From 4ddebbec1bac3e2b05627f0fb90b67691c218899 Mon Sep 17 00:00:00 2001 From: Jacob Wang Date: Wed, 16 Jul 2025 13:55:53 +0800 Subject: [PATCH 1/4] [CVE]update to glib2-2.68.4-16.2 to #ICMO2R update to glib2-2.68.4-16.2 for CVE-2024-52533 CVE-2025-4373 Project: TC2024080204 Signed-off-by: Jacob Wang --- 0001-file-name-cloud-be-UTF-8.patch | 40 ---- 3433.patch | 322 ---------------------------- 4155.patch | 83 +++++++ CVE-2024-52533.patch | 45 ++++ CVE-2025-4373.patch | 140 ++++++++++++ dist | 2 +- gdatetime-test.patch | 187 ++++++++++++++++ glib2.spec | 78 ++++--- 8 files changed, 500 insertions(+), 397 deletions(-) delete mode 100644 0001-file-name-cloud-be-UTF-8.patch delete mode 100644 3433.patch create mode 100644 4155.patch create mode 100644 CVE-2024-52533.patch create mode 100644 CVE-2025-4373.patch create mode 100644 gdatetime-test.patch diff --git a/0001-file-name-cloud-be-UTF-8.patch b/0001-file-name-cloud-be-UTF-8.patch deleted file mode 100644 index a6b293c..0000000 --- a/0001-file-name-cloud-be-UTF-8.patch +++ /dev/null @@ -1,40 +0,0 @@ -From e4fef16537e99141de1763368d03c98456a17a00 Mon Sep 17 00:00:00 2001 -From: Liwei Ge -Date: Thu, 4 Jul 2024 21:16:47 +0800 -Subject: [PATCH] file name cloud be UTF-8 - ---- - glib/goption.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/glib/goption.c b/glib/goption.c -index 0b3a05e..7af7770 100644 ---- a/glib/goption.c -+++ b/glib/goption.c -@@ -1287,7 +1287,10 @@ parse_arg (GOptionContext *context, - else - data = g_strdup (value); - #else -- data = g_locale_to_utf8 (value, -1, NULL, NULL, error); -+ if (!g_utf8_validate (value, -1, NULL)) -+ data = g_locale_to_utf8 (value, -1, NULL, NULL, error); -+ else -+ data = g_strdup (value); - #endif - - if (!data) -@@ -1316,7 +1319,10 @@ parse_arg (GOptionContext *context, - else - data = g_strdup (value); - #else -- data = g_locale_to_utf8 (value, -1, NULL, NULL, error); -+ if (!g_utf8_validate (value, -1, NULL)) -+ data = g_locale_to_utf8 (value, -1, NULL, NULL, error); -+ else -+ data = g_strdup (value); - #endif - - if (!data) --- -2.39.3 - diff --git a/3433.patch b/3433.patch deleted file mode 100644 index f5e5978..0000000 --- a/3433.patch +++ /dev/null @@ -1,322 +0,0 @@ -From 8d78fa7887d035cd19df40d18bf7a4299d0e2d8e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jonas=20=C3=85dahl?= -Date: Fri, 19 May 2023 12:20:14 +0200 -Subject: [PATCH 1/2] main: Don't treat si_pid from pidfd as child exiting - -We might repeatedly get si_pid == 0 for a child that hasn't exited, -meaning we won't get a correct exit status. This seems to happen when -the glib application tracks a ptrace():ed child process; the correct -exit status of the process using e.g. a BPF program, where one can -observe that glib appears to get it wrong. - -Fixes: #3071 ---- - glib/gmain.c | 32 +++++++++++++++++++++----------- - 1 file changed, 21 insertions(+), 11 deletions(-) - -diff --git a/glib/gmain.c b/glib/gmain.c -index 906e947ace..e4378177d5 100644 ---- a/glib/gmain.c -+++ b/glib/gmain.c -@@ -5907,24 +5907,34 @@ g_child_watch_dispatch (GSource *source, - }; - - /* Get the exit status */ -- if (waitid (P_PIDFD, child_watch_source->poll.fd, &child_info, WEXITED | WNOHANG) >= 0 && -- child_info.si_pid != 0) -+ if (waitid (P_PIDFD, child_watch_source->poll.fd, &child_info, WEXITED | WNOHANG) >= 0) - { -- /* waitid() helpfully provides the wait status in a decomposed -- * form which is quite useful. Unfortunately we have to report it -- * to the #GChildWatchFunc as a waitpid()-style platform-specific -- * wait status, so that the user code in #GChildWatchFunc can then -- * call WIFEXITED() (etc.) on it. That means re-composing the -- * status information. */ -- wait_status = siginfo_t_to_wait_status (&child_info); -+ if (child_info.si_pid != 0) -+ { -+ /* waitid() helpfully provides the wait status in a decomposed -+ * form which is quite useful. Unfortunately we have to report it -+ * to the #GChildWatchFunc as a waitpid()-style platform-specific -+ * wait status, so that the user code in #GChildWatchFunc can then -+ * call WIFEXITED() (etc.) on it. That means re-composing the -+ * status information. */ -+ wait_status = siginfo_t_to_wait_status (&child_info); -+ child_exited = TRUE; -+ } -+ else -+ { -+ g_debug (G_STRLOC ": pidfd signaled but pid %d didn't exit", -+ child_watch_source->pid); -+ return TRUE; -+ } - } - else - { - /* Unknown error. We got signaled that the process might be exited, - * but now we failed to reap it? Assume the process is gone and proceed. */ -- g_warning (G_STRLOC ": pidfd signaled ready but failed"); -+ g_warning (G_STRLOC ": pidfd signaled ready but failed for pid %d", -+ child_watch_source->pid); -+ child_exited = TRUE; - } -- child_exited = TRUE; - } - #endif /* HAVE_PIDFD*/ - --- -GitLab - - -From cf55c31170a5d79beb1119164c6f5ea3c4ea06a9 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jonas=20=C3=85dahl?= -Date: Tue, 16 May 2023 12:38:47 +0200 -Subject: [PATCH 2/2] gio/tests: Add test case for exit status when being - ptraced - -The test case will fail with the - - g_assert_false (g_subprocess_get_successful (proc)); - -assert failing. Without the fix, it'll hit sometimes, but rather -unreliably. When running `meson test --repeat 100`, it'll reproduce -anywhere between the first or much later, but mostly before the 20th -iteration on my system. - -Helps: #3071 ---- - gio/tests/gsubprocess-testprog.c | 67 ++++++++++++++++++++ - gio/tests/gsubprocess.c | 104 ++++++++++++++++++++++++++++++- - 2 files changed, 170 insertions(+), 1 deletion(-) - -diff --git a/gio/tests/gsubprocess-testprog.c b/gio/tests/gsubprocess-testprog.c -index eee759dcd7..610b8f3be3 100644 ---- a/gio/tests/gsubprocess-testprog.c -+++ b/gio/tests/gsubprocess-testprog.c -@@ -5,6 +5,7 @@ - #include - #ifdef G_OS_UNIX - #include -+#include - #else - #include - #endif -@@ -241,6 +242,66 @@ printenv_mode (int argc, char **argv) - return 0; - } - -+#ifdef G_OS_UNIX -+static void -+on_sleep_exited (GObject *object, -+ GAsyncResult *result, -+ gpointer user_data) -+{ -+ GSubprocess *subprocess = G_SUBPROCESS (object); -+ gboolean *done = user_data; -+ GError *local_error = NULL; -+ gboolean ret; -+ -+ ret = g_subprocess_wait_finish (subprocess, result, &local_error); -+ g_assert_no_error (local_error); -+ g_assert_true (ret); -+ -+ *done = TRUE; -+ g_main_context_wakeup (NULL); -+} -+ -+static int -+sleep_and_kill (int argc, char **argv) -+{ -+ GPtrArray *args = NULL; -+ GSubprocessLauncher *launcher = NULL; -+ GSubprocess *proc = NULL; -+ GError *local_error = NULL; -+ pid_t sleep_pid; -+ gboolean done = FALSE; -+ -+ args = g_ptr_array_new_with_free_func (g_free); -+ -+ /* Run sleep "forever" in a shell; this will trigger PTRACE_EVENT_EXEC */ -+ g_ptr_array_add (args, g_strdup ("sh")); -+ g_ptr_array_add (args, g_strdup ("-c")); -+ g_ptr_array_add (args, g_strdup ("sleep infinity")); -+ g_ptr_array_add (args, NULL); -+ launcher = g_subprocess_launcher_new (G_SUBPROCESS_FLAGS_NONE); -+ proc = g_subprocess_launcher_spawnv (launcher, (const gchar **) args->pdata, &local_error); -+ g_assert_no_error (local_error); -+ g_assert_nonnull (proc); -+ -+ sleep_pid = atoi (g_subprocess_get_identifier (proc)); -+ -+ g_subprocess_wait_async (proc, NULL, on_sleep_exited, &done); -+ -+ kill (sleep_pid, SIGKILL); -+ -+ while (!done) -+ g_main_context_iteration (NULL, TRUE); -+ -+ g_assert_false (g_subprocess_get_successful (proc)); -+ -+ g_clear_pointer (&args, g_ptr_array_unref); -+ g_clear_object (&launcher); -+ g_clear_object (&proc); -+ -+ return EXIT_SUCCESS; -+} -+#endif -+ - int - main (int argc, char **argv) - { -@@ -267,6 +328,8 @@ main (int argc, char **argv) - return 1; - } - -+ g_log_writer_default_set_use_stderr (TRUE); -+ - mode = argv[1]; - if (strcmp (mode, "noop") == 0) - return 0; -@@ -297,6 +360,10 @@ main (int argc, char **argv) - return cwd_mode (argc, argv); - else if (strcmp (mode, "printenv") == 0) - return printenv_mode (argc, argv); -+#ifdef G_OS_UNIX -+ else if (strcmp (mode, "sleep-and-kill") == 0) -+ return sleep_and_kill (argc, argv); -+#endif - else - { - g_printerr ("Unknown MODE %s\n", argv[1]); -diff --git a/gio/tests/gsubprocess.c b/gio/tests/gsubprocess.c -index 30947596ea..c7f2ea489e 100644 ---- a/gio/tests/gsubprocess.c -+++ b/gio/tests/gsubprocess.c -@@ -2,6 +2,7 @@ - #include - - #ifdef G_OS_UNIX -+#include - #include - #include - #include -@@ -1989,7 +1990,107 @@ test_fd_conflation_child_err_report_fd (void) - do_test_fd_conflation (G_SUBPROCESS_FLAGS_NONE, empty_child_setup, TRUE); - } - --#endif -+/* Handle ptrace events on @main_child, and assert that when it exits, it does -+ * so with status %EXIT_SUCCESS, rather than signalling. Other than that, this -+ * just calls %PTRACE_CONT for all trace events. */ -+static void -+trace_children (pid_t main_child) -+{ -+ int wstatus; -+ -+ g_assert_no_errno (waitpid (main_child, &wstatus, 0)); -+ g_assert_no_errno (ptrace (PTRACE_SETOPTIONS, main_child, NULL, -+ (PTRACE_O_TRACEFORK | -+ PTRACE_O_EXITKILL | -+ PTRACE_O_TRACEVFORK | -+ PTRACE_O_TRACECLONE | -+ PTRACE_O_TRACEEXEC))); -+ g_assert_no_errno (ptrace (PTRACE_CONT, main_child, NULL, 0)); -+ -+ while (TRUE) -+ { -+ pid_t pid; -+ int wstatus; -+ int stop_signum; -+ int ptrace_event; -+ -+ pid = waitpid (-1, &wstatus, 0); -+ if (pid == -1 && errno == ECHILD) -+ break; -+ -+ g_assert_cmpint (errno, ==, 0); -+ g_assert_cmpint (pid, >=, 0); -+ -+ if (WIFSTOPPED (wstatus)) -+ stop_signum = WSTOPSIG (wstatus); -+ else -+ stop_signum = 0; -+ -+ switch (stop_signum) -+ { -+ case SIGTRAP: -+ ptrace_event = (wstatus >> 16) & 0xffff; -+ switch (ptrace_event) -+ { -+ case 0: -+ g_assert_no_errno (ptrace (PTRACE_CONT, pid, NULL, stop_signum)); -+ break; -+ default: -+ g_assert_no_errno (ptrace (PTRACE_CONT, pid, NULL, 0)); -+ break; -+ } -+ break; -+ case SIGSTOP: -+ g_assert_no_errno (ptrace (PTRACE_CONT, pid, NULL, 0)); -+ break; -+ default: -+ if (!WIFEXITED (wstatus) && !WIFSIGNALED (wstatus)) -+ g_assert_no_errno (ptrace (PTRACE_CONT, pid, NULL, stop_signum)); -+ break; -+ } -+ -+ if (pid == main_child) -+ { -+ g_assert_false (WIFSIGNALED (wstatus)); -+ if (WIFEXITED (wstatus)) -+ { -+ g_assert_cmpint (WEXITSTATUS (wstatus), ==, EXIT_SUCCESS); -+ break; -+ } -+ } -+ } -+} -+ -+static void -+test_exit_status_trapped (void) -+{ -+ GPtrArray *args = NULL; -+ pid_t test_child; -+ -+ g_test_summary ("Test that exit status is reported correctly for ptrace()d child processes"); -+ g_test_bug ("https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3433"); -+ -+ /* Call fork() directly here, rather than using #GSubprocess, so that we can -+ * safely call waitpid() on it ourselves without interfering with the internals -+ * of #GSubprocess. -+ * See https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3433#note_1749055 */ -+ args = get_test_subprocess_args ("sleep-and-kill", NULL); -+ test_child = fork (); -+ if (test_child == 0) -+ { -+ /* Between fork() and exec() we can only call async-signal-safe functions. */ -+ if (ptrace (PTRACE_TRACEME, 0, NULL, NULL) < 0) -+ abort (); -+ -+ g_assert_no_errno (execvp (args->pdata[0], (char * const *) args->pdata)); -+ } -+ -+ trace_children (test_child); -+ -+ g_clear_pointer (&args, g_ptr_array_unref); -+} -+ -+#endif /* G_OS_UNIX */ - - static void - test_launcher_environment (void) -@@ -2133,6 +2234,7 @@ main (int argc, char **argv) - g_test_add_func ("/gsubprocess/fd-conflation/empty-child-setup", test_fd_conflation_empty_child_setup); - g_test_add_func ("/gsubprocess/fd-conflation/inherit-fds", test_fd_conflation_inherit_fds); - g_test_add_func ("/gsubprocess/fd-conflation/child-err-report-fd", test_fd_conflation_child_err_report_fd); -+ g_test_add_func ("/gsubprocess/exit-status/trapped", test_exit_status_trapped); - #endif - g_test_add_func ("/gsubprocess/launcher-environment", test_launcher_environment); - --- -GitLab - diff --git a/4155.patch b/4155.patch new file mode 100644 index 0000000..f2b811f --- /dev/null +++ b/4155.patch @@ -0,0 +1,83 @@ +From d9fec76b594fccc6eda3ce04a74beae1c8b8c1d2 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Fri, 12 Jul 2024 11:14:10 +0200 +Subject: [PATCH] gfile: Add support for x-gvfs-trash mount option + +Currently, the trash functionality is disabled for system internal mounts. +That might be a problem in some cases. The `x-gvfs-notrash` mount option +allows disabling the trash functionality for certain mounts. Let's add +support for the `x-gvfs-trash` mount option to allow the opposite. + +See: https://issues.redhat.com/browse/RHEL-46828 +--- + gio/gfile.c | 7 +++++-- + gio/glocalfile.c | 22 +++++++++++++--------- + 2 files changed, 18 insertions(+), 11 deletions(-) + +diff --git a/gio/gfile.c b/gio/gfile.c +index 4f9b9c6750..5ac73c03e8 100644 +--- a/gio/gfile.c ++++ b/gio/gfile.c +@@ -4744,10 +4744,13 @@ g_file_delete_finish (GFile *file, + * + * Sends @file to the "Trashcan", if possible. This is similar to + * deleting it, but the user can recover it before emptying the trashcan. +- * Not all file systems support trashing, so this call can return the ++ * Trashing is disabled for system mounts by default (see ++ * g_unix_mount_is_system_internal()), so this call can return the + * %G_IO_ERROR_NOT_SUPPORTED error. Since GLib 2.66, the `x-gvfs-notrash` unix +- * mount option can be used to disable g_file_trash() support for certain ++ * mount option can be used to disable g_file_trash() support for particular + * mounts, the %G_IO_ERROR_NOT_SUPPORTED error will be returned in that case. ++ * Since 2.82, the `x-gvfs-trash` unix mount option can be used to enable ++ * g_file_trash() support for particular system mounts. + * + * If @cancellable is not %NULL, then the operation can be cancelled by + * triggering the cancellable object from another thread. If the operation +diff --git a/gio/glocalfile.c b/gio/glocalfile.c +index 7b70c614c6..ac918d25e3 100644 +--- a/gio/glocalfile.c ++++ b/gio/glocalfile.c +@@ -1807,10 +1807,6 @@ ignore_trash_mount (GUnixMountEntry *mount) + { + GUnixMountPoint *mount_point = NULL; + const gchar *mount_options; +- gboolean retval = TRUE; +- +- if (g_unix_mount_is_system_internal (mount)) +- return TRUE; + + mount_options = g_unix_mount_get_options (mount); + if (mount_options == NULL) +@@ -1819,15 +1815,23 @@ ignore_trash_mount (GUnixMountEntry *mount) + NULL); + if (mount_point != NULL) + mount_options = g_unix_mount_point_get_options (mount_point); ++ ++ g_clear_pointer (&mount_point, g_unix_mount_point_free); + } + +- if (mount_options == NULL || +- strstr (mount_options, "x-gvfs-notrash") == NULL) +- retval = FALSE; ++ if (mount_options != NULL) ++ { ++ if (strstr (mount_options, "x-gvfs-trash") != NULL) ++ return FALSE; ++ ++ if (strstr (mount_options, "x-gvfs-notrash") != NULL) ++ return TRUE; ++ } + +- g_clear_pointer (&mount_point, g_unix_mount_point_free); ++ if (g_unix_mount_is_system_internal (mount)) ++ return TRUE; + +- return retval; ++ return FALSE; + } + + static gboolean +-- +GitLab + diff --git a/CVE-2024-52533.patch b/CVE-2024-52533.patch new file mode 100644 index 0000000..c677cfc --- /dev/null +++ b/CVE-2024-52533.patch @@ -0,0 +1,45 @@ +From 25833cefda24c60af913d6f2d532b5afd608b821 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Thu, 19 Sep 2024 18:35:53 +0100 +Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in connect + messages + +`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul +byte in the connect message, which is an addition in SOCKSv4a vs +SOCKSv4. + +This means that the buffer for building and transmitting the connect +message could be overflowed if the username and hostname are both +`SOCKS4_MAX_LEN` (255) bytes long. + +Proxy configurations are normally statically configured, so the username +is very unlikely to be near its maximum length, and hence this overflow +is unlikely to be triggered in practice. + +(Commit message by Philip Withnall, diagnosis and fix by Michael +Catanzaro.) + +Fixes: #3461 +--- + gio/gsocks4aproxy.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c +index 3dad118eb7..b3146d08fd 100644 +--- a/gio/gsocks4aproxy.c ++++ b/gio/gsocks4aproxy.c +@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy) + * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+ + * | VN | CD | DSTPORT | DSTIP | USERID |NULL| HOST | | NULL | + * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+ +- * 1 1 2 4 variable 1 variable ++ * 1 1 2 4 variable 1 variable 1 + */ +-#define SOCKS4_CONN_MSG_LEN (9 + SOCKS4_MAX_LEN * 2) ++#define SOCKS4_CONN_MSG_LEN (10 + SOCKS4_MAX_LEN * 2) + static gint + set_connect_msg (guint8 *msg, + const gchar *hostname, +-- +GitLab + diff --git a/CVE-2025-4373.patch b/CVE-2025-4373.patch new file mode 100644 index 0000000..7f83d9d --- /dev/null +++ b/CVE-2025-4373.patch @@ -0,0 +1,140 @@ +From cc647f9e46d55509a93498af19659baf9c80f2e3 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Thu, 10 Apr 2025 10:57:20 -0500 +Subject: [PATCH] gstring: carefully handle gssize parameters + +Wherever we use gssize to allow passing -1, we need to ensure we don't +overflow the value by assigning a gsize to it without checking if the +size exceeds the maximum gssize. The safest way to do this is to just +use normal gsize everywhere instead and use gssize only for the +parameter. + +Our computers don't have enough RAM to write tests for this. I tried +forcing string->len to high values for test purposes, but this isn't +valid and will just cause out of bounds reads/writes due to +string->allocated_len being unexpectedly small, so I don't think we can +test this easily. +--- + glib/gstring.c | 36 +++++++++++++++++++++++------------- + 1 file changed, 23 insertions(+), 13 deletions(-) + +diff --git a/glib/gstring.c b/glib/gstring.c +index 5279ed3cca..d79a4849c0 100644 +--- a/glib/gstring.c ++++ b/glib/gstring.c +@@ -480,8 +480,9 @@ g_string_insert_len (GString *string, + return string; + + if (len < 0) +- len = strlen (val); +- len_unsigned = len; ++ len_unsigned = strlen (val); ++ else ++ len_unsigned = len; + + if (pos < 0) + pos_unsigned = string->len; +@@ -778,10 +779,12 @@ g_string_insert_c (GString *string, + g_string_maybe_expand (string, 1); + + if (pos < 0) +- pos = string->len; ++ pos_unsigned = string->len; + else +- g_return_val_if_fail ((gsize) pos <= string->len, string); +- pos_unsigned = pos; ++ { ++ pos_unsigned = pos; ++ g_return_val_if_fail (pos_unsigned <= string->len, string); ++ } + + /* If not just an append, move the old stuff */ + if (pos_unsigned < string->len) +@@ -814,6 +817,7 @@ g_string_insert_unichar (GString *string, + gssize pos, + gunichar wc) + { ++ gsize pos_unsigned; + gint charlen, first, i; + gchar *dest; + +@@ -855,15 +859,18 @@ g_string_insert_unichar (GString *string, + g_string_maybe_expand (string, charlen); + + if (pos < 0) +- pos = string->len; ++ pos_unsigned = string->len; + else +- g_return_val_if_fail ((gsize) pos <= string->len, string); ++ { ++ pos_unsigned = pos; ++ g_return_val_if_fail (pos_unsigned <= string->len, string); ++ } + + /* If not just an append, move the old stuff */ +- if ((gsize) pos < string->len) +- memmove (string->str + pos + charlen, string->str + pos, string->len - pos); ++ if (pos_unsigned < string->len) ++ memmove (string->str + pos_unsigned + charlen, string->str + pos_unsigned, string->len - pos_unsigned); + +- dest = string->str + pos; ++ dest = string->str + pos_unsigned; + /* Code copied from g_unichar_to_utf() */ + for (i = charlen - 1; i > 0; --i) + { +@@ -921,6 +928,7 @@ g_string_overwrite_len (GString *string, + const gchar *val, + gssize len) + { ++ gssize len_unsigned; + gsize end; + + g_return_val_if_fail (string != NULL, NULL); +@@ -932,14 +940,16 @@ g_string_overwrite_len (GString *string, + g_return_val_if_fail (pos <= string->len, string); + + if (len < 0) +- len = strlen (val); ++ len_unsigned = strlen (val); ++ else ++ len_unsigned = len; + +- end = pos + len; ++ end = pos + len_unsigned; + + if (end > string->len) + g_string_maybe_expand (string, end - string->len); + +- memcpy (string->str + pos, val, len); ++ memcpy (string->str + pos, val, len_unsigned); + + if (end > string->len) + { +-- +GitLab +From 089070bf53807ad2a81bc0b014ad19016fada2a5 Mon Sep 17 00:00:00 2001 +From: Peter Bloomfield +Date: Thu, 10 Apr 2025 22:12:49 -0400 +Subject: [PATCH] gstring: Make len_unsigned unsigned + +Declare `len_unsigned` as `gsize` instead of `gssize`. +--- + glib/gstring.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/glib/gstring.c b/glib/gstring.c +index d79a4849c0..2a399ee21f 100644 +--- a/glib/gstring.c ++++ b/glib/gstring.c +@@ -928,7 +928,7 @@ g_string_overwrite_len (GString *string, + const gchar *val, + gssize len) + { +- gssize len_unsigned; ++ gsize len_unsigned; + gsize end; + + g_return_val_if_fail (string != NULL, NULL); +-- +GitLab + diff --git a/dist b/dist index 89c1faf..1f9f8c9 100644 --- a/dist +++ b/dist @@ -1 +1 @@ -an9 +an9_6 diff --git a/gdatetime-test.patch b/gdatetime-test.patch new file mode 100644 index 0000000..58d78e2 --- /dev/null +++ b/gdatetime-test.patch @@ -0,0 +1,187 @@ +From e608f34a060f2def4afeefc6e54b3189e6a82393 Mon Sep 17 00:00:00 2001 +From: "Rebecca N. Palmer" +Date: Fri, 11 Oct 2024 09:38:52 +0100 +Subject: [PATCH 1/3] gdatetime test: Do not assume PST8PDT was always exactly + -8/-7 + +In newer tzdata, it is an alias for America/Los_Angeles, which has a +slightly different meaning: DST did not exist there before 1883. As a +result, we can no longer hard-code the knowledge that interval 0 is +standard time and interval 1 is summer time, and instead we need to look +up the correct intervals from known timestamps. + +Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/3502 +Bug-Debian: https://bugs.debian.org/1084190 +[smcv: expand commit message, fix whitespace] +Signed-off-by: Simon McVittie +--- + glib/tests/gdatetime.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c +index bc4eba93a..2697e3caa 100644 +--- a/glib/tests/gdatetime.c ++++ b/glib/tests/gdatetime.c +@@ -2475,6 +2475,7 @@ test_posix_parse (void) + { + GTimeZone *tz; + GDateTime *gdt1, *gdt2; ++ gint i1, i2; + + /* Check that an unknown zone name falls back to UTC. */ + G_GNUC_BEGIN_IGNORE_DEPRECATIONS +@@ -2498,16 +2499,25 @@ test_posix_parse (void) + + /* This fails rules_from_identifier on Unix (though not on Windows) + * but passes anyway because PST8PDT is a zone name. ++ * ++ * Intervals i1 and i2 (rather than 0 and 1) are needed because in ++ * recent tzdata, PST8PDT may be an alias for America/Los_Angeles, ++ * and hence be aware that DST has not always existed. ++ * https://bugs.debian.org/1084190 + */ + tz = g_time_zone_new_identifier ("PST8PDT"); + g_assert_nonnull (tz); + g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, "PST8PDT"); +- g_assert_cmpstr (g_time_zone_get_abbreviation (tz, 0), ==, "PST"); +- g_assert_cmpint (g_time_zone_get_offset (tz, 0), ==, - 8 * 3600); +- g_assert (!g_time_zone_is_dst (tz, 0)); +- g_assert_cmpstr (g_time_zone_get_abbreviation (tz, 1), ==, "PDT"); +- g_assert_cmpint (g_time_zone_get_offset (tz, 1), ==,- 7 * 3600); +- g_assert (g_time_zone_is_dst (tz, 1)); ++ /* a date in winter = non-DST */ ++ i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, 0); ++ /* approximately 6 months in seconds, i.e. a date in summer = DST */ ++ i2 = g_time_zone_find_interval (tz, G_TIME_TYPE_DAYLIGHT, 15000000); ++ g_assert_cmpstr (g_time_zone_get_abbreviation (tz, i1), ==, "PST"); ++ g_assert_cmpint (g_time_zone_get_offset (tz, i1), ==, - 8 * 3600); ++ g_assert (!g_time_zone_is_dst (tz, i1)); ++ g_assert_cmpstr (g_time_zone_get_abbreviation (tz, i2), ==, "PDT"); ++ g_assert_cmpint (g_time_zone_get_offset (tz, i2), ==,- 7 * 3600); ++ g_assert (g_time_zone_is_dst (tz, i2)); + g_time_zone_unref (tz); + + tz = g_time_zone_new_identifier ("PST8PDT6:32:15"); +-- +2.50.0 + + +From a2a6ca391d16e76f74fe28f2bf33fecd0ded1293 Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Fri, 18 Oct 2024 11:03:19 +0100 +Subject: [PATCH 2/3] gdatetime test: Try to make PST8PDT test more obviously + correct + +Instead of using timestamp 0 as a magic number (in this case interpreted +as 1970-01-01T00:00:00-08:00), calculate a timestamp from a recent +year/month/day in winter, in this case 2024-01-01T00:00:00-08:00. + +Similarly, instead of using a timestamp 15 million seconds later +(1970-06-23T15:40:00-07:00), calculate a timestamp from a recent +year/month/day in summer, in this case 2024-07-01T00:00:00-07:00. + +Signed-off-by: Simon McVittie +--- + glib/tests/gdatetime.c | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c +index 2697e3caa..676951cce 100644 +--- a/glib/tests/gdatetime.c ++++ b/glib/tests/gdatetime.c +@@ -2499,19 +2499,16 @@ test_posix_parse (void) + + /* This fails rules_from_identifier on Unix (though not on Windows) + * but passes anyway because PST8PDT is a zone name. +- * +- * Intervals i1 and i2 (rather than 0 and 1) are needed because in +- * recent tzdata, PST8PDT may be an alias for America/Los_Angeles, +- * and hence be aware that DST has not always existed. +- * https://bugs.debian.org/1084190 + */ + tz = g_time_zone_new_identifier ("PST8PDT"); + g_assert_nonnull (tz); + g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, "PST8PDT"); + /* a date in winter = non-DST */ +- i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, 0); +- /* approximately 6 months in seconds, i.e. a date in summer = DST */ +- i2 = g_time_zone_find_interval (tz, G_TIME_TYPE_DAYLIGHT, 15000000); ++ gdt1 = g_date_time_new (tz, 2024, 1, 1, 0, 0, 0); ++ i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, g_date_time_to_unix (gdt1)); ++ /* a date in summer = DST */ ++ gdt2 = g_date_time_new (tz, 2024, 7, 1, 0, 0, 0); ++ i2 = g_time_zone_find_interval (tz, G_TIME_TYPE_DAYLIGHT, g_date_time_to_unix (gdt2)); + g_assert_cmpstr (g_time_zone_get_abbreviation (tz, i1), ==, "PST"); + g_assert_cmpint (g_time_zone_get_offset (tz, i1), ==, - 8 * 3600); + g_assert (!g_time_zone_is_dst (tz, i1)); +@@ -2519,6 +2516,8 @@ test_posix_parse (void) + g_assert_cmpint (g_time_zone_get_offset (tz, i2), ==,- 7 * 3600); + g_assert (g_time_zone_is_dst (tz, i2)); + g_time_zone_unref (tz); ++ g_date_time_unref (gdt1); ++ g_date_time_unref (gdt2); + + tz = g_time_zone_new_identifier ("PST8PDT6:32:15"); + #ifdef G_OS_WIN32 +-- +2.50.0 + + +From 345a41982e7237f72e88b4ade951320df52553b2 Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Fri, 18 Oct 2024 11:23:42 +0100 +Subject: [PATCH 3/3] gdatetime test: Fall back if legacy System V PST8PDT is + not available + +On recent versions of Debian, PST8PDT is part of the tzdata-legacy +package, which is not always installed and might disappear in future. +Successfully tested with and without tzdata-legacy on Debian unstable. + +Signed-off-by: Simon McVittie +--- + glib/tests/gdatetime.c | 19 +++++++++++++++++-- + 1 file changed, 17 insertions(+), 2 deletions(-) + +diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c +index 676951cce..7512389e0 100644 +--- a/glib/tests/gdatetime.c ++++ b/glib/tests/gdatetime.c +@@ -2476,6 +2476,7 @@ test_posix_parse (void) + GTimeZone *tz; + GDateTime *gdt1, *gdt2; + gint i1, i2; ++ const char *expect_id; + + /* Check that an unknown zone name falls back to UTC. */ + G_GNUC_BEGIN_IGNORE_DEPRECATIONS +@@ -2498,11 +2499,25 @@ test_posix_parse (void) + g_time_zone_unref (tz); + + /* This fails rules_from_identifier on Unix (though not on Windows) +- * but passes anyway because PST8PDT is a zone name. ++ * but can pass anyway because PST8PDT is a legacy System V zone name. + */ + tz = g_time_zone_new_identifier ("PST8PDT"); ++ expect_id = "PST8PDT"; ++ ++#ifndef G_OS_WIN32 ++ /* PST8PDT is in tzdata's "backward" set, packaged as tzdata-legacy and ++ * not always present in some OSs; fall back to the equivalent geographical ++ * name if the "backward" time zones are absent. */ ++ if (tz == NULL) ++ { ++ g_test_message ("Legacy PST8PDT time zone not available, falling back"); ++ tz = g_time_zone_new_identifier ("America/Los_Angeles"); ++ expect_id = "America/Los_Angeles"; ++ } ++#endif ++ + g_assert_nonnull (tz); +- g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, "PST8PDT"); ++ g_assert_cmpstr (g_time_zone_get_identifier (tz), ==, expect_id); + /* a date in winter = non-DST */ + gdt1 = g_date_time_new (tz, 2024, 1, 1, 0, 0, 0); + i1 = g_time_zone_find_interval (tz, G_TIME_TYPE_STANDARD, g_date_time_to_unix (gdt1)); +-- +2.50.0 + diff --git a/glib2.spec b/glib2.spec index a383f45..e659676 100644 --- a/glib2.spec +++ b/glib2.spec @@ -1,7 +1,6 @@ -%define anolis_release .0.3 Name: glib2 Version: 2.68.4 -Release: 14%{anolis_release}%{?dist} +Release: 16%{?dist}.2 Summary: A library of handy utility functions License: LGPLv2+ @@ -11,59 +10,69 @@ Source0: http://download.gnome.org/sources/glib/2.68/glib-%{version}.tar.xz # Required for RHEL core crypto components policy. Good for Fedora too. # https://bugzilla.redhat.com/show_bug.cgi?id=1630260 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/903 -Patch0: gnutls-hmac.patch +Patch: gnutls-hmac.patch # Add GPowerProfileMonitor # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1965 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2194 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2222 -Patch1: 1965.patch -Patch2: 2194.patch -Patch3: 2222.patch +Patch: 1965.patch +Patch: 2194.patch +Patch: 2222.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2244 -Patch4: 2244.patch +Patch: 2244.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2291 -Patch5: 2291.patch +Patch: 2291.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1968 -Patch6: 1968.patch +Patch: 1968.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2435 -Patch7: 2435.patch +Patch: 2435.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 -Patch8: 3126.patch +Patch: 3126.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3136 -Patch9: 3136.patch +Patch: 3136.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3163 -Patch10: 3163.patch +Patch: 3163.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2826 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3272 -Patch11: 2826.patch -Patch12: 3272.patch +Patch: 2826.patch +Patch: 3272.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2408 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2816 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2847 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3158 -Patch13: 2408.patch +Patch: 2408.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3353 -Patch14: 3353.patch +Patch: 3353.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3845 -Patch15: 3845.patch +Patch: 3845.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3720 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4038 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4053 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4057 -Patch16: 4038.patch +Patch: 4038.patch -Patch1000: 0001-file-name-cloud-be-UTF-8.patch -# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3433 -Patch1001: 3433.patch +# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4155 +Patch: 4155.patch + +# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4281 +Patch: CVE-2024-52533.patch + +# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/680 +# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4588 +# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4592 +Patch: CVE-2025-4373.patch + +# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4356 +Patch: gdatetime-test.patch BuildRequires: chrpath BuildRequires: gcc @@ -90,11 +99,7 @@ BuildRequires: python3-devel # static glib2 without depending on a static build of GnuTLS as well. This will # ensure we notice if the GnuTLS soname bumps, so that we can update our patch. %if 0%{?__isa_bits} == 64 -%ifarch sw_64 -Requires: libgnutls.so.30 -%else Requires: libgnutls.so.30()(64bit) -%endif %else Requires: libgnutls.so.30 %endif @@ -284,14 +289,19 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %{_datadir}/installed-tests %changelog -* Mon May 19 2025 Liwei Ge - 2.68.4-14.0.3 -- Don't treat si_pid from pidfd as child exiting - -* Fri Sep 27 2024 Liwei Ge - 2.68.4-14.0.2 -- file name cloud be UTF-8 - -* Wed Sep 25 2024 yangxinyu - 2.68.4-14.0.1 -- fix cve-2024-34397 +* Fri Jul 11 2025 Michael Catanzaro - 2.68.4-16.2 +- Add patches for CVE-2024-52533 and CVE-2025-4373 +- Update GDateTime test for new tzdata +- Resolves: RHEL-94290 +- Resolves: RHEL-102845 + +* Thu Sep 26 2024 Ondrej Holy - 2.68.4-16 +- Add support for x-gvfs-trash mount option +- Resolves: RHEL-52360 + +* Mon May 13 2024 Michael Catanzaro - 2.68.4-15 +- Fix CVE-2024-34397, signal subscription vulnerabilities +- Resolves: RHEL-35775 * Wed Feb 21 2024 Michael Catanzaro - 2.68.4-14 - Rebuild against newer util-linux for libmnt changes -- Gitee From 8d695b0ed8745d66ad62dc01f44af6fe5b182806 Mon Sep 17 00:00:00 2001 From: wxiat Date: Thu, 10 Aug 2023 16:53:43 +0800 Subject: [PATCH 2/4] sw20230810 --- glib2.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/glib2.spec b/glib2.spec index e659676..792cef4 100644 --- a/glib2.spec +++ b/glib2.spec @@ -99,7 +99,11 @@ BuildRequires: python3-devel # static glib2 without depending on a static build of GnuTLS as well. This will # ensure we notice if the GnuTLS soname bumps, so that we can update our patch. %if 0%{?__isa_bits} == 64 +%ifarch sw_64 +Requires: libgnutls.so.30 +%else Requires: libgnutls.so.30()(64bit) +%endif %else Requires: libgnutls.so.30 %endif -- Gitee From 29ed825d49048a11d00342b5e725dca064937e1a Mon Sep 17 00:00:00 2001 From: qhw01063182 Date: Fri, 27 Sep 2024 17:51:42 +0800 Subject: [PATCH 3/4] file name cloud be UTF-8 Signed-off-by: qhw01063182 --- 0001-file-name-cloud-be-UTF-8.patch | 40 +++++++++++++++++++++++++++++ glib2.spec | 7 ++++- 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 0001-file-name-cloud-be-UTF-8.patch diff --git a/0001-file-name-cloud-be-UTF-8.patch b/0001-file-name-cloud-be-UTF-8.patch new file mode 100644 index 0000000..a6b293c --- /dev/null +++ b/0001-file-name-cloud-be-UTF-8.patch @@ -0,0 +1,40 @@ +From e4fef16537e99141de1763368d03c98456a17a00 Mon Sep 17 00:00:00 2001 +From: Liwei Ge +Date: Thu, 4 Jul 2024 21:16:47 +0800 +Subject: [PATCH] file name cloud be UTF-8 + +--- + glib/goption.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/glib/goption.c b/glib/goption.c +index 0b3a05e..7af7770 100644 +--- a/glib/goption.c ++++ b/glib/goption.c +@@ -1287,7 +1287,10 @@ parse_arg (GOptionContext *context, + else + data = g_strdup (value); + #else +- data = g_locale_to_utf8 (value, -1, NULL, NULL, error); ++ if (!g_utf8_validate (value, -1, NULL)) ++ data = g_locale_to_utf8 (value, -1, NULL, NULL, error); ++ else ++ data = g_strdup (value); + #endif + + if (!data) +@@ -1316,7 +1319,10 @@ parse_arg (GOptionContext *context, + else + data = g_strdup (value); + #else +- data = g_locale_to_utf8 (value, -1, NULL, NULL, error); ++ if (!g_utf8_validate (value, -1, NULL)) ++ data = g_locale_to_utf8 (value, -1, NULL, NULL, error); ++ else ++ data = g_strdup (value); + #endif + + if (!data) +-- +2.39.3 + diff --git a/glib2.spec b/glib2.spec index 792cef4..2161dde 100644 --- a/glib2.spec +++ b/glib2.spec @@ -1,6 +1,7 @@ +%define anolis_release .0.1 Name: glib2 Version: 2.68.4 -Release: 16%{?dist}.2 +Release: 16%{anolis_release}%{?dist}.2 Summary: A library of handy utility functions License: LGPLv2+ @@ -74,6 +75,7 @@ Patch: CVE-2025-4373.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4356 Patch: gdatetime-test.patch +Patch1000: 0001-file-name-cloud-be-UTF-8.patch BuildRequires: chrpath BuildRequires: gcc BuildRequires: gcc-c++ @@ -293,6 +295,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %{_datadir}/installed-tests %changelog +* Wed Jul 16 2025 Liwei Ge - 2.68.4-16.0.1.2 +- file name cloud be UTF-8 + * Fri Jul 11 2025 Michael Catanzaro - 2.68.4-16.2 - Add patches for CVE-2024-52533 and CVE-2025-4373 - Update GDateTime test for new tzdata -- Gitee From 10153985604394888ec1455684a505ae166b4a4a Mon Sep 17 00:00:00 2001 From: Liwei Ge Date: Mon, 19 May 2025 10:52:41 +0800 Subject: [PATCH 4/4] Don't treat si_pid from pidfd as child exiting --- ...tch => 1000-file-name-cloud-be-UTF-8.patch | 0 3433.patch | 322 ++++++++++++++++++ glib2.spec | 48 +-- 3 files changed, 348 insertions(+), 22 deletions(-) rename 0001-file-name-cloud-be-UTF-8.patch => 1000-file-name-cloud-be-UTF-8.patch (100%) create mode 100644 3433.patch diff --git a/0001-file-name-cloud-be-UTF-8.patch b/1000-file-name-cloud-be-UTF-8.patch similarity index 100% rename from 0001-file-name-cloud-be-UTF-8.patch rename to 1000-file-name-cloud-be-UTF-8.patch diff --git a/3433.patch b/3433.patch new file mode 100644 index 0000000..f5e5978 --- /dev/null +++ b/3433.patch @@ -0,0 +1,322 @@ +From 8d78fa7887d035cd19df40d18bf7a4299d0e2d8e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jonas=20=C3=85dahl?= +Date: Fri, 19 May 2023 12:20:14 +0200 +Subject: [PATCH 1/2] main: Don't treat si_pid from pidfd as child exiting + +We might repeatedly get si_pid == 0 for a child that hasn't exited, +meaning we won't get a correct exit status. This seems to happen when +the glib application tracks a ptrace():ed child process; the correct +exit status of the process using e.g. a BPF program, where one can +observe that glib appears to get it wrong. + +Fixes: #3071 +--- + glib/gmain.c | 32 +++++++++++++++++++++----------- + 1 file changed, 21 insertions(+), 11 deletions(-) + +diff --git a/glib/gmain.c b/glib/gmain.c +index 906e947ace..e4378177d5 100644 +--- a/glib/gmain.c ++++ b/glib/gmain.c +@@ -5907,24 +5907,34 @@ g_child_watch_dispatch (GSource *source, + }; + + /* Get the exit status */ +- if (waitid (P_PIDFD, child_watch_source->poll.fd, &child_info, WEXITED | WNOHANG) >= 0 && +- child_info.si_pid != 0) ++ if (waitid (P_PIDFD, child_watch_source->poll.fd, &child_info, WEXITED | WNOHANG) >= 0) + { +- /* waitid() helpfully provides the wait status in a decomposed +- * form which is quite useful. Unfortunately we have to report it +- * to the #GChildWatchFunc as a waitpid()-style platform-specific +- * wait status, so that the user code in #GChildWatchFunc can then +- * call WIFEXITED() (etc.) on it. That means re-composing the +- * status information. */ +- wait_status = siginfo_t_to_wait_status (&child_info); ++ if (child_info.si_pid != 0) ++ { ++ /* waitid() helpfully provides the wait status in a decomposed ++ * form which is quite useful. Unfortunately we have to report it ++ * to the #GChildWatchFunc as a waitpid()-style platform-specific ++ * wait status, so that the user code in #GChildWatchFunc can then ++ * call WIFEXITED() (etc.) on it. That means re-composing the ++ * status information. */ ++ wait_status = siginfo_t_to_wait_status (&child_info); ++ child_exited = TRUE; ++ } ++ else ++ { ++ g_debug (G_STRLOC ": pidfd signaled but pid %d didn't exit", ++ child_watch_source->pid); ++ return TRUE; ++ } + } + else + { + /* Unknown error. We got signaled that the process might be exited, + * but now we failed to reap it? Assume the process is gone and proceed. */ +- g_warning (G_STRLOC ": pidfd signaled ready but failed"); ++ g_warning (G_STRLOC ": pidfd signaled ready but failed for pid %d", ++ child_watch_source->pid); ++ child_exited = TRUE; + } +- child_exited = TRUE; + } + #endif /* HAVE_PIDFD*/ + +-- +GitLab + + +From cf55c31170a5d79beb1119164c6f5ea3c4ea06a9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jonas=20=C3=85dahl?= +Date: Tue, 16 May 2023 12:38:47 +0200 +Subject: [PATCH 2/2] gio/tests: Add test case for exit status when being + ptraced + +The test case will fail with the + + g_assert_false (g_subprocess_get_successful (proc)); + +assert failing. Without the fix, it'll hit sometimes, but rather +unreliably. When running `meson test --repeat 100`, it'll reproduce +anywhere between the first or much later, but mostly before the 20th +iteration on my system. + +Helps: #3071 +--- + gio/tests/gsubprocess-testprog.c | 67 ++++++++++++++++++++ + gio/tests/gsubprocess.c | 104 ++++++++++++++++++++++++++++++- + 2 files changed, 170 insertions(+), 1 deletion(-) + +diff --git a/gio/tests/gsubprocess-testprog.c b/gio/tests/gsubprocess-testprog.c +index eee759dcd7..610b8f3be3 100644 +--- a/gio/tests/gsubprocess-testprog.c ++++ b/gio/tests/gsubprocess-testprog.c +@@ -5,6 +5,7 @@ + #include + #ifdef G_OS_UNIX + #include ++#include + #else + #include + #endif +@@ -241,6 +242,66 @@ printenv_mode (int argc, char **argv) + return 0; + } + ++#ifdef G_OS_UNIX ++static void ++on_sleep_exited (GObject *object, ++ GAsyncResult *result, ++ gpointer user_data) ++{ ++ GSubprocess *subprocess = G_SUBPROCESS (object); ++ gboolean *done = user_data; ++ GError *local_error = NULL; ++ gboolean ret; ++ ++ ret = g_subprocess_wait_finish (subprocess, result, &local_error); ++ g_assert_no_error (local_error); ++ g_assert_true (ret); ++ ++ *done = TRUE; ++ g_main_context_wakeup (NULL); ++} ++ ++static int ++sleep_and_kill (int argc, char **argv) ++{ ++ GPtrArray *args = NULL; ++ GSubprocessLauncher *launcher = NULL; ++ GSubprocess *proc = NULL; ++ GError *local_error = NULL; ++ pid_t sleep_pid; ++ gboolean done = FALSE; ++ ++ args = g_ptr_array_new_with_free_func (g_free); ++ ++ /* Run sleep "forever" in a shell; this will trigger PTRACE_EVENT_EXEC */ ++ g_ptr_array_add (args, g_strdup ("sh")); ++ g_ptr_array_add (args, g_strdup ("-c")); ++ g_ptr_array_add (args, g_strdup ("sleep infinity")); ++ g_ptr_array_add (args, NULL); ++ launcher = g_subprocess_launcher_new (G_SUBPROCESS_FLAGS_NONE); ++ proc = g_subprocess_launcher_spawnv (launcher, (const gchar **) args->pdata, &local_error); ++ g_assert_no_error (local_error); ++ g_assert_nonnull (proc); ++ ++ sleep_pid = atoi (g_subprocess_get_identifier (proc)); ++ ++ g_subprocess_wait_async (proc, NULL, on_sleep_exited, &done); ++ ++ kill (sleep_pid, SIGKILL); ++ ++ while (!done) ++ g_main_context_iteration (NULL, TRUE); ++ ++ g_assert_false (g_subprocess_get_successful (proc)); ++ ++ g_clear_pointer (&args, g_ptr_array_unref); ++ g_clear_object (&launcher); ++ g_clear_object (&proc); ++ ++ return EXIT_SUCCESS; ++} ++#endif ++ + int + main (int argc, char **argv) + { +@@ -267,6 +328,8 @@ main (int argc, char **argv) + return 1; + } + ++ g_log_writer_default_set_use_stderr (TRUE); ++ + mode = argv[1]; + if (strcmp (mode, "noop") == 0) + return 0; +@@ -297,6 +360,10 @@ main (int argc, char **argv) + return cwd_mode (argc, argv); + else if (strcmp (mode, "printenv") == 0) + return printenv_mode (argc, argv); ++#ifdef G_OS_UNIX ++ else if (strcmp (mode, "sleep-and-kill") == 0) ++ return sleep_and_kill (argc, argv); ++#endif + else + { + g_printerr ("Unknown MODE %s\n", argv[1]); +diff --git a/gio/tests/gsubprocess.c b/gio/tests/gsubprocess.c +index 30947596ea..c7f2ea489e 100644 +--- a/gio/tests/gsubprocess.c ++++ b/gio/tests/gsubprocess.c +@@ -2,6 +2,7 @@ + #include + + #ifdef G_OS_UNIX ++#include + #include + #include + #include +@@ -1989,7 +1990,107 @@ test_fd_conflation_child_err_report_fd (void) + do_test_fd_conflation (G_SUBPROCESS_FLAGS_NONE, empty_child_setup, TRUE); + } + +-#endif ++/* Handle ptrace events on @main_child, and assert that when it exits, it does ++ * so with status %EXIT_SUCCESS, rather than signalling. Other than that, this ++ * just calls %PTRACE_CONT for all trace events. */ ++static void ++trace_children (pid_t main_child) ++{ ++ int wstatus; ++ ++ g_assert_no_errno (waitpid (main_child, &wstatus, 0)); ++ g_assert_no_errno (ptrace (PTRACE_SETOPTIONS, main_child, NULL, ++ (PTRACE_O_TRACEFORK | ++ PTRACE_O_EXITKILL | ++ PTRACE_O_TRACEVFORK | ++ PTRACE_O_TRACECLONE | ++ PTRACE_O_TRACEEXEC))); ++ g_assert_no_errno (ptrace (PTRACE_CONT, main_child, NULL, 0)); ++ ++ while (TRUE) ++ { ++ pid_t pid; ++ int wstatus; ++ int stop_signum; ++ int ptrace_event; ++ ++ pid = waitpid (-1, &wstatus, 0); ++ if (pid == -1 && errno == ECHILD) ++ break; ++ ++ g_assert_cmpint (errno, ==, 0); ++ g_assert_cmpint (pid, >=, 0); ++ ++ if (WIFSTOPPED (wstatus)) ++ stop_signum = WSTOPSIG (wstatus); ++ else ++ stop_signum = 0; ++ ++ switch (stop_signum) ++ { ++ case SIGTRAP: ++ ptrace_event = (wstatus >> 16) & 0xffff; ++ switch (ptrace_event) ++ { ++ case 0: ++ g_assert_no_errno (ptrace (PTRACE_CONT, pid, NULL, stop_signum)); ++ break; ++ default: ++ g_assert_no_errno (ptrace (PTRACE_CONT, pid, NULL, 0)); ++ break; ++ } ++ break; ++ case SIGSTOP: ++ g_assert_no_errno (ptrace (PTRACE_CONT, pid, NULL, 0)); ++ break; ++ default: ++ if (!WIFEXITED (wstatus) && !WIFSIGNALED (wstatus)) ++ g_assert_no_errno (ptrace (PTRACE_CONT, pid, NULL, stop_signum)); ++ break; ++ } ++ ++ if (pid == main_child) ++ { ++ g_assert_false (WIFSIGNALED (wstatus)); ++ if (WIFEXITED (wstatus)) ++ { ++ g_assert_cmpint (WEXITSTATUS (wstatus), ==, EXIT_SUCCESS); ++ break; ++ } ++ } ++ } ++} ++ ++static void ++test_exit_status_trapped (void) ++{ ++ GPtrArray *args = NULL; ++ pid_t test_child; ++ ++ g_test_summary ("Test that exit status is reported correctly for ptrace()d child processes"); ++ g_test_bug ("https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3433"); ++ ++ /* Call fork() directly here, rather than using #GSubprocess, so that we can ++ * safely call waitpid() on it ourselves without interfering with the internals ++ * of #GSubprocess. ++ * See https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3433#note_1749055 */ ++ args = get_test_subprocess_args ("sleep-and-kill", NULL); ++ test_child = fork (); ++ if (test_child == 0) ++ { ++ /* Between fork() and exec() we can only call async-signal-safe functions. */ ++ if (ptrace (PTRACE_TRACEME, 0, NULL, NULL) < 0) ++ abort (); ++ ++ g_assert_no_errno (execvp (args->pdata[0], (char * const *) args->pdata)); ++ } ++ ++ trace_children (test_child); ++ ++ g_clear_pointer (&args, g_ptr_array_unref); ++} ++ ++#endif /* G_OS_UNIX */ + + static void + test_launcher_environment (void) +@@ -2133,6 +2234,7 @@ main (int argc, char **argv) + g_test_add_func ("/gsubprocess/fd-conflation/empty-child-setup", test_fd_conflation_empty_child_setup); + g_test_add_func ("/gsubprocess/fd-conflation/inherit-fds", test_fd_conflation_inherit_fds); + g_test_add_func ("/gsubprocess/fd-conflation/child-err-report-fd", test_fd_conflation_child_err_report_fd); ++ g_test_add_func ("/gsubprocess/exit-status/trapped", test_exit_status_trapped); + #endif + g_test_add_func ("/gsubprocess/launcher-environment", test_launcher_environment); + +-- +GitLab + diff --git a/glib2.spec b/glib2.spec index 2161dde..a255d1e 100644 --- a/glib2.spec +++ b/glib2.spec @@ -11,71 +11,74 @@ Source0: http://download.gnome.org/sources/glib/2.68/glib-%{version}.tar.xz # Required for RHEL core crypto components policy. Good for Fedora too. # https://bugzilla.redhat.com/show_bug.cgi?id=1630260 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/903 -Patch: gnutls-hmac.patch +Patch0: gnutls-hmac.patch # Add GPowerProfileMonitor # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1965 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2194 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2222 -Patch: 1965.patch -Patch: 2194.patch -Patch: 2222.patch +Patch1: 1965.patch +Patch2: 2194.patch +Patch3: 2222.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2244 -Patch: 2244.patch +Patch4: 2244.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2291 -Patch: 2291.patch +Patch5: 2291.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1968 -Patch: 1968.patch +Patch6: 1968.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2435 -Patch: 2435.patch +Patch7: 2435.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 -Patch: 3126.patch +Patch8: 3126.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3136 -Patch: 3136.patch +Patch9: 3136.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3163 -Patch: 3163.patch +Patch10: 3163.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2826 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3272 -Patch: 2826.patch -Patch: 3272.patch +Patch11: 2826.patch +Patch12: 3272.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2408 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2816 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2847 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3158 -Patch: 2408.patch +Patch13: 2408.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3353 -Patch: 3353.patch +Patch14: 3353.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3845 -Patch: 3845.patch +Patch15: 3845.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3720 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4038 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4053 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4057 -Patch: 4038.patch +Patch16: 4038.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4155 -Patch: 4155.patch +Patch17: 4155.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4281 -Patch: CVE-2024-52533.patch +Patch18: CVE-2024-52533.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/680 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4588 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4592 -Patch: CVE-2025-4373.patch +Patch19: CVE-2025-4373.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4356 -Patch: gdatetime-test.patch +Patch20: gdatetime-test.patch + +Patch1000: 1000-file-name-cloud-be-UTF-8.patch +# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3433 +Patch1001: 3433.patch -Patch1000: 0001-file-name-cloud-be-UTF-8.patch BuildRequires: chrpath BuildRequires: gcc BuildRequires: gcc-c++ @@ -297,6 +300,7 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %changelog * Wed Jul 16 2025 Liwei Ge - 2.68.4-16.0.1.2 - file name cloud be UTF-8 +- Don't treat si_pid from pidfd as child exiting * Fri Jul 11 2025 Michael Catanzaro - 2.68.4-16.2 - Add patches for CVE-2024-52533 and CVE-2025-4373 -- Gitee