diff options
author | Peter Marko <peter.marko@siemens.com> | 2024-05-08 13:46:36 +0200 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2024-05-23 08:55:01 -0700 |
commit | ea63f4e0ed8eaf3f1478072029bee3a6a4189664 (patch) | |
tree | 9352f381f086de0f46ff8ca9732ce2610ef3386c /meta/recipes-core | |
parent | 22357a9a0410562dbc873b72bfbca51d8ac23a15 (diff) | |
download | poky-ea63f4e0ed8eaf3f1478072029bee3a6a4189664.tar.gz |
glib-2.0: Upgrade 2.78.4 -> 2.78.5
Handle CVE-2024-34397
Remove backported patch included in this release.
News (https://gitlab.gnome.org/GNOME/glib/-/commit/d18807b5ffc6dedc2db5225b044063f65720bf56):
Overview of changes in GLib 2.78.5, 2024-05-07
==============================================
* Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are
vulnerable to unicast spoofing (#3268, work by Simon McVittie, reported by
Alicia Boya García)
* Bugs fixed:
- #3168 gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree()
due to filename with bad encoding (Ondrej Holy)
- #3268 CVE-2024-34397: GDBus signal subscriptions for well-known names are
vulnerable to unicast spoofing (Simon McVittie)
- !3825 glib-2-78: ci: Drop FreeBSD 12 CI runner as it’s EOL
- !3960 gcontenttype: Make filename valid utf-8 string before processing
- !4040 Backport !4038 “gdbusconnection: Don't deliver signals if the sender
doesn't match” to glib-2-78
- !4043 CI: Ignore MSYS2 CI failures for this older stable-branch
* Translation updates:
- English (United Kingdom) (Andi Chandler)
- Georgian (Ekaterine Papava)
- Portuguese (Brazil) (Juliano de Souza Camargo)
(From OE-Core rev: 14de0c10f6b65eac758220d95e6d31066649a214)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0/fix-regex.patch | 54 | ||||
-rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0_2.78.5.bb (renamed from meta/recipes-core/glib-2.0/glib-2.0_2.78.4.bb) | 3 |
2 files changed, 1 insertions, 56 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/fix-regex.patch b/meta/recipes-core/glib-2.0/glib-2.0/fix-regex.patch deleted file mode 100644 index bdfbd55899..0000000000 --- a/meta/recipes-core/glib-2.0/glib-2.0/fix-regex.patch +++ /dev/null | |||
@@ -1,54 +0,0 @@ | |||
1 | From cce3ae98a2c1966719daabff5a4ec6cf94a846f6 Mon Sep 17 00:00:00 2001 | ||
2 | From: Philip Withnall <pwithnall@gnome.org> | ||
3 | Date: Mon, 26 Feb 2024 16:55:44 +0000 | ||
4 | Subject: [PATCH] tests: Remove variable-length lookbehind tests for GRegex | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=UTF-8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | PCRE2 10.43 has now introduced support for variable-length lookbehind, | ||
10 | so these tests now fail if GLib is built against PCRE2 10.43 or higher. | ||
11 | |||
12 | See | ||
13 | https://github.com/PCRE2Project/pcre2/blob/e8db6fa7137f4c6f66cb87e0a3c9467252ec1ef7/ChangeLog#L94. | ||
14 | |||
15 | Rather than making the tests conditional on the version of PCRE2 in use, | ||
16 | just remove them. They are mostly testing the PCRE2 code rather than | ||
17 | any code in GLib, so don’t have much value. | ||
18 | |||
19 | This should fix CI runs on msys2-mingw32, which updated to PCRE2 10.43 2 | ||
20 | days ago. | ||
21 | |||
22 | Signed-off-by: Philip Withnall <pwithnall@gnome.org> | ||
23 | |||
24 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/cce3ae98a2c1966719daabff5a4ec6cf94a846f6] | ||
25 | Signed-off-by: Alexander Kanavin <alex@linutronix.de> | ||
26 | --- | ||
27 | glib/tests/regex.c | 10 ---------- | ||
28 | 1 file changed, 10 deletions(-) | ||
29 | |||
30 | diff --git a/glib/tests/regex.c b/glib/tests/regex.c | ||
31 | index 1082526292..d7a698ec67 100644 | ||
32 | --- a/glib/tests/regex.c | ||
33 | +++ b/glib/tests/regex.c | ||
34 | @@ -1885,16 +1885,6 @@ test_lookbehind (void) | ||
35 | g_match_info_free (match); | ||
36 | g_regex_unref (regex); | ||
37 | |||
38 | - regex = g_regex_new ("(?<!dogs?|cats?) x", G_REGEX_OPTIMIZE, G_REGEX_MATCH_DEFAULT, &error); | ||
39 | - g_assert (regex == NULL); | ||
40 | - g_assert_error (error, G_REGEX_ERROR, G_REGEX_ERROR_VARIABLE_LENGTH_LOOKBEHIND); | ||
41 | - g_clear_error (&error); | ||
42 | - | ||
43 | - regex = g_regex_new ("(?<=ab(c|de)) foo", G_REGEX_OPTIMIZE, G_REGEX_MATCH_DEFAULT, &error); | ||
44 | - g_assert (regex == NULL); | ||
45 | - g_assert_error (error, G_REGEX_ERROR, G_REGEX_ERROR_VARIABLE_LENGTH_LOOKBEHIND); | ||
46 | - g_clear_error (&error); | ||
47 | - | ||
48 | regex = g_regex_new ("(?<=abc|abde)foo", G_REGEX_OPTIMIZE, G_REGEX_MATCH_DEFAULT, &error); | ||
49 | g_assert (regex); | ||
50 | g_assert_no_error (error); | ||
51 | -- | ||
52 | GitLab | ||
53 | |||
54 | |||
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.78.4.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.78.5.bb index b1669ead75..d0aac737f7 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.78.4.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.78.5.bb | |||
@@ -16,14 +16,13 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ | |||
16 | file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \ | 16 | file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \ |
17 | file://0001-Switch-from-the-deprecated-distutils-module-to-the-p.patch \ | 17 | file://0001-Switch-from-the-deprecated-distutils-module-to-the-p.patch \ |
18 | file://memory-monitor.patch \ | 18 | file://memory-monitor.patch \ |
19 | file://fix-regex.patch \ | ||
20 | file://skip-timeout.patch \ | 19 | file://skip-timeout.patch \ |
21 | " | 20 | " |
22 | SRC_URI:append:class-native = " file://relocate-modules.patch \ | 21 | SRC_URI:append:class-native = " file://relocate-modules.patch \ |
23 | file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \ | 22 | file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \ |
24 | " | 23 | " |
25 | 24 | ||
26 | SRC_URI[sha256sum] = "24b8e0672dca120cc32d394bccb85844e732e04fe75d18bb0573b2dbc7548f63" | 25 | SRC_URI[sha256sum] = "39b26044bd44dc30f427202add4997f554723c30017e92ff36da4197a2c916aa" |
27 | 26 | ||
28 | # Find any meson cross files in FILESPATH that are relevant for the current | 27 | # Find any meson cross files in FILESPATH that are relevant for the current |
29 | # build (using siteinfo) and add them to EXTRA_OEMESON. | 28 | # build (using siteinfo) and add them to EXTRA_OEMESON. |