From ea63f4e0ed8eaf3f1478072029bee3a6a4189664 Mon Sep 17 00:00:00 2001 From: Peter Marko Date: Wed, 8 May 2024 13:46:36 +0200 Subject: glib-2.0: Upgrade 2.78.4 -> 2.78.5 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Handle CVE-2024-34397 Remove backported patch included in this release. News (https://gitlab.gnome.org/GNOME/glib/-/commit/d18807b5ffc6dedc2db5225b044063f65720bf56): Overview of changes in GLib 2.78.5, 2024-05-07 ============================================== * Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing (#3268, work by Simon McVittie, reported by Alicia Boya García) * Bugs fixed: - #3168 gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding (Ondrej Holy) - #3268 CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing (Simon McVittie) - !3825 glib-2-78: ci: Drop FreeBSD 12 CI runner as it’s EOL - !3960 gcontenttype: Make filename valid utf-8 string before processing - !4040 Backport !4038 “gdbusconnection: Don't deliver signals if the sender doesn't match” to glib-2-78 - !4043 CI: Ignore MSYS2 CI failures for this older stable-branch * Translation updates: - English (United Kingdom) (Andi Chandler) - Georgian (Ekaterine Papava) - Portuguese (Brazil) (Juliano de Souza Camargo) (From OE-Core rev: 14de0c10f6b65eac758220d95e6d31066649a214) Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../recipes-core/glib-2.0/glib-2.0/fix-regex.patch | 54 -------------------- meta/recipes-core/glib-2.0/glib-2.0_2.78.4.bb | 57 ---------------------- meta/recipes-core/glib-2.0/glib-2.0_2.78.5.bb | 56 +++++++++++++++++++++ 3 files changed, 56 insertions(+), 111 deletions(-) delete mode 100644 meta/recipes-core/glib-2.0/glib-2.0/fix-regex.patch delete mode 100644 meta/recipes-core/glib-2.0/glib-2.0_2.78.4.bb create mode 100644 meta/recipes-core/glib-2.0/glib-2.0_2.78.5.bb diff --git a/meta/recipes-core/glib-2.0/glib-2.0/fix-regex.patch b/meta/recipes-core/glib-2.0/glib-2.0/fix-regex.patch deleted file mode 100644 index bdfbd55899..0000000000 --- a/meta/recipes-core/glib-2.0/glib-2.0/fix-regex.patch +++ /dev/null @@ -1,54 +0,0 @@ -From cce3ae98a2c1966719daabff5a4ec6cf94a846f6 Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Mon, 26 Feb 2024 16:55:44 +0000 -Subject: [PATCH] tests: Remove variable-length lookbehind tests for GRegex -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -PCRE2 10.43 has now introduced support for variable-length lookbehind, -so these tests now fail if GLib is built against PCRE2 10.43 or higher. - -See -https://github.com/PCRE2Project/pcre2/blob/e8db6fa7137f4c6f66cb87e0a3c9467252ec1ef7/ChangeLog#L94. - -Rather than making the tests conditional on the version of PCRE2 in use, -just remove them. They are mostly testing the PCRE2 code rather than -any code in GLib, so don’t have much value. - -This should fix CI runs on msys2-mingw32, which updated to PCRE2 10.43 2 -days ago. - -Signed-off-by: Philip Withnall - -Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/cce3ae98a2c1966719daabff5a4ec6cf94a846f6] -Signed-off-by: Alexander Kanavin ---- - glib/tests/regex.c | 10 ---------- - 1 file changed, 10 deletions(-) - -diff --git a/glib/tests/regex.c b/glib/tests/regex.c -index 1082526292..d7a698ec67 100644 ---- a/glib/tests/regex.c -+++ b/glib/tests/regex.c -@@ -1885,16 +1885,6 @@ test_lookbehind (void) - g_match_info_free (match); - g_regex_unref (regex); - -- regex = g_regex_new ("(? found - files = collections.OrderedDict() - for path in d.getVar("FILESPATH").split(":"): - for element in sitedata: - filename = os.path.normpath(os.path.join(path, "meson.cross.d", element)) - sanitized_path = filename.replace(thisdir, "${THISDIR}") - if sanitized_path == filename: - if os.path.exists(filename): - bb.error("Cannot add '%s' to --cross-file, because it's not relative to THISDIR '%s' and sstate signature would contain this full path" % (filename, thisdir)) - continue - files[filename.replace(thisdir, "${THISDIR}")] = os.path.exists(filename) - - items = ["--cross-file=" + k for k,v in files.items() if v] - d.appendVar("EXTRA_OEMESON", " " + " ".join(items)) - items = ["%s:%s" % (k, "True" if v else "False") for k,v in files.items()] - d.appendVarFlag("do_configure", "file-checksums", " " + " ".join(items)) - -python () { - find_meson_cross_files(d) -} diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.78.5.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.78.5.bb new file mode 100644 index 0000000000..d0aac737f7 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.78.5.bb @@ -0,0 +1,56 @@ +require glib.inc + +PE = "1" + +SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}" + +SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ + file://run-ptest \ + file://0001-Fix-DATADIRNAME-on-uclibc-Linux.patch \ + file://0001-Remove-the-warning-about-deprecated-paths-in-schemas.patch \ + file://0001-Install-gio-querymodules-as-libexec_PROGRAM.patch \ + file://0010-Do-not-hardcode-python-path-into-various-tools.patch \ + file://0001-Set-host_machine-correctly-when-building-with-mingw3.patch \ + file://0001-Do-not-write-bindir-into-pkg-config-files.patch \ + file://0001-meson-Run-atomics-test-on-clang-as-well.patch \ + file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \ + file://0001-Switch-from-the-deprecated-distutils-module-to-the-p.patch \ + file://memory-monitor.patch \ + file://skip-timeout.patch \ + " +SRC_URI:append:class-native = " file://relocate-modules.patch \ + file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \ + " + +SRC_URI[sha256sum] = "39b26044bd44dc30f427202add4997f554723c30017e92ff36da4197a2c916aa" + +# Find any meson cross files in FILESPATH that are relevant for the current +# build (using siteinfo) and add them to EXTRA_OEMESON. +inherit siteinfo +def find_meson_cross_files(d): + if bb.data.inherits_class('native', d): + return "" + + thisdir = os.path.normpath(d.getVar("THISDIR")) + import collections + sitedata = siteinfo_data(d) + # filename -> found + files = collections.OrderedDict() + for path in d.getVar("FILESPATH").split(":"): + for element in sitedata: + filename = os.path.normpath(os.path.join(path, "meson.cross.d", element)) + sanitized_path = filename.replace(thisdir, "${THISDIR}") + if sanitized_path == filename: + if os.path.exists(filename): + bb.error("Cannot add '%s' to --cross-file, because it's not relative to THISDIR '%s' and sstate signature would contain this full path" % (filename, thisdir)) + continue + files[filename.replace(thisdir, "${THISDIR}")] = os.path.exists(filename) + + items = ["--cross-file=" + k for k,v in files.items() if v] + d.appendVar("EXTRA_OEMESON", " " + " ".join(items)) + items = ["%s:%s" % (k, "True" if v else "False") for k,v in files.items()] + d.appendVarFlag("do_configure", "file-checksums", " " + " ".join(items)) + +python () { + find_meson_cross_files(d) +} -- cgit v1.2.3-54-g00ecf