diff --git a/backport-gtk+-3.24-CVE-2024-6655.patch b/backport-gtk+-3.24-CVE-2024-6655.patch deleted file mode 100644 index 1c53342f07547a57b62e28516b605363f8304c56..0000000000000000000000000000000000000000 --- a/backport-gtk+-3.24-CVE-2024-6655.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 3bbf0b6176d42836d23c36a6ac410e807ec0a7a7 Mon Sep 17 00:00:00 2001 -From: Matthias Clasen -Date: Sat, 15 Jun 2024 14:18:01 -0400 -Subject: [PATCH] Stop looking for modules in cwd - -This is just not a good idea. It is surprising, and can be misused. - -Fixes: #6786 ---- - gtk/gtkmodules.c | 9 ++------- - 1 file changed, 2 insertions(+), 7 deletions(-) - -diff --git a/gtk/gtkmodules.c b/gtk/gtkmodules.c -index 704e412aeb5..f93101c272e 100644 ---- a/gtk/gtkmodules.c -+++ b/gtk/gtkmodules.c -@@ -214,13 +214,8 @@ find_module (const gchar *name) - gchar *module_name; - - module_name = _gtk_find_module (name, "modules"); -- if (!module_name) -- { -- /* As last resort, try loading without an absolute path (using system -- * library path) -- */ -- module_name = g_module_build_path (NULL, name); -- } -+ if (module_name == NULL) -+ return NULL; - - module = g_module_open (module_name, G_MODULE_BIND_LOCAL | G_MODULE_BIND_LAZY); - --- -GitLab - diff --git a/gtk+-3.24.41.tar.xz b/gtk+-3.24.43.tar.xz similarity index 60% rename from gtk+-3.24.41.tar.xz rename to gtk+-3.24.43.tar.xz index 7bcc48c1d204a1709db7d88965bb7de45eaf4f8f..1f8d8e39de8c5da48ae6de554f35fe75cea99545 100644 Binary files a/gtk+-3.24.41.tar.xz and b/gtk+-3.24.43.tar.xz differ diff --git a/gtk3.spec b/gtk3.spec index 9b1fb1ebca44d23f7e56912d70e27cd2d43e8ca7..70d255f44eac4a30356ed19650f5e51811e4b22a 100644 --- a/gtk3.spec +++ b/gtk3.spec @@ -1,27 +1,26 @@ #Global macro or variable -%define atk_version 2.15.1 -%define glib2_version 2.49.4 +%define atk_version 2.35.1 +%define glib2_version 2.57.2 %define cairo_version 1.14.0 %define pango_version 1.41.0 %define gdk_pixbuf_version 2.30.0 %define epoxy_version 1.4 -%define wayland_version 1.9.91 -%define wayland_protocols_version 1.12 +%define wayland_version 1.14.91 +%define wayland_protocols_version 1.17 %define bin_version 3.0.0 %define enable_immodules_package 0 %global __provides_exclude_from %{_libdir}/gtk-3.0 #Basic Information Name: gtk3 -Version: 3.24.41 -Release: 2 +Version: 3.24.43 +Release: 1 Summary: GTK+ graphical user interface library -License: LGPLv2+ +License: LGPL-2.0-or-later URL: https://www.gtk.org Source0: https://download.gnome.org/sources/gtk+/3.24/gtk+-%{version}.tar.xz Patch0: 0001-Let-the-notification-icon-use-the-size-specified-by-.patch -Patch1: backport-gtk+-3.24-CVE-2024-6655.patch #Dependency BuildRequires: pkgconfig(atk) >= %{atk_version} pkgconfig(atk-bridge-2.0) @@ -158,15 +157,6 @@ gtk-query-immodules-3.0-64 --update-cache &>/dev/null || : %transfiletriggerpostun -- %{_libdir}/gtk-3.0/3.0.0/immodules gtk-query-immodules-3.0-64 --update-cache &>/dev/null || : -#Install and uninstall scripts -%pre - -%preun - -%post - -%postun - #Files list %files -f gtk30.lang %license COPYING @@ -265,6 +255,9 @@ gtk-query-immodules-3.0-64 --update-cache &>/dev/null || : %{_mandir}/man1/gtk3-widget-factory.1* %changelog +* Thu Jul 25 2024 Funda Wang - 3.24.43-1 +- update to 3.24.43 + * Thu Jul 11 2024 Funda Wang - 3.24.41-2 - Fix CVE-2024-6655: Library injection from CWD