Bug#1059705: bookworm-pu: package pluma/1.26.0-1+deb12u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1059705: bookworm-pu: package pluma/1.26.0-1+deb12u1
From: Mike Gabriel <sunweaver@debian.org>
Date: Sat, 30 Dec 2023 16:24:16 +0100
Message-id: <[🔎] 170394985645.161149.2194004970089671494.reportbug@sunobo>
Reply-to: Mike Gabriel <sunweaver@debian.org>, 1059705@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: pluma@packages.debian.org
Control: affects -1 + src:pluma

While prepare upload of pluma 1.26.1-1 a bookworm-pu upload has been
prepared cherry-picking various fixes from upstream (one mem leak issue,
one out-of-bounds write issue, one double extensions activation issue.

[ Reason ]
Backporting upstream fixes to pluma in bookworm.

[ Impact ]
The named issues remain unfixed in bookworm's pluma version.

[ Tests ]
Manually.

[ Risks ]
Regressions may occur for all pluma users.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

+  * debian/patches:
+    + Add 0001_pluma-plugins-engine-fix-memory-leak.patch,
+      0002_Fix-double-activation-of-extensions.patch and
+      0003_Fix-out-of-bounds-write.patch (cherry-picked from
+      v1.26.1). Fixing a mem leak issue, double extensions activation
+      and an out-of-bounds write issue.

[ Other info ]
None.

diff -Nru pluma-1.26.0/debian/changelog pluma-1.26.0/debian/changelog
--- pluma-1.26.0/debian/changelog	2021-12-13 10:55:21.000000000 +0100
+++ pluma-1.26.0/debian/changelog	2023-12-30 16:04:26.000000000 +0100
@@ -1,3 +1,14 @@
+pluma (1.26.0-1+deb12u1) bookworm; urgency=medium
+
+  * debian/patches:
+    + Add 0001_pluma-plugins-engine-fix-memory-leak.patch,
+      0002_Fix-double-activation-of-extensions.patch and
+      0003_Fix-out-of-bounds-write.patch (cherry-picked from
+      v1.26.1). Fixing a mem leak issue, double extensions activation
+      and an out-of-bounds write issue.
+
+ -- Mike Gabriel <sunweaver@debian.org>  Sat, 30 Dec 2023 16:04:26 +0100
+
 pluma (1.26.0-1) unstable; urgency=medium
 
   [ Martin Wimpress ]
diff -Nru pluma-1.26.0/debian/patches/0001_pluma-plugins-engine-fix-memory-leak.patch pluma-1.26.0/debian/patches/0001_pluma-plugins-engine-fix-memory-leak.patch
--- pluma-1.26.0/debian/patches/0001_pluma-plugins-engine-fix-memory-leak.patch	1970-01-01 01:00:00.000000000 +0100
+++ pluma-1.26.0/debian/patches/0001_pluma-plugins-engine-fix-memory-leak.patch	2023-12-30 15:57:19.000000000 +0100
@@ -0,0 +1,39 @@
+From f46395ba21cc7fd14e1679ee6c4bc1c5cda81355 Mon Sep 17 00:00:00 2001
+From: rbuj <robert.buj@gmail.com>
+Date: Sat, 23 Oct 2021 03:54:46 +0200
+Subject: [PATCH 1/3] pluma-plugins-engine: fix memory leak
+
+Signed-off-by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+---
+ pluma/pluma-plugins-engine.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/pluma/pluma-plugins-engine.c b/pluma/pluma-plugins-engine.c
+index cf76313..cb5e2c4 100644
+--- a/pluma/pluma-plugins-engine.c
++++ b/pluma/pluma-plugins-engine.c
+@@ -57,6 +57,7 @@ static void
+ pluma_plugins_engine_init (PlumaPluginsEngine *engine)
+ {
+ 	GError *error = NULL;
++	char *user_plugins_dir;
+ 
+ 	pluma_debug (DEBUG_PLUGINS);
+ 
+@@ -89,9 +90,11 @@ pluma_plugins_engine_init (PlumaPluginsEngine *engine)
+ 		g_clear_error (&error);
+ 	}
+ 
++	user_plugins_dir = pluma_dirs_get_user_plugins_dir ();
+ 	peas_engine_add_search_path (PEAS_ENGINE (engine),
+-	                             pluma_dirs_get_user_plugins_dir (),
+-	                             pluma_dirs_get_user_plugins_dir ());
++	                             user_plugins_dir,
++	                             user_plugins_dir);
++	g_free (user_plugins_dir);
+ 
+ 	peas_engine_add_search_path (PEAS_ENGINE (engine),
+ 	                             PLUMA_LIBDIR "/plugins",
+-- 
+2.39.2
+
diff -Nru pluma-1.26.0/debian/patches/0002_Fix-double-activation-of-extensions.patch pluma-1.26.0/debian/patches/0002_Fix-double-activation-of-extensions.patch
--- pluma-1.26.0/debian/patches/0002_Fix-double-activation-of-extensions.patch	1970-01-01 01:00:00.000000000 +0100
+++ pluma-1.26.0/debian/patches/0002_Fix-double-activation-of-extensions.patch	2023-12-30 15:59:49.000000000 +0100
@@ -0,0 +1,29 @@
+From e1d9f852ab4f9b1c162385f5aac1b598f563b17a Mon Sep 17 00:00:00 2001
+From: mbkma <johannes.unruh@fau.de>
+Date: Tue, 23 Nov 2021 22:40:26 +0100
+Subject: [PATCH 2/3] Fix double activation of extensions
+
+Signed-off-by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+---
+ pluma/pluma-view.c | 9 ++-------
+ 1 file changed, 2 insertions(+), 7 deletions(-)
+
+diff --git a/pluma/pluma-view.c b/pluma/pluma-view.c
+index 4a353e1..672cca8 100644
+--- a/pluma/pluma-view.c
++++ b/pluma/pluma-view.c
+@@ -413,11 +413,6 @@ on_notify_buffer_cb (PlumaView  *view,
+                       "search_highlight_updated",
+                       G_CALLBACK (search_highlight_updated_cb),
+                       view);
+-
+-    /* We only activate the extensions when the right buffer is set,
+-     * because most plugins will expect this behaviour, and we won't
+-     * change the buffer later anyway. */
+-    peas_extension_set_call (view->priv->extensions, "activate", view);
+ }
+ 
+ #ifdef GTK_SOURCE_VERSION_3_24
+-- 
+2.39.2
+
diff -Nru pluma-1.26.0/debian/patches/0003_Fix-out-of-bounds-write.patch pluma-1.26.0/debian/patches/0003_Fix-out-of-bounds-write.patch
--- pluma-1.26.0/debian/patches/0003_Fix-out-of-bounds-write.patch	1970-01-01 01:00:00.000000000 +0100
+++ pluma-1.26.0/debian/patches/0003_Fix-out-of-bounds-write.patch	2023-12-30 15:57:19.000000000 +0100
@@ -0,0 +1,30 @@
+From 8ca37beb259f7a62fef2005e888248ec880e44cd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bal=C3=A1zs=20Dura-Kov=C3=A1cs?= <balping314@gmail.com>
+Date: Thu, 18 Aug 2022 17:44:41 +0200
+Subject: [PATCH 3/3] Fix out-of-bounds write
+
+Closes https://github.com/mate-desktop/pluma/issues/664
+
+The size of tempfont was one byte too short, so strcpy performed an out-of-bounds write of the terminating 0.
+
+Signed-off-by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+---
+ pluma/pluma-window.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pluma/pluma-window.c b/pluma/pluma-window.c
+index 1ca50ec..f31288d 100644
+--- a/pluma/pluma-window.c
++++ b/pluma/pluma-window.c
+@@ -318,7 +318,7 @@ pluma_window_key_press_event (GtkWidget   *widget,
+         g_strcanon (tempsize, "1234567890", '\0');
+         g_strreverse (tempsize);
+ 
+-        gchar tempfont [strlen (font)];
++        gchar tempfont [strlen (font) + 1];
+         strcpy (tempfont, font);
+         tempfont [strlen (font) - strlen (tempsize)] = 0;
+ 
+-- 
+2.39.2
+
diff -Nru pluma-1.26.0/debian/patches/series pluma-1.26.0/debian/patches/series
--- pluma-1.26.0/debian/patches/series	2021-12-13 10:55:21.000000000 +0100
+++ pluma-1.26.0/debian/patches/series	2023-12-30 15:58:00.000000000 +0100
@@ -1 +1,4 @@
 2001_fix-bin-sh-path-in-shebang.patch
+0001_pluma-plugins-engine-fix-memory-leak.patch
+0002_Fix-double-activation-of-extensions.patch
+0003_Fix-out-of-bounds-write.patch

Reply to:

Follow-Ups:
- Processed: bookworm-pu: package pluma/1.26.0-1+deb12u1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Processed: bookworm-pu: package pluma/1.26.0-1+deb12u1
Next by Date: Bug#1056935: libde265 1.0.11-0+deb11u2 flagged for acceptance
Previous by thread: Processed: bookworm-pu: package mate-utils/1.26.0-1+deb12u1
Next by thread: Processed: bookworm-pu: package pluma/1.26.0-1+deb12u1
Index(es):
- Date
- Thread