Jan Alexander Steffens (heftig) pushed to branch main at Arch Linux / Packaging / Packages / upower
Commits: 014caad2 by Jan Alexander Steffens (heftig) at 2024-08-31T11:22:09+02:00 1.90.5-2: Fix a case of heap corruption See: https://gitlab.freedesktop.org/upower/upower/-/merge_requests/233 - - - - - 3 changed files: - .SRCINFO - + 0001-up-polkit-Add-G_ADD_PRIVATE-UpPolkit.patch - PKGBUILD Changes: ===================================== .SRCINFO ===================================== @@ -1,7 +1,7 @@ pkgbase = upower pkgdesc = Abstraction for enumerating power devices, listening to device events and querying history and statistics pkgver = 1.90.5 - pkgrel = 1 + pkgrel = 2 url = https://upower.freedesktop.org arch = x86_64 license = GPL-2.0-or-later @@ -24,7 +24,9 @@ pkgbase = upower optdepends = usbmuxd: Read charge status of iOS devices backup = etc/UPower/UPower.conf source = git+https://gitlab.freedesktop.org/upower/upower.git#tag=v1.90.5 + source = 0001-up-polkit-Add-G_ADD_PRIVATE-UpPolkit.patch b2sums = 7dd53845a7df3e1c58c00431a329a621df2c034a9cd0ed4d4f5def67d993b05eb7b030abb50fbcfc7af1a432c1413f97905c70b28ca3aef619d148f6ad035669 + b2sums = 7e85772dd9cc4099ccfb74f185c56683e52899c9e041d5797d83e2a8225b7f5554214368ce3df68cb23b1c526745a45774a54cc2c7a2b96859de10569744df24 pkgname = upower depends = gcc-libs ===================================== 0001-up-polkit-Add-G_ADD_PRIVATE-UpPolkit.patch ===================================== @@ -0,0 +1,27 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <[email protected]> +Date: Sat, 31 Aug 2024 11:05:54 +0200 +Subject: [PATCH] up-polkit: Add `G_ADD_PRIVATE (UpPolkit)` + +Without this, accesses to `UpPolkitPrivate` are actually out of bounds +and writing to it will cause heap corruption. + +Fixes: https://gitlab.freedesktop.org/upower/upower/-/issues/281 +--- + src/up-polkit.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/up-polkit.c b/src/up-polkit.c +index 0ede5a7b98a2..e0ba246f08d8 100644 +--- a/src/up-polkit.c ++++ b/src/up-polkit.c +@@ -43,7 +43,8 @@ struct UpPolkitPrivate + #endif + }; + +-G_DEFINE_TYPE (UpPolkit, up_polkit, G_TYPE_OBJECT) ++G_DEFINE_TYPE_WITH_CODE (UpPolkit, up_polkit, G_TYPE_OBJECT, ++ G_ADD_PRIVATE (UpPolkit)) + static gpointer up_polkit_object = NULL; + + #ifdef HAVE_POLKIT ===================================== PKGBUILD ===================================== @@ -3,7 +3,7 @@ pkgname=upower pkgver=1.90.5 -pkgrel=1 +pkgrel=2 pkgdesc="Abstraction for enumerating power devices, listening to device events and querying history and statistics" url="https://upower.freedesktop.org"; arch=(x86_64) @@ -32,11 +32,18 @@ makedepends=( usbmuxd ) backup=(etc/UPower/UPower.conf) -source=("git+https://gitlab.freedesktop.org/upower/upower.git#tag=v$pkgver";) -b2sums=('7dd53845a7df3e1c58c00431a329a621df2c034a9cd0ed4d4f5def67d993b05eb7b030abb50fbcfc7af1a432c1413f97905c70b28ca3aef619d148f6ad035669') +source=( + "git+https://gitlab.freedesktop.org/upower/upower.git#tag=v$pkgver"; + 0001-up-polkit-Add-G_ADD_PRIVATE-UpPolkit.patch +) +b2sums=('7dd53845a7df3e1c58c00431a329a621df2c034a9cd0ed4d4f5def67d993b05eb7b030abb50fbcfc7af1a432c1413f97905c70b28ca3aef619d148f6ad035669' + '7e85772dd9cc4099ccfb74f185c56683e52899c9e041d5797d83e2a8225b7f5554214368ce3df68cb23b1c526745a45774a54cc2c7a2b96859de10569744df24') prepare() { cd upower + + # https://gitlab.freedesktop.org/upower/upower/-/issues/281 + git apply -3 ../0001-up-polkit-Add-G_ADD_PRIVATE-UpPolkit.patch } build() { View it on GitLab: https://gitlab.archlinux.org/archlinux/packaging/packages/upower/-/commit/014caad2a4078e9fa94f07909f9b62e1d5268333 -- View it on GitLab: https://gitlab.archlinux.org/archlinux/packaging/packages/upower/-/commit/014caad2a4078e9fa94f07909f9b62e1d5268333 You're receiving this email because of your account on gitlab.archlinux.org.
