From d5349f2c4d69d36e4ba5914e895fa2d7c9ad908c Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 01 2017 03:49:34 +0000 Subject: import glib2-2.50.3-3.el7 --- diff --git a/.gitignore b/.gitignore index 19c81d9..29d9295 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/glib-2.46.2.tar.xz +SOURCES/glib-2.50.3.tar.xz diff --git a/.glib2.metadata b/.glib2.metadata index 6921364..8132db2 100644 --- a/.glib2.metadata +++ b/.glib2.metadata @@ -1 +1 @@ -2bd8f8d87668635f45ccac2e9166a4c4c3d65eac SOURCES/glib-2.46.2.tar.xz +3177471fb11fd2fd5abb77ec0675ee0049521009 SOURCES/glib-2.50.3.tar.xz diff --git a/SOURCES/0001-GDBusProxy-Fix-a-memory-leak-during-initialization.patch b/SOURCES/0001-GDBusProxy-Fix-a-memory-leak-during-initialization.patch deleted file mode 100644 index 95b2986..0000000 --- a/SOURCES/0001-GDBusProxy-Fix-a-memory-leak-during-initialization.patch +++ /dev/null @@ -1,25 +0,0 @@ -From e98e1eff83c742c73a148dd7b75c00d77e0cee40 Mon Sep 17 00:00:00 2001 -From: Evangelos Foutras -Date: Wed, 25 Nov 2015 23:29:18 +0200 -Subject: [PATCH] GDBusProxy: Fix a memory leak during initialization - -https://bugzilla.gnome.org/show_bug.cgi?id=758641 ---- - gio/gdbusproxy.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/gio/gdbusproxy.c b/gio/gdbusproxy.c -index 52a22fb..7b1140f 100644 ---- a/gio/gdbusproxy.c -+++ b/gio/gdbusproxy.c -@@ -1720,6 +1720,7 @@ async_initable_init_second_finish (GAsyncInitable *initable, - if (result != NULL) - { - process_get_all_reply (proxy, result); -+ g_variant_unref (result); - } - - proxy->priv->initialized = TRUE; --- -1.8.3.1 - diff --git a/SOURCES/0001-GVariant-text-fix-scan-of-positional-parameters.patch b/SOURCES/0001-GVariant-text-fix-scan-of-positional-parameters.patch deleted file mode 100644 index 8e537f0..0000000 --- a/SOURCES/0001-GVariant-text-fix-scan-of-positional-parameters.patch +++ /dev/null @@ -1,63 +0,0 @@ -From cc0b8bdf124c47090d0b794c9b6e2e3852c860d9 Mon Sep 17 00:00:00 2001 -From: Hanno Boeck -Date: Mon, 22 Feb 2016 07:46:17 -0500 -Subject: [PATCH] GVariant text: fix scan of positional parameters - -The scanning to find the end of a positional parameter designator in -GVariant text format (e.g. '%i') is currently broken in case the 'end' -pointer is not specified. - -The scan is controlled by a somewhat complicated loop that needs to deal -properly with cases like (123, %(ii)) [where '%(ii)' is to be taken -together, but the final ')' not]. - -This loop missed the case where a format string passed to -g_variant_new_parsed() ended immediately after such a conversion, with a -nul character. In this case the 'end' pointer is NULL, so the only way -we can find the end is by scanning for nul in the string. - -In case of g_variant_new_parsed() [which is what this code was designed -to be used for], the bug is somewhat unlikely in practice: the only way -that a valid text-form GVariant could ever contain a positional -parameter replacement at the end of the string is if this positional -parameter were the only thing being returned. In that case, the user -would likely have opted for a more direct approach. - -Unfortunately, this code is also active in the tokenisation phase of -g_variant_parse(), before positional parameters are rejected as invalid -for that case. Anyone who calls this function with a nul-terminated -string (and no end pointer) is vulnerable to a crash from malicious user -input. This can be seen, at the very least with many commandline tools: - - $ dconf write /x '%i' - Segmentation fault - -We fix this problem by searching for the nul character in this case, in -addition to comparing the end pointer. - -This problem is almost certainly limited to being able to cause crashes. -The loop in question only performs reads and, in the security-sensitive -case, the token will be quickly rejected after the loop is finished -(since it starts with '%' and the 'app' pointer is unset). This is -further mitigated by the fact that there are no known cases of GVariant -text format being used as part of a protocol at a privilege barrier. ---- - glib/gvariant-parser.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/glib/gvariant-parser.c b/glib/gvariant-parser.c -index e7dab85..9f4bcc5 100644 ---- a/glib/gvariant-parser.c -+++ b/glib/gvariant-parser.c -@@ -237,7 +237,7 @@ token_stream_prepare (TokenStream *stream) - * Also: ] and > are never in format strings. - */ - for (end = stream->stream + 1; -- end != stream->end && *end != ',' && -+ end != stream->end && *end != '\0' && *end != ',' && - *end != ':' && *end != '>' && *end != ']' && !g_ascii_isspace (*end); - end++) - --- -1.8.3.1 - diff --git a/SOURCES/0001-file-monitors-reorder-some-code-to-avoid-segfault.patch b/SOURCES/0001-file-monitors-reorder-some-code-to-avoid-segfault.patch deleted file mode 100644 index d2dd6e6..0000000 --- a/SOURCES/0001-file-monitors-reorder-some-code-to-avoid-segfault.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 30359e740953b596d6c3d980dba36dd131681a1f Mon Sep 17 00:00:00 2001 -From: Allison Ryan Lortie -Date: Mon, 30 Nov 2015 10:13:46 -0500 -Subject: [PATCH] file monitors: reorder some code to avoid segfault - -We must initialise '->source' before we use fields inside of it. - -https://bugzilla.gnome.org/show_bug.cgi?id=758823 ---- - gio/glocalfilemonitor.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/gio/glocalfilemonitor.c b/gio/glocalfilemonitor.c -index dbd62ec..49a4dd2 100644 ---- a/gio/glocalfilemonitor.c -+++ b/gio/glocalfilemonitor.c -@@ -748,6 +748,9 @@ g_local_file_monitor_start (GLocalFileMonitor *local_monitor, - - g_assert (!local_monitor->source); - -+ source = g_file_monitor_source_new (local_monitor, filename, is_directory, flags); -+ local_monitor->source = source; /* owns the ref */ -+ - if (is_directory && !class->mount_notify && (flags & G_FILE_MONITOR_WATCH_MOUNTS)) - { - #ifdef G_OS_WIN32 -@@ -771,9 +774,6 @@ g_local_file_monitor_start (GLocalFileMonitor *local_monitor, - #endif - } - -- source = g_file_monitor_source_new (local_monitor, filename, is_directory, flags); -- local_monitor->source = source; /* owns the ref */ -- - G_LOCAL_FILE_MONITOR_GET_CLASS (local_monitor)->start (local_monitor, - source->dirname, source->basename, source->filename, - source); --- -2.7.4 - diff --git a/SOURCES/0001-gdbus-fix-use-after-free.patch b/SOURCES/0001-gdbus-fix-use-after-free.patch new file mode 100644 index 0000000..6ff21f2 --- /dev/null +++ b/SOURCES/0001-gdbus-fix-use-after-free.patch @@ -0,0 +1,55 @@ +From 0751ccd31505cd2774053553263466c6933b3c42 Mon Sep 17 00:00:00 2001 +From: Lars Uebernickel +Date: Thu, 28 Jan 2016 15:39:18 +0100 +Subject: [PATCH] gdbus: fix use-after-free + +g_dbus_connection_call_internal() accesses the user data it passes to +g_dbus_connection_send_message_with_reply() after the call. That data +might be freed already in the case that the callback is called +immediately. + +Fix this by removing the 'serial' field from the user data altogether +and fetch the serial from the message in the callback. + +https://bugzilla.gnome.org/show_bug.cgi?id=748263 +--- + gio/gdbusconnection.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/gio/gdbusconnection.c b/gio/gdbusconnection.c +index 4a4f403..8263419 100644 +--- a/gio/gdbusconnection.c ++++ b/gio/gdbusconnection.c +@@ -5660,7 +5660,6 @@ typedef struct + { + GVariantType *reply_type; + gchar *method_name; /* for error message */ +- guint32 serial; + + GUnixFDList *fd_list; + } CallState; +@@ -5701,7 +5700,7 @@ g_dbus_connection_call_done (GObject *source, + " <<<< ASYNC COMPLETE %s() (serial %d)\n" + " ", + state->method_name, +- state->serial); ++ g_dbus_message_get_reply_serial (reply)); + if (reply != NULL) + { + g_print ("SUCCESS\n"); +@@ -5798,11 +5797,10 @@ g_dbus_connection_call_internal (GDBusConnection *connection, + message, + G_DBUS_SEND_MESSAGE_FLAGS_NONE, + timeout_msec, +- &state->serial, ++ &serial, + cancellable, + g_dbus_connection_call_done, + task); +- serial = state->serial; + } + else + { +-- +2.9.4 + diff --git a/SOURCES/0001-gio-fam-Remove-leftover-debug-print.patch b/SOURCES/0001-gio-fam-Remove-leftover-debug-print.patch new file mode 100644 index 0000000..9a009da --- /dev/null +++ b/SOURCES/0001-gio-fam-Remove-leftover-debug-print.patch @@ -0,0 +1,32 @@ +From dd914da1c80941ed1c435671cac20ca4f5f7f0e6 Mon Sep 17 00:00:00 2001 +From: Colin Walters +Date: Thu, 16 Mar 2017 09:12:26 -0400 +Subject: [PATCH] gio/fam: Remove leftover debug print + +This leftover debug print was introduced by d682df186e9cca2b8db0e921450a4db31cf0c467 +and is obviously bad for applications that are expecting something +else on stdout, etc. + +See: https://bugzilla.redhat.com/show_bug.cgi?id=1396386 + +https://bugzilla.gnome.org/show_bug.cgi?id=780144 +--- + gio/fam/gfamfilemonitor.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/gio/fam/gfamfilemonitor.c b/gio/fam/gfamfilemonitor.c +index 50474c8..551b3c2 100644 +--- a/gio/fam/gfamfilemonitor.c ++++ b/gio/fam/gfamfilemonitor.c +@@ -140,8 +140,6 @@ g_fam_file_monitor_is_supported (void) + + g_mutex_unlock (&fam_lock); + +- g_print ("II %d\n", fam_initialised); +- + return fam_initialised; + } + +-- +2.9.3 + diff --git a/SPECS/glib2.spec b/SPECS/glib2.spec index fb2792e..0ec8aab 100644 --- a/SPECS/glib2.spec +++ b/SPECS/glib2.spec @@ -1,18 +1,21 @@ -Summary: A library of handy utility functions +%global _changelog_trimtime %(date +%s -d "1 year ago") + Name: glib2 -Version: 2.46.2 -Release: 4%{?dist} +Version: 2.50.3 +Release: 3%{?dist} +Summary: A library of handy utility functions + License: LGPLv2+ -Group: System Environment/Libraries URL: http://www.gtk.org -#VCS: git:git://git.gnome.org/glib -Source: http://download.gnome.org/sources/glib/2.42/glib-%{version}.tar.xz +Source0: http://download.gnome.org/sources/glib/2.50/glib-%{version}.tar.xz BuildRequires: git BuildRequires: pkgconfig BuildRequires: gettext BuildRequires: libattr-devel +BuildRequires: libmount-devel BuildRequires: libselinux-devel +BuildRequires: pkgconfig(libpcre) # for sys/inotify.h BuildRequires: glibc-devel BuildRequires: zlib-devel @@ -26,16 +29,17 @@ BuildRequires: libffi-devel BuildRequires: elfutils-libelf-devel BuildRequires: chrpath +# Patches we're carrying specifically for RHEL7: # Avoid deprecating things introduced since the first version of glib # built in RHEL7, as some projects use `-Werror` and such. Patch0: revert-g-source-remove-critical.patch Patch1: add-back-g-memmove.patch -# Backports from glib-2-46 upstream -Patch2: 0001-GDBusProxy-Fix-a-memory-leak-during-initialization.patch -Patch3: 0001-GVariant-text-fix-scan-of-positional-parameters.patch -Patch4: 0001-file-monitors-reorder-some-code-to-avoid-segfault.patch -# required for GIO content-type support +# Patches on top of 2.50+ +Patch2: 0001-gio-fam-Remove-leftover-debug-print.patch +Patch3: 0001-gdbus-fix-use-after-free.patch + +# for GIO content-type support Requires: shared-mime-info %description @@ -47,8 +51,6 @@ as an event loop, threads, dynamic loading, and an object system. %package devel Summary: A library of handy utility functions -Group: Development/Libraries -Obsoletes: glib2-static < 2.32.1-2 Requires: %{name}%{?_isa} = %{version}-%{release} %description devel @@ -56,7 +58,6 @@ The glib2-devel package includes the header files for the GLib library. %package doc Summary: A library of handy utility functions -Group: Development/Libraries Requires: %{name} = %{version}-%{release} BuildArch: noarch @@ -65,13 +66,27 @@ The glib2-doc package includes documentation for the GLib library. %package fam Summary: FAM monitoring module for GIO -Group: Development/Libraries Requires: %{name}%{?_isa} = %{version}-%{release} BuildRequires: gamin-devel %description fam The glib2-fam package contains the FAM (File Alteration Monitor) module for GIO. +%package static +Summary: glib static +Requires: %{name}-devel = %{version}-%{release} + +%description static +The %{name}-static subpackage contains static libraries for %{name}. + +%package tests +Summary: Tests for the glib2 package +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description tests +The glib2-tests package contains tests that can be used to verify +the functionality of the installed glib2 package. + %prep %autosetup -Sgit -n glib-%{version} @@ -81,8 +96,10 @@ autoreconf -i -f # Support builds of both git snapshots and tarballs packed with autogoo (if ! test -x configure; then NOCONFIGURE=1 ./autogen.sh; CONFIGFLAGS=--enable-gtk-doc; fi; %configure $CONFIGFLAGS \ + --with-pcre=system \ --enable-systemtap \ - --disable-static + --enable-static \ + --enable-installed-tests ) make %{?_smp_mflags} @@ -132,7 +149,8 @@ gio-querymodules-%{__isa_bits} %{_libdir}/gio/modules %files -f glib20.lang -%doc AUTHORS COPYING NEWS README +%license COPYING +%doc AUTHORS NEWS README %{_libdir}/libglib-2.0.so.* %{_libdir}/libgthread-2.0.so.* %{_libdir}/libgmodule-2.0.so.* @@ -148,16 +166,18 @@ gio-querymodules-%{__isa_bits} %{_libdir}/gio/modules %dir %{_libdir}/gio %dir %{_libdir}/gio/modules %ghost %{_libdir}/gio/modules/giomodule.cache +%{_bindir}/gio %{_bindir}/gio-querymodules* %{_bindir}/glib-compile-schemas %{_bindir}/gsettings %{_bindir}/gdbus %{_bindir}/gapplication -%doc %{_mandir}/man1/gio-querymodules.1.gz -%doc %{_mandir}/man1/glib-compile-schemas.1.gz -%doc %{_mandir}/man1/gsettings.1.gz -%doc %{_mandir}/man1/gdbus.1.gz -%doc %{_mandir}/man1/gapplication.1.gz +%{_mandir}/man1/gio.1* +%{_mandir}/man1/gio-querymodules.1* +%{_mandir}/man1/glib-compile-schemas.1* +%{_mandir}/man1/gsettings.1* +%{_mandir}/man1/gdbus.1* +%{_mandir}/man1/gapplication.1* %files devel %{_libdir}/lib*.so @@ -179,18 +199,18 @@ gio-querymodules-%{__isa_bits} %{_libdir}/gio/modules %{_bindir}/gresource %{_datadir}/glib-2.0/codegen %attr (0755, root, root) %{_bindir}/gtester-report -%doc %{_mandir}/man1/glib-genmarshal.1.gz -%doc %{_mandir}/man1/glib-gettextize.1.gz -%doc %{_mandir}/man1/glib-mkenums.1.gz -%doc %{_mandir}/man1/gobject-query.1.gz -%doc %{_mandir}/man1/gtester-report.1.gz -%doc %{_mandir}/man1/gtester.1.gz -%doc %{_mandir}/man1/gdbus-codegen.1.gz -%doc %{_mandir}/man1/glib-compile-resources.1.gz -%doc %{_mandir}/man1/gresource.1.gz -%{_datadir}/gdb/auto-load%{_libdir}/libglib-2.0.so.*-gdb.py* -%{_datadir}/gdb/auto-load%{_libdir}/libgobject-2.0.so.*-gdb.py* -%{_datadir}/systemtap/tapset/*.stp +%{_mandir}/man1/glib-genmarshal.1* +%{_mandir}/man1/glib-gettextize.1* +%{_mandir}/man1/glib-mkenums.1* +%{_mandir}/man1/gobject-query.1* +%{_mandir}/man1/gtester-report.1* +%{_mandir}/man1/gtester.1* +%{_mandir}/man1/gdbus-codegen.1* +%{_mandir}/man1/glib-compile-resources.1* +%{_mandir}/man1/gresource.1* +%{_datadir}/gdb/ +%{_datadir}/gettext/ +%{_datadir}/systemtap/ %files doc %doc %{_datadir}/gtk-doc/html/* @@ -198,7 +218,34 @@ gio-querymodules-%{__isa_bits} %{_libdir}/gio/modules %files fam %{_libdir}/gio/modules/libgiofam.so +%files static +%{_libdir}/libgio-2.0.a +%{_libdir}/libglib-2.0.a +%{_libdir}/libgmodule-2.0.a +%{_libdir}/libgobject-2.0.a +%{_libdir}/libgthread-2.0.a + +%files tests +%{_libexecdir}/installed-tests +%{_datadir}/installed-tests + %changelog +* Tue Jun 06 2017 Colin Walters - 2.50.3-3 +- Add patch to fix use-after-free in GDBus +- Resolves: #1437669 + +* Thu Mar 16 2017 Colin Walters - 2.50.3-2 +- Add patch to remove debug print in fam +- Resolves: #1396386 + +* Mon Feb 13 2017 Kalev Lember - 2.50.3-1 +- Update to 2.50.3 +- Resolves: #1386874 + +* Thu Nov 10 2016 Kalev Lember - 2.50.2-1 +- Update to 2.50.2 +- Resolves: #1386874 + * Wed Sep 14 2016 Kalev Lember - 2.46.2-4 - Backport a patch to fix a segfault in file monitor code - Resolves: #1375753