Resolve s390x crashes introduced by fixes for CVE-2023-24593/CVE-2023-25180
Related: #2181196 Related: #2181200
This commit is contained in:
parent
29360e1fc7
commit
3cb7e06236
65
3136.patch
Normal file
65
3136.patch
Normal file
@ -0,0 +1,65 @@
|
|||||||
|
From ba2137b0d9ea3744155be81a5ba770c6535b46f3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simon McVittie <smcv@collabora.com>
|
||||||
|
Date: Thu, 15 Dec 2022 12:51:37 +0000
|
||||||
|
Subject: [PATCH] gvariant-serialiser: Convert endianness of offsets
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
The array of offsets is little-endian, even on big-endian architectures
|
||||||
|
like s390x.
|
||||||
|
|
||||||
|
Fixes: ade71fb5 "gvariant: Don’t allow child elements to overlap with each other"
|
||||||
|
Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/2839
|
||||||
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
||||||
|
---
|
||||||
|
glib/gvariant-serialiser.c | 19 +++++++++++--------
|
||||||
|
1 file changed, 11 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/glib/gvariant-serialiser.c b/glib/gvariant-serialiser.c
|
||||||
|
index fadefab659..f443c2eb85 100644
|
||||||
|
--- a/glib/gvariant-serialiser.c
|
||||||
|
+++ b/glib/gvariant-serialiser.c
|
||||||
|
@@ -714,17 +714,19 @@ gvs_variable_sized_array_n_children (GVariantSerialised value)
|
||||||
|
/* Find the index of the first out-of-order element in @data, assuming that
|
||||||
|
* @data is an array of elements of given @type, starting at index @start and
|
||||||
|
* containing a further @len-@start elements. */
|
||||||
|
-#define DEFINE_FIND_UNORDERED(type) \
|
||||||
|
+#define DEFINE_FIND_UNORDERED(type, le_to_native) \
|
||||||
|
static gsize \
|
||||||
|
find_unordered_##type (const guint8 *data, gsize start, gsize len) \
|
||||||
|
{ \
|
||||||
|
gsize off; \
|
||||||
|
- type current, previous; \
|
||||||
|
+ type current_le, previous_le, current, previous; \
|
||||||
|
\
|
||||||
|
- memcpy (&previous, data + start * sizeof (current), sizeof (current)); \
|
||||||
|
+ memcpy (&previous_le, data + start * sizeof (current), sizeof (current)); \
|
||||||
|
+ previous = le_to_native (previous_le); \
|
||||||
|
for (off = (start + 1) * sizeof (current); off < len * sizeof (current); off += sizeof (current)) \
|
||||||
|
{ \
|
||||||
|
- memcpy (¤t, data + off, sizeof (current)); \
|
||||||
|
+ memcpy (¤t_le, data + off, sizeof (current)); \
|
||||||
|
+ current = le_to_native (current_le); \
|
||||||
|
if (current < previous) \
|
||||||
|
break; \
|
||||||
|
previous = current; \
|
||||||
|
@@ -732,10 +734,11 @@ gvs_variable_sized_array_n_children (GVariantSerialised value)
|
||||||
|
return off / sizeof (current) - 1; \
|
||||||
|
}
|
||||||
|
|
||||||
|
-DEFINE_FIND_UNORDERED (guint8);
|
||||||
|
-DEFINE_FIND_UNORDERED (guint16);
|
||||||
|
-DEFINE_FIND_UNORDERED (guint32);
|
||||||
|
-DEFINE_FIND_UNORDERED (guint64);
|
||||||
|
+#define NO_CONVERSION(x) (x)
|
||||||
|
+DEFINE_FIND_UNORDERED (guint8, NO_CONVERSION);
|
||||||
|
+DEFINE_FIND_UNORDERED (guint16, GUINT16_FROM_LE);
|
||||||
|
+DEFINE_FIND_UNORDERED (guint32, GUINT32_FROM_LE);
|
||||||
|
+DEFINE_FIND_UNORDERED (guint64, GUINT64_FROM_LE);
|
||||||
|
|
||||||
|
static GVariantSerialised
|
||||||
|
gvs_variable_sized_array_get_child (GVariantSerialised value,
|
||||||
|
--
|
||||||
|
GitLab
|
||||||
|
|
11
glib2.spec
11
glib2.spec
@ -1,6 +1,6 @@
|
|||||||
Name: glib2
|
Name: glib2
|
||||||
Version: 2.68.4
|
Version: 2.68.4
|
||||||
Release: 8%{?dist}
|
Release: 9%{?dist}
|
||||||
Summary: A library of handy utility functions
|
Summary: A library of handy utility functions
|
||||||
|
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
@ -33,8 +33,10 @@ Patch7: 2435.patch
|
|||||||
|
|
||||||
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126
|
||||||
Patch8: 3126.patch
|
Patch8: 3126.patch
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3136
|
||||||
|
Patch9: 3136.patch
|
||||||
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3163
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3163
|
||||||
Patch9: 3163.patch
|
Patch10: 3163.patch
|
||||||
|
|
||||||
BuildRequires: chrpath
|
BuildRequires: chrpath
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
@ -252,6 +254,11 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
|
|||||||
%{_datadir}/installed-tests
|
%{_datadir}/installed-tests
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 25 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 2.68.4-9
|
||||||
|
- Resolve s390x crashes introduced by fixes for CVE-2023-24593/CVE-2023-25180
|
||||||
|
- Related: #2181196
|
||||||
|
- Related: #2181200
|
||||||
|
|
||||||
* Wed May 17 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 2.68.4-8
|
* Wed May 17 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 2.68.4-8
|
||||||
- Resolve use after free introduced by fixes for CVE-2023-24593/CVE-2023-25180
|
- Resolve use after free introduced by fixes for CVE-2023-24593/CVE-2023-25180
|
||||||
- Related: #2181196
|
- Related: #2181196
|
||||||
|
Loading…
Reference in New Issue
Block a user