[kirkstone] glib-2.0: Backport fix for CVE-2024-52533

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/glib/-/commit/ec0b708b981af77fef8e4bbb603cde4de4cd2e29

Reference: https://security-tracker.debian.org/tracker/CVE-2024-52533

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
 .../glib-2.0/glib-2.0/CVE-2024-52533.patch    | 49 +++++++++++++++++++
 meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb |  1 +
 2 files changed, 50 insertions(+)
 create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch

Unfortunately I am getting ptest errors with this patch on both
qemux86-64 and and qemuarm64:

AssertionError: Failed ptests:
{'glib-2.0': ['glib/gdatetime.test']}

https://valkyrie.yoctoproject.org/#/builders/73/builds/403
https://valkyrie.yoctoproject.org/#/builders/61/builds/403

Steve

On Thu, Nov 14, 2024 at 4:39 AM Vijay Anusuri via
lists.openembedded.org <vanusuri=mvista.com@lists.openembedded.org>
wrote:
>
> From: Vijay Anusuri <vanusuri@mvista.com>
>
> Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/glib/-/commit/ec0b708b981af77fef8e4bbb603cde4de4cd2e29
>
> Reference: https://security-tracker.debian.org/tracker/CVE-2024-52533
>
> Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> ---
>  .../glib-2.0/glib-2.0/CVE-2024-52533.patch    | 49 +++++++++++++++++++
>  meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb |  1 +
>  2 files changed, 50 insertions(+)
>  create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch
>
> diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch
> new file mode 100644
> index 0000000000..3a06a9d782
> --- /dev/null
> +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch
> @@ -0,0 +1,49 @@
> +From ec0b708b981af77fef8e4bbb603cde4de4cd2e29 Mon Sep 17 00:00:00 2001
> +From: Michael Catanzaro <mcatanzaro@redhat.com>
> +Date: Thu, 19 Sep 2024 18:35:53 +0100
> +Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in connect
> + messages
> +
> +`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul
> +byte in the connect message, which is an addition in SOCKSv4a vs
> +SOCKSv4.
> +
> +This means that the buffer for building and transmitting the connect
> +message could be overflowed if the username and hostname are both
> +`SOCKS4_MAX_LEN` (255) bytes long.
> +
> +Proxy configurations are normally statically configured, so the username
> +is very unlikely to be near its maximum length, and hence this overflow
> +is unlikely to be triggered in practice.
> +
> +(Commit message by Philip Withnall, diagnosis and fix by Michael
> +Catanzaro.)
> +
> +Fixes: #3461
> +
> +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/ec0b708b981af77fef8e4bbb603cde4de4cd2e29]
> +CVE: CVE-2024-52533
> +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> +---
> + gio/gsocks4aproxy.c | 4 ++--
> + 1 file changed, 2 insertions(+), 2 deletions(-)
> +
> +diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c
> +index 3dad118eb7..b3146d08fd 100644
> +--- a/gio/gsocks4aproxy.c
> ++++ b/gio/gsocks4aproxy.c
> +@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy)
> +  * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
> +  * | VN | CD | DSTPORT |      DSTIP        | USERID       |NULL| HOST |    | NULL |
> +  * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
> +- *    1    1      2              4           variable       1    variable
> ++ *    1    1      2              4           variable       1    variable    1
> +  */
> +-#define SOCKS4_CONN_MSG_LEN       (9 + SOCKS4_MAX_LEN * 2)
> ++#define SOCKS4_CONN_MSG_LEN       (10 + SOCKS4_MAX_LEN * 2)
> + static gint
> + set_connect_msg (guint8      *msg,
> +                const gchar *hostname,
> +--
> +GitLab
> +
> diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
> index 35b51a3ec9..c628ac19af 100644
> --- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
> +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
> @@ -49,6 +49,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
>             file://CVE-2024-34397_16.patch \
>             file://CVE-2024-34397_17.patch \
>             file://CVE-2024-34397_18.patch \
> +           file://CVE-2024-52533.patch \
>             "
>  SRC_URI:append:class-native = " file://relocate-modules.patch"
>
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#207156): https://lists.openembedded.org/g/openembedded-core/message/207156
> Mute This Topic: https://lists.openembedded.org/mt/109572074/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Hi Steve,

It looks like tzdata update to 2024b causing the ptest failures for glib2.0
in the file "glib/gdatetime.test" not with CVE -2024-52533.

Below commit is missing in the kirkstone-nut

https://git.openembedded.org/openembedded-core/commit/?id=0c8f87d5d4ec9f286b1e85d114cb9a728c1ff64b

I think we need to pull/merge the above commit along with the tzdata update
to 2024b.
https://git.openembedded.org/openembedded-core-contrib/commit/?h=stable/kirkstone-nut&id=723c32ff858ccfd5a69e63e681a57903af928fd5

Reference: https://lists.openembedded.org/g/openembedded-core/message/206095

Thanks & Regards,
Vijay

On Tue, Nov 19, 2024 at 2:45 AM Steve Sakoman <steve@sakoman.com> wrote:

> Unfortunately I am getting ptest errors with this patch on both
> qemux86-64 and and qemuarm64:
>
> AssertionError: Failed ptests:
> {'glib-2.0': ['glib/gdatetime.test']}
>
> https://valkyrie.yoctoproject.org/#/builders/73/builds/403
> https://valkyrie.yoctoproject.org/#/builders/61/builds/403
>
> Steve
>
> On Thu, Nov 14, 2024 at 4:39 AM Vijay Anusuri via
> lists.openembedded.org <vanusuri=mvista.com@lists.openembedded.org>
> wrote:
> >
> > From: Vijay Anusuri <vanusuri@mvista.com>
> >
> > Upstream-Status: Backport from
> https://gitlab.gnome.org/GNOME/glib/-/commit/ec0b708b981af77fef8e4bbb603cde4de4cd2e29
> >
> > Reference: https://security-tracker.debian.org/tracker/CVE-2024-52533
> >
> > Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> > ---
> >  .../glib-2.0/glib-2.0/CVE-2024-52533.patch    | 49 +++++++++++++++++++
> >  meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb |  1 +
> >  2 files changed, 50 insertions(+)
> >  create mode 100644
> meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch
> >
> > diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch
> b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch
> > new file mode 100644
> > index 0000000000..3a06a9d782
> > --- /dev/null
> > +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch
> > @@ -0,0 +1,49 @@
> > +From ec0b708b981af77fef8e4bbb603cde4de4cd2e29 Mon Sep 17 00:00:00 2001
> > +From: Michael Catanzaro <mcatanzaro@redhat.com>
> > +Date: Thu, 19 Sep 2024 18:35:53 +0100
> > +Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in
> connect
> > + messages
> > +
> > +`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul
> > +byte in the connect message, which is an addition in SOCKSv4a vs
> > +SOCKSv4.
> > +
> > +This means that the buffer for building and transmitting the connect
> > +message could be overflowed if the username and hostname are both
> > +`SOCKS4_MAX_LEN` (255) bytes long.
> > +
> > +Proxy configurations are normally statically configured, so the username
> > +is very unlikely to be near its maximum length, and hence this overflow
> > +is unlikely to be triggered in practice.
> > +
> > +(Commit message by Philip Withnall, diagnosis and fix by Michael
> > +Catanzaro.)
> > +
> > +Fixes: #3461
> > +
> > +Upstream-Status: Backport [
> https://gitlab.gnome.org/GNOME/glib/-/commit/ec0b708b981af77fef8e4bbb603cde4de4cd2e29
> ]
> > +CVE: CVE-2024-52533
> > +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> > +---
> > + gio/gsocks4aproxy.c | 4 ++--
> > + 1 file changed, 2 insertions(+), 2 deletions(-)
> > +
> > +diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c
> > +index 3dad118eb7..b3146d08fd 100644
> > +--- a/gio/gsocks4aproxy.c
> > ++++ b/gio/gsocks4aproxy.c
> > +@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy)
> > +  *
> +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
> > +  * | VN | CD | DSTPORT |      DSTIP        | USERID       |NULL| HOST
> |    | NULL |
> > +  *
> +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
> > +- *    1    1      2              4           variable       1
> variable
> > ++ *    1    1      2              4           variable       1
> variable    1
> > +  */
> > +-#define SOCKS4_CONN_MSG_LEN       (9 + SOCKS4_MAX_LEN * 2)
> > ++#define SOCKS4_CONN_MSG_LEN       (10 + SOCKS4_MAX_LEN * 2)
> > + static gint
> > + set_connect_msg (guint8      *msg,
> > +                const gchar *hostname,
> > +--
> > +GitLab
> > +
> > diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
> b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
> > index 35b51a3ec9..c628ac19af 100644
> > --- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
> > +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
> > @@ -49,6 +49,7 @@ SRC_URI =
> "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
> >             file://CVE-2024-34397_16.patch \
> >             file://CVE-2024-34397_17.patch \
> >             file://CVE-2024-34397_18.patch \
> > +           file://CVE-2024-52533.patch \
> >             "
> >  SRC_URI:append:class-native = " file://relocate-modules.patch"
> >
> > --
> > 2.25.1
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#207156):
> https://lists.openembedded.org/g/openembedded-core/message/207156
> > Mute This Topic: https://lists.openembedded.org/mt/109572074/3620601
> > Group Owner: openembedded-core+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> steve@sakoman.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
>

Hi Vijay,

Thanks for investigating this.  I'll take care of adding the missing changes.

Steve

On Mon, Nov 18, 2024 at 8:34 PM Vijay Anusuri <vanusuri@mvista.com> wrote:
>
> Hi Steve,
>
> It looks like tzdata update to 2024b causing the ptest failures for glib2.0 in the file "glib/gdatetime.test" not with CVE -2024-52533.
>
> Below commit is missing in the kirkstone-nut
>
> https://git.openembedded.org/openembedded-core/commit/?id=0c8f87d5d4ec9f286b1e85d114cb9a728c1ff64b
>
> I think we need to pull/merge the above commit along with the tzdata update to 2024b.
> https://git.openembedded.org/openembedded-core-contrib/commit/?h=stable/kirkstone-nut&id=723c32ff858ccfd5a69e63e681a57903af928fd5
>
> Reference: https://lists.openembedded.org/g/openembedded-core/message/206095
>
> Thanks & Regards,
> Vijay
>
> On Tue, Nov 19, 2024 at 2:45 AM Steve Sakoman <steve@sakoman.com> wrote:
>>
>> Unfortunately I am getting ptest errors with this patch on both
>> qemux86-64 and and qemuarm64:
>>
>> AssertionError: Failed ptests:
>> {'glib-2.0': ['glib/gdatetime.test']}
>>
>> https://valkyrie.yoctoproject.org/#/builders/73/builds/403
>> https://valkyrie.yoctoproject.org/#/builders/61/builds/403
>>
>> Steve
>>
>> On Thu, Nov 14, 2024 at 4:39 AM Vijay Anusuri via
>> lists.openembedded.org <vanusuri=mvista.com@lists.openembedded.org>
>> wrote:
>> >
>> > From: Vijay Anusuri <vanusuri@mvista.com>
>> >
>> > Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/glib/-/commit/ec0b708b981af77fef8e4bbb603cde4de4cd2e29
>> >
>> > Reference: https://security-tracker.debian.org/tracker/CVE-2024-52533
>> >
>> > Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
>> > ---
>> >  .../glib-2.0/glib-2.0/CVE-2024-52533.patch    | 49 +++++++++++++++++++
>> >  meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb |  1 +
>> >  2 files changed, 50 insertions(+)
>> >  create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch
>> >
>> > diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch
>> > new file mode 100644
>> > index 0000000000..3a06a9d782
>> > --- /dev/null
>> > +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2024-52533.patch
>> > @@ -0,0 +1,49 @@
>> > +From ec0b708b981af77fef8e4bbb603cde4de4cd2e29 Mon Sep 17 00:00:00 2001
>> > +From: Michael Catanzaro <mcatanzaro@redhat.com>
>> > +Date: Thu, 19 Sep 2024 18:35:53 +0100
>> > +Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in connect
>> > + messages
>> > +
>> > +`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul
>> > +byte in the connect message, which is an addition in SOCKSv4a vs
>> > +SOCKSv4.
>> > +
>> > +This means that the buffer for building and transmitting the connect
>> > +message could be overflowed if the username and hostname are both
>> > +`SOCKS4_MAX_LEN` (255) bytes long.
>> > +
>> > +Proxy configurations are normally statically configured, so the username
>> > +is very unlikely to be near its maximum length, and hence this overflow
>> > +is unlikely to be triggered in practice.
>> > +
>> > +(Commit message by Philip Withnall, diagnosis and fix by Michael
>> > +Catanzaro.)
>> > +
>> > +Fixes: #3461
>> > +
>> > +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/ec0b708b981af77fef8e4bbb603cde4de4cd2e29]
>> > +CVE: CVE-2024-52533
>> > +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
>> > +---
>> > + gio/gsocks4aproxy.c | 4 ++--
>> > + 1 file changed, 2 insertions(+), 2 deletions(-)
>> > +
>> > +diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c
>> > +index 3dad118eb7..b3146d08fd 100644
>> > +--- a/gio/gsocks4aproxy.c
>> > ++++ b/gio/gsocks4aproxy.c
>> > +@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy)
>> > +  * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
>> > +  * | VN | CD | DSTPORT |      DSTIP        | USERID       |NULL| HOST |    | NULL |
>> > +  * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
>> > +- *    1    1      2              4           variable       1    variable
>> > ++ *    1    1      2              4           variable       1    variable    1
>> > +  */
>> > +-#define SOCKS4_CONN_MSG_LEN       (9 + SOCKS4_MAX_LEN * 2)
>> > ++#define SOCKS4_CONN_MSG_LEN       (10 + SOCKS4_MAX_LEN * 2)
>> > + static gint
>> > + set_connect_msg (guint8      *msg,
>> > +                const gchar *hostname,
>> > +--
>> > +GitLab
>> > +
>> > diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
>> > index 35b51a3ec9..c628ac19af 100644
>> > --- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
>> > +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb
>> > @@ -49,6 +49,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
>> >             file://CVE-2024-34397_16.patch \
>> >             file://CVE-2024-34397_17.patch \
>> >             file://CVE-2024-34397_18.patch \
>> > +           file://CVE-2024-52533.patch \
>> >             "
>> >  SRC_URI:append:class-native = " file://relocate-modules.patch"
>> >
>> > --
>> > 2.25.1
>> >
>> >
>> > -=-=-=-=-=-=-=-=-=-=-=-
>> > Links: You receive all messages sent to this group.
>> > View/Reply Online (#207156): https://lists.openembedded.org/g/openembedded-core/message/207156
>> > Mute This Topic: https://lists.openembedded.org/mt/109572074/3620601
>> > Group Owner: openembedded-core+owner@lists.openembedded.org
>> > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
>> > -=-=-=-=-=-=-=-=-=-=-=-
>> >