glib-2.0: Upgrade 2.78.4 -> 2.78.5

Handle CVE-2024-34397 Remove backported patch included in this release. News (https://gitlab.gnome.org/GNOME/glib/-/commit/d18807b5ffc6dedc2db5225b044063f65720bf56): Overview of changes in GLib 2.78.5, 2024-05-07 ============================================== * Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing (#3268, work by Simon McVittie, reported by Alicia Boya García) * Bugs fixed: - #3168 gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding (Ondrej Holy) - #3268 CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing (Simon McVittie) - !3825 glib-2-78: ci: Drop FreeBSD 12 CI runner as it’s EOL - !3960 gcontenttype: Make filename valid utf-8 string before processing - !4040 Backport !4038 “gdbusconnection: Don't deliver signals if the sender doesn't match” to glib-2-78 - !4043 CI: Ignore MSYS2 CI failures for this older stable-branch * Translation updates: - English (United Kingdom) (Andi Chandler) - Georgian (Ekaterine Papava) - Portuguese (Brazil) (Juliano de Souza Camargo) (From OE-Core rev: 14de0c10f6b65eac758220d95e6d31066649a214) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Peter Marko <peter.marko@siemens.com> 2024-05-08 13:46:36 +0200
committer: Steve Sakoman <steve@sakoman.com> 2024-05-23 08:55:01 -0700
commit: ea63f4e0ed8eaf3f1478072029bee3a6a4189664 (patch)
tree: 9352f381f086de0f46ff8ca9732ce2610ef3386c /meta/recipes-core
parent: 22357a9a0410562dbc873b72bfbca51d8ac23a15 (diff)
download: poky-ea63f4e0ed8eaf3f1478072029bee3a6a4189664.tar.gz
2 files changed, 1 insertions, 56 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/fix-regex.patch b/meta/recipes-core/glib-2.0/glib-2.0/fix-regex.patch
deleted file mode 100644
index bdfbd55899..0000000000
--- a/meta/recipes-core/glib-2.0/glib-2.0/fix-regex.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From cce3ae98a2c1966719daabff5a4ec6cf94a846f6 Mon Sep 17 00:00:00 2001
-From: Philip Withnall <pwithnall@gnome.org>
-Date: Mon, 26 Feb 2024 16:55:44 +0000
-Subject: [PATCH] tests: Remove variable-length lookbehind tests for GRegex
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-PCRE2 10.43 has now introduced support for variable-length lookbehind,
-so these tests now fail if GLib is built against PCRE2 10.43 or higher.
-See
-https://github.com/PCRE2Project/pcre2/blob/e8db6fa7137f4c6f66cb87e0a3c9467252ec1ef7/ChangeLog#L94.
-Rather than making the tests conditional on the version of PCRE2 in use,
-just remove them. They are mostly testing the PCRE2 code rather than
-any code in GLib, so donâ€™t have much value.
-This should fix CI runs on msys2-mingw32, which updated to PCRE2 10.43 2
-days ago.
-Signed-off-by: Philip Withnall <pwithnall@gnome.org>
-Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/cce3ae98a2c1966719daabff5a4ec6cf94a846f6]
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
- glib/tests/regex.c | 10 ----------
- 1 file changed, 10 deletions(-)
-diff --git a/glib/tests/regex.c b/glib/tests/regex.c
-index 1082526292..d7a698ec67 100644
--- a/glib/tests/regex.c
-+++ b/glib/tests/regex.c
-@@ -1885,16 +1885,6 @@ test_lookbehind (void)
-   g_match_info_free (match);
-   g_regex_unref (regex);
- 
-  regex = g_regex_new ("(?<!dogs?|cats?) x", G_REGEX_OPTIMIZE, G_REGEX_MATCH_DEFAULT, &error);
-  g_assert (regex == NULL);
-  g_assert_error (error, G_REGEX_ERROR, G_REGEX_ERROR_VARIABLE_LENGTH_LOOKBEHIND);
-  g_clear_error (&error);
-
-  regex = g_regex_new ("(?<=ab(c|de)) foo", G_REGEX_OPTIMIZE, G_REGEX_MATCH_DEFAULT, &error);
-  g_assert (regex == NULL);
-  g_assert_error (error, G_REGEX_ERROR, G_REGEX_ERROR_VARIABLE_LENGTH_LOOKBEHIND);
-  g_clear_error (&error);
-
-   regex = g_regex_new ("(?<=abc|abde)foo", G_REGEX_OPTIMIZE, G_REGEX_MATCH_DEFAULT, &error);
-   g_assert (regex);
-   g_assert_no_error (error);
-- 
-GitLab
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.78.4.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.78.5.bb
index b1669ead75..d0aac737f7 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.78.4.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.78.5.bb
@@ -16,14 +16,13 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
           file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \
           file://0001-Switch-from-the-deprecated-distutils-module-to-the-p.patch \
           file://memory-monitor.patch \
-           file://fix-regex.patch \
           file://skip-timeout.patch \
           "
 SRC_URI:append:class-native = " file://relocate-modules.patch \ 
                                file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \
                              "
-SRC_URI[sha256sum] = "24b8e0672dca120cc32d394bccb85844e732e04fe75d18bb0573b2dbc7548f63"
+SRC_URI[sha256sum] = "39b26044bd44dc30f427202add4997f554723c30017e92ff36da4197a2c916aa"
 # Find any meson cross files in FILESPATH that are relevant for the current
 # build (using siteinfo) and add them to EXTRA_OEMESON.
author	Peter Marko <peter.marko@siemens.com>	2024-05-08 13:46:36 +0200
committer	Steve Sakoman <steve@sakoman.com>	2024-05-23 08:55:01 -0700
commit	ea63f4e0ed8eaf3f1478072029bee3a6a4189664 (patch)
tree	9352f381f086de0f46ff8ca9732ce2610ef3386c /meta/recipes-core
parent	22357a9a0410562dbc873b72bfbca51d8ac23a15 (diff)
download	poky-ea63f4e0ed8eaf3f1478072029bee3a6a4189664.tar.gz

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/fix-regex.patch b/meta/recipes-core/glib-2.0/glib-2.0/fix-regex.patch deleted file mode 100644 index bdfbd55899..0000000000 --- a/meta/recipes-core/glib-2.0/glib-2.0/fix-regex.patch +++ /dev/null
@@ -1,54 +0,0 @@
1	From cce3ae98a2c1966719daabff5a4ec6cf94a846f6 Mon Sep 17 00:00:00 2001
2	From: Philip Withnall <pwithnall@gnome.org>
3	Date: Mon, 26 Feb 2024 16:55:44 +0000
4	Subject: [PATCH] tests: Remove variable-length lookbehind tests for GRegex
5	MIME-Version: 1.0
6	Content-Type: text/plain; charset=UTF-8
7	Content-Transfer-Encoding: 8bit
8
9	PCRE2 10.43 has now introduced support for variable-length lookbehind,
10	so these tests now fail if GLib is built against PCRE2 10.43 or higher.
11
12	See
13	https://github.com/PCRE2Project/pcre2/blob/e8db6fa7137f4c6f66cb87e0a3c9467252ec1ef7/ChangeLog#L94.
14
15	Rather than making the tests conditional on the version of PCRE2 in use,
16	just remove them. They are mostly testing the PCRE2 code rather than
17	any code in GLib, so donâ€™t have much value.
18
19	This should fix CI runs on msys2-mingw32, which updated to PCRE2 10.43 2
20	days ago.
21
22	Signed-off-by: Philip Withnall <pwithnall@gnome.org>
23
24	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/cce3ae98a2c1966719daabff5a4ec6cf94a846f6]
25	Signed-off-by: Alexander Kanavin <alex@linutronix.de>
26	---
27	glib/tests/regex.c \| 10 ----------
28	1 file changed, 10 deletions(-)
29
30	diff --git a/glib/tests/regex.c b/glib/tests/regex.c
31	index 1082526292..d7a698ec67 100644
32	--- a/glib/tests/regex.c
33	+++ b/glib/tests/regex.c
34	@@ -1885,16 +1885,6 @@ test_lookbehind (void)
35	g_match_info_free (match);
36	g_regex_unref (regex);
37
38	- regex = g_regex_new ("(?<!dogs?\|cats?) x", G_REGEX_OPTIMIZE, G_REGEX_MATCH_DEFAULT, &error);
39	- g_assert (regex == NULL);
40	- g_assert_error (error, G_REGEX_ERROR, G_REGEX_ERROR_VARIABLE_LENGTH_LOOKBEHIND);
41	- g_clear_error (&error);
42	-
43	- regex = g_regex_new ("(?<=ab(c\|de)) foo", G_REGEX_OPTIMIZE, G_REGEX_MATCH_DEFAULT, &error);
44	- g_assert (regex == NULL);
45	- g_assert_error (error, G_REGEX_ERROR, G_REGEX_ERROR_VARIABLE_LENGTH_LOOKBEHIND);
46	- g_clear_error (&error);
47	-
48	regex = g_regex_new ("(?<=abc\|abde)foo", G_REGEX_OPTIMIZE, G_REGEX_MATCH_DEFAULT, &error);
49	g_assert (regex);
50	g_assert_no_error (error);
51	--
52	GitLab
53
54


diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.78.4.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.78.5.bb index b1669ead75..d0aac737f7 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.78.4.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.78.5.bb
@@ -16,14 +16,13 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
16	file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \	16	file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \
17	file://0001-Switch-from-the-deprecated-distutils-module-to-the-p.patch \	17	file://0001-Switch-from-the-deprecated-distutils-module-to-the-p.patch \
18	file://memory-monitor.patch \	18	file://memory-monitor.patch \
19	file://fix-regex.patch \
20	file://skip-timeout.patch \	19	file://skip-timeout.patch \
21	"	20	"
22	SRC_URI:append:class-native = " file://relocate-modules.patch \	21	SRC_URI:append:class-native = " file://relocate-modules.patch \
23	file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \	22	file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \
24	"	23	"
25		24
26	SRC_URI[sha256sum] = "24b8e0672dca120cc32d394bccb85844e732e04fe75d18bb0573b2dbc7548f63"	25	SRC_URI[sha256sum] = "39b26044bd44dc30f427202add4997f554723c30017e92ff36da4197a2c916aa"
27		26
28	# Find any meson cross files in FILESPATH that are relevant for the current	27	# Find any meson cross files in FILESPATH that are relevant for the current
29	# build (using siteinfo) and add them to EXTRA_OEMESON.	28	# build (using siteinfo) and add them to EXTRA_OEMESON.