CVS commit: pkgsrc/devel

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/devel
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Mon, 4 May 2026 09:01:44 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Mon May  4 09:01:44 UTC 2026

Modified Files:
        pkgsrc/devel/gdbus-codegen: distinfo
        pkgsrc/devel/glib2: Makefile Makefile.common PLIST distinfo

Log Message:
glib2 glib2-tools gdbus-codegen: updated to 2.88.1

Overview of changes in GLib 2.88.1, 2026-05-02

* Fix miscompilation with GCC 16 due to GLib’s use of the wrong function
  attribute (!5145, work by Sam James)

* Fix flag confusion security issue when using `GRegex` with `G_REGEX_RAW` which
  can result in unbounded out-of-bounds heap reads off the start of a regex
  input string

* Fix various minor (low severity) security issues, typically one-to-five-byte
  out-of-bounds reads or ones relying on
  very specific (and unlikely) API calls or ones relying on
  discouraged P2P D-Bus configurations (work by linhlhq)

* Bugs fixed:
  - Buffer Over-read on GLib through glib/gvariant-
    serialiser.c:1253 via gvs_tuple_is_normal() (Philip Withnall)
  - OOB Read on GLib through
    glib/gmarkup.c:g_markup_escape_text() via
    glib/gmarkup.c:append_escaped_text() (Philip Withnall)
  - OOB Read on GLib through
    glib/gdatetime.c:g_date_time_get_ymd via invalid `GDateTime` (Philip
    Withnall)
  - Buffer Over-read on GLib's g_regex_replace()
    through glib/gregex.c:string_append() via g_utf8_next_char() (Philip
    Withnall)
  - Buffer Over-read on GLib through
    glib/gregex.c:g_regex_split_full() via glib/gutf8.c:g_utf8_prev_char()
    (Philip Withnall)
  - Buffer Over-read on GLib through glib/giochannel.c
    via "g_io_channel_read_line_backend" (Philip Withnall)
  - Off-by-one Error on GLib through glib/gkeyfile.c
    via "g_key_file_get_locale_string_list" (Philip Withnall)
  - Path Traversal on GLib DBus through
    glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry,
    mechanism_client_data_receive (COOKIE_SHA1 Client Authentication) leads to
    Arbitrary File Read (Philip Withnall)
  - Integer overflow in g_dbus_message_bytes_needed() bypasses 128 MiB
    size check (pre-auth DoS on P2P connections) (Philip Withnall)
  - Update Serbian translation
  - docs: Expand docs for GLIB_VERSION_MAX_ALLOWED
  - gmarkup: fix type of length parameter of text_validate()
  - Update Russian translation
  - Update Polish translation
  - docs: Remove myself from CODEOWNERS
  - Update Slovak translation
  - Backport various recent security fixes to GVariant, GMarkup, GDateTime
    and GRegex to glib-2-88
  - Backport !5145 “gvarianttype: use pure attribute, not inappropriate
    const” to glib-2-88
  - Update Slovak translation
  - Update German translation
  - Update Slovak translation
  - Update Slovak translation
  - Update Persian translation
  - Backport !5170 !5171 !5172 !5173 Various security fixes to glib-2-88

* Translation updates:
  - German (Christian Kirbach)
  - Persian (Danial Behzadi)
  - Polish (Victoria Niedzielska)
  - Russian (Artur S0)
  - Serbian (Марко Костић)
  - Slovak (Jose Riha)


To generate a diff of this commit:
cvs rdiff -u -r1.60 -r1.61 pkgsrc/devel/gdbus-codegen/distinfo
cvs rdiff -u -r1.314 -r1.315 pkgsrc/devel/glib2/Makefile
cvs rdiff -u -r1.129 -r1.130 pkgsrc/devel/glib2/Makefile.common
cvs rdiff -u -r1.167 -r1.168 pkgsrc/devel/glib2/PLIST
cvs rdiff -u -r1.345 -r1.346 pkgsrc/devel/glib2/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/devel/gdbus-codegen/distinfo
diff -u pkgsrc/devel/gdbus-codegen/distinfo:1.60 pkgsrc/devel/gdbus-codegen/distinfo:1.61
--- pkgsrc/devel/gdbus-codegen/distinfo:1.60    Wed Apr 15 08:33:00 2026
+++ pkgsrc/devel/gdbus-codegen/distinfo Mon May  4 09:01:44 2026
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.60 2026/04/15 08:33:00 adam Exp $
+$NetBSD: distinfo,v 1.61 2026/05/04 09:01:44 adam Exp $
 
-BLAKE2s (glib-2.88.0.tar.xz) = 4623f7355733d27a2637c92f216d218ef316f5898b97d43e7d2d45a63fee6dd7
-SHA512 (glib-2.88.0.tar.xz) = ceead8d88720db17dc6bbff7aff14f261f90afc5e8261448aae0657f89b5fcc616cf62f4b049be88a4ddd3f50a869bbcdb66b29777da4969a47987828ecac280
-Size (glib-2.88.0.tar.xz) = 5788396 bytes
+BLAKE2s (glib-2.88.1.tar.xz) = 6836ecf27e251ad15f607f5473bb4b4c5ca2c367c58ffef2867ee7b31687d3fc
+SHA512 (glib-2.88.1.tar.xz) = 74e6d6086081e5dfb5b7fd3b74f59171033be0c340ff2dd798fea9cb42e5f680e13b2ac3dde8dd423bceb9c6556103005f9542aeda166e9a3b89da8bacecca23
+Size (glib-2.88.1.tar.xz) = 5789296 bytes
 SHA1 (patch-meson.build) = 03229e9f8302c09907e7b5f6366f16505efc3ad5

Index: pkgsrc/devel/glib2/Makefile
diff -u pkgsrc/devel/glib2/Makefile:1.314 pkgsrc/devel/glib2/Makefile:1.315
--- pkgsrc/devel/glib2/Makefile:1.314   Thu Apr 30 16:23:46 2026
+++ pkgsrc/devel/glib2/Makefile Mon May  4 09:01:44 2026
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.314 2026/04/30 16:23:46 tsutsui Exp $
+# $NetBSD: Makefile,v 1.315 2026/05/04 09:01:44 adam Exp $
 
 .include "Makefile.common"
-PKGREVISION=   1
 
 CATEGORIES=    devel gnome
 COMMENT=       Some useful routines for C programming (glib2)

Index: pkgsrc/devel/glib2/Makefile.common
diff -u pkgsrc/devel/glib2/Makefile.common:1.129 pkgsrc/devel/glib2/Makefile.common:1.130
--- pkgsrc/devel/glib2/Makefile.common:1.129    Wed Apr 15 08:33:00 2026
+++ pkgsrc/devel/glib2/Makefile.common  Mon May  4 09:01:44 2026
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.129 2026/04/15 08:33:00 adam Exp $
+# $NetBSD: Makefile.common,v 1.130 2026/05/04 09:01:44 adam Exp $
 # used by devel/gdbus-codegen/Makefile
 # used by devel/glib2/Makefile
 # used by devel/glib2-tools/Makefile
 
-DISTNAME=      glib-2.88.0
+DISTNAME=      glib-2.88.1
 PKGNAME=       ${DISTNAME:S/glib/glib2/}
 MASTER_SITES=  ${MASTER_SITE_GNOME:=sources/glib/${PKGVERSION_NOREV:R}/}
 EXTRACT_SUFX=  .tar.xz

Index: pkgsrc/devel/glib2/PLIST
diff -u pkgsrc/devel/glib2/PLIST:1.167 pkgsrc/devel/glib2/PLIST:1.168
--- pkgsrc/devel/glib2/PLIST:1.167      Wed Apr 15 08:33:00 2026
+++ pkgsrc/devel/glib2/PLIST    Mon May  4 09:01:44 2026
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.167 2026/04/15 08:33:00 adam Exp $
+@comment $NetBSD: PLIST,v 1.168 2026/05/04 09:01:44 adam Exp $
 ${PLIST.nococoa}bin/gapplication
 bin/gdbus
 bin/gi-compile-repository
@@ -325,22 +325,22 @@ include/glib-2.0/gobject/gvaluetypes.h
 lib/glib-2.0/include/glibconfig.h
 lib/libgio-2.0.so
 lib/libgio-2.0.so.0
-lib/libgio-2.0.so.0.8800.0
+lib/libgio-2.0.so.0.8800.1
 lib/libgirepository-2.0.so
 lib/libgirepository-2.0.so.0
-lib/libgirepository-2.0.so.0.8800.0
+lib/libgirepository-2.0.so.0.8800.1
 lib/libglib-2.0.so
 lib/libglib-2.0.so.0
-lib/libglib-2.0.so.0.8800.0
+lib/libglib-2.0.so.0.8800.1
 lib/libgmodule-2.0.so
 lib/libgmodule-2.0.so.0
-lib/libgmodule-2.0.so.0.8800.0
+lib/libgmodule-2.0.so.0.8800.1
 lib/libgobject-2.0.so
 lib/libgobject-2.0.so.0
-lib/libgobject-2.0.so.0.8800.0
+lib/libgobject-2.0.so.0.8800.1
 lib/libgthread-2.0.so
 lib/libgthread-2.0.so.0
-lib/libgthread-2.0.so.0.8800.0
+lib/libgthread-2.0.so.0.8800.1
 lib/pkgconfig/gio-2.0.pc
 lib/pkgconfig/gio-unix-2.0.pc
 lib/pkgconfig/girepository-2.0.pc
@@ -354,8 +354,8 @@ ${PLIST.nococoa}libexec/gio-launch-deskt
 share/aclocal/glib-2.0.m4
 share/aclocal/glib-gettext.m4
 share/aclocal/gsettings.m4
-share/gdb/auto-load${LOCALBASE}/lib/libglib-2.0.so.0.8800.0-gdb.py
-share/gdb/auto-load${LOCALBASE}/lib/libgobject-2.0.so.0.8800.0-gdb.py
+share/gdb/auto-load${LOCALBASE}/lib/libglib-2.0.so.0.8800.1-gdb.py
+share/gdb/auto-load${LOCALBASE}/lib/libgobject-2.0.so.0.8800.1-gdb.py
 share/gettext/its/gschema.its
 share/gettext/its/gschema.loc
 share/glib-2.0/dtds/gresource.dtd

Index: pkgsrc/devel/glib2/distinfo
diff -u pkgsrc/devel/glib2/distinfo:1.345 pkgsrc/devel/glib2/distinfo:1.346
--- pkgsrc/devel/glib2/distinfo:1.345   Sun May  3 20:57:24 2026
+++ pkgsrc/devel/glib2/distinfo Mon May  4 09:01:44 2026
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.345 2026/05/03 20:57:24 schmonz Exp $
+$NetBSD: distinfo,v 1.346 2026/05/04 09:01:44 adam Exp $
 
-BLAKE2s (glib-2.88.0.tar.xz) = 4623f7355733d27a2637c92f216d218ef316f5898b97d43e7d2d45a63fee6dd7
-SHA512 (glib-2.88.0.tar.xz) = ceead8d88720db17dc6bbff7aff14f261f90afc5e8261448aae0657f89b5fcc616cf62f4b049be88a4ddd3f50a869bbcdb66b29777da4969a47987828ecac280
-Size (glib-2.88.0.tar.xz) = 5788396 bytes
+BLAKE2s (glib-2.88.1.tar.xz) = 6836ecf27e251ad15f607f5473bb4b4c5ca2c367c58ffef2867ee7b31687d3fc
+SHA512 (glib-2.88.1.tar.xz) = 74e6d6086081e5dfb5b7fd3b74f59171033be0c340ff2dd798fea9cb42e5f680e13b2ac3dde8dd423bceb9c6556103005f9542aeda166e9a3b89da8bacecca23
+Size (glib-2.88.1.tar.xz) = 5789296 bytes
 SHA1 (patch-gio_gcredentialsprivate.h) = f719ae41a9eb1d2f04d866b246fa5176543f2df9
 SHA1 (patch-gio_gdbus-2.0_codegen_meson.build) = 9bd0befe0dd547f6f2d818e52bee14e31a017ac7
 SHA1 (patch-gio_glib-compile-schemas.c) = 4fc8e8ba62bef01762007ebf21569053374808d0

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index