Accepted glib2.0 2.68.3-2 (source) into unstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 15 Aug 2021 14:57:30 +0100
Source: glib2.0
Architecture: source
Version: 2.68.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Closes: 977961 982213 982778 982779 983026 984969 987913
Changes:
 glib2.0 (2.68.3-2) unstable; urgency=medium
 .
   * Merge from experimental branch
   * Changes relative to 2.68.3-1 in experimental:
     - d/watch: Only watch for stable (2.even.z) releases
     - d/p/debian/61_glib-compile-binaries-path.patch: Remove.
       This patch turns out to be unnecessary, and is harmful for
       cross-compiling. Thanks to Helmut Grohne (Closes: #982213)
   * Changes relative to previous version in unstable:
     - New upstream stable release branch 2.68.x
     - Fix maintainer scripts' handling of /usr/lib/MULTIARCH/gio/modules
       (Closes: #987913, see 2.68.1-2 changelog)
     - Mark dbus as <!nocheck> <!noinsttest>.
       Several of the installed-tests won't be built unless dbus-daemon is
       available, so <!nocheck> is insufficient.
     - Move test-dependencies to Build-Depends-Arch.
       We don't run the majority of the tests when we're only building the
       documentation.
     - Remove an unused Lintian override
     - Add more Lintian overrides for test data
     - Use d/tests/run-with-locales for better locale-sensitive test coverage
   * d/rules: Fix dead link when documenting why we use -Wl,--no-as-needed
   * Bump minimum GLib version for callers of g_dbus_server_new_sync()
     Programs that call this function might be passing in the new flag
     G_DBUS_CONNECTION_FLAGS_AUTHENTICATION_REQUIRE_SAME_USER, which is
     security-significant. Don't allow such programs to be built against
     GLib 2.68 and run with GLib 2.66 or older.
   * Add Breaks on libsoup2.4-tests before 2.72.0-3.
     Older versions of the libsoup test suite had an assertion that would
     only succeed because of a GLib bug, which is fixed in 2.68.x. Newer
     versions tolerate the bug, but do not require it.
 .
 glib2.0 (2.68.3-1) experimental; urgency=medium
 .
   * New upstream release 2.68.3, fixing bugs:
     - GFile: `g_file_replace_contents()` reports `G_IO_ERROR_WRONG_ETAG` when
       saving from a symlink
     - glocalfileoutputstream: Fix ETag check when replacing through a symlink
     - gmacros: check that __cplusplus or _MSC_VER is defined
     - gmacros: missing check if __STDC_VERSION__ is defined
     - gthreadedresolver: don't ignore flags in lookup_by_name_with_flags
     - inotify: Fix a memory leak
     - json-glib does not build with glib 2.68.1
     - testfilemonitor test leaks ip_watched_file_t struct
     - tlscertificate: Avoid possible invalid read
 .
 glib2.0 (2.68.1-2) experimental; urgency=medium
 .
   * Fix maintainer scripts' handling of /usr/lib/MULTIARCH/gio/modules:
     - postrm: Only delete GIO module cache on remove or purge.
       Despite its name, the postrm can be invoked for reasons other than
       package removal: in particular, the old version's postrm is run
       during upgrades.
     - postinst: Recreate GIO module directory if deleted by an older
       postrm, to recover from the bug fixed here.
     - postinst: Don't guard glib-compile-schemas or gio-querymodules with
       a check for existence of a directory that is shipped in the .deb.
       If such a directory has somehow gone missing, we want to see
       a warning. This won't make the postinst fail, because we're ignoring
       exit status anyway.
     (Closes: #987913)
 .
 glib2.0 (2.68.1-1) experimental; urgency=medium
 .
   * New upstream stable release
   * d/tests/run-with-locales: Avoid FTBFS with locales-all installed
 .
 glib2.0 (2.68.0-1) experimental; urgency=medium
 .
   * New upstream stable release
     - Drop dead code from glib-compile-schemas
     - Improve valgrind suppressions
     - Fix error in g_bytes_icon_new() documentation
     - Avoid close(-1) during error handling
     - Fix copy/paste error in queue test
     - Translation updates
   * Add CVE ID references to previous changelog entries.
     CVE IDs were not yet available at the time these vulnerabilities were
     initially fixed.
 .
 glib2.0 (2.67.6-1) experimental; urgency=medium
 .
   * New upstream release
     - This fixes a symlink attack affecting file-roller.
       When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION
       to replace a path that is a dangling symlink, previously it would
       have also created the target of the symlink as an empty file, which
       could conceivably be security-sensitive if the symlink is
       attacker-controlled. (Closes: #984969; CVE-2021-28153)
   * Revert test-dependency on libc6-dev, which should no longer be
     necessary with the new upstream release.
 .
 glib2.0 (2.67.5-2) experimental; urgency=medium
 .
   * debian/tests/control: Test-Depend on libc6-dev; the `pollable` test
     requires it.  See [upstream MR !1977][0]. The upstream tests now rely on
     finding "libutil.so", which is in libc6-dev. Once that MR, or something
     like it, is merged, we can remove this test-dep as the runtime library
     will be being used.
     [0]: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1977
 .
 glib2.0 (2.67.5-1) experimental; urgency=medium
 .
   * New upstream release
     + Fix more issues with `glib_typeof` macro from 2.67.3–2.67.4 (LP:
       #1916705)
     + Fix regression with some FD mappings passed to
       `g_subprocess_launcher_spawnv()` (Closes: #983026) (LP: #1916701)
   * debian/watch: Fix to not match `..`. The watch file was matching the
     "Parent directory/" link and considering that the highest, since its
     target is `..`. Expect 1+ digits to begin the version number.
 .
 glib2.0 (2.67.4-1) experimental; urgency=medium
 .
   * New upstream release
     - Among other changes, this should fix FTBFS on armel
   * d/libglib2.0-0.symbols: Add g_spawn_async_with_pipes_and_fds
 .
 glib2.0 (2.67.3+git20210214-1) experimental; urgency=medium
 .
   * d/changelog: Add bug reference for GHSL-2021-045 to previous entry
   * New upstream git snapshot; among other changes:
     - Fix regressions caused by the GHSL-2021-045 fixes in 2.67.3
     - Warn and fail on integer overflow in g_byte_array_new_take()
       for arrays larger than G_MAXUINT
       (Closes: #982779; CVE-2021-27218)
   * d/libglib2.0-0.symbols: Add g_string_replace()
   * Refresh patch series
   * d/rules, d/tests: Generate various locales mentioned in the tests
   * Mark dbus as <!nocheck> <!noinsttest>.
     Several of the installed-tests won't be built unless dbus-daemon is
     available, so <!nocheck> is insufficient.
   * Move test-dependencies to Build-Depends-Arch.
     We don't run the majority of the tests when we're only building the
     documentation.
   * Remove an unused Lintian override
   * Add more Lintian overrides for test data
 .
 glib2.0 (2.67.3-1) experimental; urgency=medium
 .
   * New upstream release
     - Fix various integer overflows, some of them potentially exploitable
       (Closes: #982778; CVE-2021-27219, GHSL-2021-045)
   * Drop patches that came from upstream or were applied upstream
 .
 glib2.0 (2.67.2-1) experimental; urgency=medium
 .
   * New upstream release
   * Refresh patch series
   * d/patches: Cherry-pick some fixes from upstream git master.
     This is mostly for parity with the update to 2.66.x that I'm preparing
     for unstable, which also includes the XDG_CURRENT_DESKTOP fixes.
   * d/p/spawn-Don-t-set-a-search-path-if-we-don-t-want-to-search-.patch:
     Make the g_spawn family only search PATH if G_SPAWN_SEARCH_PATH is used.
     Previously, they would sometimes search /usr/bin:/bin:. for an
     executable they should have only loaded from the current working
     directory. In particular, this made gtk+3.0 fail its build-time tests
     if ImageMagick display(1) happened to be installed. (Closes: #977961)
 .
 glib2.0 (2.67.1-1) experimental; urgency=medium
 .
   * Branch for experimental and 2.67.x
   * New upstream development release
   * Temporarily use git to fetch upstream release.
     The official tarball release doesn't seem to have made it onto mirrors.
   * d/rules: Explicitly enable libelf dependency for gresource tool
   * d/p/Handle-the-case-of-g_object_run_dispose-in-GBinding.patch:
     Add patch from upstream to fix a regression in GBinding that caused
     gnome-terminal-server to crash on startup
Checksums-Sha1:
 58e33c4b25ae94d0935e0bb305f8dfb11f374b27 3486 glib2.0_2.68.3-2.dsc
 bebaf034f077451c0627fd06d9c6333c6a1b3f5e 100368 glib2.0_2.68.3-2.debian.tar.xz
 7cf981a02c60201e3ec9d2e24b7303ad7bbd928b 6961 glib2.0_2.68.3-2_source.buildinfo
Checksums-Sha256:
 1244a133e25a93f9cfc3f4986a74184e682a57eae4bb59e59c41a1964138f92c 3486 glib2.0_2.68.3-2.dsc
 db1ea5fed3707366efa2a71962b289a9535654505212d8787d60d161456dfc61 100368 glib2.0_2.68.3-2.debian.tar.xz
 8c8d0cad73aff5065fdb7273688c39b4b29af271597df642847420f3bd0a36c6 6961 glib2.0_2.68.3-2_source.buildinfo
Files:
 1811025fb1c7548dd0f1764dd329106e 3486 libs optional glib2.0_2.68.3-2.dsc
 97e063a09a83c5069999bca7479b87e0 100368 libs optional glib2.0_2.68.3-2.debian.tar.xz
 f7754c81ae0fcf9ea6fd3849f7ea0913 6961 libs optional glib2.0_2.68.3-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmEaIdEACgkQ4FrhR4+B
TE/6WQ/7BZiQne61fY0J2moYE83yqYr7eJKjUHPvqiJqtdRX/HcnAQhZp2KUSZlL
w3s3mzBO5yYgipLyxE3g23AW20ezPepSUQYDf3sMObBVqkyPwLFwmcEtpoLSu6D6
3MbpLcU+9Zi0eP9GDZQ440BW8Uep96uBESmzOsgyPjWwOrQU323mODFO+7e3/iEZ
7VPq59u3jErIRZWPjxLRoHkKokSJfplnoDhejSuqcZ9jxStKOA2mLInonJg3nfOX
bTcbg2cLKckDa/OM7OqwL5aphptzz9yWajJvhwGEi5pCe58nMJdecjXHvInxcJ1N
JFCQSICtFXgsFmkCJdUCRNZPRcTNPUW3HPYN2kvFE3XBjRnJ0keHQ5/qPb/LR6OC
6kYHCTCMyWicv2oBPhfveG3EN2BjvIdOhRm9VYBHvj7/UJRXpgsD7+BjS0m6c3VP
Z3xtOn4L2v/Ew4MymoyQzUHxzKNMbHIz7UMBEjL6ywIGAnY01XsCStVUtgw3Bjeb
wRMsVuXFqZh7d+rRuR1yTSfrec7o0P8qhI8ufMDImHmEsYj10RDLSYX/j7LCcqmJ
dNgjfzIRGxs8j6DD9sqbZhsazxXvXnhcmj+rhaEuPIHiMiJhJNiuV3Nj4onp+UJt
BicOQaF5LETd3yN7Uukt6irLXRw3C5qdTPOgtn1h6XBrV0o/vAM=
=GWaq
-----END PGP SIGNATURE-----