1 files changed, 101 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-06.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-06.patch
new file mode 100644
index 0000000000..d8043f5e29
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-06.patch
@@ -0,0 +1,101 @@
+From f9ee2275cbc312c0b4cdbc338a4fbb76eb36fb9a Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@endlessos.org>
+Date: Thu, 4 Feb 2021 13:49:00 +0000
+Subject: [PATCH 06/11] gdatainputstream: Handle stop_chars_len internally as
+ gsize
+Previously it was handled as a `gssize`, which meant that if the
+`stop_chars` string was longer than `G_MAXSSIZE` there would be an
+overflow.
+Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
+Helps: #2319
+Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
+CVE: CVE-2021-27219
+Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+---
+ gio/gdatainputstream.c | 25 +++++++++++++++++--------
+ 1 file changed, 17 insertions(+), 8 deletions(-)
+diff --git a/gio/gdatainputstream.c b/gio/gdatainputstream.c
+index 2e7750cb5..2cdcbda19 100644
+--- a/gio/gdatainputstream.c
+++ b/gio/gdatainputstream.c
+@@ -27,6 +27,7 @@
+ #include "gioenumtypes.h"
+ #include "gioerror.h"
+ #include "glibintl.h"
+#include "gstrfuncsprivate.h"
+ 
+ #include <string.h>
+ 
+@@ -856,7 +857,7 @@ static gssize
+ scan_for_chars (GDataInputStream *stream,
+                gsize            *checked_out,
+                const char       *stop_chars,
+-                gssize            stop_chars_len)
+                gsize             stop_chars_len)
+ {
+   GBufferedInputStream *bstream;
+   const char *buffer;
+@@ -952,7 +953,7 @@ typedef struct
+   gsize checked;
+ 
+   gchar *stop_chars;
+-  gssize stop_chars_len;
+  gsize stop_chars_len;
+   gsize length;
+ } GDataInputStreamReadData;
+ 
+@@ -1078,12 +1079,17 @@ g_data_input_stream_read_async (GDataInputStream    *stream,
+ {
+   GDataInputStreamReadData *data;
+   GTask *task;
+  gsize stop_chars_len_unsigned;
+ 
+   data = g_slice_new0 (GDataInputStreamReadData);
+-  if (stop_chars_len == -1)
+-    stop_chars_len = strlen (stop_chars);
+-  data->stop_chars = g_memdup (stop_chars, stop_chars_len);
+-  data->stop_chars_len = stop_chars_len;
+
+  if (stop_chars_len < 0)
+    stop_chars_len_unsigned = strlen (stop_chars);
+  else
+    stop_chars_len_unsigned = (gsize) stop_chars_len;
+
+  data->stop_chars = g_memdup2 (stop_chars, stop_chars_len_unsigned);
+  data->stop_chars_len = stop_chars_len_unsigned;
+   data->last_saw_cr = FALSE;
+ 
+   task = g_task_new (stream, cancellable, callback, user_data);
+@@ -1338,17 +1344,20 @@ g_data_input_stream_read_upto (GDataInputStream  *stream,
+   gssize found_pos;
+   gssize res;
+   char *data_until;
+  gsize stop_chars_len_unsigned;
+ 
+   g_return_val_if_fail (G_IS_DATA_INPUT_STREAM (stream), NULL);
+ 
+   if (stop_chars_len < 0)
+-    stop_chars_len = strlen (stop_chars);
+    stop_chars_len_unsigned = strlen (stop_chars);
+  else
+    stop_chars_len_unsigned = (gsize) stop_chars_len;
+ 
+   bstream = G_BUFFERED_INPUT_STREAM (stream);
+ 
+   checked = 0;
+ 
+-  while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len)) == -1)
+  while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len_unsigned)) == -1)
+     {
+       if (g_buffered_input_stream_get_available (bstream) ==
+           g_buffered_input_stream_get_buffer_size (bstream))
+-- 
+GitLab

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-06.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-06.patch new file mode 100644 index 0000000000..d8043f5e29 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-06.patch
@@ -0,0 +1,101 @@
	1	From f9ee2275cbc312c0b4cdbc338a4fbb76eb36fb9a Mon Sep 17 00:00:00 2001
	2	From: Philip Withnall <pwithnall@endlessos.org>
	3	Date: Thu, 4 Feb 2021 13:49:00 +0000
	4	Subject: [PATCH 06/11] gdatainputstream: Handle stop_chars_len internally as
	5	gsize
	6
	7	Previously it was handled as a `gssize`, which meant that if the
	8	`stop_chars` string was longer than `G_MAXSSIZE` there would be an
	9	overflow.
	10
	11	Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
	12	Helps: #2319
	13
	14	Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
	15	CVE: CVE-2021-27219
	16	Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com>
	17	Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
	18
	19	---
	20	gio/gdatainputstream.c \| 25 +++++++++++++++++--------
	21	1 file changed, 17 insertions(+), 8 deletions(-)
	22
	23	diff --git a/gio/gdatainputstream.c b/gio/gdatainputstream.c
	24	index 2e7750cb5..2cdcbda19 100644
	25	--- a/gio/gdatainputstream.c
	26	+++ b/gio/gdatainputstream.c
	27	@@ -27,6 +27,7 @@
	28	#include "gioenumtypes.h"
	29	#include "gioerror.h"
	30	#include "glibintl.h"
	31	+#include "gstrfuncsprivate.h"
	32
	33	#include <string.h>
	34
	35	@@ -856,7 +857,7 @@ static gssize
	36	scan_for_chars (GDataInputStream *stream,
	37	gsize *checked_out,
	38	const char *stop_chars,
	39	- gssize stop_chars_len)
	40	+ gsize stop_chars_len)
	41	{
	42	GBufferedInputStream *bstream;
	43	const char *buffer;
	44	@@ -952,7 +953,7 @@ typedef struct
	45	gsize checked;
	46
	47	gchar *stop_chars;
	48	- gssize stop_chars_len;
	49	+ gsize stop_chars_len;
	50	gsize length;
	51	} GDataInputStreamReadData;
	52
	53	@@ -1078,12 +1079,17 @@ g_data_input_stream_read_async (GDataInputStream *stream,
	54	{
	55	GDataInputStreamReadData *data;
	56	GTask *task;
	57	+ gsize stop_chars_len_unsigned;
	58
	59	data = g_slice_new0 (GDataInputStreamReadData);
	60	- if (stop_chars_len == -1)
	61	- stop_chars_len = strlen (stop_chars);
	62	- data->stop_chars = g_memdup (stop_chars, stop_chars_len);
	63	- data->stop_chars_len = stop_chars_len;
	64	+
	65	+ if (stop_chars_len < 0)
	66	+ stop_chars_len_unsigned = strlen (stop_chars);
	67	+ else
	68	+ stop_chars_len_unsigned = (gsize) stop_chars_len;
	69	+
	70	+ data->stop_chars = g_memdup2 (stop_chars, stop_chars_len_unsigned);
	71	+ data->stop_chars_len = stop_chars_len_unsigned;
	72	data->last_saw_cr = FALSE;
	73
	74	task = g_task_new (stream, cancellable, callback, user_data);
	75	@@ -1338,17 +1344,20 @@ g_data_input_stream_read_upto (GDataInputStream *stream,
	76	gssize found_pos;
	77	gssize res;
	78	char *data_until;
	79	+ gsize stop_chars_len_unsigned;
	80
	81	g_return_val_if_fail (G_IS_DATA_INPUT_STREAM (stream), NULL);
	82
	83	if (stop_chars_len < 0)
	84	- stop_chars_len = strlen (stop_chars);
	85	+ stop_chars_len_unsigned = strlen (stop_chars);
	86	+ else
	87	+ stop_chars_len_unsigned = (gsize) stop_chars_len;
	88
	89	bstream = G_BUFFERED_INPUT_STREAM (stream);
	90
	91	checked = 0;
	92
	93	- while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len)) == -1)
	94	+ while ((found_pos = scan_for_chars (stream, &checked, stop_chars, stop_chars_len_unsigned)) == -1)
	95	{
	96	if (g_buffered_input_stream_get_available (bstream) ==
	97	g_buffered_input_stream_get_buffer_size (bstream))
	98	--
	99	GitLab
	100
	101