Merge Official Source

Signed-off-by: Tianling Shen <[email protected]>
immortalwrt · Sep 19, 2024 · e46e6e3 · e46e6e3
2 parents a249114 + 67dccdd
commit e46e6e3
Show file tree

Hide file tree

Showing 39 changed files with 3,346 additions and 54 deletions.
diff --git a/lang/php8/Makefile b/lang/php8/Makefile
@@ -6,7 +6,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=php
-PKG_VERSION:=8.2.22
+PKG_VERSION:=8.2.23
 PKG_RELEASE:=1
 
 PKG_MAINTAINER:=Michael Heimpold <[email protected]>
@@ -16,7 +16,7 @@ PKG_CPE_ID:=cpe:/a:php:php
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://www.php.net/distributions/
-PKG_HASH:=8566229bc88ad1f4aadc10700ab5fbcec81587c748999d985f11cf3b745462df
+PKG_HASH:=81c5ae6ba44e262a076349ee54a2e468638a4571085d80bff37f6fd308e1d8d5
 
 PKG_BUILD_PARALLEL:=1
 PKG_BUILD_FLAGS:=no-mips16

diff --git a/lang/php8/patches/0007-Add-support-for-use-of-the-system-timezone-database.patch b/lang/php8/patches/0007-Add-support-for-use-of-the-system-timezone-database.patch
@@ -62,9 +62,9 @@ r1: initial revision
 +   fi
 +fi
 +
- PHP_DATE_CFLAGS="-Wno-implicit-fallthrough -I@ext_builddir@/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -DHAVE_TIMELIB_CONFIG_H=1"
- timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c lib/parse_posix.c
-                  lib/timelib.c lib/tm2unixtime.c lib/unixtime2tm.c lib/parse_iso_intervals.c lib/interval.c"
+ AX_CHECK_COMPILE_FLAG([-Wno-implicit-fallthrough],
+   [PHP_DATE_CFLAGS="$PHP_DATE_CFLAGS -Wno-implicit-fallthrough"],,
+   [-Werror])
 --- a/ext/date/lib/parse_tz.c
 +++ b/ext/date/lib/parse_tz.c
 @@ -26,9 +26,22 @@

diff --git a/libs/glib2/Makefile b/libs/glib2/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=glib2
-PKG_VERSION:=2.74.0
-PKG_RELEASE:=5
+PKG_VERSION:=2.74.7
+PKG_RELEASE:=1
 
 PKG_SOURCE:=glib-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@GNOME/glib/$(basename $(PKG_VERSION))
-PKG_HASH:=3652c7f072d7b031a6b5edd623f77ebc5dcd2ae698598abcc89ff39ca75add30
+PKG_HASH:=196ab86c27127a61b7a70c3ba6af7b97bdc01c07cd3b21abd5e778b955eccb1b
 
 PKG_MAINTAINER:=Peter Wagner <[email protected]>
 PKG_LICENSE:=LGPL-2.1-or-later

diff --git a/libs/glib2/patches/006-c99.patch b/libs/glib2/patches/006-c99.patch
@@ -1,6 +1,6 @@
 --- a/meson.build
 +++ b/meson.build
-@@ -1045,7 +1045,7 @@ if host_system == 'windows' and (cc.get_
+@@ -1062,7 +1062,7 @@ if host_system == 'windows' and (cc.get_
    glib_conf.set('HAVE_C99_SNPRINTF', false)
    glib_conf.set('HAVE_C99_VSNPRINTF', false)
    glib_conf.set('HAVE_UNIX98_PRINTF', false)

diff --git a/libs/glib2/patches/010-pcre.patch b/libs/glib2/patches/010-pcre.patch
@@ -1,6 +1,6 @@
 --- a/glib/meson.build
 +++ b/glib/meson.build
-@@ -365,6 +365,7 @@ pcre2_static_args = []
+@@ -366,6 +366,7 @@ pcre2_static_args = []
 
  if use_pcre2_static_flag
    pcre2_static_args = ['-DPCRE2_STATIC']

diff --git a/libs/glib2/patches/020-locale.patch b/libs/glib2/patches/020-locale.patch
@@ -12,9 +12,9 @@ https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2797
 
 --- a/gobject/glib-mkenums.in
 +++ b/gobject/glib-mkenums.in
-@@ -19,6 +19,9 @@ import errno
- import codecs
- import locale
+@@ -22,6 +22,9 @@ import locale
+ # Non-english locale systems might complain to unrecognized character
+ sys.stdout = io.TextIOWrapper(sys.stdout.detach(), encoding='utf-8')
 
 +# Non-english locale systems might complain to unrecognized character
 +sys.stdout = io.TextIOWrapper(sys.stdout.detach(), encoding='utf-8')

diff --git a/libs/glib2/patches/100-CVE-2024-34397-gdbusmessage-Cache-the-arg0-value.patch b/libs/glib2/patches/100-CVE-2024-34397-gdbusmessage-Cache-the-arg0-value.patch
@@ -0,0 +1,120 @@
+From: Philip Withnall <[email protected]>
+Date: Tue, 28 Nov 2023 12:58:20 +0000
+Subject: gdbusmessage: Cache the arg0 value
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Technically we can’t rely on it being kept alive by the `message->body`
+pointer, unless we can guarantee that the `GVariant` is always
+serialised. That’s not necessarily the case, so keep a separate ref on
+the arg0 value at all times.
+
+This avoids a potential use-after-free.
+
+Spotted by Thomas Haller in
+https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3720#note_1924707.
+
+[This is a prerequisite for having tests pass after fixing the
+vulnerability described in glib#3268, because after fixing that
+vulnerability, the use-after-free genuinely does happen during
+regression testing. -smcv]
+
+Signed-off-by: Philip Withnall <[email protected]>
+
+Helps: #3183, #3268
+(cherry picked from commit 10e9a917be7fb92b6b27837ef7a7f1d0be6095d5)
+Origin: upstream, commit:https://gitlab.gnome.org/GNOME/glib/-/commit/10e9a917be7fb92b6b27837ef7a7f1d0be6095d5
+---
+ gio/gdbusmessage.c | 35 ++++++++++++++++++++++-------------
+ 1 file changed, 22 insertions(+), 13 deletions(-)
+
+--- a/gio/gdbusmessage.c
++++ b/gio/gdbusmessage.c
+@@ -508,6 +508,7 @@ struct _GDBusMessage
+   guint32 serial;
+   GHashTable *headers;
+   GVariant *body;
++  GVariant *arg0_cache;  /* (nullable) (owned) */
+ #ifdef G_OS_UNIX
+   GUnixFDList *fd_list;
+ #endif
+@@ -530,6 +531,7 @@ g_dbus_message_finalize (GObject *object
+     g_hash_table_unref (message->headers);
+   if (message->body != NULL)
+     g_variant_unref (message->body);
++  g_clear_pointer (&message->arg0_cache, g_variant_unref);
+ #ifdef G_OS_UNIX
+   if (message->fd_list != NULL)
+     g_object_unref (message->fd_list);
+@@ -1165,6 +1167,7 @@ g_dbus_message_set_body (GDBusMessage  *
+   if (body == NULL)
+     {
+       message->body = NULL;
++      message->arg0_cache = NULL;
+       g_dbus_message_set_signature (message, NULL);
+     }
+   else
+@@ -1175,6 +1178,12 @@ g_dbus_message_set_body (GDBusMessage  *
+
+       message->body = g_variant_ref_sink (body);
+
++      if (g_variant_is_of_type (message->body, G_VARIANT_TYPE_TUPLE) &&
++          g_variant_n_children (message->body) > 0)
++        message->arg0_cache = g_variant_get_child_value (message->body, 0);
++      else
++        message->arg0_cache = NULL;
++
+       type_string = g_variant_get_type_string (body);
+       type_string_len = strlen (type_string);
+       g_assert (type_string_len >= 2);
+@@ -2327,6 +2336,14 @@ g_dbus_message_new_from_blob (guchar
+                                                  2,
+                                                  &local_error);
+           g_variant_type_free (variant_type);
++
++          if (message->body != NULL &&
++              g_variant_is_of_type (message->body, G_VARIANT_TYPE_TUPLE) &&
++              g_variant_n_children (message->body) > 0)
++            message->arg0_cache = g_variant_get_child_value (message->body, 0);
++          else
++            message->arg0_cache = NULL;
++
+           if (message->body == NULL)
+             goto fail;
+         }
+@@ -3366,22 +3383,13 @@ g_dbus_message_set_signature (GDBusMessa
+ const gchar *
+ g_dbus_message_get_arg0 (GDBusMessage  *message)
+ {
+-  const gchar *ret;
+-
+   g_return_val_if_fail (G_IS_DBUS_MESSAGE (message), NULL);
+
+-  ret = NULL;
++  if (message->arg0_cache != NULL &&
++      g_variant_is_of_type (message->arg0_cache, G_VARIANT_TYPE_STRING))
++    return g_variant_get_string (message->arg0_cache, NULL);
+
+-  if (message->body != NULL && g_variant_is_of_type (message->body, G_VARIANT_TYPE_TUPLE))
+-    {
+-      GVariant *item;
+-      item = g_variant_get_child_value (message->body, 0);
+-      if (g_variant_is_of_type (item, G_VARIANT_TYPE_STRING))
+-        ret = g_variant_get_string (item, NULL);
+-      g_variant_unref (item);
+-    }
+-
+-  return ret;
++  return NULL;
+ }
+
+ /* ---------------------------------------------------------------------------------------------------- */
+@@ -3824,6 +3832,7 @@ g_dbus_message_copy (GDBusMessage  *mess
+    * to just ref (as opposed to deep-copying) the GVariant instances
+    */
+   ret->body = message->body != NULL ? g_variant_ref (message->body) : NULL;
++  ret->arg0_cache = message->arg0_cache != NULL ? g_variant_ref (message->arg0_cache) : NULL;
+   g_hash_table_iter_init (&iter, message->headers);
+   while (g_hash_table_iter_next (&iter, &header_key, (gpointer) &header_value))
+     g_hash_table_insert (ret->headers, header_key, g_variant_ref (header_value));
diff --git a/...2/patches/101-CVE-2024-34397-gdbusconnection-Make-a-backport-of-g_set_str-available.patch b/...2/patches/101-CVE-2024-34397-gdbusconnection-Make-a-backport-of-g_set_str-available.patch
@@ -0,0 +1,50 @@
+From: Simon McVittie <[email protected]>
+Date: Wed, 1 May 2024 15:51:42 +0100
+Subject: gdbusconnection: Make a backport of g_set_str() available
+
+A subsequent commit will need this. Copying all of g_set_str() into a
+private header seems cleaner than replacing the call to it.
+
+Helps: GNOME/glib#3268
+Signed-off-by: Simon McVittie <[email protected]>
+Origin: upstream, https://gitlab.gnome.org/GNOME/glib/-/issues/3268
+---
+ gio/gdbusconnection.c |  1 +
+ glib/glib-private.h   | 18 ++++++++++++++++++
+ 2 files changed, 19 insertions(+)
+
+--- a/gio/gdbusconnection.c
++++ b/gio/gdbusconnection.c
+@@ -97,6 +97,7 @@
+ #include <stdlib.h>
+ #include <string.h>
+
++#include "glib-private.h"
+ #include "gdbusauth.h"
+ #include "gdbusutils.h"
+ #include "gdbusaddress.h"
+--- a/glib/glib-private.h
++++ b/glib/glib-private.h
+@@ -210,4 +210,22 @@ GLibPrivateVTable *glib__private__ (void
+ # define GLIB_DEFAULT_LOCALE ""
+ #endif
+
++/* Backported from GLib 2.78.x, where it is public API in gstrfuncs.h */
++static inline gboolean
++g_set_str (char       **str_pointer,
++           const char  *new_str)
++{
++  char *copy;
++
++  if (*str_pointer == new_str ||
++      (*str_pointer && new_str && strcmp (*str_pointer, new_str) == 0))
++    return FALSE;
++
++  copy = g_strdup (new_str);
++  g_free (*str_pointer);
++  *str_pointer = copy;
++
++  return TRUE;
++}
++
+ #endif /* __GLIB_PRIVATE_H__ */