-
glib2.0 (2.48.2-0ubuntu4.8) xenial-security; urgency=medium
* SECURITY UPDATE: incorrect g_file_replace() symlink handling
- debian/patches/CVE-2021-28153-pre1.patch: allow g_test_bug() to be
used without g_test_bug_base() in /glib/gtestutils.c.
- debian/patches/CVE-2021-28153-1.patch: fix a typo in a comment in
gio/glocalfileoutputstream.c.
- debian/patches/CVE-2021-28153-2.patch: stop using g_test_bug_base()
in file tests in gio/tests/file.c.
- debian/patches/CVE-2021-28153-3.patch: factor out a flag check in
gio/glocalfileoutputstream.c.
- debian/patches/CVE-2021-28153-4.patch: fix CREATE_REPLACE_DESTINATION
with symlinks in gio/glocalfileoutputstream.c, gio/tests/file.c.
- debian/patches/CVE-2021-28153-5.patch: add a missing O_CLOEXEC flag
to replace() in gio/glocalfileoutputstream.c.
- CVE-2021-28153
-- Marc Deslauriers <email address hidden> Fri, 12 Mar 2021 12:35:32 -0500
-
glib2.0 (2.48.2-0ubuntu4.7) xenial-security; urgency=medium
* SECURITY UPDATE: g_byte_array_new_take length truncation
- debian/patches/CVE-2021-2721x/CVE-2021-27218.patch: do not accept too
large byte arrays in glib/garray.c, glib/gbytes.c,
glib/tests/bytes.c.
- CVE-2021-27218
* SECURITY UPDATE: integer overflow in g_bytes_new
- debian/patches/CVE-2021-2721x/CVE-2021-27219*.patch: add internal
g_memdup2() function and use it instead of g_memdup() in a bunch of
places.
- CVE-2021-27219
-- Marc Deslauriers <email address hidden> Wed, 03 Mar 2021 07:23:43 -0500
-
glib2.0 (2.48.2-0ubuntu4.6) xenial-security; urgency=medium
* No-change rebuild for -security
-- Alex Murray <email address hidden> Tue, 24 Mar 2020 11:28:34 +1030
-
glib2.0 (2.48.2-0ubuntu4.5) xenial; urgency=medium
* d/p/gcredentialsprivate-Document-the-various-private-macros.patch,
d/p/credentials-Invalid-Linux-struct-ucred-means-no-informati.patch,
d/p/GDBus-prefer-getsockopt-style-credentials-passing-APIs.patch:
- Ensure libdbus clients can authenticate with a GDBusServer like
the one in ibus. The patches cherry picked from 2.62.2-2 in focal
in order to allow the ibus fix of CVE-2019-14822 to be re-enabled
without breaking ibus for Qt applications (LP: #1844853).
-- Gunnar Hjalmarsson <email address hidden> Thu, 31 Oct 2019 00:48:00 +0100
-
glib2.0 (2.48.2-0ubuntu4.4) xenial-security; urgency=medium
* SECURITY REGRESSION: regression in last security update (LP: #1838890)
- debian/patches/CVE-2019-13012-regression.patch: fix a
memory leak introduced by the last security update while
not properly handled the g_file_get_patch function in
gio/gkeyfilesettingsbackend.c.
-- <email address hidden> (Leonidas S. Barbosa) Mon, 05 Aug 2019 12:09:36 -0300
-
glib2.0 (2.48.2-0ubuntu4.3) xenial-security; urgency=medium
* SECURITY UPDATE: Not properly restrict directory and file permissions
- debian/patches/CVE-2019-13012.patch: changes the permissions when
a directory is created, using 700 instead 777 in
gio/gkeyfilesettingsbackend.c and changes test to run in a temp
directory in gio/tests/gsettings.c.
- CVE-2019-13012
-- <email address hidden> (Leonidas S. Barbosa) Wed, 03 Jul 2019 15:24:33 -0300
-
glib2.0 (2.48.2-0ubuntu4.2) xenial-security; urgency=medium
* SECURITY UPDATE: Less restrictive permissions during copying
- debian/patches/CVE-2019-12450.patch: limit access to file when
copying in file_copy_fallback in file gio/gfile.c.
- CVE-2019-12450
-- <email address hidden> (Leonidas S. Barbosa) Wed, 05 Jun 2019 13:49:53 -0300
-
glib2.0 (2.48.2-0ubuntu4.1) xenial-security; urgency=medium
* SECURITY UPDATE: NULL pointer deference
- debian/patches/CVE-2018-16428.patch: fix in glib/gmarkup.c,
glib/tests/Makefile.am,
glib/tests/markups/fail-51.expected,
glib/tests/markups/fail-51.gmarkup.
- CVE-2018-16428
* SECURITY UPDATE: Read out-of-bounds
- debian/patches/CVE-2018-16429.patch: fix in glib/gmarkup.c and
glib/tests/Makefile.am,
glib/tests/markups/fail-50.expected,
glib/tests/markups/fail-50.gmarkup.
- CVE-2018-16429
-- <email address hidden> (Leonidas S. Barbosa) Mon, 17 Sep 2018 10:58:18 -0300
-
glib2.0 (2.48.2-0ubuntu4) xenial; urgency=medium
* Add a versioned Pre-Depends for dpkg because the libglib2.0-0 -await
trigger requires a newer dpkg than the one in Ubuntu 14.04. (LP: #1784065)
-- Brian Murray <email address hidden> Mon, 30 Jul 2018 08:29:26 -0700
-
glib2.0 (2.48.2-0ubuntu3) xenial; urgency=medium
* tests-gdatetime-Use-a-real-rather-than-invented-timezone.patch:
Cherry-pick upstream fix to make glib2.0 build again and tests
run again with time zone changes.
glib2.0 (2.48.2-0ubuntu2) xenial; urgency=medium
* Convert triggers to noawait (LP: #1780996)
-- Julian Andres Klode <email address hidden> Mon, 16 Jul 2018 11:56:58 +0200
-
glib2.0 (2.48.2-0ubuntu2) xenial; urgency=medium
* Convert triggers to noawait (LP: #1780996)
-- Julian Andres Klode <email address hidden> Tue, 10 Jul 2018 18:17:29 +0200
-
glib2.0 (2.48.2-0ubuntu1) xenial; urgency=medium
* New upstream release (LP: #1637731)
* debian/patches/0001-Fix-trashing-on-overlayfs.patch: Update with new
version from the upsstream report to hopefully fix trashing of files in
directories which are symlinks to different devices. (Closes: #800047)
(LP: #1638245)
-- Iain Lane <email address hidden> Thu, 24 Nov 2016 17:39:06 +0000
-
glib2.0 (2.48.1-1~ubuntu16.04.1) xenial; urgency=medium
* No-change backport of this stable release from unstable to 16.04 (LP:
#1581439)
glib2.0 (2.48.1-1) unstable; urgency=medium
* New upstream release.
* Refresh patches.
* Drop obsolete Conflicts, Breaks and Replaces from pre-wheezy.
* Drop obsolete preinst maintainer scripts which cleaned up the
/usr/share/doc symlinks.
* Drop version requirement for pkg-config dependency. (Closes: #734479)
-- Iain Lane <email address hidden> Fri, 13 May 2016 11:08:45 +0100
-
glib2.0 (2.48.0-1ubuntu4) xenial; urgency=medium
* Revert all Ubuntu changes, testsuite now succeeds on s390x buildds.
-- Adam Conrad <email address hidden> Sun, 10 Apr 2016 14:00:54 -0600
-
glib2.0 (2.48.0-1ubuntu3) xenial; urgency=medium
* Revert the last change, don't run the tests on s390x for a first
build.
-- Matthias Klose <email address hidden> Thu, 31 Mar 2016 20:56:40 +0200
-
glib2.0 (2.48.0-1ubuntu2) xenial; urgency=medium
* Build using -no-pie on s390x.
-- Matthias Klose <email address hidden> Wed, 30 Mar 2016 20:40:27 +0100
-
glib2.0 (2.48.0-1ubuntu1) xenial; urgency=medium
* Build using -no-pic on s390x.
-- Matthias Klose <email address hidden> Wed, 30 Mar 2016 20:40:27 +0100
-
glib2.0 (2.48.0-1) unstable; urgency=medium
* New upstream stable release 2.48.0
+ a minor build fix in the name of determinism (Closes: #812876)
+ a few coverity fixes
-- Iain Lane <email address hidden> Wed, 23 Mar 2016 17:59:23 +0000
-
glib2.0 (2.47.92-1) experimental; urgency=medium
* New upstream release.
-- Iain Lane <email address hidden> Wed, 16 Mar 2016 11:18:53 +0100
-
glib2.0 (2.47.6-1) experimental; urgency=medium
* New upstream release.
- GString is missing (transfer none) annotations on many of its methods
- systemtap and gdb scripts install in wrong place
- Documentation: various small improvements
- gdbusobjectmanagerserver: Clarify recommended ObjectManager paths
- Fix some annotations
- Cannot build with default flags under Fedora rawhide
(-Werror=format-nonliteral)
- gmacros.h is testing attributes with __has_feature (when compiling with
clang)
* debian/libglib2.0-0-dbg.install.in: Upstream now installs the gdb
auto-loaded scripts in the right place by themselves - no need for us to
move them about.
-- Iain Lane <email address hidden> Thu, 18 Feb 2016 14:07:22 +0000
-
glib2.0 (2.47.5-1) experimental; urgency=medium
* debian/watch: Use download.gnome.org, seems ftp.gnome.org is not updating
properly currently.
* New upstream release 2.47.5
+ the system copy of PCRE is now used by default to implement GRegex.
Configure with --with-pcre=internal if a system PCRE version
is unavailable or undesired.
+ interfaces for DTLS support have been added. A new version of
glib-networking will also be required.
+ GDBusMethodInvocation now drops replies if the sender set the
NO_REPLY_EXPECTED flag
+ several GApplication fixes, including fixes for commandline arguments in
interpreted languages on Windows
* debian/libglib2.0-0.symbols: Update with new symbols for this release.
* 0001-regex-test-expect-ASSERTION_EXPECTED-for-ab-with-PCR.patch: Drop,
it's included in this release.
-- Iain Lane <email address hidden> Wed, 20 Jan 2016 17:55:16 +0000
-
glib2.0 (2.47.4-1) experimental; urgency=medium
* New upstream release
+ The GApplication documentation has been improved in several areas.
* 0001-tests-fix-a-test-on-32-bit-builds.patch,
0001-gtypes.h-move-G_STATIC_ASSERT-to-function-scope.patch: Drop, applied
upstream in this release.
* 0001-regex-test-expect-ASSERTION_EXPECTED-for-ab-with-PCR.patch: Fix regex
tests to assert the right errors as of pcre 8.38. Cherry-pick from
upstream. (Closes: #808842)
* Don't build automatic dbgsym package for -refdbg
-- Iain Lane <email address hidden> Thu, 14 Jan 2016 18:27:02 +0000
-
glib2.0 (2.47.3-3) experimental; urgency=medium
* debian/patches/0001-gtypes.h-move-G_STATIC_ASSERT-to-function-scope.patch:
Another cherry-pick. Should fix g-ir-scanner.
-- Iain Lane <email address hidden> Sun, 29 Nov 2015 18:45:29 +0000
-
glib2.0 (2.47.3-2) experimental; urgency=medium
* debian/patches/0001-tests-fix-a-test-on-32-bit-builds.patch: Cherry-pick
from upstream. Fix tests (and therefore the build) on 32 bit arches.
-- Iain Lane <email address hidden> Thu, 26 Nov 2015 16:12:12 +0000
-
glib2.0 (2.47.1-1) experimental; urgency=medium
* New upstream release.
+ The Unicode support has been updated to version 8.0 of the Unicode standard
+ GDesktopAppInfo no longer sets the DISPLAY environment variable when
launching apps. This is now done in the GAppLaunchContext
implementations when appropriate.
* debian/watch: Look for development versions too.
* debian/patches/90_gio-modules-multiarch-compat.patch: Refresh to apply on
this version.
* debian/patches/0001-GDateTime-test-fix-occasional-failures.patch: Drop,
upstream in this release.
* debian/libglib2.0-0.symbols: Update with new symbols for this release.
-- Iain Lane <email address hidden> Wed, 04 Nov 2015 17:28:23 +0000
-
glib2.0 (2.46.1-2) unstable; urgency=medium
* Team upload.
* Cherry-pick patches from upstream glib-2-46 branch to fix incomplete
documentation (Closes: #659977)
* debian/gdbus-example-objectmanager-server.c: add missing example file
from upstream git; it was accidentally omitted from upstream tarballs
-- Simon McVittie <email address hidden> Mon, 02 Nov 2015 17:31:00 +0000
-
glib2.0 (2.46.1-1) unstable; urgency=medium
[ Michael Biebl ]
* Drop clean-la.mk from debian/rules, no longer required.
[ Iain Lane ]
* New upstream release 2.46.1
+ Remove system_header pragma (should fix lack of warnings with things
like g_return_if_fail)
+ move GStrv typedef (and auto-cleanup) from libgobject to libglib
+ fix order of trashing files to be closer to what is required in the
specification. Namely, trashinfo files are written first. This should
fix issues with the gvfs trash backend failing to correctly read the
info for recently trashed files (preventing 'restore'). (Closes:
#800491) (LP: #1495943)
+ tweak mime logic to return text/plain on all empty files instead of
returning application/octet-stream. This includes files that have
extensions that imply that they may be other types of files, which is a
slight change of behaviour with respect to old GLib versions. (LP:
#1497170)
* debian/patches/0001-Revert-list-store-Fix-a-parameter-check.patch: Drop -
this is applied upstream in this release.
* debian/patches/0001-GDateTime-test-fix-occasional-failures.patch: Take
patch from bgo#754994 to resolve intermittent test failures in the
GDateTime tests.
-- Iain Lane <email address hidden> Thu, 15 Oct 2015 16:08:30 +0100
