dist-git conversion

#2781)

.cvsignore

@@ -1 +0,0 @@
-glib-2.18.2.tar.bz2

.gitignore

@@ -0,0 +1 @@
+glib-2.18.4.tar.bz2

Makefile

@@ -1,21 +0,0 @@
-# Makefile for source rpm: glib2
-# $Id: Makefile,v 1.2 2005/11/15 18:51:53 mclasen Exp $
-NAME := glib2
-SPECFILE = $(firstword $(wildcard *.spec))
-
-define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
-endef
-
-MAKEFILE_COMMON := $(shell $(find-makefile-common))
-
-ifeq ($(MAKEFILE_COMMON),)
-# attempt a checkout
-define checkout-makefile-common
-test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
-endef
-
-MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
-endif
-
-include $(MAKEFILE_COMMON)

glib-2.17.4-gio-guess-content-sync.patch

@@ -1,139 +0,0 @@
---- trunk/docs/reference/gio/gio-sections.txt	2008/07/24 01:13:33	7251
-+++ trunk/docs/reference/gio/gio-sections.txt	2008/07/24 21:21:22	7252
-@@ -816,6 +816,7 @@
- g_mount_eject_finish
- g_mount_guess_content_type
- g_mount_guess_content_type_finish
-+g_mount_guess_content_type_sync
- <SUBSECTION Standard>
- G_IS_MOUNT
- G_MOUNT
---- trunk/gio/gio.symbols	2008/07/24 01:13:33	7251
-+++ trunk/gio/gio.symbols	2008/07/24 21:21:22	7252
-@@ -718,6 +718,7 @@
- g_mount_remount_finish 
- g_mount_guess_content_type
- g_mount_guess_content_type_finish
-+g_mount_guess_content_type_sync
- #endif
- #endif
- 
---- trunk/gio/gmount.c	2008/07/24 01:13:33	7251
-+++ trunk/gio/gmount.c	2008/07/24 21:21:22	7252
-@@ -570,9 +570,10 @@
-  * memory cards. See the <ulink url="http://www.freedesktop.org/wiki/Specifications/shared-mime-info-spec">shared-mime-info</ulink>
-  * specification for more on x-content types.
-  *
-- * This is an asynchronous operation, and is finished by calling 
-- * g_mount_guess_content_type_finish() with the @mount and #GAsyncResult 
-- * data returned in the @callback. 
-+ * This is an asynchronous operation (see
-+ * g_mount_guess_content_type_sync() for the synchronous version), and
-+ * is finished by calling g_mount_guess_content_type_finish() with the
-+ * @mount and #GAsyncResult data returned in the @callback.
-  *
-  * Since: 2.18
-  */
-@@ -644,6 +645,55 @@
-   return (* iface->guess_content_type_finish) (mount, result, error);
- }
- 
-+/**
-+ * g_mount_guess_content_type_sync:
-+ * @mount: a #GMount
-+ * @force_rescan: Whether to force a rescan of the content.
-+ *     Otherwise a cached result will be used if available
-+ * @cancellable: optional #GCancellable object, %NULL to ignore
-+ * @error: a #GError location to store the error occuring, or %NULL to
-+ *     ignore
-+ *
-+ * Tries to guess the type of content stored on @mount. Returns one or
-+ * more textual identifiers of well-known content types (typically
-+ * prefixed with "x-content/"), e.g. x-content/image-dcf for camera 
-+ * memory cards. See the <ulink url="http://www.freedesktop.org/wiki/Specifications/shared-mime-info-spec">shared-mime-info</ulink>
-+ * specification for more on x-content types.
-+ *
-+ * This is an synchronous operation and as such may block doing IO;
-+ * see g_mount_guess_content_type() for the asynchronous version.
-+ *
-+ * Returns: a %NULL-terminated array of content types or %NULL on error.
-+ *     Caller should free this array with g_strfreev() when done with it.
-+ *
-+ * Since: 2.18
-+ */
-+char **
-+g_mount_guess_content_type_sync (GMount              *mount,
-+                                 gboolean             force_rescan,
-+                                 GCancellable        *cancellable,
-+                                 GError             **error)
-+{
-+  GMountIface *iface;
-+
-+  g_return_val_if_fail (G_IS_MOUNT (mount), NULL);
-+
-+  iface = G_MOUNT_GET_IFACE (mount);
-+
-+  if (iface->guess_content_type_sync == NULL)
-+    {
-+      g_set_error_literal (error,
-+                           G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
-+                           /* Translators: This is an error
-+                            * message for mount objects that
-+                            * don't implement content type guessing. */
-+                           _("mount doesn't implement synchronous content type guessing"));
-+
-+      return NULL;
-+    }
-+
-+  return (* iface->guess_content_type_sync) (mount, force_rescan, cancellable, error);
-+}
- 
- #define __G_MOUNT_C__
- #include "gioaliasdef.c"
---- trunk/gio/gmount.h	2008/07/24 01:13:33	7251
-+++ trunk/gio/gmount.h	2008/07/24 21:21:22	7252
-@@ -119,6 +119,11 @@
-   gchar **           (*guess_content_type_finish) (GMount              *mount,
-                                                    GAsyncResult        *result,
-                                                     GError             **error); 
-+
-+  gchar **           (*guess_content_type_sync) (GMount              *mount,
-+                                                 gboolean             force_rescan,
-+                                                 GCancellable        *cancellable,
-+                                                 GError             **error);
- };
- 
- GType g_mount_get_type (void) G_GNUC_CONST;
-@@ -166,6 +171,11 @@
-                                                  GAsyncResult        *result,
-                                                  GError             **error);
- 
-+gchar **      g_mount_guess_content_type_sync (GMount              *mount,
-+                                               gboolean             force_rescan,
-+                                               GCancellable        *cancellable,
-+                                               GError             **error);
-+
- G_END_DECLS
- 
- #endif /* __G_MOUNT_H__ */
---- trunk/configure.in	2008/07/21 17:56:17	7234
-+++ trunk/configure.in	2008/07/21 18:07:55	7236
-@@ -23,7 +23,7 @@
- #
- m4_define([glib_major_version], [2])
- m4_define([glib_minor_version], [17])
--m4_define([glib_micro_version], [4])
-+m4_define([glib_micro_version], [5])
- m4_define([glib_interface_age], [0])
- m4_define([glib_binary_age],
-           [m4_eval(100 * glib_minor_version + glib_micro_version)])
---- trunk/tests/Makefile.am	2008/07/20 02:09:05	7209
-+++ trunk/tests/Makefile.am	2008/07/23 16:22:32	7243
-@@ -186,7 +186,6 @@
- module_test_LDFLAGS = $(G_MODULE_LDFLAGS)
- node_test_LDADD = $(progs_ldadd)
- onceinit_LDADD = $(thread_ldadd)
--option_test_LDADD = $(progs_ldadd)
- printf_test_LDADD = $(progs_ldadd)
- queue_test_LDADD = $(progs_ldadd)
- asyncqueue_test_LDADD = $(thread_ldadd)

glib-2.18.2-no-generic-icons.patch

@@ -1,19 +0,0 @@
-Index: gio/glocalfileinfo.c
-===================================================================
---- gio/glocalfileinfo.c	(revision 7620)
-+++ gio/glocalfileinfo.c	(revision 7621)
-@@ -1577,12 +1577,8 @@ _g_local_file_info_get (const char      
- 
-                       if (S_ISDIR (statbuf.st_mode)) 
-                         type_icon = "folder";
--                      else if (statbuf.st_mode & S_IXUSR)
--                        type_icon = "application-x-executable";
--                      else
--                        type_icon = "text-x-generic";
--
--                      g_themed_icon_append_name (G_THEMED_ICON (icon), type_icon);
-+                      if (type_icon)
-+                        g_themed_icon_append_name (G_THEMED_ICON (icon), type_icon);
-                     }
-                 }
- 

glib2-CVE-2008-4316.patch

@@ -0,0 +1,62 @@
+--- glib/gbase64.c.orig	2008-12-04 12:07:21.000000000 +0100
++++ glib/gbase64.c	2009-01-12 14:08:31.000000000 +0100
+@@ -54,8 +54,9 @@ static const char base64_alphabet[] =
+  *
+  * The output buffer must be large enough to fit all the data that will
+  * be written to it. Due to the way base64 encodes you will need
+- * at least: @len * 4 / 3 + 6 bytes. If you enable line-breaking you will
+- * need at least: @len * 4 / 3 + @len * 4 / (3 * 72) + 7 bytes.
++ * at least: (@len / 3 + 1) * 4 + 4 bytes (+ 4 may be needed in case of
++ * non-zero state). If you enable line-breaking you will need at least:
++ * ((@len / 3 + 1) * 4 + 4) / 72 + 1 bytes of extra space.
+  *
+  * @break_lines is typically used when putting base64-encoded data in emails.
+  * It breaks the lines at 72 columns instead of putting all of the text on 
+@@ -233,8 +234,14 @@ g_base64_encode (const guchar *data, 
+   g_return_val_if_fail (data != NULL, NULL);
+   g_return_val_if_fail (len > 0, NULL);
+ 
+-  /* We can use a smaller limit here, since we know the saved state is 0 */
+-  out = g_malloc (len * 4 / 3 + 4);
++  /* We can use a smaller limit here, since we know the saved state is 0,
++     +1 is needed for trailing \0, also check for unlikely integer overflow */
++  if (len >= ((G_MAXSIZE - 1) / 4 - 1) * 3)
++    g_error("%s: input too large for Base64 encoding (%"G_GSIZE_FORMAT" chars)",
++        G_STRLOC, len);
++
++  out = g_malloc ((len / 3 + 1) * 4 + 1);
++
+   outlen = g_base64_encode_step (data, len, FALSE, out, &state, &save);
+   outlen += g_base64_encode_close (FALSE, out + outlen, &state, &save);
+   out[outlen] = '\0';
+@@ -275,7 +282,8 @@ static const unsigned char mime_base64_r
+  *
+  * The output buffer must be large enough to fit all the data that will
+  * be written to it. Since base64 encodes 3 bytes in 4 chars you need
+- * at least: @len * 3 / 4 bytes.
++ * at least: (@len / 4) * 3 + 3 bytes (+ 3 may be needed in case of non-zero
++ * state).
+  * 
+  * Return value: The number of bytes of output that was written
+  *
+@@ -358,7 +366,8 @@ g_base64_decode (const gchar *text,
+ 		 gsize       *out_len)
+ {
+   guchar *ret;
+-  gint input_length, state = 0;
++  gsize input_length;
++  gint state = 0;
+   guint save = 0;
+   
+   g_return_val_if_fail (text != NULL, NULL);
+@@ -368,7 +377,9 @@ g_base64_decode (const gchar *text,
+ 
+   g_return_val_if_fail (input_length > 1, NULL);
+ 
+-  ret = g_malloc0 (input_length * 3 / 4);
++  /* We can use a smaller limit here, since we know the saved state is 0,
++     +1 used to avoid calling g_malloc0(0), and hence retruning NULL */
++  ret = g_malloc0 ((input_length / 4) * 3 + 1);
+   
+   *out_len = g_base64_decode_step (text, input_length, ret, &state, &save);
+   

glib2.spec

@@ -2,8 +2,8 @@
 
 Summary: A library of handy utility functions
 Name: glib2
-Version: 2.18.2
-Release: 3%{?dist}
+Version: 2.18.4
+Release: 2%{?dist}
 License: LGPLv2+
 Group: System Environment/Libraries
 URL: http://www.gtk.org
@@ -22,11 +22,11 @@ BuildRequires: glibc-devel
 # https://bugzilla.redhat.com/show_bug.cgi?id=442835
 # http://bugzilla.gnome.org/show_bug.cgi?id=528670
 Patch2: gio-2.18-always-pass-fuse-file-uri.patch
-# http://bugzilla.gnome.org/show_bug.cgi?id=528320 (from svn)
-Patch3: glib-2.18.2-no-generic-icons.patch
 
 Patch4: glib-i386-atomic.patch
 
+Patch5: glib2-CVE-2008-4316.patch
+
 # this patch requires autoreconf
 BuildRequires: autoconf automake libtool gettext-devel gtk-doc
 
@@ -62,9 +62,10 @@ of version 2 of the GLib library.
 %prep
 %setup -q -n glib-%{version}
 %patch2 -p1 -b .always-pass-fuse-file-uri
-%patch3 -p0 -b .no-generic-icons
 %patch4 -p1 -b .i386-atomic
+%patch5 -p0 -b .CVE-2008-4316
 
+libtoolize --force --copy
 autoreconf
 
 %build
@@ -140,6 +141,15 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/lib*.a
 
 %changelog
+* Thu Mar 12 2009 Matthias Clasen <mclasen@redhat.com> - 2.18.4-2
+- Fix integer overflows in the base64 handling functions. CVE-2008-4316
+
+* Fri Jan  9 2009 Matthias Clasen <mclasen@redhat.com> - 2.18.4-1
+- Update to 2.18.4
+
+* Mon Nov 24 2008 Matthias Clasen <mclasen@redhat.com> - 2.18.3-2
+- Update to 2.18.3
+
 * Mon Oct 27 2008 Matthias Clasen <mclasen@redhat.com> - 2.18.2-3
 - Use asm implementation for atomic ops on x86
 

sources

@@ -1 +1 @@
-d11a5cc5e08cff53349a3481816fdaff  glib-2.18.2.tar.bz2
+ec25ed261534d870141000ab73f1a2bf  glib-2.18.4.tar.bz2

statfs-check.patch

@@ -1,78 +0,0 @@
-diff -up glib-2.17.4/configure.in.statfs-check glib-2.17.4/configure.in
---- glib-2.17.4/configure.in.statfs-check	2008-07-21 18:24:45.000000000 -0400
-+++ glib-2.17.4/configure.in	2008-07-21 18:25:19.000000000 -0400
-@@ -847,6 +847,7 @@ AC_CHECK_HEADERS([mntent.h sys/mnttab.h 
- AC_CHECK_MEMBERS([struct stat.st_mtimensec, struct stat.st_mtim.tv_nsec, struct stat.st_atimensec, struct stat.st_atim.tv_nsec, struct stat.st_ctimensec, struct stat.st_ctim.tv_nsec])
- AC_CHECK_MEMBERS([struct stat.st_blksize, struct stat.st_blocks, struct statfs.f_fstypename, struct statfs.f_bavail],,, [#include <sys/types.h>
- #include <sys/stat.h>
-+#include <sys/statfs.h>
- #include <unistd.h>
- #ifdef HAVE_SYS_PARAM_H
- #include <sys/param.h>
-diff -up glib-2.17.4/configure.statfs-check glib-2.17.4/configure
---- glib-2.17.4/configure.statfs-check	2008-07-21 18:25:36.000000000 -0400
-+++ glib-2.17.4/configure	2008-07-21 18:25:47.000000000 -0400
-@@ -33300,6 +33300,7 @@ cat >>conftest.$ac_ext <<_ACEOF
- /* end confdefs.h.  */
- #include <sys/types.h>
- #include <sys/stat.h>
-+#include <sys/statfs.h>
- #include <unistd.h>
- #ifdef HAVE_SYS_PARAM_H
- #include <sys/param.h>
-@@ -33349,6 +33350,7 @@ cat >>conftest.$ac_ext <<_ACEOF
- /* end confdefs.h.  */
- #include <sys/types.h>
- #include <sys/stat.h>
-+#include <sys/statfs.h>
- #include <unistd.h>
- #ifdef HAVE_SYS_PARAM_H
- #include <sys/param.h>
-@@ -33421,6 +33423,7 @@ cat >>conftest.$ac_ext <<_ACEOF
- /* end confdefs.h.  */
- #include <sys/types.h>
- #include <sys/stat.h>
-+#include <sys/statfs.h>
- #include <unistd.h>
- #ifdef HAVE_SYS_PARAM_H
- #include <sys/param.h>
-@@ -33470,6 +33473,7 @@ cat >>conftest.$ac_ext <<_ACEOF
- /* end confdefs.h.  */
- #include <sys/types.h>
- #include <sys/stat.h>
-+#include <sys/statfs.h>
- #include <unistd.h>
- #ifdef HAVE_SYS_PARAM_H
- #include <sys/param.h>
-@@ -33542,6 +33546,7 @@ cat >>conftest.$ac_ext <<_ACEOF
- /* end confdefs.h.  */
- #include <sys/types.h>
- #include <sys/stat.h>
-+#include <sys/statfs.h>
- #include <unistd.h>
- #ifdef HAVE_SYS_PARAM_H
- #include <sys/param.h>
-@@ -33591,6 +33596,7 @@ cat >>conftest.$ac_ext <<_ACEOF
- /* end confdefs.h.  */
- #include <sys/types.h>
- #include <sys/stat.h>
-+#include <sys/statfs.h>
- #include <unistd.h>
- #ifdef HAVE_SYS_PARAM_H
- #include <sys/param.h>
-@@ -33663,6 +33669,7 @@ cat >>conftest.$ac_ext <<_ACEOF
- /* end confdefs.h.  */
- #include <sys/types.h>
- #include <sys/stat.h>
-+#include <sys/statfs.h>
- #include <unistd.h>
- #ifdef HAVE_SYS_PARAM_H
- #include <sys/param.h>
-@@ -33712,6 +33719,7 @@ cat >>conftest.$ac_ext <<_ACEOF
- /* end confdefs.h.  */
- #include <sys/types.h>
- #include <sys/stat.h>
-+#include <sys/statfs.h>
- #include <unistd.h>
- #ifdef HAVE_SYS_PARAM_H
- #include <sys/param.h>