700538 – dev-libs/glib: Backport GDBusServer fixes

Bug 700538 - dev-libs/glib: Backport GDBusServer fixes

Summary: dev-libs/glib: Backport GDBusServer fixes

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All All

Importance:	Normal normal (vote)
Assignee:	Gentoo Linux Gnome Desktop Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	CVE-2019-14822
	Show dependency tree

Reported:	2019-11-19 02:46 UTC by Arfrever Frehtes Taifersar Arahesis
Modified:	2020-01-01 15:41 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arfrever Frehtes Taifersar Arahesis 2019-11-19 02:46:48 UTC

Recent security fix in IBus (Gentoo bug #695526):
https://github.com/ibus/ibus/commit/3d442dbf936d197aa11ca0a71663c2bc61696151
... As discussed in:
https://github.com/ibus/ibus/issues/2137
https://bugs.launchpad.net/ubuntu/+source/ibus/+bug/1844853
... Triggers bug in GLib:
https://gitlab.gnome.org/GNOME/glib/issues/1831

Fix in GLib "master" branch:
https://gitlab.gnome.org/GNOME/glib/merge_requests/1176
https://gitlab.gnome.org/GNOME/glib/commit/ef1035d9d86464ea0b5dde60a7a0e190895fdf5b
https://gitlab.gnome.org/GNOME/glib/commit/1485a97d8051b0aa047987f7b0c0bfe4ba4ce55b
https://gitlab.gnome.org/GNOME/glib/commit/ee502dbbe89a5976c32eb8863c9a9d274ddb60e1
https://gitlab.gnome.org/GNOME/glib/commit/9f962ebeac1d67223579ad0d261c4c8215f7c427

Backport (except new tests) of fix to GLib "glib-2-62" branch:
https://gitlab.gnome.org/GNOME/glib/merge_requests/1194
https://gitlab.gnome.org/GNOME/glib/commit/1cfab12a28d97716ad581c30fbbf3e94e4d7f303
https://gitlab.gnome.org/GNOME/glib/commit/5f9318af8f19756685c1b79cf8b76f3e66614d84
https://gitlab.gnome.org/GNOME/glib/commit/c7618cce3752e1f3681f75d0a26c7e07c15bd6a2


Please either:
- Add dev-libs/glib-2.62.3 (when it is released).
- Add dev-libs/glib-2.62.2 with backported [1], [2] and [3].
- Add dev-libs/glib-2.60.7-r1 with backported [1], [2] and [3].
  (Patches apply cleanly to dev-libs/glib-2.60.7.)

[1] https://gitlab.gnome.org/GNOME/glib/commit/1cfab12a28d97716ad581c30fbbf3e94e4d7f303.patch
[2] https://gitlab.gnome.org/GNOME/glib/commit/5f9318af8f19756685c1b79cf8b76f3e66614d84.patch
[3] https://gitlab.gnome.org/GNOME/glib/commit/c7618cce3752e1f3681f75d0a26c7e07c15bd6a2.patch

Comment 1 Arfrever Frehtes Taifersar Arahesis 2019-11-21 13:23:58 UTC

> Please either:
> - Add dev-libs/glib-2.62.3 (when it is released).
> - Add dev-libs/glib-2.62.2 with backported [1], [2] and [3].
> - Add dev-libs/glib-2.60.7-r1 with backported [1], [2] and [3].
>   (Patches apply cleanly to dev-libs/glib-2.60.7.)

dev-libs/glib-2.62.3 was released on 2019-11-19 and is supposed to contain necessary fixes.

Comment 2 Yixun Lan archtester

2019-12-15 14:04:21 UTC

ping, any plan to bump version 2.62.3 or backport to 2.60.7?

Comment 3 Larry the Git Cow gentoo-dev

2020-01-01 15:41:45 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ed2ea2d465969fba6a72c270d712287d2e3e116

commit 1ed2ea2d465969fba6a72c270d712287d2e3e116
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2020-01-01 15:40:23 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2020-01-01 15:40:41 +0000

    dev-libs/glib: backport GDBus fixes necessary for ibus security fixes
    
    Closes: https://bugs.gentoo.org/700538
    Package-Manager: Portage-2.3.79, Repoman-2.3.12
    Signed-off-by: Mart Raudsepp <leio@gentoo.org>

 dev-libs/glib/files/2.60.7-gdbus-fixes.patch | 301 +++++++++++++++++++++++++++
 dev-libs/glib/glib-2.60.7-r1.ebuild          | 279 +++++++++++++++++++++++++
 2 files changed, 580 insertions(+)