1 files changed, 100 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-5.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-5.patch
new file mode 100644
index 0000000000..356e986fe0
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-5.patch
@@ -0,0 +1,100 @@
+From 3d1550354c3c6a8491c39881752d51cb7515f2c2 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@collabora.com>
+Date: Mon, 8 Feb 2021 10:22:39 +0000
+Subject: [PATCH 5/5] tls-interaction: Add test coverage for various ways to
+ set the password
+Signed-off-by: Simon McVittie <smcv@collabora.com>
+(cherry picked from commit df4501316ca3903072400504a5ea76498db19538)
+Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
+CVE: CVE-2021-27219
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+---
+ gio/tests/tls-interaction.c | 55 +++++++++++++++++++++++++++++++++++++
+ 1 file changed, 55 insertions(+)
+diff --git a/gio/tests/tls-interaction.c b/gio/tests/tls-interaction.c
+index 4f0737d7e..5661e8e0d 100644
+--- a/gio/tests/tls-interaction.c
+++ b/gio/tests/tls-interaction.c
+@@ -174,6 +174,38 @@ test_interaction_ask_password_finish_failure (GTlsInteraction    *interaction,
+ }
+ 
+ 
+/* Return a copy of @str that is allocated in a silly way, to exercise
+ * custom free-functions. The returned pointer points to a copy of @str
+ * in a buffer of the form "BEFORE \0 str \0 AFTER". */
+static guchar *
+special_dup (const char *str)
+{
+  GString *buf = g_string_new ("BEFORE");
+  guchar *ret;
+
+  g_string_append_c (buf, '\0');
+  g_string_append (buf, str);
+  g_string_append_c (buf, '\0');
+  g_string_append (buf, "AFTER");
+  ret = (guchar *) g_string_free (buf, FALSE);
+  return ret + strlen ("BEFORE") + 1;
+}
+
+
+/* Free a copy of @str that was made with special_dup(), after asserting
+ * that it has not been corrupted. */
+static void
+special_free (gpointer p)
+{
+  gchar *s = p;
+  gchar *buf = s - strlen ("BEFORE") - 1;
+
+  g_assert_cmpstr (buf, ==, "BEFORE");
+  g_assert_cmpstr (s + strlen (s) + 1, ==, "AFTER");
+  g_free (buf);
+}
+
+
+ static GTlsInteractionResult
+ test_interaction_ask_password_sync_success (GTlsInteraction    *interaction,
+                                             GTlsPassword       *password,
+@@ -181,6 +213,8 @@ test_interaction_ask_password_sync_success (GTlsInteraction    *interaction,
+                                             GError            **error)
+ {
+   TestInteraction *self;
+  const guchar *value;
+  gsize len;
+ 
+   g_assert (TEST_IS_INTERACTION (interaction));
+   self = TEST_INTERACTION (interaction);
+@@ -192,6 +226,27 @@ test_interaction_ask_password_sync_success (GTlsInteraction    *interaction,
+   g_assert (error != NULL);
+   g_assert (*error == NULL);
+ 
+  /* Exercise different ways to set the value */
+  g_tls_password_set_value (password, (const guchar *) "foo", 4);
+  len = 0;
+  value = g_tls_password_get_value (password, &len);
+  g_assert_cmpmem (value, len, "foo", 4);
+
+  g_tls_password_set_value (password, (const guchar *) "bar", -1);
+  len = 0;
+  value = g_tls_password_get_value (password, &len);
+  g_assert_cmpmem (value, len, "bar", 3);
+
+  g_tls_password_set_value_full (password, special_dup ("baa"), 4, special_free);
+  len = 0;
+  value = g_tls_password_get_value (password, &len);
+  g_assert_cmpmem (value, len, "baa", 4);
+
+  g_tls_password_set_value_full (password, special_dup ("baz"), -1, special_free);
+  len = 0;
+  value = g_tls_password_get_value (password, &len);
+  g_assert_cmpmem (value, len, "baz", 3);
+
+   /* Don't do this in real life. Include a null terminator for testing */
+   g_tls_password_set_value (password, (const guchar *)"the password", 13);
+   return G_TLS_INTERACTION_HANDLED;
+-- 
+GitLab

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-5.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-5.patch new file mode 100644 index 0000000000..356e986fe0 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-5.patch
@@ -0,0 +1,100 @@
	1	From 3d1550354c3c6a8491c39881752d51cb7515f2c2 Mon Sep 17 00:00:00 2001
	2	From: Simon McVittie <smcv@collabora.com>
	3	Date: Mon, 8 Feb 2021 10:22:39 +0000
	4	Subject: [PATCH 5/5] tls-interaction: Add test coverage for various ways to
	5	set the password
	6
	7	Signed-off-by: Simon McVittie <smcv@collabora.com>
	8	(cherry picked from commit df4501316ca3903072400504a5ea76498db19538)
	9
	10	Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
	11	CVE: CVE-2021-27219
	12	Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
	13
	14	---
	15	gio/tests/tls-interaction.c \| 55 +++++++++++++++++++++++++++++++++++++
	16	1 file changed, 55 insertions(+)
	17
	18	diff --git a/gio/tests/tls-interaction.c b/gio/tests/tls-interaction.c
	19	index 4f0737d7e..5661e8e0d 100644
	20	--- a/gio/tests/tls-interaction.c
	21	+++ b/gio/tests/tls-interaction.c
	22	@@ -174,6 +174,38 @@ test_interaction_ask_password_finish_failure (GTlsInteraction *interaction,
	23	}
	24
	25
	26	+/* Return a copy of @str that is allocated in a silly way, to exercise
	27	+ * custom free-functions. The returned pointer points to a copy of @str
	28	+ * in a buffer of the form "BEFORE \0 str \0 AFTER". */
	29	+static guchar *
	30	+special_dup (const char *str)
	31	+{
	32	+ GString *buf = g_string_new ("BEFORE");
	33	+ guchar *ret;
	34	+
	35	+ g_string_append_c (buf, '\0');
	36	+ g_string_append (buf, str);
	37	+ g_string_append_c (buf, '\0');
	38	+ g_string_append (buf, "AFTER");
	39	+ ret = (guchar *) g_string_free (buf, FALSE);
	40	+ return ret + strlen ("BEFORE") + 1;
	41	+}
	42	+
	43	+
	44	+/* Free a copy of @str that was made with special_dup(), after asserting
	45	+ * that it has not been corrupted. */
	46	+static void
	47	+special_free (gpointer p)
	48	+{
	49	+ gchar *s = p;
	50	+ gchar *buf = s - strlen ("BEFORE") - 1;
	51	+
	52	+ g_assert_cmpstr (buf, ==, "BEFORE");
	53	+ g_assert_cmpstr (s + strlen (s) + 1, ==, "AFTER");
	54	+ g_free (buf);
	55	+}
	56	+
	57	+
	58	static GTlsInteractionResult
	59	test_interaction_ask_password_sync_success (GTlsInteraction *interaction,
	60	GTlsPassword *password,
	61	@@ -181,6 +213,8 @@ test_interaction_ask_password_sync_success (GTlsInteraction *interaction,
	62	GError **error)
	63	{
	64	TestInteraction *self;
	65	+ const guchar *value;
	66	+ gsize len;
	67
	68	g_assert (TEST_IS_INTERACTION (interaction));
	69	self = TEST_INTERACTION (interaction);
	70	@@ -192,6 +226,27 @@ test_interaction_ask_password_sync_success (GTlsInteraction *interaction,
	71	g_assert (error != NULL);
	72	g_assert (*error == NULL);
	73
	74	+ /* Exercise different ways to set the value */
	75	+ g_tls_password_set_value (password, (const guchar *) "foo", 4);
	76	+ len = 0;
	77	+ value = g_tls_password_get_value (password, &len);
	78	+ g_assert_cmpmem (value, len, "foo", 4);
	79	+
	80	+ g_tls_password_set_value (password, (const guchar *) "bar", -1);
	81	+ len = 0;
	82	+ value = g_tls_password_get_value (password, &len);
	83	+ g_assert_cmpmem (value, len, "bar", 3);
	84	+
	85	+ g_tls_password_set_value_full (password, special_dup ("baa"), 4, special_free);
	86	+ len = 0;
	87	+ value = g_tls_password_get_value (password, &len);
	88	+ g_assert_cmpmem (value, len, "baa", 4);
	89	+
	90	+ g_tls_password_set_value_full (password, special_dup ("baz"), -1, special_free);
	91	+ len = 0;
	92	+ value = g_tls_password_get_value (password, &len);
	93	+ g_assert_cmpmem (value, len, "baz", 3);
	94	+
	95	/* Don't do this in real life. Include a null terminator for testing */
	96	g_tls_password_set_value (password, (const guchar *)"the password", 13);
	97	return G_TLS_INTERACTION_HANDLED;
	98	--
	99	GitLab
	100