diff --git a/backport-gutils-Fix-an-unlikely-minor-leak-in-g_build_user_data_dir.patch b/backport-gutils-Fix-an-unlikely-minor-leak-in-g_build_user_data_dir.patch deleted file mode 100644 index 9a3fc8ec5126016dcd26c58f0b970617ceed06de..0000000000000000000000000000000000000000 --- a/backport-gutils-Fix-an-unlikely-minor-leak-in-g_build_user_data_dir.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 1a979ab4947fc259af01ea65263aaa4d417553fb Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Tue, 14 Nov 2023 11:00:21 +0000 -Subject: [PATCH] gutils: Fix an unlikely minor leak in g_build_user_data_dir() - -A leak can happen if the `data_dir` is the empty string. - -See https://gitlab.gnome.org/GNOME/glib/-/jobs/3294034 - -Conflict:NA -Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/1a979ab4947fc259af01ea65263aaa4d417553fb - -Signed-off-by: Philip Withnall ---- - glib/gutils.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/glib/gutils.c b/glib/gutils.c -index dfe115843e..ffc7d750c7 100644 ---- a/glib/gutils.c -+++ b/glib/gutils.c -@@ -1883,6 +1883,7 @@ g_build_user_data_dir (void) - if (!data_dir || !data_dir[0]) - { - gchar *home_dir = g_build_home_dir (); -+ g_free (data_dir); - data_dir = g_build_filename (home_dir, ".local", "share", NULL); - g_free (home_dir); - } --- -GitLab \ No newline at end of file diff --git a/glib-2.78.6.tar.xz b/glib-2.79.1.tar.xz similarity index 42% rename from glib-2.78.6.tar.xz rename to glib-2.79.1.tar.xz index 316902edbe8954423e663ba627e4a6b88e1b627c..be4124db9292952e9f15a1878b3cf7f1ca581a7d 100644 Binary files a/glib-2.78.6.tar.xz and b/glib-2.79.1.tar.xz differ diff --git a/glib2.spec b/glib2.spec index c3cc6db2e88db6a2158a440d68a0fb7870e8fd05..d0f63b53b5568b2c7b0789262b91fe5a63ee53c8 100644 --- a/glib2.spec +++ b/glib2.spec @@ -1,13 +1,11 @@ Name: glib2 -Version: 2.78.6 -Release: 6 +Version: 2.79.1 +Release: 1 Summary: The core library that forms the basis for projects such as GTK+ and GNOME License: LGPL-2.1-or-later URL: https://www.gtk.org -Source0: https://download.gnome.org/sources/glib/2.78/glib-%{version}.tar.xz +Source0: https://download.gnome.org/sources/glib/2.79/glib-%{version}.tar.xz -Patch1: gspawn-eperm.patch -Patch2: backport-gutils-Fix-an-unlikely-minor-leak-in-g_build_user_data_dir.patch Patch3: gio-fix-filesystem-type-ext-err.patch Patch4: Correct-translation-information.patch @@ -25,18 +23,21 @@ BuildRequires: pkgconfig(libpcre2-8) >= 10.32 BuildRequires: pkgconfig(libselinux) >= 2.2 BuildRequires: pkgconfig(mount) >= 2.23 BuildRequires: pkgconfig(zlib) +BuildRequires: pkgconfig(gi-docgen) BuildRequires: libattr-devel BuildRequires: python3-devel -BuildRequires: gtk-doc BuildRequires: desktop-file-utils BuildRequires: shared-mime-info BuildRequires: chrpath +BuildRequires: /usr/bin/g-ir-scanner +BuildRequires: /usr/bin/rst2man Provides: %{name}-fam = %{version}-%{release} Obsoletes: %{name}-fam < %{version}-%{release} Recommends: shared-mime-info Conflicts: gcr < 3.28.1 +Conflicts: gobject-introspection-devel < 1.79.1 Provides: bundled(gnulib) Provides: bundled(gvdb) @@ -53,6 +54,7 @@ developed in parallel ever since. Summary: Development files for the GLib library Requires: %{name} = %{version}-%{release} Requires: gdb-headless +Conflicts: gobject-introspection-devel < 1.79.1 %description devel Development files for the GLib library. @@ -95,7 +97,7 @@ help document for the glib2 package. -Dsystemtap=true -Dinstalled_tests=true \ -Dglib_debug=disabled -Dsysprof=disabled -%meson_build +%meson_build -j 4 find . -name *.dtrace-temp.c -exec rm -f {} \; %install @@ -160,6 +162,13 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %{_libdir}/lib*.so %{_libdir}/glib-2.0 %{_libdir}/pkgconfig/* +%{_libdir}/libgirepository-2.0.so.0* +%dir %{_libdir}/girepository-1.0 +%{_libdir}/girepository-1.0/GIRepository-3.0.typelib +%{_libdir}/girepository-1.0/GLib-2.0.typelib +%{_libdir}/girepository-1.0/GModule-2.0.typelib +%{_libdir}/girepository-1.0/GObject-2.0.typelib +%{_libdir}/girepository-1.0/Gio-2.0.typelib %{_includedir}/* %{_libexecdir}/gio-launch-desktop @@ -171,6 +180,13 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %{_datadir}/gettext/* %{_datadir}/systemtap/* +%dir %{_datadir}/gir-1.0 +%{_datadir}/gir-1.0/GIRepository-3.0.gir +%{_datadir}/gir-1.0/GLib-2.0.gir +%{_datadir}/gir-1.0/GModule-2.0.gir +%{_datadir}/gir-1.0/GObject-2.0.gir +%{_datadir}/gir-1.0/Gio-2.0.gir + %{_bindir}/glib-genmarshal %{_bindir}/glib-gettextize %{_bindir}/glib-mkenums @@ -194,9 +210,12 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %files help %{_mandir}/man1/* -%doc %{_datadir}/gtk-doc/html/* +%doc %{_datadir}/doc/glib-2.0/* %changelog +* Fri Jun 6 2025 Dongxing Wang - 2.79.1-1 +- Update package to version 2.79.1 + * Sat May 10 2025 Funda Wang - 2.78.6-6 - fix CVE-2025-3360, CVE-2025-4373 - fix symlink of COYPING diff --git a/gspawn-eperm.patch b/gspawn-eperm.patch deleted file mode 100644 index 0fa6bf3a5c2a0b75f4d0c9f093b541b243182a87..0000000000000000000000000000000000000000 --- a/gspawn-eperm.patch +++ /dev/null @@ -1,43 +0,0 @@ -diff --git a/glib/gspawn.c b/glib/gspawn.c -index 67be6a6af..aaefd5b0d 100644 ---- a/glib/gspawn.c -+++ b/glib/gspawn.c -@@ -1598,9 +1598,18 @@ safe_fdwalk_set_cloexec (int lowfd) - * - * Handle ENOSYS in case it’s supported in libc but not the kernel; if so, - * fall back to safe_fdwalk(). Handle EINVAL in case `CLOSE_RANGE_CLOEXEC` -- * is not supported. */ -+ * is not supported. -+ * -+ * Also handle EPERM for the cases where GLib is running under broken versions -+ * of Docker+libseccomp which don’t recognise `close_range()` so block calls -+ * to it under a default security policy which returns EPERM rather than (the -+ * correct) ENOSYS. This workaround should be carried in distributions until -+ * they have versions of libseccomp and Docker which contain: -+ * - https://salsa.debian.org/debian/libseccomp/-/blob/debian/bullseye/debian/patches/syscalls_add_close_range_syscall.patch -+ * - https://github.com/opencontainers/runc/issues/2151 -+ */ - ret = close_range (lowfd, G_MAXUINT, CLOSE_RANGE_CLOEXEC); -- if (ret == 0 || !(errno == ENOSYS || errno == EINVAL)) -+ if (ret == 0 || !(errno == ENOSYS || errno == EINVAL || errno == EPERM)) - return ret; - #endif /* HAVE_CLOSE_RANGE */ - -@@ -1624,9 +1633,15 @@ safe_closefrom (int lowfd) - * situations: https://bugs.python.org/issue38061 - * - * Handle ENOSYS in case it’s supported in libc but not the kernel; if so, -- * fall back to safe_fdwalk(). */ -+ * fall back to safe_fdwalk(). -+ * -+ * Also handle EPERM for the cases where GLib is running under broken versions -+ * of Docker+libseccomp which don’t recognise `close_range()` so block calls -+ * to it under a default security policy which returns EPERM rather than (the -+ * correct) ENOSYS. -+ */ - ret = close_range (lowfd, G_MAXUINT, 0); -- if (ret == 0 || errno != ENOSYS) -+ if (ret == 0 || !(errno == ENOSYS || errno == EPERM)) - return ret; - #endif /* HAVE_CLOSE_RANGE */ -