glib-2.0: Backport fix for CVE-2024-52533

Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/glib/-/commit/ec0b708b981af77fef8e4bbb603cde4de4cd2e29 Reference: https://security-tracker.debian.org/tracker/CVE-2024-52533 (From OE-Core rev: 61e270156015be8c09d45a5065deed5f7b1fde96) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Vijay Anusuri <vanusuri@mvista.com> 2024-11-14 12:12:00 +0530
committer: Steve Sakoman <steve@sakoman.com> 2024-11-26 06:11:30 -0800
commit: 938174660a7f517c4c5b6defb44982cf2668c81e (patch)
tree: 56e5e46eaa42ce462469d4301f0ed2aa5cc5df03
parent: a0e25e6652803043a2e9acd8f2493bf7ec45f161 (diff)
download: poky-938174660a7f517c4c5b6defb44982cf2668c81e.tar.gz
2 files changed, 50 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch
new file mode 100644
index 0000000000..3a06a9d782
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch
@@ -0,0 +1,49 @@
+From ec0b708b981af77fef8e4bbb603cde4de4cd2e29 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Thu, 19 Sep 2024 18:35:53 +0100
+Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in connect
+ messages
+`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul
+byte in the connect message, which is an addition in SOCKSv4a vs
+SOCKSv4.
+This means that the buffer for building and transmitting the connect
+message could be overflowed if the username and hostname are both
+`SOCKS4_MAX_LEN` (255) bytes long.
+Proxy configurations are normally statically configured, so the username
+is very unlikely to be near its maximum length, and hence this overflow
+is unlikely to be triggered in practice.
+(Commit message by Philip Withnall, diagnosis and fix by Michael
+Catanzaro.)
+Fixes: #3461
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/ec0b708b981af77fef8e4bbb603cde4de4cd2e29]
+CVE: CVE-2024-52533
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ gio/gsocks4aproxy.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c
+index 3dad118eb7..b3146d08fd 100644
+--- a/gio/gsocks4aproxy.c
+++ b/gio/gsocks4aproxy.c
+@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy)
+  * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
+  * | VN | CD | DSTPORT |      DSTIP        | USERID       |NULL| HOST |    | NULL |
+  * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
+- *    1    1      2              4           variable       1    variable
+ *    1    1      2              4           variable       1    variable    1
+  */
+-#define SOCKS4_CONN_MSG_LEN        (9 + SOCKS4_MAX_LEN * 2)
+#define SOCKS4_CONN_MSG_LEN        (10 + SOCKS4_MAX_LEN * 2)
+ static gint
+ set_connect_msg (guint8      *msg,
+                 const gchar *hostname,
+-- 
+GitLab
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb
index 1a4278b1bc..506e72bd4c 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb
@@ -17,6 +17,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
           file://0001-Switch-from-the-deprecated-distutils-module-to-the-p.patch \
           file://memory-monitor.patch \
           file://skip-timeout.patch \
+           file://CVE-2024-52533.patch \
           "
 SRC_URI:append:class-native = " file://relocate-modules.patch \ 
                                file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \
author	Vijay Anusuri <vanusuri@mvista.com>	2024-11-14 12:12:00 +0530
committer	Steve Sakoman <steve@sakoman.com>	2024-11-26 06:11:30 -0800
commit	938174660a7f517c4c5b6defb44982cf2668c81e (patch)
tree	56e5e46eaa42ce462469d4301f0ed2aa5cc5df03
parent	a0e25e6652803043a2e9acd8f2493bf7ec45f161 (diff)
download	poky-938174660a7f517c4c5b6defb44982cf2668c81e.tar.gz

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch new file mode 100644 index 0000000000..3a06a9d782 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch
@@ -0,0 +1,49 @@
		1	From ec0b708b981af77fef8e4bbb603cde4de4cd2e29 Mon Sep 17 00:00:00 2001
		2	From: Michael Catanzaro <mcatanzaro@redhat.com>
		3	Date: Thu, 19 Sep 2024 18:35:53 +0100
		4	Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in connect
		5	messages
		6
		7	`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul
		8	byte in the connect message, which is an addition in SOCKSv4a vs
		9	SOCKSv4.
		10
		11	This means that the buffer for building and transmitting the connect
		12	message could be overflowed if the username and hostname are both
		13	`SOCKS4_MAX_LEN` (255) bytes long.
		14
		15	Proxy configurations are normally statically configured, so the username
		16	is very unlikely to be near its maximum length, and hence this overflow
		17	is unlikely to be triggered in practice.
		18
		19	(Commit message by Philip Withnall, diagnosis and fix by Michael
		20	Catanzaro.)
		21
		22	Fixes: #3461
		23
		24	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/ec0b708b981af77fef8e4bbb603cde4de4cd2e29]
		25	CVE: CVE-2024-52533
		26	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
		27	---
		28	gio/gsocks4aproxy.c \| 4 ++--
		29	1 file changed, 2 insertions(+), 2 deletions(-)
		30
		31	diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c
		32	index 3dad118eb7..b3146d08fd 100644
		33	--- a/gio/gsocks4aproxy.c
		34	+++ b/gio/gsocks4aproxy.c
		35	@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy)
		36	* +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
		37	* \| VN \| CD \| DSTPORT \| DSTIP \| USERID \|NULL\| HOST \| \| NULL \|
		38	* +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
		39	- * 1 1 2 4 variable 1 variable
		40	+ * 1 1 2 4 variable 1 variable 1
		41	*/
		42	-#define SOCKS4_CONN_MSG_LEN (9 + SOCKS4_MAX_LEN * 2)
		43	+#define SOCKS4_CONN_MSG_LEN (10 + SOCKS4_MAX_LEN * 2)
		44	static gint
		45	set_connect_msg (guint8 *msg,
		46	const gchar *hostname,
		47	--
		48	GitLab
		49


diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb index 1a4278b1bc..506e72bd4c 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb
@@ -17,6 +17,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
17	file://0001-Switch-from-the-deprecated-distutils-module-to-the-p.patch \	17	file://0001-Switch-from-the-deprecated-distutils-module-to-the-p.patch \
18	file://memory-monitor.patch \	18	file://memory-monitor.patch \
19	file://skip-timeout.patch \	19	file://skip-timeout.patch \
		20	file://CVE-2024-52533.patch \
20	"	21	"
21	SRC_URI:append:class-native = " file://relocate-modules.patch \	22	SRC_URI:append:class-native = " file://relocate-modules.patch \
22	file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \	23	file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \