glib-2.0: update 2.84.4 -> 2.86.0

Overview of changes in GLib 2.86.0, 2025-09-05
==============================================

* Rework how platform-specific introspected GIO APIs have to be imported to fix
  problems with backwards-compatibility provision for it, by removing duplicate
  platform-specific symbols from `Gio-2.0`. Users of platform-specific GIO APIs
  should be unaffected, as `GIRepository` will now automatically import
  `GioWin32-2.0` or `GioUnix-2.0` when asked to import `Gio-2.0`. However,
  projects generating introspection data which depends on types from either of
  those platform-specific GIRs must make sure they depend on those GIRs
  explicitly, rather than just transitively depending on them through `Gio-2.0`
  (#3744, work by Emmanuele Bassi, Marco Trevisan, Florian Müllner, and others)

* Fix file existence queries on Solaris, broken due to unexpected flags handling
  within `faccessat()` (#3770, work by Niveditha Rau)

* Bugs fixed:
  - #3744 GDesktopAppInfo API disappeared after girepository-2.0 port (Emmanuele
    Bassi)
  - #3768 g_test_trap_subprocess does not check G_TEST_SUBPROCESS_INHERIT_STDIN
    (Philip Withnall)
  - !4751 gtestutils: Fix a slightly broken example in a doc comment
  - !4754 Update Polish translation 250825
  - !4758 Update Swedish translation
  - !4762 gio: gmemorymonitorpsi: Replace GRegex with g_str_has_prefix()
  - !4765 girepository: Add an assertion to help scan-build
  - !4767 glocalfile: Disable faccessat()-based query_exists on Solaris
  - !4768 gmessages: Fix win32_keep_fatal_message regression
  - !4769 docs: Fix typos
  - !4770 Update Chinese translation
  - !4771 Update Georgian translation
  - !4772 po: Update Persian translation.

* Translation updates:
  - Chinese (China) (lumingzh)
  - Georgian (NorwayFun)
  - Persian (Danial Behzadi)
  - Polish (Piotr Drąg)
  - Swedish (Anders Jonsson)

Overview of changes in GLib 2.85.4, 2025-08-22
==============================================

* Follow symlink (instead of overwriting it) when updating `mimeapps.list`
  (#3579, work by Rafael Girão)

* Bugs fixed:
  - #3579 mimeapps.list is overwritten if it is a symlink (Rafael Girão)
  - #3724 Crash in g_hash_table_add after 252645135 elements (Tobias Stoeckmann)
  - #3743 g_utf8_validate out parameter has wrong type (two)
  - #3751 meta: clang-format refers to a broken link (Rafael Girão)
  - #3758 Out-of-bounds read in GMemoryMonitorPoll (Philip Withnall)
  - #3760 Stack overflow when recursing within g_log_structured() with
    `G_LOG_FLAG_RECURSION` (Tobias Stoeckmann)
  - #3761 Regression in g_printf() - can no longer output formatted values
    containing NUL bytes (Luca Bacci)
  - #3766 Update sl.po (Slovenian) (Martin)
  - !4714 gmain: Reformat docs to fully use gi-docgen and match style guide
  - !4720 Disable GMemoryMonitorPsi on Solaris
  - !4727 garray: Improve and migrate documentation to gi-docgen
  - !4735 build: Fix stp files for development versions
  - !4736 systemtap: Use correct formatters/types
  - !4738 docs: Add Thomas Haller as a co-maintainer of GObject
  - !4739 Annotate ref/unref functions as transfer full
  - !4740 gstrfuncs: Check parameter validity
  - !4742 garray: Fix g_array_binary_search description
  - !4743 Update Russian translation
  - !4744 tests/gio: skip Unix socket-mock tests on Windows
  - !4747 tests/printf: Use proper compare helper for unsigned types
  - !4748 gconstructor: Add attribute used for TLS callback pointer

* Translation updates:
  - Russian (jtux270)
  - Slovenian (Martin)

Overview of changes in GLib 2.85.3, 2025-08-08
==============================================

* Fix encoding of output from `g_print()` and `g_printerr()` when locale is set
  to `.utf8` on Windows (#3341, work by Luca Bacci)

* Bugs fixed:
  - #3341 `g_print` and `g_printerr` will cause encoding errors on Windows when
    locale is set to `.utf8` (Luca Bacci)
  - #3739 Crash in accept_ready() of GThreadedSocketService Under High Load
    (Philip Withnall)
  - #3740 Documentation of g_win32_error_message  does not contain information
    about the behaviour when FormatMessageW failed (Philip Withnall)
  - #3755 AIX: Unwanted symbol needs to be removed for AIX platform: getpwnam_r,
    getpwuid_r (Parth Patel)
  - !4706 gthreadpool: Clean up when g_thread_pool_new fails
  - !4707 tests: Skip slow mainloop test on valgrind
  - !4708 gfilenamecompleter: Fix g_object_unref() of undefined value
  - !4709 tests: Connect to GMemoryMonitor signals earlier
  - !4712 tests/thread-pool: Add a thread-pool fail test
  - !4713 Fix test error for GMemoryMonitor
  - !4715 gdbuserror: Reformat docs to fully use gi-docgen and match style guide
  - !4722 tests: Add missing unistd.h header to thread-pool test
  - !4723 tests: Add a missing poll condition to socket-listener test
  - !4724 garray: Pass errors through GByteArray functions
  - !4725 garray: Add checks to g_ptr_array_extend_and_steal
  - !4726 Add a basic GFilenameCompleter test
  - !4728 gbitlock: Fix documentation issues
  - !4729 [RFC] Tests: do not set a timeout in Python tests
  - !4730 gstrfuncs: Always treat G_MININT64 in g_ascii_strtoll
  - !4731 glocalfile: Disable faccessat()-based query_exists on OpenBSD
  - !4733 gvalue: Reformat docs to fully use gi-docgen and match style guide
  - !4734 gspawn: Improve docstring for g_spawn_async()

Overview of changes in GLib 2.85.2, 2025-07-21
==============================================

* New Linux PSI based backend for `GMemoryMonitor` as an option to use instead
  of the existing Low Memory Monitor daemon backend (!4481, work by Kate Hsuan)

* Bugs fixed:
  - #1443 Deadlock between g_module_open() and dlopen() when called from a
    constructor
  - #2848 Doc: clarification request regarding g_match_info_fetch_pos return
    value (Mark Lautman)
  - #3712 Crash in g_thread_pool_new_full
  - #3713 call g_file_enumerator_close in g_file_enumerator_finalize is not safe
    (fbrouille)
  - #3716 (CVE-2025-7039) (#YWH-PGM9867-104) Buffer Under-read on GLib through
    glib/gfileutils.c via get_tmp_file() (Michael Catanzaro)
  - #3721 GFile leak in g_local_file_set_display_name during error handling
    (Philip Withnall, Michael Catanzaro)
  - #3725 Deadlock on source_destroy_lock inside g_main_context_unref() and
    g_source_destroy() (with child sources) (Matthew Waters)
  - #3726 GApplication sometimes fails to call before_emit (Matthias Clasen)
  - !4481 gio: gmemorymonitorpsi: Replace GMemoryMonitor backend with kernel PSI
    event
  - !4665 gio: enums: Fix GBusNameOwnerFlags's annotation
  - !4667 Incorrect output parameter handling in closure helper of
    g_settings_bind_with_mapping_closures
  - !4669 Add missing `(array zero-terminated=1)` annotations
  - !4676 Fix IPv6 scope-id from DNS responses being lost
  - !4680 gbacktrace: Correctly wait for children on Unix
  - !4681 (CVE-2025-6052) gstring: Improve
    g_string_expand/g_string_append_len_inline checks
  - !4682 gio-tool-launch: fix %k field code expansion
  - !4683 gio-tool-launch: Fix mismatched curly quotes in translatable strings
  - !4684 garray: Support unallocated zero terminated arrays
  - !4685 garray: Use g_array_elt_len/pos where appropriate
  - !4687 gstring: Fix g_string_append_vprintf overflow
  - !4690 garray: Fix out of boundary write in g_ptr_array_copy
  - !4692 tests: Fix a minor leak in array-test
  - !4693 tests: Loosen string comparison assertion in gio-tool.py
  - !4694 tests: Do not always skip array overflow checks
  - !4695 garray: Add more element_size > 0 checks
  - !4698 garray: Avoid exponential growth in g_array_copy
  - !4699 garray: Set capacity in terminated take functions
  - !4700 gfileutils: Fix OOB read in g_build_path(name)_va
  - !4701 gbacktrace: Fix OOB write in stack_trace
  - !4702 gio/filenamecompleter: Fix leaks
  - !4703 application: NULL check for options
  - !4704 tests: Add a regression test for GApplication command line handling

Overview of changes in GLib 2.85.1, 2025-06-13
==============================================

* Re-add the option of a singleton to `GIRepository` (#3664, work by
  Christian Hergert)

* Add support for the `e` flag (O_CLOEXEC) to `g_fopen()` (!4564, work by
  Luca Bacci and Philip Withnall)

* Make the `sysprof` Meson option yield when using GLib as a subproject (!4659,
  work by Matthias Clasen)

* Use the Meson built-in `localedir` option (!4661, work by
  Kleis Auke Wolthuizen)

* Bugs fixed:
  - #1665 g_file_trash() should return PERMISSION_DENIED if files can't be
    deleted (Ignacy Kuchciński)
  - #3664 Lack of g_irepository_get_default() equivalent makes cross-library
    integration extremely difficult (Christian Hergert)
  - #3698 Misleading autogenerated hints in the documentation of
    g_async_queue_pop() (Alicia Boya García)
  - !4560 glib/gnulib/printf.c: Sync with gnulib
  - !4564 gstdio: Add support for the `e` flag (O_CLOEXEC) to g_fopen()
  - !4637 Rework Windows implementation of g_getenv()
  - !4641 [th/gobj-drop-bit-lock] gobject: drop object_bit_lock() functions
  - !4642 [th/gobj-empty-notify-queue] gobject: optimize notify-queue handling
    for a single freeze
  - !4643 GRegex: apply monospace typeface in description
  - !4644 gio: add annotations on parameters of 'g_file_monitor_emit_event' and
    of 'g_vfs_get_file_for_path'
  - !4645 gregex: Clarify docs for end_pos
  - !4646 GRegex: update class description
  - !4649 GAsyncQueue: assert non-null data in push_sorted()
  - !4650 tests: Add atomics to asyncqueue test global variables
  - !4651 Meson: Add libglib_static dependency for use in tests
  - !4652 gobject: clarify in documentation that g_value_set_boxed copies
  - !4654 Fix buffer overflow in string-test
  - !4655 gstring: Fix overflow check when expanding the string
  - !4657 docs: Stop hiding the Unix-like APIs which are in Gio-2.0.gir
  - !4658 gmarkup: make documentation more discoverable
  - !4659 Make the sysprof feature yield
  - !4661 meson: Use the appropriate localedir option

Overview of changes in GLib 2.85.0, 2025-05-20
==============================================

 * Preserve mode for existing file when creating a temporary file for atomic
   updates with g_file_set_contents() (dconf#76, work by Wesley Hershberger)

 * Fix race conditions between g_main_context_unref() and g_source_*() methods
   (#803, work by Matthew Waters)

 * Allow file handles inside nested containers when using the `gdbus call`
   command (#3624, work by Julian Sparber)

 * Fix DNS resolution of local addresses in offline mode (#3641, work by
   Patrick Griffis)

 * Various performance improvements to GObject locking (various MRs by
   Thomas Haller)

 * Prefer matches occurring earlier in the string when searching
   `GDesktopAppInfo`s, improving search for apps in gnome-shell (!4369, work by
   Fina Wilke)

 * Fix thread safety of `GClosure` flags (!4575, !4577, work by Sam James and
   Philip Withnall)

* Bugs fixed:
  - GNOME/dconf#76 dconf update can set incorrect permissions to dconf system db
    (Wesley Hershberger)
  - #490 Not clearly documented behavior of g_key_file_set_comment function.
    (marklkram)
  - #803 g_main_context_unref() versus g_source_*() race (Matthew Waters)
  - #1002 GObject doesn't support removing a weak reference in a GWeakNotify for
    the same object
  - #1250 gsocketlistener: Fix IPv4 listen() error-handling resulting in use-
    after-free
  - #2377 Document that `g_socket_address_get_native_size()` can return `-1` on
    errors
  - #2544 Consider `g_log_always_fatal` for aborting in
    `g_log_structured_array()` (sid)
  - #3405 Enable -Wconversion warnings by default (progress towards this, but it
    is not complete)
  - #3616 docs: Broken link in GioActionEntry (Philip Withnall)
  - #3617 Add generalised version of g_date_get_monday_week_of_year() (Philip
    Withnall)
  - #3624 `gdbus call` should look for file handles inside nested containers
    (Julian Sparber)
  - #3630 2.84.0 build failure on Linux: ../gio/gnetworkmonitornetlink.c:47:10:
    fatal error: netlink/netlink_route.h: No such file or directory (Philip
    Withnall)
  - #3634 test failure with gobject-introspection 1.83.4: warning: element
    doc:format from state 3 is unknown, ignoring (Philip Withnall)
  - #3636 gio/trash does not handle special characters well
  - #3641 GResolver: Local DNS resolution failure in offline mode (Patrick
    Griffis)
  - #3642 `g_cancellable_connect()` documentation incorrect (Marco Trevisan
    (Treviño))
  - #3643 g_cancellable_connect(): is it safe to unref cancellable from
    callback? (Marco Trevisan (Treviño))
  - #3649 Crash with some registry key values in GWin32AppInfo (Philip Withnall)
  - #3656 Set SYSLOG_IDENTIFIER when logging to journald (Axel Karjalainen)
  - #3657 girepository: Wrong typelib path on Windows
  - #3663 Cannot use GZlibCompressor in GTK testsuite (Benjamin Otte)
  - #3684 UAF in GSignalGroup weak notify callbacks (Thomas Haller)
  - #3686 docs.gtk.org doesn't mention that GSourceFuncs.finalize may be NULL
    (BZZZZ)
  - #3693 Random failures in debian-i386-stable
  - !4185 [th/gobject-no-object-locks-pt1-notify] use
    `g_datalist_id_update_atomic()` instead of OPTIONAL_BIT_LOCK_NOTIFY
  - !4247 mappedfile: Avoid some allocations
  - !4369 gdesktopappinfo: Prefer matches that occur earlier in the match string
  - !4387 Fix various -Wshorten-64-to-32 warnings
  - !4484 Memory sanitizer fixes
  - !4489 gobject: Be consistent in using atomic logic to handle the
    GParamSpecPool
  - !4520 [th/gdataset-cleanup] minor cleanups of gdataset
  - !4536 [th/gobj-closure-array-atomic] use g_datalist_id_update_atomic() for
    array of closure watches
  - !4541 gsettings: Port docs to gi-docgen format, add missing annotations and
    make various improvements
  - !4544 tests: Don't install runner scripts without installed_tests
  - !4545 Update French translation
  - !4547 Update Catalan translation
  - !4548 Update Turkish translation
  - !4551 Updated Danish translation
  - !4552 Update Persian translation
  - !4553 docs: Document GSignalFlags members added after 2.0
  - !4554 Update Indonesian translation
  - !4555 tests: Add a test for g_object_freeze_notify() being called too often
  - !4557 gfileinfo: Slightly expand docs for
    g_file_info_get_attribute_as_string()
  - !4558 gi: Dynamically set doc-format
  - !4561 tests: Various fixes to create temporary files in /tmp rather than the
    build directory
  - !4562 gdbusnameowning: Convert docs to gi-docgen linking syntax
  - !4563 giounix-private: Fix macro for checking for epoll_create1()
  - !4565 Fix LGPL in header
  - !4567 gutils: make documentation of g_set_prgname() clearer
  - !4568 docs: Add some detail
  - !4569 Update Romanian translation
  - !4570 gspawn-win32: Fix potential integer overflows in argv handling
  - !4571 gvarianttype: Improve docs on type validation
  - !4575 gclosure: fix ATOMIC_CHANGE_FIELD to read vint atomically
  - !4577 gclosure: Allow full set of closure flags to be queried atomically
  - !4578 [th/bit-lock-and-set] bitlock: add g_bit_lock_and_get() and
    g_bit_unlock_and_set() API
  - !4579 tests: Add missing unistd.h include to scannerapi.c
  - !4581 [th/gobj-no-weak-ref-lock] drop OPTIONAL_BIT_LOCK_WEAK_REFS object
    lock for `g_object_weak_{ref,unref}()`
  - !4583 thread: fix Linux detection
  - !4585 gfile: Expand documentation around file info for inaccessible files
  - !4586 [th/gobj-doc-weakref] clear #GWeakRef earlier in
    g_object_run_dispose() and reword docs about #GWeakRef
  - !4588 gstring: carefully handle gssize parameters
  - !4590 Various -Wsign-conversion warning fixes
  - !4591 gthreadedresolver: fix crash in loopback interface check
  - !4592 gstring: Make len_unsigned unsigned
  - !4594 Enable -Wsign-conversion for girepository, gthread, gmodule
  - !4596 docs: Mention how to run the test suite in CONTRIBUTING.md
  - !4598 gtlsconnection: Fix annotation
  - !4599 Mark pointer as (type gpointer)
  - !4601 garray: Fix annotations
  - !4602 docs: fix typo glong: ULONG_MAX -> LONG_MAX
  - !4603 Fix GNetworkMonitorNetlink operation under a FreeBSD jail with shared
    network stack
  - !4604 cocoa: add support for GBytesIcon in notification backend
  - !4605 gparamspecs: Use standard min/max constants rather than literals
  - !4606 gobject, girepository: Fix several -Wsign-conversion warnings on macOS
  - !4609 Update Portuguese translation
  - !4610 Update Ukrainian translation
  - !4613 Update macOS job for new CI runner
  - !4615 shell: Handle empty comment gracefully
  - !4619 gslist: Improve documentation for append / prepend / insert methods
  - !4620 glocalfile: Disable faccessat()-based query_exists on Android
  - !4621 gallocator: mark as deprecated
  - !4627 [th/gsignalgroup-dispose] gsignalgroup: make GSignalGroup.dispose() a
    bit more reentrant
  - !4628 [th/gdataset-fix-zero-key] fix and cleanup related to using a zero
    GQuark for keys in GData
  - !4631 Update German translation
  - !4632 win32: Only print one OS version
  - !4633 gzlibcompressor: Convert docs to gi-docgen linking syntax
  - !4638 docs: Fix formatting of definition lists

* Translation updates:
  - Catalan (Jordi Mas)
  - Danish (Ask Hjorth Larsen)
  - French (Vincent Chatelain)
  - German (Philipp Kiemle)
  - Indonesian (Andika Triwidada)
  - Persian (Danial Behzadi)
  - Portuguese (Hugo Carvalho)
  - Romanian (Antonio Marin)
  - Turkish (Sabri Ünal)
  - Ukrainian (Yuri Chornoivan)

- remove backport patches

(From OE-Core rev: b1f741735c8da6eb92d2ffd94084aa9328aa665d)

Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-core/glib-2.0/files/CVE-2025-6052-1.patch

@@ -1,97 +0,0 @@
-From 6aa97beda32bb337370858862f4efe2f3372619f Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Mon, 7 Jul 2025 20:52:24 +0200
-Subject: [PATCH] gstring: Fix g_string_sized_new segmentation fault
-
-If glib is compiled with -Dglib_assert=false, i.e. no asserts
-enabled, then g_string_sized_new(G_MAXSIZE) leads to a segmentation
-fault due to an out of boundary write.
-
-This happens because the overflow check was moved into
-g_string_maybe_expand which is not called by g_string_sized_new.
-
-By assuming that string->allocated_len is always larger than
-string->len (and the code would be in huge trouble if that is not true),
-the G_UNLIKELY check in g_string_maybe_expand can be rephrased to
-avoid a potential G_MAXSIZE overflow.
-
-This in turn leads to 150-200 bytes smaller compiled library
-depending on gcc and clang versions, and one less check for the most
-common code paths.
-
-Reverts https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4655 and
-reorders internal g_string_maybe_expand check to still fix
-CVE-2025-6052.
-
-CVE: CVE-2025-6052
-Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/6aa97beda32bb337370858862f4efe2f3372619f]
-Signed-off-by: Peter Marko <peter.marko@siemens.com>
----
- glib/gstring.c      | 10 +++++-----
- glib/tests/string.c | 18 ++++++++++++++++++
- 2 files changed, 23 insertions(+), 5 deletions(-)
-
-diff --git a/glib/gstring.c b/glib/gstring.c
-index 010a8e976..24c4bfb40 100644
---- a/glib/gstring.c
-+++ b/glib/gstring.c
-@@ -68,6 +68,10 @@ static void
- g_string_expand (GString *string,
-                  gsize    len)
- {
-+  /* Detect potential overflow */
-+  if G_UNLIKELY ((G_MAXSIZE - string->len - 1) < len)
-+    g_error ("adding %" G_GSIZE_FORMAT " to string would overflow", len);
-+
-   string->allocated_len = g_nearest_pow (string->len + len + 1);
-   /* If the new size is bigger than G_MAXSIZE / 2, only allocate enough
-    * memory for this string and don't over-allocate.
-@@ -82,11 +86,7 @@ static inline void
- g_string_maybe_expand (GString *string,
-                        gsize    len)
- {
--  /* Detect potential overflow */
--  if G_UNLIKELY ((G_MAXSIZE - string->len - 1) < len)
--    g_error ("adding %" G_GSIZE_FORMAT " to string would overflow", len);
--
--  if (G_UNLIKELY (string->len + len >= string->allocated_len))
-+  if (G_UNLIKELY (len >= string->allocated_len - string->len))
-     g_string_expand (string, len);
- }
- 
-diff --git a/glib/tests/string.c b/glib/tests/string.c
-index aa363c57a..e3bc4a02e 100644
---- a/glib/tests/string.c
-+++ b/glib/tests/string.c
-@@ -767,6 +767,23 @@ test_string_new_take_null (void)
-   g_string_free (g_steal_pointer (&string), TRUE);
- }
- 
-+static void
-+test_string_sized_new (void)
-+{
-+
-+  if (g_test_subprocess ())
-+    {
-+      GString *string = g_string_sized_new (G_MAXSIZE);
-+      g_string_free (string, TRUE);
-+    }
-+  else
-+    {
-+      g_test_trap_subprocess (NULL, 0, G_TEST_SUBPROCESS_DEFAULT);
-+      g_test_trap_assert_failed ();
-+      g_test_trap_assert_stderr ("*string would overflow*");
-+    }
-+}
-+
- int
- main (int   argc,
-       char *argv[])
-@@ -796,6 +813,7 @@ main (int   argc,
-   g_test_add_func ("/string/test-string-steal", test_string_steal);
-   g_test_add_func ("/string/test-string-new-take", test_string_new_take);
-   g_test_add_func ("/string/test-string-new-take/null", test_string_new_take_null);
-+  g_test_add_func ("/string/sized-new", test_string_sized_new);
- 
-   return g_test_run();
- }

meta/recipes-core/glib-2.0/files/CVE-2025-6052-2.patch

@@ -1,35 +0,0 @@
-From 3752760c5091eaed561ec11636b069e529533514 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Mon, 7 Jul 2025 20:57:41 +0200
-Subject: [PATCH] gstring: Improve g_string_append_len_inline checks
-
-Use the same style for the G_LIKELY check here as in g_string_sized_new.
-The check could overflow on 32 bit systems.
-
-Also improve the memcpy/memmove check to use memcpy if val itself is
-adjacent to end + len_unsigned, which means that no overlapping exists.
-
-CVE: CVE-2025-6052
-Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/3752760c5091eaed561ec11636b069e529533514]
-Signed-off-by: Peter Marko <peter.marko@siemens.com>
----
- glib/gstring.h | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/glib/gstring.h b/glib/gstring.h
-index e817176c9..c5e64b33a 100644
---- a/glib/gstring.h
-+++ b/glib/gstring.h
-@@ -232,10 +232,10 @@ g_string_append_len_inline (GString    *gstring,
-   else
-     len_unsigned = (gsize) len;
- 
--  if (G_LIKELY (gstring->len + len_unsigned < gstring->allocated_len))
-+  if (G_LIKELY (len_unsigned < gstring->allocated_len - gstring->len))
-     {
-       char *end = gstring->str + gstring->len;
--      if (G_LIKELY (val + len_unsigned <= end || val > end + len_unsigned))
-+      if (G_LIKELY (val + len_unsigned <= end || val >= end + len_unsigned))
-         memcpy (end, val, len_unsigned);
-       else
-         memmove (end, val, len_unsigned);

meta/recipes-core/glib-2.0/glib.inc

@@ -231,14 +231,12 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
            file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \
            file://0010-Do-not-hardcode-python-path-into-various-tools.patch \
            file://skip-timeout.patch \
-           file://CVE-2025-6052-1.patch \
-           file://CVE-2025-6052-2.patch \
            "
 SRC_URI:append:class-native = " file://relocate-modules.patch \
                                 file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \
                               "
 
-SRC_URI[sha256sum] = "8a9ea10943c36fc117e253f80c91e477b673525ae45762942858aef57631bb90"
+SRC_URI[sha256sum] = "b5739972d737cfb0d6fd1e7f163dfe650e2e03740bb3b8d408e4d1faea580d6d"
 
 # Find any meson cross files in FILESPATH that are relevant for the current
 # build (using siteinfo) and add them to EXTRA_OEMESON.