From db4ecfdfc282808c4d63000183b6bceffcc050aa Mon Sep 17 00:00:00 2001 From: yangcheng1203 Date: Tue, 6 May 2025 14:12:17 +0800 Subject: [PATCH 1/2] Fix CVE-2024-52533 --- 0001-backport-CVE-2024-52533.patch | 45 ++++++++++++++++++++++++++++++ glib2.spec | 8 +++++- 2 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 0001-backport-CVE-2024-52533.patch diff --git a/0001-backport-CVE-2024-52533.patch b/0001-backport-CVE-2024-52533.patch new file mode 100644 index 0000000..c677cfc --- /dev/null +++ b/0001-backport-CVE-2024-52533.patch @@ -0,0 +1,45 @@ +From 25833cefda24c60af913d6f2d532b5afd608b821 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Thu, 19 Sep 2024 18:35:53 +0100 +Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in connect + messages + +`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul +byte in the connect message, which is an addition in SOCKSv4a vs +SOCKSv4. + +This means that the buffer for building and transmitting the connect +message could be overflowed if the username and hostname are both +`SOCKS4_MAX_LEN` (255) bytes long. + +Proxy configurations are normally statically configured, so the username +is very unlikely to be near its maximum length, and hence this overflow +is unlikely to be triggered in practice. + +(Commit message by Philip Withnall, diagnosis and fix by Michael +Catanzaro.) + +Fixes: #3461 +--- + gio/gsocks4aproxy.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c +index 3dad118eb7..b3146d08fd 100644 +--- a/gio/gsocks4aproxy.c ++++ b/gio/gsocks4aproxy.c +@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy) + * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+ + * | VN | CD | DSTPORT | DSTIP | USERID |NULL| HOST | | NULL | + * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+ +- * 1 1 2 4 variable 1 variable ++ * 1 1 2 4 variable 1 variable 1 + */ +-#define SOCKS4_CONN_MSG_LEN (9 + SOCKS4_MAX_LEN * 2) ++#define SOCKS4_CONN_MSG_LEN (10 + SOCKS4_MAX_LEN * 2) + static gint + set_connect_msg (guint8 *msg, + const gchar *hostname, +-- +GitLab + diff --git a/glib2.spec b/glib2.spec index 8ad8775..95c990c 100644 --- a/glib2.spec +++ b/glib2.spec @@ -1,4 +1,4 @@ -%define anolis_release 2 +%define anolis_release 3 Name: glib2 Version: 2.78.3 Release: %{anolis_release}%{?dist} @@ -8,6 +8,9 @@ License: LGPLv2+ URL: https://www.gtk.org Source0: https://download.gnome.org/sources/glib/2.78/glib-%{version}.tar.xz +#https://gitlab.gnome.org/GNOME/glib/-/commit/25833cefda24c60af913d6f2d532b5afd608b821 +Patch0: 0000-backport-CVE-2024-52533.patch + BuildRequires: gcc meson >= 0.60.0 gettext gtk-doc perl-interpreter glibc-devel BuildRequires: systemtap-sdt-devel zlib-devel python3-devel BuildRequires: bash-completion >= 2.0 elfutils-libelf-devel libffi-devel >= 3.0.0 @@ -151,6 +154,9 @@ touch %{buildroot}%{_libdir}/gio/modules/giomodule.cache %doc NEWS README.md %changelog +* Tue May 06 2025 Yangcheng - 2.78.3-3 +- Fix CVE-2024-52533 + * Mon Apr 01 2024 Bo Ren - 2.78.3-2 - add changelog -- Gitee From e21f4053bdf6b2c5484708fb05decb323961212c Mon Sep 17 00:00:00 2001 From: yangcheng1203 Date: Tue, 6 May 2025 07:16:41 +0000 Subject: [PATCH 2/2] rename 0000-backport-CVE-2024-52533.patch to 0000-backport-CVE-2024-52533.patch. Signed-off-by: yangcheng1203 --- ...ort-CVE-2024-52533.patch => 0000-backport-CVE-2024-52533.patch | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename 0001-backport-CVE-2024-52533.patch => 0000-backport-CVE-2024-52533.patch (100%) diff --git a/0001-backport-CVE-2024-52533.patch b/0000-backport-CVE-2024-52533.patch similarity index 100% rename from 0001-backport-CVE-2024-52533.patch rename to 0000-backport-CVE-2024-52533.patch -- Gitee