Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package mate-desktop The change fixes two memleaks and one use-after-free issue in mate-desktop, one of the core libraries of MATE Desktop Environment. [ Reason ] + * debian/patches: + + Trivial rebase of 001_prefer-x-terminal-emulator.patch. + + Add patches 0001 and 0002. Fix two memory leaks. + + Add patch 0003 fix use-after-free issue. (Closes: #1033719). -> Self-explaining. + * debian/control: + + In bin:pkg libmate-desktop-dev switch from libgdk-pixbuf2.0-dev + (deprecated) to libgdk-pixbuf-2.0-dev. Thanks, lintian. -> libgdk-pixbuf2.0-dev deprecation, hinted by lintian. + * debian/copyright: + + Update copyright attribution for debian/ folder. -> update copyright attributions. [ Impact ] Minimal. MATE Desktop Environment will be affected by this change, ideally to the better. [ Tests ] Manual package test. Patch review. Patches already applied in new upstream release 1.26.1. [ Risks ] If patches are bad or introduce regressions, MATE Desktop might break / suffer from the change. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] None unblock mate-desktop/1.26.0-2
diff -Nru mate-desktop-1.26.0/debian/changelog mate-desktop-1.26.0/debian/changelog --- mate-desktop-1.26.0/debian/changelog 2021-12-10 20:59:48.000000000 +0100 +++ mate-desktop-1.26.0/debian/changelog 2023-04-25 16:35:44.000000000 +0200 @@ -1,3 +1,17 @@ +mate-desktop (1.26.0-2) unstable; urgency=medium + + * debian/patches: + + Trivial rebase of 001_prefer-x-terminal-emulator.patch. + + Add patches 0001 and 0002. Fix two memory leaks. + + Add patch 0003 fix use-after-free issue. (Closes: #1033719). + * debian/control: + + In bin:pkg libmate-desktop-dev switch from libgdk-pixbuf2.0-dev + (deprecated) to libgdk-pixbuf-2.0-dev. Thanks, lintian. + * debian/copyright: + + Update copyright attribution for debian/ folder. + + -- Mike Gabriel <sunwea...@debian.org> Tue, 25 Apr 2023 16:35:44 +0200 + mate-desktop (1.26.0-1) unstable; urgency=medium [ Martin Wimpress ] diff -Nru mate-desktop-1.26.0/debian/control mate-desktop-1.26.0/debian/control --- mate-desktop-1.26.0/debian/control 2021-12-10 20:59:48.000000000 +0100 +++ mate-desktop-1.26.0/debian/control 2023-04-25 16:35:44.000000000 +0200 @@ -100,7 +100,7 @@ Architecture: any Multi-Arch: same Depends: libdconf-dev, - libgdk-pixbuf2.0-dev, + libgdk-pixbuf-2.0-dev, libgtk-3-dev, libmate-desktop-2-17 (= ${binary:Version}), libstartup-notification0-dev, diff -Nru mate-desktop-1.26.0/debian/copyright mate-desktop-1.26.0/debian/copyright --- mate-desktop-1.26.0/debian/copyright 2021-12-10 20:59:48.000000000 +0100 +++ mate-desktop-1.26.0/debian/copyright 2023-04-25 16:35:44.000000000 +0200 @@ -232,7 +232,7 @@ Files: debian/* Copyright: 2011-2013, Stefano Karapetsas <stef...@karapetsas.com> - 2013-2015, Mike Gabriel <sunwea...@debian.org> + 2013-2023, Mike Gabriel <sunwea...@debian.org> License: GPL-2+ or LGPL-2+ or Expat License: GPL-2+ diff -Nru mate-desktop-1.26.0/debian/patches/0001_mate-bg-fix-memory-leak.patch mate-desktop-1.26.0/debian/patches/0001_mate-bg-fix-memory-leak.patch --- mate-desktop-1.26.0/debian/patches/0001_mate-bg-fix-memory-leak.patch 1970-01-01 01:00:00.000000000 +0100 +++ mate-desktop-1.26.0/debian/patches/0001_mate-bg-fix-memory-leak.patch 2023-04-25 16:30:40.000000000 +0200 @@ -0,0 +1,30 @@ +From 2fbe25e7ad9c7678db2f3e34f76c9ee4e37d80d9 Mon Sep 17 00:00:00 2001 +From: rbuj <robert....@gmail.com> +Date: Mon, 8 Nov 2021 12:44:21 +0100 +Subject: [PATCH] mate-bg: fix memory leak + +--- + libmate-desktop/mate-bg.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/libmate-desktop/mate-bg.c b/libmate-desktop/mate-bg.c +index e5119759e..62cc5e59e 100644 +--- a/libmate-desktop/mate-bg.c ++++ b/libmate-desktop/mate-bg.c +@@ -3197,9 +3197,13 @@ mate_bg_changes_with_time (MateBG *bg) + if (!bg->filename) + return FALSE; + +- show = get_as_slideshow (bg, bg->filename); +- if (show) +- return g_queue_get_length (show->slides) > 1; ++ if ((show = get_as_slideshow (bg, bg->filename)) != NULL) { ++ gboolean result; ++ ++ result = (g_queue_get_length (show->slides) > 1) ? TRUE : FALSE; ++ slideshow_unref (show); ++ return result; ++ } + + return FALSE; + } diff -Nru mate-desktop-1.26.0/debian/patches/0002_mate-desktop-thumbnail-fix-memory-leak.patch mate-desktop-1.26.0/debian/patches/0002_mate-desktop-thumbnail-fix-memory-leak.patch --- mate-desktop-1.26.0/debian/patches/0002_mate-desktop-thumbnail-fix-memory-leak.patch 1970-01-01 01:00:00.000000000 +0100 +++ mate-desktop-1.26.0/debian/patches/0002_mate-desktop-thumbnail-fix-memory-leak.patch 2023-04-25 16:31:19.000000000 +0200 @@ -0,0 +1,21 @@ +From 7f9225f08b84d58ccddbc88c7c4cc176c151fdb9 Mon Sep 17 00:00:00 2001 +From: rbuj <robert....@gmail.com> +Date: Fri, 22 Oct 2021 18:26:52 +0200 +Subject: [PATCH] mate-desktop-thumbnail: fix memory leak + +--- + libmate-desktop/mate-desktop-thumbnail.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libmate-desktop/mate-desktop-thumbnail.c b/libmate-desktop/mate-desktop-thumbnail.c +index 8d2670631..885ff420a 100644 +--- a/libmate-desktop/mate-desktop-thumbnail.c ++++ b/libmate-desktop/mate-desktop-thumbnail.c +@@ -954,6 +954,7 @@ expand_thumbnailing_script (const char *script, + + g_ptr_array_add (array, expanded); + } ++ g_strfreev (script_elems); + + if (!got_in) + { diff -Nru mate-desktop-1.26.0/debian/patches/0003_revert-small-cleanup.patch mate-desktop-1.26.0/debian/patches/0003_revert-small-cleanup.patch --- mate-desktop-1.26.0/debian/patches/0003_revert-small-cleanup.patch 1970-01-01 01:00:00.000000000 +0100 +++ mate-desktop-1.26.0/debian/patches/0003_revert-small-cleanup.patch 2023-04-25 16:32:05.000000000 +0200 @@ -0,0 +1,50 @@ +From 6fcc78cd8e5aa807fa9d254d2e61a302096559cf Mon Sep 17 00:00:00 2001 +From: Colomban Wendling <cwendl...@hypra.fr> +Date: Mon, 7 Nov 2022 11:57:51 +0100 +Subject: [PATCH] Revert "[mate-bg] small cleanup" + +It is not possible to use the `list` pointer after it has been deleted, +so the "cleanup" this commit made lead to using freed memory if any +item actually got clean up. + +This "cleanup" also don't seem meaningful to me, as all it does +otherwise is trade an assignation for a redundant test -- either of +which the compiler might happily optimize out. + +This reverts commit 47426c90d10e9f738ecf89f35db94ca8deff55e0. +--- + libmate-desktop/mate-bg.c | 17 ++++++++--------- + 1 file changed, 8 insertions(+), 9 deletions(-) + +diff --git a/libmate-desktop/mate-bg.c b/libmate-desktop/mate-bg.c +index 62cc5e59e..5cf2daf3a 100644 +--- a/libmate-desktop/mate-bg.c ++++ b/libmate-desktop/mate-bg.c +@@ -2016,19 +2016,18 @@ static gboolean + blow_expensive_caches (gpointer data) + { + MateBG *bg = data; +- GList *list; ++ GList *list, *next; + + bg->blow_caches_id = 0; + +- if (bg->file_cache) { +- for (list = bg->file_cache; list != NULL; list = list->next) { +- FileCacheEntry *ent = list->data; ++ for (list = bg->file_cache; list != NULL; list = next) { ++ FileCacheEntry *ent = list->data; ++ next = list->next; + +- if (ent->type == PIXBUF) { +- file_cache_entry_delete (ent); +- bg->file_cache = g_list_delete_link (bg->file_cache, +- list); +- } ++ if (ent->type == PIXBUF) { ++ file_cache_entry_delete (ent); ++ bg->file_cache = g_list_delete_link (bg->file_cache, ++ list); + } + } + diff -Nru mate-desktop-1.26.0/debian/patches/2001_prefer-x-terminal-emulator.patch mate-desktop-1.26.0/debian/patches/2001_prefer-x-terminal-emulator.patch --- mate-desktop-1.26.0/debian/patches/2001_prefer-x-terminal-emulator.patch 2019-01-16 11:37:51.000000000 +0100 +++ mate-desktop-1.26.0/debian/patches/2001_prefer-x-terminal-emulator.patch 2023-04-25 16:32:38.000000000 +0200 @@ -3,7 +3,7 @@ --- a/libmate-desktop/mate-desktop-utils.c +++ b/libmate-desktop/mate-desktop-utils.c -@@ -136,6 +136,8 @@ +@@ -137,6 +137,8 @@ term_argv[1] = g_strdup ("-x"); } else { if (check == NULL) diff -Nru mate-desktop-1.26.0/debian/patches/series mate-desktop-1.26.0/debian/patches/series --- mate-desktop-1.26.0/debian/patches/series 2020-11-17 11:36:59.000000000 +0100 +++ mate-desktop-1.26.0/debian/patches/series 2023-04-25 16:32:12.000000000 +0200 @@ -1 +1,4 @@ 2001_prefer-x-terminal-emulator.patch +0001_mate-bg-fix-memory-leak.patch +0002_mate-desktop-thumbnail-fix-memory-leak.patch +0003_revert-small-cleanup.patch