Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package flatpak for openSUSE:Factory checked in at 2023-02-25 19:54:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/flatpak (Old) and /work/SRC/openSUSE:Factory/.flatpak.new.31432 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "flatpak" Sat Feb 25 19:54:27 2023 rev:77 rq:1067351 version:1.14.2 Changes: -------- --- /work/SRC/openSUSE:Factory/flatpak/flatpak.changes 2023-02-09 16:21:53.870308313 +0100 +++ /work/SRC/openSUSE:Factory/.flatpak.new.31432/flatpak.changes 2023-02-25 19:54:27.675026064 +0100 @@ -1,0 +2,7 @@ +Thu Feb 23 08:41:51 UTC 2023 - Alynx Zhou <[email protected]> + +- Add flatpak-fix-gpg-agent-double-free.patch: stdout stream of a + subprocess is owned by the subprocess, not the caller, so don't + use g_autoptr for it to prevent double free (bsc#1207434). + +------------------------------------------------------------------- New: ---- flatpak-fix-gpg-agent-double-free.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ flatpak.spec ++++++ --- /var/tmp/diff_new_pack.BjvNFZ/_old 2023-02-25 19:54:28.319030033 +0100 +++ /var/tmp/diff_new_pack.BjvNFZ/_new 2023-02-25 19:54:28.323030058 +0100 @@ -45,6 +45,8 @@ Source2: update-system-flatpaks.timer Source3: https://flathub.org/repo/flathub.flatpakrepo Patch0: polkit_rules_usability.patch +# PATCH-FIX-UPSTREAM flatpak-fix-gpg-agent-double-free.patch bsc#1207434 [email protected] -- Fix double free in in handling gpg-agent sockets +Patch1: flatpak-fix-gpg-agent-double-free.patch BuildRequires: bison BuildRequires: bubblewrap >= %{bubblewrap_version} BuildRequires: docbook-xsl-stylesheets @@ -148,6 +150,7 @@ %package remote-flathub Summary: Add Flathub repository to system flatpak +Group: System/Packages Requires: flatpak Requires(postun):flatpak Requires(postun):sed ++++++ flatpak-fix-gpg-agent-double-free.patch ++++++ >From d7fb31b54077c676be50a6903090d4627b02b994 Mon Sep 17 00:00:00 2001 From: Simon McVittie <[email protected]> Date: Mon, 6 Feb 2023 16:09:29 +0000 Subject: [PATCH] run: Avoid double-free of gpgconf stdout stream g_subprocess_get_stdout_pipe() does not transfer ownership, so the stream still belongs to the GSubprocess and we must not unref it. Fixes: 764e5a4d "Add --socket=gpg-agent" Resolves: https://github.com/flatpak/flatpak/issues/5095 Signed-off-by: Simon McVittie <[email protected]> --- common/flatpak-run.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/flatpak-run.c b/common/flatpak-run.c index 8d613165e1..3c85f9223f 100644 --- a/common/flatpak-run.c +++ b/common/flatpak-run.c @@ -608,7 +608,7 @@ flatpak_run_add_gpg_agent_args (FlatpakBwrap *bwrap) g_autofree char * sandbox_agent_socket = NULL; g_autoptr(GError) gpgconf_error = NULL; g_autoptr(GSubprocess) process = NULL; - g_autoptr(GInputStream) base_stream = NULL; + GInputStream *base_stream = NULL; g_autoptr(GDataInputStream) data_stream = NULL; process = g_subprocess_new (G_SUBPROCESS_FLAGS_STDOUT_PIPE,
