diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000000000000000000000000000000000..d87f5613ec4234f82f8eaeebc563711f587fdf88 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +*.xz filter=lfs diff=lfs merge=lfs -text diff --git a/.lfsconfig b/.lfsconfig new file mode 100644 index 0000000000000000000000000000000000000000..ae0965328c8b9ba03cddafd4fa7ea6fd2a8c13e5 --- /dev/null +++ b/.lfsconfig @@ -0,0 +1,2 @@ +[lfs] + url = https://artlfs.openeuler.openatom.cn/src-openEuler/glib2 diff --git a/backport-CVE-2024-52533.patch b/backport-CVE-2024-52533.patch deleted file mode 100644 index 661c43ce4fbb6169ddb9047b6eedfc85340aa41a..0000000000000000000000000000000000000000 --- a/backport-CVE-2024-52533.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 25833cefda24c60af913d6f2d532b5afd608b821 Mon Sep 17 00:00:00 2001 -From: Michael Catanzaro -Date: Thu, 19 Sep 2024 18:35:53 +0100 -Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in connect - messages - -`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul -byte in the connect message, which is an addition in SOCKSv4a vs -SOCKSv4. - -This means that the buffer for building and transmitting the connect -message could be overflowed if the username and hostname are both -`SOCKS4_MAX_LEN` (255) bytes long. - -Proxy configurations are normally statically configured, so the username -is very unlikely to be near its maximum length, and hence this overflow -is unlikely to be triggered in practice. - -(Commit message by Philip Withnall, diagnosis and fix by Michael -Catanzaro.) - -Fixes: #3461 ---- - gio/gsocks4aproxy.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c -index 3dad118eb7..b3146d08fd 100644 ---- a/gio/gsocks4aproxy.c -+++ b/gio/gsocks4aproxy.c -@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy) - * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+ - * | VN | CD | DSTPORT | DSTIP | USERID |NULL| HOST | | NULL | - * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+ -- * 1 1 2 4 variable 1 variable -+ * 1 1 2 4 variable 1 variable 1 - */ --#define SOCKS4_CONN_MSG_LEN (9 + SOCKS4_MAX_LEN * 2) -+#define SOCKS4_CONN_MSG_LEN (10 + SOCKS4_MAX_LEN * 2) - static gint - set_connect_msg (guint8 *msg, - const gchar *hostname, --- -GitLab diff --git a/backport-CVE-2025-3360.patch b/backport-CVE-2025-3360.patch deleted file mode 100644 index 12dd09db55f6a214d3b89766286f769da4d97a2f..0000000000000000000000000000000000000000 --- a/backport-CVE-2025-3360.patch +++ /dev/null @@ -1,328 +0,0 @@ -From fe6af80931c35fafc6a2cd0651b6de052d1bffae Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Tue, 18 Feb 2025 16:44:58 +0000 -Subject: [PATCH 1/6] gdatetime: Fix integer overflow when parsing very long - ISO8601 inputs - -This will only happen with invalid (or maliciously invalid) potential -ISO8601 strings, but `g_date_time_new_from_iso8601()` needs to be robust -against that. - -Prevent `length` overflowing by correctly defining it as a `size_t`. -Similarly for `date_length`, but additionally track its validity in a -boolean rather than as its sign. - -Spotted by chamalsl as #YWH-PGM9867-43. - -Signed-off-by: Philip Withnall ---- - glib/gdatetime.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/glib/gdatetime.c b/glib/gdatetime.c -index ad9c190b6b..b33db2c20c 100644 ---- a/glib/gdatetime.c -+++ b/glib/gdatetime.c -@@ -1544,7 +1544,8 @@ parse_iso8601_time (const gchar *text, gsize length, - GDateTime * - g_date_time_new_from_iso8601 (const gchar *text, GTimeZone *default_tz) - { -- gint length, date_length = -1; -+ size_t length, date_length = 0; -+ gboolean date_length_set = FALSE; - gint hour = 0, minute = 0; - gdouble seconds = 0.0; - GTimeZone *tz = NULL; -@@ -1555,11 +1556,14 @@ g_date_time_new_from_iso8601 (const gchar *text, GTimeZone *default_tz) - /* Count length of string and find date / time separator ('T', 't', or ' ') */ - for (length = 0; text[length] != '\0'; length++) - { -- if (date_length < 0 && (text[length] == 'T' || text[length] == 't' || text[length] == ' ')) -- date_length = length; -+ if (!date_length_set && (text[length] == 'T' || text[length] == 't' || text[length] == ' ')) -+ { -+ date_length = length; -+ date_length_set = TRUE; -+ } - } - -- if (date_length < 0) -+ if (!date_length_set) - return NULL; - - if (!parse_iso8601_time (text + date_length + 1, length - (date_length + 1), --- -GitLab - - -From 495c85278f9638fdf3ebf002c759e1bdccebaf2f Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Tue, 18 Feb 2025 16:51:36 +0000 -Subject: [PATCH 2/6] gdatetime: Fix potential integer overflow in timezone - offset handling - -This one is much harder to trigger than the one in the previous commit, -but mixing `gssize` and `gsize` always runs the risk of the former -overflowing for very (very very) long input strings. - -Avoid that possibility by not using the sign of the `tz_offset` to -indicate its validity, and instead using the return value of the -function. - -Signed-off-by: Philip Withnall ---- - glib/gdatetime.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/glib/gdatetime.c b/glib/gdatetime.c -index b33db2c20c..792c2ed15b 100644 ---- a/glib/gdatetime.c -+++ b/glib/gdatetime.c -@@ -1393,8 +1393,10 @@ parse_iso8601_date (const gchar *text, gsize length, - return FALSE; - } - -+/* Value returned in tz_offset is valid if and only if the function return value -+ * is non-NULL. */ - static GTimeZone * --parse_iso8601_timezone (const gchar *text, gsize length, gssize *tz_offset) -+parse_iso8601_timezone (const gchar *text, gsize length, size_t *tz_offset) - { - gint i, tz_length, offset_hours, offset_minutes; - gint offset_sign = 1; -@@ -1462,11 +1464,11 @@ static gboolean - parse_iso8601_time (const gchar *text, gsize length, - gint *hour, gint *minute, gdouble *seconds, GTimeZone **tz) - { -- gssize tz_offset = -1; -+ size_t tz_offset = 0; - - /* Check for timezone suffix */ - *tz = parse_iso8601_timezone (text, length, &tz_offset); -- if (tz_offset >= 0) -+ if (*tz != NULL) - length = tz_offset; - - /* hh:mm:ss(.sss) */ --- -GitLab - - -From 5e8a3c19fcad2936dc5e070cf0767a5c5af907c5 Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Tue, 18 Feb 2025 16:55:18 +0000 -Subject: [PATCH 3/6] gdatetime: Track timezone length as an unsigned size_t -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -It’s guaranteed to be in (0, length] by the calculations above. - -This avoids the possibility of integer overflow through `gssize` not -being as big as `size_t`. - -Signed-off-by: Philip Withnall ---- - glib/gdatetime.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/glib/gdatetime.c b/glib/gdatetime.c -index 792c2ed15b..6335bcbe2d 100644 ---- a/glib/gdatetime.c -+++ b/glib/gdatetime.c -@@ -1398,7 +1398,8 @@ parse_iso8601_date (const gchar *text, gsize length, - static GTimeZone * - parse_iso8601_timezone (const gchar *text, gsize length, size_t *tz_offset) - { -- gint i, tz_length, offset_hours, offset_minutes; -+ size_t tz_length; -+ gint i, offset_hours, offset_minutes; - gint offset_sign = 1; - GTimeZone *tz; - --- -GitLab - - -From 804a3957720449dcfac601da96bd5f5db2b71ef1 Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Tue, 18 Feb 2025 17:07:24 +0000 -Subject: [PATCH 4/6] gdatetime: Factor out some string pointer arithmetic -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Makes the following code a little clearer, but doesn’t introduce any -functional changes. - -Signed-off-by: Philip Withnall ---- - glib/gdatetime.c | 18 ++++++++++-------- - 1 file changed, 10 insertions(+), 8 deletions(-) - -diff --git a/glib/gdatetime.c b/glib/gdatetime.c -index 6335bcbe2d..de5dd7af06 100644 ---- a/glib/gdatetime.c -+++ b/glib/gdatetime.c -@@ -1402,6 +1402,7 @@ parse_iso8601_timezone (const gchar *text, gsize length, size_t *tz_offset) - gint i, offset_hours, offset_minutes; - gint offset_sign = 1; - GTimeZone *tz; -+ const char *tz_start; - - /* UTC uses Z suffix */ - if (length > 0 && text[length - 1] == 'Z') -@@ -1419,34 +1420,35 @@ parse_iso8601_timezone (const gchar *text, gsize length, size_t *tz_offset) - } - if (i < 0) - return NULL; -+ tz_start = text + i; - tz_length = length - i; - - /* +hh:mm or -hh:mm */ -- if (tz_length == 6 && text[i+3] == ':') -+ if (tz_length == 6 && tz_start[3] == ':') - { -- if (!get_iso8601_int (text + i + 1, 2, &offset_hours) || -- !get_iso8601_int (text + i + 4, 2, &offset_minutes)) -+ if (!get_iso8601_int (tz_start + 1, 2, &offset_hours) || -+ !get_iso8601_int (tz_start + 4, 2, &offset_minutes)) - return NULL; - } - /* +hhmm or -hhmm */ - else if (tz_length == 5) - { -- if (!get_iso8601_int (text + i + 1, 2, &offset_hours) || -- !get_iso8601_int (text + i + 3, 2, &offset_minutes)) -+ if (!get_iso8601_int (tz_start + 1, 2, &offset_hours) || -+ !get_iso8601_int (tz_start + 3, 2, &offset_minutes)) - return NULL; - } - /* +hh or -hh */ - else if (tz_length == 3) - { -- if (!get_iso8601_int (text + i + 1, 2, &offset_hours)) -+ if (!get_iso8601_int (tz_start + 1, 2, &offset_hours)) - return NULL; - offset_minutes = 0; - } - else - return NULL; - -- *tz_offset = i; -- tz = g_time_zone_new_identifier (text + i); -+ *tz_offset = tz_start - text; -+ tz = g_time_zone_new_identifier (tz_start); - - /* Double-check that the GTimeZone matches our interpretation of the timezone. - * This can fail because our interpretation is less strict than (for example) --- -GitLab - - -From 4c56ff80344e0d8796eb2307091f7b24ec198aa9 Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Tue, 18 Feb 2025 17:28:33 +0000 -Subject: [PATCH 5/6] gdatetime: Factor out an undersized variable - -For long input strings, it would have been possible for `i` to overflow. -Avoid that problem by using the `tz_length` instead, so that we count up -rather than down. - -This commit introduces no functional changes (outside of changing -undefined behaviour), and can be verified using the identity -`i === length - tz_length`. - -Signed-off-by: Philip Withnall ---- - glib/gdatetime.c | 13 ++++++------- - 1 file changed, 6 insertions(+), 7 deletions(-) - -diff --git a/glib/gdatetime.c b/glib/gdatetime.c -index de5dd7af06..2f8c864a1f 100644 ---- a/glib/gdatetime.c -+++ b/glib/gdatetime.c -@@ -1399,7 +1399,7 @@ static GTimeZone * - parse_iso8601_timezone (const gchar *text, gsize length, size_t *tz_offset) - { - size_t tz_length; -- gint i, offset_hours, offset_minutes; -+ gint offset_hours, offset_minutes; - gint offset_sign = 1; - GTimeZone *tz; - const char *tz_start; -@@ -1412,16 +1412,15 @@ parse_iso8601_timezone (const gchar *text, gsize length, size_t *tz_offset) - } - - /* Look for '+' or '-' of offset */ -- for (i = length - 1; i >= 0; i--) -- if (text[i] == '+' || text[i] == '-') -+ for (tz_length = 1; tz_length <= length; tz_length++) -+ if (text[length - tz_length] == '+' || text[length - tz_length] == '-') - { -- offset_sign = text[i] == '-' ? -1 : 1; -+ offset_sign = text[length - tz_length] == '-' ? -1 : 1; - break; - } -- if (i < 0) -+ if (tz_length > length) - return NULL; -- tz_start = text + i; -- tz_length = length - i; -+ tz_start = text + length - tz_length; - - /* +hh:mm or -hh:mm */ - if (tz_length == 6 && tz_start[3] == ':') --- -GitLab - - -From 7f6d81130ec05406a8820bc753ed03859e88daea Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Tue, 18 Feb 2025 18:20:56 +0000 -Subject: [PATCH 6/6] tests: Add some missing GDateTime ISO8601 parsing tests -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This improves test coverage, adding coverage for some lines which I -spotted were not covered while testing the preceding commits. - -It doesn’t directly test the preceding commits, though. - -Signed-off-by: Philip Withnall ---- - glib/tests/gdatetime.c | 17 +++++++++++++++++ - 1 file changed, 17 insertions(+) - -diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c -index 9e1acd097b..94dd028a3a 100644 ---- a/glib/tests/gdatetime.c -+++ b/glib/tests/gdatetime.c -@@ -866,6 +866,23 @@ test_GDateTime_new_from_iso8601 (void) - * NaN */ - dt = g_date_time_new_from_iso8601 ("0005306 000001,666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666600080000-00", NULL); - g_assert_null (dt); -+ -+ /* Various invalid timezone offsets which look like they could be in -+ * `+hh:mm`, `-hh:mm`, `+hhmm`, `-hhmm`, `+hh` or `-hh` format */ -+ dt = g_date_time_new_from_iso8601 ("2025-02-18T18:14:00+01:xx", NULL); -+ g_assert_null (dt); -+ dt = g_date_time_new_from_iso8601 ("2025-02-18T18:14:00+xx:00", NULL); -+ g_assert_null (dt); -+ dt = g_date_time_new_from_iso8601 ("2025-02-18T18:14:00+xx:xx", NULL); -+ g_assert_null (dt); -+ dt = g_date_time_new_from_iso8601 ("2025-02-18T18:14:00+01xx", NULL); -+ g_assert_null (dt); -+ dt = g_date_time_new_from_iso8601 ("2025-02-18T18:14:00+xx00", NULL); -+ g_assert_null (dt); -+ dt = g_date_time_new_from_iso8601 ("2025-02-18T18:14:00+xxxx", NULL); -+ g_assert_null (dt); -+ dt = g_date_time_new_from_iso8601 ("2025-02-18T18:14:00+xx", NULL); -+ g_assert_null (dt); - } - - typedef struct { --- -GitLab - diff --git a/backport-CVE-2025-4056.patch b/backport-CVE-2025-4056.patch deleted file mode 100644 index 3459a0332764480d631ad343363a270b0d1955f0..0000000000000000000000000000000000000000 --- a/backport-CVE-2025-4056.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 3d9cc103308bc50938b65acb9814850208133112 Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Sun, 30 Mar 2025 21:49:05 +0100 -Subject: [PATCH] gspawn-win32: Fix potential integer overflows in argv - handling - -This can happen if a user passes a ludicrously long string to argv. - -Spotted by chamalsl as #YWH-PGM9867-48. - -Signed-off-by: Philip Withnall ---- - glib/gspawn-win32-helper.c | 4 ++-- - glib/gspawn-win32.c | 4 ++-- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/glib/gspawn-win32-helper.c b/glib/gspawn-win32-helper.c -index 35b25905cb..0dc56c0eec 100644 ---- a/glib/gspawn-win32-helper.c -+++ b/glib/gspawn-win32-helper.c -@@ -80,8 +80,8 @@ protect_wargv (gint argc, - { - wchar_t *p = wargv[i]; - wchar_t *q; -- gint len = 0; -- gint pre_bslash = 0; -+ size_t len = 0; -+ size_t pre_bslash = 0; - gboolean need_dblquotes = FALSE; - while (*p) - { -diff --git a/glib/gspawn-win32.c b/glib/gspawn-win32.c -index 96b8bafee6..3a9a308680 100644 ---- a/glib/gspawn-win32.c -+++ b/glib/gspawn-win32.c -@@ -253,8 +253,8 @@ protect_argv_string (const gchar *string) - { - const gchar *p = string; - gchar *retval, *q; -- gint len = 0; -- gint pre_bslash = 0; -+ size_t len = 0; -+ size_t pre_bslash = 0; - gboolean need_dblquotes = FALSE; - while (*p) - { --- -GitLab - diff --git a/backport-CVE-2025-4373.patch b/backport-CVE-2025-4373.patch deleted file mode 100644 index f9b1081f7d1b8a1954e175d34ecb531f6a5f87dd..0000000000000000000000000000000000000000 --- a/backport-CVE-2025-4373.patch +++ /dev/null @@ -1,146 +0,0 @@ -From a47dc889463d73dd47ad428ac217e3d84f28e242 Mon Sep 17 00:00:00 2001 -From: Michael Catanzaro -Date: Mon, 28 Apr 2025 16:03:08 +0000 -Subject: [PATCH 1/2] gstring: carefully handle gssize parameters - -Wherever we use gssize to allow passing -1, we need to ensure we don't -overflow the value by assigning a gsize to it without checking if the -size exceeds the maximum gssize. The safest way to do this is to just -use normal gsize everywhere instead and use gssize only for the -parameter. - -Our computers don't have enough RAM to write tests for this. I tried -forcing string->len to high values for test purposes, but this isn't -valid and will just cause out of bounds reads/writes due to -string->allocated_len being unexpectedly small, so I don't think we can -test this easily. - - -(cherry picked from commit cc647f9e46d55509a93498af19659baf9c80f2e3) - -Co-authored-by: Michael Catanzaro ---- - glib/gstring.c | 36 +++++++++++++++++++++++------------- - 1 file changed, 23 insertions(+), 13 deletions(-) - -diff --git a/glib/gstring.c b/glib/gstring.c -index 5279ed3cca..d79a4849c0 100644 ---- a/glib/gstring.c -+++ b/glib/gstring.c -@@ -480,8 +480,9 @@ g_string_insert_len (GString *string, - return string; - - if (len < 0) -- len = strlen (val); -- len_unsigned = len; -+ len_unsigned = strlen (val); -+ else -+ len_unsigned = len; - - if (pos < 0) - pos_unsigned = string->len; -@@ -778,10 +779,12 @@ g_string_insert_c (GString *string, - g_string_maybe_expand (string, 1); - - if (pos < 0) -- pos = string->len; -+ pos_unsigned = string->len; - else -- g_return_val_if_fail ((gsize) pos <= string->len, string); -- pos_unsigned = pos; -+ { -+ pos_unsigned = pos; -+ g_return_val_if_fail (pos_unsigned <= string->len, string); -+ } - - /* If not just an append, move the old stuff */ - if (pos_unsigned < string->len) -@@ -814,6 +817,7 @@ g_string_insert_unichar (GString *string, - gssize pos, - gunichar wc) - { -+ gsize pos_unsigned; - gint charlen, first, i; - gchar *dest; - -@@ -855,15 +859,18 @@ g_string_insert_unichar (GString *string, - g_string_maybe_expand (string, charlen); - - if (pos < 0) -- pos = string->len; -+ pos_unsigned = string->len; - else -- g_return_val_if_fail ((gsize) pos <= string->len, string); -+ { -+ pos_unsigned = pos; -+ g_return_val_if_fail (pos_unsigned <= string->len, string); -+ } - - /* If not just an append, move the old stuff */ -- if ((gsize) pos < string->len) -- memmove (string->str + pos + charlen, string->str + pos, string->len - pos); -+ if (pos_unsigned < string->len) -+ memmove (string->str + pos_unsigned + charlen, string->str + pos_unsigned, string->len - pos_unsigned); - -- dest = string->str + pos; -+ dest = string->str + pos_unsigned; - /* Code copied from g_unichar_to_utf() */ - for (i = charlen - 1; i > 0; --i) - { -@@ -921,6 +928,7 @@ g_string_overwrite_len (GString *string, - const gchar *val, - gssize len) - { -+ gssize len_unsigned; - gsize end; - - g_return_val_if_fail (string != NULL, NULL); -@@ -932,14 +940,16 @@ g_string_overwrite_len (GString *string, - g_return_val_if_fail (pos <= string->len, string); - - if (len < 0) -- len = strlen (val); -+ len_unsigned = strlen (val); -+ else -+ len_unsigned = len; - -- end = pos + len; -+ end = pos + len_unsigned; - - if (end > string->len) - g_string_maybe_expand (string, end - string->len); - -- memcpy (string->str + pos, val, len); -+ memcpy (string->str + pos, val, len_unsigned); - - if (end > string->len) - { --- -GitLab - - -From f32f4aea514e39086a2627e9483d841c9eeb9bc3 Mon Sep 17 00:00:00 2001 -From: Peter Bloomfield -Date: Fri, 11 Apr 2025 05:52:33 +0000 -Subject: [PATCH 2/2] gstring: Make len_unsigned unsigned - ---- - glib/gstring.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/glib/gstring.c b/glib/gstring.c -index d79a4849c0..2a399ee21f 100644 ---- a/glib/gstring.c -+++ b/glib/gstring.c -@@ -928,7 +928,7 @@ g_string_overwrite_len (GString *string, - const gchar *val, - gssize len) - { -- gssize len_unsigned; -+ gsize len_unsigned; - gsize end; - - g_return_val_if_fail (string != NULL, NULL); --- -GitLab - diff --git a/backport-gutils-Fix-an-unlikely-minor-leak-in-g_build_user_data_dir.patch b/backport-gutils-Fix-an-unlikely-minor-leak-in-g_build_user_data_dir.patch deleted file mode 100644 index 9a3fc8ec5126016dcd26c58f0b970617ceed06de..0000000000000000000000000000000000000000 --- a/backport-gutils-Fix-an-unlikely-minor-leak-in-g_build_user_data_dir.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 1a979ab4947fc259af01ea65263aaa4d417553fb Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Tue, 14 Nov 2023 11:00:21 +0000 -Subject: [PATCH] gutils: Fix an unlikely minor leak in g_build_user_data_dir() - -A leak can happen if the `data_dir` is the empty string. - -See https://gitlab.gnome.org/GNOME/glib/-/jobs/3294034 - -Conflict:NA -Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/1a979ab4947fc259af01ea65263aaa4d417553fb - -Signed-off-by: Philip Withnall ---- - glib/gutils.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/glib/gutils.c b/glib/gutils.c -index dfe115843e..ffc7d750c7 100644 ---- a/glib/gutils.c -+++ b/glib/gutils.c -@@ -1883,6 +1883,7 @@ g_build_user_data_dir (void) - if (!data_dir || !data_dir[0]) - { - gchar *home_dir = g_build_home_dir (); -+ g_free (data_dir); - data_dir = g_build_filename (home_dir, ".local", "share", NULL); - g_free (home_dir); - } --- -GitLab \ No newline at end of file diff --git a/glib-2.78.6.tar.xz b/glib-2.78.6.tar.xz deleted file mode 100644 index 316902edbe8954423e663ba627e4a6b88e1b627c..0000000000000000000000000000000000000000 Binary files a/glib-2.78.6.tar.xz and /dev/null differ diff --git a/glib-2.84.2.tar.xz b/glib-2.84.2.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..9ea9f31ed4198ee7b50cab3aa1369e01f45ed82b --- /dev/null +++ b/glib-2.84.2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:88e960dd937057407d61fcb3b45a860704b25923c37ae2478b85f2ecb5a4021f +size 5617588 diff --git a/glib2.spec b/glib2.spec index c3cc6db2e88db6a2158a440d68a0fb7870e8fd05..3dc58dc817c39b7792827c4c4a3a88bdf9d18222 100644 --- a/glib2.spec +++ b/glib2.spec @@ -1,24 +1,21 @@ +%bcond_with introspection + Name: glib2 -Version: 2.78.6 -Release: 6 +Version: 2.84.2 +Release: 1 Summary: The core library that forms the basis for projects such as GTK+ and GNOME License: LGPL-2.1-or-later URL: https://www.gtk.org -Source0: https://download.gnome.org/sources/glib/2.78/glib-%{version}.tar.xz +Source0: https://download.gnome.org/sources/glib/2.84/glib-%{version}.tar.xz Patch1: gspawn-eperm.patch -Patch2: backport-gutils-Fix-an-unlikely-minor-leak-in-g_build_user_data_dir.patch Patch3: gio-fix-filesystem-type-ext-err.patch Patch4: Correct-translation-information.patch -Patch6000: backport-CVE-2024-52533.patch -Patch6001: backport-CVE-2025-4056.patch -Patch6002: backport-CVE-2025-3360.patch -Patch6003: backport-CVE-2025-4373.patch - BuildRequires: gcc gettext -BuildRequires: meson >= 0.60.0 +BuildRequires: meson >= 1.4.0 BuildRequires: pkgconfig(bash-completion) >= 2.0 +BuildRequires: pkgconfig(gi-docgen) >= 2024.1 BuildRequires: pkgconfig(libelf) >= 0.8.12 BuildRequires: pkgconfig(libffi) >= 3.0.0 BuildRequires: pkgconfig(libpcre2-8) >= 10.32 @@ -27,10 +24,14 @@ BuildRequires: pkgconfig(mount) >= 2.23 BuildRequires: pkgconfig(zlib) BuildRequires: libattr-devel BuildRequires: python3-devel -BuildRequires: gtk-doc +BuildRequires: /usr/bin/rst2man BuildRequires: desktop-file-utils BuildRequires: shared-mime-info BuildRequires: chrpath +%if %{with introspection} +BuildRequires: /usr/bin/g-ir-scanner +BuildRequires: pkgconfig(gobject-introspection-1.0) >= 1.80.0 +%endif Provides: %{name}-fam = %{version}-%{release} Obsoletes: %{name}-fam < %{version}-%{release} @@ -43,6 +44,10 @@ Provides: bundled(gvdb) Provides: bundled(libcharset) Provides: bundled(xdgmime) +%if %{with introspection} +Conflicts: gobject-introspection < 1.79.1 +%endif + %description GLib is a bundle of three (formerly five) low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated @@ -53,6 +58,9 @@ developed in parallel ever since. Summary: Development files for the GLib library Requires: %{name} = %{version}-%{release} Requires: gdb-headless +%if %{with introspection} +Conflicts: gobject-introspection-devel < 1.79.1 +%endif %description devel Development files for the GLib library. @@ -90,10 +98,15 @@ help document for the glib2 package. %autosetup -n glib-%{version} -p1 %build -%meson --default-library=both -Ddtrace=true \ - -Dman=true -Dgtk_doc=true \ - -Dsystemtap=true -Dinstalled_tests=true \ - -Dglib_debug=disabled -Dsysprof=disabled +%meson --default-library=both -Ddtrace=enabled \ +%if %{with introspection} + -Dintrospection=enabled \ +%else + -Dintrospection=disabled \ +%endif + -Dman-pages=enabled -Ddocumentation=true \ + -Dsystemtap=enabled -Dinstalled_tests=true \ + -Dglib_debug=enabled -Dsysprof=disabled %meson_build find . -name *.dtrace-temp.c -exec rm -f {} \; @@ -138,6 +151,16 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %doc NEWS %license LICENSES/LGPL-2.1-or-later.txt %{_libdir}/*.so.* +%if %{with introspection} +%dir %{_libdir}/girepository-1.0 +%{_libdir}/girepository-1.0/GIRepository-3.0.typelib +%{_libdir}/girepository-1.0/GLib-2.0.typelib +%{_libdir}/girepository-1.0/GLibUnix-2.0.typelib +%{_libdir}/girepository-1.0/GModule-2.0.typelib +%{_libdir}/girepository-1.0/GObject-2.0.typelib +%{_libdir}/girepository-1.0/Gio-2.0.typelib +%{_libdir}/girepository-1.0/GioUnix-2.0.typelib +%endif %dir %{_libdir}/gio %ghost %{_libdir}/gio/modules/giomodule.cache @@ -174,12 +197,25 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %{_bindir}/glib-genmarshal %{_bindir}/glib-gettextize %{_bindir}/glib-mkenums +%{_bindir}/gi-compile-repository +%{_bindir}/gi-decompile-typelib +%{_bindir}/gi-inspect-typelib %{_bindir}/gobject-query %{_bindir}/gtester %{_bindir}/gdbus-codegen %{_bindir}/glib-compile-resources %{_bindir}/gresource %attr (0755, root, root) %{_bindir}/gtester-report +%if %{with introspection} +%dir %{_datadir}/gir-1.0 +%{_datadir}/gir-1.0/GIRepository-3.0.gir +%{_datadir}/gir-1.0/GLib-2.0.gir +%{_datadir}/gir-1.0/GLibUnix-2.0.gir +%{_datadir}/gir-1.0/GModule-2.0.gir +%{_datadir}/gir-1.0/GObject-2.0.gir +%{_datadir}/gir-1.0/Gio-2.0.gir +%{_datadir}/gir-1.0/GioUnix-2.0.gir +%endif %files static %{_libdir}/*.a @@ -194,9 +230,12 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %files help %{_mandir}/man1/* -%doc %{_datadir}/gtk-doc/html/* +%{_docdir}/g*-2.0 %changelog +* Fri Jun 06 2025 Funda Wang - 2.84.2-1 +- update to version 2.84.2 + * Sat May 10 2025 Funda Wang - 2.78.6-6 - fix CVE-2025-3360, CVE-2025-4373 - fix symlink of COYPING diff --git a/gspawn-eperm.patch b/gspawn-eperm.patch index 0fa6bf3a5c2a0b75f4d0c9f093b541b243182a87..0fb9cc91cc0d50734102ff1fa42dcf61a63dca0d 100644 --- a/gspawn-eperm.patch +++ b/gspawn-eperm.patch @@ -1,7 +1,7 @@ -diff --git a/glib/gspawn.c b/glib/gspawn.c +diff --git a/glib/glib-unix.c b/glib/glib-unix.c index 67be6a6af..aaefd5b0d 100644 ---- a/glib/gspawn.c -+++ b/glib/gspawn.c +--- a/glib/glib-unix.c ++++ b/glib/glib-unix.c @@ -1598,9 +1598,18 @@ safe_fdwalk_set_cloexec (int lowfd) * * Handle ENOSYS in case it’s supported in libc but not the kernel; if so,