From: Peter Marko <[email protected]>
Fixes CVE-2026-1484, CVE-2026-1485 and CVE-2026-1489.
Release notes [1]:
Overview of changes in GLib 2.86.4, 2026-02-13
* Fix several security vulnerabilities of varying severity (see below
for details)
* Bugs fixed:
* #3858 (closed) glib-compile-resources: Incorrect compiler detection
on Windows when building GTK causes a DoS (L. E. Segovia)
* #3863 (closed) Iterating over a short (preallocated) GVariant
bytestring invalidly refs a NULL GBytes (Christian Hergert)
* #3870 (closed) (CVE-2026-1484) (YWH-PGM9867-168) Integer Overflow ->
Buffer Underflow on Glib through glib/gbase64.c via
g_base64_encode_close() leads to OOB Write (Marco Trevisan)
* #3871 (closed) (CVE-2026-1485) (#YWH-PGM9867-169) Buffer underflow
on Glib through gio/gcontenttype-fdo.c via parse_header() lead to
OOB Read/Write (Marco Trevisan)
* #3872 (closed) (CVE-2026-1489) (#YWH-PGM9867-171) Integer Overflow
on Glib through glib/guniprop.c via output_marks() lead to OOB Write
in glib/gutf8.c:g_unichar_to_utf8() (Marco Trevisan (Treviño))
* !4946 (merged) Update Romanian translation glib-2-86
* !4955 (merged) Backport !4954 (merged) “glib-compile-resources:
Always assume MSVC compiler if VCINSTALLDIR is set” to glib-2-86
* !4961 (merged) Backport !4960 (merged) “glib/gvariant: add failing
test for bytestring and fix it” to glib-2-86
* !4979 (merged) [glib-2-86] gbase64: Use gsize to prevent potential
overflow
* !4981 (merged) [glib-2-86] gio/gcontenttype-fdo: Do not overflow if
header is longer than MAXINT
* !4984 (merged) [glib-2-86] guniprop: Use size_t for output_marks
length
* !5010 (merged) Update Kazakh translation
* Translation updates:
* Kazakh (Baurzhan Muftakhidinov)
* Romanian (Antonio Marin)
[1] https://gitlab.gnome.org/GNOME/glib/-/releases/2.86.4
Signed-off-by: Peter Marko <[email protected]>
---
.../{glib-2.0-initial_2.86.3.bb => glib-2.0-initial_2.86.4.bb} | 0
.../glib-2.0/{glib-2.0_2.86.3.bb => glib-2.0_2.86.4.bb} | 0
meta/recipes-core/glib-2.0/glib.inc | 2 +-
3 files changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-core/glib-2.0/{glib-2.0-initial_2.86.3.bb =>
glib-2.0-initial_2.86.4.bb} (100%)
rename meta/recipes-core/glib-2.0/{glib-2.0_2.86.3.bb => glib-2.0_2.86.4.bb}
(100%)
diff --git a/meta/recipes-core/glib-2.0/glib-2.0-initial_2.86.3.bb
b/meta/recipes-core/glib-2.0/glib-2.0-initial_2.86.4.bb
similarity index 100%
rename from meta/recipes-core/glib-2.0/glib-2.0-initial_2.86.3.bb
rename to meta/recipes-core/glib-2.0/glib-2.0-initial_2.86.4.bb
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.86.3.bb
b/meta/recipes-core/glib-2.0/glib-2.0_2.86.4.bb
similarity index 100%
rename from meta/recipes-core/glib-2.0/glib-2.0_2.86.3.bb
rename to meta/recipes-core/glib-2.0/glib-2.0_2.86.4.bb
diff --git a/meta/recipes-core/glib-2.0/glib.inc
b/meta/recipes-core/glib-2.0/glib.inc
index 2e15cc7675..d1f25ef8f2 100644
--- a/meta/recipes-core/glib-2.0/glib.inc
+++ b/meta/recipes-core/glib-2.0/glib.inc
@@ -237,7 +237,7 @@ SRC_URI:append:class-native = "
file://relocate-modules.patch \
file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \
"
-SRC_URI[archive.sha256sum] =
"b3211d8d34b9df5dca05787ef0ad5d7ca75dec998b970e1aab0001d229977c65"
+SRC_URI[archive.sha256sum] =
"d4e2b5d791d5015ffd8c6971ad8e975a0a55c1a14926cdb25cf843ff00682260"
# Find any meson cross files in FILESPATH that are relevant for the current
# build (using siteinfo) and add them to EXTRA_OEMESON.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#231414):
https://lists.openembedded.org/g/openembedded-core/message/231414
Mute This Topic: https://lists.openembedded.org/mt/117884074/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
