Subject: CVS commit: pkgsrc/devel
From: Adam Ciarcinski
Date: 2022-12-31 21:29:58
Message id: 20221231202958.73721FA90@cvs.NetBSD.org
Log Message:
glib2 glib2-tools gdbus-codegen: updated to 2.74.4

Overview of changes in GLib 2.74.4
==================================

* Fix missing input validation in `GDBusMenuModel` (work by Lars Uebernickel)

* Various GVariant security fixes when handling untrusted data (work by
  William Manley, Philip Withnall, Simon McVittie)

* Bugs fixed:
  - insufficient input validation in GDBusMenuModel (Lars Uebernickel)
  - GVariant deserialisation does not match spec for non-normal data
    (William Manley, Philip Withnall)
  - Parsing serialized GVariants can blow up run-time and memory (Philip
    Withnall)
  - GVariant offset table entry size is not checked in is_normal() (Philip
    Withnall)
  - g_variant_byteswap() can take a long time with some non-normal inputs
    (Philip Withnall)
  - gio/gapplication test fails with test_dbus_activate: assertion failed
    (n_activations == 2): (1 == 2) (Philip Withnall)
  - [bisected] GVariant test regression on big-endian architectures (Simon
    McVittie)
  - fuzz_variant_binary_byteswap: Heap-buffer-overflow in
    g_variant_serialised_get_child (Philip Withnall)
  - fuzz_variant_text: Timeout in fuzz_variant_text (Philip Withnall)
  - alpine/musl: catching signals from a subprocess triggers
    GLib:ERROR:../glib/gmain.c:5569:siginfo_t_to_wait_status: code should not be
    reached (Philip Withnall)
  - !3114 Backport !3113 “gaction: Validate actions activated over D-Bus” to
    glib-2-74
  - !3126 Backport !3125 “Various fixes to normal form handling in GVariant” to
    glib-2-74
  - !3134 Backport !3133 “gmenumodel: disallow exporting large menus on the bus”
    to glib-2-74
  - !3138 Backport !3136 “gvariant-serialiser: Convert endianness of offsets” to
    glib-2-74
  - !3153 Backport !3120 “glib/gthread-posix: Conditionally use `futex` and/or
    `futex_time64` syscalls...” to glib-2-74
  - !3161 Backport !3158 ”gmain: Define fallback values for siginfo_t constants
    for musl” to glib-2-74
  - !3164 Backport !3163 “gvariant: Check offset table doesn’t fall outside
    variant bounds and speed up text parsing” to glib-2-74

* Translation updates:
  - Abkhazian (Nart Tlisha)
  - Belarusian (Vasil Pupkin)
  - Georgian (Ekaterine Papava)
  - Interlingue (Olga Smirnova)
Files:
RevisionActionfile
1.38modifypkgsrc/devel/gdbus-codegen/distinfo
1.106modifypkgsrc/devel/glib2/Makefile.common
1.145modifypkgsrc/devel/glib2/PLIST
1.305modifypkgsrc/devel/glib2/distinfo