1 files changed, 89 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32611-0001.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32611-0001.patch
new file mode 100644
index 0000000000..b2187f2af9
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32611-0001.patch
@@ -0,0 +1,89 @@
+From 1deacdd4e8e35a5cf1417918ca4f6b0afa6409b1 Mon Sep 17 00:00:00 2001
+From: William Manley <will@stb-tester.com>
+Date: Wed, 9 Aug 2023 10:04:49 +0000
+Subject: [PATCH] gvariant-core: Consolidate construction of
+ `GVariantSerialised`
+So I only need to change it in one place.
+This introduces no functional changes.
+Helps: #2121
+CVE: CVE-2023-32665
+Upstream-Status: Backport from [https://gitlab.gnome.org/GNOME/glib/-/commit/1deacdd4e8e35a5cf1417918ca4f6b0afa6409b1]
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ glib/gvariant.c       |  8 +++++---
+ glib/tests/gvariant.c | 24 ++++++++++++++++++++++++
+ 2 files changed, 29 insertions(+), 3 deletions(-)
+diff --git a/glib/gvariant.c b/glib/gvariant.c
+index 8ba701e..4dbd9e8 100644
+--- a/glib/gvariant.c
+++ b/glib/gvariant.c
+@@ -5952,14 +5952,16 @@ g_variant_byteswap (GVariant *value)
+       g_variant_serialised_byteswap (serialised);
+ 
+       bytes = g_bytes_new_take (serialised.data, serialised.size);
+-      new = g_variant_new_from_bytes (g_variant_get_type (value), bytes, TRUE);
+      new = g_variant_ref_sink (g_variant_new_from_bytes (g_variant_get_type (value), bytes, TRUE));
+       g_bytes_unref (bytes);
+     }
+   else
+     /* contains no multi-byte data */
+-    new = value;
+    new = g_variant_get_normal_form (value);
+ 
+-  return g_variant_ref_sink (new);
+  g_assert (g_variant_is_trusted (new));
+
+  return g_steal_pointer (&new);
+ }
+ 
+ /**
+diff --git a/glib/tests/gvariant.c b/glib/tests/gvariant.c
+index 4ce0e4f..3dda08e 100644
+--- a/glib/tests/gvariant.c
+++ b/glib/tests/gvariant.c
+@@ -3834,6 +3834,29 @@ test_gv_byteswap (void)
+   g_free (string);
+ }
+ 
+static void
+test_gv_byteswap_non_normal_non_aligned (void)
+{
+  const guint8 data[] = { 0x02 };
+  GVariant *v = NULL;
+  GVariant *v_byteswapped = NULL;
+
+  g_test_summary ("Test that calling g_variant_byteswap() on a variant which "
+                  "is in non-normal form and doesn’t need byteswapping returns "
+                  "the same variant in normal form.");
+
+  v = g_variant_new_from_data (G_VARIANT_TYPE_BOOLEAN, data, sizeof (data), FALSE, NULL, NULL);
+  g_assert_false (g_variant_is_normal_form (v));
+
+  v_byteswapped = g_variant_byteswap (v);
+  g_assert_true (g_variant_is_normal_form (v_byteswapped));
+
+  g_assert_cmpvariant (v, v_byteswapped);
+
+  g_variant_unref (v);
+  g_variant_unref (v_byteswapped);
+}
+
+ static void
+ test_parser (void)
+ {
+@@ -5570,6 +5593,7 @@ main (int argc, char **argv)
+   g_test_add_func ("/gvariant/builder-memory", test_builder_memory);
+   g_test_add_func ("/gvariant/hashing", test_hashing);
+   g_test_add_func ("/gvariant/byteswap", test_gv_byteswap);
+  g_test_add_func ("/gvariant/byteswap/non-normal-non-aligned", test_gv_byteswap_non_normal_non_aligned);
+   g_test_add_func ("/gvariant/parser", test_parses);
+   g_test_add_func ("/gvariant/parser/integer-bounds", test_parser_integer_bounds);
+   g_test_add_func ("/gvariant/parser/recursion", test_parser_recursion);
+-- 
+2.24.4

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32611-0001.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32611-0001.patch new file mode 100644 index 0000000000..b2187f2af9 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2023-32611-0001.patch
@@ -0,0 +1,89 @@
	1	From 1deacdd4e8e35a5cf1417918ca4f6b0afa6409b1 Mon Sep 17 00:00:00 2001
	2	From: William Manley <will@stb-tester.com>
	3	Date: Wed, 9 Aug 2023 10:04:49 +0000
	4	Subject: [PATCH] gvariant-core: Consolidate construction of
	5	`GVariantSerialised`
	6
	7	So I only need to change it in one place.
	8
	9	This introduces no functional changes.
	10
	11	Helps: #2121
	12
	13	CVE: CVE-2023-32665
	14	Upstream-Status: Backport from [https://gitlab.gnome.org/GNOME/glib/-/commit/1deacdd4e8e35a5cf1417918ca4f6b0afa6409b1]
	15	Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
	16	---
	17	glib/gvariant.c \| 8 +++++---
	18	glib/tests/gvariant.c \| 24 ++++++++++++++++++++++++
	19	2 files changed, 29 insertions(+), 3 deletions(-)
	20
	21	diff --git a/glib/gvariant.c b/glib/gvariant.c
	22	index 8ba701e..4dbd9e8 100644
	23	--- a/glib/gvariant.c
	24	+++ b/glib/gvariant.c
	25	@@ -5952,14 +5952,16 @@ g_variant_byteswap (GVariant *value)
	26	g_variant_serialised_byteswap (serialised);
	27
	28	bytes = g_bytes_new_take (serialised.data, serialised.size);
	29	- new = g_variant_new_from_bytes (g_variant_get_type (value), bytes, TRUE);
	30	+ new = g_variant_ref_sink (g_variant_new_from_bytes (g_variant_get_type (value), bytes, TRUE));
	31	g_bytes_unref (bytes);
	32	}
	33	else
	34	/* contains no multi-byte data */
	35	- new = value;
	36	+ new = g_variant_get_normal_form (value);
	37
	38	- return g_variant_ref_sink (new);
	39	+ g_assert (g_variant_is_trusted (new));
	40	+
	41	+ return g_steal_pointer (&new);
	42	}
	43
	44	/**
	45	diff --git a/glib/tests/gvariant.c b/glib/tests/gvariant.c
	46	index 4ce0e4f..3dda08e 100644
	47	--- a/glib/tests/gvariant.c
	48	+++ b/glib/tests/gvariant.c
	49	@@ -3834,6 +3834,29 @@ test_gv_byteswap (void)
	50	g_free (string);
	51	}
	52
	53	+static void
	54	+test_gv_byteswap_non_normal_non_aligned (void)
	55	+{
	56	+ const guint8 data[] = { 0x02 };
	57	+ GVariant *v = NULL;
	58	+ GVariant *v_byteswapped = NULL;
	59	+
	60	+ g_test_summary ("Test that calling g_variant_byteswap() on a variant which "
	61	+ "is in non-normal form and doesn’t need byteswapping returns "
	62	+ "the same variant in normal form.");
	63	+
	64	+ v = g_variant_new_from_data (G_VARIANT_TYPE_BOOLEAN, data, sizeof (data), FALSE, NULL, NULL);
	65	+ g_assert_false (g_variant_is_normal_form (v));
	66	+
	67	+ v_byteswapped = g_variant_byteswap (v);
	68	+ g_assert_true (g_variant_is_normal_form (v_byteswapped));
	69	+
	70	+ g_assert_cmpvariant (v, v_byteswapped);
	71	+
	72	+ g_variant_unref (v);
	73	+ g_variant_unref (v_byteswapped);
	74	+}
	75	+
	76	static void
	77	test_parser (void)
	78	{
	79	@@ -5570,6 +5593,7 @@ main (int argc, char **argv)
	80	g_test_add_func ("/gvariant/builder-memory", test_builder_memory);
	81	g_test_add_func ("/gvariant/hashing", test_hashing);
	82	g_test_add_func ("/gvariant/byteswap", test_gv_byteswap);
	83	+ g_test_add_func ("/gvariant/byteswap/non-normal-non-aligned", test_gv_byteswap_non_normal_non_aligned);
	84	g_test_add_func ("/gvariant/parser", test_parses);
	85	g_test_add_func ("/gvariant/parser/integer-bounds", test_parser_integer_bounds);
	86	g_test_add_func ("/gvariant/parser/recursion", test_parser_recursion);
	87	--
	88	2.24.4
	89