glib2.0 (2.74.6-2+deb12u3) bookworm; urgency=medium * d/p/gdbusmessage-Clean-the-cached-arg0-when-setting-the-messa.patch: Add patch from upstream fixing a memory leak that can occur in rare situations since 2.74.6-2+deb12u1 (Closes: #1070851) -- Simon McVittie <smcv@debian.org> Tue, 14 May 2024 11:11:32 +0100 glib2.0 (2.74.6-2+deb12u2) bookworm-security; urgency=high * d/p/CVE-2024-34397/gdbusconnection-Allow-name-owners-to-have-the-syntax-of-a.patch: Relax name owner checks to avoid a regression in ibus. Fixing CVE-2024-34397 caused a regression in ibus affecting text entry with non-trivial input methods. (Closes: #1070730, #1070736, #1070743, #1070745, #1070749, #1070752) -- Simon McVittie <smcv@debian.org> Wed, 08 May 2024 12:35:38 +0100 glib2.0 (2.74.6-2+deb12u1) bookworm-security; urgency=high * d/patches: Backport GDBus fixes from 2.80.1 - If local users send signals on the D-Bus system bus that spoof a trusted sender, do not deliver them to signal subscriptions for the trusted sender's well-known bus name (CVE-2024-34397) - Fix a use-after-free when subscribing to signals with an arg0 match rule, originally from 2.79.0 and necessary to make the test for CVE-2024-34397 pass reliably - Add a local backport of g_set_str(), required by the above - Add proposed fix for a race condition that can cause a unit test to regress after the above * d/gbp.conf, d/control.in: Use debian/bookworm branch for Debian 12 -- Simon McVittie <smcv@debian.org> Mon, 06 May 2024 21:28:59 +0100 glib2.0 (2.74.6-2) unstable; urgency=medium * d/patches: Update to upstream 2.74.x branch commit 2.74.6-12-ga1e169129, omitting Windows-specific changes - Fix GDBus server interop with sd-bus clients (GNOME/glib#2916) - Fix use-after-free of a GDBusMethodInvocation in some threaded use patterns (GNOME/glib#2924) - Fix a test failure resulting in FTBFS in some container environments if gdb happens to be installed, but access to ptrace and /proc/PID/mem is disallowed (GNOME/glib#3307) -- Simon McVittie <smcv@debian.org> Tue, 04 Apr 2023 09:55:32 +0100 glib2.0 (2.74.6-1) unstable; urgency=medium * New upstream stable release - !3239 Backport !3237 “Fix safe_wspawnve #define” to glib-2-74 - Translation updates -- Jeremy Bicha <jbicha@ubuntu.com> Thu, 02 Mar 2023 15:53:53 -0500 glib2.0 (2.74.5-1) unstable; urgency=medium * New upstream stable release * Drop patch that was applied upstream * Remove version constraints unnecessary since buster (oldstable) * Update standards version to 4.6.2 (no changes needed) * d/rules: Explicitly unset LANG and LANGUAGE. These are not overridden by LC_ALL=C.UTF-8, which can cause a test failure at glib/tests/spawn-test.c:115, particularly on the reproducible-builds infrastructure (which uses a random non-English LANGUAGE for build2). -- Simon McVittie <smcv@debian.org> Thu, 19 Jan 2023 16:48:31 +0000 glib2.0 (2.74.4-1) unstable; urgency=high * New upstream release * Drop patches applied in new release * Cherry-pick patch from 2-74 branch -- Jeremy Bicha <jbicha@ubuntu.com> Tue, 27 Dec 2022 14:42:10 -0900 glib2.0 (2.74.3-1) unstable; urgency=high [ Simon McVittie ] * New upstream stable release, functionally equivalent to 2.74.2-1 * d/p/gstrfuncs-Fix-regression-in-C-types-accepted-by-g_str_equ.patch: Drop patch, included in the upstream release [ Jeremy Bicha ] * d/patches: Update to upstream 2.74.x branch commit e16fb837 including multiple security related fixes for non-normal GVariants -- Jeremy Bicha <jbicha@ubuntu.com> Tue, 13 Dec 2022 15:23:22 -0500 glib2.0 (2.74.2-1) unstable; urgency=medium * d/gbp.conf, d/watch: Only watch for stable releases * New upstream stable release * d/control.in: Build-/test-depend on dbus-daemon rather than dbus. We don't necessarily need to be using dbus as the system bus implementation: all we need here is dbus-run-session. * d/patches: Drop patches that were applied upstream * d/p/gstrfuncs-Fix-regression-in-C-types-accepted-by-g_str_equ.patch: Add patch from upstream to fix errors when using g_str_equal from C++ -- Simon McVittie <smcv@debian.org> Wed, 30 Nov 2022 13:54:35 +0000 glib2.0 (2.74.1-2) unstable; urgency=medium * d/patches: Update to upstream 2.74.x branch commit 2.74.1-11-g5ee590045 - Revert a change to file descriptor management that caused an infinite loop in some gnome-keyring-daemon use-cases - Fix error behaviour with an invalid proxy address - Fix a memory leak - Fix a header multiple-inclusion guard - Translation updates * d/p/tests-Don-t-rely-on-output-locale-of-sort-in-spawn-test.patch: Add patch from upstream git to fix a test failure in non-English locales. In particular, this should resolve intermittent FTBFS on the reproducible-builds infrastructure. * d/p/debian/Disable-some-tests-on-slow-architectures-which-keep-faili.patch: Mark part of gobject/tests/threadtests.c as flaky on armel, armhf. This test normally passes in 10-15 seconds, but sometimes takes more than 5 minutes, resulting in a timeout. It's not clear whether this is a deadlock, or whether it's just an unlucky access pattern that is much slower than usual but would have passed the test given enough time. (Closes: #1023629, #1023652) * d/tests: Run each flaky test individually. This will hopefully make it easier to keep track of which ones are still flaky and which ones can be re-enabled. -- Simon McVittie <smcv@debian.org> Tue, 08 Nov 2022 10:32:47 +0000 glib2.0 (2.74.1-1) unstable; urgency=medium [ Laurent Bigonville ] * debian/control.in: Suggest the low-memory-monitor daemon [ Simon McVittie ] * New upstream release * d/patches: Drop patches that were applied upstream * d/rules, d/watch, d/copyright: Bundle source for Unicode files. We can't use the unicode-data Debian package for this, because there's no guarantee that the version of the Unicode data used in the current version of GLib will line up with the separately-packaged unicode-data, and the version used here becomes part of GLib's API/ABI. * d/copyright: Update -- Simon McVittie <smcv@debian.org> Tue, 25 Oct 2022 20:38:27 +0100 glib2.0 (2.74.0-3) unstable; urgency=medium * Cherry-pick 2 patches to fix large thumbnails with Nautilus (Closes: #1021588) (LP: #1992690) -- Jeremy Bicha <jbicha@ubuntu.com> Wed, 12 Oct 2022 14:43:19 -0400 glib2.0 (2.74.0-2) unstable; urgency=medium * d/p/Empty-values-are-not-valid-GParamSpec.patch: Add patch from upstream to fix GIMP crashes with GLib 2.74.0 (Closes: #1018105) * d/p/Handling-collision-between-standard-i-o-file-descriptors-.patch, d/p/gio-launch-desktop-Fix-the-G_STATIC_ASSERT-expressions-fo.patch, d/p/glib-mkenums-Specify-output-encoding-as-UTF-8-explicitly-.patch, d/p/gbacktrace-Don-t-truncate-gdb-output.patch, d/p/gio-make-g_task_get_cancellable-return-value-nullable.patch, d/p/glocalfileoutputstream-Do-not-double-close-an-fd-on-unlin.patch, d/p/docs-Fix-markup-error-in-code-blocks-for-DEPRECATED-macro.patch, d/p/Consider-the-GLogField.length-of-MESSAGE-GLIB_DOMAIN-fiel.patch: More post-release bug fixes from upstream, which are expected to be included in 2.74.1 * d/copyright: Consistently use SPDX name for bzip2-1.0.6 license * Add missing mention of libgdk-pixbuf2.0-dev Suggests change to previous changelog entry -- Simon McVittie <smcv@debian.org> Tue, 27 Sep 2022 09:53:09 +0100 glib2.0 (2.74.0-1) unstable; urgency=medium * New upstream release * d/p/gio-tool-mount-Return-early-on-fgets-EOF.patch: Drop patch that was included in the upstream release * d/control.in: Drop alternative Suggests on libgdk-pixbuf2.0-dev. libgdk-pixbuf2.0-bin was separated out in 2018, before Debian 10. -- Simon McVittie <smcv@debian.org> Sun, 18 Sep 2022 17:49:01 +0100 glib2.0 (2.73.3-3) unstable; urgency=medium [ Simon McVittie ] * Redo d/copyright in machine-readable format [ Marco Trevisan (Treviño) ] * debian/patches: Cherry-pick a regression fix for gio mount on Ctrl+D -- Marco Trevisan (Treviño) <marco@ubuntu.com> Tue, 30 Aug 2022 18:12:45 +0200 glib2.0 (2.73.3-2) unstable; urgency=medium [ Simon McVittie ] * Use meson >= 0.52.0 support for multiple cross-files. This means we don't have to run debcrossgen and then edit its output in-place. (Obsoletes: #912559) * Remove Lintian override for #970275. It was fixed in Lintian. [ Jeremy Bicha ] * Release to unstable * Update Vcs fields for unbranching from experimental -- Jeremy Bicha <jbicha@ubuntu.com> Mon, 22 Aug 2022 15:23:56 -0400 glib2.0 (2.73.3-1) experimental; urgency=medium * New upstream development release * d/copyright: Update * Ask for multiarch trigger executables via upstream build system. This avoids needing to move the files around ourselves, and also ensures that the architecture-specific paths go into the .pc file. * Update packaging for re-inclusion of gio-launch-desktop * d/control.in: libglib2.0-tests depends on desktop-file-utils. glib/file.test needs update-desktop-database. * d/control.in: add versioned Breaks on old libedataserver-1.2-26. Older versions go into an infinite loop of memory allocation with GLib 2.73.x as a result of not handling the addition of G_TLS_CERTIFICATE_NO_FLAGS correctly (see #1015181). -- Simon McVittie <smcv@debian.org> Sat, 06 Aug 2022 15:11:00 +0100 glib2.0 (2.73.2-1) experimental; urgency=medium * New upstream release - d/control.in: Build-depend on PCRE 2 (Closes: #982310, #1000082) * d/copyright: Update * d/patches: Drop patches that were applied upstream * Update symbols file * Merge packaging from unstable (no functional changes) -- Simon McVittie <smcv@debian.org> Wed, 13 Jul 2022 13:39:26 +0100 glib2.0 (2.72.3-1) unstable; urgency=medium * New upstream release (LP: #1980408) * Drop GFileMonitor patches applied in new release -- Jeremy Bicha <jbicha@ubuntu.com> Thu, 30 Jun 2022 16:12:12 -0400 glib2.0 (2.73.1-1) experimental; urgency=medium * New upstream release * d/copyright: Update * d/control.in: Update Meson build-dependency * Refresh patch series * d/control.in, d/rules: Drop GIO fam module. This no longer exists upstream. Hurd users will need to maintain it separately if desired. * d/libglib2.0-0.symbols: Update * d/libglib2.0-0.postinst.in, d/rules, d/tests: Remove workaround for #896019. The version of GLib in Debian 11 cleaned up a potential broken state left behind by Debian 9, and Debian doesn't support skipping a major release, so Debian 12 no longer needs this. Similarly, the version in Ubuntu 22.04 LTS had this cleanup, and Ubuntu doesn't support skipping a LTS release, so 22.10 and 24.04 LTS don't need this. * d/tests/run-with-locales: Show what we generated * d/p/gdatetime-test-Consistently-expect-k-to-generate-a-figure.patch: Add patch to fix an installed-test failure * Update Lintian overrides * Standards-Version: 4.6.1 (no changes required) * d/p/dataset-Do-not-increment.patch, d/p/glib-tests-dataset-Add-a-test.patch, d/p/In-test_datalist_id_remove_multiple-verify-that-the-data-.patch, d/p/gdataset-Preserve-destruction-order.patch, d/p/glib-tests-dataset-Test-id_remove_multiple.patch, d/p/dataset-Rename-i-as-destroy_index-and-move-it-out-of-dest.patch, d/p/glib-tests-dataset-Use-existing-code.patch: Add patches to preserve order of GDataList destructors. This avoids a crash in GTK. * d/p/Revert-gobject-Use-g_datalist_id_remove_multiple.patch: Add patch to revert optimizations that trigger a gnome-shell crash -- Simon McVittie <smcv@debian.org> Sun, 26 Jun 2022 12:06:36 +0100 glib2.0 (2.72.2-2) unstable; urgency=medium * Update testfilemonitor-Skip-if-we-are-avoiding-flaky-tests.patch for new testfilemonitor test. Thanks to Philip Withnall -- Jeremy Bicha <jbicha@ubuntu.com> Tue, 07 Jun 2022 12:21:57 -0400 glib2.0 (2.72.2-1) unstable; urgency=medium [ Jeremy Bicha ] * New upstream release * Cherry-pick patches to fix a GFileMonitor deadlock issue [ Simon McVittie ] * d/tests/installed-tests: Assert that at least one test is run -- Jeremy Bicha <jbicha@ubuntu.com> Fri, 03 Jun 2022 21:11:18 -0400 glib2.0 (2.72.1-1) unstable; urgency=medium [ Jeremy Bicha ] * New upstream release (LP: #1969115) - Includes workaround for meson #1008382 * Add patch to recognize GNOME Console as a terminal app * Refresh patch * debian/libglib2.0-0.symbols: Add new symbol [ Johannes Schauer Marin Rodrigues ] * debian/libglib2.0-0.postinst.in: only run clean-up-unmanaged-libraries on upgrades and not on new installations (Closes: #1008096) -- Jeremy Bicha <jbicha@ubuntu.com> Thu, 14 Apr 2022 09:35:23 -0400 glib2.0 (2.72.0-1) unstable; urgency=medium * New upstream release - Fix assertion failure with time zone offsets >= 25 hours (Closes: #1007226) - Various unit test fixes - Fix a memory leak with an invalid format in g_vasprintf() - Translation updates * Merge 2.71.x release history from experimental - d/gbp.conf, d/control.in: Update branch for upload to unstable * Upload to unstable -- Simon McVittie <smcv@debian.org> Fri, 18 Mar 2022 09:05:21 +0000 glib2.0 (2.70.5-1) unstable; urgency=medium * New upstream release - Fix assertion failure with time zone offsets >= 25 hours (Closes: #1007226) - Fix possible buffer overflow in g_canonicalize_filename() -- Simon McVittie <smcv@debian.org> Thu, 17 Mar 2022 23:28:00 +0000 glib2.0 (2.70.4-1) unstable; urgency=medium * New upstream release * Adjust Lintian overrides for newer Lintian -- Simon McVittie <smcv@debian.org> Tue, 15 Feb 2022 10:08:01 +0000 glib2.0 (2.71.3-1) experimental; urgency=medium * New upstream development release -- Simon McVittie <smcv@debian.org> Tue, 08 Mar 2022 19:53:44 +0000 glib2.0 (2.71.2-1) experimental; urgency=medium * New upstream development release * Update symbols file. Ignore removal of g_debug_controller_dup_default, which was only added during this development cycle. GLib doesn't guarantee ABI stability within x.odd.z branches. * d/p/debian/tests-Skip-debugcontroller-test.patch: Add patch to skip another unreliable unit test while it's investigated upstream -- Simon McVittie <smcv@debian.org> Tue, 15 Feb 2022 20:52:33 +0000 glib2.0 (2.71.1-1) experimental; urgency=medium * New upstream development release * Merge packaging changes from unstable - Use debhelper 13 features instead of dh-exec * Update symbols file -- Simon McVittie <smcv@debian.org> Thu, 27 Jan 2022 16:43:04 +0000 glib2.0 (2.70.3-1) unstable; urgency=medium * New upstream release - Do not allow empty structs (tuples) in D-Bus messages, resolving a denial-of-service vulnerability for private GDBus servers that accept messages from untrusted clients (glib#2557) - Do not allow deep recursion in serialized GVariant binary data, resolving a denial of service for anything that loads untrusted GVariant binary data (glib#2572) - Fix file descriptor handling when launching subprocesses - Don't skip fsync when writing out files on btrfs. This was based on a kernel behaviour that was guaranteed prior to 2014, but is no longer considered to be a guarantee. - Translation updates * Use debhelper 13 features instead of dh-exec debhelper now has ${DEB_HOST_MULTIARCH} substitutions, so we don't need to use dh-exec for those. After that, the one remaining dh-exec feature in use was a conditional installation for the FAM GIO module for Hurd. Open-code this in d/rules instead. * d/gbp.conf: Use upstream/2.70.x branch for packaging. We have already had a 2.71.x release. -- Simon McVittie <smcv@debian.org> Wed, 26 Jan 2022 20:18:19 +0000 glib2.0 (2.71.0-2) experimental; urgency=medium * Merge packaging updates from unstable -- Simon McVittie <smcv@debian.org> Mon, 27 Dec 2021 17:05:59 +0000 glib2.0 (2.70.2-1) unstable; urgency=medium * New upstream release * Build-Depend on dh-sequence-gnome and dh-sequence-python3 * debian/rules: Drop environment variable clearing now done for us by dh13 -- Jeremy Bicha <jbicha@debian.org> Sat, 04 Dec 2021 20:58:45 -0500 glib2.0 (2.71.0-1) experimental; urgency=medium * New upstream development release * Unfuzz patch series * Update symbols file -- Simon McVittie <smcv@debian.org> Mon, 27 Dec 2021 15:04:01 +0000 glib2.0 (2.70.1-1) unstable; urgency=medium * New upstream release - Functionally equivalent to previous releases to Debian, except for Windows-specific changes * Drop patches that came from upstream * d/upstream/metadata: Add * Use debhelper compat level 13 - Drop override for dh_missing --fail-missing, which is now the default -- Simon McVittie <smcv@debian.org> Fri, 05 Nov 2021 15:58:04 +0000 glib2.0 (2.70.0-3) unstable; urgency=medium * d/rules: Remove internal_pcre build option, which no longer exists. Meson 0.60.0 no longer tolerates this. -- Simon McVittie <smcv@debian.org> Mon, 25 Oct 2021 11:25:31 +0100 glib2.0 (2.70.0-2) unstable; urgency=medium * d/patches: Update to upstream glib-2-70 branch commit 2.70.0-41-g359a837ee. Among other fixes, this makes sure we receive change-notification from NetworkManager (>= 1.31.5), which dropped its legacy PropertiesChanged signal in favour of using standard D-Bus Properties. (LP: #1946196) * Add Breaks on older versions of glib-networking-tests. With this GLib, the old way glib-networking's tests used to mock up a particular negotiated protocol no longer works. * Add Breaks on versions of gnome-keyring that had elevated capabilities. Security hardening in GLib 2.70.0 interferes with their ability to connect to D-Bus in some system configurations. (See #994961) * Remove vestigial triggers for /usr/lib/gio/modules. We no longer load files from that directory (since Debian 11 and Ubuntu 20.04), but we still had a trigger for it, and the postinst still created a module cache if it existed. * d/libglib2.0-0.postinst.in: Clean up /usr/lib/gio/modules on upgrade. This directory would still exist if older versions of GLib created a cache there. * d/libglib2.0-0.postinst.in: Add comments indicating when other workarounds can be removed * Add Lintian override for a unit test depending on a private library * Skip memory-monitor-dbus test by default, and add extra debug info. Helps: #995178 -- Simon McVittie <smcv@debian.org> Sun, 24 Oct 2021 22:41:35 +0100 glib2.0 (2.70.0-1) unstable; urgency=medium * New upstream release * d/rules: Make shared objects in installed-tests non-executable * Remove shebang from taptestrunner.py differently - Remove shebang from installed file using sed. This avoids missing the fact that there are two copies in the source, of which we only patched one. - d/p/debian/taptestrunner-Stop-looking-like-an-executable-script.patch: Drop, no longer necessary * Add Lintian override for #970275 * d/copyright, d/libglib2.0-0.symbols: Update * d/gbp.conf: Switch upstream branch * Unfuzz patch series * Standards-Version: 4.6.0 (no changes required) -- Simon McVittie <smcv@debian.org> Sun, 19 Sep 2021 17:11:43 +0100 glib2.0 (2.68.4-1) unstable; urgency=medium * New upstream release - Avoid a deadlock while finalizing a GLocalFileMonitor - Correctly use 3 parameters for close_range(), fixing build with glibc 2.34 - Fix global trash directory detection - Make g_string_replace() with empty search string behave sensibly (matching Python str.replace()) - Translation updates: oc, zh_CN, zh_TW * tests: Specify charset for generated locales to fix FTBFS with new glibc. glibc 2.31-14 dropped support for all non-UTF-8 locales, so we can't use /usr/share/i18n/SUPPORTED to choose a suitable charset any more. * d/rules: Override dh_fixperms to set correct permissions on /usr/libexec. Making everything executable is not quite right for installed-tests. -- Simon McVittie <smcv@debian.org> Fri, 20 Aug 2021 10:31:42 +0100 glib2.0 (2.68.3-2) unstable; urgency=medium * Merge from experimental branch * Changes relative to 2.68.3-1 in experimental: - d/watch: Only watch for stable (2.even.z) releases - d/p/debian/61_glib-compile-binaries-path.patch: Remove. This patch turns out to be unnecessary, and is harmful for cross-compiling. Thanks to Helmut Grohne (Closes: #982213) * Changes relative to previous version in unstable: - New upstream stable release branch 2.68.x - Fix maintainer scripts' handling of /usr/lib/MULTIARCH/gio/modules (Closes: #987913, see 2.68.1-2 changelog) - Mark dbus as <!nocheck> <!noinsttest>. Several of the installed-tests won't be built unless dbus-daemon is available, so <!nocheck> is insufficient. - Move test-dependencies to Build-Depends-Arch. We don't run the majority of the tests when we're only building the documentation. - Remove an unused Lintian override - Add more Lintian overrides for test data - Use d/tests/run-with-locales for better locale-sensitive test coverage * d/rules: Fix dead link when documenting why we use -Wl,--no-as-needed * Bump minimum GLib version for callers of g_dbus_server_new_sync() Programs that call this function might be passing in the new flag G_DBUS_CONNECTION_FLAGS_AUTHENTICATION_REQUIRE_SAME_USER, which is security-significant. Don't allow such programs to be built against GLib 2.68 and run with GLib 2.66 or older. * Add Breaks on libsoup2.4-tests before 2.72.0-3. Older versions of the libsoup test suite had an assertion that would only succeed because of a GLib bug, which is fixed in 2.68.x. Newer versions tolerate the bug, but do not require it. -- Simon McVittie <smcv@debian.org> Sun, 15 Aug 2021 14:57:30 +0100 glib2.0 (2.68.3-1) experimental; urgency=medium * New upstream release 2.68.3, fixing bugs: - GFile: `g_file_replace_contents()` reports `G_IO_ERROR_WRONG_ETAG` when saving from a symlink - glocalfileoutputstream: Fix ETag check when replacing through a symlink - gmacros: check that __cplusplus or _MSC_VER is defined - gmacros: missing check if __STDC_VERSION__ is defined - gthreadedresolver: don't ignore flags in lookup_by_name_with_flags - inotify: Fix a memory leak - json-glib does not build with glib 2.68.1 - testfilemonitor test leaks ip_watched_file_t struct - tlscertificate: Avoid possible invalid read -- Iain Lane <laney@debian.org> Tue, 29 Jun 2021 15:24:06 +0100 glib2.0 (2.68.1-2) experimental; urgency=medium * Fix maintainer scripts' handling of /usr/lib/MULTIARCH/gio/modules: - postrm: Only delete GIO module cache on remove or purge. Despite its name, the postrm can be invoked for reasons other than package removal: in particular, the old version's postrm is run during upgrades. - postinst: Recreate GIO module directory if deleted by an older postrm, to recover from the bug fixed here. - postinst: Don't guard glib-compile-schemas or gio-querymodules with a check for existence of a directory that is shipped in the .deb. If such a directory has somehow gone missing, we want to see a warning. This won't make the postinst fail, because we're ignoring exit status anyway. (Closes: #987913) -- Simon McVittie <smcv@debian.org> Sun, 02 May 2021 14:45:36 +0100 glib2.0 (2.68.1-1) experimental; urgency=medium * New upstream stable release * d/tests/run-with-locales: Avoid FTBFS with locales-all installed -- Simon McVittie <smcv@debian.org> Thu, 15 Apr 2021 09:42:05 +0100 glib2.0 (2.68.0-1) experimental; urgency=medium * New upstream stable release - Drop dead code from glib-compile-schemas - Improve valgrind suppressions - Fix error in g_bytes_icon_new() documentation - Avoid close(-1) during error handling - Fix copy/paste error in queue test - Translation updates * Add CVE ID references to previous changelog entries. CVE IDs were not yet available at the time these vulnerabilities were initially fixed. -- Simon McVittie <smcv@debian.org> Sat, 20 Mar 2021 15:42:00 +0000 glib2.0 (2.67.6-1) experimental; urgency=medium * New upstream release - This fixes a symlink attack affecting file-roller. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, previously it would have also created the target of the symlink as an empty file, which could conceivably be security-sensitive if the symlink is attacker-controlled. (Closes: #984969; CVE-2021-28153) * Revert test-dependency on libc6-dev, which should no longer be necessary with the new upstream release. -- Simon McVittie <smcv@debian.org> Mon, 15 Mar 2021 18:18:48 +0000 glib2.0 (2.67.5-2) experimental; urgency=medium * debian/tests/control: Test-Depend on libc6-dev; the `pollable` test requires it. See [upstream MR !1977][0]. The upstream tests now rely on finding "libutil.so", which is in libc6-dev. Once that MR, or something like it, is merged, we can remove this test-dep as the runtime library will be being used. [0]: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1977 -- Iain Lane <laney@debian.org> Tue, 02 Mar 2021 18:29:23 +0000 glib2.0 (2.67.5-1) experimental; urgency=medium * New upstream release + Fix more issues with `glib_typeof` macro from 2.67.3–2.67.4 (LP: #1916705) + Fix regression with some FD mappings passed to `g_subprocess_launcher_spawnv()` (Closes: #983026) (LP: #1916701) * debian/watch: Fix to not match `..`. The watch file was matching the "Parent directory/" link and considering that the highest, since its target is `..`. Expect 1+ digits to begin the version number. -- Iain Lane <laney@debian.org> Mon, 01 Mar 2021 17:18:36 +0000 glib2.0 (2.67.4-1) experimental; urgency=medium * New upstream release - Among other changes, this should fix FTBFS on armel * d/libglib2.0-0.symbols: Add g_spawn_async_with_pipes_and_fds -- Simon McVittie <smcv@debian.org> Wed, 17 Feb 2021 09:58:25 +0000 glib2.0 (2.67.3+git20210214-1) experimental; urgency=medium * d/changelog: Add bug reference for GHSL-2021-045 to previous entry * New upstream git snapshot; among other changes: - Fix regressions caused by the GHSL-2021-045 fixes in 2.67.3 - Warn and fail on integer overflow in g_byte_array_new_take() for arrays larger than G_MAXUINT (Closes: #982779; CVE-2021-27218) * d/libglib2.0-0.symbols: Add g_string_replace() * Refresh patch series * d/rules, d/tests: Generate various locales mentioned in the tests * Mark dbus as <!nocheck> <!noinsttest>. Several of the installed-tests won't be built unless dbus-daemon is available, so <!nocheck> is insufficient. * Move test-dependencies to Build-Depends-Arch. We don't run the majority of the tests when we're only building the documentation. * Remove an unused Lintian override * Add more Lintian overrides for test data -- Simon McVittie <smcv@debian.org> Sun, 14 Feb 2021 17:27:54 +0000 glib2.0 (2.67.3-1) experimental; urgency=medium * New upstream release - Fix various integer overflows, some of them potentially exploitable (Closes: #982778; CVE-2021-27219, GHSL-2021-045) * Drop patches that came from upstream or were applied upstream -- Simon McVittie <smcv@debian.org> Thu, 04 Feb 2021 22:38:42 +0000 glib2.0 (2.67.2-1) experimental; urgency=medium * New upstream release * Refresh patch series * d/patches: Cherry-pick some fixes from upstream git master. This is mostly for parity with the update to 2.66.x that I'm preparing for unstable, which also includes the XDG_CURRENT_DESKTOP fixes. * d/p/spawn-Don-t-set-a-search-path-if-we-don-t-want-to-search-.patch: Make the g_spawn family only search PATH if G_SPAWN_SEARCH_PATH is used. Previously, they would sometimes search /usr/bin:/bin:. for an executable they should have only loaded from the current working directory. In particular, this made gtk+3.0 fail its build-time tests if ImageMagick display(1) happened to be installed. (Closes: #977961) -- Simon McVittie <smcv@debian.org> Wed, 27 Jan 2021 12:57:48 +0000 glib2.0 (2.67.1-1) experimental; urgency=medium * Branch for experimental and 2.67.x * New upstream development release * Temporarily use git to fetch upstream release. The official tarball release doesn't seem to have made it onto mirrors. * d/rules: Explicitly enable libelf dependency for gresource tool * d/p/Handle-the-case-of-g_object_run_dispose-in-GBinding.patch: Add patch from upstream to fix a regression in GBinding that caused gnome-terminal-server to crash on startup -- Simon McVittie <smcv@debian.org> Fri, 11 Dec 2020 11:16:25 +0000 glib2.0 (2.66.8-1) unstable; urgency=medium * d/watch: Only watch for 2.66.x versions. 2.68.0 has been released but will not be in bullseye. * New upstream release - Functionally equivalent to 2.66.7-2, except for the version number and a change to Windows-specific code that is not used in Debian * Drop patches that were included in the new upstream release * d/p/glocalfileoutputstream-Tidy-up-error-handling.patch: Add patch from upstream to clean up error handling. After the fix for #984969, this function could end up calling close(-1), which is harmless but gets flagged as an error by static analysis and by error-checking instrumentation. Fixing this will prevent it from obscuring real errors. * Add CVE references in recent changelog entries. CVE IDs for the vulnerabilities were not available at the time they were fixed, but now they are. -- Simon McVittie <smcv@debian.org> Sat, 20 Mar 2021 15:35:19 +0000 glib2.0 (2.66.7-2) unstable; urgency=medium * d/changelog: Add bug numbers for integer overflows in previous versions * Add patches to fix a symlink attack affecting file-roller. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, previously it would have also created the target of the symlink as an empty file, which could conceivably be security-sensitive if the symlink is attacker-controlled. (Closes: #984969; CVE-2021-28153) -- Simon McVittie <smcv@debian.org> Thu, 11 Mar 2021 10:23:38 +0000 glib2.0 (2.66.7-1) unstable; urgency=high * New upstream release - Fix another regression caused by the GHSL-2021-045 fixes in 2.66.6 - Warn and fail on integer overflow in g_byte_array_new_take() for arrays larger than G_MAXUINT (Closes: #982779; CVE-2021-27218) - Disallow using currently-undefined D-Bus connection or server flags, to prevent forward-compatibility problems with new security-sensitive flags that are likely to be introduced in GLib 2.68 * Drop previous patches for GHSL-2021-045 regressions, applied upstream -- Simon McVittie <smcv@debian.org> Thu, 11 Feb 2021 17:08:14 +0000 glib2.0 (2.66.6-2) unstable; urgency=high * d/patches: Add proposed fixes for regressions in 2.66.6. Two functions that took either a positive length, or -1 to indicate strlen(), had assertions with the wrong sense in 2.66.6, causing some valid uses of those functions to regress. * d/p/debian/61_glib-compile-binaries-path.patch: Remove. This patch turns out to be unnecessary, and is harmful for cross-compiling. Thanks to Helmut Grohne (Closes: #982213) * Set high urgency to get the regression fixes into bullseye -- Simon McVittie <smcv@debian.org> Mon, 08 Feb 2021 19:43:08 +0000 glib2.0 (2.66.6-1) unstable; urgency=high * New upstream release - Fix various integer overflows, some of them potentially exploitable (Closes: #982778; CVE-2021-27219, GHSL-2021-045) -- Simon McVittie <smcv@debian.org> Thu, 04 Feb 2021 20:24:20 +0000 glib2.0 (2.66.5-1) unstable; urgency=medium * New upstream release, equivalent to 2.66.4-27-g0051c0635 * Drop patches that were applied upstream -- Simon McVittie <smcv@debian.org> Wed, 03 Feb 2021 19:16:01 +0000 glib2.0 (2.66.4-4) unstable; urgency=medium * d/patches: Update patch series to upstream commit 2.66.4-27-g0051c0635 - Improve test coverage for #977961 - Stop valgrind reporting memory leaks in GSpawn in most cases - Partially revert security hardening from 2.66.4-2: allow DBUS_SESSION_BUS_ADDRESS to be taken from the environment by setcap executables (to avoid regressing gnome-keyring) and by setgid executables (to avoid regressing msmtp). (Closes: #981420, #981555) Note that this is likely to be reverted in GLib 2.70.x to provide better hardening. The D-Bus session bus is not designed to be used by processes that have elevated privileges. -- Simon McVittie <smcv@debian.org> Wed, 03 Feb 2021 13:55:41 +0000 glib2.0 (2.66.4-3) unstable; urgency=medium * Improve patch for #977961, and add basic test coverage -- Simon McVittie <smcv@debian.org> Thu, 28 Jan 2021 19:05:50 +0000 glib2.0 (2.66.4-2) unstable; urgency=medium * d/patches: Update patch series to upstream commit 2.66.4-18-g872181c4f (excluding Windows-specific changes) - Security hardening: in GIO, ignore various environment variables if GIO is (inadvisably) used in a setuid process without sanitizing the environment first, similar to CVE-2012-3524 - Reject very long date strings early, instead of spending time normalizing and parsing them - Fix recursion in GPrivate * d/p/spawn-Don-t-set-a-search-path-if-we-don-t-want-to-search-.patch: Make the g_spawn family only search PATH if G_SPAWN_SEARCH_PATH is used. Previously, they would sometimes search /usr/bin:/bin:. for an executable they should have only loaded from the current working directory. In particular, this made gtk+3.0 fail its build-time tests if ImageMagick display(1) happened to be installed. (Closes: #977961) -- Simon McVittie <smcv@debian.org> Wed, 27 Jan 2021 11:33:06 +0000 glib2.0 (2.66.4-1) unstable; urgency=medium * New upstream release -- Simon McVittie <smcv@debian.org> Fri, 18 Dec 2020 17:26:51 +0000 glib2.0 (2.66.3-2) unstable; urgency=medium * Apply packaging changes from experimental to unstable: - postinst: Clean up outdated copies of GLib if present, to avoid infrequent upgrade issues on non-merged-/usr systems. See #911225 and #949395 for more information. (Closes: #896019, #954960, #955331) * Add myself to Uploaders * Standards-Version: 4.5.1 (no changes required) * Swap Homepage field to something more GLib-specific * d/gbp.conf: Change upstream branch to upstream/2.66.x. 2.67.0 was already released, so it's inaccurate to say that 2.66.x is the latest. -- Simon McVittie <smcv@debian.org> Wed, 02 Dec 2020 12:28:42 +0000 glib2.0 (2.66.3-1+exp1) experimental; urgency=medium * Merge from unstable -- Simon McVittie <smcv@debian.org> Thu, 19 Nov 2020 20:47:54 +0000 glib2.0 (2.66.3-1) unstable; urgency=medium * Team upload * New upstream release - Improve performance of processing files hidden via ./.hidden - All other changes were already included in 2.66.2-1 * Drop patches that were cherry-picked from upstream * Stop reverting gtk-doc dependency version. We now have a suitable gtk-doc in Debian. * Drop a patch that was not applied upstream. This was hoped to be a workaround for intermittent test failures, but doesn't seem to have had the desired effect in practice. * Mark the DBUS_COOKIE_SHA1 parts of gdbus-server-auth test as flaky. This is not reliable enough to always pass on buildds, but is too intermittent to be able to reproduce the failure in a development environment, and DBUS_COOKIE_SHA1 is not an important enough feature to justify failing the build for this. As with other flaky tests, we still run this as an autopkgtest in an attempt to get more useful information, but we ignore failure. -- Simon McVittie <smcv@debian.org> Thu, 19 Nov 2020 11:11:06 +0000 glib2.0 (2.66.2-1+exp1) experimental; urgency=medium * Branch for experimental * postinst: Clean up outdated copies of GLib to avoid infrequent upgrade issues on non-merged-/usr systems (Closes: #896019, #954960, #955331) -- Simon McVittie <smcv@debian.org> Sun, 01 Nov 2020 13:11:00 +0000 glib2.0 (2.66.2-1) unstable; urgency=medium * Team upload * New upstream release - Add some missing (nullable) and (not nullable) annotations * Drop patches that were cherry-picked from upstream * Update patch series to upstream 2.66.2-9-g4daaf303a - Fix race in socketclient-slow test - Cope with sending fds in a D-Bus message that takes multiple writes - Don't skip updating polled fd sources - Add G_GNUC_PRINTF annotation to g_trace_mark() * d/p/glib-tests-fileutils-Make-more-use-of-g_assert_no_errno.patch, d/p/glib-tests-fileutils-Fix-expectations-when-running-as-roo.patch: Add proposed patch to fix a test failure when running as root (Closes: #973271) * d/rules: Remove migration path from legacy -dbg package. This was most recently shipped in Debian 9, and we don't support upgrades from anything older than Debian 10. * Drop obsolete workaround for #887629. We don't support upgrades from versions older than Debian 10, so we can drop workarounds that were only relevant for the upgrade from 9 to 10. -- Simon McVittie <smcv@debian.org> Sat, 31 Oct 2020 13:54:56 +0000 glib2.0 (2.66.1-2) unstable; urgency=medium * Cherry-pick patches from the glib-2-66 branch upstream - Fixes the regression called out in 2.66.1-1's changelog. * Add-a-test-for-the-6-days-until-EOM-bug.patch, Fix-the-6-days-until-the-end-of-the-month-bug.patch: Cherry-pick upstream mr!1705 to not break on timezones built with `zic -b slim` -- Iain Lane <laney@debian.org> Fri, 16 Oct 2020 17:38:50 +0100 glib2.0 (2.66.1-1) unstable; urgency=medium * Team upload * New upstream release - A performance problem where timezones were reloaded from disk every time a GTimeZone was created has been fixed (upstream issue #2204), but this means that changes to /etc/localtime will not take effect until a process restarts. Future changes in a subsequent 2.66.x release will improve this. - Security fix for incorrect scope/zone ID parsing in URIs - Fix invalid Pointer Arithmetic in g_path_get_basename - Fix cookie lifetimes in GDBus DBUS_COOKIE_SHA1 mechanism - Fix faulty logic in DNS TXT record parsing - trash portal: Handle portal failures - gio-tool-trash: Prevent recursion to speed up emptying trash - glist: Clarify that g_list_free() and friends only free an entire list - gdatetime: Avoid integer overflow creating dates too far in the past - Translation updates * d/p/glocalfile-Never-require-G_LOCAL_FILE_STAT_FIELD_ATIME.patch, d/p/gdbusauthmechanismsha1-Use-the-same-timeouts-as-libdbus.patch: Drop patches that were applied upstream -- Simon McVittie <smcv@debian.org> Mon, 12 Oct 2020 09:31:27 +0100 glib2.0 (2.66.0-2) unstable; urgency=medium * Team upload * d/p/glocalfile-Never-require-G_LOCAL_FILE_STAT_FIELD_ATIME.patch: Add proposed patch to fix file copying on ZFS and CIFS (Closes: #970228) * d/p/gdbus-server-auth-Don-t-usually-test-non-EXTERNAL-repeate.patch: Add proposed patch to work around DBUS_COOKIE_SHA1 test failures * d/p/Revert-gtk-doc-dependency-to-1.32.patch: Move to debian subdirectory. This patch is not intended to go upstream. -- Simon McVittie <smcv@debian.org> Tue, 15 Sep 2020 22:12:49 +0100 glib2.0 (2.66.0-1) unstable; urgency=medium * Team upload * New upstream stable release - Fix missing tab in makefile rule - guri: Fix user passed to g_uri_split_with_user() not being NULL'd - Translation updates: * d/watch: Only watch for stable releases * d/p/gdbusauthmechanismsha1-Use-the-same-timeouts-as-libdbus.patch: Add patch to fix intermittent test failures on slower architectures. This narrowly missed the upstream code freeze, and should be in 2.66.1. -- Simon McVittie <smcv@debian.org> Fri, 11 Sep 2020 09:18:58 +0100 glib2.0 (2.65.3-1) experimental; urgency=medium * New upstream release + Fixes to the new `statx()` calls — note that since GLib 2.65.2 uses `statx()` (if available) instead of `stat()`/`fstat()`/`lstat()`/`fstatat()`, syscall sandboxing for third party applications might need to be updated + Also includes "Fix splice behavior on cancellation", a fix for a bug which was affecting tracker - particularly its autopkgtests. -- Iain Lane <laney@debian.org> Thu, 03 Sep 2020 18:55:20 +0100 glib2.0 (2.65.2-1) experimental; urgency=medium * Team upload * New upstream development release * d/rules: Run gtk-doc checks, even if building indep-only. Previously we would only run the gtk-doc checks if building architecture-dependent and -independent packages in the same build, which is done on Ubuntu amd64 buildds, but not on any Debian buildds. * Reduce dependency to the version of gtk-doc-tools from unstable. Instead of being some random snapshot from upstream git, this is the last release plus some selected patches. In particular, it has enough fixes to make the gtk-doc tests pass (Closes: #968975). * d/libglib2.0-tests.lintian-overrides: Update -- Simon McVittie <smcv@debian.org> Tue, 25 Aug 2020 12:44:02 +0100 glib2.0 (2.65.1-1) experimental; urgency=medium [ Sebastien Bacher ] * debian/control.in: - let libglib2.0-tests Depends on libglib2.0-0 (= ${binary:Version}), otherwise we can end up with failures due to out of sync versions [ Simon McVittie ] * d/shlibs.local: Upgrade all binary packages in lockstep. Like many projects where one source package builds multiple binary packages, GLib has private headers that share non-public interfaces between its binary packages. Instead of setting this up for individual binary packages, we can tell dpkg-shlibdeps to generate lockstep dependencies whenever one of our binary packages depends on our shared libraries. * d/watch, d/control.in, d/gbp.conf: Branch for experimental * New upstream development release - Require the experimental version of gtk-doc-tools. GLib 2.65.x requires a version that hasn't been released yet. - Update symbols file - Drop patches that were applied upstream -- Simon McVittie <smcv@debian.org> Fri, 07 Aug 2020 15:44:34 +0100 glib2.0 (2.64.4-1) unstable; urgency=medium * Team upload * New upstream release - Improve async-signal-safety * d/tests/build: Don't exercise static linking for GIO. libmount will no longer support being linked statically from 2.35.2-8 onwards. For now I'm continuing to test that the other libraries can still be statically linked, but please consider them to be "at risk". (Closes: #963933) * Re-enable libmount support. libmount no longer depends on libcryptsetup, avoiding the various crashes that we are working around. Future versions will dlopen it on-demand, which should also avoid those crashes. Bump the build-dependency to a suitable version. * d/p/tests-Use-g_assert_-in-cancellable-test-rather-than-g_ass.patch, d/p/gcancellable-Fix-minor-race-between-GCancellable-and-GCan.patch: Split combined d/p/git_gsource_segfault.patch into its two component upstream commits, and add metadata * d/p/glib-compile-resources-Fix-exporting-on-Visual-Studio.patch, d/p/gdesktopappinfo-Fix-unnecessarily-copied-and-leaked-URI-l.patch: Add post-release bugfixes from upstream -- Simon McVittie <smcv@debian.org> Tue, 07 Jul 2020 13:33:01 +0100 glib2.0 (2.64.3-2) unstable; urgency=medium * Team upload * Temporarily disable libmount support. Recent Debian revisions of libmount pull in libcryptsetup as a dependency, for dm-verity support. libcryptsetup depends on json-c and OpenSSL, causing crashes due to symbol conflicts with other JSON libraries (jansson and json-glib, for example in firewalld and virt-manager) and with statically-linked copies of OpenSSL (for example in Steam and Minecraft). Until this is resolved in some other way, disable libmount and parse /etc/fstab and /proc/mounts ourselves, as we do in libglib2.0-udeb. Mitigates: #963933, #963932, #963525, #963721 -- Simon McVittie <smcv@debian.org> Thu, 02 Jul 2020 10:05:03 +0100 glib2.0 (2.64.3-1) unstable; urgency=medium * Team upload [ Laurent Bigonville ] * Drop the libgio-fam package, and install the fam GIO plugin in libglib2.0-0 on Hurd ports. See: #885011 (Closes: #875915) * Stop building the libgio-fam package on kFreeBSD ports. It is no longer necessary now that gkqueuefilemonitor is available. [ Simon McVittie ] * Clarify changelog entry regarding Hurd and kFreeBSD * New upstream stable release -- Simon McVittie <smcv@debian.org> Fri, 29 May 2020 20:24:33 +0100 glib2.0 (2.64.2-1) unstable; urgency=medium [ Simon McVittie ] * Add Breaks on older versions of gimp, which used a syntactically invalid property name in a plugin, and would crash when GObject rejects syntactically invalid property names [ Sebastien Bacher ] * New upstream release * debian/patches/git_gsource_segfault.patch: - backport an upstream git change to fix a signal handler disconnect segfault situation (lp: #1872153) -- Sebastien Bacher <seb128@ubuntu.com> Wed, 15 Apr 2020 23:01:50 +0200 glib2.0 (2.64.1-1) unstable; urgency=medium * Team upload * New upstream stable release * d/p/tests-Skip-MemoryMonitor-test-if-GObject-Introspection-is.patch: Drop patch, applied upstream * Add Breaks on glib-networking-tests older than 2.63.2. Those versions had a test that relied on TLS version fallback behaviour that has now been removed. (Closes: #953766) -- Simon McVittie <smcv@debian.org> Sun, 15 Mar 2020 18:39:17 +0000 glib2.0 (2.64.0-2) unstable; urgency=medium * Team upload * Merge packaging changes from unstable with new upstream release from experimental * d/control.in: Add Breaks on libgladeui-2-6 before 3.22.2. Older versions used a syntactically invalid property name "support warning", which GObject used to canonicalize to "support-warning". GLib 2.64 made this check more strict (see #953010). -- Simon McVittie <smcv@debian.org> Tue, 10 Mar 2020 21:22:18 +0000 glib2.0 (2.64.0-1) experimental; urgency=medium * Team upload * New upstream release - Fixes a vulnerability where GSocketClient sometimes forgot to use a configured proxy (CVE-2020-6750, Closes: #948554) - Stop installing gio-launch-desktop, which no longer exists - d/p/docs-Don-t-install-object-manager-example-separately.patch: Drop, applied upstream * d/p/debian/testfilemonitor-Skip-if-we-are-avoiding-flaky-tests.patch: Treat testfilemonitor as a flaky test * Standards-Version: 4.5.0 (no changes required) * New upstream release * d/p/tests-Skip-MemoryMonitor-test-if-GObject-Introspection-is.patch: Skip MemoryMonitor test if GObject-Introspection is too old to know it * Install a shell script implementation of the old gio-launch-desktop executable. While not required for *this* GLib, it is required by old processes that already had the old GLib (2.57.2 to 2.63.5) in memory before the upgrade. This can be removed after Ubuntu 20.04 and Debian 11 are both released. -- Simon McVittie <smcv@debian.org> Fri, 28 Feb 2020 17:16:04 +0000 glib2.0 (2.63.5-2) experimental; urgency=medium * Skip-unreliable-gdbus-threading-tests--by-default.patch: Skip all of gdbus-threading test_method_calls_in_thread() has become (more?) unreliable too. When skipped, the test bus doesn't get torn down properly - it times out. Let's stop running these tests for now, until they are made reliable. -- Iain Lane <laney@debian.org> Wed, 19 Feb 2020 17:16:16 +0000 glib2.0 (2.63.5-1) experimental; urgency=medium [ Iain Lane ] * New upstream release [ Philip Withnall ] * Rework 01_gettext-desktopfiles.patch to not add new public API. Downstreams should not be adding new public API to GLib. From some code searching, this doesn’t appear to be used in more than one or two places, so won’t be too inconvenient to drop. The original patch should either be upstreamed (I’d be open to some form of it, if there’s still evidence it’s useful) or dropped. If it’s upstreamed, the new keys should be standardised. The alternative to this was to document the added public API; its addition was causing the new gtk-doc tests in GLib to fail. * Bump gtk-doc-tools dependency to >= 1.32-4 as GLib requires some fixes pushed to gtk-doc after its 1.32 release. * control: Bump Meson dependency to >= 0.52.0 for building the documentation * Drop PKCS#11 APIs added in 2.63.1 (not stable yet) - g_tls_certificate_new_from_pkcs11_uris() * Remove patches applied upstream: - tests-Skip-GMemoryMonitor-tests-if-the-dbusmock-template-.patch - tests-optional-portal.patch * d/p/docs-Don-t-install-object-manager-example-separately.patch: Add patch from upstream to disable incorrect installation of some example documentation * Rework libmount Meson argument as it’s now a feature; see !1344 upstream -- Iain Lane <laney@debian.org> Mon, 17 Feb 2020 17:47:17 +0000 glib2.0 (2.63.3-3) experimental; urgency=medium * debian/control.in: - lower the libglib2.0-tests Depends on xdg-desktop-portal to a Recommends since the portal is not available on some architectures * debian/patches/tests-optional-portal.patch: - skip the new memory monitor tests if the portal is not available, that allows the tests to be still successful on architectures were the portal is not available (e.g Ubuntu/i386) -- Sebastien Bacher <seb128@ubuntu.com> Wed, 22 Jan 2020 09:36:27 +0200 glib2.0 (2.63.3-2) experimental; urgency=medium * debian/control.in: - libglib2.0-tests Depends on xdg-desktop-portal, it's required by the new low memory tests (and got enabled by the new python-dbusmock) -- Sebastien Bacher <seb128@ubuntu.com> Thu, 16 Jan 2020 10:28:46 +0100 glib2.0 (2.63.3-1) experimental; urgency=medium [ Iain Lane ] * New upstream release + Add a `--glib-min-version` argument to `gdbus-codegen` which controls breaks in the API of generated code + Add `g_clear_list()` API to clear `GList`s to `NULL` + Add a `GMemoryMonitor` API to be notified of memory pressure situations using the low-memory-monitor project + Add support for dispose functions for `GSource` implementations + Tighten up validation of GObject signal and property names, allowing performance improvements * debian/tests/build: Style fixes, thanks to shellcheck. * d/p/d/Disable-some-tests-on-slow-architectures-which-keep-faili.patch: Rebase. Upstream have disabled these tests by default too (unless slow mode is enabled), so we don't need to add a patch to do a similar thing. * debian/libglib2.0-0.symbols: New symbols for 2.63.3 * d/p/tests-Skip-GMemoryMonitor-tests-if-the-dbusmock-template-.patch: Add. We don't have a new enough dbusmock in Debian at the minute (one is not released yet). Skip the test if the required template isn't available. * control: Add Depends for the new memory-monitor tests. There are new tests, written in python, for GMemoryMonitor. They require dbus-python, pygobject, and the GI bindings for GLib and GIO. [ Steve Langasek ] * debian/tests/build: Make cross-test friendly autopkgtest is soon to get a `-a ARCHITECTURE` switch, which will cross-test autopkgtests. This is to be detected by the presence of the `dpkg-architecture`-style family of variables being set in the environment. For build tests like `glib2.0`'s `build` test, this means that we should test "${DEB_HOST_ARCH}" and invoke the cross toolchain as necessary. (Closes: #946355) -- Iain Lane <laney@debian.org> Wed, 18 Dec 2019 14:02:00 +0000 glib2.0 (2.63.2-1) experimental; urgency=medium * Team upload * Merge packaging changes from unstable - Support for pkg.glib2.0.noinsttest build profile * d/control.in: Refer to debian/experimental branch. This avoids false-positive warnings from vcswatch. * New upstream release - Drop patches that were applied upstream * Rename pkg.glib2.0.noinsttest build profile to noinsttest. This is now registered on <https://wiki.debian.org/BuildProfileSpec>. * Update symbols file -- Simon McVittie <smcv@debian.org> Sat, 30 Nov 2019 10:55:48 +0000 glib2.0 (2.63.1-2) experimental; urgency=medium * d/p/Revert-glocalfileinfo-Only-return-file-mode-not-type-as-U.patch: Revert "glocalfileinfo: Only return file mode, not type, as UNIX_MODE attribute" This reverts commit bfdc5fc4fc84ef8518d2d1a328c8482cf5a38e98. This commit changes the semantics of the `unix::mode` attribute, which some things (the one we've noticed is ostree) rely on. * d/p/test_copy_preserve_mode-Adjust-for-revert-semantics.patch: test_copy_preserve_mode: Adjust for revert semantics. Now we're returning the file type again, we need to mask it out to compare with the mode. -- Iain Lane <laney@debian.org> Mon, 18 Nov 2019 13:59:35 +0000 glib2.0 (2.63.1-1) experimental; urgency=medium * New upstream release - Add `g_array_steal()`, `g_ptr_array_steal()` and `g_byte_array_steal()` APIs - Add `g_get_os_info()` API - Add `GMainContextPusher` API - Add `g_warning_once()` API - Allow passing empty `GValue`s to `g_param_value_set_default()` - Always resolve `localhost` to loopback address in `GResolver` - Escape header guards generated by `gdbus-codegen` better - Fix crash in `g_spawn()` with high FD numbers due to use of `select()` rather than `poll()` - Limit recursion in `g_variant_parse()` - Several usability improvements to command line `gio` tool * debian/libglib2.0-0.symbols: Add new symbols for this release * debian/patches/*: - Drop backports we had which are in this release. - Update to upstream master at cc1b53f74. There are several test fixes that we might as well grab now. -- Iain Lane <laney@debian.org> Wed, 06 Nov 2019 16:37:24 +0000 glib2.0 (2.62.5-1) unstable; urgency=medium * Team upload * New upstream release - Fixes a vulnerability where GSocketClient sometimes forgot to use a configured proxy (CVE-2020-6750, Closes: #948554) * Build-depend on libnss-myhostname | netbase if running tests. This is an attempt to work around localhost not being a resolvable name in some build environments, notably reproducible-builds. (See #948834) * Put the result of `getent ahosts localhost` and `getent ahosts $(hostname)` in the build log, to check whether those names are resolvable in the build environment. * d/p/debian/testfilemonitor-Skip-if-we-are-avoiding-flaky-tests.patch: Treat testfilemonitor as a flaky test * Standards-Version: 4.5.0 (no changes required) -- Simon McVittie <smcv@debian.org> Tue, 25 Feb 2020 12:19:00 +0000 glib2.0 (2.62.4-2) unstable; urgency=medium * Team upload * Adjust dependencies to avoid broken partial upgrades on arm64 during libffi7 transition: - Bump versioned Depends on libffi-dev to get a guarantee that we'll depend on libffi7 - Add Breaks on libgirepository-1.0-1 (<< 1.62.0-4~) so we cannot get a GObject built with libffi7 but a libgirepository built with libffi6 -- Simon McVittie <smcv@debian.org> Mon, 03 Feb 2020 15:12:40 +0100 glib2.0 (2.62.4-1) unstable; urgency=medium * Team upload [ Steve Langasek ] * debian/tests/build: Make cross-test friendly (Closes: #946355) [ Iain Lane ] * debian/tests/build: Style fixes [ Simon McVittie ] * New upstream release -- Simon McVittie <smcv@debian.org> Mon, 30 Dec 2019 13:01:04 +0000 glib2.0 (2.62.3-2) unstable; urgency=medium * Team upload * Rename pkg.glib2.0.noinsttest build profile to noinsttest. This is now registered on <https://wiki.debian.org/BuildProfileSpec>. -- Simon McVittie <smcv@debian.org> Sun, 01 Dec 2019 16:05:01 +0000 glib2.0 (2.62.3-1) unstable; urgency=medium * Team upload * New upstream release - Drop patches that were applied upstream * Don't build libglib2.0-tests under pkg.glib2.0.noinsttest build profile. This is a prototype of the proposed standard build profile noinsttest. If the build profiles include both nocheck and pkg.glib2.0.noinsttest, we can drop the libdbus-1-dev build-dependency without harming test coverage or altering the contents of binary packages. * d/gbp.conf: Use upstream/2.62.x branch -- Simon McVittie <smcv@debian.org> Mon, 25 Nov 2019 08:47:58 +0000 glib2.0 (2.62.2-3) unstable; urgency=medium * Team upload [ Iain Lane ] * control: Drop `debian/experimental` from Vcs-* [ Simon McVittie ] * Build-depend on libdbus-1-dev for better test coverage * Update to upstream commit 2.62.2-28-g3cf25070e: - d/p/goption-Relax-assertion-to-avoid-being-broken-by-kdeinit5.patch: Fix assertion failure when called from a process that overwrites its argv, such as kdeinit5 - d/p/gdbus-peer-Specifically-listen-on-127.0.0.1.patch: Improve reliability of gdbus-peer test in some container environments - d/p/gdbusserver-Delete-socket-and-nonce-file-when-stopping-se.patch, d/p/gdbusserver-Keep-a-strong-reference-to-the-server-in-call.patch, d/p/gdbusauthmechanismsha1-Remove-unnecessary-g_warning-calls.patch, d/p/gdbusauthmechanismsha1-Create-.dbus-keyrings-directory-re.patch, d/p/tests-Move-main-loop-and-test-GUID-into-test-functions-in.patch, d/p/tests-Isolate-directories-in-gdbus-peer-test.patch, d/p/gdbus-peer-test-Improve-diagnostics-if-g_rmdir-fails.patch, d/p/gdbus-peer-test-Stop-GDBusServer-before-tearing-down-temp.patch, d/p/gdbus-peer-test-Use-unix-dir-address-if-exact-format-does.patch, d/p/gdbus-server-auth-test-Create-temporary-directory-for-Uni.patch: Mark as applied upstream in 2.62.x branch * d/p/gdbus-server-auth-test-Include-gcredentialsprivate.h.patch: Apply patch from 2.63.x to fix missing coverage in test for #941018 * d/p/Make-ld-executable-configurable.patch: Apply patch from 2.63.x to use cross ld where necessary * d/p/gdbus-server-auth-test-Create-temporary-directory-for-Uni.patch: Mark as applied upstream in 2.63.x branch * Improve patch metadata: use more URLs for bug references -- Simon McVittie <smcv@debian.org> Wed, 06 Nov 2019 09:02:14 +0000 glib2.0 (2.62.2-2) unstable; urgency=medium * Team upload * Update to upstream commit 2.62.2-14-gfcbb88823: - d/p/gdesktopappinfo-Allocate-DesktopFileDir-structs-dynamical.patch, d/p/gdesktopappinfo-Cancel-file-monitor-when-resetting-a-Desk.patch, d/p/glocalfilemonitor-Keep-a-weak-ref-to-the-monitor-in-GFile.patch: Fix intermittent test failures for GDesktopAppInfo (Closes: #941550) - d/p/gvariant-Limit-recursion-in-g_variant_parse.patch: Ensure that parsing a text-format GVariant does not run out of stack space - d/p/tests-Use-objcopy-from-the-cross-compilation-file-if-conf.patch, d/p/docs-Add-objcopy-to-example-cross-compilation-file.patch: Use the appropriate architecture's objcopy when cross-compiling - d/p/gtestutils-Add-additional-non-NULL-check-in-g_assert_cmpm.patch: Avoid false positive NULL dereference warnings in g_assert_cmpmem() - d/p/gspawn-Port-to-g_poll-from-select.patch: Fix launching subprocesses when a very large number of fds are open - d/p/gcredentialsprivate-Document-the-various-private-macros.patch, d/p/credentials-Invalid-Linux-struct-ucred-means-no-informati.patch, d/p/GDBus-prefer-getsockopt-style-credentials-passing-APIs.patch: Ensure libdbus clients can authenticate with a GDBusServer like the one in ibus (Closes: #941018) * d/p/gdbusserver-Delete-socket-and-nonce-file-when-stopping-se.patch, d/p/gdbusserver-Keep-a-strong-reference-to-the-server-in-call.patch, d/p/Add-a-test-for-GDBusServer-authentication.patch: Backport regression test for #941018 from upstream git master * d/p/gdbusauthmechanismsha1-Remove-unnecessary-g_warning-calls.patch, d/p/gdbusauthmechanismsha1-Create-.dbus-keyrings-directory-re.patch, d/p/tests-Move-main-loop-and-test-GUID-into-test-functions-in.patch, d/p/tests-Isolate-directories-in-gdbus-peer-test.patch: Backport reliability fixes for gdbus-peer test from upstream git master * d/p/gdbus-peer-test-Improve-diagnostics-if-g_rmdir-fails.patch, d/p/gdbus-peer-test-Stop-GDBusServer-before-tearing-down-temp.patch, d/p/gdbus-peer-test-Use-unix-dir-address-if-exact-format-does.patch, d/p/gdbus-server-auth-test-Create-temporary-directory-for-Uni.patch: Add some proposed patches to improve GDBus unit tests * d/p/debian/mimeapps-test-Mark-as-flaky.patch: Drop patch, hopefully no longer needed with #941550 fixed * d/p/debian/taptestrunner-Stop-looking-like-an-executable-script.patch: Make taptestrunner non-executable to avoid a Lintian warning -- Simon McVittie <smcv@debian.org> Wed, 30 Oct 2019 08:45:56 +0000 glib2.0 (2.62.2-1) unstable; urgency=medium * New upstream release + Fixes use after free when calling g_dbus_connection_flush_sync() in a dedicated thread (LP: #1848202) -- Iain Lane <laney@debian.org> Fri, 25 Oct 2019 10:54:42 +0100 glib2.0 (2.62.1-1) unstable; urgency=medium * Team upload * d/watch: Only watch for even-numbered (stable) releases * New upstream release - Fix regression that made G_FILE_COPY_TARGET_DEFAULT_PERMS result in private permissions rather than respecting umask (Closes: #505398) - d/p/g_file_info_get_modification_date_time-Calculate-in-integ.patch, d/p/Always-build-tests-if-we-enabled-installed-tests.patch: Drop patches that were applied upstream * d/p/debian/mimeapps-test-Mark-as-flaky.patch: Mark mimeapps test as flaky (see #941550) -- Simon McVittie <smcv@debian.org> Mon, 07 Oct 2019 09:46:24 +0100 glib2.0 (2.62.0-3) unstable; urgency=medium * Team upload * Merge packaging from 2.60.x branch previously in unstable - No changes since 2.62.0-2, except in d/changelog - d/p/debian/Disable-an-optimization-when-building-with-gcc-9.patch: Remove workaround for #931921, which turned out to be a clutter bug * d/p/Always-build-tests-if-we-enabled-installed-tests.patch: Add patch to fix installation of installed-tests in cross-builds (Closes: #941509) * d/p/g_file_info_get_modification_date_time-Calculate-in-integ.patch: Add patch to fix intermittent g-file-info test failures on i386 (Closes: #941547) * libglib2.0-dev: Suggest libgirepository1.0-dev, for the GIR files (Closes: #914152) * d/gbp.conf: Use debian/master branch * Standards-Version: 4.4.1 (no changes required) -- Simon McVittie <smcv@debian.org> Wed, 02 Oct 2019 09:13:12 +0100 glib2.0 (2.60.6-2) unstable; urgency=medium * Team upload * d/rules: Edit debcrossgen output instead of using a modified version. This fixes use of CFLAGS, etc. during cross-compilation. (Closes: #933560) * Remove obsolete permissions fixing. Issue 1539 was fixed upstream. * d/p/debian/Disable-an-optimization-when-building-with-gcc-9.patch: Disable an optimization when building with gcc-9, instead of forcing gcc-8. This avoids depending on an old gcc, and should be easier to deal with for cross-compilation. (Workaround for #931921) * d/p/gmessages-Only-use-structured-logs-if-GLIB_VERSION_MAX_AL.patch: Update to upstream glib-2-60 branch at commit 2.60.6-2-ga365528f6 - Don't use structured logging if GLIB_VERSION_MAX_ALLOWED < 2.56 -- Simon McVittie <smcv@debian.org> Tue, 13 Aug 2019 10:32:40 +0100 glib2.0 (2.62.0-2) unstable; urgency=medium * Team upload. * Upload to unstable. (Closes: #940161) -- Andreas Henriksson <andreas@fatal.se> Mon, 30 Sep 2019 12:33:16 +0200 glib2.0 (2.62.0-1) experimental; urgency=medium * New upstream release + Fix new `GFileInfo` APIs to work when `G_FILE_ATTRIBUTE_TIME_MODIFIED_USEC` was not queried -- Iain Lane <laney@debian.org> Mon, 09 Sep 2019 15:41:48 +0100 glib2.0 (2.61.3-1) experimental; urgency=medium * New upstream release * d/p: Drop cherry-picks from upstream branch which we now have * d/p/d/Disable-an-optimization-when-building-with-gcc-9.patch: Drop, clutter has been fixed now (thanks Simon) * d/p/*: Refresh via gbp-pq as necessary -- Iain Lane <laney@debian.org> Wed, 04 Sep 2019 17:29:23 +0100 glib2.0 (2.61.2-2) experimental; urgency=medium * Team upload * d/p/cond-test-Don-t-make-assumptions-about-struct-sigaction-m.patch: Add proposed patch to fix FTBFS due to a test failure on mips* -- Simon McVittie <smcv@debian.org> Tue, 13 Aug 2019 10:29:29 +0100 glib2.0 (2.61.2-1) experimental; urgency=medium * Team upload * New upstream release * d/patches: Update to upstream git master, commit 2.61.2-23-g870b30bd7 - Fix regression in g_mkdir_with_permissions() - Fix a memory leak - Update translations: es, id, ro * Merge changes from unstable * Refresh patch series * d/p/debian/06_thread_test_ignore_prctl_fail.patch: Use g_test_skip() when skipping test * d/p/GIO-tests-Don-t-do-clever-tricks-with-objcopy.patch: Drop workaround for #932287, and build-depend on fixed binutils on mips64el instead * d/rules: Edit debcrossgen output instead of using a modified version. This fixes use of CFLAGS, etc. during cross-compilation. (Closes: #933560) * d/libglib2.0-0.symbols: Update * Remove obsolete permissions fixing. Issue 1539 was fixed upstream. * libglib2.0-tests: Depend on libglib2.0-dev-bin. This is required for the new mkenums and genmarshal tests. * d/p/debian/Disable-an-optimization-when-building-with-gcc-9.patch: Disable an optimization when building with gcc-9, instead of forcing gcc-8. This avoids depending on an old gcc, and should be easier to deal with for cross-compilation. (Workaround for #931921) -- Simon McVittie <smcv@debian.org> Mon, 12 Aug 2019 09:32:26 +0100 glib2.0 (2.60.6-1) unstable; urgency=medium * Team upload * New upstream release, functionally equivalent to 2.60.5 with the patches we were already applying - d/p/portal-Add-a-getter-for-dconf-access.patch, d/p/settings-Tweak-priorities-for-keyfile-backend.patch, d/p/key-file-Handle-filename-being-NULL.patch: Drop, applied upstream * d/p/tests-Fix-data-race-in-gmenumodel-test.patch, d/p/tests-Fix-data-race-in-task-test.patch: Add patches from upstream git master to fix data races in tests. In particular, the one for gmenumodel might solve an unreproducible test failure on i386 (see #932678). * d/p/debian/gmenumodel-test-Mark-as-flaky.patch, d/p/debian/gvariant-test-Don-t-run-at-build-time-on-mips.patch: Skip more tests at build-time and during the non-flaky autopkgtest. The unreproducible gmenumodel test failure on i386 might in fact be fixed by d/p/tests-Fix-data-race-in-gmenumodel-test.patch, but it's hard to be sure about that. The gvariant fuzz test is catastrophically slow on certain mips CPUs and so is impractical to run there. (Closes: #932678) * Standards-Version: 4.4.0 (no changes required) * Use debhelper compat level 12 - Stop explicitly passing -V to dh_makeshlibs, it is now the default - Disable dh_dwz for libglib2.0-udeb. This avoids an apparent debhelper bug in which dh_dwz generates multifiles for udebs, but dh_strip does not remove them from the udeb's staging directory. (Workaround for #933212) * Stop overriding libexecdir. Since FHS 3.0 (Policy 4.1.5), /usr/libexec is considered valid, and since debhelper compat level 12 it is the default. In this particular package this only affects the installed-tests. * Remove an obsolete Lintian override -- Simon McVittie <smcv@debian.org> Sat, 27 Jul 2019 16:57:55 +0100 glib2.0 (2.60.5-1) unstable; urgency=medium * Team upload * Prepare GLib 2.60.x stable branch for unstable * New upstream release * d/p/portal-Add-a-getter-for-dconf-access.patch, d/p/settings-Tweak-priorities-for-keyfile-backend.patch, d/p/key-file-Handle-filename-being-NULL.patch: Add post-release fixes from upstream glib-2-60 branch * d/p/GIO-tests-Don-t-do-clever-tricks-with-objcopy.patch: Don't do strange things with objcopy while testing GResource, while we work out what is going on in mips64el builds. Mitigates: #932287 -- Simon McVittie <smcv@debian.org> Wed, 17 Jul 2019 21:36:30 +0100 glib2.0 (2.61.1-2) experimental; urgency=medium * control, rules: Build with gcc-8. See #931921 - when we're built with gcc-9, some applications that use GLib might start hanging. -- Iain Lane <laney@debian.org> Fri, 12 Jul 2019 11:37:01 +0100 # Older entries have been removed from this changelog. # To read the complete changelog use `apt changelog libglib2.0-doc`.
Generated by dwww version 1.15 on Thu Jun 27 23:19:11 CEST 2024.