HomeSolus
Diffusion glib2 7b2f0406c34a

Update to 2.66.7

Authored by JoshStrobl on Wed, Feb 17, 11:11 PM.

Description

Update to 2.66.7

Summarized Changelog:

  • Fix some issues in parsing floating point seconds in GDateTime
  • Fix some issues in handling invalid UTF-8 when parsing for GDate
  • Don't load GIO modules or parse other GIO environment variables when AT_SECURE is set (i.e. in a setuid/setgid/setcap process). GIO has always been documented as not being safe to use in privileged processes, but people persist in using it unsafely, so these changes should harden things against potential attacks at least a little. Unfortunately they break a couple of projects which were relying on reading DBUS_SESSION_BUS_ADDRESS, so GIO continues to read that for setgid/setcap (but not setuid) processes. This loophole will be closed in GLib 2.70, which should give modules 6 months to change their behaviour.
  • Fix various instances within GLib where g_memdup() was vulnerable to a silent integer truncation and heap overflow problem
  • Fix a silent integer truncation when calling g_byte_array_new_take() for byte arrays bigger than G_MAXUINT
  • Disallow using currently-undefined D-Bus connection or server flags to prevent forward-compatibility problems with new security-sensitive flags likely to be released in GLib 2.68

Details

Committed
JoshStroblWed, Feb 17, 11:11 PM
Pushed
JoshStroblThu, Feb 18, 9:00 AM
Parents
R926:c47e63f0fbe3: Update to 2.66.3
Branches
Unknown
Tags
Unknown
References
HEAD -> master, tag: glib2-2.66.7-68