1 files changed, 100 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-09.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-09.patch
new file mode 100644
index 0000000000..8efb7c720f
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-09.patch
@@ -0,0 +1,100 @@
+From 65ec7f4d6e8832c481f6e00e2eb007b9a60024ce Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@endlessos.org>
+Date: Thu, 4 Feb 2021 14:00:53 +0000
+Subject: [PATCH 09/11] =?UTF-8?q?gsocket:=20Use=20gsize=20to=20track=20nat?=
+ =?UTF-8?q?ive=20sockaddr=E2=80=99s=20size?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Don’t use an `int`, that’s potentially too small. In practical terms,
+this is not a problem, since no socket address is going to be that big.
+By making these changes we can use `g_memdup2()` without warnings,
+though. Fewer warnings is good.
+Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
+Helps: #2319
+Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
+CVE: CVE-2021-27219
+Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+---
+ gio/gsocket.c | 16 ++++++++++------
+ 1 file changed, 10 insertions(+), 6 deletions(-)
+--- a/gio/gsocket.c
+++ b/gio/gsocket.c
+@@ -75,6 +75,7 @@
+ #include "gcredentialsprivate.h"
+ #include "glibintl.h"
+ #include "gioprivate.h"
+#include "gstrfuncsprivate.h"
+ 
+ #ifdef G_OS_WIN32
+ /* For Windows XP runtime compatibility, but use the system's if_nametoindex() if available */
+@@ -174,7 +175,7 @@ static gboolean     g_socket_datagram_ba
+                                                                   GError          **error);
+ 
+ static GSocketAddress *
+-cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len);
+cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len);
+ 
+ static gssize
+ g_socket_receive_message_with_timeout  (GSocket                 *socket,
+@@ -260,7 +261,7 @@ struct _GSocketPrivate
+   struct {
+     GSocketAddress *addr;
+     struct sockaddr *native;
+-    gint native_len;
+    gsize native_len;
+     guint64 last_used;
+   } recv_addr_cache[RECV_ADDR_CACHE_SIZE];
+ };
+@@ -5259,14 +5260,14 @@ g_socket_send_messages_with_timeout (GSo
+ }
+ 
+ static GSocketAddress *
+-cache_recv_address (GSocket *socket, struct sockaddr *native, int native_len)
+cache_recv_address (GSocket *socket, struct sockaddr *native, size_t native_len)
+ {
+   GSocketAddress *saddr;
+   gint i;
+   guint64 oldest_time = G_MAXUINT64;
+   gint oldest_index = 0;
+ 
+-  if (native_len <= 0)
+  if (native_len == 0)
+     return NULL;
+ 
+   saddr = NULL;
+@@ -5274,7 +5275,7 @@ cache_recv_address (GSocket *socket, str
+     {
+       GSocketAddress *tmp = socket->priv->recv_addr_cache[i].addr;
+       gpointer tmp_native = socket->priv->recv_addr_cache[i].native;
+-      gint tmp_native_len = socket->priv->recv_addr_cache[i].native_len;
+      gsize tmp_native_len = socket->priv->recv_addr_cache[i].native_len;
+ 
+       if (!tmp)
+         continue;
+@@ -5304,7 +5305,7 @@ cache_recv_address (GSocket *socket, str
+       g_free (socket->priv->recv_addr_cache[oldest_index].native);
+     }
+ 
+-  socket->priv->recv_addr_cache[oldest_index].native = g_memdup (native, native_len);
+  socket->priv->recv_addr_cache[oldest_index].native = g_memdup2 (native, native_len);
+   socket->priv->recv_addr_cache[oldest_index].native_len = native_len;
+   socket->priv->recv_addr_cache[oldest_index].addr = g_object_ref (saddr);
+   socket->priv->recv_addr_cache[oldest_index].last_used = g_get_monotonic_time ();
+@@ -5452,6 +5453,9 @@ g_socket_receive_message_with_timeout (G
+     /* do it */
+     while (1)
+       {
+        /* addrlen has to be of type int because that’s how WSARecvFrom() is defined */
+        G_STATIC_ASSERT (sizeof addr <= G_MAXINT);
+
+        addrlen = sizeof addr;
+        if (address)
+          result = WSARecvFrom (socket->priv->fd,

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-09.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-09.patch new file mode 100644 index 0000000000..8efb7c720f --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-09.patch
@@ -0,0 +1,100 @@
	1	From 65ec7f4d6e8832c481f6e00e2eb007b9a60024ce Mon Sep 17 00:00:00 2001
	2	From: Philip Withnall <pwithnall@endlessos.org>
	3	Date: Thu, 4 Feb 2021 14:00:53 +0000
	4	Subject: [PATCH 09/11] =?UTF-8?q?gsocket:=20Use=20gsize=20to=20track=20nat?=
	5	=?UTF-8?q?ive=20sockaddr=E2=80=99s=20size?=
	6	MIME-Version: 1.0
	7	Content-Type: text/plain; charset=UTF-8
	8	Content-Transfer-Encoding: 8bit
	9
	10	Don’t use an `int`, that’s potentially too small. In practical terms,
	11	this is not a problem, since no socket address is going to be that big.
	12
	13	By making these changes we can use `g_memdup2()` without warnings,
	14	though. Fewer warnings is good.
	15
	16	Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
	17	Helps: #2319
	18
	19	Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
	20	CVE: CVE-2021-27219
	21	Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com>
	22	Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
	23
	24	---
	25	gio/gsocket.c \| 16 ++++++++++------
	26	1 file changed, 10 insertions(+), 6 deletions(-)
	27
	28	--- a/gio/gsocket.c
	29	+++ b/gio/gsocket.c
	30	@@ -75,6 +75,7 @@
	31	#include "gcredentialsprivate.h"
	32	#include "glibintl.h"
	33	#include "gioprivate.h"
	34	+#include "gstrfuncsprivate.h"
	35
	36	#ifdef G_OS_WIN32
	37	/* For Windows XP runtime compatibility, but use the system's if_nametoindex() if available */
	38	@@ -174,7 +175,7 @@ static gboolean g_socket_datagram_ba
	39	GError **error);
	40
	41	static GSocketAddress *
	42	-cache_recv_address (GSocket socket, struct sockaddr native, int native_len);
	43	+cache_recv_address (GSocket socket, struct sockaddr native, size_t native_len);
	44
	45	static gssize
	46	g_socket_receive_message_with_timeout (GSocket *socket,
	47	@@ -260,7 +261,7 @@ struct _GSocketPrivate
	48	struct {
	49	GSocketAddress *addr;
	50	struct sockaddr *native;
	51	- gint native_len;
	52	+ gsize native_len;
	53	guint64 last_used;
	54	} recv_addr_cache[RECV_ADDR_CACHE_SIZE];
	55	};
	56	@@ -5259,14 +5260,14 @@ g_socket_send_messages_with_timeout (GSo
	57	}
	58
	59	static GSocketAddress *
	60	-cache_recv_address (GSocket socket, struct sockaddr native, int native_len)
	61	+cache_recv_address (GSocket socket, struct sockaddr native, size_t native_len)
	62	{
	63	GSocketAddress *saddr;
	64	gint i;
	65	guint64 oldest_time = G_MAXUINT64;
	66	gint oldest_index = 0;
	67
	68	- if (native_len <= 0)
	69	+ if (native_len == 0)
	70	return NULL;
	71
	72	saddr = NULL;
	73	@@ -5274,7 +5275,7 @@ cache_recv_address (GSocket *socket, str
	74	{
	75	GSocketAddress *tmp = socket->priv->recv_addr_cache[i].addr;
	76	gpointer tmp_native = socket->priv->recv_addr_cache[i].native;
	77	- gint tmp_native_len = socket->priv->recv_addr_cache[i].native_len;
	78	+ gsize tmp_native_len = socket->priv->recv_addr_cache[i].native_len;
	79
	80	if (!tmp)
	81	continue;
	82	@@ -5304,7 +5305,7 @@ cache_recv_address (GSocket *socket, str
	83	g_free (socket->priv->recv_addr_cache[oldest_index].native);
	84	}
	85
	86	- socket->priv->recv_addr_cache[oldest_index].native = g_memdup (native, native_len);
	87	+ socket->priv->recv_addr_cache[oldest_index].native = g_memdup2 (native, native_len);
	88	socket->priv->recv_addr_cache[oldest_index].native_len = native_len;
	89	socket->priv->recv_addr_cache[oldest_index].addr = g_object_ref (saddr);
	90	socket->priv->recv_addr_cache[oldest_index].last_used = g_get_monotonic_time ();
	91	@@ -5452,6 +5453,9 @@ g_socket_receive_message_with_timeout (G
	92	/* do it */
	93	while (1)
	94	{
	95	+ /* addrlen has to be of type int because that’s how WSARecvFrom() is defined */
	96	+ G_STATIC_ASSERT (sizeof addr <= G_MAXINT);
	97	+
	98	addrlen = sizeof addr;
	99	if (address)
	100	result = WSARecvFrom (socket->priv->fd,