Accepted glib2.0 2.68.3-2 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 15 Aug 2021 14:57:30 +0100
Source: glib2.0
Architecture: source
Version: 2.68.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Closes: 977961 982213 982778 982779 983026 984969 987913
Changes:
glib2.0 (2.68.3-2) unstable; urgency=medium
.
* Merge from experimental branch
* Changes relative to 2.68.3-1 in experimental:
- d/watch: Only watch for stable (2.even.z) releases
- d/p/debian/61_glib-compile-binaries-path.patch: Remove.
This patch turns out to be unnecessary, and is harmful for
cross-compiling. Thanks to Helmut Grohne (Closes: #982213)
* Changes relative to previous version in unstable:
- New upstream stable release branch 2.68.x
- Fix maintainer scripts' handling of /usr/lib/MULTIARCH/gio/modules
(Closes: #987913, see 2.68.1-2 changelog)
- Mark dbus as <!nocheck> <!noinsttest>.
Several of the installed-tests won't be built unless dbus-daemon is
available, so <!nocheck> is insufficient.
- Move test-dependencies to Build-Depends-Arch.
We don't run the majority of the tests when we're only building the
documentation.
- Remove an unused Lintian override
- Add more Lintian overrides for test data
- Use d/tests/run-with-locales for better locale-sensitive test coverage
* d/rules: Fix dead link when documenting why we use -Wl,--no-as-needed
* Bump minimum GLib version for callers of g_dbus_server_new_sync()
Programs that call this function might be passing in the new flag
G_DBUS_CONNECTION_FLAGS_AUTHENTICATION_REQUIRE_SAME_USER, which is
security-significant. Don't allow such programs to be built against
GLib 2.68 and run with GLib 2.66 or older.
* Add Breaks on libsoup2.4-tests before 2.72.0-3.
Older versions of the libsoup test suite had an assertion that would
only succeed because of a GLib bug, which is fixed in 2.68.x. Newer
versions tolerate the bug, but do not require it.
.
glib2.0 (2.68.3-1) experimental; urgency=medium
.
* New upstream release 2.68.3, fixing bugs:
- GFile: `g_file_replace_contents()` reports `G_IO_ERROR_WRONG_ETAG` when
saving from a symlink
- glocalfileoutputstream: Fix ETag check when replacing through a symlink
- gmacros: check that __cplusplus or _MSC_VER is defined
- gmacros: missing check if __STDC_VERSION__ is defined
- gthreadedresolver: don't ignore flags in lookup_by_name_with_flags
- inotify: Fix a memory leak
- json-glib does not build with glib 2.68.1
- testfilemonitor test leaks ip_watched_file_t struct
- tlscertificate: Avoid possible invalid read
.
glib2.0 (2.68.1-2) experimental; urgency=medium
.
* Fix maintainer scripts' handling of /usr/lib/MULTIARCH/gio/modules:
- postrm: Only delete GIO module cache on remove or purge.
Despite its name, the postrm can be invoked for reasons other than
package removal: in particular, the old version's postrm is run
during upgrades.
- postinst: Recreate GIO module directory if deleted by an older
postrm, to recover from the bug fixed here.
- postinst: Don't guard glib-compile-schemas or gio-querymodules with
a check for existence of a directory that is shipped in the .deb.
If such a directory has somehow gone missing, we want to see
a warning. This won't make the postinst fail, because we're ignoring
exit status anyway.
(Closes: #987913)
.
glib2.0 (2.68.1-1) experimental; urgency=medium
.
* New upstream stable release
* d/tests/run-with-locales: Avoid FTBFS with locales-all installed
.
glib2.0 (2.68.0-1) experimental; urgency=medium
.
* New upstream stable release
- Drop dead code from glib-compile-schemas
- Improve valgrind suppressions
- Fix error in g_bytes_icon_new() documentation
- Avoid close(-1) during error handling
- Fix copy/paste error in queue test
- Translation updates
* Add CVE ID references to previous changelog entries.
CVE IDs were not yet available at the time these vulnerabilities were
initially fixed.
.
glib2.0 (2.67.6-1) experimental; urgency=medium
.
* New upstream release
- This fixes a symlink attack affecting file-roller.
When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION
to replace a path that is a dangling symlink, previously it would
have also created the target of the symlink as an empty file, which
could conceivably be security-sensitive if the symlink is
attacker-controlled. (Closes: #984969; CVE-2021-28153)
* Revert test-dependency on libc6-dev, which should no longer be
necessary with the new upstream release.
.
glib2.0 (2.67.5-2) experimental; urgency=medium
.
* debian/tests/control: Test-Depend on libc6-dev; the `pollable` test
requires it. See [upstream MR !1977][0]. The upstream tests now rely on
finding "libutil.so", which is in libc6-dev. Once that MR, or something
like it, is merged, we can remove this test-dep as the runtime library
will be being used.
[0]: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1977
.
glib2.0 (2.67.5-1) experimental; urgency=medium
.
* New upstream release
+ Fix more issues with `glib_typeof` macro from 2.67.3–2.67.4 (LP:
#1916705)
+ Fix regression with some FD mappings passed to
`g_subprocess_launcher_spawnv()` (Closes: #983026) (LP: #1916701)
* debian/watch: Fix to not match `..`. The watch file was matching the
"Parent directory/" link and considering that the highest, since its
target is `..`. Expect 1+ digits to begin the version number.
.
glib2.0 (2.67.4-1) experimental; urgency=medium
.
* New upstream release
- Among other changes, this should fix FTBFS on armel
* d/libglib2.0-0.symbols: Add g_spawn_async_with_pipes_and_fds
.
glib2.0 (2.67.3+git20210214-1) experimental; urgency=medium
.
* d/changelog: Add bug reference for GHSL-2021-045 to previous entry
* New upstream git snapshot; among other changes:
- Fix regressions caused by the GHSL-2021-045 fixes in 2.67.3
- Warn and fail on integer overflow in g_byte_array_new_take()
for arrays larger than G_MAXUINT
(Closes: #982779; CVE-2021-27218)
* d/libglib2.0-0.symbols: Add g_string_replace()
* Refresh patch series
* d/rules, d/tests: Generate various locales mentioned in the tests
* Mark dbus as <!nocheck> <!noinsttest>.
Several of the installed-tests won't be built unless dbus-daemon is
available, so <!nocheck> is insufficient.
* Move test-dependencies to Build-Depends-Arch.
We don't run the majority of the tests when we're only building the
documentation.
* Remove an unused Lintian override
* Add more Lintian overrides for test data
.
glib2.0 (2.67.3-1) experimental; urgency=medium
.
* New upstream release
- Fix various integer overflows, some of them potentially exploitable
(Closes: #982778; CVE-2021-27219, GHSL-2021-045)
* Drop patches that came from upstream or were applied upstream
.
glib2.0 (2.67.2-1) experimental; urgency=medium
.
* New upstream release
* Refresh patch series
* d/patches: Cherry-pick some fixes from upstream git master.
This is mostly for parity with the update to 2.66.x that I'm preparing
for unstable, which also includes the XDG_CURRENT_DESKTOP fixes.
* d/p/spawn-Don-t-set-a-search-path-if-we-don-t-want-to-search-.patch:
Make the g_spawn family only search PATH if G_SPAWN_SEARCH_PATH is used.
Previously, they would sometimes search /usr/bin:/bin:. for an
executable they should have only loaded from the current working
directory. In particular, this made gtk+3.0 fail its build-time tests
if ImageMagick display(1) happened to be installed. (Closes: #977961)
.
glib2.0 (2.67.1-1) experimental; urgency=medium
.
* Branch for experimental and 2.67.x
* New upstream development release
* Temporarily use git to fetch upstream release.
The official tarball release doesn't seem to have made it onto mirrors.
* d/rules: Explicitly enable libelf dependency for gresource tool
* d/p/Handle-the-case-of-g_object_run_dispose-in-GBinding.patch:
Add patch from upstream to fix a regression in GBinding that caused
gnome-terminal-server to crash on startup
Checksums-Sha1:
58e33c4b25ae94d0935e0bb305f8dfb11f374b27 3486 glib2.0_2.68.3-2.dsc
bebaf034f077451c0627fd06d9c6333c6a1b3f5e 100368 glib2.0_2.68.3-2.debian.tar.xz
7cf981a02c60201e3ec9d2e24b7303ad7bbd928b 6961 glib2.0_2.68.3-2_source.buildinfo
Checksums-Sha256:
1244a133e25a93f9cfc3f4986a74184e682a57eae4bb59e59c41a1964138f92c 3486 glib2.0_2.68.3-2.dsc
db1ea5fed3707366efa2a71962b289a9535654505212d8787d60d161456dfc61 100368 glib2.0_2.68.3-2.debian.tar.xz
8c8d0cad73aff5065fdb7273688c39b4b29af271597df642847420f3bd0a36c6 6961 glib2.0_2.68.3-2_source.buildinfo
Files:
1811025fb1c7548dd0f1764dd329106e 3486 libs optional glib2.0_2.68.3-2.dsc
97e063a09a83c5069999bca7479b87e0 100368 libs optional glib2.0_2.68.3-2.debian.tar.xz
f7754c81ae0fcf9ea6fd3849f7ea0913 6961 libs optional glib2.0_2.68.3-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmEaIdEACgkQ4FrhR4+B
TE/6WQ/7BZiQne61fY0J2moYE83yqYr7eJKjUHPvqiJqtdRX/HcnAQhZp2KUSZlL
w3s3mzBO5yYgipLyxE3g23AW20ezPepSUQYDf3sMObBVqkyPwLFwmcEtpoLSu6D6
3MbpLcU+9Zi0eP9GDZQ440BW8Uep96uBESmzOsgyPjWwOrQU323mODFO+7e3/iEZ
7VPq59u3jErIRZWPjxLRoHkKokSJfplnoDhejSuqcZ9jxStKOA2mLInonJg3nfOX
bTcbg2cLKckDa/OM7OqwL5aphptzz9yWajJvhwGEi5pCe58nMJdecjXHvInxcJ1N
JFCQSICtFXgsFmkCJdUCRNZPRcTNPUW3HPYN2kvFE3XBjRnJ0keHQ5/qPb/LR6OC
6kYHCTCMyWicv2oBPhfveG3EN2BjvIdOhRm9VYBHvj7/UJRXpgsD7+BjS0m6c3VP
Z3xtOn4L2v/Ew4MymoyQzUHxzKNMbHIz7UMBEjL6ywIGAnY01XsCStVUtgw3Bjeb
wRMsVuXFqZh7d+rRuR1yTSfrec7o0P8qhI8ufMDImHmEsYj10RDLSYX/j7LCcqmJ
dNgjfzIRGxs8j6DD9sqbZhsazxXvXnhcmj+rhaEuPIHiMiJhJNiuV3Nj4onp+UJt
BicOQaF5LETd3yN7Uukt6irLXRw3C5qdTPOgtn1h6XBrV0o/vAM=
=GWaq
-----END PGP SIGNATURE-----