diff options
| author |   Mikko Rapeli <mikko.rapeli@bmw.de> | 2021-01-05 12:18:20 +0200 |
|---|---|---|
| committer |   Steve Sakoman <steve@sakoman.com> | 2021-01-05 07:51:21 -1000 |
| commit | 196d6a668fb44ac3f69d791d42d2eead285a758e (patch) | |
| tree | 904243cd892b4dca181534aacd0b161d40931c32 | |
| parent | 66c3133fa83fc8fdbe7c48a5ec8b3df592010f43 (diff) | |
| download | openembedded-core-196d6a668fb44ac3f69d791d42d2eead285a758e.tar.gz | |
glib-2.0: add patch for CVE-2020-35457
Upstream has disputed CVE-2020-35457 claiming it's not exploitable but
the patch is simple to add.
https://security-tracker.debian.org/tracker/CVE-2020-35457
"https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d
https://gitlab.gnome.org/GNOME/glib/-/issues/2197
Upstream position is that it is not realistically a security issue."
For master branch this CVE is not reported by CVE checker:
NOTE: glib-2.0-2.66.4 is not vulnerable to CVE-2020-35457
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0/0001-goption-Add-a-precondition-to-avoid-GOptionEntry-lis.patch | 41 | ||||
| -rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb | 1 |
2 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0001-goption-Add-a-precondition-to-avoid-GOptionEntry-lis.patch b/meta/recipes-core/glib-2.0/glib-2.0/0001-goption-Add-a-precondition-to-avoid-GOptionEntry-lis.patch new file mode 100644 index 0000000000..17dcada613 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/0001-goption-Add-a-precondition-to-avoid-GOptionEntry-lis.patch @@ -0,0 +1,41 @@ +From 63c5b62f0a984fac9a9700b12f54fe878e016a5d Mon Sep 17 00:00:00 2001 +From: Philip Withnall <withnall@endlessm.com> +Date: Wed, 2 Sep 2020 12:38:09 +0100 +Subject: [PATCH] goption: Add a precondition to avoid GOptionEntry list + overflow +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If the calling code adds more option entries than `G_MAXSIZE` then +there’ll be an integer overflow. This seems vanishingly unlikely (given +that all callers use static option entry lists), but add a precondition +anyway. + +Signed-off-by: Philip Withnall <withnall@endlessm.com> + +Fixes: #2197 +--- + glib/goption.c | 2 ++ + 1 file changed, 2 insertions(+) + +CVE: CVE-2020-35457 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d] +Comment: adjusted offset by -5 to fix patch fuzz warning + +diff --git a/glib/goption.c b/glib/goption.c +index 9f5b977c4..bb9093a33 100644 +--- a/glib/goption.c ++++ b/glib/goption.c +@@ -2417,6 +2417,8 @@ g_option_group_add_entries (GOptionGroup *group, + + for (n_entries = 0; entries[n_entries].long_name != NULL; n_entries++) ; + ++ g_return_if_fail (n_entries <= G_MAXSIZE - group->n_entries); ++ + group->entries = g_renew (GOptionEntry, group->entries, group->n_entries + n_entries); + + /* group->entries could be NULL in the trivial case where we add no +-- +2.20.1 + diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb index 09d253fbfb..0ad14a0878 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.62.6.bb @@ -17,6 +17,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://0001-meson-Run-atomics-test-on-clang-as-well.patch \ file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \ file://tzdata-update.patch \ + file://0001-goption-Add-a-precondition-to-avoid-GOptionEntry-lis.patch \ " SRC_URI_append_class-native = " file://relocate-modules.patch" |