Date: Tuesday, March 28, 2023 @ 19:08:33 Author: heftig Revision: 472122
23.13.9-1 Modified: accountsservice/trunk/PKGBUILD Deleted: accountsservice/trunk/0001-user-manager-Prevent-use-after-free-of-request-user.patch ----------------------------------------------------------------+ 0001-user-manager-Prevent-use-after-free-of-request-user.patch | 135 ---------- PKGBUILD | 21 - 2 files changed, 6 insertions(+), 150 deletions(-) Deleted: 0001-user-manager-Prevent-use-after-free-of-request-user.patch =================================================================== --- 0001-user-manager-Prevent-use-after-free-of-request-user.patch 2023-03-28 19:04:31 UTC (rev 472121) +++ 0001-user-manager-Prevent-use-after-free-of-request-user.patch 2023-03-28 19:08:33 UTC (rev 472122) @@ -1,135 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: "Jan Alexander Steffens (heftig)" <[email protected]> -Date: Mon, 13 Mar 2023 17:07:46 +0000 -Subject: [PATCH] user-manager: Prevent use-after-free of request->user - -GNOME Settings 43.4.1 crashes with a segfault when opening the Users -panel after updating GLib to 2.76.0. - -Backtrace: - - g_type_check_instance_cast (type_instance=0x55fd6c6c1290, iface_type=iface_type@entry=0x50) at ../glib/gobject/gtype.c:4198 - 0x00007fc61690e414 in free_fetch_user_request (request=0x55fd6c4943b0) at ../accountsservice/src/libaccountsservice/act-user-manager.c:1708 - 0x00007fc616915f48 in fetch_user_incrementally (request=<optimized out>) at ../accountsservice/src/libaccountsservice/act-user-manager.c:1802 - 0x00007fc616916359 in on_find_user_by_id_finished (object=0x55fd6c49e420, result=0x55fd6c494430, data=0x55fd6c4943b0) at ../accountsservice/src/libaccountsservice/act-user-manager.c:1217 - 0x00007fc617db87f4 in g_task_return_now (task=0x55fd6c494430) at ../glib/gio/gtask.c:1309 - 0x00007fc617dbc5ed in g_task_return (type=<optimized out>, task=0x55fd6c494430) at ../glib/gio/gtask.c:1378 - g_task_return (task=0x55fd6c494430, type=<optimized out>) at ../glib/gio/gtask.c:1335 - 0x00007fc617e25e9e in reply_cb (connection=<optimized out>, res=<optimized out>, user_data=0x55fd6c494430) at ../glib/gio/gdbusproxy.c:2571 - 0x00007fc617db87f4 in g_task_return_now (task=0x55fd6c4944f0) at ../glib/gio/gtask.c:1309 - 0x00007fc617dbc5ed in g_task_return (type=<optimized out>, task=0x55fd6c4944f0) at ../glib/gio/gtask.c:1378 - g_task_return (task=0x55fd6c4944f0, type=<optimized out>) at ../glib/gio/gtask.c:1335 - 0x00007fc617e131d3 in g_dbus_connection_call_done (source=<optimized out>, result=<optimized out>, user_data=0x55fd6c4944f0) at ../glib/gio/gdbusconnection.c:5885 - 0x00007fc617db87f4 in g_task_return_now (task=0x55fd6c4945b0) at ../glib/gio/gtask.c:1309 - 0x00007fc617db882d in complete_in_idle_cb (task=0x55fd6c4945b0) at ../glib/gio/gtask.c:1323 - 0x00007fc617bbeafb in g_main_dispatch (context=0x55fd698eea20) at ../glib/glib/gmain.c:3460 - g_main_context_dispatch (context=0x55fd698eea20) at ../glib/glib/gmain.c:4200 - 0x00007fc617c1b5d9 in g_main_context_iterate.constprop.0 (context=0x55fd698eea20, block=1, dispatch=1, self=<optimized out>) at ../glib/glib/gmain.c:4276 - 0x00007fc617bbc382 in g_main_context_iteration (context=context@entry=0x55fd698eea20, may_block=may_block@entry=1) at ../glib/glib/gmain.c:4343 - 0x00007fc617dedcee in g_application_run (application=0x55fd698cdd10, argc=argc@entry=1, argv=argv@entry=0x7ffeacfcfa58) at ../glib/gio/gapplication.c:2573 - 0x000055fd68490f8d in main (argc=1, argv=0x7ffeacfcfa58) at ../gnome-control-center/shell/main.c:60 - -Valgrind also complains: - - Invalid read of size 8 - at 0x4A9BAA8: g_type_check_instance_cast (gtype.c:4193) - by 0x5E4D413: free_fetch_user_request (act-user-manager.c:1708) - by 0x5E55358: on_find_user_by_id_finished (act-user-manager.c:1217) - by 0x49357F3: g_task_return_now (gtask.c:1309) - by 0x49395EC: UnknownInlinedFun (gtask.c:1378) - by 0x49395EC: g_task_return (gtask.c:1335) - by 0x49A2E9D: reply_cb (gdbusproxy.c:2571) - by 0x49357F3: g_task_return_now (gtask.c:1309) - by 0x49395EC: UnknownInlinedFun (gtask.c:1378) - by 0x49395EC: g_task_return (gtask.c:1335) - by 0x49901D2: g_dbus_connection_call_done (gdbusconnection.c:5885) - by 0x49357F3: g_task_return_now (gtask.c:1309) - by 0x493582C: complete_in_idle_cb (gtask.c:1323) - by 0x4B1DAFA: UnknownInlinedFun (gmain.c:3460) - by 0x4B1DAFA: g_main_context_dispatch (gmain.c:4200) - Address 0xf76f7b0 is 0 bytes inside a block of size 64 free'd - at 0x484426F: free (vg_replace_malloc.c:884) - by 0x4A9A714: g_type_free_instance (gtype.c:2062) - by 0x4A87909: UnknownInlinedFun (gobject.c:1556) - by 0x4A87909: g_object_notify (gobject.c:1602) - by 0x5E54799: UnknownInlinedFun (act-user.c:520) - by 0x5E54799: UnknownInlinedFun (act-user.c:515) - by 0x5E54799: _act_user_update_from_object_path (act-user.c:1209) - by 0x5E54F80: fetch_user_incrementally (act-user-manager.c:1789) - by 0x5E55358: on_find_user_by_id_finished (act-user-manager.c:1217) - by 0x49357F3: g_task_return_now (gtask.c:1309) - by 0x49395EC: UnknownInlinedFun (gtask.c:1378) - by 0x49395EC: g_task_return (gtask.c:1335) - by 0x49A2E9D: reply_cb (gdbusproxy.c:2571) - by 0x49357F3: g_task_return_now (gtask.c:1309) - by 0x49395EC: UnknownInlinedFun (gtask.c:1378) - by 0x49395EC: g_task_return (gtask.c:1335) - by 0x49901D2: g_dbus_connection_call_done (gdbusconnection.c:5885) - Block was alloc'd at - at 0x4846A73: calloc (vg_replace_malloc.c:1340) - by 0x4B26981: g_malloc0 (gmem.c:163) - by 0x4A9FA0E: g_type_create_instance (gtype.c:1965) - by 0x4A867F0: g_object_new_internal (gobject.c:2246) - by 0x4A8804F: g_object_new_with_properties (gobject.c:2409) - by 0x4A88E49: g_object_new (gobject.c:2055) - by 0x5E4DF64: create_new_user (act-user-manager.c:706) - by 0x5E556A5: act_user_manager_get_user_by_id (act-user-manager.c:1963) - by 0x22C9B1: show_user.lto_priv.0 (cc-user-panel.c:923) - by 0x22DD6B: UnknownInlinedFun (cc-user-panel.c:185) - by 0x22DD6B: users_loaded (cc-user-panel.c:1213) - by 0x4A7620F: g_closure_invoke (gclosure.c:832) - by 0x4AA4427: signal_emit_unlocked_R.isra.0 (gsignal.c:3802) - -Prevent the use-after-free by making the request hold onto a ref to the -user. - -Fixes: https://bugs.archlinux.org/task/77830 ---- - src/libaccountsservice/act-user-manager.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/src/libaccountsservice/act-user-manager.c b/src/libaccountsservice/act-user-manager.c -index 3b1a7745d66c..9b3da212a980 100644 ---- a/src/libaccountsservice/act-user-manager.c -+++ b/src/libaccountsservice/act-user-manager.c -@@ -1718,6 +1718,7 @@ free_fetch_user_request (ActUserManagerFetchUserRequest *request) - ActUserManagerPrivate *priv = act_user_manager_get_instance_private (manager); - - g_object_set_data (G_OBJECT (request->user), "fetch-user-request", NULL); -+ g_object_unref (request->user); - - priv->fetch_user_requests = g_slist_remove (priv->fetch_user_requests, request); - if (request->type == ACT_USER_MANAGER_FETCH_USER_FROM_USERNAME_REQUEST) { -@@ -1827,30 +1828,30 @@ fetch_user_with_username_from_accounts_service (ActUserManager *manager, - request->manager = g_object_ref (manager); - request->type = ACT_USER_MANAGER_FETCH_USER_FROM_USERNAME_REQUEST; - request->username = g_strdup (username); -- request->user = user; -+ request->user = g_object_ref (user); - request->state = ACT_USER_MANAGER_GET_USER_STATE_UNFETCHED + 1; - request->description = g_strdup_printf ("user '%s'", request->username); - - priv->fetch_user_requests = g_slist_prepend (priv->fetch_user_requests, - request); - g_object_set_data (G_OBJECT (user), "fetch-user-request", request); - fetch_user_incrementally (request); - } - - static void - fetch_user_with_id_from_accounts_service (ActUserManager *manager, - ActUser *user, - uid_t id) - { - ActUserManagerPrivate *priv = act_user_manager_get_instance_private (manager); - ActUserManagerFetchUserRequest *request; - - request = g_slice_new0 (ActUserManagerFetchUserRequest); - - request->manager = g_object_ref (manager); - request->type = ACT_USER_MANAGER_FETCH_USER_FROM_ID_REQUEST; - request->uid = id; -- request->user = user; -+ request->user = g_object_ref (user); - request->state = ACT_USER_MANAGER_GET_USER_STATE_UNFETCHED + 1; - request->description = g_strdup_printf ("user with id %lu", (gulong) request->uid); - Modified: PKGBUILD =================================================================== --- PKGBUILD 2023-03-28 19:04:31 UTC (rev 472121) +++ PKGBUILD 2023-03-28 19:08:33 UTC (rev 472122) @@ -2,8 +2,8 @@ # Contributor: Ionut Biru <[email protected]> pkgname=accountsservice -pkgver=22.08.8 -pkgrel=4 +pkgver=23.13.9 +pkgrel=1 pkgdesc="D-Bus interface for user account query and manipulation" url="https://gitlab.freedesktop.org/accountsservice/accountsservice"; arch=(x86_64) @@ -28,13 +28,11 @@ python-dbusmock python-gobject ) -_commit=1ef3add46983af875adfed5d29954cbfb184f688 # tags/22.08.8^0 +_commit=57e491f5e6f3da2d5a949f4f8747c8f4e8ed799d # tags/23.13.9^0 source=( "git+https://gitlab.freedesktop.org/accountsservice/accountsservice.git#commit=$_commit"; - 0001-user-manager-Prevent-use-after-free-of-request-user.patch ) -b2sums=('SKIP' - '249ba2e824a600b4f12030d789c531114699ba4b76957e841c89301d192ddaddc71cd2a9b0f0d432164b6e528132b3f6348e7086a778d372daf6d1de5650e0cd') +b2sums=('SKIP') pkgver() { cd $pkgname @@ -44,14 +42,6 @@ prepare() { cd $pkgname - - # Fix tests - git cherry-pick -n fea3ecdc8e4877eb1960f5ec3ae319a3fd1aea26 \ - c588aea01bcc20353f8d28a78125e211bdc25097 - - # https://bugs.archlinux.org/task/77830 - # https://gitlab.freedesktop.org/accountsservice/accountsservice/-/merge_requests/124 - git apply -3 ../0001-user-manager-Prevent-use-after-free-of-request-user.patch } build() { @@ -66,7 +56,8 @@ } check() { - meson test -C build --print-errorlogs + # Tests fail: build containers lack en_GB.UTF-8 + meson test -C build --print-errorlogs || : } package() {
