Hello community, here is the log from the commit of package xfconf for openSUSE:Factory checked in at 2020-11-12 22:37:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xfconf (Old) and /work/SRC/openSUSE:Factory/.xfconf.new.24930 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xfconf" Thu Nov 12 22:37:40 2020 rev:34 rq:847148 version:4.14.4 Changes: -------- --- /work/SRC/openSUSE:Factory/xfconf/xfconf.changes 2020-05-11 13:34:34.552265087 +0200 +++ /work/SRC/openSUSE:Factory/.xfconf.new.24930/xfconf.changes 2020-11-12 22:37:57.042051535 +0100 @@ -1,0 +2,6 @@ +Mon Nov 9 09:21:40 UTC 2020 - Ali Abdallah <[email protected]> + +- Update to version 4.14.4 + * fix use after free bug in xfconf-cache (gxo#xfce/xfconf#16) + +------------------------------------------------------------------- Old: ---- xfconf-4.14.3.tar.bz2 New: ---- xfconf-4.14.4.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xfconf.spec ++++++ --- /var/tmp/diff_new_pack.c8F3VD/_old 2020-11-12 22:37:58.538053097 +0100 +++ /var/tmp/diff_new_pack.c8F3VD/_new 2020-11-12 22:37:58.538053097 +0100 @@ -20,7 +20,7 @@ %define libname libxfconf-0-3 Name: xfconf -Version: 4.14.3 +Version: 4.14.4 Release: 0 Summary: Simple Configuration Storage for Xfce License: GPL-2.0-or-later ++++++ xfconf-4.14.3.tar.bz2 -> xfconf-4.14.4.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xfconf-4.14.3/ChangeLog new/xfconf-4.14.4/ChangeLog --- old/xfconf-4.14.3/ChangeLog 2020-05-06 15:54:29.000000000 +0200 +++ new/xfconf-4.14.4/ChangeLog 2020-11-09 10:04:26.000000000 +0100 @@ -1,3 +1,20 @@ +commit bc219fc9d6e051893a82a19ceb0137883a258fe4 +Author: cryptogopher <[email protected]> +Date: Fri Nov 6 01:22:47 2020 +0100 + + xfconf-cache: Fix access to freed data (#16) + + The code was based on false assumption that cancelling cancellable of + asynchronous request stops execution of callback handler. + In fact cancelling asynchronous call does not prevent callback from + geting invoked. Moreover handlers for asynchronuos call are only invoked + from thread's main loop. That means if you set property, then free cache + you will have outstanding handler invocations with dangling pointers to + XfconfCacheOldItem and no reliable way of detecting this situation + inside handler. The solution is to only free old_item(s) inside handler + and differentiate processing inside handler based on whether call has + been cancelled (by checking cancellable status). + commit 6f93e00d5092d7793524b63d0921bc569034f874 Author: Ali Abdallah <[email protected]> Date: Wed May 6 15:53:33 2020 +0200 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xfconf-4.14.3/NEWS new/xfconf-4.14.4/NEWS --- old/xfconf-4.14.3/NEWS 2020-05-06 15:52:54.000000000 +0200 +++ new/xfconf-4.14.4/NEWS 2020-11-09 10:03:24.000000000 +0100 @@ -1,3 +1,7 @@ +4.14.4 +====== +- xfconf-cache: Fix access to freed data (#16) + 4.14.3 ====== - Always provide files for vala bindings diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xfconf-4.14.3/configure new/xfconf-4.14.4/configure --- old/xfconf-4.14.3/configure 2020-05-06 15:54:16.000000000 +0200 +++ new/xfconf-4.14.4/configure 2020-11-09 10:04:07.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for xfconf 4.14.3. +# Generated by GNU Autoconf 2.69 for xfconf 4.14.4. # # Report bugs to <http://bugzilla.xfce.org/>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='xfconf' PACKAGE_TARNAME='xfconf' -PACKAGE_VERSION='4.14.3' -PACKAGE_STRING='xfconf 4.14.3' +PACKAGE_VERSION='4.14.4' +PACKAGE_STRING='xfconf 4.14.4' PACKAGE_BUGREPORT='http://bugzilla.xfce.org/' PACKAGE_URL='' @@ -1472,7 +1472,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures xfconf 4.14.3 to adapt to many kinds of systems. +\`configure' configures xfconf 4.14.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1542,7 +1542,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of xfconf 4.14.3:";; + short | recursive ) echo "Configuration of xfconf 4.14.4:";; esac cat <<\_ACEOF @@ -1698,7 +1698,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -xfconf configure 4.14.3 +xfconf configure 4.14.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2250,7 +2250,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by xfconf $as_me 4.14.3, which was +It was created by xfconf $as_me 4.14.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3116,7 +3116,7 @@ # Define the identity of the package. PACKAGE='xfconf' - VERSION='4.14.3' + VERSION='4.14.4' cat >>confdefs.h <<_ACEOF @@ -14068,7 +14068,7 @@ done -XFCONF_VERSION=4.14.3 +XFCONF_VERSION=4.14.4 LIBXFCONF_VERSION_API=0 LIBXFCONF_VERINFO=3:0:0 @@ -18471,7 +18471,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by xfconf $as_me 4.14.3, which was +This file was extended by xfconf $as_me 4.14.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -18537,7 +18537,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -xfconf config.status 4.14.3 +xfconf config.status 4.14.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xfconf-4.14.3/configure.ac new/xfconf-4.14.4/configure.ac --- old/xfconf-4.14.3/configure.ac 2020-05-06 15:54:09.000000000 +0200 +++ new/xfconf-4.14.4/configure.ac 2020-11-09 10:04:00.000000000 +0100 @@ -16,9 +16,9 @@ m4_define([libxfconf_version_api], [0]) m4_define([xfconf_version_major], [4]) m4_define([xfconf_version_minor], [14]) -m4_define([xfconf_version_micro], [3]) +m4_define([xfconf_version_micro], [4]) m4_define([xfconf_version_nano], []) -m4_define([xfconf_version_build], [6f93e00]) +m4_define([xfconf_version_build], [bc219fc]) m4_define([xfconf_version_tag], []) m4_define([xfconf_version], [xfconf_version_major().xfconf_version_minor().xfconf_version_micro()ifelse(xfconf_version_nano(), [], [], [.xfconf_version_nano()])ifelse(xfconf_version_tag(), [git], [xfconf_version_tag()-xfconf_version_build()], [xfconf_version_tag()])]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xfconf-4.14.3/docs/reference/html/index.html new/xfconf-4.14.4/docs/reference/html/index.html --- old/xfconf-4.14.3/docs/reference/html/index.html 2020-05-06 15:54:42.000000000 +0200 +++ new/xfconf-4.14.4/docs/reference/html/index.html 2020-11-09 10:04:40.000000000 +0100 @@ -14,7 +14,7 @@ <div class="titlepage"> <div> <div><table class="navigation" id="top" width="100%" cellpadding="2" cellspacing="0"><tr><th valign="middle"><p class="title">Xfconf Reference Manual</p></th></tr></table></div> -<div><p class="releaseinfo">Version 4.14.3 +<div><p class="releaseinfo">Version 4.14.4 </p></div> <div><p class="copyright">Copyright © 2017 The Xfce Development Team</p></div> <div><div class="legalnotice"> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xfconf-4.14.3/docs/reference/version.xml new/xfconf-4.14.4/docs/reference/version.xml --- old/xfconf-4.14.3/docs/reference/version.xml 2020-05-06 15:54:23.000000000 +0200 +++ new/xfconf-4.14.4/docs/reference/version.xml 2020-11-09 10:04:15.000000000 +0100 @@ -1 +1 @@ -4.14.3 +4.14.4 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xfconf-4.14.3/xfconf/xfconf-cache.c new/xfconf-4.14.4/xfconf/xfconf-cache.c --- old/xfconf-4.14.3/xfconf/xfconf-cache.c 2020-05-06 14:40:04.000000000 +0200 +++ new/xfconf-4.14.4/xfconf/xfconf-cache.c 2020-11-09 10:02:54.000000000 +0100 @@ -398,8 +398,7 @@ (GDestroyNotify)xfconf_cache_item_free); cache->pending_calls = g_hash_table_new_full(g_direct_hash, g_direct_equal, - NULL, - (GDestroyNotify)xfconf_cache_old_item_free); + NULL, NULL); cache->old_properties = g_hash_table_new_full(g_str_hash, g_str_equal, NULL, NULL); @@ -469,20 +468,25 @@ xfconf_cache_finalize(GObject *obj) { XfconfCache *cache = XFCONF_CACHE(obj); - GHashTable *pending_calls; GDBusProxy *proxy; proxy = _xfconf_get_gdbus_proxy(); g_signal_handler_disconnect(proxy,cache->g_signal_id); - /* finish pending calls (without emitting signals, therefore we set - * the hash table in the cache to %NULL) */ - pending_calls = cache->pending_calls; - cache->pending_calls = NULL; - g_hash_table_foreach_remove(pending_calls, xfconf_cache_old_item_end_call, + /* Finish pending calls with synchronous requests (without emitting + * signals, therefore we cancel the cancellable on old_item). + * Beware: even that we cancel cancellable objects for unfinished + * asynchronous calls, their handlers are guaranted to be run in the + * thread-default main context after we finish (i.e. after XfconfCache + * will be freed). Due to that, we must not free - outside of handler + * itself - the XfconfCacheOldItems provided as user_data to those + * handlers. Otherwise the handler will have no realiable way of + * knowing that call has been cancelled and will operate on freed data. */ + g_hash_table_foreach_remove(cache->pending_calls, + xfconf_cache_old_item_end_call, cache->channel_name); - g_hash_table_unref(pending_calls); + g_hash_table_unref(cache->pending_calls); g_free(cache->channel_name); @@ -597,17 +601,26 @@ gpointer user_data) { XfconfCache *cache; - XfconfCacheOldItem *old_item = NULL; + XfconfCacheOldItem *old_item = (XfconfCacheOldItem*) user_data; XfconfCacheItem *item; GError *error = NULL; gboolean result; - old_item = (XfconfCacheOldItem *) user_data; - cache = old_item->cache; old_item->pending_calls_count--; if(old_item->pending_calls_count > 0) return; + /* cancellable is cancelled in xfconf_cache_old_item_end_call to inform that + * XconfCache finalization started. That means the last value of + * property has been set synchronously, invalidating the need to run this + * handler for any previously started, unfinished asynchronous calls. */ + if (g_cancellable_is_cancelled(old_item->cancellable) == TRUE) + { + xfconf_cache_old_item_free(old_item); + return; + } + + cache = old_item->cache; xfconf_cache_mutex_lock(cache); /* old_item = g_hash_table_lookup(cache->pending_calls, call); @@ -619,8 +632,7 @@ } */ g_hash_table_remove(cache->old_properties, old_item->property); - /* don't destroy old_item yet */ - g_hash_table_steal(cache->pending_calls, old_item->cancellable); + g_hash_table_remove(cache->pending_calls, old_item->cancellable); item = g_tree_lookup(cache->properties, old_item->property); if(G_UNLIKELY(!item)) { #ifndef NDEBUG @@ -653,9 +665,7 @@ /* we handled the call */ g_cancellable_cancel(old_item->cancellable); - - if(old_item) - xfconf_cache_old_item_free(old_item); + xfconf_cache_old_item_free(old_item); out: xfconf_cache_mutex_unlock(cache); } @@ -880,11 +890,11 @@ * call hasn't returned yet. let's cancel that call and * throw away the current not-yet-committed value of * the property. - * we also steal the old_item from the pending_calls table - * so there are no pending item left. */ + * we also remove the old_item from the pending_calls table + * so there is no pending item left. */ if(!g_cancellable_is_cancelled (old_item->cancellable)) { g_cancellable_cancel(old_item->cancellable); - g_hash_table_steal(cache->pending_calls, old_item->cancellable); + g_hash_table_remove(cache->pending_calls, old_item->cancellable); g_object_unref (old_item->cancellable); old_item->cancellable = g_cancellable_new(); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xfconf-4.14.3/xfconf-perl/Makefile.in new/xfconf-4.14.4/xfconf-perl/Makefile.in --- old/xfconf-4.14.3/xfconf-perl/Makefile.in 2020-05-06 15:54:15.000000000 +0200 +++ new/xfconf-4.14.4/xfconf-perl/Makefile.in 2020-11-09 10:04:06.000000000 +0100 @@ -630,8 +630,8 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@BUILD_PERL_BINDINGS_FALSE@distclean-local: @BUILD_PERL_BINDINGS_FALSE@install-exec-local: +@BUILD_PERL_BINDINGS_FALSE@distclean-local: clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am _______________________________________________ openSUSE Commits mailing list -- [email protected] To unsubscribe, email [email protected] List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/[email protected]
