From b587db70ff7b9ae3c37a8c8e75a21235db724174efcec543d3f182ddfe26834c Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Thu, 7 Dec 2023 15:22:21 +0000 Subject: [PATCH 1/2] Accepting request 1131560 from home:yfjiang:branches:GNOME:Factory Add a missing patch ever submitted to Leap/SLE. OBS-URL: https://build.opensuse.org/request/show/1131560 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/gtk3?expand=0&rev=447 --- ...n-avoid-SEGV-after-bad-password-inpu.patch | 70 +++++++++++++++++++ gtk3.changes | 6 ++ gtk3.spec | 3 + 3 files changed, 79 insertions(+) create mode 100644 gtk3-gtkmountoperation-avoid-SEGV-after-bad-password-inpu.patch diff --git a/gtk3-gtkmountoperation-avoid-SEGV-after-bad-password-inpu.patch b/gtk3-gtkmountoperation-avoid-SEGV-after-bad-password-inpu.patch new file mode 100644 index 0000000..02cc6d8 --- /dev/null +++ b/gtk3-gtkmountoperation-avoid-SEGV-after-bad-password-inpu.patch @@ -0,0 +1,70 @@ +From 9f04e534590c515cefeb5e21b77f7a7d748d3643 Mon Sep 17 00:00:00 2001 +From: Martin Wilck +Date: Fri, 2 Jun 2023 15:16:58 +0200 +Subject: [PATCH] gtkmountoperation: avoid SEGV after bad password input +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +I observed the following nautilus crash below after trying to access an SMB +share and mistyping my password (it also happens if mounting the SMB share +fails for other reasons after entering a password). The crash happens when +the password entry window pops up the second time, in this code path, at +the 7th element of priv->user_widgets: + +458 pw_dialog_anonymous_toggled (GtkWidget *widget, +459 GtkMountOperation *operation) +460 { +... +472 for (l = priv->user_widgets; l != NULL; l = l->next) +473 { +474 gtk_widget_set_sensitive (GTK_WIDGET (l->data), !priv->anonymous); +475 } + +The broken element had l->data = 0xaaaaaaaaaaaa, which means the pointer had +been freed. + +The broken list entries were at the of the list because when +gtk_mount_operation_ask_password_do_gtk() constucts the pop-up the 2nd time, +it prepends new widgets: + +gtk_mount_operation_ask_password_do_gtk() + table_add_entry + operation->priv->user_widgets = g_list_prepend (operation->priv->user_widgets, entry); + +The problem is that in pw_dialog_got_response(), the widget is destroyed, +which also destroys all child widgets, but the priv->user_widgets list is +neither freed nor set to NULL. + +Fix it. + + instance_and_params=instance_and_params@entry=0x7ffd0585dd20) at ../gobject/gsignal.c:3742 + default_user=default_user@entry=0x556964cfd740 "USER", default_domain=default_domain@entry=0x5569654ce990 "DOMAIN", flags=) at gtkmountoperation.c:900 + n_params=, param_types=0x556965007460) at ../gio/gmarshal-internal.c:2254 + arg_message_string=0x556965660ce0 "Authentication Required\nEnter user and password for share “SHARE” on “SERVER”:", arg_default_user=0x55696535e310 "USER", + arg_default_domain=0x55696505b820 "DOMAIN", arg_flags_as_int=31, data=0x556964d757f0) at ../common/gmountoperationdbus.c:112 + at ../src/x86/ffi64.c:662 +--Type for more, q to quit, c to continue without paging--c +--- + gtk/gtkmountoperation.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/gtk/gtkmountoperation.c b/gtk/gtkmountoperation.c +index 2cf7e75..e6b50c9 100644 +--- a/gtk/gtkmountoperation.c ++++ b/gtk/gtkmountoperation.c +@@ -380,6 +380,11 @@ pw_dialog_got_response (GtkDialog *dialog, + else + g_mount_operation_reply (op, G_MOUNT_OPERATION_ABORTED); + ++ if (priv->user_widgets) ++ { ++ g_list_free (priv->user_widgets); ++ priv->user_widgets = NULL; ++ } + priv->dialog = NULL; + g_object_notify (G_OBJECT (op), "is-showing"); + gtk_widget_destroy (GTK_WIDGET (dialog)); +-- +2.40.1 + diff --git a/gtk3.changes b/gtk3.changes index 38f4b4d..d455fd8 100644 --- a/gtk3.changes +++ b/gtk3.changes @@ -21,6 +21,12 @@ Mon Aug 14 03:34:22 UTC 2023 - Yifan Jiang - Do not use %autopatch to build on SLE where rpm version is not ready for the macro. +------------------------------------------------------------------- +Fri Jun 2 13:40:09 UTC 2023 - Martin Wilck + +- Fix nautilus crash after entering wrong SMB password (bsc#1211952) + * add gtk3-gtkmountoperation-avoid-SEGV-after-bad-password-inpu.patch + ------------------------------------------------------------------- Mon May 22 16:08:09 UTC 2023 - Bjørn Lie diff --git a/gtk3.spec b/gtk3.spec index f0426d9..f492836 100644 --- a/gtk3.spec +++ b/gtk3.spec @@ -45,6 +45,8 @@ Source99: baselibs.conf Patch0: gtk3-GTK_PATH64.patch # PATCH-FIX-OPENSUSE gtk3-revert-forced-xftdpi.patch fvogt@opensuse.org -- Revert very controversal commit on GTK3, forcing DPI to 96 Patch1: gtk3-revert-forced-xftdpi.patch +# PATCH-FIX-UPSTREAM gtk3-gtkmountoperation-avoid-SEGV-after-bad-password-inpu.patch mwilck@suse.com -- fix bsc#1211952 glgo#GNOME/gtk#5059 glgo#GNOME/gtk#6049 +Patch2: gtk3-gtkmountoperation-avoid-SEGV-after-bad-password-inpu.patch BuildRequires: cups-devel >= 1.7 BuildRequires: docbook-xsl-stylesheets @@ -395,6 +397,7 @@ cp -a %{SOURCE1} . %autopatch -p1 -m 1 -M 999 %else %patch -P 1 -p1 +%patch -P 2 -p1 %endif %build From 69eb309d3db7d83172acab14989be5473cb7437104bb4d0c1477519d2e1241ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Lie?= Date: Thu, 7 Dec 2023 20:30:27 +0000 Subject: [PATCH 2/2] Accepting request 1131648 from GNOME:Next Update to 3.24.38+111 OBS-URL: https://build.opensuse.org/request/show/1131648 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/gtk3?expand=0&rev=448 --- _service | 4 +- _servicedata | 4 ++ gtk-3.24.38+111.obscpio | 3 + gtk-3.24.38.obscpio | 3 - gtk.obsinfo | 6 +- ...n-avoid-SEGV-after-bad-password-inpu.patch | 70 ------------------- gtk3.changes | 14 ++++ gtk3.spec | 5 +- 8 files changed, 27 insertions(+), 82 deletions(-) create mode 100644 _servicedata create mode 100644 gtk-3.24.38+111.obscpio delete mode 100644 gtk-3.24.38.obscpio delete mode 100644 gtk3-gtkmountoperation-avoid-SEGV-after-bad-password-inpu.patch diff --git a/_service b/_service index 9711e49..beb63cb 100644 --- a/_service +++ b/_service @@ -3,11 +3,11 @@ https://gitlab.gnome.org/GNOME/gtk.git git - refs/tags/3.24.38 + gtk-3-24 @PARENT_TAG@+@TAG_OFFSET@ (.*)\+0 \1 - + enable diff --git a/_servicedata b/_servicedata new file mode 100644 index 0000000..ecdfb61 --- /dev/null +++ b/_servicedata @@ -0,0 +1,4 @@ + + + https://gitlab.gnome.org/GNOME/gtk.git + cde309d9fa27d948ae4ad098f50ba3188452ad6a \ No newline at end of file diff --git a/gtk-3.24.38+111.obscpio b/gtk-3.24.38+111.obscpio new file mode 100644 index 0000000..0401856 --- /dev/null +++ b/gtk-3.24.38+111.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:29fe434cf32af7cda96a19e5fa8801eb936958bc13e2fb6c30a628bcf9f59d50 +size 99351054 diff --git a/gtk-3.24.38.obscpio b/gtk-3.24.38.obscpio deleted file mode 100644 index 9057200..0000000 --- a/gtk-3.24.38.obscpio +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:935ad68630da75ddeaf0fb14922b9478ff5c8666890f829b39f95c2ed123a786 -size 99185166 diff --git a/gtk.obsinfo b/gtk.obsinfo index 119965a..d9519a8 100644 --- a/gtk.obsinfo +++ b/gtk.obsinfo @@ -1,4 +1,4 @@ name: gtk -version: 3.24.38 -mtime: 1684722128 -commit: 3e6fd55ee00d4209ce2f2af292829e4d6f674adc +version: 3.24.38+111 +mtime: 1701555122 +commit: cde309d9fa27d948ae4ad098f50ba3188452ad6a diff --git a/gtk3-gtkmountoperation-avoid-SEGV-after-bad-password-inpu.patch b/gtk3-gtkmountoperation-avoid-SEGV-after-bad-password-inpu.patch deleted file mode 100644 index 02cc6d8..0000000 --- a/gtk3-gtkmountoperation-avoid-SEGV-after-bad-password-inpu.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 9f04e534590c515cefeb5e21b77f7a7d748d3643 Mon Sep 17 00:00:00 2001 -From: Martin Wilck -Date: Fri, 2 Jun 2023 15:16:58 +0200 -Subject: [PATCH] gtkmountoperation: avoid SEGV after bad password input -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -I observed the following nautilus crash below after trying to access an SMB -share and mistyping my password (it also happens if mounting the SMB share -fails for other reasons after entering a password). The crash happens when -the password entry window pops up the second time, in this code path, at -the 7th element of priv->user_widgets: - -458 pw_dialog_anonymous_toggled (GtkWidget *widget, -459 GtkMountOperation *operation) -460 { -... -472 for (l = priv->user_widgets; l != NULL; l = l->next) -473 { -474 gtk_widget_set_sensitive (GTK_WIDGET (l->data), !priv->anonymous); -475 } - -The broken element had l->data = 0xaaaaaaaaaaaa, which means the pointer had -been freed. - -The broken list entries were at the of the list because when -gtk_mount_operation_ask_password_do_gtk() constucts the pop-up the 2nd time, -it prepends new widgets: - -gtk_mount_operation_ask_password_do_gtk() - table_add_entry - operation->priv->user_widgets = g_list_prepend (operation->priv->user_widgets, entry); - -The problem is that in pw_dialog_got_response(), the widget is destroyed, -which also destroys all child widgets, but the priv->user_widgets list is -neither freed nor set to NULL. - -Fix it. - - instance_and_params=instance_and_params@entry=0x7ffd0585dd20) at ../gobject/gsignal.c:3742 - default_user=default_user@entry=0x556964cfd740 "USER", default_domain=default_domain@entry=0x5569654ce990 "DOMAIN", flags=) at gtkmountoperation.c:900 - n_params=, param_types=0x556965007460) at ../gio/gmarshal-internal.c:2254 - arg_message_string=0x556965660ce0 "Authentication Required\nEnter user and password for share “SHARE” on “SERVER”:", arg_default_user=0x55696535e310 "USER", - arg_default_domain=0x55696505b820 "DOMAIN", arg_flags_as_int=31, data=0x556964d757f0) at ../common/gmountoperationdbus.c:112 - at ../src/x86/ffi64.c:662 ---Type for more, q to quit, c to continue without paging--c ---- - gtk/gtkmountoperation.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/gtk/gtkmountoperation.c b/gtk/gtkmountoperation.c -index 2cf7e75..e6b50c9 100644 ---- a/gtk/gtkmountoperation.c -+++ b/gtk/gtkmountoperation.c -@@ -380,6 +380,11 @@ pw_dialog_got_response (GtkDialog *dialog, - else - g_mount_operation_reply (op, G_MOUNT_OPERATION_ABORTED); - -+ if (priv->user_widgets) -+ { -+ g_list_free (priv->user_widgets); -+ priv->user_widgets = NULL; -+ } - priv->dialog = NULL; - g_object_notify (G_OBJECT (op), "is-showing"); - gtk_widget_destroy (GTK_WIDGET (dialog)); --- -2.40.1 - diff --git a/gtk3.changes b/gtk3.changes index d455fd8..08db404 100644 --- a/gtk3.changes +++ b/gtk3.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Thu Dec 07 15:35:33 UTC 2023 - dimstar@opensuse.org + +- Update to version 3.24.38+111: + + [gtk3] Support tiled windows from xdg-shell. + + Fix a minor issue in the file portal test. + + wayland: Be more careful when loading cursors. + + gdk/wayland: Use g_warning_once for cursor scale mismatches. + + gdk/wayland: Don't fall back directly to 1 for mismatched + cursor sizes. + + Updated translations. +- Drop upstream applied patch + gtk3-gtkmountoperation-avoid-SEGV-after-bad-password-inpu.patch + ------------------------------------------------------------------- Tue Nov 28 11:50:22 UTC 2023 - Dominique Leuenberger diff --git a/gtk3.spec b/gtk3.spec index f492836..7f9893e 100644 --- a/gtk3.spec +++ b/gtk3.spec @@ -30,7 +30,7 @@ %define __provides_exclude_from ^%{_libdir}/gtk-3.0 Name: gtk3 -Version: 3.24.38 +Version: 3.24.38+111 Release: 0 Summary: The GTK+ toolkit library (version 3) License: LGPL-2.1-or-later @@ -45,8 +45,6 @@ Source99: baselibs.conf Patch0: gtk3-GTK_PATH64.patch # PATCH-FIX-OPENSUSE gtk3-revert-forced-xftdpi.patch fvogt@opensuse.org -- Revert very controversal commit on GTK3, forcing DPI to 96 Patch1: gtk3-revert-forced-xftdpi.patch -# PATCH-FIX-UPSTREAM gtk3-gtkmountoperation-avoid-SEGV-after-bad-password-inpu.patch mwilck@suse.com -- fix bsc#1211952 glgo#GNOME/gtk#5059 glgo#GNOME/gtk#6049 -Patch2: gtk3-gtkmountoperation-avoid-SEGV-after-bad-password-inpu.patch BuildRequires: cups-devel >= 1.7 BuildRequires: docbook-xsl-stylesheets @@ -397,7 +395,6 @@ cp -a %{SOURCE1} . %autopatch -p1 -m 1 -M 999 %else %patch -P 1 -p1 -%patch -P 2 -p1 %endif %build