- Update to version 2.66.7:
+ Fix various regressions caused by rushed security fixes in
2.66.6.
+ Fix a silent integer truncation when calling
`g_byte_array_new_take()` for byte arrays bigger than
`G_MAXUINT`.
+ Disallow using currently-undefined D-Bus connection or server
flags to prevent forward-compatibility problems with new
security-sensitive flags likely to be released in GLib 2.68.
+ Bugs fixed: glgo#GNOME/GLib!1933, glgo#GNOME/GLib!1943,
glgo#GNOME/GLib!1944, glgo#GNOME/GLib!1945.
OBS-URL: https://build.opensuse.org/request/show/871216
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/glib2?expand=0&rev=446
- Update to version 2.66.6:
+ Fix various instances within GLib where `g_memdup()` was
vulnerable to a silent integer truncation and heap overflow
problem (glgo#GNOME/GLib#2319).
- Update to version 2.66.5:
+ Fix some issues with handling over-long (invalid) input when
parsing for `GDate`.
+ Don’t load GIO modules or parse other GIO environment variables
when `AT_SECURE` is set (i.e. in a setuid/setgid/setcap
process). GIO has always been documented as not being safe to
use in privileged processes, but people persist in using it
unsafely, so these changes should harden things against
potential attacks at least a little. Unfortunately they break a
couple of projects which were relying on reading
`DBUS_SESSION_BUS_ADDRESS`, so GIO continues to read that for
setgid/setcap (but not setuid) processes. This loophole will be
closed in GLib 2.70 (see issue #2316), which should give
modules 6 months to change their behaviour.
+ Fix `g_spawn()` searching `PATH` when it wasn’t meant to.
+ Bugs fixed: bgo#2168, bgo#2210, bgo#2305, glgo#GNOME/GLib!1820,
glgo#GNOME/GLib!1824, glgo#GNOME/GLib!1831,
glgo#GNOME/GLib!1836, glgo#GNOME/GLib!1864,
glgo#GNOME/GLib!1872, glgo#GNOME/GLib!1913,
glgo#GNOME/GLib!1922.
- Rebase/refresh patches:
+ glib2-dbus-socket-path.patch
+ glib2-fate300461-gettext-gkeyfile-suse.patch
+ glib2-gdbus-codegen-version.patch
+ glib2-suppress-schema-deprecated-path-warning.patch
OBS-URL: https://build.opensuse.org/request/show/869723
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/glib2?expand=0&rev=444
- Add requires(post) libgio-2_0-0 to glib2-tools: ensures
glib-compile-schema to be functional when the file trigger fires,
by explicitly requesting the correct library to be present for
the post script. (boo#1178713).
- Update to version 2.66.3:
+ Fix awkward bug with `GPollFD` handling in some situations.
+ Fix sending FDs attached to very large D-Bus messages.
+ Bugs fixed: glgo#GNOME/GLib#1592, glgo#GNOME/GLib!1720,
glgo#GNOME/GLib!1721, glgo#GNOME/GLib!1723,
glgo#GNOME/GLib!1727, glgo#GNOME/GLib!1736.
OBS-URL: https://build.opensuse.org/request/show/848891
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/glib2?expand=0&rev=438
Glib is supposed to be backwards compatible, so lets put that to the test - move at least to GF for now, and quite possibly even into TW.
- Update to version 2.64.2:
+ Bugs fixed: glgo#GNOME/GLib#2067, glgo#GNOME/GLib#2081,
glgo#GNOME/GLib!1421, glgo#GNOME/GLib!1438,
glgo#GNOME/GLib!1424, glgo#GNOME/GLib!1428,
glgo#GNOME/GLib!1429, glgo#GNOME/GLib !1431,
glgo#GNOME/GLib!1432, glgo#GNOME/GLib!1435,
glgo#GNOME/GLib!1447.
+ Updated translations.
- Update to version 2.64.1:
+ Fix memory monitor tests to only be installed if
installed-tests are enabled, and to be skipped if
GObject-Introspection is too old.
+ Bugs fixed: glgo#GNOME/GLib#1986, glgo#GNOME/GLib#1988,
glgo#GNOME/GLib!1407, glgo#GNOME/GLib!1412.
+ Updated translations.
- Update to version 2.64.0:
+ Use `posix_spawn()` to speed up launching test D-Bus instances.
+ Bugs fixed: glgo#GNOME/GLib#1783, glgo#GNOME/GLib#2049,
glgo#GNOME/GLib!1384, glgo#GNOME/GLib!1386,
glgo#GNOME/GLib!1387, glgo#GNOME/GLib!1388,
glgo#GNOME/GLib!1389.
+ Updated translations.
- Update to version 2.63.6:
+ Fix potential relative read when calling g_printerr(), which
could lead to a denial of service from a setuid-root process
being used to block access to the TTY for another user.
+ Fix SOCKS proxy resolver sometimes not being used when
resolving addresses via Happy Eyeballs (CVE-2020-6750).
+ Several other Happy Eyeballs fixes for address resolution.
+ Various race fixes in `GDBusConnection` and its unit tests.
+ Fix a race condition with D-Bus name ownership.
+ Drop `gio-launch-desktop` helper application in favour of
calling `sh` directly.
+ Fix win32 exception handling with C# exceptions.
+ Fix thread safety of `GUnixMountMonitor`.
+ Additional fixes to new thread pool attribute behaviour from
GLib 2.63.4 to check if sched_setattr() is allowed by system
policies before depending on it.
+ Fix memory leaks and corruption when freeing `GSource`s while
freeing a `GMainContext`.
+ Drop inappropriate installation of object manager example
documentation.
+ Varioius other bugs and fixes.
+ Updated translations.
- Update to version 2.63.5:
+ Fix behaviour of `g_file_move()` fallback code to not follow
symlinks.
+ Rename `--glib-min-version` argument of `gdbus-codegen` to
`--glib-min-required`.
+ Add gtk-doc checks to CI and fix a number of documentation
issues.
+ Add a debug message if `g_setenv()` or `g_unsetenv()` are used
after any threads have been spawned — this will be upgraded to
a warning in future.
+ Skip memory monitor tests if xdg-desktop-portal or dbusmock are
not available.
+ Change the `libmount` configure option from a boolean to a
Meson `feature`.
+ Do not return `target-uri` from `g_file_peek_path()` when
called on trash/recent files.
+ Drop new TLS certificate API for PKCS #11 backed certificates,
as the implementation is not ready yet (this is not an API
break as the API was added earlier in the 2.63 cycle).
+ Updated translations.
+ For changes from earlier in the dev cycle see the NEWS file.
- Rebase glib2-gdbus-codegen-version.patch.
OBS-URL: https://build.opensuse.org/request/show/792948
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/glib2?expand=0&rev=424
- Update to version 2.62.6:
+ This is expected to be the final release in the 2.62.x stable
series; maintenance effort will shift to the newer 2.64.x
stable series now.
+ Fix SOCKS5 username/password authentication.
+ Exception handling fixes on Windows.
+ Bugs fixed: glgo#GNOME/GLib#1986, glgo#GNOME/GLib#1988,
glgo#GNOME/GLib#2049, glgo#GNOME/GLib!1378,
glgo#GNOME/GLib!1380, glgo#GNOME/GLib!1393,
glgo#GNOME/GLib!1394, glgo#GNOME/GLib!1411.
+ Updated translations.
OBS-URL: https://build.opensuse.org/request/show/788984
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/glib2?expand=0&rev=422
- Update to version 2.62.2:
+ Bugs fixed:
- glgo#GNOME/GLib#1896: Use after free when calling
g_dbus_connection_flush_sync() in a dedicated thread.
- glgo#GNOME/GLib!1154: Backport glgo#GNOME/GLib!1152
“gwinhttpvfs: Handle g_get_prgname() returning NULL” to
glib-2-62.
- glgo#GNOME/GLib!1156: Backport glgo#GNOME/GLib!1146 Solaris
fixes to glib-2-62.
OBS-URL: https://build.opensuse.org/request/show/742006
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/glib2?expand=0&rev=407