Your message dated Sun, 24 Aug 2025 23:17:09 +0000
with message-id <[email protected]>
and subject line Bug#1110825: fixed in glib2.0 2.84.4-3~deb13u1
has caused the Debian Bug report #1110825,
regarding libgirepository-2.0-0: ABI is dependent on current version of libffi
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1110825: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110825
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libgirepository-2.0-0
Version: 2.84.4-1
Severity: important
libgirepository-2.0-0 has libffi data structures in its public API,
specifically everything in <girepository/girffi.h>:
- gi_type_tag_get_ffi_type()
- gi_type_info_get_ffi_type()
- gi_type_info_extract_ffi_return_value()
- gi_type_tag_extract_ffi_return_value()
- gi_function_info_prep_invoker()
- gi_function_invoker_new_for_address()
- gi_function_invoker_clear()
- gi_callable_info_create_closure()
- gi_callable_info_get_closure_native_address()
- gi_callable_info_destroy_closure()
Next time libffi does an ABI transition, the ABI of these functions will
change, but upstream is very unlikely to bump the SONAME of
libgirepository-2.0-0 for this (because nothing under their control will
have changed).
A mitigation is that as of trixie, nobody is using libgirepository-2.0-0
yet: the only rdep in the archive is python3-gi/experimental. I expect
that python3-gi and libgjs will both want to move to
libgirepository-2.0-0 in the forky cycle, though.
The way we dealt with this for libgirepository-1.0-1 was to provide a
virtual package with a mechanically-generated name:
Package: libgirepository-1.0-1
Version: 1.84.0-1
Provides: libgirepository-1.0-1-with-libffi8 (= 1.84.0-1)
and make it generate dependencies on that virtual package:
Package: python3-gi
Depends: ..., libgirepository-1.0-1-with-libffi8 (>= 1.62.0-4~), ...
I think we should teach src:glib2.0 to do the same thing.
We might want to limit the dependency generation so that only the
libffi-related functions listed above will generate a dependency on the
virtual package, which would allow packages to call functions like
gi_repository_prepend_library_path() without becoming dependent on a
specific libffi.
smcv
--- End Message ---
--- Begin Message ---
Source: glib2.0
Source-Version: 2.84.4-3~deb13u1
Done: Simon McVittie <[email protected]>
We believe that the bug you reported is fixed in the latest version of
glib2.0, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon McVittie <[email protected]> (supplier of updated glib2.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 18 Aug 2025 09:30:17 +0100
Source: glib2.0
Architecture: source
Version: 2.84.4-3~deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Simon McVittie <[email protected]>
Closes: 1110640 1110696 1110825
Changes:
glib2.0 (2.84.4-3~deb13u1) trixie; urgency=medium
.
* Go back to debian/trixie branch for a stable update
* d/tests/manual/1065022.sh: Update manual test script used to reproduce
and test fixes for #1065022
- Adapt to upgrade from bookworm to trixie, rather than bookworm to sid
- Optionally reproduce #1110696 instead
- Optionally test the extra safety checks in the postrm
- Add a simpler mechanism to test proposed packages for either
bookworm or trixie
- Improve diagnostic output
.
glib2.0 (2.84.4-3) unstable; urgency=medium
.
* d/control: Generate the intended Provides in libgirepository-2.0-0
.
glib2.0 (2.84.4-2) unstable; urgency=medium
.
* Mention #1110640 in previous changelog entry
* libgirepository-2.0-0: Generate a dependency on a virtual package
for libffi-related symbols, to avoid trouble during future libffi ABI
transitions (Closes: #1110825)
* libglib2.0-0t64: Make maintainer scripts shellcheck-clean
* libglib2.0-0t64.postrm:
- Refactor to use functions that early-return if we do not want to
do the cleanup, avoiding stacking conditionals
- Don't remove cache files if they would be non-empty,
guarding against issues similar to #1065022 and #1110696
(mitigates: #1110696)
* libglib2.0-0t64.preinst: Disarm libglib2.0-0 postrm for all
architectures, avoiding a corner case where the faulty postrm that
suffered from #1065022 would still exist if it belonged to a former
foreign architecture that was already disabled, but libglib2.0-0
from that architecture was still in removed-but-not-purged state,
resulting in #1065022 recurring when that version of libglib2.0-0
was subsequently purged (Closes: #1110696)
* d/tests/1065022-futureproofing:
- Fix a test regression by generating a versioned Provides when
building a mockup of a hypothetical future libglib2.0-0xyz.
This regression wasn't immediately obvious because the autopkgtest
is marked as flaky (it depends on various implementation details
which we can't completely rely on).
- Make sure required packages stay installed, failing the test early
if their dependencies cannot be satisfied
- Produce only TAP output on stdout, and a diagnostic log on stderr
- Improve diagnostic output
.
glib2.0 (2.84.4-1) unstable; urgency=medium
.
* d/control, d/gbp.conf: Use debian/forky packaging branch.
The debian/latest branch is now tracking 2.85.x for Debian
experimental.
* New upstream stable release
- Ensure that generating temporary file names does not access memory
outside the intended array of alphanumeric characters if a long-running
program generates billions of temporary file names
(CVE-2025-7039, glib#3716 upstream; believed to be unlikely to be
exploitable in practice. Closes: #1110640)
- Fix the intended ability for g_settings_bind_with_mapping_closures()
to copy a value to the destination object
(glib!4667 upstream)
- If creating a thread pool fails, report a recoverable error instead
of crashing with a fatal error
(glib#3712 upstream)
- Fix several memory leaks
(glib#3721, glib!4702 upstream)
Checksums-Sha1:
3781bde6582453bfd77761cbc62beca7af410459 5004 glib2.0_2.84.4-3~deb13u1.dsc
58099bd57032eaef7ac563e94985a93fab1d0286 140748
glib2.0_2.84.4-3~deb13u1.debian.tar.xz
aefb94cfef10277a3b57d47b132576f590fcf4fb 7520
glib2.0_2.84.4-3~deb13u1_source.buildinfo
Checksums-Sha256:
6e3c859cdc1d47980408efb9743b72d8ef8934cf17b5e145a45bb9e2a0f143d3 5004
glib2.0_2.84.4-3~deb13u1.dsc
f4116e98980d9fc272037bdcacccb2925026809894255be21e6c9e6cdbe47069 140748
glib2.0_2.84.4-3~deb13u1.debian.tar.xz
9c3ee19aa0e036901d4b0d7ba004ba96a4b3a45930bd6d442404b0d9b83e4610 7520
glib2.0_2.84.4-3~deb13u1_source.buildinfo
Files:
dc94b19bf019ac84735ba9361eaf67f2 5004 libs optional
glib2.0_2.84.4-3~deb13u1.dsc
07e72da60e495dbad3b19376e64fdaef 140748 libs optional
glib2.0_2.84.4-3~deb13u1.debian.tar.xz
aa07098535f1fa24e599bbaf0bac2897 7520 libs optional
glib2.0_2.84.4-3~deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEegc60a5pT6Jb/2LlI1wJnT6zMHYFAmiq4aUACgkQI1wJnT6z
MHZ1QQ//To2a57S7M2soykU82nVJsIlqmZBmrNoiB3zny14rzzC7ub9ssmsTF0Fr
Jd03sbDrXzZ3xR6bdamjLGRPGuRTbrNq+HPK7TgTa4g79AsmISMTY6djXcYZa9Tr
t9RQWZJNeRTZ/zck6lDvd1LfQVPBTAObtjUOn2NgKHPaKVXbDvhTmj27iEuB4kjD
1Iz7s0/zLzcUGHiA+DYcdHCE1e/KmK7OPbyicSrcakDWt0DKdOJsGxEepHIHoW/l
AS3BKeSD2hpQKcRl+b00mBVLQgf5gDw4ZZEEDkJphpOyg+2n6srr90N5KIxhQCA7
jhAQXMShK2A60lxBAWvOgFTL/N8NB3ktZxIynN8LAPoPXrgHjJyKreoYho81UoaZ
eox7ag9ld3J3FUPlSiknaBnwW2RlyzrzYHMj854o9Sv02ryqQZqoetqHalez7UcT
L+XkKihf6O1PXLZEHF5iC8w0Qsf6imrah4bhh3fA9wrr/HulmiRVNgwSk3VaPP7U
bcZgyjJl6uiX6ZgooJNWpb/5mjIy4MdwDRe1te1hq82W8BKS5fIbzIzRBmabc/Ye
hzBwFWJQKgjAdSkIH/3R1ZHxvpDnqIlihzx0YvQOBk9axWJNYtld1a6rkeYcpiPD
b2EyWvRpVeyTnVgvLQSYj9yGSCUf4d/Q4OiUiOVVju/1B6EU3mI=
=wf3z
-----END PGP SIGNATURE-----
pgpwd5JjJbaDP.pgp
Description: PGP signature
--- End Message ---
