Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package glib2 for openSUSE:Factory checked in at 2025-12-10 15:29:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/glib2 (Old) and /work/SRC/openSUSE:Factory/.glib2.new.1939 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "glib2" Wed Dec 10 15:29:47 2025 rev:300 rq:1321769 version:2.86.3 Changes: -------- --- /work/SRC/openSUSE:Factory/glib2/glib2.changes 2025-11-21 16:54:27.792759629 +0100 +++ /work/SRC/openSUSE:Factory/.glib2.new.1939/glib2.changes 2025-12-10 15:30:40.942634174 +0100 @@ -1,0 +2,21 @@ +Mon Dec 8 19:35:09 UTC 2025 - Bjørn Lie <[email protected]> + +- Update to version 2.86.3: + + Fix several security vulnerabilities of varying severity (see + below for details): + + Bugs fixed: + - (CVE-2025-13601) (#YWH-PGM9867-134) Incorrect calculation of + buffer size in g_escape_uri_string() + - (#YWH-PGM9867-145) Buffer underflow on Glib through + glib/gvariant via bytestring_parse() or string_parse() leads + to OOB Write + - GIO: Integer overflow in file attribute escaping + - G_FILE_MONITOR_WATCH_HARD_LINK does not monitor files on + Windows + - gconvert: Error out if g_escape_uri_string() would overflow + - gvariant-parser: Fix potential integer overflow parsing + (byte)strings + - gfileattribute: Fix integer overflow calculating escaping for + byte strings + +------------------------------------------------------------------- Old: ---- glib-2.86.2.obscpio New: ---- glib-2.86.3.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ glib2.spec ++++++ --- /var/tmp/diff_new_pack.LUcfJR/_old 2025-12-10 15:30:42.326692726 +0100 +++ /var/tmp/diff_new_pack.LUcfJR/_new 2025-12-10 15:30:42.330692896 +0100 @@ -37,7 +37,7 @@ %define libgthread libgthread-%{libver} %define libgirepository libgirepository-%{libver} Name: glib2%{psuffix} -Version: 2.86.2 +Version: 2.86.3 Release: 0 Summary: General-Purpose Utility Library License: LGPL-2.1-or-later ++++++ _service ++++++ --- /var/tmp/diff_new_pack.LUcfJR/_old 2025-12-10 15:30:42.402695942 +0100 +++ /var/tmp/diff_new_pack.LUcfJR/_new 2025-12-10 15:30:42.410696280 +0100 @@ -3,7 +3,7 @@ <service name="obs_scm" mode="manual"> <param name="scm">git</param> <param name="url">https://gitlab.gnome.org/GNOME/glib.git</param> - <param name="revision">2.86.2</param> + <param name="revision">2.86.3</param> <param name="versionformat">@PARENT_TAG@+@TAG_OFFSET@</param> <param name="versionrewrite-pattern">(.*)\+0</param> <param name="versionrewrite-replacement">\1</param> ++++++ glib-2.86.2.obscpio -> glib-2.86.3.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glib-2.86.2/NEWS new/glib-2.86.3/NEWS --- old/glib-2.86.2/NEWS 2025-11-18 17:59:09.000000000 +0100 +++ new/glib-2.86.3/NEWS 2025-12-08 16:46:06.000000000 +0100 @@ -1,3 +1,25 @@ +Overview of changes in GLib 2.86.3, 2025-12-08 +============================================== + +* Fix several security vulnerabilities of varying severity (see below for + details) + +* Bugs fixed: + - #3827 (CVE-2025-13601) (#YWH-PGM9867-134) Incorrect calculation of buffer + size in g_escape_uri_string() (Philip Withnall) + - #3834 (#YWH-PGM9867-145) Buffer underflow on Glib through glib/gvariant via + bytestring_parse() or string_parse() leads to OOB Write (Philip Withnall) + - #3845 GIO: Integer overflow in file attribute escaping (Philip Withnall) + - !4912 Backport !4901 “Issue #3819: G_FILE_MONITOR_WATCH_HARD_LINK does not + monitor files on Windows.” to glib-2-86 + - !4915 Backport !4914 “gconvert: Error out if g_escape_uri_string() would + overflow” to glib-2-86 + - !4934 Backport !4933 “gvariant-parser: Fix potential integer overflow + parsing (byte)strings” to glib-2-86 + - !4936 Backport !4935 “gfileattribute: Fix integer overflow calculating + escaping for byte strings” to glib-2-86 + + Overview of changes in GLib 2.86.2, 2025-11-18 ============================================== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glib-2.86.2/fuzzing/fuzz_filename_from_uri.c new/glib-2.86.3/fuzzing/fuzz_filename_from_uri.c --- old/glib-2.86.2/fuzzing/fuzz_filename_from_uri.c 1970-01-01 01:00:00.000000000 +0100 +++ new/glib-2.86.3/fuzzing/fuzz_filename_from_uri.c 2025-12-08 16:46:06.000000000 +0100 @@ -0,0 +1,40 @@ +/* + * Copyright 2025 GNOME Foundation, Inc. + * + * SPDX-License-Identifier: LGPL-2.1-or-later + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "fuzz.h" + +int +LLVMFuzzerTestOneInput (const unsigned char *data, size_t size) +{ + unsigned char *nul_terminated_data = NULL; + char *filename = NULL; + GError *local_error = NULL; + + fuzz_set_logging_func (); + + /* ignore @size (g_filename_from_uri() doesn’t support it); ensure @data is nul-terminated */ + nul_terminated_data = (unsigned char *) g_strndup ((const char *) data, size); + filename = g_filename_from_uri ((const char *) nul_terminated_data, NULL, &local_error); + g_free (nul_terminated_data); + + g_free (filename); + g_clear_error (&local_error); + + return 0; +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glib-2.86.2/fuzzing/fuzz_filename_to_uri.c new/glib-2.86.3/fuzzing/fuzz_filename_to_uri.c --- old/glib-2.86.2/fuzzing/fuzz_filename_to_uri.c 1970-01-01 01:00:00.000000000 +0100 +++ new/glib-2.86.3/fuzzing/fuzz_filename_to_uri.c 2025-12-08 16:46:06.000000000 +0100 @@ -0,0 +1,40 @@ +/* + * Copyright 2025 GNOME Foundation, Inc. + * + * SPDX-License-Identifier: LGPL-2.1-or-later + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "fuzz.h" + +int +LLVMFuzzerTestOneInput (const unsigned char *data, size_t size) +{ + unsigned char *nul_terminated_data = NULL; + char *uri = NULL; + GError *local_error = NULL; + + fuzz_set_logging_func (); + + /* ignore @size (g_filename_to_uri() doesn’t support it); ensure @data is nul-terminated */ + nul_terminated_data = (unsigned char *) g_strndup ((const char *) data, size); + uri = g_filename_to_uri ((const char *) nul_terminated_data, NULL, &local_error); + g_free (nul_terminated_data); + + g_free (uri); + g_clear_error (&local_error); + + return 0; +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glib-2.86.2/fuzzing/meson.build new/glib-2.86.3/fuzzing/meson.build --- old/glib-2.86.2/fuzzing/meson.build 2025-11-18 17:59:09.000000000 +0100 +++ new/glib-2.86.3/fuzzing/meson.build 2025-12-08 16:46:06.000000000 +0100 @@ -25,6 +25,8 @@ 'fuzz_date_parse', 'fuzz_date_time_new_from_iso8601', 'fuzz_dbus_message', + 'fuzz_filename_from_uri', + 'fuzz_filename_to_uri', 'fuzz_get_locale_variants', 'fuzz_inet_address_mask_new_from_string', 'fuzz_inet_address_new_from_string', diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glib-2.86.2/gio/gfileattribute.c new/glib-2.86.3/gio/gfileattribute.c --- old/glib-2.86.2/gio/gfileattribute.c 2025-11-18 17:59:09.000000000 +0100 +++ new/glib-2.86.3/gio/gfileattribute.c 2025-12-08 16:46:06.000000000 +0100 @@ -22,6 +22,7 @@ #include "config.h" +#include <stdint.h> #include <string.h> #include "gfileattribute.h" @@ -166,11 +167,12 @@ return c >= 32 && c <= 126 && c != '\\'; } +/* Returns NULL on error */ static char * escape_byte_string (const char *str) { size_t i, len; - int num_invalid; + size_t num_invalid; char *escaped_val, *p; unsigned char c; const char hex_digits[] = "0123456789abcdef"; @@ -188,7 +190,12 @@ return g_strdup (str); else { - escaped_val = g_malloc (len + num_invalid*3 + 1); + /* Check for overflow. We want to check the inequality: + * !(len + num_invalid * 3 + 1 > SIZE_MAX) */ + if (num_invalid >= (SIZE_MAX - len) / 3) + return NULL; + + escaped_val = g_malloc (len + num_invalid * 3 + 1); p = escaped_val; for (i = 0; i < len; i++) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glib-2.86.2/gio/win32/gwin32fsmonitorutils.c new/glib-2.86.3/gio/win32/gwin32fsmonitorutils.c --- old/glib-2.86.2/gio/win32/gwin32fsmonitorutils.c 2025-11-18 17:59:09.000000000 +0100 +++ new/glib-2.86.3/gio/win32/gwin32fsmonitorutils.c 2025-12-08 16:46:06.000000000 +0100 @@ -245,9 +245,9 @@ const gchar *filename, gboolean isfile) { - wchar_t *wdirname_with_long_prefix = NULL; + gchar *dirname_with_long_prefix; + wchar_t *wdirname_with_long_prefix; const gchar LONGPFX[] = "\\\\?\\"; - gchar *fullpath_with_long_prefix, *dirname_with_long_prefix; DWORD notify_filter = isfile ? (FILE_NOTIFY_CHANGE_FILE_NAME | FILE_NOTIFY_CHANGE_ATTRIBUTES | @@ -260,83 +260,88 @@ gboolean success_attribs; WIN32_FILE_ATTRIBUTE_DATA attrib_data = {0, }; + g_return_if_fail ((filename && isfile) || (dirname && ! isfile)); if (dirname != NULL) { dirname_with_long_prefix = g_strconcat (LONGPFX, dirname, NULL); - wdirname_with_long_prefix = g_utf8_to_utf16 (dirname_with_long_prefix, -1, NULL, NULL, NULL); + } + else + { + gchar *tmp_dirname = g_path_get_dirname (filename); + dirname_with_long_prefix = g_strconcat (LONGPFX, tmp_dirname, NULL); + g_free (tmp_dirname); + } + wdirname_with_long_prefix = g_utf8_to_utf16 (dirname_with_long_prefix, -1, NULL, NULL, NULL); + + if (isfile) + { + gchar *fullpath; + gchar *fullpath_with_long_prefix; + wchar_t wlongname[MAX_PATH_LONG]; + wchar_t wshortname[MAX_PATH_LONG]; + wchar_t *wfullpath, *wbasename_long, *wbasename_short; + + if (dirname) + fullpath = g_build_filename (dirname, filename, NULL); + else + fullpath = g_strdup (filename); + + fullpath_with_long_prefix = g_strconcat (LONGPFX, fullpath, NULL); + + wfullpath = g_utf8_to_utf16 (fullpath, -1, NULL, NULL, NULL); + + monitor->wfullpath_with_long_prefix = + g_utf8_to_utf16 (fullpath_with_long_prefix, -1, NULL, NULL, NULL); - if (isfile) + /* ReadDirectoryChangesW() can return the normal filename or the + * "8.3" format filename, so we need to keep track of both these names + * so that we can check against them later when it returns + */ + if (GetLongPathNameW (monitor->wfullpath_with_long_prefix, wlongname, MAX_PATH_LONG) == 0) { - gchar *fullpath; - wchar_t wlongname[MAX_PATH_LONG]; - wchar_t wshortname[MAX_PATH_LONG]; - wchar_t *wfullpath, *wbasename_long, *wbasename_short; - - fullpath = g_build_filename (dirname, filename, NULL); - fullpath_with_long_prefix = g_strconcat (LONGPFX, fullpath, NULL); - - wfullpath = g_utf8_to_utf16 (fullpath, -1, NULL, NULL, NULL); - - monitor->wfullpath_with_long_prefix = - g_utf8_to_utf16 (fullpath_with_long_prefix, -1, NULL, NULL, NULL); - - /* ReadDirectoryChangesW() can return the normal filename or the - * "8.3" format filename, so we need to keep track of both these names - * so that we can check against them later when it returns - */ - if (GetLongPathNameW (monitor->wfullpath_with_long_prefix, wlongname, MAX_PATH_LONG) == 0) - { - wbasename_long = wcsrchr (monitor->wfullpath_with_long_prefix, L'\\'); - monitor->wfilename_long = wbasename_long != NULL ? - wcsdup (wbasename_long + 1) : - wcsdup (wfullpath); - } - else - { - wbasename_long = wcsrchr (wlongname, L'\\'); - monitor->wfilename_long = wbasename_long != NULL ? - wcsdup (wbasename_long + 1) : - wcsdup (wlongname); - - } - - if (GetShortPathNameW (monitor->wfullpath_with_long_prefix, wshortname, MAX_PATH_LONG) == 0) - { - wbasename_short = wcsrchr (monitor->wfullpath_with_long_prefix, L'\\'); - monitor->wfilename_short = wbasename_short != NULL ? - wcsdup (wbasename_short + 1) : - wcsdup (wfullpath); - } - else - { - wbasename_short = wcsrchr (wshortname, L'\\'); - monitor->wfilename_short = wbasename_short != NULL ? - wcsdup (wbasename_short + 1) : - wcsdup (wshortname); - } + wbasename_long = wcsrchr (monitor->wfullpath_with_long_prefix, L'\\'); + monitor->wfilename_long = wbasename_long != NULL ? + wcsdup (wbasename_long + 1) : + wcsdup (wfullpath); + } + else + { + wbasename_long = wcsrchr (wlongname, L'\\'); + monitor->wfilename_long = wbasename_long != NULL ? + wcsdup (wbasename_long + 1) : + wcsdup (wlongname); - g_free (wfullpath); - g_free (fullpath); + } + + if (GetShortPathNameW (monitor->wfullpath_with_long_prefix, wshortname, MAX_PATH_LONG) == 0) + { + wbasename_short = wcsrchr (monitor->wfullpath_with_long_prefix, L'\\'); + monitor->wfilename_short = wbasename_short != NULL ? + wcsdup (wbasename_short + 1) : + wcsdup (wfullpath); } else { - monitor->wfilename_short = NULL; - monitor->wfilename_long = NULL; - monitor->wfullpath_with_long_prefix = g_utf8_to_utf16 (dirname_with_long_prefix, -1, NULL, NULL, NULL); + wbasename_short = wcsrchr (wshortname, L'\\'); + monitor->wfilename_short = wbasename_short != NULL ? + wcsdup (wbasename_short + 1) : + wcsdup (wshortname); } - monitor->isfile = isfile; + g_free (wfullpath); + g_free (fullpath); + g_free (fullpath_with_long_prefix); } else { - dirname_with_long_prefix = g_strconcat (LONGPFX, filename, NULL); - monitor->wfullpath_with_long_prefix = g_utf8_to_utf16 (dirname_with_long_prefix, -1, NULL, NULL, NULL); - monitor->wfilename_long = NULL; monitor->wfilename_short = NULL; - monitor->isfile = FALSE; + monitor->wfilename_long = NULL; + monitor->wfullpath_with_long_prefix = g_utf8_to_utf16 (dirname_with_long_prefix, -1, NULL, NULL, NULL); } + monitor->isfile = isfile; + success_attribs = GetFileAttributesExW (monitor->wfullpath_with_long_prefix, GetFileExInfoStandard, &attrib_data); @@ -345,7 +350,7 @@ else monitor->file_attribs = INVALID_FILE_ATTRIBUTES; monitor->pfni_prev = NULL; - monitor->hDirectory = CreateFileW (wdirname_with_long_prefix != NULL ? wdirname_with_long_prefix : monitor->wfullpath_with_long_prefix, + monitor->hDirectory = CreateFileW (wdirname_with_long_prefix, FILE_LIST_DIRECTORY, FILE_SHARE_DELETE | FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glib-2.86.2/glib/gconvert.c new/glib-2.86.3/glib/gconvert.c --- old/glib-2.86.2/glib/gconvert.c 2025-11-18 17:59:09.000000000 +0100 +++ new/glib-2.86.3/glib/gconvert.c 2025-12-08 16:46:06.000000000 +0100 @@ -1336,8 +1336,9 @@ /* Note: This escape function works on file: URIs, but if you want to * escape something else, please read RFC-2396 */ static gchar * -g_escape_uri_string (const gchar *string, - UnsafeCharacterSet mask) +g_escape_uri_string (const gchar *string, + UnsafeCharacterSet mask, + GError **error) { #define ACCEPTABLE(a) ((a)>=32 && (a)<128 && (acceptable[(a)-32] & use_mask)) @@ -1345,7 +1346,7 @@ gchar *q; gchar *result; int c; - gint unacceptable; + size_t unacceptable; UnsafeCharacterSet use_mask; g_return_val_if_fail (mask == UNSAFE_ALL @@ -1362,7 +1363,14 @@ if (!ACCEPTABLE (c)) unacceptable++; } - + + if (unacceptable >= (G_MAXSIZE - (p - string)) / 2) + { + g_set_error_literal (error, G_CONVERT_ERROR, G_CONVERT_ERROR_BAD_URI, + _("Invalid hostname")); + return NULL; + } + result = g_malloc (p - string + unacceptable * 2 + 1); use_mask = mask; @@ -1387,12 +1395,13 @@ static gchar * -g_escape_file_uri (const gchar *hostname, - const gchar *pathname) +g_escape_file_uri (const gchar *hostname, + const gchar *pathname, + GError **error) { char *escaped_hostname = NULL; - char *escaped_path; - char *res; + char *escaped_path = NULL; + char *res = NULL; #ifdef G_OS_WIN32 char *p, *backslash; @@ -1413,10 +1422,14 @@ if (hostname && *hostname != '\0') { - escaped_hostname = g_escape_uri_string (hostname, UNSAFE_HOST); + escaped_hostname = g_escape_uri_string (hostname, UNSAFE_HOST, error); + if (escaped_hostname == NULL) + goto out; } - escaped_path = g_escape_uri_string (pathname, UNSAFE_PATH); + escaped_path = g_escape_uri_string (pathname, UNSAFE_PATH, error); + if (escaped_path == NULL) + goto out; res = g_strconcat ("file://", (escaped_hostname) ? escaped_hostname : "", @@ -1424,6 +1437,7 @@ escaped_path, NULL); +out: #ifdef G_OS_WIN32 g_free ((char *) pathname); #endif @@ -1757,7 +1771,7 @@ hostname = NULL; #endif - escaped_uri = g_escape_file_uri (hostname, filename); + escaped_uri = g_escape_file_uri (hostname, filename, error); return escaped_uri; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glib-2.86.2/glib/gvariant-parser.c new/glib-2.86.3/glib/gvariant-parser.c --- old/glib-2.86.2/glib/gvariant-parser.c 2025-11-18 17:59:09.000000000 +0100 +++ new/glib-2.86.3/glib/gvariant-parser.c 2025-12-08 16:46:06.000000000 +0100 @@ -91,7 +91,9 @@ typedef struct { - gint start, end; + /* Offsets from the start of the input, in bytes. Can be equal when referring + * to a point rather than a range. The invariant `end >= start` always holds. */ + size_t start, end; } SourceRef; G_GNUC_PRINTF(5, 0) @@ -106,14 +108,16 @@ GString *msg = g_string_new (NULL); if (location->start == location->end) - g_string_append_printf (msg, "%d", location->start); + g_string_append_printf (msg, "%" G_GSIZE_FORMAT, location->start); else - g_string_append_printf (msg, "%d-%d", location->start, location->end); + g_string_append_printf (msg, "%" G_GSIZE_FORMAT "-%" G_GSIZE_FORMAT, + location->start, location->end); if (other != NULL) { g_assert (other->start != other->end); - g_string_append_printf (msg, ",%d-%d", other->start, other->end); + g_string_append_printf (msg, ",%" G_GSIZE_FORMAT "-%" G_GSIZE_FORMAT, + other->start, other->end); } g_string_append_c (msg, ':'); @@ -140,11 +144,15 @@ typedef struct { + /* We should always have the following ordering constraint: + * start <= this <= stream <= end + * Additionally, unless in an error or EOF state, `this < stream`. + */ const gchar *start; const gchar *stream; const gchar *end; - const gchar *this; + const gchar *this; /* (nullable) */ } TokenStream; @@ -175,7 +183,7 @@ static gboolean token_stream_prepare (TokenStream *stream) { - gint brackets = 0; + gssize brackets = 0; const gchar *end; if (stream->this != NULL) @@ -407,7 +415,7 @@ pattern_copy (gchar **out, const gchar **in) { - gint brackets = 0; + gssize brackets = 0; while (**in == 'a' || **in == 'm' || **in == 'M') *(*out)++ = *(*in)++; @@ -609,7 +617,7 @@ { GVariant *value; gchar *pattern; - gint i, j = 0; + size_t i, j = 0; pattern = ast_get_pattern (ast, error); @@ -662,9 +670,9 @@ GError **error); static void -ast_array_append (AST ***array, - gint *n_items, - AST *ast) +ast_array_append (AST ***array, + size_t *n_items, + AST *ast) { if ((*n_items & (*n_items - 1)) == 0) *array = g_renew (AST *, *array, *n_items ? 2 ** n_items : 1); @@ -673,10 +681,10 @@ } static void -ast_array_free (AST **array, - gint n_items) +ast_array_free (AST **array, + size_t n_items) { - gint i; + size_t i; for (i = 0; i < n_items; i++) ast_free (array[i]); @@ -685,11 +693,11 @@ static gchar * ast_array_get_pattern (AST **array, - gint n_items, + size_t n_items, GError **error) { gchar *pattern; - gint i; + size_t i; /* Find the pattern which applies to all children in the array, by l-folding a * coalesce operation. @@ -721,7 +729,7 @@ * pair of values. */ { - int j = 0; + size_t j = 0; while (TRUE) { @@ -969,7 +977,7 @@ AST ast; AST **children; - gint n_children; + size_t n_children; } Array; static gchar * @@ -1002,7 +1010,7 @@ Array *array = (Array *) ast; const GVariantType *childtype; GVariantBuilder builder; - gint i; + size_t i; if (!g_variant_type_is_array (type)) return ast_type_error (ast, type, error); @@ -1088,7 +1096,7 @@ AST ast; AST **children; - gint n_children; + size_t n_children; } Tuple; static gchar * @@ -1098,7 +1106,7 @@ Tuple *tuple = (Tuple *) ast; gchar *result = NULL; gchar **parts; - gint i; + size_t i; parts = g_new (gchar *, tuple->n_children + 4); parts[tuple->n_children + 1] = (gchar *) ")"; @@ -1128,7 +1136,7 @@ Tuple *tuple = (Tuple *) ast; const GVariantType *childtype; GVariantBuilder builder; - gint i; + size_t i; if (!g_variant_type_is_tuple (type)) return ast_type_error (ast, type, error); @@ -1320,9 +1328,16 @@ AST **keys; AST **values; - gint n_children; + + /* Iff this is DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY then this struct + * represents a single freestanding dict entry (`{1, "one"}`) rather than a + * full dict. In the freestanding case, @keys and @values have exactly one + * member each. */ + size_t n_children; } Dictionary; +#define DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY ((size_t) -1) + static gchar * dictionary_get_pattern (AST *ast, GError **error) @@ -1337,7 +1352,7 @@ return g_strdup ("Ma{**}"); key_pattern = ast_array_get_pattern (dict->keys, - abs (dict->n_children), + (dict->n_children == DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY) ? 1 : dict->n_children, error); if (key_pattern == NULL) @@ -1368,7 +1383,7 @@ return NULL; result = g_strdup_printf ("M%s{%c%s}", - dict->n_children > 0 ? "a" : "", + (dict->n_children > 0 && dict->n_children != DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY) ? "a" : "", key_char, value_pattern); g_free (value_pattern); @@ -1382,7 +1397,7 @@ { Dictionary *dict = (Dictionary *) ast; - if (dict->n_children == -1) + if (dict->n_children == DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY) { const GVariantType *subtype; GVariantBuilder builder; @@ -1415,7 +1430,7 @@ { const GVariantType *entry, *key, *val; GVariantBuilder builder; - gint i; + size_t i; if (!g_variant_type_is_subtype_of (type, G_VARIANT_TYPE_DICTIONARY)) return ast_type_error (ast, type, error); @@ -1456,12 +1471,12 @@ dictionary_free (AST *ast) { Dictionary *dict = (Dictionary *) ast; - gint n_children; + size_t n_children; - if (dict->n_children > -1) - n_children = dict->n_children; - else + if (dict->n_children == DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY) n_children = 1; + else + n_children = dict->n_children; ast_array_free (dict->keys, n_children); ast_array_free (dict->values, n_children); @@ -1479,7 +1494,7 @@ maybe_wrapper, dictionary_get_value, dictionary_free }; - gint n_keys, n_values; + size_t n_keys, n_values; gboolean only_one; Dictionary *dict; AST *first; @@ -1522,7 +1537,7 @@ goto error; g_assert (n_keys == 1 && n_values == 1); - dict->n_children = -1; + dict->n_children = DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY; return (AST *) dict; } @@ -1555,6 +1570,7 @@ } g_assert (n_keys == n_values); + g_assert (n_keys != DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY); dict->n_children = n_keys; return (AST *) dict; @@ -1637,9 +1653,9 @@ */ static gboolean unicode_unescape (const gchar *src, - gint *src_ofs, + size_t *src_ofs, gchar *dest, - gint *dest_ofs, + size_t *dest_ofs, gsize length, SourceRef *ref, GError **error) @@ -1700,7 +1716,7 @@ gsize length; gchar quote; gchar *str; - gint i, j; + size_t i, j; token_stream_start_ref (stream, &ref); token = token_stream_get (stream); @@ -1833,7 +1849,7 @@ gsize length; gchar quote; gchar *str; - gint i, j; + size_t i, j; token_stream_start_ref (stream, &ref); token = token_stream_get (stream); @@ -2757,7 +2773,7 @@ static gboolean parse_num (const gchar *num, const gchar *limit, - guint *result) + size_t *result) { gchar *endptr; gint64 bignum; @@ -2767,10 +2783,12 @@ if (endptr != limit) return FALSE; + /* The upper bound here is more restrictive than it technically needs to be, + * but should be enough for any practical situation: */ if (bignum < 0 || bignum > G_MAXINT) return FALSE; - *result = (guint) bignum; + *result = (size_t) bignum; return TRUE; } @@ -2781,7 +2799,7 @@ { const gchar *last_nl; gchar *chomped; - gint i; + size_t i; /* This is an error at the end of input. If we have a file * with newlines, that's probably the empty string after the @@ -2926,7 +2944,7 @@ if (dash == NULL || colon < dash) { - guint point; + size_t point; /* we have a single point */ if (!parse_num (error->message, colon, &point)) @@ -2944,7 +2962,7 @@ /* We have one or two ranges... */ if (comma && comma < colon) { - guint start1, end1, start2, end2; + size_t start1, end1, start2, end2; const gchar *dash2; /* Two ranges */ @@ -2960,7 +2978,7 @@ } else { - guint start, end; + size_t start, end; /* One range */ if (!parse_num (error->message, dash, &start) || !parse_num (dash + 1, colon, &end)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/glib-2.86.2/meson.build new/glib-2.86.3/meson.build --- old/glib-2.86.2/meson.build 2025-11-18 17:59:09.000000000 +0100 +++ new/glib-2.86.3/meson.build 2025-12-08 16:46:06.000000000 +0100 @@ -1,5 +1,5 @@ project('glib', 'c', - version : '2.86.2', + version : '2.86.3', # NOTE: See the policy in docs/meson-version.md before changing the Meson dependency meson_version : '>= 1.4.0', default_options : [ ++++++ glib.obsinfo ++++++ --- /var/tmp/diff_new_pack.LUcfJR/_old 2025-12-10 15:30:45.718836231 +0100 +++ /var/tmp/diff_new_pack.LUcfJR/_new 2025-12-10 15:30:45.722836400 +0100 @@ -1,5 +1,5 @@ name: glib -version: 2.86.2 -mtime: 1763485149 -commit: 421fa1c9add2f25ab90e6515adf7a46636b1e71a +version: 2.86.3 +mtime: 1765208766 +commit: 7a54787e16ceb20cecda8ad6caab05b24a61e414
