Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package at-spi2-core for openSUSE:Factory checked in at 2022-04-23 19:45:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/at-spi2-core (Old) and /work/SRC/openSUSE:Factory/.at-spi2-core.new.1538 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "at-spi2-core" Sat Apr 23 19:45:01 2022 rev:97 rq:972028 version:2.44.1 Changes: -------- --- /work/SRC/openSUSE:Factory/at-spi2-core/at-spi2-core.changes 2022-03-23 20:16:25.766396604 +0100 +++ /work/SRC/openSUSE:Factory/.at-spi2-core.new.1538/at-spi2-core.changes 2022-04-23 19:45:10.882927333 +0200 @@ -1,0 +2,10 @@ +Thu Apr 21 21:16:40 UTC 2022 - Michael Gorse <mgo...@suse.com> + +- Update to version 2.4.41: + + Fix use after free when removing a hung process. + + Fix the build with X11 disabled. + + Fix crash when NULL is passed to some listener-related functions. + + impl_deregister_keystroke_listener: fix memory leak on + iteration error. + +------------------------------------------------------------------- Old: ---- at-spi2-core-2.44.0.tar.xz New: ---- at-spi2-core-2.44.1.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ at-spi2-core.spec ++++++ --- /var/tmp/diff_new_pack.rKlrAz/_old 2022-04-23 19:45:11.746928360 +0200 +++ /var/tmp/diff_new_pack.rKlrAz/_new 2022-04-23 19:45:11.750928365 +0200 @@ -17,7 +17,7 @@ Name: at-spi2-core -Version: 2.44.0 +Version: 2.44.1 Release: 0 Summary: Assistive Technology Service Provider Interface - D-Bus based implementation License: LGPL-2.1-or-later ++++++ at-spi2-core-2.44.0.tar.xz -> at-spi2-core-2.44.1.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/at-spi2-core-2.44.0/NEWS new/at-spi2-core-2.44.1/NEWS --- old/at-spi2-core-2.44.0/NEWS 2022-03-18 14:49:39.000000000 +0100 +++ new/at-spi2-core-2.44.1/NEWS 2022-04-21 22:43:55.000000000 +0200 @@ -1,3 +1,13 @@ +What's new in at-spi2-core 2.44.1: + +* Fix use after free when removing a hung process. + +* Fix the build with X11 disabled. + +* Fix crash when NULL is passed to some listener-related functions. + +* impl_deregister_keystroke_listener: fix memory leak on iteration error. + What's new in at-spi2-core 2.44.0: * Unlink the socket before binding when using dbus-broker. Fixes regression diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/at-spi2-core-2.44.0/atspi/atspi-registry.c new/at-spi2-core-2.44.1/atspi/atspi-registry.c --- old/at-spi2-core-2.44.0/atspi/atspi-registry.c 2022-03-18 14:49:39.000000000 +0100 +++ new/at-spi2-core-2.44.1/atspi/atspi-registry.c 2022-04-21 22:43:55.000000000 +0200 @@ -270,19 +270,22 @@ GError **error) { GArray *d_key_set; - gchar *path = _atspi_device_listener_get_path (listener); + gchar *path; gint i; dbus_uint32_t d_modmask = modmask; dbus_uint32_t d_event_types = event_types; DBusError d_error; GList *l; - dbus_error_init (&d_error); if (!listener) { return FALSE; } + dbus_error_init (&d_error); + + path = _atspi_device_listener_get_path (listener); + /* copy the keyval filter values from the C api into the DBind KeySet */ if (key_set) { @@ -363,15 +366,18 @@ { gboolean retval = FALSE; dbus_uint32_t d_event_types = event_types; - gchar *path = _atspi_device_listener_get_path (listener); + gchar *path; DBusError d_error; - dbus_error_init (&d_error); if (!listener) { return retval; } + dbus_error_init (&d_error); + + path = _atspi_device_listener_get_path (listener); + dbind_method_call_reentrant (_atspi_bus(), atspi_bus_registry, atspi_path_dec, atspi_interface_dec, "RegisterDeviceEventListener", &d_error, "ou=>b", path, d_event_types, &retval); if (dbus_error_is_set (&d_error)) { @@ -400,16 +406,18 @@ void *filter, GError **error) { dbus_uint32_t event_types = 0; - gchar *path = _atspi_device_listener_get_path (listener); + gchar *path; DBusError d_error; - dbus_error_init (&d_error); - if (!listener) { return FALSE; } + dbus_error_init (&d_error); + + path = _atspi_device_listener_get_path (listener); + event_types |= (1 << ATSPI_BUTTON_PRESSED_EVENT); event_types |= (1 << ATSPI_BUTTON_RELEASED_EVENT); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/at-spi2-core-2.44.0/bus/at-spi-bus-launcher.c new/at-spi2-core-2.44.1/bus/at-spi-bus-launcher.c --- old/at-spi2-core-2.44.0/bus/at-spi-bus-launcher.c 2022-03-18 14:49:39.000000000 +0100 +++ new/at-spi2-core-2.44.1/bus/at-spi-bus-launcher.c 2022-04-21 22:43:55.000000000 +0200 @@ -438,7 +438,7 @@ { char *argv[] = { DBUS_BROKER, config_path, "--scope", "user", NULL }; char *unit; - struct sockaddr_un addr = { .sun_family = AF_UNIX, '\0' }; + struct sockaddr_un addr = { .sun_family = AF_UNIX, "" }; socklen_t addr_len = sizeof(addr); GPid pid; GError *error = NULL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/at-spi2-core-2.44.0/meson.build new/at-spi2-core-2.44.1/meson.build --- old/at-spi2-core-2.44.0/meson.build 2022-03-18 14:49:39.000000000 +0100 +++ new/at-spi2-core-2.44.1/meson.build 2022-04-21 22:43:55.000000000 +0200 @@ -1,5 +1,5 @@ project('at-spi2-core', 'c', - version: '2.44.0', + version: '2.44.1', license: 'LGPLv2.1+', default_options: [ 'buildtype=debugoptimized', diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/at-spi2-core-2.44.0/registryd/deviceeventcontroller.c new/at-spi2-core-2.44.1/registryd/deviceeventcontroller.c --- old/at-spi2-core-2.44.0/registryd/deviceeventcontroller.c 2022-03-18 14:49:39.000000000 +0100 +++ new/at-spi2-core-2.44.1/registryd/deviceeventcontroller.c 2022-04-21 22:43:55.000000000 +0200 @@ -896,8 +896,9 @@ { if (!strcmp (l->data, dest)) { - hung_processes = g_slist_remove (hung_processes, l->data); - g_free (l->data); + gpointer l_data = l->data; + hung_processes = g_slist_remove (hung_processes, l_data); + g_free (l_data); break; } } @@ -921,8 +922,9 @@ { if (!strcmp (l->data, data)) { - hung_processes = g_slist_remove (hung_processes, l->data); - g_free (l->data); + gpointer l_data = l->data; + hung_processes = g_slist_remove (hung_processes, l_data); + g_free (l_data); break; } } @@ -1388,6 +1390,7 @@ Accessibility_KeyDefinition *kd = (Accessibility_KeyDefinition *)g_malloc(sizeof(Accessibility_KeyDefinition)); if (!spi_dbus_message_iter_get_struct(&iter_array, DBUS_TYPE_INT32, &kd->keycode, DBUS_TYPE_INT32, &kd->keysym, DBUS_TYPE_STRING, &keystring, DBUS_TYPE_INVALID)) { + g_free(kd); break; } kd->keystring = g_strdup (keystring); @@ -1598,6 +1601,7 @@ if (!spi_dbus_message_iter_get_struct(&iter_array, DBUS_TYPE_INT32, &kd->keycode, DBUS_TYPE_INT32, &kd->keysym, DBUS_TYPE_STRING, &keystring, DBUS_TYPE_INVALID)) { + g_free(kd); break; } kd->keystring = g_strdup (keystring); @@ -1720,16 +1724,16 @@ if (synth_mods != modifiers) { lock_mods = synth_mods & ~modifiers; spi_dec_plat_lock_modifiers (controller, lock_mods); - if (modifiers & LockMask) - spi_dec_plat_unlock_modifiers (controller, LockMask); + if (modifiers & SPI_KEYMASK_SHIFTLOCK) + spi_dec_plat_unlock_modifiers (controller, SPI_KEYMASK_SHIFTLOCK); } spi_dec_plat_synth_keycode_press (controller, key_synth_code); spi_dec_plat_synth_keycode_release (controller, key_synth_code); if (synth_mods != modifiers) { spi_dec_plat_unlock_modifiers (controller, lock_mods); - if (modifiers & LockMask) - spi_dec_plat_lock_modifiers (controller, LockMask); + if (modifiers & SPI_KEYMASK_SHIFTLOCK) + spi_dec_plat_lock_modifiers (controller, SPI_KEYMASK_SHIFTLOCK); } return TRUE; }