1 files changed, 59 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-10.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-10.patch
new file mode 100644
index 0000000000..63fda0b600
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-10.patch
@@ -0,0 +1,59 @@
+From 777b95a88f006d39d9fe6d3321db17e7b0d4b9a4 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@endlessos.org>
+Date: Thu, 4 Feb 2021 14:07:39 +0000
+Subject: [PATCH 10/11] gtlspassword: Forbid very long TLS passwords
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+The public API `g_tls_password_set_value_full()` (and the vfunc it
+invokes) can only accept a `gssize` length. Ensure that nul-terminated
+strings passed to `g_tls_password_set_value()` can’t exceed that length.
+Use `g_memdup2()` to avoid an overflow if they’re longer than
+`G_MAXUINT` similarly.
+Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
+Helps: #2319
+Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
+CVE: CVE-2021-27219
+Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+---
+ gio/gtlspassword.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+diff --git a/gio/gtlspassword.c b/gio/gtlspassword.c
+index 1e437a7b6..dbcec41a8 100644
+--- a/gio/gtlspassword.c
+++ b/gio/gtlspassword.c
+@@ -23,6 +23,7 @@
+ #include "glibintl.h"
+ 
+ #include "gioenumtypes.h"
+#include "gstrfuncsprivate.h"
+ #include "gtlspassword.h"
+ 
+ #include <string.h>
+@@ -287,9 +288,14 @@ g_tls_password_set_value (GTlsPassword  *password,
+   g_return_if_fail (G_IS_TLS_PASSWORD (password));
+ 
+   if (length < 0)
+-    length = strlen ((gchar *)value);
+    {
+      /* FIXME: g_tls_password_set_value_full() doesn’t support unsigned gsize */
+      gsize length_unsigned = strlen ((gchar *) value);
+      g_return_if_fail (length_unsigned > G_MAXSSIZE);
+      length = (gssize) length_unsigned;
+    }
+ 
+-  g_tls_password_set_value_full (password, g_memdup (value, length), length, g_free);
+  g_tls_password_set_value_full (password, g_memdup2 (value, (gsize) length), length, g_free);
+ }
+ 
+ /**
+-- 
+GitLab

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-10.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-10.patch new file mode 100644 index 0000000000..63fda0b600 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-10.patch
@@ -0,0 +1,59 @@
	1	From 777b95a88f006d39d9fe6d3321db17e7b0d4b9a4 Mon Sep 17 00:00:00 2001
	2	From: Philip Withnall <pwithnall@endlessos.org>
	3	Date: Thu, 4 Feb 2021 14:07:39 +0000
	4	Subject: [PATCH 10/11] gtlspassword: Forbid very long TLS passwords
	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=UTF-8
	7	Content-Transfer-Encoding: 8bit
	8
	9	The public API `g_tls_password_set_value_full()` (and the vfunc it
	10	invokes) can only accept a `gssize` length. Ensure that nul-terminated
	11	strings passed to `g_tls_password_set_value()` can’t exceed that length.
	12	Use `g_memdup2()` to avoid an overflow if they’re longer than
	13	`G_MAXUINT` similarly.
	14
	15	Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
	16	Helps: #2319
	17
	18	Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
	19	CVE: CVE-2021-27219
	20	Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com>
	21	Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
	22
	23	---
	24	gio/gtlspassword.c \| 10 ++++++++--
	25	1 file changed, 8 insertions(+), 2 deletions(-)
	26
	27	diff --git a/gio/gtlspassword.c b/gio/gtlspassword.c
	28	index 1e437a7b6..dbcec41a8 100644
	29	--- a/gio/gtlspassword.c
	30	+++ b/gio/gtlspassword.c
	31	@@ -23,6 +23,7 @@
	32	#include "glibintl.h"
	33
	34	#include "gioenumtypes.h"
	35	+#include "gstrfuncsprivate.h"
	36	#include "gtlspassword.h"
	37
	38	#include <string.h>
	39	@@ -287,9 +288,14 @@ g_tls_password_set_value (GTlsPassword *password,
	40	g_return_if_fail (G_IS_TLS_PASSWORD (password));
	41
	42	if (length < 0)
	43	- length = strlen ((gchar *)value);
	44	+ {
	45	+ /* FIXME: g_tls_password_set_value_full() doesn’t support unsigned gsize */
	46	+ gsize length_unsigned = strlen ((gchar *) value);
	47	+ g_return_if_fail (length_unsigned > G_MAXSSIZE);
	48	+ length = (gssize) length_unsigned;
	49	+ }
	50
	51	- g_tls_password_set_value_full (password, g_memdup (value, length), length, g_free);
	52	+ g_tls_password_set_value_full (password, g_memdup2 (value, (gsize) length), length, g_free);
	53	}
	54
	55	/**
	56	--
	57	GitLab
	58
	59