diff --git a/flatpak-fix-gpg-agent-double-free.patch b/flatpak-fix-gpg-agent-double-free.patch new file mode 100644 index 0000000..fedc59a --- /dev/null +++ b/flatpak-fix-gpg-agent-double-free.patch @@ -0,0 +1,28 @@ +From d7fb31b54077c676be50a6903090d4627b02b994 Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Mon, 6 Feb 2023 16:09:29 +0000 +Subject: [PATCH] run: Avoid double-free of gpgconf stdout stream + +g_subprocess_get_stdout_pipe() does not transfer ownership, so the +stream still belongs to the GSubprocess and we must not unref it. + +Fixes: 764e5a4d "Add --socket=gpg-agent" +Resolves: https://github.com/flatpak/flatpak/issues/5095 +Signed-off-by: Simon McVittie +--- + common/flatpak-run.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/common/flatpak-run.c b/common/flatpak-run.c +index 8d613165e1..3c85f9223f 100644 +--- a/common/flatpak-run.c ++++ b/common/flatpak-run.c +@@ -608,7 +608,7 @@ flatpak_run_add_gpg_agent_args (FlatpakBwrap *bwrap) + g_autofree char * sandbox_agent_socket = NULL; + g_autoptr(GError) gpgconf_error = NULL; + g_autoptr(GSubprocess) process = NULL; +- g_autoptr(GInputStream) base_stream = NULL; ++ GInputStream *base_stream = NULL; + g_autoptr(GDataInputStream) data_stream = NULL; + + process = g_subprocess_new (G_SUBPROCESS_FLAGS_STDOUT_PIPE, diff --git a/flatpak.changes b/flatpak.changes index cc7326f..f829200 100644 --- a/flatpak.changes +++ b/flatpak.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Feb 23 08:41:51 UTC 2023 - Alynx Zhou + +- Add flatpak-fix-gpg-agent-double-free.patch: stdout stream of a + subprocess is owned by the subprocess, not the caller, so don't + use g_autoptr for it to prevent double free (bsc#1207434). + ------------------------------------------------------------------- Mon Feb 6 18:22:23 UTC 2023 - Bjørn Lie diff --git a/flatpak.spec b/flatpak.spec index 9a70209..1192c66 100644 --- a/flatpak.spec +++ b/flatpak.spec @@ -45,6 +45,8 @@ Source1: update-system-flatpaks.service Source2: update-system-flatpaks.timer Source3: https://flathub.org/repo/flathub.flatpakrepo Patch0: polkit_rules_usability.patch +# PATCH-FIX-UPSTREAM flatpak-fix-gpg-agent-double-free.patch bsc#1207434 alynx.zhou@suse.com -- Fix double free in in handling gpg-agent sockets +Patch1: flatpak-fix-gpg-agent-double-free.patch BuildRequires: bison BuildRequires: bubblewrap >= %{bubblewrap_version} BuildRequires: docbook-xsl-stylesheets @@ -148,6 +150,7 @@ more information. %package remote-flathub Summary: Add Flathub repository to system flatpak +Group: System/Packages Requires: flatpak Requires(postun):flatpak Requires(postun):sed