diff --git a/3136.patch b/3136.patch new file mode 100644 index 0000000..57e1b95 --- /dev/null +++ b/3136.patch @@ -0,0 +1,65 @@ +From ba2137b0d9ea3744155be81a5ba770c6535b46f3 Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Thu, 15 Dec 2022 12:51:37 +0000 +Subject: [PATCH] gvariant-serialiser: Convert endianness of offsets +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The array of offsets is little-endian, even on big-endian architectures +like s390x. + +Fixes: ade71fb5 "gvariant: Don’t allow child elements to overlap with each other" +Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/2839 +Signed-off-by: Simon McVittie +--- + glib/gvariant-serialiser.c | 19 +++++++++++-------- + 1 file changed, 11 insertions(+), 8 deletions(-) + +diff --git a/glib/gvariant-serialiser.c b/glib/gvariant-serialiser.c +index fadefab659..f443c2eb85 100644 +--- a/glib/gvariant-serialiser.c ++++ b/glib/gvariant-serialiser.c +@@ -714,17 +714,19 @@ gvs_variable_sized_array_n_children (GVariantSerialised value) + /* Find the index of the first out-of-order element in @data, assuming that + * @data is an array of elements of given @type, starting at index @start and + * containing a further @len-@start elements. */ +-#define DEFINE_FIND_UNORDERED(type) \ ++#define DEFINE_FIND_UNORDERED(type, le_to_native) \ + static gsize \ + find_unordered_##type (const guint8 *data, gsize start, gsize len) \ + { \ + gsize off; \ +- type current, previous; \ ++ type current_le, previous_le, current, previous; \ + \ +- memcpy (&previous, data + start * sizeof (current), sizeof (current)); \ ++ memcpy (&previous_le, data + start * sizeof (current), sizeof (current)); \ ++ previous = le_to_native (previous_le); \ + for (off = (start + 1) * sizeof (current); off < len * sizeof (current); off += sizeof (current)) \ + { \ +- memcpy (¤t, data + off, sizeof (current)); \ ++ memcpy (¤t_le, data + off, sizeof (current)); \ ++ current = le_to_native (current_le); \ + if (current < previous) \ + break; \ + previous = current; \ +@@ -732,10 +734,11 @@ gvs_variable_sized_array_n_children (GVariantSerialised value) + return off / sizeof (current) - 1; \ + } + +-DEFINE_FIND_UNORDERED (guint8); +-DEFINE_FIND_UNORDERED (guint16); +-DEFINE_FIND_UNORDERED (guint32); +-DEFINE_FIND_UNORDERED (guint64); ++#define NO_CONVERSION(x) (x) ++DEFINE_FIND_UNORDERED (guint8, NO_CONVERSION); ++DEFINE_FIND_UNORDERED (guint16, GUINT16_FROM_LE); ++DEFINE_FIND_UNORDERED (guint32, GUINT32_FROM_LE); ++DEFINE_FIND_UNORDERED (guint64, GUINT64_FROM_LE); + + static GVariantSerialised + gvs_variable_sized_array_get_child (GVariantSerialised value, +-- +GitLab + diff --git a/glib2.spec b/glib2.spec index 92d7fe6..68041e7 100644 --- a/glib2.spec +++ b/glib2.spec @@ -1,6 +1,6 @@ Name: glib2 Version: 2.68.4 -Release: 8%{?dist} +Release: 9%{?dist} Summary: A library of handy utility functions License: LGPLv2+ @@ -33,8 +33,10 @@ Patch7: 2435.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 Patch8: 3126.patch +# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3136 +Patch9: 3136.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3163 -Patch9: 3163.patch +Patch10: 3163.patch BuildRequires: chrpath BuildRequires: gcc @@ -252,6 +254,11 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %{_datadir}/installed-tests %changelog +* Thu May 25 2023 Michael Catanzaro - 2.68.4-9 +- Resolve s390x crashes introduced by fixes for CVE-2023-24593/CVE-2023-25180 +- Related: #2181196 +- Related: #2181200 + * Wed May 17 2023 Michael Catanzaro - 2.68.4-8 - Resolve use after free introduced by fixes for CVE-2023-24593/CVE-2023-25180 - Related: #2181196