diff --git a/at-spi2-core-bgo791124-buffer-overflow.patch b/at-spi2-core-bgo791124-buffer-overflow.patch new file mode 100644 index 0000000..8a19f8c --- /dev/null +++ b/at-spi2-core-bgo791124-buffer-overflow.patch @@ -0,0 +1,28 @@ +From c2e87fe00b596dba20c9d57d406ab8faa744b15a Mon Sep 17 00:00:00 2001 +From: Maya Rashish +Date: Sat, 2 Dec 2017 13:24:29 +0200 +Subject: [PATCH 1/2] Fix inverted logic. + +Don't write more into a buffer than it can hold. + +https://bugzilla.gnome.org/show_bug.cgi?id=791124 +--- + bus/at-spi-bus-launcher.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bus/at-spi-bus-launcher.c b/bus/at-spi-bus-launcher.c +index 261353f..eb2b8e3 100644 +--- a/bus/at-spi-bus-launcher.c ++++ b/bus/at-spi-bus-launcher.c +@@ -244,7 +244,7 @@ unix_read_all_fd_to_string (int fd, + { + ssize_t bytes_read; + +- while (max_bytes > 1 && (bytes_read = read (fd, buf, MAX (4096, max_bytes - 1)))) ++ while (max_bytes > 1 && (bytes_read = read (fd, buf, MIN (4096, max_bytes - 1)))) + { + if (bytes_read < 0) + return FALSE; +-- +2.15.0 + diff --git a/at-spi2-core-bgo791167-reproducible-build.patch b/at-spi2-core-bgo791167-reproducible-build.patch new file mode 100644 index 0000000..68b0701 --- /dev/null +++ b/at-spi2-core-bgo791167-reproducible-build.patch @@ -0,0 +1,42 @@ +From 0e9de9eb62088d251b95a7990b35f52ea961a608 Mon Sep 17 00:00:00 2001 +From: Chris Lamb +Date: Mon, 4 Dec 2017 14:15:01 -0600 +Subject: [PATCH 2/2] Make the build reproducible + +atspi-enum-types.(c|h).template should use @basename@ rather than @filename@ + +https://bugzilla.gnome.org/show_bug.cgi?id=791167 +--- + atspi/atspi-enum-types.c.template | 2 +- + atspi/atspi-enum-types.h.template | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/atspi/atspi-enum-types.c.template b/atspi/atspi-enum-types.c.template +index cd92f99..385d0ee 100644 +--- a/atspi/atspi-enum-types.c.template ++++ b/atspi/atspi-enum-types.c.template +@@ -4,7 +4,7 @@ + /*** END file-header ***/ + + /*** BEGIN file-production ***/ +-/* enumerations from "@filename@" */ ++/* enumerations from "@basename@" */ + #include "@filename@" + + /*** END file-production ***/ +diff --git a/atspi/atspi-enum-types.h.template b/atspi/atspi-enum-types.h.template +index bd297b5..789ad2e 100644 +--- a/atspi/atspi-enum-types.h.template ++++ b/atspi/atspi-enum-types.h.template +@@ -9,7 +9,7 @@ G_BEGIN_DECLS + /*** END file-header ***/ + + /*** BEGIN file-production ***/ +-/* Enumerations from "@filename@" */ ++/* Enumerations from "@basename@" */ + + /*** END file-production ***/ + +-- +2.15.0 + diff --git a/at-spi2-core.changes b/at-spi2-core.changes index c674664..b55d03c 100644 --- a/at-spi2-core.changes +++ b/at-spi2-core.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Mon Dec 4 21:53:40 UTC 2017 - mgorse@suse.com + +- Add at-spi2-core-bgo791124-buffer-overflow.patch: fix possible + buffer overflow reading dbus address in at-spi-bus-launcher + (bgo#791124). +- Add at-spi2-core-bgo791167-reproducible-build.patch: use + @basename@ in templates, rather than @filename@; fixes build + reproducibility and multiarch conflict (bgo#791167). + +------------------------------------------------------------------- +Fri Dec 1 07:39:41 UTC 2017 - zaitor@opensuse.org + +- Switch to using meson buildsystem: + + Add meson and gtk-doc BuildRequires. + + Use meson, meson_build and meson_install macros instead of + autotools macros. + + Drop update-desktop-files BuildRequires and stop using + suse_update_desktop_file macro, no longer needed. + + Modernize spec, use spec-cleaner. + ------------------------------------------------------------------- Wed Nov 1 09:52:22 UTC 2017 - fezhang@suse.com diff --git a/at-spi2-core.spec b/at-spi2-core.spec index d2bd519..8931288 100644 --- a/at-spi2-core.spec +++ b/at-spi2-core.spec @@ -25,8 +25,15 @@ Group: System/GUI/GNOME Url: http://www.gnome.org/ Source0: http://download.gnome.org/sources/at-spi2-core/2.26/%{name}-%{version}.tar.xz Source99: baselibs.conf +# PATCH-FIX-UPSTREAM at-spi2-core-bgo791124-buffer-overflow.patch bgo#791124 mgorse@suse.com -- Fix possible buffer overflow reading dbus address in at-spi-bus-launcher. +Patch0: at-spi2-core-bgo791124-buffer-overflow.patch +# PATCH-FIX-UPSTREAM at-spi2-core-bgo791167-reproducible-build.patch bgo#791167 mgorse@suse.com -- use @basename@ rather than @filename@ in templates. +Patch1: at-spi2-core-bgo791167-reproducible-build.patch + +BuildRequires: gtk-doc BuildRequires: intltool -BuildRequires: update-desktop-files +BuildRequires: meson +BuildRequires: pkgconfig BuildRequires: pkgconfig(dbus-1) >= 1.0 BuildRequires: pkgconfig(gio-2.0) >= 2.28 BuildRequires: pkgconfig(glib-2.0) >= 2.36.0 @@ -38,7 +45,6 @@ BuildRequires: pkgconfig(xkbcommon-x11) BuildRequires: pkgconfig(xtst) # dbus-daemon is needed to have this work fine Requires: dbus-1 -BuildRoot: %{_tmppath}/%{name}-%{version}-build %description AT-SPI is a general interface for applications to make use of the @@ -79,30 +85,28 @@ This package contains all necessary include files and libraries needed to develop applications that require these. %lang_package + %prep -%setup -q +%autosetup -p1 %build -%configure \ - --libexecdir=%{_libexecdir}/at-spi2 \ - --with-dbus-daemondir=/bin \ - --disable-xevie \ - --disable-static -make %{?_smp_mflags} +%meson \ + --libexecdir="%{_libexecdir}/at-spi2" \ + -D enable_docs=true \ + -D enable-introspection=yes \ + -D enable-x11=yes \ + %{nil} +%meson_build %install -%make_install -%suse_update_desktop_file at-spi-dbus-bus +%meson_install %find_lang at-spi2-core -find %{buildroot}%{_libdir} -name '*.la' -type f -delete -print %post -n libatspi0 -p /sbin/ldconfig - %postun -n libatspi0 -p /sbin/ldconfig %files -%defattr(-,root,root) -%doc AUTHORS COPYING README +%doc COPYING %{_libexecdir}/at-spi2/ %{_sysconfdir}/xdg/autostart/at-spi-dbus-bus.desktop %{_userunitdir}/at-spi-dbus-bus.service @@ -113,15 +117,13 @@ find %{buildroot}%{_libdir} -name '*.la' -type f -delete -print %{_datadir}/defaults/at-spi2/ %files -n libatspi0 -%defattr(-, root, root) %{_libdir}/libatspi.so.0* %files -n typelib-1_0-Atspi-2_0 -%defattr(-, root, root) %{_libdir}/girepository-1.0/Atspi-2.0.typelib %files devel -%defattr(-, root, root) +%doc AUTHORS README %{_includedir}/at-spi-2.0/ %{_libdir}/libatspi.so %{_libdir}/pkgconfig/atspi-2.pc