diff options
author | Lee Chee Yang <chee.yang.lee@intel.com> | 2021-01-06 08:15:21 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-01-12 14:25:13 +0000 |
commit | ce150eaae2f0df70cd55fad4dc7ee4286c11333c (patch) | |
tree | d707932fa02e6ffc8dd4f1d1b94c437aa142d6c5 /meta | |
parent | fe8298ec3b38ab1d2ed726fdda776317c0eba8a4 (diff) | |
download | poky-ce150eaae2f0df70cd55fad4dc7ee4286c11333c.tar.gz |
glib-2.0: fix CVE-2020-35457
https://gitlab.gnome.org/GNOME/glib/-/issues/2197
upstream claim it is not security issue, but no harm to fix it since
this is still a valid issue.
(From OE-Core rev: 122f93d68ee0e9b418da0dcc99cb7cdcb7b3f643)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-35457.patch | 41 | ||||
-rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0_2.64.5.bb | 1 |
2 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-35457.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-35457.patch new file mode 100644 index 0000000000..828f9fcb96 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-35457.patch | |||
@@ -0,0 +1,41 @@ | |||
1 | From 63c5b62f0a984fac9a9700b12f54fe878e016a5d Mon Sep 17 00:00:00 2001 | ||
2 | From: Philip Withnall <withnall@endlessm.com> | ||
3 | Date: Wed, 2 Sep 2020 12:38:09 +0100 | ||
4 | Subject: [PATCH] goption: Add a precondition to avoid GOptionEntry list | ||
5 | overflow | ||
6 | MIME-Version: 1.0 | ||
7 | Content-Type: text/plain; charset=UTF-8 | ||
8 | Content-Transfer-Encoding: 8bit | ||
9 | |||
10 | If the calling code adds more option entries than `G_MAXSIZE` then | ||
11 | there’ll be an integer overflow. This seems vanishingly unlikely (given | ||
12 | that all callers use static option entry lists), but add a precondition | ||
13 | anyway. | ||
14 | |||
15 | Signed-off-by: Philip Withnall <withnall@endlessm.com> | ||
16 | |||
17 | Fixes: #2197 | ||
18 | |||
19 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d] | ||
20 | CVE: CVE-2020-35457 | ||
21 | Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> | ||
22 | --- | ||
23 | glib/goption.c | 2 ++ | ||
24 | 1 file changed, 2 insertions(+) | ||
25 | |||
26 | diff --git a/glib/goption.c b/glib/goption.c | ||
27 | index 9f5b977c4..bb9093a33 100644 | ||
28 | --- a/glib/goption.c | ||
29 | +++ b/glib/goption.c | ||
30 | @@ -2422,6 +2422,8 @@ g_option_group_add_entries (GOptionGroup *group, | ||
31 | |||
32 | for (n_entries = 0; entries[n_entries].long_name != NULL; n_entries++) ; | ||
33 | |||
34 | + g_return_if_fail (n_entries <= G_MAXSIZE - group->n_entries); | ||
35 | + | ||
36 | group->entries = g_renew (GOptionEntry, group->entries, group->n_entries + n_entries); | ||
37 | |||
38 | /* group->entries could be NULL in the trivial case where we add no | ||
39 | -- | ||
40 | 2.25.1 | ||
41 | |||
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.64.5.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.64.5.bb index a30c5215be..b9462bc945 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.64.5.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.64.5.bb | |||
@@ -17,6 +17,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ | |||
17 | file://0001-meson-Run-atomics-test-on-clang-as-well.patch \ | 17 | file://0001-meson-Run-atomics-test-on-clang-as-well.patch \ |
18 | file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \ | 18 | file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \ |
19 | file://tzdata-update.patch \ | 19 | file://tzdata-update.patch \ |
20 | file://CVE-2020-35457.patch \ | ||
20 | " | 21 | " |
21 | 22 | ||
22 | SRC_URI_append_class-native = " file://relocate-modules.patch" | 23 | SRC_URI_append_class-native = " file://relocate-modules.patch" |