From patchwork Mon Aug 18 19:58:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Marko X-Patchwork-Id: 68732 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4CBEACA0EE4 for ; Mon, 18 Aug 2025 20:00:02 +0000 (UTC) Received: from mta-65-228.siemens.flowmailer.net (mta-65-228.siemens.flowmailer.net [185.136.65.228]) by mx.groups.io with SMTP id smtpd.web10.823.1755547192926952799 for ; Mon, 18 Aug 2025 12:59:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=peter.marko@siemens.com header.s=fm2 header.b=A5bs/Hao; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.228, mailfrom: fm-256628-20250818195950c92021bce9e4a2fa14-mikgx3@rts-flowmailer.siemens.com) Received: by mta-65-228.siemens.flowmailer.net with ESMTPSA id 20250818195950c92021bce9e4a2fa14 for ; Mon, 18 Aug 2025 21:59:50 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm2; d=siemens.com; i=peter.marko@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To; bh=X3LQFOPX9GS/v7uvGzGJswcT1YaR15ISMC89fKw/SBE=; b=A5bs/HaoQ+5I2hzTnPUISOms0KizEu5uCNlLQrArB5QwEctxNnGUEd3fJjW+BrFxcm+6jG SRTOo1ECmrVtBzGRo25bmMBy41szvrRG3I6EmH6pEhB4QBsOuQxGuEAE8TtfdpJHh/7A8sN/ PGwxY7l91/QLBniFFDl8DTzq8Se4V0u2phd1hlLJADg137E+tFYoBeyuCncQHUv38El7FRAi SFHeWyJm+/i8hdynTJEz+YWQ6SyTQJXAGZGMxb2Bm2Q+6jILIP6wvWlXKQZDDbqCqz9929Ad 7yNPCeNcX1ZaDirwALiQ0noAZqDfira9a/s6VQIL3+iqrufEdCQ9IUrw==; From: Peter Marko To: openembedded-core@lists.openembedded.org Cc: Markus Volk , Richard Purdie , Peter Marko Subject: [OE-core][walnascar][PATCH 1/4] glib-2.0: update 2.84.0 -> 2.84.1 Date: Mon, 18 Aug 2025 21:58:54 +0200 Message-Id: <20250818195857.2459975-1-peter.marko@siemens.com> In-Reply-To: <20250818172457.1683617-1-peter.marko@siemens.com> References: <20250818172457.1683617-1-peter.marko@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-256628:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 18 Aug 2025 20:00:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/222050 From: Markus Volk - remove backport patch Overview of changes in GLib 2.84.1, 2025-04-03 ============================================== * Fix test failure when building against gobject-introspection ≥1.83.4 (#3634, work by Philip Withnall) * Bugs fixed: - #3630 2.84.0 build failure on Linux: ../gio/gnetworkmonitornetlink.c:47:10: fatal error: netlink/netlink_route.h: No such file or directory (Philip Withnall) - #3634 test failure with gobject-introspection 1.83.4: warning: element doc:format from state 3 is unknown, ignoring (Philip Withnall) - #3636 gio/trash does not handle special characters well - #3642 `g_cancellable_connect()` documentation incorrect (Marco Trevisan (Treviño)) - #3643 g_cancellable_connect(): is it safe to unref cancellable from callback? (Marco Trevisan (Treviño)) - #3649 Crash with some registry key values in GWin32AppInfo (Philip Withnall) - !4484 Memory sanitizer fixes - !4489 gobject: Be consistent in using atomic logic to handle the GParamSpecPool - !4541 gsettings: Port docs to gi-docgen format, add missing annotations and make various improvements - !4544 tests: Don't install runner scripts without installed_tests - !4545 Update French translation - !4547 Update Catalan translation - !4548 Update Turkish translation - !4551 Updated Danish translation - !4552 Update Persian translation - !4553 docs: Document GSignalFlags members added after 2.0 - !4554 Update Indonesian translation - !4555 tests: Add a test for g_object_freeze_notify() being called too often - !4557 gfileinfo: Slightly expand docs for g_file_info_get_attribute_as_string() - !4558 gi: Dynamically set doc-format - !4561 tests: Various fixes to create temporary files in /tmp rather than the build directory - !4562 gdbusnameowning: Convert docs to gi-docgen linking syntax - !4563 giounix-private: Fix macro for checking for epoll_create1() - !4565 Fix LGPL in header - !4567 gutils: make documentation of g_set_prgname() clearer - !4568 docs: Add some detail - !4569 Update Romanian translation - !4570 gspawn-win32: Fix potential integer overflows in argv handling - !4571 gvarianttype: Improve docs on type validation * Translation updates: - Catalan (Jordi Mas) - Danish (Ask Hjorth Larsen) - French (Vincent Chatelain) - Indonesian (Andika Triwidada) - Persian (Danial Behzadi) - Romanian (Antonio Marin) - Turkish (Sabri Ünal) (From OE-Core rev: 676b9acbe94f055a351da3bdcfbe457411e1877c) Signed-off-by: Markus Volk Signed-off-by: Richard Purdie This upgrade fixes CVE-2025-4056 Signed-off-by: Peter Marko --- ...664e6f1a29e0d5f301979f6d168b08435a61.patch | 75 ------------------- ...l_2.84.0.bb => glib-2.0-initial_2.84.1.bb} | 0 ...{glib-2.0_2.84.0.bb => glib-2.0_2.84.1.bb} | 0 meta/recipes-core/glib-2.0/glib.inc | 3 +- 4 files changed, 1 insertion(+), 77 deletions(-) delete mode 100644 meta/recipes-core/glib-2.0/files/aee0664e6f1a29e0d5f301979f6d168b08435a61.patch rename meta/recipes-core/glib-2.0/{glib-2.0-initial_2.84.0.bb => glib-2.0-initial_2.84.1.bb} (100%) rename meta/recipes-core/glib-2.0/{glib-2.0_2.84.0.bb => glib-2.0_2.84.1.bb} (100%) diff --git a/meta/recipes-core/glib-2.0/files/aee0664e6f1a29e0d5f301979f6d168b08435a61.patch b/meta/recipes-core/glib-2.0/files/aee0664e6f1a29e0d5f301979f6d168b08435a61.patch deleted file mode 100644 index 28bce02dc3..0000000000 --- a/meta/recipes-core/glib-2.0/files/aee0664e6f1a29e0d5f301979f6d168b08435a61.patch +++ /dev/null @@ -1,75 +0,0 @@ -From aee0664e6f1a29e0d5f301979f6d168b08435a61 Mon Sep 17 00:00:00 2001 -From: Philip Withnall -Date: Mon, 10 Mar 2025 15:21:15 +0000 -Subject: [PATCH] girparser: Ignore new doc:format element in GIR files -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -As of gobject-introspection 1.83.2, a new `` -element is supported (as a child of ``) in GIR files. - -For the moment, this information isn’t needed in libgirepository — but -the GIR parser does have to know about the element in order to not throw -an error claiming it’s invalid. - -This is a slightly tweaked version of the code added to -gobject-introspection.git in commit -9544cd6c962fab2c3203898779948309833e2439 by Corentin Noël -, reformatted slightly to fit in with -GLib’s style guidelines. - -This is backwards compatible and does not require a new -gobject-introspection version. - -Signed-off-by: Philip Withnall - -Fixes: #3634 - -Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/aee0664e6f1a29e0d5f301979f6d168b08435a61.patch] - -Signed-off-by: Markus Volk ---- - girepository/girparser.c | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/girepository/girparser.c b/girepository/girparser.c -index 63143718d9..be88d871a4 100644 ---- a/girepository/girparser.c -+++ b/girepository/girparser.c -@@ -107,7 +107,8 @@ typedef enum - STATE_ALIAS, - STATE_TYPE, - STATE_ATTRIBUTE, -- STATE_PASSTHROUGH -+ STATE_PASSTHROUGH, -+ STATE_DOC_FORMAT, /* 35 */ - } ParseState; - - typedef struct _ParseContext ParseContext; -@@ -3159,6 +3160,11 @@ start_element_handler (GMarkupParseContext *context, - state_switch (ctx, STATE_PASSTHROUGH); - goto out; - } -+ else if (strcmp ("doc:format", element_name) == 0) -+ { -+ state_switch (ctx, STATE_DOC_FORMAT); -+ goto out; -+ } - break; - - case 'e': -@@ -3843,6 +3849,10 @@ end_element_handler (GMarkupParseContext *context, - state_switch (ctx, ctx->prev_state); - } - break; -+ case STATE_DOC_FORMAT: -+ if (require_end_element (context, ctx, "doc:format", element_name, error)) -+ state_switch (ctx, STATE_REPOSITORY); -+ break; - - case STATE_PASSTHROUGH: - ctx->unknown_depth -= 1; --- -GitLab - diff --git a/meta/recipes-core/glib-2.0/glib-2.0-initial_2.84.0.bb b/meta/recipes-core/glib-2.0/glib-2.0-initial_2.84.1.bb similarity index 100% rename from meta/recipes-core/glib-2.0/glib-2.0-initial_2.84.0.bb rename to meta/recipes-core/glib-2.0/glib-2.0-initial_2.84.1.bb diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.84.0.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.84.1.bb similarity index 100% rename from meta/recipes-core/glib-2.0/glib-2.0_2.84.0.bb rename to meta/recipes-core/glib-2.0/glib-2.0_2.84.1.bb diff --git a/meta/recipes-core/glib-2.0/glib.inc b/meta/recipes-core/glib-2.0/glib.inc index 61e1a3ef17..4368e51df8 100644 --- a/meta/recipes-core/glib-2.0/glib.inc +++ b/meta/recipes-core/glib-2.0/glib.inc @@ -229,13 +229,12 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \ file://0010-Do-not-hardcode-python-path-into-various-tools.patch \ file://skip-timeout.patch \ - file://aee0664e6f1a29e0d5f301979f6d168b08435a61.patch \ " SRC_URI:append:class-native = " file://relocate-modules.patch \ file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \ " -SRC_URI[sha256sum] = "f8823600cb85425e2815cfad82ea20fdaa538482ab74e7293d58b3f64a5aff6a" +SRC_URI[sha256sum] = "2b4bc2ec49611a5fc35f86aca855f2ed0196e69e53092bab6bb73396bf30789a" # Find any meson cross files in FILESPATH that are relevant for the current # build (using siteinfo) and add them to EXTRA_OEMESON. From patchwork Mon Aug 18 19:58:55 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Marko X-Patchwork-Id: 68734 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2F157CA0ED1 for ; Mon, 18 Aug 2025 20:00:22 +0000 (UTC) Received: from mta-65-226.siemens.flowmailer.net (mta-65-226.siemens.flowmailer.net [185.136.65.226]) by mx.groups.io with SMTP id smtpd.web10.843.1755547213846848432 for ; Mon, 18 Aug 2025 13:00:14 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=peter.marko@siemens.com header.s=fm2 header.b=H9bwggMC; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.226, mailfrom: fm-256628-20250818200011f3a1285f0dbb19276b-dfysh2@rts-flowmailer.siemens.com) Received: by mta-65-226.siemens.flowmailer.net with ESMTPSA id 20250818200011f3a1285f0dbb19276b for ; Mon, 18 Aug 2025 22:00:11 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm2; d=siemens.com; i=peter.marko@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To; bh=9uRg8n4NYRT0xJs6rXkUTo7j6EuvEx2cS6UU3MGs5eQ=; b=H9bwggMC07saUxT3FcmBCSoM2J+n3TRZR7I70VorwyzwXD++qU8jpZFtBVaw3Fe7G6Uzuj m3tXmxEOABZthrRCkryFWOYbYydpFKeCAzTxK01GWWqIPuwZhzRFsuFxQxOWs3olzLk1WS0e G5yJo16+VLbatTuOI9aJ0gcCz1rQE9x8X4qWBQs2dFOrdLAn3eJ1MhriVTeCUc/3XRm6zC8x LOiv4EoQQZ2bk5X6Pl2tQuKZKIMq9M0dOpuX3NwcfUBhKm6DOUt5VVCmOXtH94kWrNLMhsH1 Wlctf4OjJEFqW+Xk2rXUvnuGa0HuxNCMJyeoO/t9+XT+rRShIZ4x6LwA==; From: Peter Marko To: openembedded-core@lists.openembedded.org Cc: Praveen Kumar , Mathieu Dubois-Briand , Richard Purdie , Peter Marko Subject: [OE-core][walnascar][PATCH 2/4] glib-2.0: update 2.84.1 -> 2.84.2 Date: Mon, 18 Aug 2025 21:58:55 +0200 Message-Id: <20250818195857.2459975-2-peter.marko@siemens.com> In-Reply-To: <20250818195857.2459975-1-peter.marko@siemens.com> References: <20250818172457.1683617-1-peter.marko@siemens.com> <20250818195857.2459975-1-peter.marko@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-256628:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 18 Aug 2025 20:00:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/222051 From: Praveen Kumar Overview of changes in GLib 2.84.2, 2025-05-20 ============================================== * Bugs fixed: - !4576 Backport !4575 “gclosure: fix ATOMIC_CHANGE_FIELD to read vint atomically” to glib-2-84 - !4595 Backport !4582 “Windows: fix wrong typelib path” to glib-2-84 - !4614 Backport "gstring: carefully handle gssize parameters" - !4616 Backport !4613 “Update macOS job for new CI runner” to glib-2-84 - !4623 Backport !4617 “gdate: Call tzset before localtime_r” to glib-2-84 - !4639 Backport -Wsign-conversion fixes for g_get_locale_variants() from !4590 to glib-2-84 - !4640 Backport !4620 “glocalfile: Disable faccessat()-based query_exists on Android” to glib-2-84 (From OE-Core rev: 3deb6b59f3fa91d4fa755f49dad4ac62c3a518fb) Signed-off-by: Praveen Kumar Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie Signed-off-by: Peter Marko --- .../{glib-2.0-initial_2.84.1.bb => glib-2.0-initial_2.84.2.bb} | 0 .../glib-2.0/{glib-2.0_2.84.1.bb => glib-2.0_2.84.2.bb} | 0 meta/recipes-core/glib-2.0/glib.inc | 2 +- 3 files changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-core/glib-2.0/{glib-2.0-initial_2.84.1.bb => glib-2.0-initial_2.84.2.bb} (100%) rename meta/recipes-core/glib-2.0/{glib-2.0_2.84.1.bb => glib-2.0_2.84.2.bb} (100%) diff --git a/meta/recipes-core/glib-2.0/glib-2.0-initial_2.84.1.bb b/meta/recipes-core/glib-2.0/glib-2.0-initial_2.84.2.bb similarity index 100% rename from meta/recipes-core/glib-2.0/glib-2.0-initial_2.84.1.bb rename to meta/recipes-core/glib-2.0/glib-2.0-initial_2.84.2.bb diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.84.1.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.84.2.bb similarity index 100% rename from meta/recipes-core/glib-2.0/glib-2.0_2.84.1.bb rename to meta/recipes-core/glib-2.0/glib-2.0_2.84.2.bb diff --git a/meta/recipes-core/glib-2.0/glib.inc b/meta/recipes-core/glib-2.0/glib.inc index 4368e51df8..819f3ff50a 100644 --- a/meta/recipes-core/glib-2.0/glib.inc +++ b/meta/recipes-core/glib-2.0/glib.inc @@ -234,7 +234,7 @@ SRC_URI:append:class-native = " file://relocate-modules.patch \ file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \ " -SRC_URI[sha256sum] = "2b4bc2ec49611a5fc35f86aca855f2ed0196e69e53092bab6bb73396bf30789a" +SRC_URI[sha256sum] = "88e960dd937057407d61fcb3b45a860704b25923c37ae2478b85f2ecb5a4021f" # Find any meson cross files in FILESPATH that are relevant for the current # build (using siteinfo) and add them to EXTRA_OEMESON. From patchwork Mon Aug 18 19:58:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Marko X-Patchwork-Id: 68733 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2E0DDCA0EE4 for ; Mon, 18 Aug 2025 20:00:22 +0000 (UTC) Received: from mta-65-227.siemens.flowmailer.net (mta-65-227.siemens.flowmailer.net [185.136.65.227]) by mx.groups.io with SMTP id smtpd.web11.743.1755547220269736559 for ; Mon, 18 Aug 2025 13:00:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=peter.marko@siemens.com header.s=fm2 header.b=Gm0esEdG; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.227, mailfrom: fm-256628-202508182000187c90863c3ffb4da718-yz2p7i@rts-flowmailer.siemens.com) Received: by mta-65-227.siemens.flowmailer.net with ESMTPSA id 202508182000187c90863c3ffb4da718 for ; Mon, 18 Aug 2025 22:00:18 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm2; d=siemens.com; i=peter.marko@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To; bh=b3LyHH6UXjcDTR+1o27dJw7TWKYaEeDBbptgsonybHA=; b=Gm0esEdGbAYIGRm3WgpoCZ7EZrhGXX4++L1BJS4EXwFbhseHT1XvCNmrHIdE/2gLV9d15e lC1SpUWRcrCc+zERmyiX5+b2hp5/dn6bRBi2x5sGhxfAHAg6p9MEcbLUTkeHN0qUOueDx9lA 1UvITFocqTvvno0U71npdmSGYvmYlOCGpZ24016/bDTZRSerQCFlupLmtmvNLB0MwMhJOkce PwxMI+6+mZpCT04sGZ1wF0Mql/A65I7ItxD2/dCt7GEi6gD0FQXYlyzIW8ssgqhmXdZzz4Lc 8rdMaiz64SC60xz3rOn0ohxnspA2+tecIj8iEUfHGh8Yc1Ht9fBvKGsw==; From: Peter Marko To: openembedded-core@lists.openembedded.org Cc: Peter Marko Subject: [OE-core][walnascar][PATCH 3/4] glib-2.0: update 2.84.2 -> 2.84.4 Date: Mon, 18 Aug 2025 21:58:56 +0200 Message-Id: <20250818195857.2459975-3-peter.marko@siemens.com> In-Reply-To: <20250818195857.2459975-1-peter.marko@siemens.com> References: <20250818172457.1683617-1-peter.marko@siemens.com> <20250818195857.2459975-1-peter.marko@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-256628:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 18 Aug 2025 20:00:22 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/222052 From: Peter Marko Overview of changes in GLib 2.84.4, 2025-08-08 ============================================== * Bugs fixed: - #3716 (CVE-2025-7039) (#YWH-PGM9867-104) Buffer Under-read on GLib through glib/gfileutils.c via get_tmp_file() (Michael Catanzaro) - #3721 GFile leak in g_local_file_set_display_name during error handling (Philip Withnall, Michael Catanzaro) - !4668 Backport !4667 “Incorrect output parameter handling in closure helper of g_settings_bind_with_mapping_closures” to glib-2-84 - !4675 Backport !4674 “gfileutils: fix computation of temporary file name” to glib-2-84 - !4679 Backport !4677 and !4678 “Fix GFile leak in g_local_file_set_display_name()” to glib-2-84 - !4697 Backport !4696 “gthreadpool: Catch pool_spawner creation failure” to glib-2-84 - !4705 Backport !4702 “gio/filenamecompleter: Fix leaks” to glib-2-84 - !4711 Backport !4708 “gfilenamecompleter: Fix g_object_unref() of undefined value” to glib-2-84 Overview of changes in GLib 2.84.3, 2025-06-13 ============================================== * Bugs fixed: - !4656 Backport !4655 “gstring: Fix overflow check when expanding the string” to glib-2-84 !4656 solves first half of CVE-2025-6052 Signed-off-by: Peter Marko --- .../files/0001-meson-Run-atomics-test-on-clang-as-well.patch | 2 +- ...1-meson.build-do-not-enable-pidfd-features-on-native-g.patch | 2 +- .../{glib-2.0-initial_2.84.2.bb => glib-2.0-initial_2.84.4.bb} | 0 .../glib-2.0/{glib-2.0_2.84.2.bb => glib-2.0_2.84.4.bb} | 0 meta/recipes-core/glib-2.0/glib.inc | 2 +- 5 files changed, 3 insertions(+), 3 deletions(-) rename meta/recipes-core/glib-2.0/{glib-2.0-initial_2.84.2.bb => glib-2.0-initial_2.84.4.bb} (100%) rename meta/recipes-core/glib-2.0/{glib-2.0_2.84.2.bb => glib-2.0_2.84.4.bb} (100%) diff --git a/meta/recipes-core/glib-2.0/files/0001-meson-Run-atomics-test-on-clang-as-well.patch b/meta/recipes-core/glib-2.0/files/0001-meson-Run-atomics-test-on-clang-as-well.patch index e5878a1428..5ad2a0375b 100644 --- a/meta/recipes-core/glib-2.0/files/0001-meson-Run-atomics-test-on-clang-as-well.patch +++ b/meta/recipes-core/glib-2.0/files/0001-meson-Run-atomics-test-on-clang-as-well.patch @@ -17,7 +17,7 @@ diff --git a/meson.build b/meson.build index a8bcadc..041b68e 100644 --- a/meson.build +++ b/meson.build -@@ -2075,7 +2075,7 @@ atomicdefine = ''' +@@ -2077,7 +2077,7 @@ atomicdefine = ''' # We know that we can always use real ("lock free") atomic operations with MSVC if cc.get_id() == 'msvc' or cc.get_id() == 'clang-cl' or cc.links(atomictest, name : 'atomic ops') have_atomic_lock_free = true diff --git a/meta/recipes-core/glib-2.0/files/0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch b/meta/recipes-core/glib-2.0/files/0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch index e512940e34..aa098da379 100644 --- a/meta/recipes-core/glib-2.0/files/0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch +++ b/meta/recipes-core/glib-2.0/files/0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch @@ -17,7 +17,7 @@ diff --git a/meson.build b/meson.build index 041b68e..155bfd4 100644 --- a/meson.build +++ b/meson.build -@@ -1073,7 +1073,8 @@ if cc.links('''#include +@@ -1075,7 +1075,8 @@ if cc.links('''#include waitid (P_PIDFD, 0, &child_info, WEXITED | WNOHANG); return 0; }''', name : 'pidfd_open(2) system call') diff --git a/meta/recipes-core/glib-2.0/glib-2.0-initial_2.84.2.bb b/meta/recipes-core/glib-2.0/glib-2.0-initial_2.84.4.bb similarity index 100% rename from meta/recipes-core/glib-2.0/glib-2.0-initial_2.84.2.bb rename to meta/recipes-core/glib-2.0/glib-2.0-initial_2.84.4.bb diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.84.2.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.84.4.bb similarity index 100% rename from meta/recipes-core/glib-2.0/glib-2.0_2.84.2.bb rename to meta/recipes-core/glib-2.0/glib-2.0_2.84.4.bb diff --git a/meta/recipes-core/glib-2.0/glib.inc b/meta/recipes-core/glib-2.0/glib.inc index 819f3ff50a..c171598bed 100644 --- a/meta/recipes-core/glib-2.0/glib.inc +++ b/meta/recipes-core/glib-2.0/glib.inc @@ -234,7 +234,7 @@ SRC_URI:append:class-native = " file://relocate-modules.patch \ file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \ " -SRC_URI[sha256sum] = "88e960dd937057407d61fcb3b45a860704b25923c37ae2478b85f2ecb5a4021f" +SRC_URI[sha256sum] = "8a9ea10943c36fc117e253f80c91e477b673525ae45762942858aef57631bb90" # Find any meson cross files in FILESPATH that are relevant for the current # build (using siteinfo) and add them to EXTRA_OEMESON. From patchwork Mon Aug 18 19:58:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Marko X-Patchwork-Id: 68735 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2F085CA0EE4 for ; Mon, 18 Aug 2025 20:00:32 +0000 (UTC) Received: from mta-65-226.siemens.flowmailer.net (mta-65-226.siemens.flowmailer.net [185.136.65.226]) by mx.groups.io with SMTP id smtpd.web10.852.1755547227121187442 for ; Mon, 18 Aug 2025 13:00:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=peter.marko@siemens.com header.s=fm2 header.b=J2V/r9tf; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.226, mailfrom: fm-256628-20250818200025bcc4596a7616170469-3dxuhk@rts-flowmailer.siemens.com) Received: by mta-65-226.siemens.flowmailer.net with ESMTPSA id 20250818200025bcc4596a7616170469 for ; Mon, 18 Aug 2025 22:00:25 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm2; d=siemens.com; i=peter.marko@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To; bh=PS2TDOit2U9nJC81mb9TpawOVaaLt/u2zx3Jge9pNEc=; b=J2V/r9tfUkoOIZxVGwxRQ6P+eejBB7dtrDGPBcRwKb38MZRemGbFO6cuMhDHFvqDQiPTvm +8iS3rYWEZZssKEAn3MxesIWJDxTAGL4roE+bnZyIRH+7MGvhzCwjkNZiAc0owTbHjxkIO8R L74KmpF6Chd6PBdtJ35/dqDD6N88elbIMef//3wUOFpIxTX3XrQn07VBYBo2OP08ZBzyHzof Om7VFY5RpLo0icoGAyaRgmXh8TM0x/bxdtIz6drZczO/mDrxqBH6n4zviQN+UOgQSHIp0Pvp BRk3WsXlKBRKzzU8Ecl3a2cg02TwqcQAcOomMCdSWWDzqZj9o7SSGYSA==; From: Peter Marko To: openembedded-core@lists.openembedded.org Cc: Peter Marko Subject: [OE-core][walnascar][PATCH 4/4] glib-2.0: patch CVE-2025-6052 Date: Mon, 18 Aug 2025 21:58:57 +0200 Message-Id: <20250818195857.2459975-4-peter.marko@siemens.com> In-Reply-To: <20250818195857.2459975-1-peter.marko@siemens.com> References: <20250818172457.1683617-1-peter.marko@siemens.com> <20250818195857.2459975-1-peter.marko@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-256628:519-21489:flowmailer List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 18 Aug 2025 20:00:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/222053 From: Peter Marko Backport commits from [1] which references this CVE. [1] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4681 Signed-off-by: Peter Marko --- .../glib-2.0/files/CVE-2025-6052-1.patch | 97 +++++++++++++++++++ .../glib-2.0/files/CVE-2025-6052-2.patch | 35 +++++++ meta/recipes-core/glib-2.0/glib.inc | 4 +- 3 files changed, 135 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-core/glib-2.0/files/CVE-2025-6052-1.patch create mode 100644 meta/recipes-core/glib-2.0/files/CVE-2025-6052-2.patch diff --git a/meta/recipes-core/glib-2.0/files/CVE-2025-6052-1.patch b/meta/recipes-core/glib-2.0/files/CVE-2025-6052-1.patch new file mode 100644 index 0000000000..a344735ee4 --- /dev/null +++ b/meta/recipes-core/glib-2.0/files/CVE-2025-6052-1.patch @@ -0,0 +1,97 @@ +From 6aa97beda32bb337370858862f4efe2f3372619f Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann +Date: Mon, 7 Jul 2025 20:52:24 +0200 +Subject: [PATCH] gstring: Fix g_string_sized_new segmentation fault + +If glib is compiled with -Dglib_assert=false, i.e. no asserts +enabled, then g_string_sized_new(G_MAXSIZE) leads to a segmentation +fault due to an out of boundary write. + +This happens because the overflow check was moved into +g_string_maybe_expand which is not called by g_string_sized_new. + +By assuming that string->allocated_len is always larger than +string->len (and the code would be in huge trouble if that is not true), +the G_UNLIKELY check in g_string_maybe_expand can be rephrased to +avoid a potential G_MAXSIZE overflow. + +This in turn leads to 150-200 bytes smaller compiled library +depending on gcc and clang versions, and one less check for the most +common code paths. + +Reverts https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4655 and +reorders internal g_string_maybe_expand check to still fix +CVE-2025-6052. + +CVE: CVE-2025-6052 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/6aa97beda32bb337370858862f4efe2f3372619f] +Signed-off-by: Peter Marko +--- + glib/gstring.c | 10 +++++----- + glib/tests/string.c | 18 ++++++++++++++++++ + 2 files changed, 23 insertions(+), 5 deletions(-) + +diff --git a/glib/gstring.c b/glib/gstring.c +index 010a8e976..24c4bfb40 100644 +--- a/glib/gstring.c ++++ b/glib/gstring.c +@@ -68,6 +68,10 @@ static void + g_string_expand (GString *string, + gsize len) + { ++ /* Detect potential overflow */ ++ if G_UNLIKELY ((G_MAXSIZE - string->len - 1) < len) ++ g_error ("adding %" G_GSIZE_FORMAT " to string would overflow", len); ++ + string->allocated_len = g_nearest_pow (string->len + len + 1); + /* If the new size is bigger than G_MAXSIZE / 2, only allocate enough + * memory for this string and don't over-allocate. +@@ -82,11 +86,7 @@ static inline void + g_string_maybe_expand (GString *string, + gsize len) + { +- /* Detect potential overflow */ +- if G_UNLIKELY ((G_MAXSIZE - string->len - 1) < len) +- g_error ("adding %" G_GSIZE_FORMAT " to string would overflow", len); +- +- if (G_UNLIKELY (string->len + len >= string->allocated_len)) ++ if (G_UNLIKELY (len >= string->allocated_len - string->len)) + g_string_expand (string, len); + } + +diff --git a/glib/tests/string.c b/glib/tests/string.c +index aa363c57a..e3bc4a02e 100644 +--- a/glib/tests/string.c ++++ b/glib/tests/string.c +@@ -767,6 +767,23 @@ test_string_new_take_null (void) + g_string_free (g_steal_pointer (&string), TRUE); + } + ++static void ++test_string_sized_new (void) ++{ ++ ++ if (g_test_subprocess ()) ++ { ++ GString *string = g_string_sized_new (G_MAXSIZE); ++ g_string_free (string, TRUE); ++ } ++ else ++ { ++ g_test_trap_subprocess (NULL, 0, G_TEST_SUBPROCESS_DEFAULT); ++ g_test_trap_assert_failed (); ++ g_test_trap_assert_stderr ("*string would overflow*"); ++ } ++} ++ + int + main (int argc, + char *argv[]) +@@ -796,6 +813,7 @@ main (int argc, + g_test_add_func ("/string/test-string-steal", test_string_steal); + g_test_add_func ("/string/test-string-new-take", test_string_new_take); + g_test_add_func ("/string/test-string-new-take/null", test_string_new_take_null); ++ g_test_add_func ("/string/sized-new", test_string_sized_new); + + return g_test_run(); + } diff --git a/meta/recipes-core/glib-2.0/files/CVE-2025-6052-2.patch b/meta/recipes-core/glib-2.0/files/CVE-2025-6052-2.patch new file mode 100644 index 0000000000..703dfdf46c --- /dev/null +++ b/meta/recipes-core/glib-2.0/files/CVE-2025-6052-2.patch @@ -0,0 +1,35 @@ +From 3752760c5091eaed561ec11636b069e529533514 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann +Date: Mon, 7 Jul 2025 20:57:41 +0200 +Subject: [PATCH] gstring: Improve g_string_append_len_inline checks + +Use the same style for the G_LIKELY check here as in g_string_sized_new. +The check could overflow on 32 bit systems. + +Also improve the memcpy/memmove check to use memcpy if val itself is +adjacent to end + len_unsigned, which means that no overlapping exists. + +CVE: CVE-2025-6052 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/3752760c5091eaed561ec11636b069e529533514] +Signed-off-by: Peter Marko +--- + glib/gstring.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/glib/gstring.h b/glib/gstring.h +index e817176c9..c5e64b33a 100644 +--- a/glib/gstring.h ++++ b/glib/gstring.h +@@ -232,10 +232,10 @@ g_string_append_len_inline (GString *gstring, + else + len_unsigned = (gsize) len; + +- if (G_LIKELY (gstring->len + len_unsigned < gstring->allocated_len)) ++ if (G_LIKELY (len_unsigned < gstring->allocated_len - gstring->len)) + { + char *end = gstring->str + gstring->len; +- if (G_LIKELY (val + len_unsigned <= end || val > end + len_unsigned)) ++ if (G_LIKELY (val + len_unsigned <= end || val >= end + len_unsigned)) + memcpy (end, val, len_unsigned); + else + memmove (end, val, len_unsigned); diff --git a/meta/recipes-core/glib-2.0/glib.inc b/meta/recipes-core/glib-2.0/glib.inc index c171598bed..b967b9402f 100644 --- a/meta/recipes-core/glib-2.0/glib.inc +++ b/meta/recipes-core/glib-2.0/glib.inc @@ -229,8 +229,10 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \ file://0010-Do-not-hardcode-python-path-into-various-tools.patch \ file://skip-timeout.patch \ + file://CVE-2025-6052-1.patch \ + file://CVE-2025-6052-2.patch \ " -SRC_URI:append:class-native = " file://relocate-modules.patch \ +SRC_URI:append:class-native = " file://relocate-modules.patch \ file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \ "