From: Peter Marko <[email protected]> Pick patch from [1] linked from [2].
[1] https://gitlab.gnome.org/GNOME/glib/-/issues/3871 [2] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4981 Signed-off-by: Peter Marko <[email protected]> --- .../glib-2.0/glib-2.0/CVE-2026-1485.patch | 44 +++++++++++++++++++ meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb | 1 + 2 files changed, 45 insertions(+) create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch new file mode 100644 index 00000000000..73c29db9990 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2026-1485.patch @@ -0,0 +1,44 @@ +From ee5acb2cefc643450509374da2600cd3bf49a109 Mon Sep 17 00:00:00 2001 +From: Marco Trevisan <[email protected]> +Date: Fri, 23 Jan 2026 19:05:44 +0100 +Subject: [PATCH] gio/gcontenttype-fdo: Do not overflow if header is longer + than MAXINT +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In case the header size is longer than MAXINT we may read and write to +invalid locations + +Spotted by treeplus. +Thanks to the Sovereign Tech Resilience programme from the Sovereign +Tech Agency. + +ID: #YWH-PGM9867-169 +Closes: #3871 + + +(cherry picked from commit aacda5b07141b944408c79e83bcbed3b2e1e6e45) + +Co-authored-by: Marco Trevisan (TreviƱo) <[email protected]> + +CVE: CVE-2026-1485 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/ee5acb2cefc643450509374da2600cd3bf49a109] +Signed-off-by: Peter Marko <[email protected]> +--- + gio/gcontenttype.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gio/gcontenttype.c b/gio/gcontenttype.c +index 230cea182..11323973a 100644 +--- a/gio/gcontenttype.c ++++ b/gio/gcontenttype.c +@@ -1021,7 +1021,7 @@ tree_match_free (TreeMatch *match) + static TreeMatch * + parse_header (gchar *line) + { +- gint len; ++ size_t len; + gchar *s; + TreeMatch *match; + diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb index 43a28273e9d..fefa3ad7d6e 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb @@ -42,6 +42,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://CVE-2026-0988.patch \ file://CVE-2026-1484-01.patch \ file://CVE-2026-1484-02.patch \ + file://CVE-2026-1485.patch \ " SRC_URI:append:class-native = " file://relocate-modules.patch \ file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#231534): https://lists.openembedded.org/g/openembedded-core/message/231534 Mute This Topic: https://lists.openembedded.org/mt/117912307/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
