#14798: GNOME-40 External Libraries - glib vala pygobject3 gobject-introspection
gtk-4.0 gtksourceview4 libdazzle sysprof at-spi2-core glib-networking gdk-
pixbuf tepl gtk+3
-------------------------+-----------------------
Reporter: renodr | Owner: renodr
Type: enhancement | Status: assigned
Priority: elevated | Milestone: 10.2
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+-----------------------
Changes (by renodr):
* priority: normal => elevated
Comment:
'''glib'''
'''2.67.1'''
{{{
Overview of changes in GLib 2.67.1
==================================
* Deprecate `g_time_zone_new()` in favour of
`g_time_zone_new_identifier()`,
which makes error checking easier (#553)
* Remove `volatile` from various public APIs, including `G_DEFINE_*`. You
should
adjust your code to not use `volatile` for atomic variables, `GOnce`
variables, or mostly anything else (see
http://isvolatileusefulwiththreads.in/c/). (#600)
* Support passing file handles to `gdbus` command line tool (work by
Norbert Pocs and Tim Waugh) (#961)
* Add `g_assert_cmpstrv()` test convenience function (work by Niels De
Graef) (#2015)
* Changes to the behaviour of the `G_URI_FLAGS_SCHEME_NORMALIZE` scheme
normalization flag in `GUri` (work by Carlos Garcia Campos) (#2257,
!1716)
* Add new `--run-prefix` and `--skip-prefix` options to GTest, to allow
running
or skipping test suites by prefix (work by Frederic Martinsons) (!1738)
* Fix thread-safety of `GBinding`; see the updated documentation for
`g_object_bind_property()` for full details — if your code uses
`GBinding`
across threads, you should re-check it against the latest documentation,
use
`g_binding_unbind()` rather than implicitly dropping the binding with
your
last `g_object_unref()` call, and use
`g_binding_dup_source()`/`g_binding_dup_target()`
instead of `g_binding_get_source()`/`g_binding_get_target()`
(work by Sebastian Dröge) (!1745)
* Bugs fixed:
- #553 Improved error-handling when timezone lookup fails
- #600 Remove "volatile" from G_DEFINE_*
- #961 gdbus tool: file handle passing doesn't work
- #994 mark g_assert_* as "noreturn" also on MSVC
- #1560 Can't get data for empty compressed resources
- #1592 Main loop ignores GPollFD sources when there is at least one
source ready with priority higher than default one
- #1833 meson: reconsider G_DISABLE_CAST_CHECKS handling
- #1849 Documentation of g_set_object(): can object_ptr be null?
- #1963 Follow-up from "gdbusmessage: Limit recursion of variants in
D-Bus messages"
- #2015 Add g_assert_cmpstrv() test utility
- #2046 Add pylint and shellcheck CI checks
- #2074 Big dbus writes with a FD list fail
- #2076 g_type_register_fundamental() and g_type_add_interface_static()
should not trigger valgrind leak warnings
- #2150 Add URI parsing tests from GstURI to GUri
- #2221 GLib-GIO:ERROR:../gio/tests/gsocketclient-slow.c:99:on_event:
'connection' should be NULL
- #2223 Documentation of g_strrstr_len is misleading; suggested fix
- #2233 GSocketClient crashes on connection failure
- #2236 Docs: gdbus-codegen example links broken
- #2253 In gspawn.c, use sysconf() system call on Mac OS, instead of
default maxfiles limit of 4096
- #2257 GUri: apply scheme normalization flag consistently
- !1251 Improve support for interface types
- !1385 gobject: allocate parameter list for g_object_new_valist()
entirely on stack
- !1629 Add some tracing to GTask
- !1699 Fix signedness warnings
- !1701 gio: Fix some remaining DocBook syntax in a documentation comment
- !1708 gio: Add missing nullable annotations
- !1716 guri: Normalize uri segments if they are encoded and add a flag
to do scheme-based normalization
- !1722 gio: Fix various typos of the name ‘D-Bus’
- !1724 glib/tests/fileutils: Fix expectations when running as root
- !1726 gdbus: Document the intended semantics of handles and fdsTim
Waugh
- !1731 Make more use of g_assert_no_errno()
- !1733 gdbusauthmechanismsha1: Don’t create keyring dir when running
as setuid
- !1734 glocalfileinfo: Use a single timeout source at a time for hidden
file cache
- !1735 gobject: Standardise on the term ‘instantiatable’
- !1737 gscanner: Avoid undefined behaviour copying between union members
- !1738 Extend the usage of -p option for glib test framework
- !1740 Fix more warnings
- !1745 Make GBinding thread-safe (alternative approach)
- !1746 gkeyfilesettingsbackend: improve error-checking
- !1747 Fix broken link syntax in g_vasprintf docs
- !1748 Fix minor Coverity return value warnings
- !1750 Fix warnings
- !1754 GWin32AppInfo: Use a thread pool for async appinfo tree rebuilds
- !1755 Minor Coverity fixes
- !1756 shellcheck fixes
- !1757 Python formatting improvements
- !1758 Fix warnings
- !1765 Fix more warnings
- !1766 Fix some gdatetime annotations
- !1767 tests: Fix GDateTime tests on FreeBSD
- !1769 gfileicon: Fix unused-but-set variable with G_DISABLE_ASSERT
- !1770 Minor scan-build fixes
- !1771 macos: fix frexpl checks in cross-compilation
- !1776 gio: ‘security_context_t’ is deprecated
- !1780 Minor Coverity fixes
- !1781 gspawn: Handle ENOSYS from close_range()
- !1782 ghostutils: Abandon hostname conversion early if it’s too long
* Translation updates:
}}}
'''2.67.2'''
{{{
Overview of changes in GLib 2.67.2
==================================
* Add `gio launch` command to execute programs (work by Frederic
Martinsons) (#54)
* Fix unused parameter warnings in code generated by `gdbus-codegen` (work
by Frederic Martinsons) (#1105)
* Officially deprecate `to-pixdata` option for `glib-compile-resources`,
in favour
of simply embedding more modern image formats in linked-in `GResource`
files (#1281)
* Support querying and running UWP applications on Windows (work by LRN)
(#1991)
* Support `gio trash --restore` and `gio trash --list` commands (work by
Frederic Martinsons) (#2098)
* No longer read environment variables for GIO module locations when
running as setuid (#2168)
* More progress on fixing compiler warnings (work by Emmanuel Fleury)
(!1773 and others)
* `GKeyFile` performance improvements (work by Timm Bäder) (!1829, !1832)
* Improve UDP socket behaviour on Windows (work by Marco Mastropaolo and
Ole André Vadla Ravnås) (!1827, !1844)
* Add `-Dtests` meson configure option for disabling tests entirely (work
by Ole André Vadla Ravnås) (!1850)
* Bugs fixed:
- #54 Add `gio launch` command to execute .desktop files
- #513 GSignal: Impossible to have return values in signals which are
G_SIGNAL_RUN_FIRST only
- #514 GSignal: Only limited usage of accumulator function possible
- #1105 gdbus-codegen: fix some unused parameter warnings
- #1188 Crash in gapplication.c:1014 when reading error message if
dbus_register returns false without setting error
- #1281 Update glib-compile-resources and GResource docs to
deprecate/remove to-pixdata in stable/master resp.
- #1283 gvfs-trash error message when unable to create trash directory is
unhelpful
- #1568 GObject tutorial does not mention floating references
- #1991 W32: Glib cannot run UWP applications
- #2098 gio trash: restore trashed files to their original location
- #2168 giomodule: Loads GIO modules even if setuid, etc.
- #2264 GPtrArray might call qsort() with NULL data
- #2265 2.67.1 regression: assertion failure starting gnome-terminal
- #2275 gio/completion/gio: Some variables are not localized
- #2279 g_source_is_destroyed example uses deprecated GDK API
- !1304 Extended error
- !1773 Fix more warnings
- !1783 gtlsdatabase: remove duplicate precondition check
- !1784 fuzzing: Add more fuzzing tests for various string parsing
functions
- !1785 glocalfile: Add an assertion to help static analysis
- !1787 Debuggability improvements in gosxappinfo.m
- !1788 gdate: Validate input as UTF-8 before parsing
- !1791 gdatetime: Disallow NAN as a number of seconds in a GDateTime
- !1794 gio-tool-info: Prevent criticals if mount options are not
available
- !1796 gfileutils: Fix typo in docs
- !1797 gdatetime: Improve ISO 8601 parsing to avoid floating point
checks
- !1801 glib: Add more missing return value annotations
- !1802 gobject: More missing return value annotations
- !1806 tests: Add some rounding tolerance in timeout test
- !1807 python: Reformat some files to keep style-check-diff happy
- !1808 tests: Be more lenient with timing checks on asyncqueue pops
- !1810 gfileinfo: Add missing preconditions to
g_file_info_get_attribute_data()
- !1811 Add more missing nullable annotations
- !1813 gdbus-codegen: Ignore some flake8 warnings
- !1815 Fix more warnings
- !1816 fuzzing: Add more GUriFlags to the URI parsing test
- !1817 fuzzing: Add more parsing flags to the GKeyFile test
- !1818 Fix more warnings
- !1819 Fix more warnings
- !1821 gdate: Limit length of dates which can be parsed as valid
- !1822 Fix more warnings
- !1827 Windows: fix FD_READ condition flag still set on recoverable UDP
socket errors.
- !1829 keyfile: Delay calling g_get_language_names() until it's needed
- !1830 gsocket: Fix credentials error-handling on Apple OSes
- !1832 More small GKeyFile performance improvements
- !1834 Update gvdb
- !1837 gdatetime.c: Fix MSVC builds for lack of NAN items
- !1838 Minor improvements to GError documentation
- !1840 Add nullable annotation for g_file_get_uri_scheme
- !1841 gthread: Fix incorrect cast
- !1842 gthread: Port native mutex to Clang
- !1844 gsocket: Improve default UDP behavior on Windows
- !1845 gsocket: Fix use-after-close
- !1848 gwin32: Always use unicode APIs
- !1850 build: Add option for disabling tests
- !1855 build: Fix ssize_t detection on older versions of glibc
- !1856 build: Fix Android system checks
- !1857 gtestutils: Fix g_assert_not_reached() on MSVC
- !1861 More GError tests
- !1863 tests: Ignore -Wformat-nonliteral warning in new GError tests
* Translation updates:
}}}
'''2.67.3'''
{{{
Overview of changes in GLib 2.67.3
==================================
* Add new `g_memdup2()` API to replace `g_memdup()`, which is vulnerable
to a
silent integer truncation and heap overflow problem if not used
carefully
(discovered by Kevin Backhouse, work by Philip Withnall) (#2319)
* Add new `g_dbus_object_path_escape()` and
`g_dbus_object_path_unescape()` APIs
to provide one way of escaping arbitrary bytestrings for use in D-Bus
object
paths (work by Lars Karlitski and Frederic Martinsons) (#968)
* Use `bash-completion.pc` (if available) to provide the path to install
completion files into (work by Frederic Martinsons) (#1054)
* Fix support for public/private trigraphs in `glib-mkenums` (work by
Matthias Klumpp) (!1870)
* Add `glib_debug` configure option to allow disabling debug
infrastructure in
builds with debug symbols enabled (work by Ole André Vadla Ravnås)
(!1889)
* Fix a regression where `PATH` would always be searched when using
`g_spawn()`,
even when it wasn’t supposed to (work by Simon McVittie and Thomas
Haller) (!1902)
* Override `gio-querymodules` in Meson when used as a submodule (work by
Xavier Claessens) (!1909)
* Bugs fixed:
- #344 gdbus(1) command-line completion issues
- #968 gdbus: add g_dbus_object_path_{un,}escape
- #1054 Use pkg-config to get path for bash-completion file installation
- #1180 GUnixInputStream and GUnixOutputStream don't consider TTYs
pollable
- #2011 Add additional unit tests for D-Bus name watching
- #2226 clang++ compilation fails on clusterfuzz
- #2292 Cannot find a common ancestor when running CI style check jobs
- #2299 GObject introspection annotation of g_closure_new_object() is
wrong
- #2305 GIO security hardening causing gnome-keyring to regress when
session bus is provided by dbus-launch (dbus-x11)
- #2314 gdatetime: math library link issue
- #2319 GHSL-2021-045: integer overflow in g_bytes_new/g_memdup
- !610 Various memory leak cleanups to GSettings tests
- !1804 Add more GIR annotations to gparam.c and gsignal.c
- !1823 Fix more warnings
- !1843 gfile: Add Linux kernel headers compatibility kludge
- !1847 Port to QNX
- !1853 ginetaddress: Handle systems without IPv6 support
- !1859 docs: update g_action_group_activate_action() remote activation
semantics
- !1860 glocalfile: Fix an uninitialized variable
- !1865 tests: Add more debug information to gdbus-connection-slow
- !1868 gdesktopappinfo: Fix validation of XDG_CURRENT_DESKTOP
- !1870 mkenums: Support public/private trigraph again
- !1873 Fix possible integer overflow of g_socket_send_message()
- !1876 Fixing g_socket_send_message() documentation to make it clearer
- !1877 Fix more warnings
- !1878 Another fix on g_socket_send_message()
- !1879 Fix more warnings
- !1880 GError documentation tweaks
- !1881 docs: Move ‘Notes’ section from README to NEWS
- !1883 gutils: Document caching of XDG directory variables
- !1884 gthread-win32: Use SetThreadDescription Win32 API for setting
thread name
- !1887 ci: Fix msys-mingw32 CI builds due to package rename
- !1888 docs: Add documentation for GLIB_VERSION_CUR_STABLE and
PREV_STABLE
- !1889 build: Add glib_debug option
- !1890 gtype: Improve formatting of GType documentation
- !1891 Fix more warnings
- !1893 gwin32appinfo: Fix printf length sub-specifier
- !1894 gsocket: Fix SO_NOSIGPIPE regression on Darwin
- !1898 gtestutils: Add g_test_get_path() API
- !1899 m4macros: replace obsolete macros AC_TRY_RUN and AC_TRY_LINK in
glib-2.0.m4
- !1900 [th/gsignal-cleanup] minor changes to GSignal related code
- !1901 Check if the remote already exists before adding it.
- !1902 spawn: Don't set a search path if we don't want to search PATH
- !1903 m4macros: Increment serial number of glib-2.0.m4
- !1905 Start to ignore known leaks under AddressSanitizer
- !1906 gdbus-serialization: Don't leak string containing first
serialization
- !1908 Fix straightforward memory leaks in tests
- !1909 Meson: override gio-querymodules program
- !1910 gio: Add explicit virtual g-i annotations for undiscovered
invoker relationship
- !1911 Fix more warnings
- !1915 Mark g_key_file_get_comment() key parameter as nullable
- !1919 atomic: Fix type check of g_atomic_pointer_compare_and_exchange()
- !1921 guri: Mark g_uri_get_host as nullable
- !1925 gapplication: Fix a memory leak
* Translation updates:
}}}
'''2.67.4'''
{{{
Overview of changes in GLib 2.67.4
==================================
* Add a `g_string_replace()` function (work by Joshua Lee) (#225)
* Add `G_DBUS_SERVER_FLAGS_AUTHENTICATION_REQUIRE_SAME_USER` flag to
simplify
the common case for writing a D-Bus authentication observer, allowing
most
uses of `GDBusAuthObserver` to be dropped (#1804)
* Add a new `g_spawn_with_pipes_and_fds()` variant which supports
renumbering
FDs (#2097)
* Add new g_memdup2() API to replace g_memdup(), which is vulnerable to a
silent integer truncation and heap overflow problem if not used
carefully
(discovered by Kevin Backhouse, work by Philip Withnall) (#2319)
* Fix various regressions caused by rushed security fixes in 2.66.6 (work
by
Simon McVittie and Jan Alexander Steffens) (!1932, !1941, #2323)
* Fix a silent integer truncation when calling g_byte_array_new_take() for
byte arrays bigger than G_MAXUINT (work by Krzesimir Nowak) (!1942)
* Fix `g_utf8_strdown()` to fix some issues in Turkish
(work by Kjell Ahlstedt) (!1930)
* Bugs fixed:
- #225 GString doesn't have a g_string_replace() function
- #587 g_input_stream_skip() out-of-bounds behavior is inconsistent
between implementations
- #1804 Add G_DBUS_SERVER_FLAGS_AUTHENTICATION_REQUIRE_SAME_USER flag
- #2097 GSubprocessLauncher with FD assignment can clash with
g_spawn_async internal pipe
- #2315 httpproxy: Need overflow protection when reading response during
connection establishment
- #2319 CVE-2021-27219 (GHSL-2021-045): integer overflow in
g_bytes_new/g_memdup
- #2322 g_test_dbus: double output when piping
- #2323 [GLIB 2.66.6] g_io_channel_set_line_term() stopped working with
null terminated strings and length -1
- !1917 Adding a missing test on integer overflow within
g_http_proxy_connect()
- !1918 Fix more warnings
- !1923 Add support for Tilix and Konsole
- !1930 guniprop: Fix g_utf8_strdown() for Turkish locale
- !1932 gtlspassword: Fix inverted assertion
- !1934 gdbus: Reject attempts to set future connection or server flags
- !1938 Fix more warnings
- !1939 ci: Temporarily disable macOS CI job as runner is offline
- !1940 Fix more warnings
- !1941 gkeyfilesettingsbackend: Fix basename handling when group is
unset
- !1942 CVE-2021-27218: gbytearray: Do not accept too large byte arrays
- !1947 Revert "Merge branch 'wip/pwithnall/macos-ci-disable' into
'master'"
- !1948 tests: Use a more realistic language code than sv_SV
- !1949 gatomic: Make fallback g_atomic_pointer_get type-safe
- !1951 Add a test for parsing 0 as double
- !1955 tests: Add missing NULL terminator to spawn-singlethread test
* Translation updates:
}}}
'''2.67.5'''
{{{
Overview of changes in GLib 2.67.5
==================================
* Fix more issues with `glib_typeof` macro from 2.67.3–2.67.4 (work by
Iain Lane, Simon McVittie) (#2331, !1975)
* Fix regression with some FD mappings passed to
`g_subprocess_launcher_spawnv()`
caused by changes for #2097 in GLib 2.67.4 (work by Olivier Fourdan,
Philip Withnall) (#2332)
* Fix detection of `str[n]casecmp()` when building with `clang-cl` (work
by
Aleksandr Mezin) (#2337)
* Use zlib from subproject if configured with `wrap_mode=forcefallback`
(work by
Seungha Yang) (!1959)
* Bump Visual Studio compilation requirement to VS 2012, and Windows 8 SDK
for
GLib 2.67.x onwards (work by Chun-wei Fan) (!1970)
* Bugs fixed:
- #832 Some tweaks re: GRWLock
- #2331 glib 2.67.3: <glib.h> can no longer be included in extern "C"
blocks
- #2332 Glib 2.67.4 causes gnome-shell to exit when spawning Xwayland on
demand
- #2333 Missing relation between g_file_info_get_size() and
G_FILE_ATTRIBUTE_STANDARD_SIZE attribute in documentation
- #2337 Linking fails when building with clang-cl because of
str[n]casecmp
- !1936 tests: Fix leak of dlopened module in pollable test
- !1954 Change SkipAsyncData fields to be gsize (and not gssize)
- !1956 The ETag returned by various GFile functions is nullable
- !1959 meson: Use subproject zlib if "wrap_mode=forcefallback" was
specified
- !1961 gkeyfilesettingsbackend: check for errors when creating file
monitors
- !1970 README.win32.md: Mention about Window 8+ SDK requirement
- !1971 gio/tests/pollable.c: Fix build on non-Linux UNIX
- !1975 gatomic.h: Make `glib_typeof` API break opt in.
* Translation updates:
}}}
'''2.67.6'''
{{{
Overview of changes in GLib 2.67.6
==================================
* Fix a security issue when using `g_file_replace()` with
`G_FILE_CREATE_REPLACE_DESTINATION` (#2325)
* Disallow operations on the empty path with `g_file_new_from_path()`
(#2328)
* Various fixes for GLib when building with clang-cl on Windows (work by
Aleksandr Mezin) (#2341, #2344)
* Bugs fixed:
- #2325 file-roller symlink attack
- #2327 Teach glib-mkenums about GLIB_AVAILABLE_ENUMERATOR_IN_2_68, and
start using it
- #2328 g_file_new_for_path("") yields CWD, which seems wrong
- #2341 glib-genmarshal output is sometimes empty because output file is
not closed
- #2344 c_std=c11: gbitlock.c: ‘asm’ undeclared
- !1962 Validate D-Bus machine ID after loading
- !1976 Use the right permissions for directory watching on Win32
- !1977 gio/tests/{meson.build,pollable.c}: Determine libutil SONAME at
build time
- !1980 glib.supp: Add another system thread suppression
* Translation updates:
}}}
'''2.68.0'''
{{{
Overview of changes in GLib 2.68.0
==================================
* Bugs fixed:
- !1987 build: Drop gconstructor_as_data_h usage from glib-compile-
schemas
- !1989 glib.supp: Generalize some suppressions
- !1992 gbytesicon: Fix error in g_bytes_icon_new() documentation
- !1994 glocalfileoutputstream: Tidy up error handling
- !1995 tests: Fix copy/paste error in queue test
* Translation updates:
}}}
'''CVE-2021-27218''' has been marked as High by NVD and has not been fixed
in any other glib release - probably because this was during the end of
their freeze cycle.
The vulnerability only affects 64-bit platforms. The description from NVD
is:
{{{
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before
2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more
on a 64-bit platform, the length would be truncated modulo 2**32, causing
unintended length truncation.
}}}
Additional information can be found at
[https://nvd.nist.gov/vuln/detail/CVE-2021-27218]
Unfortunately, this means that I must mark this ticket as at least
elevated.
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/14798#comment:12>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
