glib-2.0: patch CVE-2026-1485

Pick patch from [1] linked from [2]. [1] https://gitlab.gnome.org/GNOME/glib/-/issues/3871 [2] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4981 (From OE-Core rev: 1996441fcebaa2e08eecceb3cf00d39fda8cff35) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
author: Peter Marko <peter.marko@siemens.com> 2026-02-20 17:21:16 +0100
committer: Paul Barker <paul@pbarker.dev> 2026-02-27 15:54:02 +0000
commit: ad4c2759f06009ae04ef2a3158f80103ac024f43 (patch)
tree: af506dda1cc2ecd7fa5576381699e64da9863828 /meta/recipes-core
parent: 69d100e7f05be51fe8618844eed51c9d84024807 (diff)
download: poky-ad4c2759f06009ae04ef2a3158f80103ac024f43.tar.gz
2 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch
new file mode 100644
index 0000000000..6768a1d00c
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch
@@ -0,0 +1,44 @@
+From ee5acb2cefc643450509374da2600cd3bf49a109 Mon Sep 17 00:00:00 2001
+From: Marco Trevisan <mail@3v1n0.net>
+Date: Fri, 23 Jan 2026 19:05:44 +0100
+Subject: [PATCH] gio/gcontenttype-fdo: Do not overflow if header is longer
+ than MAXINT
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+In case the header size is longer than MAXINT we may read and write to
+invalid locations
+Spotted by treeplus.
+Thanks to the Sovereign Tech Resilience programme from the Sovereign
+Tech Agency.
+ID: #YWH-PGM9867-169
+Closes: #3871
+(cherry picked from commit aacda5b07141b944408c79e83bcbed3b2e1e6e45)
+Co-authored-by: Marco Trevisan (Treviño) <mail@3v1n0.net>
+CVE: CVE-2026-1485
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/ee5acb2cefc643450509374da2600cd3bf49a109]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ gio/gcontenttype.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/gio/gcontenttype.c b/gio/gcontenttype.c
+index 230cea182..11323973a 100644
+--- a/gio/gcontenttype.c
+++ b/gio/gcontenttype.c
+@@ -1013,7 +1013,7 @@ tree_match_free (TreeMatch *match)
+ static TreeMatch *
+ parse_header (gchar *line)
+ {
+-  gint len;
+  size_t len;
+   gchar *s;
+   TreeMatch *match;
+ 
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
index c6816f93fa..37a5fd34a9 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
@@ -73,6 +73,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
           file://CVE-2026-0988.patch \
           file://CVE-2026-1484-01.patch \
           file://CVE-2026-1484-02.patch \
+           file://CVE-2026-1485.patch \
           "
 SRC_URI:append:class-native = " file://relocate-modules.patch"
author	Peter Marko <peter.marko@siemens.com>	2026-02-20 17:21:16 +0100
committer	Paul Barker <paul@pbarker.dev>	2026-02-27 15:54:02 +0000
commit	ad4c2759f06009ae04ef2a3158f80103ac024f43 (patch)
tree	af506dda1cc2ecd7fa5576381699e64da9863828 /meta/recipes-core
parent	69d100e7f05be51fe8618844eed51c9d84024807 (diff)
download	poky-ad4c2759f06009ae04ef2a3158f80103ac024f43.tar.gz

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch new file mode 100644 index 0000000000..6768a1d00c --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch
@@ -0,0 +1,44 @@
		1	From ee5acb2cefc643450509374da2600cd3bf49a109 Mon Sep 17 00:00:00 2001
		2	From: Marco Trevisan <mail@3v1n0.net>
		3	Date: Fri, 23 Jan 2026 19:05:44 +0100
		4	Subject: [PATCH] gio/gcontenttype-fdo: Do not overflow if header is longer
		5	than MAXINT
		6	MIME-Version: 1.0
		7	Content-Type: text/plain; charset=UTF-8
		8	Content-Transfer-Encoding: 8bit
		9
		10	In case the header size is longer than MAXINT we may read and write to
		11	invalid locations
		12
		13	Spotted by treeplus.
		14	Thanks to the Sovereign Tech Resilience programme from the Sovereign
		15	Tech Agency.
		16
		17	ID: #YWH-PGM9867-169
		18	Closes: #3871
		19
		20
		21	(cherry picked from commit aacda5b07141b944408c79e83bcbed3b2e1e6e45)
		22
		23	Co-authored-by: Marco Trevisan (Treviño) <mail@3v1n0.net>
		24
		25	CVE: CVE-2026-1485
		26	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/ee5acb2cefc643450509374da2600cd3bf49a109]
		27	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		28	---
		29	gio/gcontenttype.c \| 2 +-
		30	1 file changed, 1 insertion(+), 1 deletion(-)
		31
		32	diff --git a/gio/gcontenttype.c b/gio/gcontenttype.c
		33	index 230cea182..11323973a 100644
		34	--- a/gio/gcontenttype.c
		35	+++ b/gio/gcontenttype.c
		36	@@ -1013,7 +1013,7 @@ tree_match_free (TreeMatch *match)
		37	static TreeMatch *
		38	parse_header (gchar *line)
		39	{
		40	- gint len;
		41	+ size_t len;
		42	gchar *s;
		43	TreeMatch *match;
		44


diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb index c6816f93fa..37a5fd34a9 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
@@ -73,6 +73,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
73	file://CVE-2026-0988.patch \	73	file://CVE-2026-0988.patch \
74	file://CVE-2026-1484-01.patch \	74	file://CVE-2026-1484-01.patch \
75	file://CVE-2026-1484-02.patch \	75	file://CVE-2026-1484-02.patch \
		76	file://CVE-2026-1485.patch \
76	"	77	"
77	SRC_URI:append:class-native = " file://relocate-modules.patch"	78	SRC_URI:append:class-native = " file://relocate-modules.patch"
78		79