glib: 2.80.0 -> 2.80.2

[leona-ya]

Description of changes

https://gitlab.gnome.org/GNOME/glib/-/compare/2.80.0...2.80.2
https://gitlab.gnome.org/GNOME/glib/-/blob/2.80.1/NEWS
https://gitlab.gnome.org/GNOME/glib/-/blob/2.80.2/NEWS

CVE-2024-34397

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[jtojnar]

Thanks, looks good. We will also want to cherry-pick gnome-shell patch but that can go to master https://discourse.gnome.org/t/security-fixes-for-signal-handling-in-gdbus-in-glib/20882

[fabianhjr]

https://gitlab.gnome.org/GNOME/glib/-/compare/2.80.1...2.80.2

2.80.2 has just released

Overview of changes in GLib 2.80.2, 2024-05-08
==============================================
* Fix a regression with IBus caused by the fix for CVE-2024-34397 (#3353,
  work by Simon McVittie)
* Fix installation directory of the GVariant specification (#3351, work by
  Michael Catanzaro)
* Bugs fixed:
  - #3351 GVariant specification installed in wrong directory (Michael
    Catanzaro)
  - #3353 Fixing CVE-2024-34397 caused regressions for ibus (Simon McVittie)
  - !4052 Backport "gdbusconnection: Fix test signal subscription ordering" to
    glib-2-80
  - !4054 Backport !4049 “Correct installation directory of GVariant
    specification” to glib-2-80
  - !4055 Backport !4053 “gdbusconnection: Allow name owners to have the syntax
    of a well-known name” to glib-2-80

[fabianhjr]

Been using this on staging-next, is it ok if I merge this into staging today?

[vcunat]

This broke libmodulemd build, perhaps surprisingly:

meson.build:78: WARNING: glib >= 2.79.0 documention might not be properly referred from libmodulemd documentation.

meson.build:87:6: ERROR: Problem encountered: Missing GTK documentation for glib: /nix/store/la2ylr97skw8rigwx4bg691lni3hvx04-glib-2.80.2-devdoc/share/doc/glib-2.0/glib/index.html

/cc the staging-next PR #312133. Some RPM-related packages depend on this. (I checked locally that reverting this glib bump would fix the build.)

[vcunat]

The ${glib.devdoc}/share/doc/glib-2.0/glib/index.html path really did disappear with this merge. EDIT: and it's not a mistake of the moveToOutput change.

[vcunat]

Surely it's a consequence of https://gitlab.gnome.org/GNOME/glib/-/commit/548ec9f186d373c4e55528a04d78450f6f2fceef

[vcunat]

Ah, probably this one, let me test:
fedora-modularity/libmodulemd@f333619

[vcunat]

OK, looks good. 🦆

[OPNA2608]

This also broke some packages for the Lomiri DE. Bisected to https://gitlab.gnome.org/GNOME/glib/-/commit/747e3af9987b37847d7d5acbf882d1ee4a6bd91b, https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4073 fixes the issues.

[vcunat]

In 2.80 branch as well: https://gitlab.gnome.org/GNOME/glib/-/commit/2d60dc15390e14c99438179caf8ce159fb51d7a9

EDIT: so it should be in 2.80.3 once it's released, for example.

[OPNA2608]

#314043