Hi Steve, It looks like tzdata update to 2024b causing the ptest failures for glib2.0 in the file "glib/gdatetime.test" not with CVE -2024-52533.
Below commit is missing in the kirkstone-nut https://git.openembedded.org/openembedded-core/commit/?id=0c8f87d5d4ec9f286b1e85d114cb9a728c1ff64b I think we need to pull/merge the above commit along with the tzdata update to 2024b. https://git.openembedded.org/openembedded-core-contrib/commit/?h=stable/kirkstone-nut&id=723c32ff858ccfd5a69e63e681a57903af928fd5 Reference: https://lists.openembedded.org/g/openembedded-core/message/206095 Thanks & Regards, Vijay On Tue, Nov 19, 2024 at 2:45 AM Steve Sakoman <[email protected]> wrote: > Unfortunately I am getting ptest errors with this patch on both > qemux86-64 and and qemuarm64: > > AssertionError: Failed ptests: > {'glib-2.0': ['glib/gdatetime.test']} > > https://valkyrie.yoctoproject.org/#/builders/73/builds/403 > https://valkyrie.yoctoproject.org/#/builders/61/builds/403 > > Steve > > On Thu, Nov 14, 2024 at 4:39 AM Vijay Anusuri via > lists.openembedded.org <[email protected]> > wrote: > > > > From: Vijay Anusuri <[email protected]> > > > > Upstream-Status: Backport from > https://gitlab.gnome.org/GNOME/glib/-/commit/ec0b708b981af77fef8e4bbb603cde4de4cd2e29 > > > > Reference: https://security-tracker.debian.org/tracker/CVE-2024-52533 > > > > Signed-off-by: Vijay Anusuri <[email protected]> > > --- > > .../glib-2.0/glib-2.0/CVE-2024-52533.patch | 49 +++++++++++++++++++ > > meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 1 + > > 2 files changed, 50 insertions(+) > > create mode 100644 > meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch > > > > diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch > b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch > > new file mode 100644 > > index 0000000000..3a06a9d782 > > --- /dev/null > > +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch > > @@ -0,0 +1,49 @@ > > +From ec0b708b981af77fef8e4bbb603cde4de4cd2e29 Mon Sep 17 00:00:00 2001 > > +From: Michael Catanzaro <[email protected]> > > +Date: Thu, 19 Sep 2024 18:35:53 +0100 > > +Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in > connect > > + messages > > + > > +`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul > > +byte in the connect message, which is an addition in SOCKSv4a vs > > +SOCKSv4. > > + > > +This means that the buffer for building and transmitting the connect > > +message could be overflowed if the username and hostname are both > > +`SOCKS4_MAX_LEN` (255) bytes long. > > + > > +Proxy configurations are normally statically configured, so the username > > +is very unlikely to be near its maximum length, and hence this overflow > > +is unlikely to be triggered in practice. > > + > > +(Commit message by Philip Withnall, diagnosis and fix by Michael > > +Catanzaro.) > > + > > +Fixes: #3461 > > + > > +Upstream-Status: Backport [ > https://gitlab.gnome.org/GNOME/glib/-/commit/ec0b708b981af77fef8e4bbb603cde4de4cd2e29 > ] > > +CVE: CVE-2024-52533 > > +Signed-off-by: Vijay Anusuri <[email protected]> > > +--- > > + gio/gsocks4aproxy.c | 4 ++-- > > + 1 file changed, 2 insertions(+), 2 deletions(-) > > + > > +diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c > > +index 3dad118eb7..b3146d08fd 100644 > > +--- a/gio/gsocks4aproxy.c > > ++++ b/gio/gsocks4aproxy.c > > +@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy) > > + * > +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+ > > + * | VN | CD | DSTPORT | DSTIP | USERID |NULL| HOST > | | NULL | > > + * > +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+ > > +- * 1 1 2 4 variable 1 > variable > > ++ * 1 1 2 4 variable 1 > variable 1 > > + */ > > +-#define SOCKS4_CONN_MSG_LEN (9 + SOCKS4_MAX_LEN * 2) > > ++#define SOCKS4_CONN_MSG_LEN (10 + SOCKS4_MAX_LEN * 2) > > + static gint > > + set_connect_msg (guint8 *msg, > > + const gchar *hostname, > > +-- > > +GitLab > > + > > diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb > b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb > > index 35b51a3ec9..c628ac19af 100644 > > --- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb > > +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb > > @@ -49,6 +49,7 @@ SRC_URI = > "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ > > file://CVE-2024-34397_16.patch \ > > file://CVE-2024-34397_17.patch \ > > file://CVE-2024-34397_18.patch \ > > + file://CVE-2024-52533.patch \ > > " > > SRC_URI:append:class-native = " file://relocate-modules.patch" > > > > -- > > 2.25.1 > > > > > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#207375): https://lists.openembedded.org/g/openembedded-core/message/207375 Mute This Topic: https://lists.openembedded.org/mt/109572074/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
