diff mbox series

glib: Update to version 2.88.1

Message ID 20260504174059.3648098-2-adolf.belka@ipfire.org
State Staged
Commit da3d30c4bd37c6e3f3a177676a8d33771d67374e
Headers
Series glib: Update to version 2.88.1 |

Commit Message

Adolf Belka 4 May 2026, 5:40 p.m. UTC 
- Update from version 2.88.0 to 2.88.1
- Update of rootfile
- Changelog
2.88.1
* Fix miscompilation with GCC 16 due to GLib’s use of the wrong function
  attribute (!5145, work by Sam James)
* Fix flag confusion security issue when using `GRegex` with `G_REGEX_RAW` which
  can result in unbounded out-of-bounds heap reads off the start of a regex
  input string (#3919, work by linhlhq)
* Fix various minor (low severity) security issues, typically one-to-five-byte
  out-of-bounds reads (#3915, #3916, #3917, #3918, #3930) or ones relying on
  very specific (and unlikely) API calls (#3925) or ones relying on
  discouraged P2P D-Bus configurations (#3931, #3933) (work by linhlhq)
* Bugs fixed:
  - #3915 (#YWH-PGM9867-190) Buffer Over-read on GLib through glib/gvariant-
    serialiser.c:1253 via gvs_tuple_is_normal() (Philip Withnall)
  - #3916 (#YWH-PGM9867-187) OOB Read on GLib through
    glib/gmarkup.c:g_markup_escape_text() via
    glib/gmarkup.c:append_escaped_text() (Philip Withnall)
  - #3917 (#YWH-PGM9867-191) OOB Read on GLib through
    glib/gdatetime.c:g_date_time_get_ymd via invalid `GDateTime` (Philip
    Withnall)
  - #3918 (#YWH-PGM9867-193) Buffer Over-read on GLib's g_regex_replace()
    through glib/gregex.c:string_append() via g_utf8_next_char() (Philip
    Withnall)
  - #3919 (#YWH-PGM9867-194) Buffer Over-read on GLib through
    glib/gregex.c:g_regex_split_full() via glib/gutf8.c:g_utf8_prev_char()
    (Philip Withnall)
  - #3925 (#YWH-PGM9867-199) Buffer Over-read on GLib through glib/giochannel.c
    via "g_io_channel_read_line_backend" (Philip Withnall)
  - #3930 (#YWH-PGM9867-200) Off-by-one Error on GLib through glib/gkeyfile.c
    via "g_key_file_get_locale_string_list" (Philip Withnall)
  - #3931 (#YWH-PGM9867-203)  Path Traversal on GLib DBus through
    glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry,
    mechanism_client_data_receive (COOKIE_SHA1 Client Authentication) leads to
    Arbitrary File Read (Philip Withnall)
  - #3933 Integer overflow in g_dbus_message_bytes_needed() bypasses 128 MiB
    size check (pre-auth DoS on P2P connections) (Philip Withnall)
  - !5101 Update Serbian translation
  - !5105 docs: Expand docs for GLIB_VERSION_MAX_ALLOWED
  - !5110 gmarkup: fix type of length parameter of text_validate()
  - !5111 Update Russian translation
  - !5113 Update Polish translation
  - !5114 docs: Remove myself from CODEOWNERS
  - !5122 Update Slovak translation
  - !5134 Backport various recent security fixes to GVariant, GMarkup, GDateTime
    and GRegex to glib-2-88
  - !5150 Backport !5145 “gvarianttype: use pure attribute, not inappropriate
    const” to glib-2-88
  - !5152 Update Slovak translation
  - !5154 Update German translation
  - !5165 Update Slovak translation
  - !5166 Update Slovak translation
  - !5169 Update Persian translation
  - !5174 Backport !5170 !5171 !5172 !5173 Various security fixes to glib-2-88
* Translation updates:
  - German (Christian Kirbach)
  - Persian (Danial Behzadi)
  - Polish (Victoria Niedzielska)
  - Russian (Artur S0)
  - Serbian (Марко Костић)
  - Slovak (Jose Riha)

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/glib | 16 ++++++++--------
 lfs/glib                     |  4 ++--
 2 files changed, 10 insertions(+), 10 deletions(-)
diff mbox series

Patch

diff --git a/config/rootfiles/common/glib b/config/rootfiles/common/glib
index cd96e6f7a..f9e0ca72a 100644
--- a/config/rootfiles/common/glib
+++ b/config/rootfiles/common/glib
@@ -339,22 +339,22 @@  usr/include/glib-2.0/gio/gdebugcontroller.h
 #usr/lib/glib-2.0/include/glibconfig.h
 #usr/lib/libgio-2.0.so
 usr/lib/libgio-2.0.so.0
-usr/lib/libgio-2.0.so.0.8800.0
+usr/lib/libgio-2.0.so.0.8800.1
 #usr/lib/libgirepository-2.0.so
 usr/lib/libgirepository-2.0.so.0
-usr/lib/libgirepository-2.0.so.0.8800.0
+usr/lib/libgirepository-2.0.so.0.8800.1
 #usr/lib/libglib-2.0.so
 usr/lib/libglib-2.0.so.0
-usr/lib/libglib-2.0.so.0.8800.0
+usr/lib/libglib-2.0.so.0.8800.1
 #usr/lib/libgmodule-2.0.so
 usr/lib/libgmodule-2.0.so.0
-usr/lib/libgmodule-2.0.so.0.8800.0
+usr/lib/libgmodule-2.0.so.0.8800.1
 #usr/lib/libgobject-2.0.so
 usr/lib/libgobject-2.0.so.0
-usr/lib/libgobject-2.0.so.0.8800.0
+usr/lib/libgobject-2.0.so.0.8800.1
 #usr/lib/libgthread-2.0.so
 usr/lib/libgthread-2.0.so.0
-usr/lib/libgthread-2.0.so.0.8800.0
+usr/lib/libgthread-2.0.so.0.8800.1
 #usr/lib/pkgconfig/gio-2.0.pc
 #usr/lib/pkgconfig/gio-unix-2.0.pc
 #usr/lib/pkgconfig/girepository-2.0.pc
@@ -377,8 +377,8 @@  usr/lib/libgthread-2.0.so.0.8800.0
 #usr/share/gdb/auto-load
 #usr/share/gdb/auto-load/usr
 #usr/share/gdb/auto-load/usr/lib
-#usr/share/gdb/auto-load/usr/lib/libglib-2.0.so.0.8800.0-gdb.py
-#usr/share/gdb/auto-load/usr/lib/libgobject-2.0.so.0.8800.0-gdb.py
+#usr/share/gdb/auto-load/usr/lib/libglib-2.0.so.0.8800.1-gdb.py
+#usr/share/gdb/auto-load/usr/lib/libgobject-2.0.so.0.8800.1-gdb.py
 #usr/share/gettext/its
 #usr/share/gettext/its/gschema.its
 #usr/share/gettext/its/gschema.loc
diff --git a/lfs/glib b/lfs/glib
index 1b6e2269f..47fe1eb6b 100644
--- a/lfs/glib
+++ b/lfs/glib
@@ -24,7 +24,7 @@ 
 
 include Config
 
-VER        = 2.88.0
+VER        = 2.88.1
 #          https://download.gnome.org/sources/glib/
 
 THISAPP    = glib-$(VER)
@@ -41,7 +41,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = b540e0f5490f85b44cfad5d819f4a6fd911addc26fed8b8b49852bd6ec322d7d16136b691452030cf5f590374ea06cf8fdb8c9109d5cbe7b68625379bbd40615
+$(DL_FILE)_BLAKE2 = d9a0e54d2c1b5128aee76f1743cbeea84a24af5a2252ba1c649943bbca3fbc5f08896249542526560c92dd0e60cbd8a72498c3cfe1535d1f0bf85316ce37dba1
 
 install : $(TARGET)