Bug#862219: unblock: at-spi2-atk/2.22.0-2

2017-05-14 Thread Cyril Brulebois 
Niels Thykier  (2017-05-12):
> > Upstream of at-spi has released some serious fixes for at-spi2-atk,
> > which I have uploaded as at-spi2-atk 2.22.0-2, and attached to this
> > mail.
> > 
> > git-7cdc1f91c9802b0b8ecd2afea38c1717b1921736 fixes a memory corruption
> > reported by valgrind, which could make basically any application crash
> > when the Orca screen reader is running, when processing events. It does
> > so by just using the right glib function for what the buggy code meant
> > to do.
> > 
> > git-8d3cc68f7bc62c7015d986212be0d5d776920ee2 fixes memory references
> > after dropping a refcount from the object (thus potentially freed), also
> > leading to potential crash of any application when the Orca screen
> > reader is running.
> > 
> > unblock at-spi2-atk/2.22.0-2
> > 
> > [...]
> 
> Ack from here, CC'ing KiBi for a d-i ack.

No objections, thanks.


KiBi.


signature.asc
Description: Digital signature

Bug#862219: unblock: at-spi2-atk/2.22.0-2

2017-05-12 Thread Niels Thykier 
Samuel Thibault:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Hello,
> 
> Upstream of at-spi has released some serious fixes for at-spi2-atk,
> which I have uploaded as at-spi2-atk 2.22.0-2, and attached to this
> mail.
> 
> git-7cdc1f91c9802b0b8ecd2afea38c1717b1921736 fixes a memory corruption
> reported by valgrind, which could make basically any application crash
> when the Orca screen reader is running, when processing events. It does
> so by just using the right glib function for what the buggy code meant
> to do.
> 
> git-8d3cc68f7bc62c7015d986212be0d5d776920ee2 fixes memory references
> after dropping a refcount from the object (thus potentially freed), also
> leading to potential crash of any application when the Orca screen
> reader is running.
> 
> unblock at-spi2-atk/2.22.0-2
> 
> [...]

Ack from here, CC'ing KiBi for a d-i ack.

Thanks,
~Niels

Bug#862219: unblock: at-spi2-atk/2.22.0-2

2017-05-09 Thread Samuel Thibault 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hello,

Upstream of at-spi has released some serious fixes for at-spi2-atk,
which I have uploaded as at-spi2-atk 2.22.0-2, and attached to this
mail.

git-7cdc1f91c9802b0b8ecd2afea38c1717b1921736 fixes a memory corruption
reported by valgrind, which could make basically any application crash
when the Orca screen reader is running, when processing events. It does
so by just using the right glib function for what the buggy code meant
to do.

git-8d3cc68f7bc62c7015d986212be0d5d776920ee2 fixes memory references
after dropping a refcount from the object (thus potentially freed), also
leading to potential crash of any application when the Orca screen
reader is running.

unblock at-spi2-atk/2.22.0-2

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'), 
(500, 'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 
'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.11.0 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- 
Samuel
if (argc > 1 && strcmp(argv[1], "-advice") == 0) {
printf("Don't Panic!\n");
exit(42);
}
-- Arnold Robbins in the LJ of February '95, describing RCS
diff -Nru at-spi2-atk-2.22.0/debian/changelog 
at-spi2-atk-2.22.0/debian/changelog
--- at-spi2-atk-2.22.0/debian/changelog 2016-10-01 22:09:42.0 +0200
+++ at-spi2-atk-2.22.0/debian/changelog 2017-05-09 21:35:33.0 +0200
@@ -1,3 +1,12 @@
+at-spi2-atk (2.22.0-2) unstable; urgency=medium
+
+  * patches/git-7cdc1f91c9802b0b8ecd2afea38c1717b1921736: Fix GList handling
+resulting in memory corruption.
+  * patches/git-8d3cc68f7bc62c7015d986212be0d5d776920ee2: Fix use after free
+when returned objects hold only one ref.
+
+ -- Samuel Thibault   Tue, 09 May 2017 21:35:33 +0200
+
 at-spi2-atk (2.22.0-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru 
at-spi2-atk-2.22.0/debian/patches/git-7cdc1f91c9802b0b8ecd2afea38c1717b1921736 
at-spi2-atk-2.22.0/debian/patches/git-7cdc1f91c9802b0b8ecd2afea38c1717b1921736
--- 
at-spi2-atk-2.22.0/debian/patches/git-7cdc1f91c9802b0b8ecd2afea38c1717b1921736  
1970-01-01 01:00:00.0 +0100
+++ 
at-spi2-atk-2.22.0/debian/patches/git-7cdc1f91c9802b0b8ecd2afea38c1717b1921736  
2017-05-09 21:35:33.0 +0200
@@ -0,0 +1,101 @@
+commit 7cdc1f91c9802b0b8ecd2afea38c1717b1921736
+Author: Rui Matos 
+Date:   Mon Apr 24 14:39:05 2017 +0200
+
+atk-adaptor/bridge: Fix GList handling resulting in memory corruption
+
+As pointed out by this valgrind log:
+
+==2809== Thread 1:
+==2809== Invalid write of size 8
+==2809==at 0x18FCF001: remove_events (bridge.c:759)
+==2809==by 0x18FCF001: handle_event_listener_deregistered 
(bridge.c:788)
+==2809==by 0x18FCF001: signal_filter (bridge.c:827)
+==2809==by 0x200ECDFD: dbus_connection_dispatch 
(dbus-connection.c:4631)
+==2809==by 0x1FEBD0F4: ??? (in /usr/lib64/libatspi.so.0.0.1)
+==2809==by 0xFD8D4C8: g_main_dispatch (gmain.c:3201)
+==2809==by 0xFD8D4C8: g_main_context_dispatch (gmain.c:3854)
+==2809==by 0xFD8D817: g_main_context_iterate.isra.21 (gmain.c:3927)
+==2809==by 0xFD8DAE9: g_main_loop_run (gmain.c:4123)
+==2809==by 0xDFF84B4: gtk_main (in /usr/lib64/libgtk-3.so.0.2200.10)
+==2809==by 0x403DE0: main (in /usr/bin/evolution)
+==2809==  Address 0x29f22540 is 16 bytes inside a block of size 24 free'd
+==2809==at 0x4C2ACDD: free (vg_replace_malloc.c:530)
+==2809==by 0xFD92BCD: g_free (gmem.c:189)
+==2809==by 0xFDAA518: g_slice_free1 (gslice.c:1136)
+==2809==by 0xFD89463: g_list_remove (glist.c:521)
+==2809==by 0x18FCF000: remove_events (bridge.c:759)
+==2809==by 0x18FCF000: handle_event_listener_deregistered 
(bridge.c:788)
+==2809==by 0x18FCF000: signal_filter (bridge.c:827)
+==2809==by 0x200ECDFD: dbus_connection_dispatch 
(dbus-connection.c:4631)
+==2809==by 0x1FEBD0F4: ??? (in /usr/lib64/libatspi.so.0.0.1)
+==2809==by 0xFD8D4C8: g_main_dispatch (gmain.c:3201)
+==2809==by 0xFD8D4C8: g_main_context_dispatch (gmain.c:3854)
+==2809==by 0xFD8D817: g_main_context_iterate.isra.21 (gmain.c:3927)
+==2809==by 0xFD8DAE9: g_main_loop_run (gmain.c:4123)
+==2809==by 0xDFF84B4: gtk_main (in /usr/lib64/libgtk-3.so.0.2200.10)
+==2809==by 0x403DE0: main (in /usr/bin/evolution)
+==2809==  Block was alloc'd at
+==2809==at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
+==2809==by 0xFD92ABD: g_malloc