[SRU] 2.60.4

Bug #1832457 reported by Iain Lane on 2019-06-12
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
glib2.0 (Ubuntu)
Undecided
Iain Lane
Disco
Undecided
Iain Lane

Bug Description

[ Description ]

New stable release in the 2.60 series.

[ QA ]

Upstream release, so QA already performed by maintainers

https://wiki.ubuntu.com/StableReleaseUpdates/GNOME

This upload will trigger many autopkgtests that we expect to not be regressed by this upload.

Pretty much all parts of GNOME use GLib, so test anything in the desktop that you can.

[ Regression potential ]

Various fixes in multiple places so multiple apps could be affected.

[ Upstream NEWS ]

Overview of changes in GLib 2.60.4
==================================

* Fixes to improved network status detection with NetworkManager (#1788)

* Leak fixes to some `glib-genmarshal` generated code (#1793)

* Further fixes to the Happy Eyeballs (RFC 8305) implementation (!865)

* File system permissions fix to clamp down permissions in a small time window
  when copying files (CVE-2019-12450, !876)

* Bugs fixed:
 - #1755 Please revert #535 gmacros: Try to use the standard __func__ first in G_STRFUNC
 - #1788 GNetworkMonitor claims I am offline
 - #1792 glib-genmarshal generated valist marshal does not respect static scope for some types
 - #1793 glib-genmarshal generates wrong code for va marshaler for VARIANT type
 - #1795 Fix mingw32 CI on older branches
 - !865 gnetworkaddress: fix "happy eyeballs" logic
 - !878 Backport !876 “gfile: Limit access to files when copying” to glib-2-60

Overview of changes in GLib 2.60.3
==================================

* Various fixes to small key/value support in `GHashTable` (#1749, #1780)

* Bugs fixed:
 - #1747 Critical in g_socket_client_async_connect_complete
 - #1749 New GHashTable implementation confuses valgrind
 - #1759 test_month_names: assertion failed
 - #1771 GNetworkAddressAddressEnumerator unsafely modifies cache in GNetworkAddress
 - #1774 Leaks in gsocketclient.c connection code
 - #1776 glib/date test fails
 - #1780 GDB pretty-printer for GHashTable no longer works
 - !815 Merge branch 'wip/tingping/socketclient-cancel-2' into 'master'
 - !816 Backport !814 “gschema.dtd: Add target attribute to alias” to glib-2-60
 - !826 Backport !824 “gsocketclient: Fix a leak in the connection code” to glib-2-60
 - !829 Backport !828 “build: Fix a typo in the test whether _NL_ABALTMON_n is supported” to glib-2-60
 - !834 Backport !823 "gnetworkaddress: Fix parallel enumerations interfering with eachother" to glib-2-60
 - !838 Backport !835 “Fix typo in German translation” to glib-2-60
 - !841 Backport !839 “tests: Update month name check for Greek locale” to glib-2-60
 - !844 Backport !840 “ghash: Disable small-arrays under valgrind” to glib-2-60
 - !846 Backport !845 “Fixing g_format_size_full() on Windows-x64” to glib-2-60
 - !855 Backport !848 (more GHashTable fixes) to glib-2-60
 - !858 Backport !852 “Update gdb pretty-printer for GHashTable” to glib-2-60

* Translation updates:
 - German

Overview of changes in GLib 2.60.2
==================================

* Fix crash when displaying notifications on macOS (!786)

* Improve network status detection with NetworkManager (!781)

* Bugs fixed:
 - !790 glib/gconstructor.h: Include stdlib.h for MSVC builds
 - !793 Backport !786: “cocoanotificationbackend: do not release readonly property” to glib-2-60
 - !803 Backport !781 “gnetworkmonitornm: Fix network available detection” to glib-2-60

* Translation updates:
 - Catalan

Overview of changes in GLib 2.60.1
==================================

* Fix documentation for `gdbus-tool wait` to use correct units

* Bugs fixed:
 - #1709 GResource generation test incompatible with stable LLVM on Linux
 - #1725 gosxappinfo.h is not installed on macOS
 - #1737 gdbus-tool wait command timeout argument incorrect unit reference
 - !711 socket: Fix annotation for flags in g_socket_receive_message
 - !722 Backport codegen: Fix use of uninitialised variable from !721 to glib-2-60
 - !727 Backport !719 “Handle an UNKNOWN NetworkManager connectivity as NONE” to glib-2-60
 - !729 Backport !728 “gsocket: Remove (type) annotation from flags arguments” to glib-2-60
 - !758 gdbusaddress, win32: backport using cwd for running rundll32
 - !775 meson: Hotfix for iconv detection on macOS

* Translation updates:
 - Basque
 - Dutch

CVE References

Iain Lane (laney) on 2019-06-12
description: updated
description: updated
Changed in glib2.0 (Ubuntu):
status: New → In Progress
Changed in glib2.0 (Ubuntu Disco):
status: New → In Progress
Changed in glib2.0 (Ubuntu):
assignee: nobody → Iain Lane (laney)
Changed in glib2.0 (Ubuntu Disco):
assignee: nobody → Iain Lane (laney)
Iain Lane (laney) wrote :

disco in queue, will sync eoan once lp picks it up

Iain Lane (laney) on 2019-06-18
Changed in glib2.0 (Ubuntu):
status: In Progress → Fix Released
Brian Murray (brian-murray) wrote :

I don't see 2.60.4 in eoan yet so I'm setting this back to Fix Committed.

Changed in glib2.0 (Ubuntu):
status: Fix Released → Fix Committed
Iain Lane (laney) wrote :

It's there now. The sync must have failed.

Iain Lane (laney) wrote :

It was clear that the sync was what I was going for (comment #1), so it would have been nice if the SRU would have been accepted by the way. Brian could have synced it if necessary as well. Now we have to wait for another go-round.

Hello Iain, or anyone else affected,

Accepted glib2.0 into disco-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/glib2.0/2.60.4-0ubuntu0.19.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-disco to verification-done-disco. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-disco. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in glib2.0 (Ubuntu Disco):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-disco
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package glib2.0 - 2.60.4-1

---------------
glib2.0 (2.60.4-1) experimental; urgency=medium

  * New upstream release (LP: #1832457)
  + Fixes to improved network status detection with NetworkManager (#1788)
  + Leak fixes to some `glib-genmarshal` generated code
  + Further fixes to the Happy Eyeballs (RFC 8305) implementation
  + File system permissions fix to clamp down permissions in a small time window
    when copying files (CVE-2019-12450)
  + Bugs fixed:
   - Please revert #535 gmacros: Try to use the standard __func__ first in
     G_STRFUNC
  * gfile-Limit-access-to-files-when-copying.patch: Drop. It's in this version
    upstream.
  * d/p/*: Refresh through gbp pq

 -- Iain Lane <email address hidden> Wed, 12 Jun 2019 09:15:11 +0100

Changed in glib2.0 (Ubuntu):
status: Fix Committed → Fix Released
Iain Lane (laney) wrote :

I've retried the failing tests, except why3 which I think is just busted (not glib2.0's fault - good for a badtest?)

Have smoke tested on disco and it seems good to me. I ran the desktop for a bit, checking the video player, text editor, image viewer and web browser. Shell itself of course uses GLib too.

desrt might want to test the specific usecase that she had in mind for this upload. But it seems good to me.

tags: added: verification-done verification-done-disco
removed: verification-needed verification-needed-disco
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package glib2.0 - 2.60.4-0ubuntu0.19.04.1

---------------
glib2.0 (2.60.4-0ubuntu0.19.04.1) disco; urgency=medium

  * New upstream release (LP: #1832457)
    + Leak fixes to some `glib-genmarshal` generated code
    + Further fixes to the Happy Eyeballs (RFC 8305) implementation
    + File system permissions fix to clamp down permissions in a small time window
      when copying files (CVE-2019-12450)
    + build: Fix a typo in the test whether _NL_ABALTMON_n is supported
    + Critical in g_socket_client_async_connect_complete
    + Fix crash when displaying notifications on macOS (!786)
    + Fix documentation for `gdbus-tool wait` to use correct units
    + Fix typo in German translation
    + glib/date test fails
    + glib/gconstructor.h: Include stdlib.h for MSVC builds
    + GNetworkAddressAddressEnumerator unsafely modifies cache in
      GNetworkAddress
    + gnetworkaddress: Fix parallel enumerations interfering with eachother
    + gnetworkmonitornm: Fix network available detection
    + Fixes to improved network status detection with NetworkManager (#1788)
    + GResource generation test incompatible with stable LLVM on Linux
    + gschema.dtd: Add target attribute to alias
    + gsocketclient: Fix a leak in the connection code
    + Improve network status detection with NetworkManager
    + Leaks in gsocketclient.c connection code
    + test_month_names: assertion failed
    + tests: Update month name check for Greek locale
    + Update gdb pretty-printer for GHashTable
    + Various fixes to small key/value support in `GHashTable`
    + New GHashTable implementation confuses valgrind
    + more GHashTable fixes
    + GDB pretty-printer for GHashTable no longer works
    + ghash: Disable small-arrays under valgrind
  * CVE-2019-12450.patch: Drop, in this upstream release

 -- Iain Lane <email address hidden> Wed, 12 Jun 2019 10:04:45 +0100

Changed in glib2.0 (Ubuntu Disco):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for glib2.0 has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers