Import Debian changes 2.66.8-1+deb11u4

d56bc666 · Simon McVittie · Dylan Aïssi · 8e78f993 · d56bc666 · d56bc666
Commit d56bc666 authored 11 months ago by Simon McVittie Committed by Dylan Aïssi 9 months ago
--- a/debian/changelog
+++ b/debian/changelog
+glib2.0 (2.66.8-1+deb11u4) bullseye; urgency=medium
+
+  * d/p/gdbusmessage-Clean-the-cached-arg0-when-setting-the-messa.patch:
+    Add patch from upstream fixing a memory leak that can occur in
+    rare situations since 2.66.8-1+deb11u2 (Closes: #1070851)
+
+ -- Simon McVittie <smcv@debian.org>  Tue, 14 May 2024 11:12:17 +0100
+
 glib2.0 (2.66.8-1+deb11u3) bullseye-security; urgency=high

  * d/p/CVE-2024-34397/gdbusconnection-Allow-name-owners-to-have-the-syntax-of-a.patch:

--- a/debian/patches/gdbusmessage-Clean-the-cached-arg0-when-setting-the-messa.patch
+++ b/debian/patches/gdbusmessage-Clean-the-cached-arg0-when-setting-the-messa.patch
+From: =?utf-8?b?Ik1hcmNvIFRyZXZpc2FuIChUcmV2acOxbyki?= <mail@3v1n0.net>
+Date: Wed, 8 May 2024 22:53:51 +0200
+Subject: gdbusmessage: Clean the cached arg0 when setting the message body
+
+We're now caching arg0 but such value is not cleared when a new body is
+set as it's in the connection filter test cases where we've a leak as
+highlighted by both valgrind and leak sanitizer
+
+Origin: upstream, 2.80.3, commit:fe89e9f3cb6e0fd0dc2bd8a2d413799e1443cef1
+Bug-Debian: https://bugs.debian.org/1070851
+---
+ gio/gdbusmessage.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/gio/gdbusmessage.c b/gio/gdbusmessage.c
+index c4357cb..ffe8827 100644
+--- a/gio/gdbusmessage.c
+++ b/gio/gdbusmessage.c
+@@ -1127,10 +1127,12 @@ g_dbus_message_set_body (GDBusMessage  *message,
+ 
+   if (message->body != NULL)
+     g_variant_unref (message->body);
+
+  g_clear_pointer (&message->arg0_cache, g_variant_unref);
+
+   if (body == NULL)
+     {
+       message->body = NULL;
+-      message->arg0_cache = NULL;
+       g_dbus_message_set_signature (message, NULL);
+     }
+   else
+@@ -1144,8 +1146,6 @@ g_dbus_message_set_body (GDBusMessage  *message,
+       if (g_variant_is_of_type (message->body, G_VARIANT_TYPE_TUPLE) &&
+           g_variant_n_children (message->body) > 0)
+         message->arg0_cache = g_variant_get_child_value (message->body, 0);
+-      else
+-        message->arg0_cache = NULL;
+ 
+       type_string = g_variant_get_type_string (body);
+       type_string_len = strlen (type_string);
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -72,3 +72,4 @@ CVE-2024-34397/tests-Add-a-test-for-matching-by-two-well-known-names.patch
 CVE-2024-34397/tests-Add-a-test-for-signal-filtering-by-well-known-name.patch
 CVE-2024-34397/tests-Ensure-that-unsubscribing-with-GetNameOwner-in-flig.patch
 CVE-2024-34397/gdbusconnection-Allow-name-owners-to-have-the-syntax-of-a.patch
+gdbusmessage-Clean-the-cached-arg0-when-setting-the-messa.patch