[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#780216: marked as done (unblock (pre-approval): mate-user-share/1.8.0+dfsg1-4)

Your message dated Tue, 10 Mar 2015 20:17:59 +0100
with message-id <54FF4367.8010507@debian.org>
and subject line Re: Bug#780216: unblock (pre-approval): mate-user-share/1.8.0+dfsg1-4
has caused the Debian Bug report #780216,
regarding unblock (pre-approval): mate-user-share/1.8.0+dfsg1-4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
780216: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780216
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please consider unblocking planned upload of package mate-user-share.

+  * debian/patches:
+    + Add 0001_mem-leak-fix.patch, 0002_array-out-of-bounds.patch. Fix memory
+      leak and out-of-bounds access to array if bluetooth is disabled. (Closes:
+      #779821).

-> Vlad on his code review spring found two other issues and provided
patches for it to Debian BTS.

light+love,
Mike

unblock mate-user-share/1.8.0+dfsg1-4

-- System Information:
Debian Release: 8.0
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'testing-updates'), (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

diff -Nru mate-user-share-1.8.0+dfsg1/debian/changelog mate-user-share-1.8.0+dfsg1/debian/changelog
--- mate-user-share-1.8.0+dfsg1/debian/changelog	2015-03-05 08:19:49.000000000 +0100
+++ mate-user-share-1.8.0+dfsg1/debian/changelog	2015-03-10 15:33:52.000000000 +0100
@@ -1,3 +1,12 @@
+mate-user-share (1.8.0+dfsg1-4) unstable; urgency=medium
+
+  * debian/patches:
+    + Add 0001_mem-leak-fix.patch, 0002_array-out-of-bounds.patch. Fix memory
+      leak and out-of-bounds access to array if bluetooth is disabled. (Closes:
+      #779821).
+
+ -- Mike Gabriel <sunweaver@debian.org>  Tue, 10 Mar 2015 15:33:50 +0100
+
 mate-user-share (1.8.0+dfsg1-3) unstable; urgency=medium
 
   * debian/control:
diff -Nru mate-user-share-1.8.0+dfsg1/debian/patches/0001_mem-leak-fix.patch mate-user-share-1.8.0+dfsg1/debian/patches/0001_mem-leak-fix.patch
--- mate-user-share-1.8.0+dfsg1/debian/patches/0001_mem-leak-fix.patch	1970-01-01 01:00:00.000000000 +0100
+++ mate-user-share-1.8.0+dfsg1/debian/patches/0001_mem-leak-fix.patch	2015-03-10 15:30:49.000000000 +0100
@@ -0,0 +1,47 @@
+From 18acac35d5015196431b5fc5f0291c860ea2ea1b Mon Sep 17 00:00:00 2001
+From: Monsta <monsta@inbox.ru>
+Date: Wed, 19 Nov 2014 21:22:41 +0300
+Subject: [PATCH] don't leak memory
+
+---
+ src/http.c            | 1 +
+ src/share-extension.c | 6 +++---
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/http.c b/src/http.c
+index 71161cd..36d058a 100644
+--- a/src/http.c
++++ b/src/http.c
+@@ -397,6 +397,7 @@ spawn_httpd (int port, pid_t *pid_out)
+ 		fprintf (stderr, "error spawning httpd: %s\n",
+ 			 error->message);
+ 		g_error_free (error);
++		g_free (pid_filename);
+ 		return FALSE;
+ 	}
+ 
+diff --git a/src/share-extension.c b/src/share-extension.c
+index bbc34ff..e0edbce 100644
+--- a/src/share-extension.c
++++ b/src/share-extension.c
+@@ -168,6 +168,8 @@ caja_user_share_get_location_widget (CajaLocationWidgetProvider *iface,
+ 		g_object_unref (dir);
+ 	}
+ 
++	g_object_unref (file);
++
+ 	if (enable == FALSE)
+ 		return NULL;
+ 
+@@ -200,9 +202,7 @@ caja_user_share_get_location_widget (CajaLocationWidgetProvider *iface,
+ 
+ 	gtk_widget_show_all (bar);
+ 
+-	g_object_unref (file);
+-
+-        return bar;
++	return bar;
+ }
+ 
+ static void
+
diff -Nru mate-user-share-1.8.0+dfsg1/debian/patches/0002_array-out-of-bounds.patch mate-user-share-1.8.0+dfsg1/debian/patches/0002_array-out-of-bounds.patch
--- mate-user-share-1.8.0+dfsg1/debian/patches/0002_array-out-of-bounds.patch	1970-01-01 01:00:00.000000000 +0100
+++ mate-user-share-1.8.0+dfsg1/debian/patches/0002_array-out-of-bounds.patch	2015-03-10 15:30:46.000000000 +0100
@@ -0,0 +1,47 @@
+From 3e24f8f3a3afbbb15785ffc19623c020b4edc8a9 Mon Sep 17 00:00:00 2001
+From: Monsta <monsta@inbox.ru>
+Date: Wed, 19 Nov 2014 21:18:59 +0300
+Subject: [PATCH] fixed logic flaw (out-of-bounds array access if bluetooth is
+ disabled)
+
+---
+ src/share-extension.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/src/share-extension.c b/src/share-extension.c
+index e0edbce..429d26d 100644
+--- a/src/share-extension.c
++++ b/src/share-extension.c
+@@ -145,7 +145,7 @@ caja_user_share_get_location_widget (CajaLocationWidgetProvider *iface,
+ 	const GUserDirectory special_dirs[] = { G_USER_DIRECTORY_PUBLIC_SHARE };
+ 
+ 	gboolean is_dir[] = { FALSE };
+-#endif
++#endif /* HAVE_BLUETOOTH */
+ 	file = g_file_new_for_uri (uri);
+ 	home = g_file_new_for_path (g_get_home_dir ());
+ 
+@@ -173,14 +173,16 @@ caja_user_share_get_location_widget (CajaLocationWidgetProvider *iface,
+ 	if (enable == FALSE)
+ 		return NULL;
+ 
+-	if (is_dir[0] != FALSE && is_dir[1] != FALSE) {
+-		bar = caja_share_bar_new (_("May be used to share or receive files"));
+-	} else if (is_dir[0] != FALSE) {
+-#ifndef HAVE_BLUETOOTH
+-		bar = caja_share_bar_new (_("May be shared over the network or Bluetooth"));
++	if (is_dir[0] != FALSE) {
++#ifdef HAVE_BLUETOOTH
++		if (is_dir[1] != FALSE) {
++			bar = caja_share_bar_new (_("May be used to share or receive files"));
++		} else {
++			bar = caja_share_bar_new (_("May be shared over the network or Bluetooth"));
++		}
+ #else
+ 		bar = caja_share_bar_new (_("May be shared over the network"));
+-#endif /* !HAVE_BLUETOOTH */
++#endif /* HAVE_BLUETOOTH */
+ 	} else {
+ #ifdef HAVE_BLUETOOTH
+ 		BluetoothClient *client;
+
diff -Nru mate-user-share-1.8.0+dfsg1/debian/patches/series mate-user-share-1.8.0+dfsg1/debian/patches/series
--- mate-user-share-1.8.0+dfsg1/debian/patches/series	2014-04-25 13:19:22.000000000 +0200
+++ mate-user-share-1.8.0+dfsg1/debian/patches/series	2015-03-10 15:31:42.000000000 +0100
@@ -1,4 +1,5 @@
+0001_mem-leak-fix.patch
+0002_array-out-of-bounds.patch
 1001_apache-config.patch
 1002_add-keywords-key-to-desktop-files.patch
 2001_omit-gfdl-licensed-help-files.patch
-

--- End Message ---
--- Begin Message --- 
On 10/03/15 20:09, Mike Gabriel wrote:

Control: tags -1 - moreinfo

On  Di 10 Mär 2015 19:47:51 CET, Emilio Pozuelo Monfort wrote:


Control: tags -1 confirmed moreinfo

On 10/03/15 15:38, Mike Gabriel wrote:

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please consider unblocking planned upload of package mate-user-share.

+  * debian/patches:
+    + Add 0001_mem-leak-fix.patch, 0002_array-out-of-bounds.patch. Fix memory
+      leak and out-of-bounds access to array if bluetooth is disabled. (Closes:
+      #779821).

-> Vlad on his code review spring found two other issues and provided
patches for it to Debian BTS.


Go ahead and remove the moreinfo tag when the package is accepted.

Emilio


uploaded and accepted in unstable.


Unblocked.

Emilio

--- End Message ---
Reply to: