mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-08 00:09:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

glib-2.0: patch CVE-2026-1485

Browse Source 
Pick patch from [1] linked from [2].

[1] https://gitlab.gnome.org/GNOME/glib/-/issues/3871
[2] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4981

(From OE-Core rev: 1996441fcebaa2e08eecceb3cf00d39fda8cff35)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
This commit is contained in:
Peter Marko
2026-02-20 17:21:16 +01:00
committed by Paul Barker
parent 69d100e7f0
commit ad4c2759f0
2 changed files with 45 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch Normal file
View File

@@ -0,0 +1,44 @@
From ee5acb2cefc643450509374da2600cd3bf49a109 Mon Sep 17 00:00:00 2001
From: Marco Trevisan <mail@3v1n0.net>
Date: Fri, 23 Jan 2026 19:05:44 +0100
Subject: [PATCH] gio/gcontenttype-fdo: Do not overflow if header is longer
than MAXINT
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In case the header size is longer than MAXINT we may read and write to
invalid locations
Spotted by treeplus.
Thanks to the Sovereign Tech Resilience programme from the Sovereign
Tech Agency.
ID: #YWH-PGM9867-169
Closes: #3871
(cherry picked from commit aacda5b07141b944408c79e83bcbed3b2e1e6e45)
Co-authored-by: Marco Trevisan (Treviño) <mail@3v1n0.net>
CVE: CVE-2026-1485
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/ee5acb2cefc643450509374da2600cd3bf49a109]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
gio/gcontenttype.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gio/gcontenttype.c b/gio/gcontenttype.c
index 230cea182..11323973a 100644
--- a/gio/gcontenttype.c
+++ b/gio/gcontenttype.c
@@ -1013,7 +1013,7 @@ tree_match_free (TreeMatch *match)
static TreeMatch *
parse_header (gchar *line)
{
- gint len;
+ size_t len;
gchar *s;
TreeMatch *match;

1
meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
View File

@@ -73,6 +73,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
file://CVE-2026-0988.patch \
file://CVE-2026-1484-01.patch \
file://CVE-2026-1484-02.patch \
file://CVE-2026-1485.patch \
"
SRC_URI:append:class-native = " file://relocate-modules.patch"