit v0.9 diff --git a/gnome-settings-daemon.spec b/gnome-settings-daemon.spec index 016280d..38b4113 100644 --- a/gnome-settings-daemon.spec +++ b/gnome-settings-daemon.spec @@ -1,6 +1,6 @@ Name: gnome-settings-daemon Version: 3.1.2 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The daemon sharing settings from GNOME to GTK+/KDE applications Group: System Environment/Daemons @@ -9,6 +9,9 @@ URL: http://download.gnome.org/sources/%{name} #VCS: git:git://git.gnome.org/gnome-settings-daemon Source: http://download.gnome.org/sources/%{name}/3.1/%{name}-%{version}.tar.xz +# from upstream +Patch0: gnome-settings-daemon-3.1.3-color-widestring.patch + Requires(pre): GConf2 >= 2.14 Requires(preun): GConf2 >= 2.14 Requires(post): GConf2 >= 2.14 @@ -57,6 +60,7 @@ developing applications that use %{name}. %prep %setup -q +%patch0 -p1 -b .color-wide # autoreconf -i -f @@ -210,6 +214,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %{_datadir}/gnome-settings-daemon-3.0/input-device-example.sh %changelog +* Tue Jun 21 2011 Tomas Bzatek - 3.1.2-2 +- Fix fortify fail in gsd-color-manager.c (#714625) + * Wed Jun 15 2011 Tomas Bzatek - 3.1.2-1 - Update to 3.1.2