- Fix CVE-2021-27218: An issue was discovered in GNOME GLib before
2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called
with a buffer of 4GB or more on a 64-bit platform, the length would be
truncated modulo 2**32, causing unintended length truncation.
- Fix CVE-2021-27219: An issue was discovered in GNOME GLib before
2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an
integer overflow on 64-bit platforms due to an implicit cast from 64
bits to 32 bits. The overflow could potentially lead to memory
corruption.
https://gitlab.gnome.org/GNOME/glib/-/blob/2.66.7/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
@@ -1,4 +1,4 @@
-project('glib', 'c', 'cpp',
+project('glib', 'c',
- version : '2.66.3',
+ version : '2.66.7',
# NOTE: We keep this pinned at 0.49 because that's what Debian 10 ships
meson_version : '>= 0.49.2',
@@ -10,7 +10,6 @@ project('glib', 'c', 'cpp',
-# https://download.gnome.org/sources/glib/2.66/glib-2.66.3.sha256sum
-sha256 79f31365a99cb1cc9db028625635d1438890702acde9e2802eae0acebcf7b5b1 glib-2.66.3.tar.xz
+# https://download.gnome.org/sources/glib/2.66/glib-2.66.7.sha256sum
+sha256 09f158769f6f26b31074e15b1ac80ec39b13b53102dfae66cfe826fb2cc65502 glib-2.66.7.tar.xz
# License files, locally calculated
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING
################################################################################
LIBGLIB2_VERSION_MAJOR = 2.66
-LIBGLIB2_VERSION = $(LIBGLIB2_VERSION_MAJOR).3
+LIBGLIB2_VERSION = $(LIBGLIB2_VERSION_MAJOR).7
LIBGLIB2_SOURCE = glib-$(LIBGLIB2_VERSION).tar.xz
LIBGLIB2_SITE = http://ftp.gnome.org/pub/gnome/sources/glib/$(LIBGLIB2_VERSION_MAJOR)
LIBGLIB2_LICENSE = LGPL-2.1+
projects / buildroot.git / commitdiff