-
glib2.0 (2.56.4-0ubuntu0.18.04.9) bionic-security; urgency=medium
* SECURITY UPDATE: Privilege Escalation
- debian/patches/CVE-2021-3800.patch: Drop a redundant environment
variable in _g_locale_get_charset_aliases function at
libcharset/localcharset.c.
- CVE-2021-3800
-- Rodrigo Figueiredo Zaiden <email address hidden> Mon, 29 Nov 2021 13:42:57 -0300
-
glib2.0 (2.56.4-0ubuntu0.18.04.8) bionic-security; urgency=medium
* SECURITY UPDATE: incorrect g_file_replace() symlink handling
- debian/patches/CVE-2021-28153-pre1.patch: allow g_test_bug() to be
used without g_test_bug_base() in /glib/gtestutils.c.
- debian/patches/CVE-2021-28153-1.patch: fix a typo in a comment in
gio/glocalfileoutputstream.c.
- debian/patches/CVE-2021-28153-2.patch: stop using g_test_bug_base()
in file tests in gio/tests/file.c.
- debian/patches/CVE-2021-28153-3.patch: factor out a flag check in
gio/glocalfileoutputstream.c.
- debian/patches/CVE-2021-28153-4.patch: fix CREATE_REPLACE_DESTINATION
with symlinks in gio/glocalfileoutputstream.c, gio/tests/file.c.
- debian/patches/CVE-2021-28153-5.patch: add a missing O_CLOEXEC flag
to replace() in gio/glocalfileoutputstream.c.
- CVE-2021-28153
-- Marc Deslauriers <email address hidden> Fri, 12 Mar 2021 12:27:31 -0500
-
glib2.0 (2.56.4-0ubuntu0.18.04.7) bionic-security; urgency=medium
* SECURITY UPDATE: g_byte_array_new_take length truncation
- debian/patches/CVE-2021-2721x/CVE-2021-27218.patch: do not accept too
large byte arrays in glib/garray.c, glib/gbytes.c,
glib/tests/bytes.c.
- CVE-2021-27218
* SECURITY UPDATE: integer overflow in g_bytes_new
- debian/patches/CVE-2021-2721x/CVE-2021-27219*.patch: add internal
g_memdup2() function and use it instead of g_memdup() in a bunch of
places.
- CVE-2021-27219
-- Marc Deslauriers <email address hidden> Wed, 03 Mar 2021 06:29:59 -0500
-
glib2.0 (2.56.4-0ubuntu0.18.04.6) bionic-security; urgency=medium
* No-change rebuild for -security
-- Alex Murray <email address hidden> Tue, 24 Mar 2020 11:27:40 +1030
-
glib2.0 (2.56.4-0ubuntu0.18.04.5) bionic; urgency=medium
[ Gunnar Hjalmarsson ]
* d/p/gcredentialsprivate-Document-the-various-private-macros.patch,
d/p/credentials-Invalid-Linux-struct-ucred-means-no-informati.patch,
d/p/GDBus-prefer-getsockopt-style-credentials-passing-APIs.patch:
- Ensure libdbus clients can authenticate with a GDBusServer like
the one in ibus. The patches cherry picked from 2.62.2-2 in focal
in order to allow the ibus fix of CVE-2019-14822 to be re-enabled
without breaking ibus for Qt applications (LP: #1844853).
[ Iain Lane ]
* d/p/Add-a-test-for-GDBusServer-authentication.patch: Additionally backport
this commit to add a test for the above fixes.
+ BD on libdbus-1-dev so that the above test gets run properly.
-- Gunnar Hjalmarsson <email address hidden> Thu, 31 Oct 2019 00:16:00 +0100
-
glib2.0 (2.56.4-0ubuntu0.18.04.4) bionic-security; urgency=medium
* SECURITY UPDATE: Not properly restrict directory and file permissions
- debian/patches/CVE-2019-13012.patch: changes the permissions when
a directory is created, using 700 instead 777 in
gio/gkeyfilesettingsbackend.c and changes test to run in a temp
directory in gio/tests/gsettings.c.
- CVE-2019-13012
-- <email address hidden> (Leonidas S. Barbosa) Wed, 03 Jul 2019 15:50:24 -0300
-
glib2.0 (2.56.4-0ubuntu0.18.04.3) bionic-security; urgency=medium
* SECURITY UPDATE: Less restrictive permissions during copying
- debian/patches/CVE-2019-12450.patch: limit access to file when
copying in file_copy_fallback in file gio/gfile.c.
- CVE-2019-12450
-- <email address hidden> (Leonidas S. Barbosa) Wed, 05 Jun 2019 13:47:02 -0300
-
glib2.0 (2.56.4-0ubuntu0.18.04.2) bionic; urgency=medium
* Backport upstream patches to fix GVariant alignment tests
d/p/gvariant-test-Also-force-alignment-for-tuple-test-data.patch,
d/p/tests-Allocate-gvariant-data-from-the-heap-to-guarantee-a.patch:
Cherry-pick.
glib2.0 (2.56.4-0ubuntu0.18.04.1) bionic; urgency=medium
* New upstream release (LP: #1816547)
+ Various buffer overflow fixes in GMarkup/GVariant/GDBus
+ Fix "Moving a bookmark item to the same URI causes a crash" (LP:
#1760569)
* debian/libglib2.0-0.symbols: New symbols
-- Iain Lane <email address hidden> Fri, 22 Mar 2019 12:17:34 +0000
-
glib2.0 (2.56.4-0ubuntu0.18.04.1) bionic; urgency=medium
* New upstream release (LP: #1816547)
+ Various buffer overflow fixes in GMarkup/GVariant/GDBus
+ Fix "Moving a bookmark item to the same URI causes a crash" (LP:
#1760569)
* debian/libglib2.0-0.symbols: New symbols
-- Iain Lane <email address hidden> Tue, 26 Feb 2019 11:59:03 +0000
-
glib2.0 (2.56.3-0ubuntu0.18.04.1) bionic; urgency=medium
* New upstream release (LP: #1794544)
+ The documentation for G_GNUC_MALLOC has changed to be more restrictive
to avoid miscompilations; you should check whether any uses of it in
your code are appropriate
+ Fix cancellation of g_subprocess_communicate_async() calls
+ Bug fixes:
+ /network-monitor/create-in-thread fails in (LXC) containers on glib-2-56
+ GBookmarkFile: nullptr access in current_element
+ GBookmarkFile: heap-buffer-overflow in g_utf8_get_char
+ Backport g_subprocess_communicate() cancellation fixes from !266 to
glib-2-56 (LP: #1789476)
+ Many uses of G_GNUC_MALLOC are incorrect
+ Test for BROKEN_IP_MREQ_SOURCE_STRUCT is broken on Windows / Mingw
+ Fix persistent CI failure on glib-2-56
* debian/watch: Only find 2.56 versions.
* Drop CVE-2018-16428.patch and CVE-2018-16429.patch: applied in this release
-- Iain Lane <email address hidden> Wed, 26 Sep 2018 17:35:59 +0100
-
glib2.0 (2.56.2-0ubuntu0.18.04.2) bionic-security; urgency=medium
* SECURITY UPDATE: NULL pointer deference
- debian/patches/CVE-2018-16428.patch: fix in glib/gmarkup.c,
glib/tests/Makefile.am,
glib/tests/markups/fail-51.expected,
glib/tests/markups/fail-51.gmarkup.
- CVE-2018-16428
* SECURITY UPDATE: Read out-of-bounds
- debian/patches/CVE-2018-16429.patch: fix in glib/gmarkup.c and
glib/tests/Makefile.am,
glib/tests/markups/fail-50.expected,
glib/tests/markups/fail-50.gmarkup.
- CVE-2018-16429
-- <email address hidden> (Leonidas S. Barbosa) Mon, 17 Sep 2018 09:52:54 -0300
-
glib2.0 (2.56.2-0ubuntu0.18.04.1) bionic; urgency=medium
* New upstream release (LP: #1789472, LP: #1764779)
* Refreshed patches
* d/p/tests-network-monitor-Always-use-the-dummy-proxy-res.patch:
- Removed (aplied upstream)
-- Marco Trevisan (TreviƱo) <email address hidden> Tue, 28 Aug 2018 13:25:36 -0500
-
glib2.0 (2.56.1-2ubuntu1) bionic; urgency=medium
* Merge with debian, remaining changes:
- exp_git_default_per_desktop*.patch:
+ cherry-pick per-desktop overrides from GNOME #786496
Allison confirmed the patches will be committed to glib soon
glib2.0 (2.56.1-2) unstable; urgency=medium
[ Tim Lunn ]
* libglib2.0-0.triggers:use interest-await trigger for schemas
[ Iain Lane ]
* debian/patches/tests-network-monitor-Always-use-the-dummy-proxy-res.patch:
Take patch from upstream to ignore the system's proxy settings for the
network-monitor test - it's testing an "abstract" network unrelated to the
system's network, and these settings interfere with that. This fixes a
failure in the Ubuntu autopkgtest machines, which have a proxy set.
glib2.0 (2.56.1-1) unstable; urgency=medium
[ Tim Lunn ]
* New upstream release
* Drop patches included in new release
* libglib2.0-0.triggers: Use interest-noawait triggers, generating caches
doesn't need to block configuration. flagged by lintian
uses-implicit-await-trigger warning.
[ Simon McVittie ]
* Explicitly use autoconf build system, even with debhelper 11.2
(see #895174)
glib2.0 (2.56.0-6) unstable; urgency=medium
* Team upload
* d/p/0002-gapplication-Tighten-up-application-ID-validation.patch:
Transliterate commit message into ASCII so git-buildpackage doesn't
export it as a blob of base64
* d/p/g_test_dbus_down-Ensure-next-test-does-not-use-old-c.patch:
Add patch to address a race condition that sometimes makes D-Bus-based
tests fail (Closes: #894677)
* d/patches: Improve metadata on various patches
glib2.0 (2.56.0-5) unstable; urgency=medium
[ Simon McVittie ]
* Use `set -e` in the (empty) prerm to avoid a Lintian warning
* Add Lintian override for the empty prerm used to work around
#887629
[ Michael Biebl ]
* Stop installing libglib to /lib.
Late mounting of /usr is no longer supported, so this is not necessary
anymore.
* Drop maintscript migration code from pre-jessie.
* Drop obsolete Breaks.
-- Iain Lane <email address hidden> Tue, 10 Apr 2018 19:03:42 +0100
-
glib2.0 (2.56.0-4ubuntu1) bionic; urgency=low
* Merge from Debian unstable. Remaining changes:
- exp_git_default_per_desktop*.patch:
+ cherry-pick per-desktop overrides from GNOME #786496
Allison confirmed the patches will be committed to glib soon
- debian/gbp.conf: Update for Ubuntu
- debian/control{,.in}: Update Vcs-* to point at LP git
glib2.0 (2.56.0-4) unstable; urgency=medium
* Fix typo: libglib2.0-dev-bin Depends on python3-distutils, not
distuils (Closes: #893773)
* Restore `set -x` in debian/tests/build
glib2.0 (2.56.0-3) unstable; urgency=medium
[ Iain Lane ]
* debian/tests/build: Add Restrictions: allow-stderr. We run this test with
`set -x', which outputs to stderr, and would like to continue doing so.
[ Jeremy Bicha ]
* Depend and Build-Depend on python3-distutils to fix build failures
since python3 no longer depends on python3-distutils (Closes: #893736)
-- Gianfranco Costamagna <email address hidden> Sat, 24 Mar 2018 19:28:55 +0100
-
glib2.0 (2.56.0-2ubuntu1) bionic; urgency=medium
* Merge with Debian. Remaining changes:
- exp_git_default_per_desktop*.patch:
+ cherry-pick per-desktop overrides from GNOME #786496
Allison confirmed the patches will be committed to glib soon
- debian/gbp.conf: Update for Ubuntu
- debian/control{,.in}: Update Vcs-* to point at LP git
glib2.0 (2.56.0-2) unstable; urgency=medium
[ Simon McVittie ]
* Merge from experimental to unstable
* d/tests/build: Don't rely on having unmerged /usr
* d/watch: Only watch for stable releases
* d/gbp.conf: Use debian/master, upstream/2.56.x branches
* d/control: Update Vcs-* for default branch
glib2.0 (2.56.0-1) experimental; urgency=medium
* Team upload
* New upstream stable release 2.56.0
* d/p/000?-gdbus-tool-*.patch:
Drop patches that came from upstream
* Refresh remaining patches
* d/p/0001-tests-Use-modern-test-assertions-in-GApplication-tes.patch,
d/p/0002-gapplication-Tighten-up-application-ID-validation.patch:
Cherry-pick GApplication ID fixes from upstream 2.56 branch
(GNOME #793400)
-- Jeremy Bicha <email address hidden> Sat, 17 Mar 2018 13:51:22 -0400
-
glib2.0 (2.55.2-2ubuntu1) bionic; urgency=medium
* Merge with Debian. Remaining changes:
- exp_git_default_per_desktop*.patch:
+ cherry-pick per-desktop overrides from GNOME #786496
Allison confirmed the patches will be committed to glib soon
* debian/gbp.conf: Update for Ubuntu
* debian/control{,.in}: Update Vcs-* to point at LP git
glib2.0 (2.55.2-2) experimental; urgency=medium
* Merge changes from unstable, in particular:
+ d/libglib2.0-dev.prerm: Add an empty prerm to make sure that we have a
way to recover from #887629 in stretch (Closes: #887863)
* d/p/0001-gdbus-tool-Ignore-unknown-options-for-the-emit-subco.patch,
d/p/0002-gdbus-tool-Make-dest-optional-for-emit-again.patch,
d/p/0003-gdbus-tool-Don-t-repeatedly-complete-signal.patch,
d/p/0004-gdbus-tool-Factor-out-common-GOptionContext-construc.patch:
Cherry-pick from upstream. Fix `gdbus emit' to not require `--dest', and
improve its bash completion. Should fix the dbus-test-runner autopkgtest,
which relied on this behaviour.
-- Iain Lane <email address hidden> Thu, 22 Feb 2018 11:31:35 +0000
-
glib2.0 (2.55.2-1ubuntu1) bionic; urgency=medium
* Merge with debian, remaining changes:
- exp_git_default_per_desktop*.patch:
+ cherry-pick per-desktop overrides from GNOME #786496
Allison confirmed the patches will be committed to glib soon
glib2.0 (2.55.2-1) experimental; urgency=medium
* debian/control{,.in}: Update Vcs-* to specify debian/experimental branch.
* New upstream release 2.55.2:
+ GFile now has API to get the path without copying
* debian/patches/gdbus-threading-test-Allow-even-longer-for-test_method_ca.patch,
debian/patches/gdatetime-Avoid-repeated-floating-point-multiplies-w.patch,
debian/patches/gdatetime-Mark-the-usecs-as-volatile.patch:
Drop, applied upstream in this release.
* debian/libglib2.0-0.symbols: New symbols for 2.55.2
glib2.0 (2.55.1-1) experimental; urgency=medium
* debian/gbp.conf, debian/watch: Update for experimental
* New upstream development release 2.55.1
* debian/libglib2.0-0.symbols: Update with new symbols in this release.
* debian/patches/gdatetime-Avoid-repeated-floating-point-multiplies-w.patch,
debian/patches/gdatetime-Mark-the-usecs-as-volatile.patch: Cherry-pick two
patches from upstream. Fix some precision problems within GDateTime, that
in some cases resulted in incorrect answers on i386.
glib2.0 (2.54.3-1) unstable; urgency=medium
[ Simon McVittie ]
* Move Vcs-* to salsa.debian.org
* New upstream stable release
- Fix a race condition when a GCancellable is cancelled in another
thread (Closes: #884654)
- Drop patches for #884661, fixed upstream
* d/p/gdbus-peer-Skip-test-during-Debian-package-build.patch:
Drop. We should no longer need to skip this test now that #884654
is fixed.
* d/p/Do-not-attempt-to-autolaunch-a-session-dbus-daemon-w.patch:
Drop patch. It has not been necessary since 2.50.
* d/p/0001-Fix-trashing-on-overlayfs.patch,
d/p/0001-timer-test-use-volatile-for-locals.patch,
d/p/gdbus-threading-test-Allow-even-longer-for-test_method_ca.patch:
Mark as forwarded upstream
* d/patches: Move non-upstreamable patches (Debian-specific changes
and workarounds) to d/p/debian, and to the bottom of d/p/series
* d/watch: Only watch for the upstream stable branch
[ Iain Lane ]
* debian/gbp.conf: Update upstream branch to upstream/2.54.x following
DEP-14.
glib2.0 (2.54.2-5) unstable; urgency=medium
* Set Rules-Requires-Root to no. This package builds successfully
with the same content in that mode.
* d/p/61_glib-compile-binaries-path.patch: Only use the multiarch
path for glib-compile-schemas, not for glib-compile-resources
* Install glib-compile-resources into PATH in libglib2.0-dev-bin,
not libglib2.0-bin: it is a development tool used at compile-time
- libglib2.0-dev-bin Breaks/Replaces older libglib2.0-bin
* Install the glib-compile-resources binary in libglib2.0-dev-bin,
not libglib2.0-0. This means we get an executable version of that
binary when cross-compiling (Closes: #885019)
* Bump Standards-Version to 4.1.3
glib2.0 (2.54.2-4) unstable; urgency=medium
* Team upload
* d/p/closures-test-Run-fewer-iterations-on-ARM64.patch:
Run more iterations on ARM64 than in 2.54.2-3, but fewer than in
2.54.2-2. If we don't run enough iterations, we get an assertion
failure when the main thread starves the other threads.
* d/p/gmenumodel*.patch: Mark as upstreamed in 2.54.3 and 2.55.1
* d/rules: Set DEB_BUILD_TIME_TESTS when running dh_auto_test, so that
tests can distinguish between autopkgtest and `make check`
* d/p/gdbus-peer-Skip-test-during-Debian-package-build.patch:
Skip the gdbus-peer test during package build, so that its known
race condition does not cause intermittent FTBFS (mitigates: #884654)
glib2.0 (2.54.2-3) unstable; urgency=medium
* Team upload
* d/patches: Re-export with gbp pq
* d/patches: Use `gbp pq export`-style metadata, retrieving authors
and dates from d/changelog where needed
* d/p/closures-test-Run-fewer-iterations-on-ARM64.patch: New patch.
tests/refcount/closures: Run fewer iterations on ARM64
(mitigates: #880883)
* d/p/gdbus-threading-test-Allow-even-longer-for-test_method_ca.patch:
New patch. Allow even longer for the gdbus-threading test, and
re-enable it on 32-bit ARM now that the timeout is longer
(Closes: #884660)
* d/p/gmenumodel-test-If-something-goes-wrong-don-t-wait-foreve.patch,
d/p/gmenumodel-test-Wait-for-the-expected-events-to-happen.patch:
Add patches to make the GMenuModel test more patient (Closes: #884661)
* d/p/gwakeuptest-Be-less-parallel-unless-invoked-with-m-slow.patch:
Reduce number of threads and number of operations in response to
timeout on reproducible-builds infrastructure (mitigates: #884659)
glib2.0 (2.54.2-2) unstable; urgency=medium
* Update Vcs fields for conversion to git
* Add debian/gbp.conf
* Bump Standards-Version to 4.1.2
glib2.0 (2.54.2-1) unstable; urgency=medium
[ Jeremy Bicha ]
* New upstream release
[ Didier Roche ]
* debian/patches/01_gettext-desktopfiles.patch:
- fix untranslated desktop action names when using gettext
(Closes: #877761)
[ Simon McVittie ]
* Skip gtk-doc documentation unless we are building libglib2.0-doc,
fixing cross-builds (Closes: #870346)
- Note that gtk-doc-tools is still in Build-Depends, not
Build-Depends-Indep, because we need it for autoreconf
* Explicitly disable documentation for the udeb build
* Skip build-time tests for Arch:all builds - testing once per
architecture is sufficient
* Remove unused lintian override for an example file that is no
longer installed
-- Jeremy Bicha <email address hidden> Thu, 15 Feb 2018 15:40:46 -0500
-
glib2.0 (2.54.1-1ubuntu1) artful; urgency=medium
* Merge with debian, remaining changes: (LP: #1701780)
- exp_git_default_per_desktop*.patch:
+ cherry-pick per-desktop overrides from GNOME #786496
Allison confirmed the patches will be committed to glib soon
* debian/patches/01_gettext-desktopfiles.patch:
- support desktop file action group translations (LP: #1711752)
* exp_git_default_per_desktop*.patch:
- refresh and add exp_git_default_per_desktop4.pathc to fix some
applications using a different way to access the default value
for a key, and thus, getting a different result which
doesn't take the per session override in action. Thanks Alberts!
(LP: #1720256)
glib2.0 (2.54.1-1) unstable; urgency=medium
[ Jeremy Bicha ]
* New upstream release
* Bump Standards-Version to 4.1.1
[ Michael Biebl ]
* Drop uploaders.mk include as it breaks the clean target.
Updating the Uploaders list is already handled by the gnome dh addon.
-- Didier Roche <email address hidden> Wed, 04 Oct 2017 15:49:24 +0200
