Debian Patches
Status for glib2.0/2.84.4-3~deb13u2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| workarounds/gdbus-server-auth-Normally-skip-flaky-DBUS_COOKIE_SHA1-te.patch | gdbus-server-auth: Normally skip flaky DBUS_COOKIE_SHA1 tests These intermittently fail on the buildds, but the failure cannot be reproduced in a debugging environment. We do not expect to use D-Bus over TCP on non-Windows platforms: we use an AF_UNIX socket, which is much more robust and secure. However, when using AF_UNIX, DBUS_COOKIE_SHA1 is unnecessary, because we can use the more reliable EXTERNAL authentication. |
Simon McVittie <smcv@debian.org> | not-needed | 2020-11-19 | ||
| workarounds/Skip-memory-monitor-dbus-test-if-not-specifically-request.patch | Skip memory-monitor-dbus test if not specifically requested This seems to be unreliable, particularly on non-x86. |
Simon McVittie <smcv@debian.org> | no | debian | 2021-10-24 | |
| workarounds/tests-Skip-debugcontroller-test.patch | tests: Skip debugcontroller test This is known to be flaky upstream. |
Simon McVittie <smcv@debian.org> | not-needed | 2022-02-15 | ||
| workarounds/testfilemonitor-Skip-if-we-are-avoiding-flaky-tests.patch | testfilemonitor: Skip if we are avoiding flaky tests See https://gitlab.gnome.org/GNOME/glib/issues/1634 |
Simon McVittie <smcv@debian.org> | no | 2020-02-25 | ||
| debian/girepository-Describe-the-Debian-specific-cross-prefixed-.patch | girepository: Describe the Debian-specific cross-prefixed names | Simon McVittie <smcv@debian.org> | not-needed | 2024-02-28 | ||
| gfileutils-Preserve-mode-during-atomic-updates.patch | gfileutils: Preserve mode during atomic updates If g_file_set_contents{_full,} is replacing an existing file, require that the tmpfile have the same mode as the existing file. This prevents the umask from taking effect for consistent writes to existing files. Closes GNOME/dconf#76 (cherry picked from commit 3cc0c0de33bc4b461e89b05d142e1ecf5f474317) it seems reasonable to keep it for trixie anyway https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4608 |
Wesley Hershberger <wesley.hershberger@canonical.com> | no | upstream glib-2-84 branch, after 2.84.1 | 2025-04-22 | |
| workarounds/Skip-test-which-performs-some-unreliable-floating-point-c.patch | Skip test which performs some unreliable floating point comparisons [smcv: Modified to use g_test_skip() instead of omitting those test cases completely, and allow them to be re-enabled with a Debian-specific environment variable] |
Iain Lane <laney@debian.org> | no | upstream | 2014-03-18 | |
| 01_gettext-desktopfiles.patch | Call gettext if .desktop file does not have inline translations Patch from OpenSUSE via Ubuntu, original author unknown. Martin Pitt and Vincent Untz appear to be the main authors. Reworked slightly by Philip Withnall to avoid exposing new public API for the non-standard keys. |
Philip Withnall <withnall@endlessm.com> | yes | upstream | 2017-11-23 | |
| debian/02_gettext-desktopfiles-ubuntu.patch | Provide backwards compatibility for 01_gettext-desktopfiles.patch for X-{Debian,Ubuntu}-Gettext-Domain Ubuntu-specific. 01_gettext-desktopfiles.patch was changed to use X-GNOME-, so this is necessary until all our .desktop files are converted. |
Martin Pitt <mpitt@debian.org> | no | 2009-02-24 | ||
| debian/03_disble_glib_compile_schemas_warning.patch | Disable confusing (to users) warning about deprecated schema paths Disable a warning when compiling schemas which are installed into 'deprecated' locations. Users see this very often due to glib-compile-schemas being called from libglib2.0-0's trigger and it is not very useful for them. |
Iain Lane <iain.lane@canonical.com> | not-needed | 2012-09-10 | ||
| debian/gdesktopappinfo-Try-using-x-terminal-emulator-for-Termina.patch | gdesktopappinfo: Try using x-terminal-emulator for Terminal=true apps Debian Policy provides x-terminal-emulator as an interface for launching a preferred terminal, for some definition of "preferred". However, the x-terminal-emulator alternative is a system-wide choice, so in situations where for example a GNOME user and a KDE user share a computer, only one of them can have the terminal that will match their desktop environment's appearance and behaviour conventions as the x-terminal-emulator. As a result, we still try to use a GTK-based terminal as a higher preference than x-terminal-emulator. This is done on the assumption that when apps are launched using GLib interfaces, they are most likely to have been launched from a GTK application or GTK-based desktop environment, and therefore a GTK-based terminal will be the best fit for the desktop environment's conventions and appearance. I've somewhat arbitrarily sorted x-terminal-emulator as less preferred than KDE's Konsole, but more preferred than rxvt and various xterm variants which are not associated with a particular desktop environment. |
Simon McVittie <smcv@debian.org> | not-needed | debian | 2023-02-04 | |
| workarounds/timer-test-use-volatile-for-locals.patch | timer test: use 'volatile' for locals GCC seems to be failing to follow the letter of the C spec by allowing extra precision in floating point values to persist across assignments which are optimised away. Force its hand by using 'volatile' on the locals in question. |
Ryan Lortie <desrt@desrt.ca> | yes | upstream | 2014-03-04 | |
| workarounds/Skip-unreliable-gdbus-threading-tests--by-default.patch | Skip unreliable gdbus-threading tests by default test_threaded_singleton() test to reproduce a race condition between last-unref of the global singleton GDBusConnection and g_bus_get_sync(). test_method_calls_in_thread() checks that multiple threads can all make method calls to the same proxy. However, test setup intermittently times out with: # GLib-GIO-DEBUG: run 0: refcount is 2, sleeping Bail out! GLib-GIO-FATAL-ERROR: connection had too many refs The current theory upstream is that this might be a reference leak in test_delivery_in_thread(). Furthermore, test teardown is now often failing when destroying the test bus. Demote these tests to be run as part of the "flaky" autopkgtests, but not at build time or in the part of the autopkgtest run that gates progress into testing. |
Simon McVittie <smcv@debian.org> | no | upstream | 2019-01-04 | |
| workarounds/gvariant-test-Don-t-run-at-build-time-on-mips.patch | gvariant test: Don't run at build-time on mips DEB_ALLOW_FLAKY_TESTS is not quite right here, because we don't know that the test would fail if left for long enough - the problem is that it doesn't get there, because generating random floating-point numbers is very slow on some of our mips hardware. However, it has the right practical effect. |
Simon McVittie <smcv@debian.org> | no | upstream | 2019-07-26 | |
| workarounds/gwakeuptest-Be-less-parallel-unless-invoked-with-m-slow.patch | gwakeuptest: Be less parallel unless invoked with -m slow This is a workaround for test failures on the reproducible-builds infrastructure, where a multi-threaded stress-test sometimes takes longer to finish on x86_64 than it would have done on slow architectures like arm and mips on the official Debian autobuilders. It is not clear why. This change will make this test more likely to pass, but less likely to detect bugs. |
Simon McVittie <smcv@debian.org> | no | debian | 2017-12-18 | |
| workarounds/closures-test-Skip-on-arm-unless-flaky-tests-are-allowed.patch | closures test: Skip on arm* unless flaky tests are allowed Choosing the right number of iterations to avoid either taking literally hours on some hardware, or getting spurious failures when one thread starves another, seems to be too hard to get right in practice. Make this test opt-in so that its failures aren't release-critical. We can run it as a separate autopkgtest that is marked flaky. |
Simon McVittie <smcv@debian.org> | not-needed | debian | 2019-01-03 | |
| workarounds/Disable-some-tests-on-slow-architectures-which-keep-faili.patch | Disable some tests on slow architectures which keep failing the tests [smcv: Modified to use g_test_skip() instead of omitting those test cases completely, and allow them to be re-enabled with a Debian-specific environment variable] |
Martin Pitt <martin.pitt@ubuntu.com> | no | 2012-09-27 | ||
| gconvert-Error-out-if-g_escape_uri_string-would-overflow.patch | gconvert: Error out if g_escape_uri_string() would overflow If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string. In addition to that, the number of unacceptable characters was counted in a signed integer, which would overflow to become negative, making it easier for an attacker to craft an input string which would cause an out-of-bounds write. Fix that by validating the allocation length, and using an unsigned integer to count the number of unacceptable characters. Spotted by treeplus. Thanks to the Sovereign Tech Resilience programme from the Sovereign Tech Agency. ID: #YWH-PGM9867-134 Backport 2.86: Changed the translatable error message to re-use an existing translatable string, to avoid adding new translatable strings to a stable branch. The re-used string doesn’t perfectly match the error, but it’s good enough given that no users will ever see it. |
Philip Withnall <pwithnall@gnome.org> | yes | debian upstream | upstream, 2.86.3, commit:9bcd65ba5fa1b92ff0fb8380faea335ccef56253 | 2025-11-13 |
| fuzzing-Add-fuzz-tests-for-g_filename_-to-from-_uri.patch | fuzzing: Add fuzz tests for g_filename_{to,from}_uri() These functions could be called on untrusted input data, and since they do URI escaping/unescaping, they have non-trivial string handling code. |
Philip Withnall <pwithnall@gnome.org> | yes | debian upstream | upstream, 2.86.3, commit:7e5489cb921d0531ee4ebc9938da30a02084b2fa | 2025-11-13 |
| gvariant-parser-Fix-potential-integer-overflow-parsing-by.patch | gvariant-parser: Fix potential integer overflow parsing (byte)strings The termination condition for parsing string and bytestring literals in GVariant text format input was subject to an integer overflow for input string (or bytestring) literals longer than `INT_MAX`. Fix that by counting as a `size_t` rather than as an `int`. The counter can never correctly be negative. Spotted by treeplus. Thanks to the Sovereign Tech Resilience programme from the Sovereign Tech Agency. ID: #YWH-PGM9867-145 |
Philip Withnall <pwithnall@gnome.org> | yes | debian upstream | upstream, 2.86.3, commit:3e72fe0fbb32c18a66486c4da8bc851f656af287 | 2025-11-25 |
| gvariant-parser-Use-size_t-to-count-numbers-of-child-elem.patch | gvariant-parser: Use size_t to count numbers of child elements Rather than using `gint`, which could overflow for arrays (or dicts, or tuples) longer than `INT_MAX`. There may be other limits which prevent parsed containers becoming that long, but we might as well make the type system reflect the programmer’s intention as best it can anyway. For arrays and tuples this is straightforward. For dictionaries, it’s slightly complicated by the fact that the code used `dict->n_children == -1` to indicate that the `Dictionary` struct in question actually represented a single freestanding dict entry. In GVariant text format, that would be `{1, "one"}`. The implementation previously didn’t define the semantics of `dict->n_children < -1`. Now, instead, change `Dictionary.n_children` to `size_t`, and define a magic value `DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY` to indicate that the `Dictionary` represents a single freestanding dict entry. This magic value is `SIZE_MAX`, and given that a dictionary entry takes more than one byte to represent in GVariant text format, that means it’s not possible to have that many entries in a parsed dictionary, so this magic value won’t be hit by a normal dictionary. An assertion checks this anyway. Spotted while working on #3834. |
Philip Withnall <pwithnall@gnome.org> | yes | debian upstream | upstream, 2.86.3, commit:6fe481cec709ec65b5846113848723bc25a8782a | 2025-11-25 |
| gvariant-parser-Convert-error-handling-code-to-use-size_t.patch | gvariant-parser: Convert error handling code to use size_t The error handling code allows for printing out the range of input bytes related to a parsing error. This was previously done using `gint`, but the input could be longer than `INT_MAX`, so it should really be done using `size_t`. Spotted while working on #3834. |
Philip Withnall <pwithnall@gnome.org> | yes | debian upstream | upstream, 2.86.3, commit:dd333a40aa95819720a01caf6de564cd8a4a6310 | 2025-11-25 |
| gfileattribute-Fix-integer-overflow-calculating-escaping-.patch | gfileattribute: Fix integer overflow calculating escaping for byte strings The number of invalid characters in the byte string (characters which would have to be percent-encoded) was only stored in an `int`, which gave the possibility of a long string largely full of invalid characters overflowing this and allowing an attacker-controlled buffer size to be allocated. This could be triggered by an attacker controlled file attribute (of type `G_FILE_ATTRIBUTE_TYPE_BYTE_STRING`), such as `G_FILE_ATTRIBUTE_THUMBNAIL_PATH` or `G_FILE_ATTRIBUTE_STANDARD_NAME`, being read by user code. Spotted by Codean Labs. |
Philip Withnall <pwithnall@gnome.org> | yes | debian upstream | upstream, 2.86.3, commit:4f0399c0aaf3ffc86b5625424580294bc7460404 | 2025-12-04 |
All known versions for source package 'glib2.0'
- 2.87.1-1 (experimental)
- 2.86.3-4 (sid, forky)
- 2.84.4-3~deb13u2 (trixie)
- 2.84.3-1 (trixie-security)
- 2.74.6-2+deb12u8 (bookworm)
- 2.74.6-2+deb12u6 (bookworm-backports, bookworm-security)