Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gtk-vnc for openSUSE:Factory checked in at 2026-06-17 16:17:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gtk-vnc (Old) and /work/SRC/openSUSE:Factory/.gtk-vnc.new.1981 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gtk-vnc" Wed Jun 17 16:17:05 2026 rev:60 rq:1359808 version:1.5.0 Changes: -------- --- /work/SRC/openSUSE:Factory/gtk-vnc/gtk-vnc.changes 2025-12-17 17:35:41.349936066 +0100 +++ /work/SRC/openSUSE:Factory/.gtk-vnc.new.1981/gtk-vnc.changes 2026-06-17 16:17:49.761833446 +0200 @@ -1,0 +2,8 @@ +Thu Jun 11 10:20:51 MDT 2026 - [email protected] + +- bsc#1266272 - "virt-manager" is crashing. + bsc#1266372 - virt-manager SIGSEGV after few minutes in + on_primary_owner_change (.... at ../src/vncdisplay.c:1944 + 009-let-GLib-manage-the-lifecycle-of-VncDisplay-GObject.patch + +------------------------------------------------------------------- New: ---- 009-let-GLib-manage-the-lifecycle-of-VncDisplay-GObject.patch _scmsync.obsinfo build.specials.obscpio ----------(New B)---------- New: on_primary_owner_change (.... at ../src/vncdisplay.c:1944 009-let-GLib-manage-the-lifecycle-of-VncDisplay-GObject.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gtk-vnc.spec ++++++ --- /var/tmp/diff_new_pack.L1frg4/_old 2026-06-17 16:17:51.325898888 +0200 +++ /var/tmp/diff_new_pack.L1frg4/_new 2026-06-17 16:17:51.325898888 +0200 @@ -1,7 +1,7 @@ # # spec file for package gtk-vnc # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2026 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -37,6 +37,7 @@ Patch6: 006-Implement-response-to-server-clipboard-REQUEST-action.patch Patch7: 007-Implement-handling-of-server-clipboard-NOTIFY-action.patch Patch8: 008-Complete-server-to-client-data-sync-PROVIDE.patch +Patch9: 009-let-GLib-manage-the-lifecycle-of-VncDisplay-GObject.patch BuildRequires: cyrus-sasl-devel BuildRequires: gobject-introspection-devel >= 0.9.4 ++++++ 009-let-GLib-manage-the-lifecycle-of-VncDisplay-GObject.patch ++++++ Subject: vncdisplay: let GLib manages the lifecycle of VncDisplay GObject From: Lin Ma [email protected] Sat Jun 6 20:41:34 2026 +0800 Date: Sat Jun 6 21:33:20 2026 +0800: Git: ad2dd3efadfdc43d99b2fcbd0f7180db2a8230e1 In gtk-vnc project, all other signals are connected to priv->conn, GLib automatically cleans up these connections when vnc_display_finalize calls g_object_unref(priv->conn). The clipboard signal is an exception, it's connected to the global singleton GtkClipboard, doesn't automatically disconnect when the VncDisplay is destroyed. This leads to a race condition issue: If an app like virt-manager/virt-viewer destroys a 'VncDisplay' at some point during the guest's startup process for some reason, and the user happens to trigger a clipboard event (double-clicking to select text on host) after the 'VncDisplay' is destroyed, it causes a crash. E.g Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `/usr/bin/virt-manager /usr/bin/virt-manager'. Program terminated with signal SIGSEGV, Segmentation fault. #0 on_primary_owner_change (clipboard=0x55869a5f7cc0, event=0x558699b78bd0, \ opaque=0x55869e0f02b0) at ../src/vncdisplay.c:1944 1944 if (priv->primary_selection_timer_id != 0) { [Current thread is 1 (Thread 0x7f15bd4535c0 (LWP 2730))] (gdb) l 1939 { 1940 VncDisplay *display = VNC_DISPLAY(opaque); 1941 VncDisplayPrivate *priv = display->priv; 1942 1943 /* If a timer is already running, cancel it first. */ 1944 if (priv->primary_selection_timer_id != 0) { // CRASHES HERE 1945 g_source_remove(priv->primary_selection_timer_id); 1946 } (gdb) info locals display = 0x55869e0f02b0 priv = 0x0 (gdb) print display $1 = (VncDisplay *) 0x55869e0f02b0 (gdb) print *display $2 = {parent = {widget = {parent_instance = {g_type_instance = {g_class = \ 0x55869eddc590}, ref_count = 0, qdata = 0x55869e8783a0}, priv = 0x0}, dummy = \ 0x0}, priv = 0x0} We can see GtkWidget's priv is NULL, indicating that dispose has been executed; ref_count is 0, indicating the object has entered the destruction process. The crash occurred in on_primary_owner_change, the callback function to the GtkClipboard::owner-change signal. The GtkClipboard returned by gtk_clipboard_get(GDK_SELECTION_PRIMARY) is a global singleton with a lifecycle identical to the entire application. This signal was never disconnected in vnc_display_finalize. Crash sequence supposed to be: VncDisplay creation -> init() connects to the clipboard signal -> VncDisplay destruction -> finalize() releases priv -> At some point, user selects text -> the clipboard "owner-change" signal is triggered -> on_primary_owner_change() retrieves the destroyed display pointer -> display->priv is NULL -> SIGSEGV This patch fixes the issue by using g_signal_connect_object instead of g_signal_connect so that GLib will automatically disconnect the signal connection when the display object is finalized. Signed-off-by: Lin Ma <[email protected]> diff --git a/src/vncdisplay.c b/src/vncdisplay.c index 704f6ba..7192b95 100644 --- a/src/vncdisplay.c +++ b/src/vncdisplay.c @@ -3145,8 +3145,8 @@ static void vnc_display_init(VncDisplay *display) G_CALLBACK(on_power_control_init), display); g_signal_connect(G_OBJECT(priv->conn), "vnc-power-control-failed", G_CALLBACK(on_power_control_fail), display); - g_signal_connect(gtk_clipboard_get(GDK_SELECTION_PRIMARY), "owner-change", - G_CALLBACK(on_primary_owner_change), display); + g_signal_connect_object(gtk_clipboard_get(GDK_SELECTION_PRIMARY), "owner-change", + G_CALLBACK(on_primary_owner_change), display, 0); g_signal_connect(display, "focus-in-event", G_CALLBACK(on_focus_in), display); g_signal_connect(G_OBJECT(priv->conn), "vnc-clipboard-data-received", ++++++ _scmsync.obsinfo ++++++ mtime: 1781213128 commit: b4f0353acec349c96dbabd974c0a6f205a667d9cc6301eb8567cfbba50003215 url: https://src.opensuse.org/GNOME/gtk-vnc revision: b4f0353acec349c96dbabd974c0a6f205a667d9cc6301eb8567cfbba50003215 projectscmsync: https://src.opensuse.org/GNOME/_ObsPrj ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-06-11 23:25:28.000000000 +0200 @@ -0,0 +1,4 @@ +*.obscpio +*.osc +_build.* +.pbuild
