[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1059705: marked as done (bookworm-pu: package pluma/1.26.0-1+deb12u1)

Your message dated Sat, 10 Feb 2024 13:11:20 +0000
with message-id <E1rYn8a-002yaN-LV@coccia.debian.org>
and subject line Released with 12.5
has caused the Debian Bug report #1059705,
regarding bookworm-pu: package pluma/1.26.0-1+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1059705: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059705
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: pluma@packages.debian.org
Control: affects -1 + src:pluma

While prepare upload of pluma 1.26.1-1 a bookworm-pu upload has been
prepared cherry-picking various fixes from upstream (one mem leak issue,
one out-of-bounds write issue, one double extensions activation issue.

[ Reason ]
Backporting upstream fixes to pluma in bookworm.

[ Impact ]
The named issues remain unfixed in bookworm's pluma version.

[ Tests ]
Manually.

[ Risks ]
Regressions may occur for all pluma users.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

+  * debian/patches:
+    + Add 0001_pluma-plugins-engine-fix-memory-leak.patch,
+      0002_Fix-double-activation-of-extensions.patch and
+      0003_Fix-out-of-bounds-write.patch (cherry-picked from
+      v1.26.1). Fixing a mem leak issue, double extensions activation
+      and an out-of-bounds write issue.

[ Other info ]
None.

diff -Nru pluma-1.26.0/debian/changelog pluma-1.26.0/debian/changelog
--- pluma-1.26.0/debian/changelog	2021-12-13 10:55:21.000000000 +0100
+++ pluma-1.26.0/debian/changelog	2023-12-30 16:04:26.000000000 +0100
@@ -1,3 +1,14 @@
+pluma (1.26.0-1+deb12u1) bookworm; urgency=medium
+
+  * debian/patches:
+    + Add 0001_pluma-plugins-engine-fix-memory-leak.patch,
+      0002_Fix-double-activation-of-extensions.patch and
+      0003_Fix-out-of-bounds-write.patch (cherry-picked from
+      v1.26.1). Fixing a mem leak issue, double extensions activation
+      and an out-of-bounds write issue.
+
+ -- Mike Gabriel <sunweaver@debian.org>  Sat, 30 Dec 2023 16:04:26 +0100
+
 pluma (1.26.0-1) unstable; urgency=medium
 
   [ Martin Wimpress ]
diff -Nru pluma-1.26.0/debian/patches/0001_pluma-plugins-engine-fix-memory-leak.patch pluma-1.26.0/debian/patches/0001_pluma-plugins-engine-fix-memory-leak.patch
--- pluma-1.26.0/debian/patches/0001_pluma-plugins-engine-fix-memory-leak.patch	1970-01-01 01:00:00.000000000 +0100
+++ pluma-1.26.0/debian/patches/0001_pluma-plugins-engine-fix-memory-leak.patch	2023-12-30 15:57:19.000000000 +0100
@@ -0,0 +1,39 @@
+From f46395ba21cc7fd14e1679ee6c4bc1c5cda81355 Mon Sep 17 00:00:00 2001
+From: rbuj <robert.buj@gmail.com>
+Date: Sat, 23 Oct 2021 03:54:46 +0200
+Subject: [PATCH 1/3] pluma-plugins-engine: fix memory leak
+
+Signed-off-by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+---
+ pluma/pluma-plugins-engine.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/pluma/pluma-plugins-engine.c b/pluma/pluma-plugins-engine.c
+index cf76313..cb5e2c4 100644
+--- a/pluma/pluma-plugins-engine.c
++++ b/pluma/pluma-plugins-engine.c
+@@ -57,6 +57,7 @@ static void
+ pluma_plugins_engine_init (PlumaPluginsEngine *engine)
+ {
+ 	GError *error = NULL;
++	char *user_plugins_dir;
+ 
+ 	pluma_debug (DEBUG_PLUGINS);
+ 
+@@ -89,9 +90,11 @@ pluma_plugins_engine_init (PlumaPluginsEngine *engine)
+ 		g_clear_error (&error);
+ 	}
+ 
++	user_plugins_dir = pluma_dirs_get_user_plugins_dir ();
+ 	peas_engine_add_search_path (PEAS_ENGINE (engine),
+-	                             pluma_dirs_get_user_plugins_dir (),
+-	                             pluma_dirs_get_user_plugins_dir ());
++	                             user_plugins_dir,
++	                             user_plugins_dir);
++	g_free (user_plugins_dir);
+ 
+ 	peas_engine_add_search_path (PEAS_ENGINE (engine),
+ 	                             PLUMA_LIBDIR "/plugins",
+-- 
+2.39.2
+
diff -Nru pluma-1.26.0/debian/patches/0002_Fix-double-activation-of-extensions.patch pluma-1.26.0/debian/patches/0002_Fix-double-activation-of-extensions.patch
--- pluma-1.26.0/debian/patches/0002_Fix-double-activation-of-extensions.patch	1970-01-01 01:00:00.000000000 +0100
+++ pluma-1.26.0/debian/patches/0002_Fix-double-activation-of-extensions.patch	2023-12-30 15:59:49.000000000 +0100
@@ -0,0 +1,29 @@
+From e1d9f852ab4f9b1c162385f5aac1b598f563b17a Mon Sep 17 00:00:00 2001
+From: mbkma <johannes.unruh@fau.de>
+Date: Tue, 23 Nov 2021 22:40:26 +0100
+Subject: [PATCH 2/3] Fix double activation of extensions
+
+Signed-off-by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+---
+ pluma/pluma-view.c | 9 ++-------
+ 1 file changed, 2 insertions(+), 7 deletions(-)
+
+diff --git a/pluma/pluma-view.c b/pluma/pluma-view.c
+index 4a353e1..672cca8 100644
+--- a/pluma/pluma-view.c
++++ b/pluma/pluma-view.c
+@@ -413,11 +413,6 @@ on_notify_buffer_cb (PlumaView  *view,
+                       "search_highlight_updated",
+                       G_CALLBACK (search_highlight_updated_cb),
+                       view);
+-
+-    /* We only activate the extensions when the right buffer is set,
+-     * because most plugins will expect this behaviour, and we won't
+-     * change the buffer later anyway. */
+-    peas_extension_set_call (view->priv->extensions, "activate", view);
+ }
+ 
+ #ifdef GTK_SOURCE_VERSION_3_24
+-- 
+2.39.2
+
diff -Nru pluma-1.26.0/debian/patches/0003_Fix-out-of-bounds-write.patch pluma-1.26.0/debian/patches/0003_Fix-out-of-bounds-write.patch
--- pluma-1.26.0/debian/patches/0003_Fix-out-of-bounds-write.patch	1970-01-01 01:00:00.000000000 +0100
+++ pluma-1.26.0/debian/patches/0003_Fix-out-of-bounds-write.patch	2023-12-30 15:57:19.000000000 +0100
@@ -0,0 +1,30 @@
+From 8ca37beb259f7a62fef2005e888248ec880e44cd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bal=C3=A1zs=20Dura-Kov=C3=A1cs?= <balping314@gmail.com>
+Date: Thu, 18 Aug 2022 17:44:41 +0200
+Subject: [PATCH 3/3] Fix out-of-bounds write
+
+Closes https://github.com/mate-desktop/pluma/issues/664
+
+The size of tempfont was one byte too short, so strcpy performed an out-of-bounds write of the terminating 0.
+
+Signed-off-by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+---
+ pluma/pluma-window.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pluma/pluma-window.c b/pluma/pluma-window.c
+index 1ca50ec..f31288d 100644
+--- a/pluma/pluma-window.c
++++ b/pluma/pluma-window.c
+@@ -318,7 +318,7 @@ pluma_window_key_press_event (GtkWidget   *widget,
+         g_strcanon (tempsize, "1234567890", '\0');
+         g_strreverse (tempsize);
+ 
+-        gchar tempfont [strlen (font)];
++        gchar tempfont [strlen (font) + 1];
+         strcpy (tempfont, font);
+         tempfont [strlen (font) - strlen (tempsize)] = 0;
+ 
+-- 
+2.39.2
+
diff -Nru pluma-1.26.0/debian/patches/series pluma-1.26.0/debian/patches/series
--- pluma-1.26.0/debian/patches/series	2021-12-13 10:55:21.000000000 +0100
+++ pluma-1.26.0/debian/patches/series	2023-12-30 15:58:00.000000000 +0100
@@ -1 +1,4 @@
 2001_fix-bin-sh-path-in-shebang.patch
+0001_pluma-plugins-engine-fix-memory-leak.patch
+0002_Fix-double-activation-of-extensions.patch
+0003_Fix-out-of-bounds-write.patch

--- End Message ---
--- Begin Message --- 
Version: 12.5

The upload requested in this bug has been released as part of 12.5.

--- End Message ---
Reply to: