guix/gnu/packages/patches/glib-CVE-2021-27219-14.patch

From 4506d1859a863087598c8d122740bae25b65b099 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Mon, 8 Feb 2021 10:04:48 +0000
Subject: [PATCH 4/5] gtlspassword: Fix inverted assertion

The intention here was to assert that the length of the password fits
in a gssize. Passwords more than half the size of virtual memory are
probably excessive.

Fixes: a8b204ff "gtlspassword: Forbid very long TLS passwords"
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 61bb52ec42de1082bfb06ce1c737fc295bfe60b8)
---
 gio/gtlspassword.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gio/gtlspassword.c b/gio/gtlspassword.c
index dbcec41a8..bd86a6dfe 100644
--- a/gio/gtlspassword.c
+++ b/gio/gtlspassword.c
@@ -291,7 +291,7 @@ g_tls_password_set_value (GTlsPassword  *password,
     {
       /* FIXME: g_tls_password_set_value_full() doesn’t support unsigned gsize */
       gsize length_unsigned = strlen ((gchar *) value);
-      g_return_if_fail (length_unsigned > G_MAXSSIZE);
+      g_return_if_fail (length_unsigned <= G_MAXSSIZE);
       length = (gssize) length_unsigned;
     }
 
-- 
2.30.1
-												gnu: glib: Fix CVE-2021-27218 and CVE-2021-27219.

* gnu/packages/patches/glib-CVE-2021-27218.patch,
gnu/packages/patches/glib-CVE-2021-27219-01.patch,
gnu/packages/patches/glib-CVE-2021-27219-02.patch,
gnu/packages/patches/glib-CVE-2021-27219-03.patch,
gnu/packages/patches/glib-CVE-2021-27219-04.patch,
gnu/packages/patches/glib-CVE-2021-27219-05.patch,
gnu/packages/patches/glib-CVE-2021-27219-06.patch,
gnu/packages/patches/glib-CVE-2021-27219-07.patch,
gnu/packages/patches/glib-CVE-2021-27219-08.patch,
gnu/packages/patches/glib-CVE-2021-27219-09.patch,
gnu/packages/patches/glib-CVE-2021-27219-10.patch,
gnu/packages/patches/glib-CVE-2021-27219-11.patch,
gnu/packages/patches/glib-CVE-2021-27219-12.patch,
gnu/packages/patches/glib-CVE-2021-27219-13.patch,
gnu/packages/patches/glib-CVE-2021-27219-14.patch,
gnu/packages/patches/glib-CVE-2021-27219-15.patch,
gnu/packages/patches/glib-CVE-2021-27219-16.patch,
gnu/packages/patches/glib-CVE-2021-27219-17.patch,
gnu/packages/patches/glib-CVE-2021-27219-18.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/glib.scm (glib)[replacement]: New field.
(glib/fixed): New variable.

											
										
										
											2021-03-11 10:34:28 +00:00
+								From 4506d1859a863087598c8d122740bae25b65b099 Mon Sep 17 00:00:00 2001
 								From: Simon McVittie <smcv@collabora.com>
 								Date: Mon, 8 Feb 2021 10:04:48 +0000
 								Subject: [PATCH 4/5] gtlspassword: Fix inverted assertion
 								The intention here was to assert that the length of the password fits
 								in a gssize. Passwords more than half the size of virtual memory are
 								probably excessive.
 								Fixes: a8b204ff "gtlspassword: Forbid very long TLS passwords"
 								Signed-off-by: Simon McVittie <smcv@collabora.com>
 								(cherry picked from commit 61bb52ec42de1082bfb06ce1c737fc295bfe60b8)
 								---
 								 gio/gtlspassword.c | 2 +-
 file changed, 1 insertion(+), 1 deletion(-)
 								diff --git a/gio/gtlspassword.c b/gio/gtlspassword.c
 								index dbcec41a8..bd86a6dfe 100644
 								--- a/gio/gtlspassword.c
 								+++ b/gio/gtlspassword.c
@@ -291,7 +291,7 @@ g_tls_password_set_value (GTlsPassword  *password,
 								     {
 								       /* FIXME: g_tls_password_set_value_full() doesn’t support unsigned gsize */
 								       gsize length_unsigned = strlen ((gchar *) value);
 								-      g_return_if_fail (length_unsigned > G_MAXSSIZE);
 								+      g_return_if_fail (length_unsigned <= G_MAXSSIZE);
 								       length = (gssize) length_unsigned;
 								     }
 								--
 .30.1