1 files changed, 131 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-03.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-03.patch
new file mode 100644
index 0000000000..eceff161a6
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-03.patch
@@ -0,0 +1,131 @@
+From 6110caea45b235420b98cd41d845cc92238f6781 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@endlessos.org>
+Date: Thu, 4 Feb 2021 13:39:25 +0000
+Subject: [PATCH 03/11] gobject: Use g_memdup2() instead of g_memdup() in
+ obvious places
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Convert all the call sites which use `g_memdup()`’s length argument
+trivially (for example, by passing a `sizeof()`), so that they use
+`g_memdup2()` instead.
+In almost all of these cases the use of `g_memdup()` would not have
+caused problems, but it will soon be deprecated, so best port away from
+it.
+Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
+Helps: #2319
+Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
+CVE: CVE-2021-27219
+Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+---
+ gobject/gsignal.c     | 3 ++-
+ gobject/gtype.c       | 9 +++++----
+ gobject/gtypemodule.c | 3 ++-
+ gobject/tests/param.c | 4 +++-
+ 4 files changed, 12 insertions(+), 7 deletions(-)
+--- a/gobject/gsignal.c
+++ b/gobject/gsignal.c
+@@ -28,6 +28,7 @@
+ #include <signal.h>
+ 
+ #include "gsignal.h"
+#include "gstrfuncsprivate.h"
+ #include "gtype-private.h"
+ #include "gbsearcharray.h"
+ #include "gvaluecollector.h"
+@@ -1809,7 +1810,7 @@ g_signal_newv (const gchar       *signal
+   node->single_va_closure_is_valid = FALSE;
+   node->flags = signal_flags & G_SIGNAL_FLAGS_MASK;
+   node->n_params = n_params;
+-  node->param_types = g_memdup (param_types, sizeof (GType) * n_params);
+  node->param_types = g_memdup2 (param_types, sizeof (GType) * n_params);
+   node->return_type = return_type;
+   node->class_closure_bsa = NULL;
+   if (accumulator)
+--- a/gobject/gtype.c
+++ b/gobject/gtype.c
+@@ -33,6 +33,7 @@
+ 
+ #include "glib-private.h"
+ #include "gconstructor.h"
+#include "gstrfuncsprivate.h"
+ 
+ #ifdef G_OS_WIN32
+ #include <windows.h>
+@@ -1470,7 +1471,7 @@ type_add_interface_Wm (TypeNode
+   iholder->next = iface_node_get_holders_L (iface);
+   iface_node_set_holders_W (iface, iholder);
+   iholder->instance_type = NODE_TYPE (node);
+-  iholder->info = info ? g_memdup (info, sizeof (*info)) : NULL;
+  iholder->info = info ? g_memdup2 (info, sizeof (*info)) : NULL;
+   iholder->plugin = plugin;
+ 
+   /* create an iface entry for this type */
+@@ -1731,7 +1732,7 @@ type_iface_retrieve_holder_info_Wm (Type
+         INVALID_RECURSION ("g_type_plugin_*", iholder->plugin, NODE_NAME (iface));
+       
+       check_interface_info_I (iface, instance_type, &tmp_info);
+-      iholder->info = g_memdup (&tmp_info, sizeof (tmp_info));
+      iholder->info = g_memdup2 (&tmp_info, sizeof (tmp_info));
+     }
+   
+   return iholder;      /* we don't modify write lock upon returning NULL */
+@@ -2016,10 +2017,10 @@ type_iface_vtable_base_init_Wm (TypeNode
+       IFaceEntry *pentry = type_lookup_iface_entry_L (pnode, iface);
+       
+       if (pentry)
+-       vtable = g_memdup (pentry->vtable, iface->data->iface.vtable_size);
+       vtable = g_memdup2 (pentry->vtable, iface->data->iface.vtable_size);
+     }
+   if (!vtable)
+-    vtable = g_memdup (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size);
+    vtable = g_memdup2 (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size);
+   entry->vtable = vtable;
+   vtable->g_type = NODE_TYPE (iface);
+   vtable->g_instance_type = NODE_TYPE (node);
+--- a/gobject/gtypemodule.c
+++ b/gobject/gtypemodule.c
+@@ -19,6 +19,7 @@
+ 
+ #include <stdlib.h>
+ 
+#include "gstrfuncsprivate.h"
+ #include "gtypeplugin.h"
+ #include "gtypemodule.h"
+ 
+@@ -436,7 +437,7 @@ g_type_module_register_type (GTypeModule
+   module_type_info->loaded = TRUE;
+   module_type_info->info = *type_info;
+   if (type_info->value_table)
+-    module_type_info->info.value_table = g_memdup (type_info->value_table,
+    module_type_info->info.value_table = g_memdup2 (type_info->value_table,
+                                                   sizeof (GTypeValueTable));
+ 
+   return module_type_info->type;
+--- a/gobject/tests/param.c
+++ b/gobject/tests/param.c
+@@ -2,6 +2,8 @@
+ #include <glib-object.h>
+ #include <stdlib.h>
+ 
+#include "gstrfuncsprivate.h"
+
+ static void
+ test_param_value (void)
+ {
+@@ -874,7 +876,7 @@ main (int argc, char *argv[])
+             test_path = g_strdup_printf ("/param/implement/subprocess/%d-%d-%d-%d",
+                                          data.change_this_flag, data.change_this_type,
+                                          data.use_this_flag, data.use_this_type);
+-            test_data = g_memdup (&data, sizeof (TestParamImplementData));
+            test_data = g_memdup2 (&data, sizeof (TestParamImplementData));
+             g_test_add_data_func_full (test_path, test_data, test_param_implement_child, g_free);
+             g_free (test_path);
+           }

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-03.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-03.patch new file mode 100644 index 0000000000..eceff161a6 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-03.patch
@@ -0,0 +1,131 @@
	1	From 6110caea45b235420b98cd41d845cc92238f6781 Mon Sep 17 00:00:00 2001
	2	From: Philip Withnall <pwithnall@endlessos.org>
	3	Date: Thu, 4 Feb 2021 13:39:25 +0000
	4	Subject: [PATCH 03/11] gobject: Use g_memdup2() instead of g_memdup() in
	5	obvious places
	6	MIME-Version: 1.0
	7	Content-Type: text/plain; charset=UTF-8
	8	Content-Transfer-Encoding: 8bit
	9
	10	Convert all the call sites which use `g_memdup()`’s length argument
	11	trivially (for example, by passing a `sizeof()`), so that they use
	12	`g_memdup2()` instead.
	13
	14	In almost all of these cases the use of `g_memdup()` would not have
	15	caused problems, but it will soon be deprecated, so best port away from
	16	it.
	17
	18	Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
	19	Helps: #2319
	20
	21	Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
	22	CVE: CVE-2021-27219
	23	Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com>
	24	Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
	25
	26	---
	27	gobject/gsignal.c \| 3 ++-
	28	gobject/gtype.c \| 9 +++++----
	29	gobject/gtypemodule.c \| 3 ++-
	30	gobject/tests/param.c \| 4 +++-
	31	4 files changed, 12 insertions(+), 7 deletions(-)
	32
	33	--- a/gobject/gsignal.c
	34	+++ b/gobject/gsignal.c
	35	@@ -28,6 +28,7 @@
	36	#include <signal.h>
	37
	38	#include "gsignal.h"
	39	+#include "gstrfuncsprivate.h"
	40	#include "gtype-private.h"
	41	#include "gbsearcharray.h"
	42	#include "gvaluecollector.h"
	43	@@ -1809,7 +1810,7 @@ g_signal_newv (const gchar *signal
	44	node->single_va_closure_is_valid = FALSE;
	45	node->flags = signal_flags & G_SIGNAL_FLAGS_MASK;
	46	node->n_params = n_params;
	47	- node->param_types = g_memdup (param_types, sizeof (GType) * n_params);
	48	+ node->param_types = g_memdup2 (param_types, sizeof (GType) * n_params);
	49	node->return_type = return_type;
	50	node->class_closure_bsa = NULL;
	51	if (accumulator)
	52	--- a/gobject/gtype.c
	53	+++ b/gobject/gtype.c
	54	@@ -33,6 +33,7 @@
	55
	56	#include "glib-private.h"
	57	#include "gconstructor.h"
	58	+#include "gstrfuncsprivate.h"
	59
	60	#ifdef G_OS_WIN32
	61	#include <windows.h>
	62	@@ -1470,7 +1471,7 @@ type_add_interface_Wm (TypeNode
	63	iholder->next = iface_node_get_holders_L (iface);
	64	iface_node_set_holders_W (iface, iholder);
	65	iholder->instance_type = NODE_TYPE (node);
	66	- iholder->info = info ? g_memdup (info, sizeof (*info)) : NULL;
	67	+ iholder->info = info ? g_memdup2 (info, sizeof (*info)) : NULL;
	68	iholder->plugin = plugin;
	69
	70	/* create an iface entry for this type */
	71	@@ -1731,7 +1732,7 @@ type_iface_retrieve_holder_info_Wm (Type
	72	INVALID_RECURSION ("g_type_plugin_*", iholder->plugin, NODE_NAME (iface));
	73
	74	check_interface_info_I (iface, instance_type, &tmp_info);
	75	- iholder->info = g_memdup (&tmp_info, sizeof (tmp_info));
	76	+ iholder->info = g_memdup2 (&tmp_info, sizeof (tmp_info));
	77	}
	78
	79	return iholder; /* we don't modify write lock upon returning NULL */
	80	@@ -2016,10 +2017,10 @@ type_iface_vtable_base_init_Wm (TypeNode
	81	IFaceEntry *pentry = type_lookup_iface_entry_L (pnode, iface);
	82
	83	if (pentry)
	84	- vtable = g_memdup (pentry->vtable, iface->data->iface.vtable_size);
	85	+ vtable = g_memdup2 (pentry->vtable, iface->data->iface.vtable_size);
	86	}
	87	if (!vtable)
	88	- vtable = g_memdup (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size);
	89	+ vtable = g_memdup2 (iface->data->iface.dflt_vtable, iface->data->iface.vtable_size);
	90	entry->vtable = vtable;
	91	vtable->g_type = NODE_TYPE (iface);
	92	vtable->g_instance_type = NODE_TYPE (node);
	93	--- a/gobject/gtypemodule.c
	94	+++ b/gobject/gtypemodule.c
	95	@@ -19,6 +19,7 @@
	96
	97	#include <stdlib.h>
	98
	99	+#include "gstrfuncsprivate.h"
	100	#include "gtypeplugin.h"
	101	#include "gtypemodule.h"
	102
	103	@@ -436,7 +437,7 @@ g_type_module_register_type (GTypeModule
	104	module_type_info->loaded = TRUE;
	105	module_type_info->info = *type_info;
	106	if (type_info->value_table)
	107	- module_type_info->info.value_table = g_memdup (type_info->value_table,
	108	+ module_type_info->info.value_table = g_memdup2 (type_info->value_table,
	109	sizeof (GTypeValueTable));
	110
	111	return module_type_info->type;
	112	--- a/gobject/tests/param.c
	113	+++ b/gobject/tests/param.c
	114	@@ -2,6 +2,8 @@
	115	#include <glib-object.h>
	116	#include <stdlib.h>
	117
	118	+#include "gstrfuncsprivate.h"
	119	+
	120	static void
	121	test_param_value (void)
	122	{
	123	@@ -874,7 +876,7 @@ main (int argc, char *argv[])
	124	test_path = g_strdup_printf ("/param/implement/subprocess/%d-%d-%d-%d",
	125	data.change_this_flag, data.change_this_type,
	126	data.use_this_flag, data.use_this_type);
	127	- test_data = g_memdup (&data, sizeof (TestParamImplementData));
	128	+ test_data = g_memdup2 (&data, sizeof (TestParamImplementData));
	129	g_test_add_data_func_full (test_path, test_data, test_param_implement_child, g_free);
	130	g_free (test_path);
	131	}