glib-2.0: upgrade 2.86.3 -> 2.86.4

Fixes CVE-2026-1484, CVE-2026-1485 and CVE-2026-1489.

Release notes [1]:

Overview of changes in GLib 2.86.4, 2026-02-13
* Fix several security vulnerabilities of varying severity (see below
  for details)
* Bugs fixed:
  * #3858 (closed) glib-compile-resources: Incorrect compiler detection
    on Windows when building GTK causes a DoS (L. E. Segovia)
  * #3863 (closed) Iterating over a short (preallocated) GVariant
    bytestring invalidly refs a NULL GBytes (Christian Hergert)
  * #3870 (closed) (CVE-2026-1484) (YWH-PGM9867-168) Integer Overflow ->
    Buffer Underflow on Glib through glib/gbase64.c via
    g_base64_encode_close() leads to OOB Write (Marco Trevisan)
  * #3871 (closed) (CVE-2026-1485) (#YWH-PGM9867-169) Buffer underflow
    on Glib through gio/gcontenttype-fdo.c via parse_header() lead to
    OOB Read/Write (Marco Trevisan)
  * #3872 (closed) (CVE-2026-1489) (#YWH-PGM9867-171) Integer Overflow
    on Glib through glib/guniprop.c via output_marks() lead to OOB Write
    in glib/gutf8.c:g_unichar_to_utf8() (Marco Trevisan (Treviño))
  * !4946 (merged) Update Romanian translation glib-2-86
  * !4955 (merged) Backport !4954 (merged) “glib-compile-resources:
    Always assume MSVC compiler if VCINSTALLDIR is set” to glib-2-86
  * !4961 (merged) Backport !4960 (merged) “glib/gvariant: add failing
    test for bytestring and fix it” to glib-2-86
  * !4979 (merged) [glib-2-86] gbase64: Use gsize to prevent potential
    overflow
  * !4981 (merged) [glib-2-86] gio/gcontenttype-fdo: Do not overflow if
    header is longer than MAXINT
  * !4984 (merged) [glib-2-86] guniprop: Use size_t for output_marks
    length
  * !5010 (merged) Update Kazakh translation
* Translation updates:
  * Kazakh (Baurzhan Muftakhidinov)
  * Romanian (Antonio Marin)

[1] https://gitlab.gnome.org/GNOME/glib/-/releases/2.86.4

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/recipes-core/glib-2.0/glib-2.0-initial_2.86.3.bb b/meta/recipes-core/glib-2.0/glib-2.0-initial_2.86.4.bb
similarity index 100%
rename from meta/recipes-core/glib-2.0/glib-2.0-initial_2.86.3.bb
rename to meta/recipes-core/glib-2.0/glib-2.0-initial_2.86.4.bb

diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.86.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.86.4.bb
similarity index 100%
rename from meta/recipes-core/glib-2.0/glib-2.0_2.86.3.bb
rename to meta/recipes-core/glib-2.0/glib-2.0_2.86.4.bb

diff --git a/meta/recipes-core/glib-2.0/glib.inc b/meta/recipes-core/glib-2.0/glib.inc
index 2e15cc7675b115010d63167d194cd5c04ee67c08..d1f25ef8f2194b0b8842a8e84b94f054da4a87b5 100644 (file)
--- a/meta/recipes-core/glib-2.0/glib.inc
+++ b/meta/recipes-core/glib-2.0/glib.inc
@@ -237,7 +237,7 @@ SRC_URI:append:class-native = " file://relocate-modules.patch \
                                 file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \
                               "
 
-SRC_URI[archive.sha256sum] = "b3211d8d34b9df5dca05787ef0ad5d7ca75dec998b970e1aab0001d229977c65"
+SRC_URI[archive.sha256sum] = "d4e2b5d791d5015ffd8c6971ad8e975a0a55c1a14926cdb25cf843ff00682260"
 
 # Find any meson cross files in FILESPATH that are relevant for the current
 # build (using siteinfo) and add them to EXTRA_OEMESON.