CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

glade: fix CVE-2020-36774

Browse Source 
CVE-2020-36774:
plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x
before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a
denial of service (application crash).

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2020-36774]

Upstream patches:
[7acdd3c6f6]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Zhang Peng 2025-06-20 10:44:36 +08:00 committed by Khem Raj
parent cce20b5124
commit 61b444f706
No known key found for this signature in database
GPG Key ID: BB053355919D3314
2 changed files with 55 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
meta-oe/recipes-devtools/glade/glade/CVE-2020-36774.patch Normal file
View File

@ -0,0 +1,54 @@
From 8f1ed202ad21c787ec406f531905b4cda64fb13c Mon Sep 17 00:00:00 2001
From: Juan Pablo Ugarte <juanpablougarte@gmail.com>
Date: Fri, 2 Oct 2020 16:08:23 -0300
Subject: [PATCH] GladeGtkBox: fix glade_gtk_box_post_create
Some widgets with contruct properties like GtkMessageDialog get
rebuilt right after they are created on project loading so we need
to check glade_project_is_loading() intead of GLADE_CREATE_LOAD
and use the object ad the connect data to make sure it gets disconected
if it was the object being rebuilt
Fix issue #479 "Glade 3.36.0 segfaults when opening a file"
CVE: CVE-2020-36774
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17]
Signed-off-by: Peng Zhang <peng.zhang1.cn@windriver.com>
---
plugins/gtk+/glade-gtk-box.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/plugins/gtk+/glade-gtk-box.c b/plugins/gtk+/glade-gtk-box.c
index 1153c957..c995524e 100644
--- a/plugins/gtk+/glade-gtk-box.c
+++ b/plugins/gtk+/glade-gtk-box.c
@@ -57,9 +57,9 @@ glade_gtk_box_create_editable (GladeWidgetAdaptor *adaptor,
}
static void
-glade_gtk_box_parse_finished (GladeProject *project, GladeWidget *gbox)
+glade_gtk_box_parse_finished (GladeProject *project, GObject *box)
{
- GObject *box = glade_widget_get_object (gbox);
+ GladeWidget *gbox = glade_widget_get_from_gobject (box);
glade_widget_property_set (gbox, "use-center-child",
gtk_box_get_center_widget (GTK_BOX (box)) != NULL);
@@ -86,11 +86,11 @@ glade_gtk_box_post_create (GladeWidgetAdaptor *adaptor,
g_signal_connect (G_OBJECT (gwidget), "configure-end",
G_CALLBACK (glade_gtk_box_configure_end), container);
- if (reason == GLADE_CREATE_LOAD)
+ if (glade_project_is_loading (project))
{
g_signal_connect_object (project, "parse-finished",
G_CALLBACK (glade_gtk_box_parse_finished),
- gwidget, 0);
+ container, 0);
}
}
--
2.34.1

1
meta-oe/recipes-devtools/glade/glade_3.36.0.bb
View File

@ -17,6 +17,7 @@ ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
SRC_URI = "${GNOME_MIRROR}/glade/3.36/glade-${PV}.tar.xz \
file://remove-yelp-help-rules-var.patch \
file://CVE-2020-36774.patch \
"
SRC_URI[sha256sum] = "19b546b527cc46213ccfc8022d49ec57e618fe2caa9aa51db2d2862233ea6f08"