2 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-35457.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-35457.patch
new file mode 100644
index 0000000000..828f9fcb96
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-35457.patch
@@ -0,0 +1,41 @@
+From 63c5b62f0a984fac9a9700b12f54fe878e016a5d Mon Sep 17 00:00:00 2001
+From: Philip Withnall <withnall@endlessm.com>
+Date: Wed, 2 Sep 2020 12:38:09 +0100
+Subject: [PATCH] goption: Add a precondition to avoid GOptionEntry list
+ overflow
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+If the calling code adds more option entries than `G_MAXSIZE` then
+there’ll be an integer overflow. This seems vanishingly unlikely (given
+that all callers use static option entry lists), but add a precondition
+anyway.
+Signed-off-by: Philip Withnall <withnall@endlessm.com>
+Fixes: #2197
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d]
+CVE: CVE-2020-35457
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ glib/goption.c | 2 ++
+ 1 file changed, 2 insertions(+)
+diff --git a/glib/goption.c b/glib/goption.c
+index 9f5b977c4..bb9093a33 100644
+--- a/glib/goption.c
+++ b/glib/goption.c
+@@ -2422,6 +2422,8 @@ g_option_group_add_entries (GOptionGroup       *group,
+ 
+   for (n_entries = 0; entries[n_entries].long_name != NULL; n_entries++) ;
+ 
+  g_return_if_fail (n_entries <= G_MAXSIZE - group->n_entries);
+
+   group->entries = g_renew (GOptionEntry, group->entries, group->n_entries + n_entries);
+ 
+   /* group->entries could be NULL in the trivial case where we add no
+-- 
+2.25.1
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.64.5.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.64.5.bb
index a30c5215be..b9462bc945 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.64.5.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.64.5.bb
@@ -17,6 +17,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
           file://0001-meson-Run-atomics-test-on-clang-as-well.patch \
           file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \
           file://tzdata-update.patch \
+           file://CVE-2020-35457.patch \
           "
 SRC_URI_append_class-native = " file://relocate-modules.patch"

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-35457.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-35457.patch new file mode 100644 index 0000000000..828f9fcb96 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2020-35457.patch
@@ -0,0 +1,41 @@
		1	From 63c5b62f0a984fac9a9700b12f54fe878e016a5d Mon Sep 17 00:00:00 2001
		2	From: Philip Withnall <withnall@endlessm.com>
		3	Date: Wed, 2 Sep 2020 12:38:09 +0100
		4	Subject: [PATCH] goption: Add a precondition to avoid GOptionEntry list
		5	overflow
		6	MIME-Version: 1.0
		7	Content-Type: text/plain; charset=UTF-8
		8	Content-Transfer-Encoding: 8bit
		9
		10	If the calling code adds more option entries than `G_MAXSIZE` then
		11	there’ll be an integer overflow. This seems vanishingly unlikely (given
		12	that all callers use static option entry lists), but add a precondition
		13	anyway.
		14
		15	Signed-off-by: Philip Withnall <withnall@endlessm.com>
		16
		17	Fixes: #2197
		18
		19	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d]
		20	CVE: CVE-2020-35457
		21	Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
		22	---
		23	glib/goption.c \| 2 ++
		24	1 file changed, 2 insertions(+)
		25
		26	diff --git a/glib/goption.c b/glib/goption.c
		27	index 9f5b977c4..bb9093a33 100644
		28	--- a/glib/goption.c
		29	+++ b/glib/goption.c
		30	@@ -2422,6 +2422,8 @@ g_option_group_add_entries (GOptionGroup *group,
		31
		32	for (n_entries = 0; entries[n_entries].long_name != NULL; n_entries++) ;
		33
		34	+ g_return_if_fail (n_entries <= G_MAXSIZE - group->n_entries);
		35	+
		36	group->entries = g_renew (GOptionEntry, group->entries, group->n_entries + n_entries);
		37
		38	/* group->entries could be NULL in the trivial case where we add no
		39	--
		40	2.25.1
		41


diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.64.5.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.64.5.bb index a30c5215be..b9462bc945 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.64.5.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.64.5.bb
@@ -17,6 +17,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
17	file://0001-meson-Run-atomics-test-on-clang-as-well.patch \	17	file://0001-meson-Run-atomics-test-on-clang-as-well.patch \
18	file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \	18	file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \
19	file://tzdata-update.patch \	19	file://tzdata-update.patch \
		20	file://CVE-2020-35457.patch \
20	"	21	"
21		22
22	SRC_URI_append_class-native = " file://relocate-modules.patch"	23	SRC_URI_append_class-native = " file://relocate-modules.patch"