Accepting request 869723 from home:iznogood:branches:GNOME:Factory
- Update to version 2.66.6:
+ Fix various instances within GLib where `g_memdup()` was
vulnerable to a silent integer truncation and heap overflow
problem (glgo#GNOME/GLib#2319).
- Update to version 2.66.5:
+ Fix some issues with handling over-long (invalid) input when
parsing for `GDate`.
+ Don’t load GIO modules or parse other GIO environment variables
when `AT_SECURE` is set (i.e. in a setuid/setgid/setcap
process). GIO has always been documented as not being safe to
use in privileged processes, but people persist in using it
unsafely, so these changes should harden things against
potential attacks at least a little. Unfortunately they break a
couple of projects which were relying on reading
`DBUS_SESSION_BUS_ADDRESS`, so GIO continues to read that for
setgid/setcap (but not setuid) processes. This loophole will be
closed in GLib 2.70 (see issue #2316), which should give
modules 6 months to change their behaviour.
+ Fix `g_spawn()` searching `PATH` when it wasn’t meant to.
+ Bugs fixed: bgo#2168, bgo#2210, bgo#2305, glgo#GNOME/GLib!1820,
glgo#GNOME/GLib!1824, glgo#GNOME/GLib!1831,
glgo#GNOME/GLib!1836, glgo#GNOME/GLib!1864,
glgo#GNOME/GLib!1872, glgo#GNOME/GLib!1913,
glgo#GNOME/GLib!1922.
- Rebase/refresh patches:
+ glib2-dbus-socket-path.patch
+ glib2-fate300461-gettext-gkeyfile-suse.patch
+ glib2-gdbus-codegen-version.patch
+ glib2-suppress-schema-deprecated-path-warning.patch
OBS-URL: https://build.opensuse.org/request/show/869723
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/glib2?expand=0&rev=444
2021-02-08 12:22:11 +01:00
|
|
|
Index: glib-2.66.5/gio/gdbus-2.0/codegen/codegen.py
|
2018-03-09 11:10:43 +01:00
|
|
|
===================================================================
|
Accepting request 869723 from home:iznogood:branches:GNOME:Factory
- Update to version 2.66.6:
+ Fix various instances within GLib where `g_memdup()` was
vulnerable to a silent integer truncation and heap overflow
problem (glgo#GNOME/GLib#2319).
- Update to version 2.66.5:
+ Fix some issues with handling over-long (invalid) input when
parsing for `GDate`.
+ Don’t load GIO modules or parse other GIO environment variables
when `AT_SECURE` is set (i.e. in a setuid/setgid/setcap
process). GIO has always been documented as not being safe to
use in privileged processes, but people persist in using it
unsafely, so these changes should harden things against
potential attacks at least a little. Unfortunately they break a
couple of projects which were relying on reading
`DBUS_SESSION_BUS_ADDRESS`, so GIO continues to read that for
setgid/setcap (but not setuid) processes. This loophole will be
closed in GLib 2.70 (see issue #2316), which should give
modules 6 months to change their behaviour.
+ Fix `g_spawn()` searching `PATH` when it wasn’t meant to.
+ Bugs fixed: bgo#2168, bgo#2210, bgo#2305, glgo#GNOME/GLib!1820,
glgo#GNOME/GLib!1824, glgo#GNOME/GLib!1831,
glgo#GNOME/GLib!1836, glgo#GNOME/GLib!1864,
glgo#GNOME/GLib!1872, glgo#GNOME/GLib!1913,
glgo#GNOME/GLib!1922.
- Rebase/refresh patches:
+ glib2-dbus-socket-path.patch
+ glib2-fate300461-gettext-gkeyfile-suse.patch
+ glib2-gdbus-codegen-version.patch
+ glib2-suppress-schema-deprecated-path-warning.patch
OBS-URL: https://build.opensuse.org/request/show/869723
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/glib2?expand=0&rev=444
2021-02-08 12:22:11 +01:00
|
|
|
--- glib-2.66.5.orig/gio/gdbus-2.0/codegen/codegen.py
|
|
|
|
|
+++ glib-2.66.5/gio/gdbus-2.0/codegen/codegen.py
|
2020-10-22 10:50:43 +02:00
|
|
|
@@ -79,8 +79,7 @@ class HeaderCodeGenerator:
|
2018-03-09 11:10:43 +01:00
|
|
|
# ----------------------------------------------------------------------------------------------------
|
2017-06-07 15:34:11 +02:00
|
|
|
|
2018-03-09 11:10:43 +01:00
|
|
|
def generate_header_preamble(self):
|
2018-09-22 00:43:51 +02:00
|
|
|
- basenames = ', '.join(self.input_files_basenames)
|
|
|
|
|
- self.outfile.write(LICENSE_STR.format(config.VERSION, basenames))
|
2018-03-09 11:10:43 +01:00
|
|
|
+ self.outfile.write(LICENSE_STR)
|
|
|
|
|
self.outfile.write('\n')
|
|
|
|
|
|
|
|
|
|
if self.use_pragma:
|
2020-10-22 10:50:43 +02:00
|
|
|
@@ -721,8 +720,7 @@ class InterfaceInfoHeaderCodeGenerator:
|
2018-03-09 11:10:43 +01:00
|
|
|
# ----------------------------------------------------------------------------------------------------
|
|
|
|
|
|
2020-10-22 10:50:43 +02:00
|
|
|
def generate_header_preamble(self):
|
2018-09-22 00:43:51 +02:00
|
|
|
- basenames = ', '.join(self.input_files_basenames)
|
|
|
|
|
- self.outfile.write(LICENSE_STR.format(config.VERSION, basenames))
|
2018-03-09 11:10:43 +01:00
|
|
|
+ self.outfile.write(LICENSE_STR)
|
|
|
|
|
self.outfile.write('\n')
|
2020-10-22 10:50:43 +02:00
|
|
|
|
|
|
|
|
if self.use_pragma:
|
|
|
|
|
@@ -781,8 +779,7 @@ class InterfaceInfoBodyCodeGenerator:
|
|
|
|
|
# ----------------------------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
def generate_body_preamble(self):
|
|
|
|
|
- basenames = ', '.join(self.input_files_basenames)
|
|
|
|
|
- self.outfile.write(LICENSE_STR.format(config.VERSION, basenames))
|
|
|
|
|
+ self.outfile.write(LICENSE_STR)
|
|
|
|
|
|
|
|
|
|
if self.symbol_decoration_define is not None:
|
|
|
|
|
self.outfile.write('\n')
|
|
|
|
|
@@ -1023,8 +1020,7 @@ class CodeGenerator:
|
|
|
|
|
# ----------------------------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
def generate_body_preamble(self):
|
|
|
|
|
- basenames = ', '.join(self.input_files_basenames)
|
|
|
|
|
- self.outfile.write(LICENSE_STR.format(config.VERSION, basenames))
|
|
|
|
|
+ self.outfile.write(LICENSE_STR)
|
|
|
|
|
if self.symbol_decoration_define is not None:
|
|
|
|
|
self.outfile.write('\n')
|
|
|
|
|
self.outfile.write('#define %s\n' % self.symbol_decoration_define)
|
