diff --git a/0001-file-name-cloud-be-UTF-8.patch b/1000-file-name-cloud-be-UTF-8.patch similarity index 100% rename from 0001-file-name-cloud-be-UTF-8.patch rename to 1000-file-name-cloud-be-UTF-8.patch diff --git a/4155.patch b/4155.patch new file mode 100644 index 0000000000000000000000000000000000000000..f2b811fee4c069181c6095b32f866672d7b95f7b --- /dev/null +++ b/4155.patch @@ -0,0 +1,83 @@ +From d9fec76b594fccc6eda3ce04a74beae1c8b8c1d2 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Fri, 12 Jul 2024 11:14:10 +0200 +Subject: [PATCH] gfile: Add support for x-gvfs-trash mount option + +Currently, the trash functionality is disabled for system internal mounts. +That might be a problem in some cases. The `x-gvfs-notrash` mount option +allows disabling the trash functionality for certain mounts. Let's add +support for the `x-gvfs-trash` mount option to allow the opposite. + +See: https://issues.redhat.com/browse/RHEL-46828 +--- + gio/gfile.c | 7 +++++-- + gio/glocalfile.c | 22 +++++++++++++--------- + 2 files changed, 18 insertions(+), 11 deletions(-) + +diff --git a/gio/gfile.c b/gio/gfile.c +index 4f9b9c6750..5ac73c03e8 100644 +--- a/gio/gfile.c ++++ b/gio/gfile.c +@@ -4744,10 +4744,13 @@ g_file_delete_finish (GFile *file, + * + * Sends @file to the "Trashcan", if possible. This is similar to + * deleting it, but the user can recover it before emptying the trashcan. +- * Not all file systems support trashing, so this call can return the ++ * Trashing is disabled for system mounts by default (see ++ * g_unix_mount_is_system_internal()), so this call can return the + * %G_IO_ERROR_NOT_SUPPORTED error. Since GLib 2.66, the `x-gvfs-notrash` unix +- * mount option can be used to disable g_file_trash() support for certain ++ * mount option can be used to disable g_file_trash() support for particular + * mounts, the %G_IO_ERROR_NOT_SUPPORTED error will be returned in that case. ++ * Since 2.82, the `x-gvfs-trash` unix mount option can be used to enable ++ * g_file_trash() support for particular system mounts. + * + * If @cancellable is not %NULL, then the operation can be cancelled by + * triggering the cancellable object from another thread. If the operation +diff --git a/gio/glocalfile.c b/gio/glocalfile.c +index 7b70c614c6..ac918d25e3 100644 +--- a/gio/glocalfile.c ++++ b/gio/glocalfile.c +@@ -1807,10 +1807,6 @@ ignore_trash_mount (GUnixMountEntry *mount) + { + GUnixMountPoint *mount_point = NULL; + const gchar *mount_options; +- gboolean retval = TRUE; +- +- if (g_unix_mount_is_system_internal (mount)) +- return TRUE; + + mount_options = g_unix_mount_get_options (mount); + if (mount_options == NULL) +@@ -1819,15 +1815,23 @@ ignore_trash_mount (GUnixMountEntry *mount) + NULL); + if (mount_point != NULL) + mount_options = g_unix_mount_point_get_options (mount_point); ++ ++ g_clear_pointer (&mount_point, g_unix_mount_point_free); + } + +- if (mount_options == NULL || +- strstr (mount_options, "x-gvfs-notrash") == NULL) +- retval = FALSE; ++ if (mount_options != NULL) ++ { ++ if (strstr (mount_options, "x-gvfs-trash") != NULL) ++ return FALSE; ++ ++ if (strstr (mount_options, "x-gvfs-notrash") != NULL) ++ return TRUE; ++ } + +- g_clear_pointer (&mount_point, g_unix_mount_point_free); ++ if (g_unix_mount_is_system_internal (mount)) ++ return TRUE; + +- return retval; ++ return FALSE; + } + + static gboolean +-- +GitLab + diff --git a/CVE-2024-52533.patch b/CVE-2024-52533.patch new file mode 100644 index 0000000000000000000000000000000000000000..c677cfc557ce9a084af00a69e0b2ec887cca7bb2 --- /dev/null +++ b/CVE-2024-52533.patch @@ -0,0 +1,45 @@ +From 25833cefda24c60af913d6f2d532b5afd608b821 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Thu, 19 Sep 2024 18:35:53 +0100 +Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in connect + messages + +`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul +byte in the connect message, which is an addition in SOCKSv4a vs +SOCKSv4. + +This means that the buffer for building and transmitting the connect +message could be overflowed if the username and hostname are both +`SOCKS4_MAX_LEN` (255) bytes long. + +Proxy configurations are normally statically configured, so the username +is very unlikely to be near its maximum length, and hence this overflow +is unlikely to be triggered in practice. + +(Commit message by Philip Withnall, diagnosis and fix by Michael +Catanzaro.) + +Fixes: #3461 +--- + gio/gsocks4aproxy.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c +index 3dad118eb7..b3146d08fd 100644 +--- a/gio/gsocks4aproxy.c ++++ b/gio/gsocks4aproxy.c +@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy) + * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+ + * | VN | CD | DSTPORT | DSTIP | USERID |NULL| HOST | | NULL | + * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+ +- * 1 1 2 4 variable 1 variable ++ * 1 1 2 4 variable 1 variable 1 + */ +-#define SOCKS4_CONN_MSG_LEN (9 + SOCKS4_MAX_LEN * 2) ++#define SOCKS4_CONN_MSG_LEN (10 + SOCKS4_MAX_LEN * 2) + static gint + set_connect_msg (guint8 *msg, + const gchar *hostname, +-- +GitLab + diff --git a/CVE-2025-4373.patch b/CVE-2025-4373.patch new file mode 100644 index 0000000000000000000000000000000000000000..7f83d9dc2f757e19a2287c601f13eb5cce7cb2b9 --- /dev/null +++ b/CVE-2025-4373.patch @@ -0,0 +1,140 @@ +From cc647f9e46d55509a93498af19659baf9c80f2e3 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Thu, 10 Apr 2025 10:57:20 -0500 +Subject: [PATCH] gstring: carefully handle gssize parameters + +Wherever we use gssize to allow passing -1, we need to ensure we don't +overflow the value by assigning a gsize to it without checking if the +size exceeds the maximum gssize. The safest way to do this is to just +use normal gsize everywhere instead and use gssize only for the +parameter. + +Our computers don't have enough RAM to write tests for this. I tried +forcing string->len to high values for test purposes, but this isn't +valid and will just cause out of bounds reads/writes due to +string->allocated_len being unexpectedly small, so I don't think we can +test this easily. +--- + glib/gstring.c | 36 +++++++++++++++++++++++------------- + 1 file changed, 23 insertions(+), 13 deletions(-) + +diff --git a/glib/gstring.c b/glib/gstring.c +index 5279ed3cca..d79a4849c0 100644 +--- a/glib/gstring.c ++++ b/glib/gstring.c +@@ -480,8 +480,9 @@ g_string_insert_len (GString *string, + return string; + + if (len < 0) +- len = strlen (val); +- len_unsigned = len; ++ len_unsigned = strlen (val); ++ else ++ len_unsigned = len; + + if (pos < 0) + pos_unsigned = string->len; +@@ -778,10 +779,12 @@ g_string_insert_c (GString *string, + g_string_maybe_expand (string, 1); + + if (pos < 0) +- pos = string->len; ++ pos_unsigned = string->len; + else +- g_return_val_if_fail ((gsize) pos <= string->len, string); +- pos_unsigned = pos; ++ { ++ pos_unsigned = pos; ++ g_return_val_if_fail (pos_unsigned <= string->len, string); ++ } + + /* If not just an append, move the old stuff */ + if (pos_unsigned < string->len) +@@ -814,6 +817,7 @@ g_string_insert_unichar (GString *string, + gssize pos, + gunichar wc) + { ++ gsize pos_unsigned; + gint charlen, first, i; + gchar *dest; + +@@ -855,15 +859,18 @@ g_string_insert_unichar (GString *string, + g_string_maybe_expand (string, charlen); + + if (pos < 0) +- pos = string->len; ++ pos_unsigned = string->len; + else +- g_return_val_if_fail ((gsize) pos <= string->len, string); ++ { ++ pos_unsigned = pos; ++ g_return_val_if_fail (pos_unsigned <= string->len, string); ++ } + + /* If not just an append, move the old stuff */ +- if ((gsize) pos < string->len) +- memmove (string->str + pos + charlen, string->str + pos, string->len - pos); ++ if (pos_unsigned < string->len) ++ memmove (string->str + pos_unsigned + charlen, string->str + pos_unsigned, string->len - pos_unsigned); + +- dest = string->str + pos; ++ dest = string->str + pos_unsigned; + /* Code copied from g_unichar_to_utf() */ + for (i = charlen - 1; i > 0; --i) + { +@@ -921,6 +928,7 @@ g_string_overwrite_len (GString *string, + const gchar *val, + gssize len) + { ++ gssize len_unsigned; + gsize end; + + g_return_val_if_fail (string != NULL, NULL); +@@ -932,14 +940,16 @@ g_string_overwrite_len (GString *string, + g_return_val_if_fail (pos <= string->len, string); + + if (len < 0) +- len = strlen (val); ++ len_unsigned = strlen (val); ++ else ++ len_unsigned = len; + +- end = pos + len; ++ end = pos + len_unsigned; + + if (end > string->len) + g_string_maybe_expand (string, end - string->len); + +- memcpy (string->str + pos, val, len); ++ memcpy (string->str + pos, val, len_unsigned); + + if (end > string->len) + { +-- +GitLab +From 089070bf53807ad2a81bc0b014ad19016fada2a5 Mon Sep 17 00:00:00 2001 +From: Peter Bloomfield +Date: Thu, 10 Apr 2025 22:12:49 -0400 +Subject: [PATCH] gstring: Make len_unsigned unsigned + +Declare `len_unsigned` as `gsize` instead of `gssize`. +--- + glib/gstring.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/glib/gstring.c b/glib/gstring.c +index d79a4849c0..2a399ee21f 100644 +--- a/glib/gstring.c ++++ b/glib/gstring.c +@@ -928,7 +928,7 @@ g_string_overwrite_len (GString *string, + const gchar *val, + gssize len) + { +- gssize len_unsigned; ++ gsize len_unsigned; + gsize end; + + g_return_val_if_fail (string != NULL, NULL); +-- +GitLab + diff --git a/dist b/dist index 89c1faffc18349bb12eee2371e9dc43bf419b95c..1f9f8c9bbdfdaf483d0bfdf0bf3c48d3cad6b1b9 100644 --- a/dist +++ b/dist @@ -1 +1 @@ -an9 +an9_6 diff --git a/gdatetime-test.patch b/gdatetime-test.patch new file mode 100644 index 0000000000000000000000000000000000000000..58d78e245799bd594d5c8c92c1fa40684d8e3f31 --- /dev/null +++ b/gdatetime-test.patch @@ -0,0 +1,187 @@ +From e608f34a060f2def4afeefc6e54b3189e6a82393 Mon Sep 17 00:00:00 2001 +From: "Rebecca N. Palmer" +Date: Fri, 11 Oct 2024 09:38:52 +0100 +Subject: [PATCH 1/3] gdatetime test: Do not assume PST8PDT was always exactly + -8/-7 + +In newer tzdata, it is an alias for America/Los_Angeles, which has a +slightly different meaning: DST did not exist there before 1883. As a +result, we can no longer hard-code the knowledge that interval 0 is +standard time and interval 1 is summer time, and instead we need to look +up the correct intervals from known timestamps. + +Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/3502 +Bug-Debian: https://bugs.debian.org/1084190 +[smcv: expand commit message, fix whitespace] +Signed-off-by: Simon McVittie +--- + glib/tests/gdatetime.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c +index bc4eba93a..2697e3caa 100644 +--- a/glib/tests/gdatetime.c ++++ b/glib/tests/gdatetime.c +@@ -2475,6 +2475,7 @@ test_posix_parse (void) + { + GTimeZone *tz; + GDateTime *gdt1, *gdt2; ++ gint i1, i2; + + /* Check that an unknown zone name falls back to UTC. */ + G_GNUC_BEGIN_IGNORE_DEPRECATIONS +@@ -2498,16 +2499,25 @@ test_posix_parse (void) + + /* This fails rules_from_identifier on Unix (though not on Windows) + * but passes anyway because PST8PDT is a zone name. ++ * ++ * Intervals i1 and i2 (rather than 0 and 1) are needed because in ++ * recent tzdata, PST8PDT may be an alias for America/Los_Angeles, ++ * and hence be aware that DST has not always existed. ++ * https://bugs.debian.org/1084190 + */ + tz = g_time_zone_new_identifier ("PST8PDT"); + g_assert_nonnull (tz); + g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, "PST8PDT"); +- g_assert_cmpstr (g_time_zone_get_abbreviation (tz, 0), ==, "PST"); +- g_assert_cmpint (g_time_zone_get_offset (tz, 0), ==, - 8 * 3600); +- g_assert (!g_time_zone_is_dst (tz, 0)); +- g_assert_cmpstr (g_time_zone_get_abbreviation (tz, 1), ==, "PDT"); +- g_assert_cmpint (g_time_zone_get_offset (tz, 1), ==,- 7 * 3600); +- g_assert (g_time_zone_is_dst (tz, 1)); ++ /* a date in winter = non-DST */ ++ i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, 0); ++ /* approximately 6 months in seconds, i.e. a date in summer = DST */ ++ i2 = g_time_zone_find_interval (tz, G_TIME_TYPE_DAYLIGHT, 15000000); ++ g_assert_cmpstr (g_time_zone_get_abbreviation (tz, i1), ==, "PST"); ++ g_assert_cmpint (g_time_zone_get_offset (tz, i1), ==, - 8 * 3600); ++ g_assert (!g_time_zone_is_dst (tz, i1)); ++ g_assert_cmpstr (g_time_zone_get_abbreviation (tz, i2), ==, "PDT"); ++ g_assert_cmpint (g_time_zone_get_offset (tz, i2), ==,- 7 * 3600); ++ g_assert (g_time_zone_is_dst (tz, i2)); + g_time_zone_unref (tz); + + tz = g_time_zone_new_identifier ("PST8PDT6:32:15"); +-- +2.50.0 + + +From a2a6ca391d16e76f74fe28f2bf33fecd0ded1293 Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Fri, 18 Oct 2024 11:03:19 +0100 +Subject: [PATCH 2/3] gdatetime test: Try to make PST8PDT test more obviously + correct + +Instead of using timestamp 0 as a magic number (in this case interpreted +as 1970-01-01T00:00:00-08:00), calculate a timestamp from a recent +year/month/day in winter, in this case 2024-01-01T00:00:00-08:00. + +Similarly, instead of using a timestamp 15 million seconds later +(1970-06-23T15:40:00-07:00), calculate a timestamp from a recent +year/month/day in summer, in this case 2024-07-01T00:00:00-07:00. + +Signed-off-by: Simon McVittie +--- + glib/tests/gdatetime.c | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c +index 2697e3caa..676951cce 100644 +--- a/glib/tests/gdatetime.c ++++ b/glib/tests/gdatetime.c +@@ -2499,19 +2499,16 @@ test_posix_parse (void) + + /* This fails rules_from_identifier on Unix (though not on Windows) + * but passes anyway because PST8PDT is a zone name. +- * +- * Intervals i1 and i2 (rather than 0 and 1) are needed because in +- * recent tzdata, PST8PDT may be an alias for America/Los_Angeles, +- * and hence be aware that DST has not always existed. +- * https://bugs.debian.org/1084190 + */ + tz = g_time_zone_new_identifier ("PST8PDT"); + g_assert_nonnull (tz); + g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, "PST8PDT"); + /* a date in winter = non-DST */ +- i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, 0); +- /* approximately 6 months in seconds, i.e. a date in summer = DST */ +- i2 = g_time_zone_find_interval (tz, G_TIME_TYPE_DAYLIGHT, 15000000); ++ gdt1 = g_date_time_new (tz, 2024, 1, 1, 0, 0, 0); ++ i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, g_date_time_to_unix (gdt1)); ++ /* a date in summer = DST */ ++ gdt2 = g_date_time_new (tz, 2024, 7, 1, 0, 0, 0); ++ i2 = g_time_zone_find_interval (tz, G_TIME_TYPE_DAYLIGHT, g_date_time_to_unix (gdt2)); + g_assert_cmpstr (g_time_zone_get_abbreviation (tz, i1), ==, "PST"); + g_assert_cmpint (g_time_zone_get_offset (tz, i1), ==, - 8 * 3600); + g_assert (!g_time_zone_is_dst (tz, i1)); +@@ -2519,6 +2516,8 @@ test_posix_parse (void) + g_assert_cmpint (g_time_zone_get_offset (tz, i2), ==,- 7 * 3600); + g_assert (g_time_zone_is_dst (tz, i2)); + g_time_zone_unref (tz); ++ g_date_time_unref (gdt1); ++ g_date_time_unref (gdt2); + + tz = g_time_zone_new_identifier ("PST8PDT6:32:15"); + #ifdef G_OS_WIN32 +-- +2.50.0 + + +From 345a41982e7237f72e88b4ade951320df52553b2 Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Fri, 18 Oct 2024 11:23:42 +0100 +Subject: [PATCH 3/3] gdatetime test: Fall back if legacy System V PST8PDT is + not available + +On recent versions of Debian, PST8PDT is part of the tzdata-legacy +package, which is not always installed and might disappear in future. +Successfully tested with and without tzdata-legacy on Debian unstable. + +Signed-off-by: Simon McVittie +--- + glib/tests/gdatetime.c | 19 +++++++++++++++++-- + 1 file changed, 17 insertions(+), 2 deletions(-) + +diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c +index 676951cce..7512389e0 100644 +--- a/glib/tests/gdatetime.c ++++ b/glib/tests/gdatetime.c +@@ -2476,6 +2476,7 @@ test_posix_parse (void) + GTimeZone *tz; + GDateTime *gdt1, *gdt2; + gint i1, i2; ++ const char *expect_id; + + /* Check that an unknown zone name falls back to UTC. */ + G_GNUC_BEGIN_IGNORE_DEPRECATIONS +@@ -2498,11 +2499,25 @@ test_posix_parse (void) + g_time_zone_unref (tz); + + /* This fails rules_from_identifier on Unix (though not on Windows) +- * but passes anyway because PST8PDT is a zone name. ++ * but can pass anyway because PST8PDT is a legacy System V zone name. + */ + tz = g_time_zone_new_identifier ("PST8PDT"); ++ expect_id = "PST8PDT"; ++ ++#ifndef G_OS_WIN32 ++ /* PST8PDT is in tzdata's "backward" set, packaged as tzdata-legacy and ++ * not always present in some OSs; fall back to the equivalent geographical ++ * name if the "backward" time zones are absent. */ ++ if (tz == NULL) ++ { ++ g_test_message ("Legacy PST8PDT time zone not available, falling back"); ++ tz = g_time_zone_new_identifier ("America/Los_Angeles"); ++ expect_id = "America/Los_Angeles"; ++ } ++#endif ++ + g_assert_nonnull (tz); +- g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, "PST8PDT"); ++ g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, expect_id); + /* a date in winter = non-DST */ + gdt1 = g_date_time_new (tz, 2024, 1, 1, 0, 0, 0); + i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, g_date_time_to_unix (gdt1)); +-- +2.50.0 + diff --git a/glib2.spec b/glib2.spec index a383f45f87732df5d8230a343464cc34c88b95b9..a255d1ed3e4e75e2e2fa665b651866d34582ff53 100644 --- a/glib2.spec +++ b/glib2.spec @@ -1,7 +1,7 @@ -%define anolis_release .0.3 +%define anolis_release .0.1 Name: glib2 Version: 2.68.4 -Release: 14%{anolis_release}%{?dist} +Release: 16%{anolis_release}%{?dist}.2 Summary: A library of handy utility functions License: LGPLv2+ @@ -61,7 +61,21 @@ Patch15: 3845.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4057 Patch16: 4038.patch -Patch1000: 0001-file-name-cloud-be-UTF-8.patch +# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4155 +Patch17: 4155.patch + +# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4281 +Patch18: CVE-2024-52533.patch + +# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/680 +# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4588 +# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4592 +Patch19: CVE-2025-4373.patch + +# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4356 +Patch20: gdatetime-test.patch + +Patch1000: 1000-file-name-cloud-be-UTF-8.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3433 Patch1001: 3433.patch @@ -284,14 +298,23 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %{_datadir}/installed-tests %changelog -* Mon May 19 2025 Liwei Ge - 2.68.4-14.0.3 +* Wed Jul 16 2025 Liwei Ge - 2.68.4-16.0.1.2 +- file name cloud be UTF-8 - Don't treat si_pid from pidfd as child exiting -* Fri Sep 27 2024 Liwei Ge - 2.68.4-14.0.2 -- file name cloud be UTF-8 +* Fri Jul 11 2025 Michael Catanzaro - 2.68.4-16.2 +- Add patches for CVE-2024-52533 and CVE-2025-4373 +- Update GDateTime test for new tzdata +- Resolves: RHEL-94290 +- Resolves: RHEL-102845 + +* Thu Sep 26 2024 Ondrej Holy - 2.68.4-16 +- Add support for x-gvfs-trash mount option +- Resolves: RHEL-52360 -* Wed Sep 25 2024 yangxinyu - 2.68.4-14.0.1 -- fix cve-2024-34397 +* Mon May 13 2024 Michael Catanzaro - 2.68.4-15 +- Fix CVE-2024-34397, signal subscription vulnerabilities +- Resolves: RHEL-35775 * Wed Feb 21 2024 Michael Catanzaro - 2.68.4-14 - Rebuild against newer util-linux for libmnt changes