1 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-1.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-1.patch
new file mode 100644
index 0000000000..dd43689aae
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-1.patch
@@ -0,0 +1,49 @@
+From cb9ee701ef46c1819eed4e2a4dc181682bdfc176 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@endlessos.org>
+Date: Wed, 10 Feb 2021 21:16:39 +0000
+Subject: [PATCH 1/3] gkeyfilesettingsbackend: Fix basename handling when group
+ is unset
+Fix an effective regression in commit
+7781a9cbd2fd0aa84bee0f4eee88470640ff6706, which happens when
+`convert_path()` is called with a `key` which contains no slashes. In
+that case, the `key` is entirely the `basename`.
+Prior to commit 7781a9cb, the code worked through a fluke of `i == -1`
+cancelling out with the various additions in the `g_memdup()` call, and
+effectively resulting in `g_strdup (key)`.
+Spotted by Guido Berhoerster.
+Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
+Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
+CVE: CVE-2021-27219
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+---
+ gio/gkeyfilesettingsbackend.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
+index 25b057672..861c3a661 100644
+--- a/gio/gkeyfilesettingsbackend.c
+++ b/gio/gkeyfilesettingsbackend.c
+@@ -185,7 +185,12 @@ convert_path (GKeyfileSettingsBackend  *kfsb,
+     }
+ 
+   if (basename)
+-    *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key));
+    {
+      if (last_slash != NULL)
+        *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key));
+      else
+        *basename = g_strdup (key);
+    }
+ 
+   return TRUE;
+ }
+-- 
+GitLab

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-1.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-1.patch new file mode 100644 index 0000000000..dd43689aae --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-1.patch
@@ -0,0 +1,49 @@
	1	From cb9ee701ef46c1819eed4e2a4dc181682bdfc176 Mon Sep 17 00:00:00 2001
	2	From: Philip Withnall <pwithnall@endlessos.org>
	3	Date: Wed, 10 Feb 2021 21:16:39 +0000
	4	Subject: [PATCH 1/3] gkeyfilesettingsbackend: Fix basename handling when group
	5	is unset
	6
	7	Fix an effective regression in commit
	8	7781a9cbd2fd0aa84bee0f4eee88470640ff6706, which happens when
	9	`convert_path()` is called with a `key` which contains no slashes. In
	10	that case, the `key` is entirely the `basename`.
	11
	12	Prior to commit 7781a9cb, the code worked through a fluke of `i == -1`
	13	cancelling out with the various additions in the `g_memdup()` call, and
	14	effectively resulting in `g_strdup (key)`.
	15
	16	Spotted by Guido Berhoerster.
	17
	18	Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
	19
	20	Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
	21	CVE: CVE-2021-27219
	22	Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
	23
	24	---
	25	gio/gkeyfilesettingsbackend.c \| 7 ++++++-
	26	1 file changed, 6 insertions(+), 1 deletion(-)
	27
	28	diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
	29	index 25b057672..861c3a661 100644
	30	--- a/gio/gkeyfilesettingsbackend.c
	31	+++ b/gio/gkeyfilesettingsbackend.c
	32	@@ -185,7 +185,12 @@ convert_path (GKeyfileSettingsBackend *kfsb,
	33	}
	34
	35	if (basename)
	36	- *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key));
	37	+ {
	38	+ if (last_slash != NULL)
	39	+ *basename = g_memdup2 (last_slash + 1, key_len - (last_slash - key));
	40	+ else
	41	+ *basename = g_strdup (key);
	42	+ }
	43
	44	return TRUE;
	45	}
	46	--
	47	GitLab
	48
	49