From: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon, 4 May 2026 17:40:57 +0000 (+0200)
Subject: glib: Update to version 2.88.1
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=da3d30c4bd37c6e3f3a177676a8d33771d67374e;p=ipfire-2.x.git

glib: Update to version 2.88.1

- Update from version 2.88.0 to 2.88.1
- Update of rootfile
- Changelog
2.88.1
* Fix miscompilation with GCC 16 due to GLib’s use of the wrong function
  attribute (!5145, work by Sam James)
* Fix flag confusion security issue when using `GRegex` with `G_REGEX_RAW` which
  can result in unbounded out-of-bounds heap reads off the start of a regex
  input string (#3919, work by linhlhq)
* Fix various minor (low severity) security issues, typically one-to-five-byte
  out-of-bounds reads (#3915, #3916, #3917, #3918, #3930) or ones relying on
  very specific (and unlikely) API calls (#3925) or ones relying on
  discouraged P2P D-Bus configurations (#3931, #3933) (work by linhlhq)
* Bugs fixed:
  - #3915 (#YWH-PGM9867-190) Buffer Over-read on GLib through glib/gvariant-
    serialiser.c:1253 via gvs_tuple_is_normal() (Philip Withnall)
  - #3916 (#YWH-PGM9867-187) OOB Read on GLib through
    glib/gmarkup.c:g_markup_escape_text() via
    glib/gmarkup.c:append_escaped_text() (Philip Withnall)
  - #3917 (#YWH-PGM9867-191) OOB Read on GLib through
    glib/gdatetime.c:g_date_time_get_ymd via invalid `GDateTime` (Philip
    Withnall)
  - #3918 (#YWH-PGM9867-193) Buffer Over-read on GLib's g_regex_replace()
    through glib/gregex.c:string_append() via g_utf8_next_char() (Philip
    Withnall)
  - #3919 (#YWH-PGM9867-194) Buffer Over-read on GLib through
    glib/gregex.c:g_regex_split_full() via glib/gutf8.c:g_utf8_prev_char()
    (Philip Withnall)
  - #3925 (#YWH-PGM9867-199) Buffer Over-read on GLib through glib/giochannel.c
    via "g_io_channel_read_line_backend" (Philip Withnall)
  - #3930 (#YWH-PGM9867-200) Off-by-one Error on GLib through glib/gkeyfile.c
    via "g_key_file_get_locale_string_list" (Philip Withnall)
  - #3931 (#YWH-PGM9867-203)  Path Traversal on GLib DBus through
    glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry,
    mechanism_client_data_receive (COOKIE_SHA1 Client Authentication) leads to
    Arbitrary File Read (Philip Withnall)
  - #3933 Integer overflow in g_dbus_message_bytes_needed() bypasses 128 MiB
    size check (pre-auth DoS on P2P connections) (Philip Withnall)
  - !5101 Update Serbian translation
  - !5105 docs: Expand docs for GLIB_VERSION_MAX_ALLOWED
  - !5110 gmarkup: fix type of length parameter of text_validate()
  - !5111 Update Russian translation
  - !5113 Update Polish translation
  - !5114 docs: Remove myself from CODEOWNERS
  - !5122 Update Slovak translation
  - !5134 Backport various recent security fixes to GVariant, GMarkup, GDateTime
    and GRegex to glib-2-88
  - !5150 Backport !5145 “gvarianttype: use pure attribute, not inappropriate
    const” to glib-2-88
  - !5152 Update Slovak translation
  - !5154 Update German translation
  - !5165 Update Slovak translation
  - !5166 Update Slovak translation
  - !5169 Update Persian translation
  - !5174 Backport !5170 !5171 !5172 !5173 Various security fixes to glib-2-88
* Translation updates:
  - German (Christian Kirbach)
  - Persian (Danial Behzadi)
  - Polish (Victoria Niedzielska)
  - Russian (Artur S0)
  - Serbian (Марко Костић)
  - Slovak (Jose Riha)

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/rootfiles/common/glib b/config/rootfiles/common/glib
index cd96e6f7a..f9e0ca72a 100644
--- a/config/rootfiles/common/glib
+++ b/config/rootfiles/common/glib
@@ -339,22 +339,22 @@ usr/include/glib-2.0/gio/gdebugcontroller.h
 #usr/lib/glib-2.0/include/glibconfig.h
 #usr/lib/libgio-2.0.so
 usr/lib/libgio-2.0.so.0
-usr/lib/libgio-2.0.so.0.8800.0
+usr/lib/libgio-2.0.so.0.8800.1
 #usr/lib/libgirepository-2.0.so
 usr/lib/libgirepository-2.0.so.0
-usr/lib/libgirepository-2.0.so.0.8800.0
+usr/lib/libgirepository-2.0.so.0.8800.1
 #usr/lib/libglib-2.0.so
 usr/lib/libglib-2.0.so.0
-usr/lib/libglib-2.0.so.0.8800.0
+usr/lib/libglib-2.0.so.0.8800.1
 #usr/lib/libgmodule-2.0.so
 usr/lib/libgmodule-2.0.so.0
-usr/lib/libgmodule-2.0.so.0.8800.0
+usr/lib/libgmodule-2.0.so.0.8800.1
 #usr/lib/libgobject-2.0.so
 usr/lib/libgobject-2.0.so.0
-usr/lib/libgobject-2.0.so.0.8800.0
+usr/lib/libgobject-2.0.so.0.8800.1
 #usr/lib/libgthread-2.0.so
 usr/lib/libgthread-2.0.so.0
-usr/lib/libgthread-2.0.so.0.8800.0
+usr/lib/libgthread-2.0.so.0.8800.1
 #usr/lib/pkgconfig/gio-2.0.pc
 #usr/lib/pkgconfig/gio-unix-2.0.pc
 #usr/lib/pkgconfig/girepository-2.0.pc
@@ -377,8 +377,8 @@ usr/lib/libgthread-2.0.so.0.8800.0
 #usr/share/gdb/auto-load
 #usr/share/gdb/auto-load/usr
 #usr/share/gdb/auto-load/usr/lib
-#usr/share/gdb/auto-load/usr/lib/libglib-2.0.so.0.8800.0-gdb.py
-#usr/share/gdb/auto-load/usr/lib/libgobject-2.0.so.0.8800.0-gdb.py
+#usr/share/gdb/auto-load/usr/lib/libglib-2.0.so.0.8800.1-gdb.py
+#usr/share/gdb/auto-load/usr/lib/libgobject-2.0.so.0.8800.1-gdb.py
 #usr/share/gettext/its
 #usr/share/gettext/its/gschema.its
 #usr/share/gettext/its/gschema.loc
diff --git a/lfs/glib b/lfs/glib
index 1b6e2269f..47fe1eb6b 100644
--- a/lfs/glib
+++ b/lfs/glib
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.88.0
+VER        = 2.88.1
 #          https://download.gnome.org/sources/glib/
 
 THISAPP    = glib-$(VER)
@@ -41,7 +41,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = b540e0f5490f85b44cfad5d819f4a6fd911addc26fed8b8b49852bd6ec322d7d16136b691452030cf5f590374ea06cf8fdb8c9109d5cbe7b68625379bbd40615
+$(DL_FILE)_BLAKE2 = d9a0e54d2c1b5128aee76f1743cbeea84a24af5a2252ba1c649943bbca3fbc5f08896249542526560c92dd0e60cbd8a72498c3cfe1535d1f0bf85316ce37dba1
 
 install : $(TARGET)