Resolve s390x crashes introduced by fixes for CVE-2023-24593/CVE-2023-25180

Related: #2181196
Related: #2181200

3136.patch

@@ -0,0 +1,65 @@
+From ba2137b0d9ea3744155be81a5ba770c6535b46f3 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@collabora.com>
+Date: Thu, 15 Dec 2022 12:51:37 +0000
+Subject: [PATCH] gvariant-serialiser: Convert endianness of offsets
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The array of offsets is little-endian, even on big-endian architectures
+like s390x.
+
+Fixes: ade71fb5 "gvariant: Don’t allow child elements to overlap with each other"
+Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/2839
+Signed-off-by: Simon McVittie <smcv@collabora.com>
+---
+ glib/gvariant-serialiser.c | 19 +++++++++++--------
+ 1 file changed, 11 insertions(+), 8 deletions(-)
+
+diff --git a/glib/gvariant-serialiser.c b/glib/gvariant-serialiser.c
+index fadefab659..f443c2eb85 100644
+--- a/glib/gvariant-serialiser.c
++++ b/glib/gvariant-serialiser.c
+@@ -714,17 +714,19 @@ gvs_variable_sized_array_n_children (GVariantSerialised value)
+ /* Find the index of the first out-of-order element in @data, assuming that
+  * @data is an array of elements of given @type, starting at index @start and
+  * containing a further @len-@start elements. */
+-#define DEFINE_FIND_UNORDERED(type) \
++#define DEFINE_FIND_UNORDERED(type, le_to_native) \
+   static gsize \
+   find_unordered_##type (const guint8 *data, gsize start, gsize len) \
+   { \
+     gsize off; \
+-    type current, previous; \
++    type current_le, previous_le, current, previous; \
+     \
+-    memcpy (&previous, data + start * sizeof (current), sizeof (current)); \
++    memcpy (&previous_le, data + start * sizeof (current), sizeof (current)); \
++    previous = le_to_native (previous_le); \
+     for (off = (start + 1) * sizeof (current); off < len * sizeof (current); off += sizeof (current)) \
+       { \
+-        memcpy (&current, data + off, sizeof (current)); \
++        memcpy (&current_le, data + off, sizeof (current)); \
++        current = le_to_native (current_le); \
+         if (current < previous) \
+           break; \
+         previous = current; \
+@@ -732,10 +734,11 @@ gvs_variable_sized_array_n_children (GVariantSerialised value)
+     return off / sizeof (current) - 1; \
+   }
+ 
+-DEFINE_FIND_UNORDERED (guint8);
+-DEFINE_FIND_UNORDERED (guint16);
+-DEFINE_FIND_UNORDERED (guint32);
+-DEFINE_FIND_UNORDERED (guint64);
++#define NO_CONVERSION(x) (x)
++DEFINE_FIND_UNORDERED (guint8, NO_CONVERSION);
++DEFINE_FIND_UNORDERED (guint16, GUINT16_FROM_LE);
++DEFINE_FIND_UNORDERED (guint32, GUINT32_FROM_LE);
++DEFINE_FIND_UNORDERED (guint64, GUINT64_FROM_LE);
+ 
+ static GVariantSerialised
+ gvs_variable_sized_array_get_child (GVariantSerialised value,
+-- 
+GitLab
+

glib2.spec

@@ -1,6 +1,6 @@
 Name: glib2
 Version: 2.68.4
-Release: 8%{?dist}
+Release: 9%{?dist}
 Summary: A library of handy utility functions
 
 License: LGPLv2+
@@ -33,8 +33,10 @@ Patch7: 2435.patch
 
 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126
 Patch8: 3126.patch
+# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3136
+Patch9: 3136.patch
 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3163
-Patch9: 3163.patch
+Patch10: 3163.patch
 
 BuildRequires: chrpath
 BuildRequires: gcc
@@ -252,6 +254,11 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
 %{_datadir}/installed-tests
 
 %changelog
+* Thu May 25 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 2.68.4-9
+- Resolve s390x crashes introduced by fixes for CVE-2023-24593/CVE-2023-25180
+- Related: #2181196
+- Related: #2181200
+
 * Wed May 17 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 2.68.4-8
 - Resolve use after free introduced by fixes for CVE-2023-24593/CVE-2023-25180
 - Related: #2181196