1 files changed, 43 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-2.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-2.patch
new file mode 100644
index 0000000000..04503641c3
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-2.patch
@@ -0,0 +1,43 @@
+From 31e0d403ba635dbbacbfbff74295e5db02558d76 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@endlessos.org>
+Date: Wed, 10 Feb 2021 21:19:30 +0000
+Subject: [PATCH 2/3] gkeyfilesettingsbackend: Disallow empty key or group
+ names
+These should never have been allowed; they will result in precondition
+failures from the `GKeyFile` later on in the code.
+A test will be added for this shortly.
+Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
+Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
+CVE: CVE-2021-27219
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+---
+ gio/gkeyfilesettingsbackend.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
+index 861c3a661..de216e615 100644
+--- a/gio/gkeyfilesettingsbackend.c
+++ b/gio/gkeyfilesettingsbackend.c
+@@ -158,6 +158,13 @@ convert_path (GKeyfileSettingsBackend  *kfsb,
+ 
+   last_slash = strrchr (key, '/');
+ 
+  /* Disallow empty group names or key names */
+  if (key_len == 0 ||
+      (last_slash != NULL &&
+       (*(last_slash + 1) == '\0' ||
+        last_slash == key)))
+    return FALSE;
+
+   if (kfsb->root_group)
+     {
+       /* if a root_group was specified, make sure the user hasn't given
+-- 
+GitLab

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-2.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-2.patch new file mode 100644 index 0000000000..04503641c3 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-2.patch
@@ -0,0 +1,43 @@
	1	From 31e0d403ba635dbbacbfbff74295e5db02558d76 Mon Sep 17 00:00:00 2001
	2	From: Philip Withnall <pwithnall@endlessos.org>
	3	Date: Wed, 10 Feb 2021 21:19:30 +0000
	4	Subject: [PATCH 2/3] gkeyfilesettingsbackend: Disallow empty key or group
	5	names
	6
	7	These should never have been allowed; they will result in precondition
	8	failures from the `GKeyFile` later on in the code.
	9
	10	A test will be added for this shortly.
	11
	12	Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
	13
	14	Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
	15	CVE: CVE-2021-27219
	16	Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
	17
	18	---
	19	gio/gkeyfilesettingsbackend.c \| 7 +++++++
	20	1 file changed, 7 insertions(+)
	21
	22	diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
	23	index 861c3a661..de216e615 100644
	24	--- a/gio/gkeyfilesettingsbackend.c
	25	+++ b/gio/gkeyfilesettingsbackend.c
	26	@@ -158,6 +158,13 @@ convert_path (GKeyfileSettingsBackend *kfsb,
	27
	28	last_slash = strrchr (key, '/');
	29
	30	+ /* Disallow empty group names or key names */
	31	+ if (key_len == 0 \|\|
	32	+ (last_slash != NULL &&
	33	+ (*(last_slash + 1) == '\0' \|\|
	34	+ last_slash == key)))
	35	+ return FALSE;
	36	+
	37	if (kfsb->root_group)
	38	{
	39	/* if a root_group was specified, make sure the user hasn't given
	40	--
	41	GitLab
	42
	43