glib2/glib2-dbus-socket-path.patch

14 lines
450 B
Diff
Raw Normal View History

Index: glib-2.70.0/gio/gdbusaddress.c
===================================================================
--- glib-2.70.0.orig/gio/gdbusaddress.c
+++ glib-2.70.0/gio/gdbusaddress.c
@@ -1337,7 +1337,7 @@ g_dbus_address_get_for_bus_sync (GBusTyp
Accepting request 869723 from home:iznogood:branches:GNOME:Factory - Update to version 2.66.6: + Fix various instances within GLib where `g_memdup()` was vulnerable to a silent integer truncation and heap overflow problem (glgo#GNOME/GLib#2319). - Update to version 2.66.5: + Fix some issues with handling over-long (invalid) input when parsing for `GDate`. + Don’t load GIO modules or parse other GIO environment variables when `AT_SECURE` is set (i.e. in a setuid/setgid/setcap process). GIO has always been documented as not being safe to use in privileged processes, but people persist in using it unsafely, so these changes should harden things against potential attacks at least a little. Unfortunately they break a couple of projects which were relying on reading `DBUS_SESSION_BUS_ADDRESS`, so GIO continues to read that for setgid/setcap (but not setuid) processes. This loophole will be closed in GLib 2.70 (see issue #2316), which should give modules 6 months to change their behaviour. + Fix `g_spawn()` searching `PATH` when it wasn’t meant to. + Bugs fixed: bgo#2168, bgo#2210, bgo#2305, glgo#GNOME/GLib!1820, glgo#GNOME/GLib!1824, glgo#GNOME/GLib!1831, glgo#GNOME/GLib!1836, glgo#GNOME/GLib!1864, glgo#GNOME/GLib!1872, glgo#GNOME/GLib!1913, glgo#GNOME/GLib!1922. - Rebase/refresh patches: + glib2-dbus-socket-path.patch + glib2-fate300461-gettext-gkeyfile-suse.patch + glib2-gdbus-codegen-version.patch + glib2-suppress-schema-deprecated-path-warning.patch OBS-URL: https://build.opensuse.org/request/show/869723 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/glib2?expand=0&rev=444
2021-02-08 12:22:11 +01:00
if (ret == NULL)
{
- ret = g_strdup ("unix:path=/var/run/dbus/system_bus_socket");
+ ret = g_strdup ("unix:path=/run/dbus/system_bus_socket");
}
break;