From 8a9378d09735e6b8b6a94053a8aea19f06476f0e Mon Sep 17 00:00:00 2001 From: yangcheng1203 Date: Tue, 6 May 2025 17:00:13 +0800 Subject: [PATCH] Fix CVE-2024-52533 --- ...Backport-patch-to-fix-CVE-2024-52533.patch | 45 +++++++++++++++++++ glib2.spec | 7 ++- 2 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 1002-Backport-patch-to-fix-CVE-2024-52533.patch diff --git a/1002-Backport-patch-to-fix-CVE-2024-52533.patch b/1002-Backport-patch-to-fix-CVE-2024-52533.patch new file mode 100644 index 0000000..c677cfc --- /dev/null +++ b/1002-Backport-patch-to-fix-CVE-2024-52533.patch @@ -0,0 +1,45 @@ +From 25833cefda24c60af913d6f2d532b5afd608b821 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro +Date: Thu, 19 Sep 2024 18:35:53 +0100 +Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in connect + messages + +`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul +byte in the connect message, which is an addition in SOCKSv4a vs +SOCKSv4. + +This means that the buffer for building and transmitting the connect +message could be overflowed if the username and hostname are both +`SOCKS4_MAX_LEN` (255) bytes long. + +Proxy configurations are normally statically configured, so the username +is very unlikely to be near its maximum length, and hence this overflow +is unlikely to be triggered in practice. + +(Commit message by Philip Withnall, diagnosis and fix by Michael +Catanzaro.) + +Fixes: #3461 +--- + gio/gsocks4aproxy.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/gio/gsocks4aproxy.c b/gio/gsocks4aproxy.c +index 3dad118eb7..b3146d08fd 100644 +--- a/gio/gsocks4aproxy.c ++++ b/gio/gsocks4aproxy.c +@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *proxy) + * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+ + * | VN | CD | DSTPORT | DSTIP | USERID |NULL| HOST | | NULL | + * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+ +- * 1 1 2 4 variable 1 variable ++ * 1 1 2 4 variable 1 variable 1 + */ +-#define SOCKS4_CONN_MSG_LEN (9 + SOCKS4_MAX_LEN * 2) ++#define SOCKS4_CONN_MSG_LEN (10 + SOCKS4_MAX_LEN * 2) + static gint + set_connect_msg (guint8 *msg, + const gchar *hostname, +-- +GitLab + diff --git a/glib2.spec b/glib2.spec index 1549c31..9d7969d 100644 --- a/glib2.spec +++ b/glib2.spec @@ -1,4 +1,4 @@ -%define anolis_release 3 +%define anolis_release 4 Name: glib2 Version: 2.78.3 Release: %{anolis_release}%{?dist} @@ -10,6 +10,8 @@ Source0: https://download.gnome.org/sources/glib/2.78/glib-%{version}.tar.xz # Reference to https://gitlab.gnome.org/GNOME/glib/-/commit/c9b03bdb7ca9283e4ff6ab809dab04436332b611 Patch1001: 1001-Backport-patch-to-fix-CVE-2025-3360.patch +# Reference to https://gitlab.gnome.org/GNOME/glib/-/commit/25833cefda24c60af913d6f2d532b5afd608b821 +Patch1002: 1002-Backport-patch-to-fix-CVE-2024-52533.patch BuildRequires: gcc meson >= 0.60.0 gettext gtk-doc perl-interpreter glibc-devel BuildRequires: systemtap-sdt-devel zlib-devel python3-devel @@ -154,6 +156,9 @@ touch %{buildroot}%{_libdir}/gio/modules/giomodule.cache %doc NEWS README.md %changelog +* Tue May 06 2025 Cheng Yang - 2.78.3-4 +- Fix CVE-2024-52533 + * Sun Apr 27 2025 Chang Gao - 2.78.3-3 - Fix CVE-2025-3360 -- Gitee