Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package glib2 for openSUSE:Factory checked in at 2021-02-11 12:45:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/glib2 (Old) and /work/SRC/openSUSE:Factory/.glib2.new.28504 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "glib2" Thu Feb 11 12:45:49 2021 rev:232 rq:870248 version:2.66.6 Changes: -------- --- /work/SRC/openSUSE:Factory/glib2/glib2.changes 2020-12-21 10:23:02.591960745 +0100 +++ /work/SRC/openSUSE:Factory/.glib2.new.28504/glib2.changes 2021-02-11 12:46:08.157379555 +0100 @@ -1,0 +2,38 @@ +Fri Feb 5 10:59:15 UTC 2021 - Bj??rn Lie <[email protected]> + +- Update to version 2.66.6: + + Fix various instances within GLib where `g_memdup()` was + vulnerable to a silent integer truncation and heap overflow + problem (glgo#GNOME/GLib#2319). + +------------------------------------------------------------------- +Wed Feb 3 18:52:30 UTC 2021 - Bj??rn Lie <[email protected]> + +- Update to version 2.66.5: + + Fix some issues with handling over-long (invalid) input when + parsing for `GDate`. + + Don???t load GIO modules or parse other GIO environment variables + when `AT_SECURE` is set (i.e. in a setuid/setgid/setcap + process). GIO has always been documented as not being safe to + use in privileged processes, but people persist in using it + unsafely, so these changes should harden things against + potential attacks at least a little. Unfortunately they break a + couple of projects which were relying on reading + `DBUS_SESSION_BUS_ADDRESS`, so GIO continues to read that for + setgid/setcap (but not setuid) processes. This loophole will be + closed in GLib 2.70 (see issue #2316), which should give + modules 6 months to change their behaviour. + + Fix `g_spawn()` searching `PATH` when it wasn???t meant to. + + Bugs fixed: bgo#2168, bgo#2210, bgo#2305, glgo#GNOME/GLib!1820, + glgo#GNOME/GLib!1824, glgo#GNOME/GLib!1831, + glgo#GNOME/GLib!1836, glgo#GNOME/GLib!1864, + glgo#GNOME/GLib!1872, glgo#GNOME/GLib!1913, + glgo#GNOME/GLib!1922. +- Rebase/refresh patches: + + glib2-dbus-socket-path.patch + + glib2-fate300461-gettext-gkeyfile-suse.patch + + glib2-gdbus-codegen-version.patch + + glib2-suppress-schema-deprecated-path-warning.patch + + glib2-bgo569829-gettext-gkeyfile.patch + +------------------------------------------------------------------- Old: ---- glib-2.66.4.tar.xz New: ---- glib-2.66.6.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ glib2.spec ++++++ --- /var/tmp/diff_new_pack.l37mx1/_old 2021-02-11 12:46:09.117380953 +0100 +++ /var/tmp/diff_new_pack.l37mx1/_new 2021-02-11 12:46:09.125380965 +0100 @@ -1,7 +1,7 @@ # # spec file for package glib2 # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %bcond_without systemtap %bcond_without gtk_doc Name: glib2 -Version: 2.66.4 +Version: 2.66.6 Release: 0 Summary: General-Purpose Utility Library License: LGPL-2.1-or-later ++++++ glib-2.66.4.tar.xz -> glib-2.66.6.tar.xz ++++++ ++++ 2478 lines of diff (skipped) ++++++ glib2-bgo569829-gettext-gkeyfile.patch ++++++ --- /var/tmp/diff_new_pack.l37mx1/_old 2021-02-11 12:46:11.117383865 +0100 +++ /var/tmp/diff_new_pack.l37mx1/_new 2021-02-11 12:46:11.121383871 +0100 @@ -1,7 +1,7 @@ -Index: glib-2.56.2/glib/gkeyfile.c +Index: glib-2.66.5/glib/gkeyfile.c =================================================================== ---- glib-2.56.2.orig/glib/gkeyfile.c 2018-03-12 17:23:37.000000000 +0100 -+++ glib-2.56.2/glib/gkeyfile.c 2018-08-17 10:53:47.314889363 +0200 +--- glib-2.66.5.orig/glib/gkeyfile.c ++++ glib-2.66.5/glib/gkeyfile.c @@ -511,6 +511,7 @@ struct _GKeyFile GKeyFileFlags flags; @@ -10,7 +10,7 @@ volatile gint ref_count; }; -@@ -635,6 +636,7 @@ g_key_file_init (GKeyFile *key_file) +@@ -636,6 +637,7 @@ g_key_file_init (GKeyFile *key_file) key_file->list_separator = ';'; key_file->flags = 0; key_file->locales = g_strdupv ((gchar **)g_get_language_names ()); @@ -18,7 +18,7 @@ } static void -@@ -654,6 +656,12 @@ g_key_file_clear (GKeyFile *key_file) +@@ -655,6 +657,12 @@ g_key_file_clear (GKeyFile *key_file) key_file->parse_buffer = NULL; } @@ -31,7 +31,7 @@ tmp = key_file->groups; while (tmp != NULL) { -@@ -873,6 +881,11 @@ g_key_file_load_from_fd (GKeyFile +@@ -874,6 +882,11 @@ g_key_file_load_from_fd (GKeyFile return FALSE; } @@ -43,7 +43,7 @@ return TRUE; } -@@ -985,6 +998,11 @@ g_key_file_load_from_data (GKeyFile +@@ -986,6 +999,11 @@ g_key_file_load_from_data (GKeyFile return FALSE; } @@ -55,7 +55,7 @@ return TRUE; } -@@ -2208,6 +2226,8 @@ g_key_file_get_locale_string (GKeyFile +@@ -2213,6 +2231,8 @@ g_key_file_get_locale_string (GKeyFile GError *key_file_error; gchar **languages; gboolean free_languages = FALSE; @@ -64,7 +64,7 @@ gint i; g_return_val_if_fail (key_file != NULL, NULL); -@@ -2229,6 +2249,23 @@ g_key_file_get_locale_string (GKeyFile +@@ -2234,6 +2254,23 @@ g_key_file_get_locale_string (GKeyFile free_languages = FALSE; } @@ -88,7 +88,7 @@ for (i = 0; languages[i]; i++) { candidate_key = g_strdup_printf ("%s[%s]", key, languages[i]); -@@ -2245,6 +2282,39 @@ g_key_file_get_locale_string (GKeyFile +@@ -2250,6 +2287,39 @@ g_key_file_get_locale_string (GKeyFile translated_value = NULL; } @@ -128,10 +128,10 @@ /* Fallback to untranslated key */ if (!translated_value) -Index: glib-2.56.2/glib/gkeyfile.h +Index: glib-2.66.5/glib/gkeyfile.h =================================================================== ---- glib-2.56.2.orig/glib/gkeyfile.h 2018-02-06 17:05:56.000000000 +0100 -+++ glib-2.56.2/glib/gkeyfile.h 2018-08-17 10:53:47.314889363 +0200 +--- glib-2.66.5.orig/glib/gkeyfile.h ++++ glib-2.66.5/glib/gkeyfile.h @@ -320,6 +320,7 @@ gboolean g_key_file_remove_group #define G_KEY_FILE_DESKTOP_KEY_URL "URL" #define G_KEY_FILE_DESKTOP_KEY_DBUS_ACTIVATABLE "DBusActivatable" ++++++ glib2-dbus-socket-path.patch ++++++ --- /var/tmp/diff_new_pack.l37mx1/_old 2021-02-11 12:46:11.145383906 +0100 +++ /var/tmp/diff_new_pack.l37mx1/_new 2021-02-11 12:46:11.149383912 +0100 @@ -1,9 +1,9 @@ -Index: glib-2.56.2/gio/gdbusaddress.c +Index: glib-2.66.5/gio/gdbusaddress.c =================================================================== ---- glib-2.56.2.orig/gio/gdbusaddress.c 2018-08-16 22:53:19.000000000 +0200 -+++ glib-2.56.2/gio/gdbusaddress.c 2018-08-17 10:46:31.564471587 +0200 -@@ -1628,7 +1628,7 @@ g_dbus_address_get_for_bus_sync (GBusTyp - ret = g_strdup (g_getenv ("DBUS_SYSTEM_BUS_ADDRESS")); +--- glib-2.66.5.orig/gio/gdbusaddress.c ++++ glib-2.66.5/gio/gdbusaddress.c +@@ -1331,7 +1331,7 @@ g_dbus_address_get_for_bus_sync (GBusTyp + if (ret == NULL) { - ret = g_strdup ("unix:path=/var/run/dbus/system_bus_socket"); ++++++ glib2-fate300461-gettext-gkeyfile-suse.patch ++++++ --- /var/tmp/diff_new_pack.l37mx1/_old 2021-02-11 12:46:11.165383935 +0100 +++ /var/tmp/diff_new_pack.l37mx1/_new 2021-02-11 12:46:11.165383935 +0100 @@ -1,7 +1,7 @@ -Index: glib-2.56.2/glib/gkeyfile.c +Index: glib-2.66.5/glib/gkeyfile.c =================================================================== ---- glib-2.56.2.orig/glib/gkeyfile.c 2018-08-17 10:53:47.314889363 +0200 -+++ glib-2.56.2/glib/gkeyfile.c 2018-08-17 10:53:47.330889591 +0200 +--- glib-2.66.5.orig/glib/gkeyfile.c ++++ glib-2.66.5/glib/gkeyfile.c @@ -512,6 +512,7 @@ struct _GKeyFile gchar **locales; @@ -10,7 +10,7 @@ volatile gint ref_count; }; -@@ -637,6 +638,7 @@ g_key_file_init (GKeyFile *key_file) +@@ -638,6 +639,7 @@ g_key_file_init (GKeyFile *key_file) key_file->flags = 0; key_file->locales = g_strdupv ((gchar **)g_get_language_names ()); key_file->gettext_domain = NULL; @@ -18,7 +18,7 @@ } static void -@@ -662,6 +664,12 @@ g_key_file_clear (GKeyFile *key_file) +@@ -663,6 +665,12 @@ g_key_file_clear (GKeyFile *key_file) key_file->gettext_domain = NULL; } @@ -31,7 +31,7 @@ tmp = key_file->groups; while (tmp != NULL) { -@@ -805,6 +813,39 @@ find_file_in_data_dirs (const gchar *f +@@ -806,6 +814,39 @@ find_file_in_data_dirs (const gchar *f return fd; } @@ -71,7 +71,7 @@ static gboolean g_key_file_load_from_fd (GKeyFile *key_file, gint fd, -@@ -886,6 +927,9 @@ g_key_file_load_from_fd (GKeyFile +@@ -887,6 +928,9 @@ g_key_file_load_from_fd (GKeyFile G_KEY_FILE_DESKTOP_KEY_GETTEXT_DOMAIN, NULL); @@ -81,7 +81,7 @@ return TRUE; } -@@ -942,6 +986,8 @@ g_key_file_load_from_file (GKeyFile +@@ -943,6 +987,8 @@ g_key_file_load_from_file (GKeyFile return FALSE; } @@ -90,7 +90,7 @@ return TRUE; } -@@ -1003,6 +1049,9 @@ g_key_file_load_from_data (GKeyFile +@@ -1004,6 +1050,9 @@ g_key_file_load_from_data (GKeyFile G_KEY_FILE_DESKTOP_KEY_GETTEXT_DOMAIN, NULL); @@ -100,7 +100,7 @@ return TRUE; } -@@ -1107,6 +1156,9 @@ g_key_file_load_from_dirs (GKeyFile +@@ -1108,6 +1157,9 @@ g_key_file_load_from_dirs (GKeyFile } } @@ -110,7 +110,7 @@ if (found_file && full_path) *full_path = output_path; else -@@ -2291,14 +2343,40 @@ g_key_file_get_locale_string (GKeyFile +@@ -2296,14 +2348,40 @@ g_key_file_get_locale_string (GKeyFile { gboolean codeset_set; const gchar *translated; @@ -156,10 +156,10 @@ g_free (orig_value); -Index: glib-2.56.2/glib/gkeyfile.h +Index: glib-2.66.5/glib/gkeyfile.h =================================================================== ---- glib-2.56.2.orig/glib/gkeyfile.h 2018-08-17 10:53:47.314889363 +0200 -+++ glib-2.56.2/glib/gkeyfile.h 2018-08-17 10:53:47.330889591 +0200 +--- glib-2.66.5.orig/glib/gkeyfile.h ++++ glib-2.66.5/glib/gkeyfile.h @@ -320,7 +320,7 @@ gboolean g_key_file_remove_group #define G_KEY_FILE_DESKTOP_KEY_URL "URL" #define G_KEY_FILE_DESKTOP_KEY_DBUS_ACTIVATABLE "DBusActivatable" ++++++ glib2-gdbus-codegen-version.patch ++++++ --- /var/tmp/diff_new_pack.l37mx1/_old 2021-02-11 12:46:11.177383952 +0100 +++ /var/tmp/diff_new_pack.l37mx1/_new 2021-02-11 12:46:11.181383958 +0100 @@ -1,7 +1,7 @@ -Index: glib-2.65.2/gio/gdbus-2.0/codegen/codegen.py +Index: glib-2.66.5/gio/gdbus-2.0/codegen/codegen.py =================================================================== ---- glib-2.65.2.orig/gio/gdbus-2.0/codegen/codegen.py -+++ glib-2.65.2/gio/gdbus-2.0/codegen/codegen.py +--- glib-2.66.5.orig/gio/gdbus-2.0/codegen/codegen.py ++++ glib-2.66.5/gio/gdbus-2.0/codegen/codegen.py @@ -79,8 +79,7 @@ class HeaderCodeGenerator: # ---------------------------------------------------------------------------------------------------- ++++++ glib2-suppress-schema-deprecated-path-warning.patch ++++++ --- /var/tmp/diff_new_pack.l37mx1/_old 2021-02-11 12:46:11.217384010 +0100 +++ /var/tmp/diff_new_pack.l37mx1/_new 2021-02-11 12:46:11.217384010 +0100 @@ -1,8 +1,8 @@ -Index: glib-2.56.2/gio/glib-compile-schemas.c +Index: glib-2.66.5/gio/glib-compile-schemas.c =================================================================== ---- glib-2.56.2.orig/gio/glib-compile-schemas.c 2018-08-17 02:03:20.000000000 +0200 -+++ glib-2.56.2/gio/glib-compile-schemas.c 2018-08-17 10:53:47.342889761 +0200 -@@ -1219,6 +1219,7 @@ parse_state_start_schema (ParseState *s +--- glib-2.66.5.orig/gio/glib-compile-schemas.c ++++ glib-2.66.5/gio/glib-compile-schemas.c +@@ -1232,6 +1232,7 @@ parse_state_start_schema (ParseState *s return; } @@ -10,7 +10,7 @@ if (path && (g_str_has_prefix (path, "/apps/") || g_str_has_prefix (path, "/desktop/") || g_str_has_prefix (path, "/system/"))) -@@ -1231,6 +1232,7 @@ parse_state_start_schema (ParseState *s +@@ -1244,6 +1245,7 @@ parse_state_start_schema (ParseState *s g_printerr ("%s\n", message); g_free (message); }
