glib/ghash.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 ghash: fix entry_is_big for cheri architecture

The entry_is_big function checks if an entry fits into a so-called
small entry, i.e. into a guint. This optimizes space for hash tables
on 64 bit system with hash tables containing 32 bit entries.

This code actually checks if the highest 32 bits are set, which would
become an issue with CHERI and its 128 bit pointers.

Bug: https://gitlab.gnome.org/GNOME/glib/-/issues/2842

glib/ghash.c | 20 13 + 7 - 0 !
1 file changed, 13 insertions(+), 7 deletions(-)

 ghash: handle all table sizes in iterator

A table size of 2**31 cannot be represented in a gint. Adjust
RealIter to use a guint for its current position to support the largest
power of two possible for a hash table size.

This makes sure that g_hash_table_iter_next does not trigger a signed
integer overflow, which would eventually lead to an out of boundary
read.

With input by Philip Withnall.

Bug: https://gitlab.gnome.org/GNOME/glib/-/issues/672

glib/ghash.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 ghash: fix signed integer overflow in g_hash_table_set_shift

Shifting 1 by 31 bits triggers a signed integer overflow. Use 1u
for unsigned data type to allow such operation.

Bug: https://gitlab.gnome.org/GNOME/glib/-/issues/672

glib/gbookmarkfile.c | 16 12 + 4 - 0 !
glib/tests/bookmarkfile.c | 18 17 + 1 - 0 !
2 files changed, 29 insertions(+), 5 deletions(-)

 gbookmarkfile: escape icon href and mime

If callers supply strings containing unescaped characters for icon href
or mime, then dumping the content can lead to corrupted files.

po/uk.po | 680 350 + 330 - 0 !
1 file changed, 350 insertions(+), 330 deletions(-)

 update ukrainian translation

po/ca.po | 839 425 + 414 - 0 !
1 file changed, 425 insertions(+), 414 deletions(-)

 update catalan translation

po/lt.po | 843 427 + 416 - 0 !
1 file changed, 427 insertions(+), 416 deletions(-)

 update lithuanian translation

gio/tests/actions.c | 2 1 + 1 - 0 !
glib/tests/array-test.c | 2 2 + 0 - 0 !
2 files changed, 3 insertions(+), 1 deletion(-)

 tests: fix clang compilation warnings

With these adjustments, building with clang leads to no warnings:

- The "{ NULL }" statement could be replaced with "{ 0 }" to satisfy
  clang, but this way it's explicitly filling all fields
- Even though "i" is not read with these g_array_binary_search calls,
  it rightfully should be set

glib/gmem.c | 42 25 + 17 - 0 !
1 file changed, 25 insertions(+), 17 deletions(-)

 gmem: replace size_overflows with g_size_checked_mul

Using the builtin multiplication checks leads to less instructions used
for these common functions (true for clang as well as gcc on x86_64).

Also, from a C perspective, the result is re-used, making code audits
easier.

po/pt_BR.po | 877 444 + 433 - 0 !
1 file changed, 444 insertions(+), 433 deletions(-)

 update brazilian portuguese translation

po/eu.po | 1617 826 + 791 - 0 !
1 file changed, 826 insertions(+), 791 deletions(-)

 update eu translation

po/ko.po | 837 424 + 413 - 0 !
1 file changed, 424 insertions(+), 413 deletions(-)

 update korean translation

po/ja.po | 4437 2481 + 1956 - 0 !
1 file changed, 2481 insertions(+), 1956 deletions(-)

 update japanese translation

From https://l10n.gnome.org/vertimus/glib/main/po/ja/

po/gl.po | 847 432 + 415 - 0 !
1 file changed, 432 insertions(+), 415 deletions(-)

 update galician translations

po/hu.po | 848 429 + 419 - 0 !
1 file changed, 429 insertions(+), 419 deletions(-)

 update hungarian translation

glib/gstrfuncs.c | 9 8 + 1 - 0 !
1 file changed, 8 insertions(+), 1 deletion(-)

 gstrfuncs: check string length in g_strescape

If the input string is too large on a 32 bit system, it is possible
to trigger an integer overflow which subsequently leads to an out of
boundary write.

gio/tests/meson.build | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

 `gio/tests/socket-listener` should depend on `libdl`

Bug: https://gitlab.gnome.org/GNOME/glib/-/issues/3780

glib/gutils.c | 28 17 + 11 - 0 !
1 file changed, 17 insertions(+), 11 deletions(-)

 gutils: support test env in load_user_special_dirs

XDG_CONFIG_DIR and HOME can be overridden with test environments. Read
these variables before building them again.

It's not possible to call the getter functions directly because the
caller of load_user_special_dirs already holds a lock and locking again
is undefined behavior and could lead to deadlocks.

Separate the functionality out into unlocked functions which definitely
have to be static to not expose them. Use them while holding the lock.

po/tr.po | 853 432 + 421 - 0 !
1 file changed, 432 insertions(+), 421 deletions(-)

 update turkish translation
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Approved by Emin Tufan etin
https://l10n.gnome.org/vertimus/glib/main/po/tr/

glib/gutils.c | 12 7 + 5 - 0 !
glib/tests/utils-isolated.c | 50 50 + 0 - 0 !
2 files changed, 57 insertions(+), 5 deletions(-)

 gutils: only allow $home in load_user_special_dirs

Make sure that the allowed environment variable is actually HOME, not
any environment variable starting with HOME, e.g. HOMER.

glib/gutils.c | 7 3 + 4 - 0 !
glib/tests/utils-isolated.c | 6 5 + 1 - 0 !
2 files changed, 8 insertions(+), 5 deletions(-)

 gutils: strip all trailing slahes in load_user_special_dirs

Do what the comment states and strip all trailing slashes. Also, do not
strip the trailing slash if it's the only character left, i.e. if it
denotes the root directory.

glib/gutils.c | 2 1 + 1 - 0 !
glib/tests/utils-isolated.c | 6 5 + 1 - 0 !
2 files changed, 6 insertions(+), 2 deletions(-)

 gutils: reject unquoted entries in load_user_special_dirs

If the end quote is missing, reject the entry. Please note that this
still allows entries with an uneven amount of quotes, e.g. "/"".

glib/gutils.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 gutils: handle huge lines in load_user_special_dirs

If a line is longer than G_INTMAX, still treat it correctly without
possibly provoking an out of boundary read.

fuzzing/fuzz_special_dirs.c | 43 43 + 0 - 0 !
fuzzing/meson.build | 1 1 + 0 - 0 !
glib/gutils.c | 118 7 + 111 - 0 !
glib/gutilsprivate.c | 138 138 + 0 - 0 !
4 files changed, 189 insertions(+), 111 deletions(-)

 fuzzing: add special dirs fuzzing test

Split custom user-dirs.dirs parser into its own gutilsprivate.c file
for easier fuzzing support and add a fuzzing test.

fuzzing/fuzz_special_dirs.c | 7 6 + 1 - 0 !
glib/gutils.c | 2 1 + 1 - 0 !
glib/gutilsprivate.c | 4 2 + 2 - 0 !
3 files changed, 9 insertions(+), 4 deletions(-)

 fuzzing: fix fuzz_special_dirs

Always NUL-terminate the data, which g_file_get_contents does as well.
This fixes unnecessary fuzzer warnings.

For further clarification of this requirement, rename the internally
used function.

Bug: https://gitlab.gnome.org/GNOME/glib/-/issues/3783

glib/goption.c | 22 14 + 8 - 0 !
glib/tests/option-context.c | 96 96 + 0 - 0 !
2 files changed, 110 insertions(+), 8 deletions(-)

 get_help(): ignore width of invisible options

When get_help() gets ready to lay out the help text into columns,
it first goes through and computes the max_width of the strings in
the left column. Problem is, it measures the width of every
available option, whether or not they'll actually be displayed.

Instead, let's use the same criteria used when deciding whether
to display an option, to decide whether or not to account for it
when computing max_width. This way, the layout is sized for the
help that's actually being produced.

Bug: https://gitlab.gnome.org/GNOME/glib/-/issues/3781

glib/gutils.c | 10 8 + 2 - 0 !
1 file changed, 8 insertions(+), 2 deletions(-)

 gutils: handle singletons in unlocked functions

Make sure that results of build functions are stored in singletons to
avoid creating multiple instances which eventually could leak.

(cherry picked from commit 18a7e7b4a2f248d3c70b3f50a56e16003d625d36)

Co-authored-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Bug: https://gitlab.gnome.org/GNOME/glib/-/issues/3784

po/eo.po | 4843 2483 + 2360 - 0 !
1 file changed, 2483 insertions(+), 2360 deletions(-)

 update esperanto translation

po/sr.po | 2740 1511 + 1229 - 0 !
po/sr@latin.po | 4303 2575 + 1728 - 0 !
2 files changed, 4086 insertions(+), 2957 deletions(-)

 update serbian translation

gobject/gtype.h | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 gtype: define copy and free functions for gtypeclass and
 GTypeInterface

We have some (deprecated) methods that technically still return
transfer-full instances of GTypeClass's and GTypeInterface's.

The introspection scanner cannot generate bindings for them though since
it does not know how to manage their lifecycle, and we end up skipping
these symbols.

This is breaking some language bindings, and in particular gjs [1] and
lua-lgi, that were using the .ref methods.

While we should not use deprecated functions in the language bindings,
these symbols should still be introspected.

[1] https://gitlab.gnome.org/GNOME/gjs/-/issues/711

gio/tests/gdbus-subscribe.c | 29 0 + 29 - 0 !
gio/tests/gdbus-tests.c | 36 36 + 0 - 0 !
gio/tests/gdbus-tests.h | 2 2 + 0 - 0 !
3 files changed, 38 insertions(+), 29 deletions(-)

 gio/tests: factor out connection_wait_for_bus() from gdbus-subscribe

Signed-off-by: Simon McVittie <smcv@debian.org>

gio/tests/gdbus-connection-slow.c | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 gio/tests: avoid a race condition

We have two things happening in parallel:

1. The GDBus worker thread writes out an AddMatch call to the socket,
   the message bus reads that method call from the other end of the
   socket, and the message bus responds by adding the match rule
   for the signal subscription

2. The main thread forks, and the child execs
   gdbus-connection-flush-helper, which sends the signal that we are
   expecting; the message bus receives that signal, and broadcasts it
   to subscribers, if any

Normally (1.) wins the race because exec'ing a child process is more
time-consuming than IPC, and the test passes.

However, it is possible for (2.) to win the race. If so, we will never
receive the expected signal (because it was received by the message bus
before the AddMatch() method call, so at the time it was received, the
test was not yet a subscriber); the test waits until the timeout and
then gives up, and the test fails.

For whatever reason, Debian's s390x buildd seems to be reliably failing
this test since this week, having previously passed. I don't know what
changed. I can (very rarely) reproduce the race condition described
above on a developer-accessible s390x machine by repeatedly running the
/gdbus/connection/flush test in a loop.

Bug-Debian: https://bugs.debian.org/1115617
Signed-off-by: Simon McVittie <smcv@debian.org>

gio/tests/gdbus-connection-slow.c | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 gio/tests: convert the time to wait for expected signal into a
 constant

No functional change.

Signed-off-by: Simon McVittie <smcv@debian.org>

gio/tests/gdbus-connection-slow.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 gio/tests: wait up to 10 seconds for a signal to be received

If the build/test machine is slow, heavily-loaded or otherwise
inconvenienced, it might take a few seconds for the signal to be sent
by the subprocess, received by the message bus, re-broadcasted by the
message bus and received by the test code. Wait a few more seconds
before giving up.

If this test is successful, increasing this timeout will not slow it
down: we stop waiting for the signal as soon as we receive it. This will

glib/gkeyfile.c | 83 83 + 0 - 0 !
1 file changed, 83 insertions(+)

 call gettext if .desktop file does not have inline translations

Patch from OpenSUSE via Ubuntu, original author unknown. Martin Pitt and
Vincent Untz appear to be the main authors.

Reworked slightly by Philip Withnall to avoid exposing new public API
for the non-standard keys.

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=569829
Bug-Ubuntu: https://launchpad.net/bugs/3935

glib/gkeyfile.c | 20 20 + 0 - 0 !
1 file changed, 20 insertions(+)

 provide backwards compatibility for 01_gettext-desktopfiles.patch
 for X-{Debian,Ubuntu}-Gettext-Domain

Ubuntu-specific. 01_gettext-desktopfiles.patch was changed to use
X-GNOME-, so this is necessary until all our .desktop files are converted.

gio/glib-compile-schemas.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 disable confusing (to users) warning about deprecated schema paths

Disable a warning when compiling schemas which are installed
into 'deprecated' locations. Users see this very often due to
glib-compile-schemas being called from libglib2.0-0's trigger and it is
not very useful for them.

gio/gdesktopappinfo.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 gdesktopappinfo: try using x-terminal-emulator for terminal=true
 apps

Debian Policy provides x-terminal-emulator as an interface for launching
a preferred terminal, for some definition of "preferred". However, the
x-terminal-emulator alternative is a system-wide choice, so in situations
where for example a GNOME user and a KDE user share a computer, only one
of them can have the terminal that will match their desktop environment's
appearance and behaviour conventions as the x-terminal-emulator.

As a result, we still try to use a GTK-based terminal as a higher
preference than x-terminal-emulator. This is done on the assumption
that when apps are launched using GLib interfaces, they are most likely
to have been launched from a GTK application or GTK-based desktop
environment, and therefore a GTK-based terminal will be the best fit for
the desktop environment's conventions and appearance.

I've somewhat arbitrarily sorted x-terminal-emulator as less preferred
than KDE's Konsole, but more preferred than rxvt and various xterm
variants which are not associated with a particular desktop environment.

Bug-Debian: https://bugs.debian.org/773915

glib/tests/timer.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 timer test: use 'volatile' for locals

GCC seems to be failing to follow the letter of the C spec by allowing extra
precision in floating point values to persist across assignments which are
optimised away.

Force its hand by using 'volatile' on the locals in question.

Bug: https://gitlab.gnome.org/GNOME/glib/issues/820

glib/tests/gwakeuptest.c | 17 13 + 4 - 0 !
1 file changed, 13 insertions(+), 4 deletions(-)

 gwakeuptest: be less parallel unless invoked with -m slow

This is a workaround for test failures on the reproducible-builds
infrastructure, where a multi-threaded stress-test sometimes takes longer
to finish on x86_64 than it would have done on slow architectures like
arm and mips on the official Debian autobuilders. It is not clear why.

This change will make this test more likely to pass, but less likely to
detect bugs.

Signed-off-by: Simon McVittie <smcv@debian.org>
Bug-Debian: https://bugs.debian.org/884659

gobject/tests/closure-refcount.c | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 closures test: skip on arm* unless flaky tests are allowed

Choosing the right number of iterations to avoid either taking literally
hours on some hardware, or getting spurious failures when one thread
starves another, seems to be too hard to get right in practice.
Make this test opt-in so that its failures aren't release-critical.
We can run it as a separate autopkgtest that is marked flaky.

Signed-off-by: Simon McVittie <smcv@debian.org>
Bug-Debian: https://bugs.debian.org/880883
Bug-Debian: https://bugs.debian.org/917983

glib/tests/mainloop.c | 16 16 + 0 - 0 !
glib/tests/timeout.c | 9 9 + 0 - 0 !
gobject/tests/threadtests.c | 8 8 + 0 - 0 !
3 files changed, 33 insertions(+)

 disable some tests on slow architectures which keep failing the
 tests

[smcv: Modified to use g_test_skip() instead of omitting those test cases
completely, and allow them to be re-enabled with a Debian-specific
environment variable]

Co-authored-by: Simon McVittie <smcv@debian.org>

glib/tests/timer.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 skip test which performs some unreliable floating point comparisons

[smcv: Modified to use g_test_skip() instead of omitting those test cases
completely, and allow them to be re-enabled with a Debian-specific
environment variable]

Co-authored-by: Simon McVittie <smcv@debian.org>
Bug: https://gitlab.gnome.org/GNOME/glib/issues/820

gio/tests/gdbus-threading.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 skip unreliable gdbus-threading tests by default

test_threaded_singleton() test to reproduce a race condition between
last-unref of the global singleton GDBusConnection and g_bus_get_sync().

test_method_calls_in_thread() checks that multiple threads can all make
method calls to the same proxy.

However, test setup intermittently times out with:

    # GLib-GIO-DEBUG: run 0: refcount is 2, sleeping
    Bail out! GLib-GIO-FATAL-ERROR: connection had too many refs

The current theory upstream is that this might be a reference leak in
test_delivery_in_thread().

Furthermore, test teardown is now often failing when destroying the test
bus.

Demote these tests to be run as part of the "flaky" autopkgtests, but
not at build time or in the part of the autopkgtest run that gates
progress into testing.

Bug: https://gitlab.gnome.org/GNOME/glib/issues/1515

glib/tests/gvariant.c | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 gvariant test: don't run at build-time on mips

DEB_ALLOW_FLAKY_TESTS is not quite right here, because we don't know
that the test would fail if left for long enough - the problem is that
it doesn't get there, because generating random floating-point numbers
is very slow on some of our mips hardware. However, it has the right
practical effect.

Signed-off-by: Simon McVittie <smcv@debian.org>
Bug: https://bugs.debian.org/932678

gio/tests/gdbus-server-auth.c | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 gdbus-server-auth: normally skip flaky dbus_cookie_sha1 tests

These intermittently fail on the buildds, but the failure cannot be
reproduced in a debugging environment.

We do not expect to use D-Bus over TCP on non-Windows platforms: we use
an AF_UNIX socket, which is much more robust and secure. However, when
using AF_UNIX, DBUS_COOKIE_SHA1 is unnecessary, because we can use the
more reliable EXTERNAL authentication.

gio/tests/memory-monitor-dbus.py.in | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 skip memory-monitor-dbus test if not specifically requested

This seems to be unreliable, particularly on non-x86.

Bug-Debian: https://bugs.debian.org/995178

gio/tests/debugcontroller.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 tests: skip debugcontroller test

This is known to be flaky upstream.

gio/tests/testfilemonitor.c | 38 37 + 1 - 0 !
1 file changed, 37 insertions(+), 1 deletion(-)

 testfilemonitor: skip if we are avoiding flaky tests

See https://gitlab.gnome.org/GNOME/glib/issues/1634

Signed-off-by: Simon McVittie <smcv@debian.org>

docs/reference/girepository/gi-compile-repository.rst | 9 9 + 0 - 0 !
docs/reference/girepository/gi-decompile-typelib.rst | 9 9 + 0 - 0 !
docs/reference/girepository/gi-inspect-typelib.rst | 9 9 + 0 - 0 !
3 files changed, 27 insertions(+)

 girepository: describe the debian-specific cross-prefixed names