1 files changed, 76 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-07.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-07.patch
new file mode 100644
index 0000000000..f183939c45
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-07.patch
@@ -0,0 +1,76 @@
+From 2aaf593a9eb96d84fe3be740aca2810a97d95592 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@endlessos.org>
+Date: Thu, 4 Feb 2021 13:50:37 +0000
+Subject: [PATCH 07/11] gwin32: Use gsize internally in g_wcsdup()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+This allows it to handle strings up to length `G_MAXSIZE` — previously
+it would overflow with such strings.
+Update the several copies of it identically.
+Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
+Helps: #2319
+Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
+CVE: CVE-2021-27219
+Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+---
+ gio/gwin32registrykey.c | 34 ++++++++++++++++++++++++++--------
+ 2 files changed, 38 insertions(+), 16 deletions(-)
+diff --git a/gio/gwin32registrykey.c b/gio/gwin32registrykey.c
+index 548a94188..2eb67daf8 100644
+--- a/gio/gwin32registrykey.c
+++ b/gio/gwin32registrykey.c
+@@ -127,16 +127,34 @@ typedef enum
+   G_WIN32_REGISTRY_UPDATED_PATH = 1,
+ } GWin32RegistryKeyUpdateFlag;
+ 
+static gsize
+g_utf16_len (const gunichar2 *str)
+{
+  gsize result;
+
+  for (result = 0; str[0] != 0; str++, result++)
+    ;
+
+  return result;
+}
+
+ static gunichar2 *
+-g_wcsdup (const gunichar2 *str,
+-          gssize           str_size)
+g_wcsdup (const gunichar2 *str, gssize str_len)
+ {
+-  if (str_size == -1)
+-    {
+-      str_size = wcslen (str) + 1;
+-      str_size *= sizeof (gunichar2);
+-    }
+-  return g_memdup (str, str_size);
+  gsize str_len_unsigned;
+  gsize str_size;
+
+  g_return_val_if_fail (str != NULL, NULL);
+
+  if (str_len < 0)
+    str_len_unsigned = g_utf16_len (str);
+  else
+    str_len_unsigned = (gsize) str_len;
+
+  g_assert (str_len_unsigned <= G_MAXSIZE / sizeof (gunichar2) - 1);
+  str_size = (str_len_unsigned + 1) * sizeof (gunichar2);
+
+  return g_memdup2 (str, str_size);
+ }
+ 
+ /**
+-- 
+GitLab

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-07.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-07.patch new file mode 100644 index 0000000000..f183939c45 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-07.patch
@@ -0,0 +1,76 @@
	1	From 2aaf593a9eb96d84fe3be740aca2810a97d95592 Mon Sep 17 00:00:00 2001
	2	From: Philip Withnall <pwithnall@endlessos.org>
	3	Date: Thu, 4 Feb 2021 13:50:37 +0000
	4	Subject: [PATCH 07/11] gwin32: Use gsize internally in g_wcsdup()
	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=UTF-8
	7	Content-Transfer-Encoding: 8bit
	8
	9	This allows it to handle strings up to length `G_MAXSIZE` — previously
	10	it would overflow with such strings.
	11
	12	Update the several copies of it identically.
	13
	14	Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
	15	Helps: #2319
	16
	17	Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
	18	CVE: CVE-2021-27219
	19	Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com>
	20	Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
	21
	22	---
	23	gio/gwin32registrykey.c \| 34 ++++++++++++++++++++++++++--------
	24	2 files changed, 38 insertions(+), 16 deletions(-)
	25
	26	diff --git a/gio/gwin32registrykey.c b/gio/gwin32registrykey.c
	27	index 548a94188..2eb67daf8 100644
	28	--- a/gio/gwin32registrykey.c
	29	+++ b/gio/gwin32registrykey.c
	30	@@ -127,16 +127,34 @@ typedef enum
	31	G_WIN32_REGISTRY_UPDATED_PATH = 1,
	32	} GWin32RegistryKeyUpdateFlag;
	33
	34	+static gsize
	35	+g_utf16_len (const gunichar2 *str)
	36	+{
	37	+ gsize result;
	38	+
	39	+ for (result = 0; str[0] != 0; str++, result++)
	40	+ ;
	41	+
	42	+ return result;
	43	+}
	44	+
	45	static gunichar2 *
	46	-g_wcsdup (const gunichar2 *str,
	47	- gssize str_size)
	48	+g_wcsdup (const gunichar2 *str, gssize str_len)
	49	{
	50	- if (str_size == -1)
	51	- {
	52	- str_size = wcslen (str) + 1;
	53	- str_size *= sizeof (gunichar2);
	54	- }
	55	- return g_memdup (str, str_size);
	56	+ gsize str_len_unsigned;
	57	+ gsize str_size;
	58	+
	59	+ g_return_val_if_fail (str != NULL, NULL);
	60	+
	61	+ if (str_len < 0)
	62	+ str_len_unsigned = g_utf16_len (str);
	63	+ else
	64	+ str_len_unsigned = (gsize) str_len;
	65	+
	66	+ g_assert (str_len_unsigned <= G_MAXSIZE / sizeof (gunichar2) - 1);
	67	+ str_size = (str_len_unsigned + 1) * sizeof (gunichar2);
	68	+
	69	+ return g_memdup2 (str, str_size);
	70	}
	71
	72	/**
	73	--
	74	GitLab
	75
	76