diff mbox series

[meta-oe,scarthgap,1/2] glade: fix CVE-2020-36774

Message ID 20250116134501.348974-1-peng.zhang1.cn@windriver.com
State New
Headers show
Series [meta-oe,scarthgap,1/2] glade: fix CVE-2020-36774 | expand

Commit Message

Peng Zhang Jan. 16, 2025, 1:45 p.m. UTC 
From: Zhang Peng <peng.zhang1.cn@windriver.com>

CVE-2020-36774:
plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x
before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a
denial of service (application crash).

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2020-36774]

Upstream patches:
[https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
---
 .../glade/glade/CVE-2020-36774.patch          | 54 +++++++++++++++++++
 .../recipes-devtools/glade/glade_3.22.2.bb    |  1 +
 2 files changed, 55 insertions(+)
 create mode 100644 meta-oe/recipes-devtools/glade/glade/CVE-2020-36774.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-devtools/glade/glade/CVE-2020-36774.patch b/meta-oe/recipes-devtools/glade/glade/CVE-2020-36774.patch
new file mode 100644
index 000000000..5049b44e5
--- /dev/null
+++ b/meta-oe/recipes-devtools/glade/glade/CVE-2020-36774.patch
@@ -0,0 +1,54 @@ 
+From 7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17 Mon Sep 17 00:00:00 2001
+From: Juan Pablo Ugarte <juanpablougarte@gmail.com>
+Date: Fri, 2 Oct 2020 16:08:23 -0300
+Subject: [PATCH] GladeGtkBox: fix glade_gtk_box_post_create
+
+Some widgets with contruct properties like GtkMessageDialog get
+rebuilt right after they are created on project loading so we need
+to check glade_project_is_loading() intead of GLADE_CREATE_LOAD
+and use the object ad the connect data to make sure it gets disconected
+if it was the object being rebuilt
+
+Fix issue #479 "Glade 3.36.0 segfaults when opening a file"
+
+CVE: CVE-2020-36774
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17]
+
+Signed-off-by: Peng Zhang <peng.zhang1.cn@windriver.com>
+---
+ plugins/gtk+/glade-gtk-box.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/plugins/gtk+/glade-gtk-box.c b/plugins/gtk+/glade-gtk-box.c
+index 0c157a6d..a0252b6a 100644
+--- a/plugins/gtk+/glade-gtk-box.c
++++ b/plugins/gtk+/glade-gtk-box.c
+@@ -58,9 +58,9 @@ glade_gtk_box_create_editable (GladeWidgetAdaptor *adaptor,
+ }
+ 
+ static void
+-glade_gtk_box_parse_finished (GladeProject * project, GladeWidget *gbox)
++glade_gtk_box_parse_finished (GladeProject *project, GObject *box)
+ {
+-  GObject *box = glade_widget_get_object (gbox);
++  GladeWidget *gbox = glade_widget_get_from_gobject (box);
+ 
+   glade_widget_property_set (gbox, "use-center-child",
+                              gtk_box_get_center_widget (GTK_BOX (box)) != NULL);
+@@ -87,11 +87,11 @@ glade_gtk_box_post_create (GladeWidgetAdaptor *adaptor,
+   g_signal_connect (G_OBJECT (gwidget), "configure-end",
+                     G_CALLBACK (glade_gtk_box_configure_end), container);
+ 
+-  if (reason == GLADE_CREATE_LOAD)
++  if (glade_project_is_loading (project))
+     {
+       g_signal_connect_object (project, "parse-finished",
+                                G_CALLBACK (glade_gtk_box_parse_finished),
+-                               gwidget, 0);
++                               container, 0);
+     }
+ }
+ 
+-- 
+GitLab
+
diff --git a/meta-oe/recipes-devtools/glade/glade_3.22.2.bb b/meta-oe/recipes-devtools/glade/glade_3.22.2.bb
index d11751a4b..4a1c5fc8a 100644
--- a/meta-oe/recipes-devtools/glade/glade_3.22.2.bb
+++ b/meta-oe/recipes-devtools/glade/glade_3.22.2.bb
@@ -17,6 +17,7 @@  ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
 
 SRC_URI = "http://ftp.gnome.org/pub/GNOME/sources/glade/3.22/glade-${PV}.tar.xz \
            file://remove-yelp-help-rules-var.patch \
+           file://CVE-2020-36774.patch \
           "
 SRC_URI[md5sum] = "c074fa378c8f1ad80d20133c4ae6f42d"
 SRC_URI[sha256sum] = "edefa6eb24b4d15bd52589121dc109bc08c286157c41288deb74dd9cc3f26a21"