packages/glib2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!9 fix CVE-2020-35457

Browse Source 
From: @compile_success
Reviewed-by: @orange-snn
Signed-off-by: @orange-snn
This commit is contained in:
openeuler-ci-bot 2021-02-27 16:40:09 +08:00 committed by Gitee
commit 84285a4984
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
backport-CVE-2020-35457.patch Normal file
View File

@ -0,0 +1,36 @@
From 63c5b62f0a984fac9a9700b12f54fe878e016a5d Mon Sep 17 00:00:00 2001
From: Philip Withnall <withnall@endlessm.com>
Date: Wed, 2 Sep 2020 12:38:09 +0100
Subject: [PATCH] goption: Add a precondition to avoid GOptionEntry list
overflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
reason:Add a precondition to avoid GOptionEntry list overflow
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Fixes: #2197
---
glib/goption.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/glib/goption.c b/glib/goption.c
index 9f5b977c4..bb9093a33 100644
--- a/glib/goption.c
+++ b/glib/goption.c
@@ -2422,6 +2422,8 @@ g_option_group_add_entries (GOptionGroup *group,
for (n_entries = 0; entries[n_entries].long_name != NULL; n_entries++) ;
+ g_return_if_fail (n_entries <= G_MAXSIZE - group->n_entries);
+
group->entries = g_renew (GOptionEntry, group->entries, group->n_entries + n_entries);
/* group->entries could be NULL in the trivial case where we add no
--
GitLab

9
glib2.spec
View File

@ -1,12 +1,13 @@
Name: glib2 Name: glib2
Version: 2.62.5 Version: 2.62.5
Release: 1 Release: 2
Summary: The core library that forms the basis for projects such as GTK+ and GNOME Summary: The core library that forms the basis for projects such as GTK+ and GNOME
License: LGPLv2+ License: LGPLv2+
URL: http://www.gtk.org URL: http://www.gtk.org
Source0: http://download.gnome.org/sources/glib/2.62/glib-%{version}.tar.xz Source0: http://download.gnome.org/sources/glib/2.62/glib-%{version}.tar.xz
Patch9001: fix-accidentally-delete-temp-file-within-dtrace.patch Patch9001: fix-accidentally-delete-temp-file-within-dtrace.patch
Patch6000: backport-CVE-2020-35457.patch
BuildRequires: chrpath gcc gcc-c++ gettext gtk-doc perl-interpreter BuildRequires: chrpath gcc gcc-c++ gettext gtk-doc perl-interpreter
BUildRequires: glibc-devel libattr-devel libselinux-devel meson BUildRequires: glibc-devel libattr-devel libselinux-devel meson
@ -143,6 +144,12 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
%doc %{_datadir}/gtk-doc/html/* %doc %{_datadir}/gtk-doc/html/*
%changelog %changelog
* Sat Feb 27 2021 zhujunhao<zhujunhao8@huawei.com> - 2.62.5-2
- Type:cve
- Id:CVE-2020-35457
- SUG:NA
- DESC:fix CVE-2020-35457
* Thu Jul 21 2020 hanhui<hanhui15@huawei.com> - 2.62.5-1 * Thu Jul 21 2020 hanhui<hanhui15@huawei.com> - 2.62.5-1
- Update to 2.62.5 - Update to 2.62.5