glade: fix CVE-2020-36774

CVE-2020-36774: plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash). Reference: [https://nvd.nist.gov/vuln/detail/CVE-2020-36774] Upstream patches: [https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Zhang Peng <peng.zhang1.cn@windriver.com> 2025-01-16 15:13:47 +0800
committer: Armin Kuster <akuster808@gmail.com> 2025-01-22 19:13:03 -0500
commit: 9d2f35c8ce8c65434f8c91c3bec927f38334b76c (patch)
tree: 8effb44f6cb938cf016457f1fb954d1936ac8ef5
parent: 6ae5b4de25d4bf1bf1073c1f0856de9e4add3e8c (diff)
download: meta-openembedded-9d2f35c8ce8c65434f8c91c3bec927f38334b76c.tar.gz
2 files changed, 55 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/glade/glade/CVE-2020-36774.patch b/meta-oe/recipes-devtools/glade/glade/CVE-2020-36774.patch
new file mode 100644
index 0000000000..5049b44e55
--- /dev/null
+++ b/meta-oe/recipes-devtools/glade/glade/CVE-2020-36774.patch
@@ -0,0 +1,54 @@
+From 7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17 Mon Sep 17 00:00:00 2001
+From: Juan Pablo Ugarte <juanpablougarte@gmail.com>
+Date: Fri, 2 Oct 2020 16:08:23 -0300
+Subject: [PATCH] GladeGtkBox: fix glade_gtk_box_post_create
+Some widgets with contruct properties like GtkMessageDialog get
+rebuilt right after they are created on project loading so we need
+to check glade_project_is_loading() intead of GLADE_CREATE_LOAD
+and use the object ad the connect data to make sure it gets disconected
+if it was the object being rebuilt
+Fix issue #479 "Glade 3.36.0 segfaults when opening a file"
+CVE: CVE-2020-36774
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17]
+Signed-off-by: Peng Zhang <peng.zhang1.cn@windriver.com>
+---
+ plugins/gtk+/glade-gtk-box.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+diff --git a/plugins/gtk+/glade-gtk-box.c b/plugins/gtk+/glade-gtk-box.c
+index 0c157a6d..a0252b6a 100644
+--- a/plugins/gtk+/glade-gtk-box.c
+++ b/plugins/gtk+/glade-gtk-box.c
+@@ -58,9 +58,9 @@ glade_gtk_box_create_editable (GladeWidgetAdaptor *adaptor,
+ }
+ 
+ static void
+-glade_gtk_box_parse_finished (GladeProject * project, GladeWidget *gbox)
+glade_gtk_box_parse_finished (GladeProject *project, GObject *box)
+ {
+-  GObject *box = glade_widget_get_object (gbox);
+  GladeWidget *gbox = glade_widget_get_from_gobject (box);
+ 
+   glade_widget_property_set (gbox, "use-center-child",
+                              gtk_box_get_center_widget (GTK_BOX (box)) != NULL);
+@@ -87,11 +87,11 @@ glade_gtk_box_post_create (GladeWidgetAdaptor *adaptor,
+   g_signal_connect (G_OBJECT (gwidget), "configure-end",
+                     G_CALLBACK (glade_gtk_box_configure_end), container);
+ 
+-  if (reason == GLADE_CREATE_LOAD)
+  if (glade_project_is_loading (project))
+     {
+       g_signal_connect_object (project, "parse-finished",
+                                G_CALLBACK (glade_gtk_box_parse_finished),
+-                               gwidget, 0);
+                               container, 0);
+     }
+ }
+ 
+-- 
+GitLab
diff --git a/meta-oe/recipes-devtools/glade/glade_3.22.2.bb b/meta-oe/recipes-devtools/glade/glade_3.22.2.bb
index c7f98fac98..6da08bd827 100644
--- a/meta-oe/recipes-devtools/glade/glade_3.22.2.bb
+++ b/meta-oe/recipes-devtools/glade/glade_3.22.2.bb
@@ -15,6 +15,7 @@ REQUIRED_DISTRO_FEATURES = "x11"
 SRC_URI = "http://ftp.gnome.org/pub/GNOME/sources/glade/3.22/glade-${PV}.tar.xz \
           file://remove-yelp-help-rules-var.patch \
+           file://CVE-2020-36774.patch \
          "
 SRC_URI[md5sum] = "c074fa378c8f1ad80d20133c4ae6f42d"
 SRC_URI[sha256sum] = "edefa6eb24b4d15bd52589121dc109bc08c286157c41288deb74dd9cc3f26a21"
author	Zhang Peng <peng.zhang1.cn@windriver.com>	2025-01-16 15:13:47 +0800
committer	Armin Kuster <akuster808@gmail.com>	2025-01-22 19:13:03 -0500
commit	9d2f35c8ce8c65434f8c91c3bec927f38334b76c (patch)
tree	8effb44f6cb938cf016457f1fb954d1936ac8ef5
parent	6ae5b4de25d4bf1bf1073c1f0856de9e4add3e8c (diff)
download	meta-openembedded-9d2f35c8ce8c65434f8c91c3bec927f38334b76c.tar.gz

diff --git a/meta-oe/recipes-devtools/glade/glade/CVE-2020-36774.patch b/meta-oe/recipes-devtools/glade/glade/CVE-2020-36774.patch new file mode 100644 index 0000000000..5049b44e55 --- /dev/null +++ b/meta-oe/recipes-devtools/glade/glade/CVE-2020-36774.patch
@@ -0,0 +1,54 @@
		1	From 7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17 Mon Sep 17 00:00:00 2001
		2	From: Juan Pablo Ugarte <juanpablougarte@gmail.com>
		3	Date: Fri, 2 Oct 2020 16:08:23 -0300
		4	Subject: [PATCH] GladeGtkBox: fix glade_gtk_box_post_create
		5
		6	Some widgets with contruct properties like GtkMessageDialog get
		7	rebuilt right after they are created on project loading so we need
		8	to check glade_project_is_loading() intead of GLADE_CREATE_LOAD
		9	and use the object ad the connect data to make sure it gets disconected
		10	if it was the object being rebuilt
		11
		12	Fix issue #479 "Glade 3.36.0 segfaults when opening a file"
		13
		14	CVE: CVE-2020-36774
		15	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17]
		16
		17	Signed-off-by: Peng Zhang <peng.zhang1.cn@windriver.com>
		18	---
		19	plugins/gtk+/glade-gtk-box.c \| 8 ++++----
		20	1 file changed, 4 insertions(+), 4 deletions(-)
		21
		22	diff --git a/plugins/gtk+/glade-gtk-box.c b/plugins/gtk+/glade-gtk-box.c
		23	index 0c157a6d..a0252b6a 100644
		24	--- a/plugins/gtk+/glade-gtk-box.c
		25	+++ b/plugins/gtk+/glade-gtk-box.c
		26	@@ -58,9 +58,9 @@ glade_gtk_box_create_editable (GladeWidgetAdaptor *adaptor,
		27	}
		28
		29	static void
		30	-glade_gtk_box_parse_finished (GladeProject * project, GladeWidget *gbox)
		31	+glade_gtk_box_parse_finished (GladeProject project, GObject box)
		32	{
		33	- GObject *box = glade_widget_get_object (gbox);
		34	+ GladeWidget *gbox = glade_widget_get_from_gobject (box);
		35
		36	glade_widget_property_set (gbox, "use-center-child",
		37	gtk_box_get_center_widget (GTK_BOX (box)) != NULL);
		38	@@ -87,11 +87,11 @@ glade_gtk_box_post_create (GladeWidgetAdaptor *adaptor,
		39	g_signal_connect (G_OBJECT (gwidget), "configure-end",
		40	G_CALLBACK (glade_gtk_box_configure_end), container);
		41
		42	- if (reason == GLADE_CREATE_LOAD)
		43	+ if (glade_project_is_loading (project))
		44	{
		45	g_signal_connect_object (project, "parse-finished",
		46	G_CALLBACK (glade_gtk_box_parse_finished),
		47	- gwidget, 0);
		48	+ container, 0);
		49	}
		50	}
		51
		52	--
		53	GitLab
		54


diff --git a/meta-oe/recipes-devtools/glade/glade_3.22.2.bb b/meta-oe/recipes-devtools/glade/glade_3.22.2.bb index c7f98fac98..6da08bd827 100644 --- a/meta-oe/recipes-devtools/glade/glade_3.22.2.bb +++ b/meta-oe/recipes-devtools/glade/glade_3.22.2.bb
@@ -15,6 +15,7 @@ REQUIRED_DISTRO_FEATURES = "x11"
15		15
16	SRC_URI = "http://ftp.gnome.org/pub/GNOME/sources/glade/3.22/glade-${PV}.tar.xz \	16	SRC_URI = "http://ftp.gnome.org/pub/GNOME/sources/glade/3.22/glade-${PV}.tar.xz \
17	file://remove-yelp-help-rules-var.patch \	17	file://remove-yelp-help-rules-var.patch \
		18	file://CVE-2020-36774.patch \
18	"	19	"
19	SRC_URI[md5sum] = "c074fa378c8f1ad80d20133c4ae6f42d"	20	SRC_URI[md5sum] = "c074fa378c8f1ad80d20133c4ae6f42d"
20	SRC_URI[sha256sum] = "edefa6eb24b4d15bd52589121dc109bc08c286157c41288deb74dd9cc3f26a21"	21	SRC_URI[sha256sum] = "edefa6eb24b4d15bd52589121dc109bc08c286157c41288deb74dd9cc3f26a21"