Bug#1059705: bookworm-pu: package pluma/1.26.0-1+deb12u1

Sat, 30 Dec 2023 07:27:35 -0800 

Package: release.debian.org
Severity: normal
Tags: bookworm
User: [email protected]
Usertags: pu
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:pluma

While prepare upload of pluma 1.26.1-1 a bookworm-pu upload has been
prepared cherry-picking various fixes from upstream (one mem leak issue,
one out-of-bounds write issue, one double extensions activation issue.

[ Reason ]
Backporting upstream fixes to pluma in bookworm.

[ Impact ]
The named issues remain unfixed in bookworm's pluma version.

[ Tests ]
Manually.

[ Risks ]
Regressions may occur for all pluma users.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

+  * debian/patches:
+    + Add 0001_pluma-plugins-engine-fix-memory-leak.patch,
+      0002_Fix-double-activation-of-extensions.patch and
+      0003_Fix-out-of-bounds-write.patch (cherry-picked from
+      v1.26.1). Fixing a mem leak issue, double extensions activation
+      and an out-of-bounds write issue.

[ Other info ]
None.

diff -Nru pluma-1.26.0/debian/changelog pluma-1.26.0/debian/changelog
--- pluma-1.26.0/debian/changelog       2021-12-13 10:55:21.000000000 +0100
+++ pluma-1.26.0/debian/changelog       2023-12-30 16:04:26.000000000 +0100
@@ -1,3 +1,14 @@
+pluma (1.26.0-1+deb12u1) bookworm; urgency=medium
+
+  * debian/patches:
+    + Add 0001_pluma-plugins-engine-fix-memory-leak.patch,
+      0002_Fix-double-activation-of-extensions.patch and
+      0003_Fix-out-of-bounds-write.patch (cherry-picked from
+      v1.26.1). Fixing a mem leak issue, double extensions activation
+      and an out-of-bounds write issue.
+
+ -- Mike Gabriel <[email protected]>  Sat, 30 Dec 2023 16:04:26 +0100
+
 pluma (1.26.0-1) unstable; urgency=medium
 
   [ Martin Wimpress ]
diff -Nru 
pluma-1.26.0/debian/patches/0001_pluma-plugins-engine-fix-memory-leak.patch 
pluma-1.26.0/debian/patches/0001_pluma-plugins-engine-fix-memory-leak.patch
--- pluma-1.26.0/debian/patches/0001_pluma-plugins-engine-fix-memory-leak.patch 
1970-01-01 01:00:00.000000000 +0100
+++ pluma-1.26.0/debian/patches/0001_pluma-plugins-engine-fix-memory-leak.patch 
2023-12-30 15:57:19.000000000 +0100
@@ -0,0 +1,39 @@
+From f46395ba21cc7fd14e1679ee6c4bc1c5cda81355 Mon Sep 17 00:00:00 2001
+From: rbuj <[email protected]>
+Date: Sat, 23 Oct 2021 03:54:46 +0200
+Subject: [PATCH 1/3] pluma-plugins-engine: fix memory leak
+
+Signed-off-by: Mike Gabriel <[email protected]>
+---
+ pluma/pluma-plugins-engine.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/pluma/pluma-plugins-engine.c b/pluma/pluma-plugins-engine.c
+index cf76313..cb5e2c4 100644
+--- a/pluma/pluma-plugins-engine.c
++++ b/pluma/pluma-plugins-engine.c
+@@ -57,6 +57,7 @@ static void
+ pluma_plugins_engine_init (PlumaPluginsEngine *engine)
+ {
+       GError *error = NULL;
++      char *user_plugins_dir;
+ 
+       pluma_debug (DEBUG_PLUGINS);
+ 
+@@ -89,9 +90,11 @@ pluma_plugins_engine_init (PlumaPluginsEngine *engine)
+               g_clear_error (&error);
+       }
+ 
++      user_plugins_dir = pluma_dirs_get_user_plugins_dir ();
+       peas_engine_add_search_path (PEAS_ENGINE (engine),
+-                                   pluma_dirs_get_user_plugins_dir (),
+-                                   pluma_dirs_get_user_plugins_dir ());
++                                   user_plugins_dir,
++                                   user_plugins_dir);
++      g_free (user_plugins_dir);
+ 
+       peas_engine_add_search_path (PEAS_ENGINE (engine),
+                                    PLUMA_LIBDIR "/plugins",
+-- 
+2.39.2
+
diff -Nru 
pluma-1.26.0/debian/patches/0002_Fix-double-activation-of-extensions.patch 
pluma-1.26.0/debian/patches/0002_Fix-double-activation-of-extensions.patch
--- pluma-1.26.0/debian/patches/0002_Fix-double-activation-of-extensions.patch  
1970-01-01 01:00:00.000000000 +0100
+++ pluma-1.26.0/debian/patches/0002_Fix-double-activation-of-extensions.patch  
2023-12-30 15:59:49.000000000 +0100
@@ -0,0 +1,29 @@
+From e1d9f852ab4f9b1c162385f5aac1b598f563b17a Mon Sep 17 00:00:00 2001
+From: mbkma <[email protected]>
+Date: Tue, 23 Nov 2021 22:40:26 +0100
+Subject: [PATCH 2/3] Fix double activation of extensions
+
+Signed-off-by: Mike Gabriel <[email protected]>
+---
+ pluma/pluma-view.c | 9 ++-------
+ 1 file changed, 2 insertions(+), 7 deletions(-)
+
+diff --git a/pluma/pluma-view.c b/pluma/pluma-view.c
+index 4a353e1..672cca8 100644
+--- a/pluma/pluma-view.c
++++ b/pluma/pluma-view.c
+@@ -413,11 +413,6 @@ on_notify_buffer_cb (PlumaView  *view,
+                       "search_highlight_updated",
+                       G_CALLBACK (search_highlight_updated_cb),
+                       view);
+-
+-    /* We only activate the extensions when the right buffer is set,
+-     * because most plugins will expect this behaviour, and we won't
+-     * change the buffer later anyway. */
+-    peas_extension_set_call (view->priv->extensions, "activate", view);
+ }
+ 
+ #ifdef GTK_SOURCE_VERSION_3_24
+-- 
+2.39.2
+
diff -Nru pluma-1.26.0/debian/patches/0003_Fix-out-of-bounds-write.patch 
pluma-1.26.0/debian/patches/0003_Fix-out-of-bounds-write.patch
--- pluma-1.26.0/debian/patches/0003_Fix-out-of-bounds-write.patch      
1970-01-01 01:00:00.000000000 +0100
+++ pluma-1.26.0/debian/patches/0003_Fix-out-of-bounds-write.patch      
2023-12-30 15:57:19.000000000 +0100
@@ -0,0 +1,30 @@
+From 8ca37beb259f7a62fef2005e888248ec880e44cd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bal=C3=A1zs=20Dura-Kov=C3=A1cs?= <[email protected]>
+Date: Thu, 18 Aug 2022 17:44:41 +0200
+Subject: [PATCH 3/3] Fix out-of-bounds write
+
+Closes https://github.com/mate-desktop/pluma/issues/664
+
+The size of tempfont was one byte too short, so strcpy performed an 
out-of-bounds write of the terminating 0.
+
+Signed-off-by: Mike Gabriel <[email protected]>
+---
+ pluma/pluma-window.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pluma/pluma-window.c b/pluma/pluma-window.c
+index 1ca50ec..f31288d 100644
+--- a/pluma/pluma-window.c
++++ b/pluma/pluma-window.c
+@@ -318,7 +318,7 @@ pluma_window_key_press_event (GtkWidget   *widget,
+         g_strcanon (tempsize, "1234567890", '\0');
+         g_strreverse (tempsize);
+ 
+-        gchar tempfont [strlen (font)];
++        gchar tempfont [strlen (font) + 1];
+         strcpy (tempfont, font);
+         tempfont [strlen (font) - strlen (tempsize)] = 0;
+ 
+-- 
+2.39.2
+
diff -Nru pluma-1.26.0/debian/patches/series pluma-1.26.0/debian/patches/series
--- pluma-1.26.0/debian/patches/series  2021-12-13 10:55:21.000000000 +0100
+++ pluma-1.26.0/debian/patches/series  2023-12-30 15:58:00.000000000 +0100
@@ -1 +1,4 @@
 2001_fix-bin-sh-path-in-shebang.patch
+0001_pluma-plugins-engine-fix-memory-leak.patch
+0002_Fix-double-activation-of-extensions.patch
+0003_Fix-out-of-bounds-write.patch

Reply via email to