From: Zhang Peng <[email protected]> CVE-2020-36774: plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).
Reference: [https://nvd.nist.gov/vuln/detail/CVE-2020-36774] Upstream patches: [https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17] Signed-off-by: Zhang Peng <[email protected]> --- .../glade/glade/CVE-2020-36774.patch | 54 +++++++++++++++++++ .../recipes-devtools/glade/glade_3.22.2.bb | 1 + 2 files changed, 55 insertions(+) create mode 100644 meta-oe/recipes-devtools/glade/glade/CVE-2020-36774.patch diff --git a/meta-oe/recipes-devtools/glade/glade/CVE-2020-36774.patch b/meta-oe/recipes-devtools/glade/glade/CVE-2020-36774.patch new file mode 100644 index 000000000..5049b44e5 --- /dev/null +++ b/meta-oe/recipes-devtools/glade/glade/CVE-2020-36774.patch @@ -0,0 +1,54 @@ +From 7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17 Mon Sep 17 00:00:00 2001 +From: Juan Pablo Ugarte <[email protected]> +Date: Fri, 2 Oct 2020 16:08:23 -0300 +Subject: [PATCH] GladeGtkBox: fix glade_gtk_box_post_create + +Some widgets with contruct properties like GtkMessageDialog get +rebuilt right after they are created on project loading so we need +to check glade_project_is_loading() intead of GLADE_CREATE_LOAD +and use the object ad the connect data to make sure it gets disconected +if it was the object being rebuilt + +Fix issue #479 "Glade 3.36.0 segfaults when opening a file" + +CVE: CVE-2020-36774 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17] + +Signed-off-by: Peng Zhang <[email protected]> +--- + plugins/gtk+/glade-gtk-box.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/plugins/gtk+/glade-gtk-box.c b/plugins/gtk+/glade-gtk-box.c +index 0c157a6d..a0252b6a 100644 +--- a/plugins/gtk+/glade-gtk-box.c ++++ b/plugins/gtk+/glade-gtk-box.c +@@ -58,9 +58,9 @@ glade_gtk_box_create_editable (GladeWidgetAdaptor *adaptor, + } + + static void +-glade_gtk_box_parse_finished (GladeProject * project, GladeWidget *gbox) ++glade_gtk_box_parse_finished (GladeProject *project, GObject *box) + { +- GObject *box = glade_widget_get_object (gbox); ++ GladeWidget *gbox = glade_widget_get_from_gobject (box); + + glade_widget_property_set (gbox, "use-center-child", + gtk_box_get_center_widget (GTK_BOX (box)) != NULL); +@@ -87,11 +87,11 @@ glade_gtk_box_post_create (GladeWidgetAdaptor *adaptor, + g_signal_connect (G_OBJECT (gwidget), "configure-end", + G_CALLBACK (glade_gtk_box_configure_end), container); + +- if (reason == GLADE_CREATE_LOAD) ++ if (glade_project_is_loading (project)) + { + g_signal_connect_object (project, "parse-finished", + G_CALLBACK (glade_gtk_box_parse_finished), +- gwidget, 0); ++ container, 0); + } + } + +-- +GitLab + diff --git a/meta-oe/recipes-devtools/glade/glade_3.22.2.bb b/meta-oe/recipes-devtools/glade/glade_3.22.2.bb index c7f98fac9..6da08bd82 100644 --- a/meta-oe/recipes-devtools/glade/glade_3.22.2.bb +++ b/meta-oe/recipes-devtools/glade/glade_3.22.2.bb @@ -15,6 +15,7 @@ REQUIRED_DISTRO_FEATURES = "x11" SRC_URI = "http://ftp.gnome.org/pub/GNOME/sources/glade/3.22/glade-${PV}.tar.xz \ file://remove-yelp-help-rules-var.patch \ + file://CVE-2020-36774.patch \ " SRC_URI[md5sum] = "c074fa378c8f1ad80d20133c4ae6f42d" SRC_URI[sha256sum] = "edefa6eb24b4d15bd52589121dc109bc08c286157c41288deb74dd9cc3f26a21" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#114906): https://lists.openembedded.org/g/openembedded-devel/message/114906 Mute This Topic: https://lists.openembedded.org/mt/110643653/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
