diff --git a/glib-2.66.4.tar.xz b/glib-2.66.4.tar.xz deleted file mode 100644 index 2b62435..0000000 --- a/glib-2.66.4.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:97df8670e32f9fd4f7392b0980e661dd625012015d58350da1e58e343f4af984 -size 4838124 diff --git a/glib-2.66.6.tar.xz b/glib-2.66.6.tar.xz new file mode 100644 index 0000000..54dfb75 --- /dev/null +++ b/glib-2.66.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:80fff9c63d2725834328071c42003c311f77f91caf2285195c587c62f5638329 +size 4841768 diff --git a/glib2-bgo569829-gettext-gkeyfile.patch b/glib2-bgo569829-gettext-gkeyfile.patch index e1acd74..88c44a3 100644 --- a/glib2-bgo569829-gettext-gkeyfile.patch +++ b/glib2-bgo569829-gettext-gkeyfile.patch @@ -1,7 +1,7 @@ -Index: glib-2.56.2/glib/gkeyfile.c +Index: glib-2.66.5/glib/gkeyfile.c =================================================================== ---- glib-2.56.2.orig/glib/gkeyfile.c 2018-03-12 17:23:37.000000000 +0100 -+++ glib-2.56.2/glib/gkeyfile.c 2018-08-17 10:53:47.314889363 +0200 +--- glib-2.66.5.orig/glib/gkeyfile.c ++++ glib-2.66.5/glib/gkeyfile.c @@ -511,6 +511,7 @@ struct _GKeyFile GKeyFileFlags flags; @@ -10,7 +10,7 @@ Index: glib-2.56.2/glib/gkeyfile.c volatile gint ref_count; }; -@@ -635,6 +636,7 @@ g_key_file_init (GKeyFile *key_file) +@@ -636,6 +637,7 @@ g_key_file_init (GKeyFile *key_file) key_file->list_separator = ';'; key_file->flags = 0; key_file->locales = g_strdupv ((gchar **)g_get_language_names ()); @@ -18,7 +18,7 @@ Index: glib-2.56.2/glib/gkeyfile.c } static void -@@ -654,6 +656,12 @@ g_key_file_clear (GKeyFile *key_file) +@@ -655,6 +657,12 @@ g_key_file_clear (GKeyFile *key_file) key_file->parse_buffer = NULL; } @@ -31,7 +31,7 @@ Index: glib-2.56.2/glib/gkeyfile.c tmp = key_file->groups; while (tmp != NULL) { -@@ -873,6 +881,11 @@ g_key_file_load_from_fd (GKeyFile +@@ -874,6 +882,11 @@ g_key_file_load_from_fd (GKeyFile return FALSE; } @@ -43,7 +43,7 @@ Index: glib-2.56.2/glib/gkeyfile.c return TRUE; } -@@ -985,6 +998,11 @@ g_key_file_load_from_data (GKeyFile +@@ -986,6 +999,11 @@ g_key_file_load_from_data (GKeyFile return FALSE; } @@ -55,7 +55,7 @@ Index: glib-2.56.2/glib/gkeyfile.c return TRUE; } -@@ -2208,6 +2226,8 @@ g_key_file_get_locale_string (GKeyFile +@@ -2213,6 +2231,8 @@ g_key_file_get_locale_string (GKeyFile GError *key_file_error; gchar **languages; gboolean free_languages = FALSE; @@ -64,7 +64,7 @@ Index: glib-2.56.2/glib/gkeyfile.c gint i; g_return_val_if_fail (key_file != NULL, NULL); -@@ -2229,6 +2249,23 @@ g_key_file_get_locale_string (GKeyFile +@@ -2234,6 +2254,23 @@ g_key_file_get_locale_string (GKeyFile free_languages = FALSE; } @@ -88,7 +88,7 @@ Index: glib-2.56.2/glib/gkeyfile.c for (i = 0; languages[i]; i++) { candidate_key = g_strdup_printf ("%s[%s]", key, languages[i]); -@@ -2245,6 +2282,39 @@ g_key_file_get_locale_string (GKeyFile +@@ -2250,6 +2287,39 @@ g_key_file_get_locale_string (GKeyFile translated_value = NULL; } @@ -128,10 +128,10 @@ Index: glib-2.56.2/glib/gkeyfile.c /* Fallback to untranslated key */ if (!translated_value) -Index: glib-2.56.2/glib/gkeyfile.h +Index: glib-2.66.5/glib/gkeyfile.h =================================================================== ---- glib-2.56.2.orig/glib/gkeyfile.h 2018-02-06 17:05:56.000000000 +0100 -+++ glib-2.56.2/glib/gkeyfile.h 2018-08-17 10:53:47.314889363 +0200 +--- glib-2.66.5.orig/glib/gkeyfile.h ++++ glib-2.66.5/glib/gkeyfile.h @@ -320,6 +320,7 @@ gboolean g_key_file_remove_group #define G_KEY_FILE_DESKTOP_KEY_URL "URL" #define G_KEY_FILE_DESKTOP_KEY_DBUS_ACTIVATABLE "DBusActivatable" diff --git a/glib2-dbus-socket-path.patch b/glib2-dbus-socket-path.patch index 5da75aa..b7a9305 100644 --- a/glib2-dbus-socket-path.patch +++ b/glib2-dbus-socket-path.patch @@ -1,9 +1,9 @@ -Index: glib-2.56.2/gio/gdbusaddress.c +Index: glib-2.66.5/gio/gdbusaddress.c =================================================================== ---- glib-2.56.2.orig/gio/gdbusaddress.c 2018-08-16 22:53:19.000000000 +0200 -+++ glib-2.56.2/gio/gdbusaddress.c 2018-08-17 10:46:31.564471587 +0200 -@@ -1628,7 +1628,7 @@ g_dbus_address_get_for_bus_sync (GBusTyp - ret = g_strdup (g_getenv ("DBUS_SYSTEM_BUS_ADDRESS")); +--- glib-2.66.5.orig/gio/gdbusaddress.c ++++ glib-2.66.5/gio/gdbusaddress.c +@@ -1331,7 +1331,7 @@ g_dbus_address_get_for_bus_sync (GBusTyp + if (ret == NULL) { - ret = g_strdup ("unix:path=/var/run/dbus/system_bus_socket"); diff --git a/glib2-fate300461-gettext-gkeyfile-suse.patch b/glib2-fate300461-gettext-gkeyfile-suse.patch index 8f820ed..894ae0e 100644 --- a/glib2-fate300461-gettext-gkeyfile-suse.patch +++ b/glib2-fate300461-gettext-gkeyfile-suse.patch @@ -1,7 +1,7 @@ -Index: glib-2.56.2/glib/gkeyfile.c +Index: glib-2.66.5/glib/gkeyfile.c =================================================================== ---- glib-2.56.2.orig/glib/gkeyfile.c 2018-08-17 10:53:47.314889363 +0200 -+++ glib-2.56.2/glib/gkeyfile.c 2018-08-17 10:53:47.330889591 +0200 +--- glib-2.66.5.orig/glib/gkeyfile.c ++++ glib-2.66.5/glib/gkeyfile.c @@ -512,6 +512,7 @@ struct _GKeyFile gchar **locales; @@ -10,7 +10,7 @@ Index: glib-2.56.2/glib/gkeyfile.c volatile gint ref_count; }; -@@ -637,6 +638,7 @@ g_key_file_init (GKeyFile *key_file) +@@ -638,6 +639,7 @@ g_key_file_init (GKeyFile *key_file) key_file->flags = 0; key_file->locales = g_strdupv ((gchar **)g_get_language_names ()); key_file->gettext_domain = NULL; @@ -18,7 +18,7 @@ Index: glib-2.56.2/glib/gkeyfile.c } static void -@@ -662,6 +664,12 @@ g_key_file_clear (GKeyFile *key_file) +@@ -663,6 +665,12 @@ g_key_file_clear (GKeyFile *key_file) key_file->gettext_domain = NULL; } @@ -31,7 +31,7 @@ Index: glib-2.56.2/glib/gkeyfile.c tmp = key_file->groups; while (tmp != NULL) { -@@ -805,6 +813,39 @@ find_file_in_data_dirs (const gchar *f +@@ -806,6 +814,39 @@ find_file_in_data_dirs (const gchar *f return fd; } @@ -71,7 +71,7 @@ Index: glib-2.56.2/glib/gkeyfile.c static gboolean g_key_file_load_from_fd (GKeyFile *key_file, gint fd, -@@ -886,6 +927,9 @@ g_key_file_load_from_fd (GKeyFile +@@ -887,6 +928,9 @@ g_key_file_load_from_fd (GKeyFile G_KEY_FILE_DESKTOP_KEY_GETTEXT_DOMAIN, NULL); @@ -81,7 +81,7 @@ Index: glib-2.56.2/glib/gkeyfile.c return TRUE; } -@@ -942,6 +986,8 @@ g_key_file_load_from_file (GKeyFile +@@ -943,6 +987,8 @@ g_key_file_load_from_file (GKeyFile return FALSE; } @@ -90,7 +90,7 @@ Index: glib-2.56.2/glib/gkeyfile.c return TRUE; } -@@ -1003,6 +1049,9 @@ g_key_file_load_from_data (GKeyFile +@@ -1004,6 +1050,9 @@ g_key_file_load_from_data (GKeyFile G_KEY_FILE_DESKTOP_KEY_GETTEXT_DOMAIN, NULL); @@ -100,7 +100,7 @@ Index: glib-2.56.2/glib/gkeyfile.c return TRUE; } -@@ -1107,6 +1156,9 @@ g_key_file_load_from_dirs (GKeyFile +@@ -1108,6 +1157,9 @@ g_key_file_load_from_dirs (GKeyFile } } @@ -110,7 +110,7 @@ Index: glib-2.56.2/glib/gkeyfile.c if (found_file && full_path) *full_path = output_path; else -@@ -2291,14 +2343,40 @@ g_key_file_get_locale_string (GKeyFile +@@ -2296,14 +2348,40 @@ g_key_file_get_locale_string (GKeyFile { gboolean codeset_set; const gchar *translated; @@ -156,10 +156,10 @@ Index: glib-2.56.2/glib/gkeyfile.c g_free (orig_value); -Index: glib-2.56.2/glib/gkeyfile.h +Index: glib-2.66.5/glib/gkeyfile.h =================================================================== ---- glib-2.56.2.orig/glib/gkeyfile.h 2018-08-17 10:53:47.314889363 +0200 -+++ glib-2.56.2/glib/gkeyfile.h 2018-08-17 10:53:47.330889591 +0200 +--- glib-2.66.5.orig/glib/gkeyfile.h ++++ glib-2.66.5/glib/gkeyfile.h @@ -320,7 +320,7 @@ gboolean g_key_file_remove_group #define G_KEY_FILE_DESKTOP_KEY_URL "URL" #define G_KEY_FILE_DESKTOP_KEY_DBUS_ACTIVATABLE "DBusActivatable" diff --git a/glib2-gdbus-codegen-version.patch b/glib2-gdbus-codegen-version.patch index 7ca27f2..87833ba 100644 --- a/glib2-gdbus-codegen-version.patch +++ b/glib2-gdbus-codegen-version.patch @@ -1,7 +1,7 @@ -Index: glib-2.65.2/gio/gdbus-2.0/codegen/codegen.py +Index: glib-2.66.5/gio/gdbus-2.0/codegen/codegen.py =================================================================== ---- glib-2.65.2.orig/gio/gdbus-2.0/codegen/codegen.py -+++ glib-2.65.2/gio/gdbus-2.0/codegen/codegen.py +--- glib-2.66.5.orig/gio/gdbus-2.0/codegen/codegen.py ++++ glib-2.66.5/gio/gdbus-2.0/codegen/codegen.py @@ -79,8 +79,7 @@ class HeaderCodeGenerator: # ---------------------------------------------------------------------------------------------------- diff --git a/glib2-suppress-schema-deprecated-path-warning.patch b/glib2-suppress-schema-deprecated-path-warning.patch index 7ede53a..992f10f 100644 --- a/glib2-suppress-schema-deprecated-path-warning.patch +++ b/glib2-suppress-schema-deprecated-path-warning.patch @@ -1,8 +1,8 @@ -Index: glib-2.56.2/gio/glib-compile-schemas.c +Index: glib-2.66.5/gio/glib-compile-schemas.c =================================================================== ---- glib-2.56.2.orig/gio/glib-compile-schemas.c 2018-08-17 02:03:20.000000000 +0200 -+++ glib-2.56.2/gio/glib-compile-schemas.c 2018-08-17 10:53:47.342889761 +0200 -@@ -1219,6 +1219,7 @@ parse_state_start_schema (ParseState *s +--- glib-2.66.5.orig/gio/glib-compile-schemas.c ++++ glib-2.66.5/gio/glib-compile-schemas.c +@@ -1232,6 +1232,7 @@ parse_state_start_schema (ParseState *s return; } @@ -10,7 +10,7 @@ Index: glib-2.56.2/gio/glib-compile-schemas.c if (path && (g_str_has_prefix (path, "/apps/") || g_str_has_prefix (path, "/desktop/") || g_str_has_prefix (path, "/system/"))) -@@ -1231,6 +1232,7 @@ parse_state_start_schema (ParseState *s +@@ -1244,6 +1245,7 @@ parse_state_start_schema (ParseState *s g_printerr ("%s\n", message); g_free (message); } diff --git a/glib2.changes b/glib2.changes index 1cd3712..aec75ba 100644 --- a/glib2.changes +++ b/glib2.changes @@ -1,3 +1,41 @@ +------------------------------------------------------------------- +Fri Feb 5 10:59:15 UTC 2021 - Bjørn Lie + +- Update to version 2.66.6: + + Fix various instances within GLib where `g_memdup()` was + vulnerable to a silent integer truncation and heap overflow + problem (glgo#GNOME/GLib#2319). + +------------------------------------------------------------------- +Wed Feb 3 18:52:30 UTC 2021 - Bjørn Lie + +- Update to version 2.66.5: + + Fix some issues with handling over-long (invalid) input when + parsing for `GDate`. + + Don’t load GIO modules or parse other GIO environment variables + when `AT_SECURE` is set (i.e. in a setuid/setgid/setcap + process). GIO has always been documented as not being safe to + use in privileged processes, but people persist in using it + unsafely, so these changes should harden things against + potential attacks at least a little. Unfortunately they break a + couple of projects which were relying on reading + `DBUS_SESSION_BUS_ADDRESS`, so GIO continues to read that for + setgid/setcap (but not setuid) processes. This loophole will be + closed in GLib 2.70 (see issue #2316), which should give + modules 6 months to change their behaviour. + + Fix `g_spawn()` searching `PATH` when it wasn’t meant to. + + Bugs fixed: bgo#2168, bgo#2210, bgo#2305, glgo#GNOME/GLib!1820, + glgo#GNOME/GLib!1824, glgo#GNOME/GLib!1831, + glgo#GNOME/GLib!1836, glgo#GNOME/GLib!1864, + glgo#GNOME/GLib!1872, glgo#GNOME/GLib!1913, + glgo#GNOME/GLib!1922. +- Rebase/refresh patches: + + glib2-dbus-socket-path.patch + + glib2-fate300461-gettext-gkeyfile-suse.patch + + glib2-gdbus-codegen-version.patch + + glib2-suppress-schema-deprecated-path-warning.patch + + glib2-bgo569829-gettext-gkeyfile.patch + ------------------------------------------------------------------- Thu Dec 17 21:20:22 UTC 2020 - Bjørn Lie diff --git a/glib2.spec b/glib2.spec index 2e02804..fe23be4 100644 --- a/glib2.spec +++ b/glib2.spec @@ -1,7 +1,7 @@ # # spec file for package glib2 # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %bcond_without systemtap %bcond_without gtk_doc Name: glib2 -Version: 2.66.4 +Version: 2.66.6 Release: 0 Summary: General-Purpose Utility Library License: LGPL-2.1-or-later