[RFC] glib-2.0: update 2.84.4 -> 2.85.4

Message ID	20250904081212.1692731-1-f_l_k@t-online.de
State	New
Headers	show Return-Path: <f_l_k@t-online.de> ip: 194.25.134.22, mailfrom: f_l_k@t-online.de) From: Markus Volk <f_l_k@t-online.de> To: openembedded-core@lists.openembedded.org Subject: [oe-core][RFC][PATCH] glib-2.0: update 2.84.4 -> 2.85.4 Date: Thu, 4 Sep 2025 10:12:12 +0200 Message-ID: <20250904081212.1692731-1-f_l_k@t-online.de> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable
Series	[RFC] glib-2.0: update 2.84.4 -> 2.85.4 \| expand [RFC] glib-2.0: update 2.84.4 -> 2.85.4

diff --git a/meta/recipes-core/glib-2.0/files/CVE-2025-6052-1.patch b/meta/recipes-core/glib-2.0/files/CVE-2025-6052-1.patch deleted file mode 100644 index a344735ee4..0000000000 --- a/meta/recipes-core/glib-2.0/files/CVE-2025-6052-1.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 6aa97beda32bb337370858862f4efe2f3372619f Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann <tobias@stoeckmann.org> -Date: Mon, 7 Jul 2025 20:52:24 +0200 -Subject: [PATCH] gstring: Fix g_string_sized_new segmentation fault - -If glib is compiled with -Dglib_assert=false, i.e. no asserts -enabled, then g_string_sized_new(G_MAXSIZE) leads to a segmentation -fault due to an out of boundary write. - -This happens because the overflow check was moved into -g_string_maybe_expand which is not called by g_string_sized_new. - -By assuming that string->allocated_len is always larger than -string->len (and the code would be in huge trouble if that is not true), -the G_UNLIKELY check in g_string_maybe_expand can be rephrased to -avoid a potential G_MAXSIZE overflow. - -This in turn leads to 150-200 bytes smaller compiled library -depending on gcc and clang versions, and one less check for the most -common code paths. - -Reverts https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4655 and -reorders internal g_string_maybe_expand check to still fix -CVE-2025-6052. - -CVE: CVE-2025-6052 -Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/6aa97beda32bb337370858862f4efe2f3372619f] -Signed-off-by: Peter Marko <peter.marko@siemens.com> ---- - glib/gstring.c | 10 +++++----- - glib/tests/string.c | 18 ++++++++++++++++++ - 2 files changed, 23 insertions(+), 5 deletions(-) - -diff --git a/glib/gstring.c b/glib/gstring.c -index 010a8e976..24c4bfb40 100644 ---- a/glib/gstring.c -+++ b/glib/gstring.c -@@ -68,6 +68,10 @@ static void - g_string_expand (GString *string, - gsize len) - { -+ /* Detect potential overflow */ -+ if G_UNLIKELY ((G_MAXSIZE - string->len - 1) < len) -+ g_error ("adding %" G_GSIZE_FORMAT " to string would overflow", len); -+ - string->allocated_len = g_nearest_pow (string->len + len + 1); - /* If the new size is bigger than G_MAXSIZE / 2, only allocate enough - * memory for this string and don't over-allocate. -@@ -82,11 +86,7 @@ static inline void - g_string_maybe_expand (GString *string, - gsize len) - { -- /* Detect potential overflow */ -- if G_UNLIKELY ((G_MAXSIZE - string->len - 1) < len) -- g_error ("adding %" G_GSIZE_FORMAT " to string would overflow", len); -- -- if (G_UNLIKELY (string->len + len >= string->allocated_len)) -+ if (G_UNLIKELY (len >= string->allocated_len - string->len)) - g_string_expand (string, len); - } - -diff --git a/glib/tests/string.c b/glib/tests/string.c -index aa363c57a..e3bc4a02e 100644 ---- a/glib/tests/string.c -+++ b/glib/tests/string.c -@@ -767,6 +767,23 @@ test_string_new_take_null (void) - g_string_free (g_steal_pointer (&string), TRUE); - } - -+static void -+test_string_sized_new (void) -+{ -+ -+ if (g_test_subprocess ()) -+ { -+ GString *string = g_string_sized_new (G_MAXSIZE); -+ g_string_free (string, TRUE); -+ } -+ else -+ { -+ g_test_trap_subprocess (NULL, 0, G_TEST_SUBPROCESS_DEFAULT); -+ g_test_trap_assert_failed (); -+ g_test_trap_assert_stderr ("*string would overflow*"); -+ } -+} -+ - int - main (int argc, - char *argv[]) -@@ -796,6 +813,7 @@ main (int argc, - g_test_add_func ("/string/test-string-steal", test_string_steal); - g_test_add_func ("/string/test-string-new-take", test_string_new_take); - g_test_add_func ("/string/test-string-new-take/null", test_string_new_take_null); -+ g_test_add_func ("/string/sized-new", test_string_sized_new); - - return g_test_run(); - } diff --git a/meta/recipes-core/glib-2.0/files/CVE-2025-6052-2.patch b/meta/recipes-core/glib-2.0/files/CVE-2025-6052-2.patch deleted file mode 100644 index 703dfdf46c..0000000000 --- a/meta/recipes-core/glib-2.0/files/CVE-2025-6052-2.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 3752760c5091eaed561ec11636b069e529533514 Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann <tobias@stoeckmann.org> -Date: Mon, 7 Jul 2025 20:57:41 +0200 -Subject: [PATCH] gstring: Improve g_string_append_len_inline checks - -Use the same style for the G_LIKELY check here as in g_string_sized_new. -The check could overflow on 32 bit systems. - -Also improve the memcpy/memmove check to use memcpy if val itself is -adjacent to end + len_unsigned, which means that no overlapping exists. - -CVE: CVE-2025-6052 -Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/3752760c5091eaed561ec11636b069e529533514] -Signed-off-by: Peter Marko <peter.marko@siemens.com> ---- - glib/gstring.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/glib/gstring.h b/glib/gstring.h -index e817176c9..c5e64b33a 100644 ---- a/glib/gstring.h -+++ b/glib/gstring.h -@@ -232,10 +232,10 @@ g_string_append_len_inline (GString *gstring, - else - len_unsigned = (gsize) len; - -- if (G_LIKELY (gstring->len + len_unsigned < gstring->allocated_len)) -+ if (G_LIKELY (len_unsigned < gstring->allocated_len - gstring->len)) - { - char *end = gstring->str + gstring->len; -- if (G_LIKELY (val + len_unsigned <= end || val > end + len_unsigned)) -+ if (G_LIKELY (val + len_unsigned <= end || val >= end + len_unsigned)) - memcpy (end, val, len_unsigned); - else - memmove (end, val, len_unsigned); diff --git a/meta/recipes-core/glib-2.0/glib-2.0-initial_2.84.4.bb b/meta/recipes-core/glib-2.0/glib-2.0-initial_2.85.4.bb similarity index 100% rename from meta/recipes-core/glib-2.0/glib-2.0-initial_2.84.4.bb rename to meta/recipes-core/glib-2.0/glib-2.0-initial_2.85.4.bb diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.84.4.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.85.4.bb similarity index 100% rename from meta/recipes-core/glib-2.0/glib-2.0_2.84.4.bb rename to meta/recipes-core/glib-2.0/glib-2.0_2.85.4.bb diff --git a/meta/recipes-core/glib-2.0/glib.inc b/meta/recipes-core/glib-2.0/glib.inc index c80396a0f1..c7fc0f3c8d 100644 --- a/meta/recipes-core/glib-2.0/glib.inc +++ b/meta/recipes-core/glib-2.0/glib.inc @@ -231,14 +231,12 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \ file://0010-Do-not-hardcode-python-path-into-various-tools.patch \ file://skip-timeout.patch \ - file://CVE-2025-6052-1.patch \ - file://CVE-2025-6052-2.patch \ " SRC_URI:append:class-native = " file://relocate-modules.patch \ file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \ " -SRC_URI[sha256sum] = "8a9ea10943c36fc117e253f80c91e477b673525ae45762942858aef57631bb90" +SRC_URI[sha256sum] = "432d84c8e44fe689ff70a5d88dab6d0f70d5efcf7460b965ac560dbac3c6c185" # Find any meson cross files in FILESPATH that are relevant for the current # build (using siteinfo) and add them to EXTRA_OEMESON.

[RFC] glib-2.0: update 2.84.4 -> 2.85.4

Commit Message

Patch