[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1107843: marked as done (unblock: glib2.0/2.84.3-1)

Your message dated Wed, 18 Jun 2025 10:03:21 +0000
with message-id <E1uRpdZ-005Krj-0g@respighi.debian.org>
and subject line unblock glib2.0
has caused the Debian Bug report #1107843,
regarding unblock: glib2.0/2.84.3-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1107843: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107843
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: glib2.0@packages.debian.org
Control: affects -1 + src:glib2.0
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package glib2.0

[ Reason ]
Fix CVE-2025-6052

[ Impact ]
If not accepted, automated vulnerability scanners will warn about an 
unfixed vulnerability, and there could conceivably be a program in which 
an attacker can trigger a buffer overflow (although it seems unlikely; 
the failure scenario is rather contrived, and involves using up the entire 
address space for text strings).

I took the opportunity to fix a minor documentation bug (outdated 
Homepage field).

[ Tests ]
The automated test suite is fairly comprehensive and still passes (at 
build-time and as an autopkgtest). There is no coverage for 
CVE-2025-6052, because it would have to involve allocating multiple 
gigabytes of memory even on 32-bit.

My GNOME desktop still operates normally.

[ Risks ]
Key package in most (all?) of our desktop environments, but the changes 
are very narrowly targeted.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock glib2.0/2.84.3-1

diffstat for glib2.0-2.84.2 glib2.0-2.84.3

 NEWS             |    8 ++++++++
 debian/changelog |   11 +++++++++++
 debian/control   |    2 +-
 glib/gstring.c   |    8 ++++----
 meson.build      |    2 +-
 5 files changed, 25 insertions(+), 6 deletions(-)

diff -Nru glib2.0-2.84.2/debian/changelog glib2.0-2.84.3/debian/changelog
--- glib2.0-2.84.2/debian/changelog	2025-05-22 17:25:42.000000000 +0100
+++ glib2.0-2.84.3/debian/changelog	2025-06-15 12:12:51.000000000 +0100
@@ -1,3 +1,14 @@
+glib2.0 (2.84.3-1) unstable; urgency=medium
+
+  * New upstream stable release
+    - Move an ineffective string length overflow check to a location where it
+      will be effective, fixing a possible buffer overflow when working with
+      multi-gigabyte strings (CVE-2025-6052, Closes: #1107797; unlikely to be
+      exploitable in practice)
+  * d/control: Update Homepage (Closes: #1087982)
+
+ -- Simon McVittie <smcv@debian.org>  Sun, 15 Jun 2025 12:12:51 +0100
+
 glib2.0 (2.84.2-1) unstable; urgency=medium
 
   * New upstream stable release
diff -Nru glib2.0-2.84.2/debian/control glib2.0-2.84.3/debian/control
--- glib2.0-2.84.2/debian/control	2025-05-22 17:25:42.000000000 +0100
+++ glib2.0-2.84.3/debian/control	2025-06-15 12:12:51.000000000 +0100
@@ -49,7 +49,7 @@
  gobject-introspection (>= 1.80.0) <!nodoc>,
 Rules-Requires-Root: no
 Standards-Version: 4.7.0
-Homepage: https://wiki.gnome.org/Projects/GLib
+Homepage: https://gitlab.gnome.org/GNOME/glib
 Vcs-Browser: https://salsa.debian.org/gnome-team/glib
 Vcs-Git: https://salsa.debian.org/gnome-team/glib.git
 
diff -Nru glib2.0-2.84.2/glib/gstring.c glib2.0-2.84.3/glib/gstring.c
--- glib2.0-2.84.2/glib/gstring.c	2025-05-20 17:22:25.000000000 +0100
+++ glib2.0-2.84.3/glib/gstring.c	2025-06-13 12:55:59.000000000 +0100
@@ -68,10 +68,6 @@
 g_string_expand (GString *string,
                  gsize    len)
 {
-  /* Detect potential overflow */
-  if G_UNLIKELY ((G_MAXSIZE - string->len - 1) < len)
-    g_error ("adding %" G_GSIZE_FORMAT " to string would overflow", len);
-
   string->allocated_len = g_nearest_pow (string->len + len + 1);
   /* If the new size is bigger than G_MAXSIZE / 2, only allocate enough
    * memory for this string and don't over-allocate.
@@ -86,6 +82,10 @@
 g_string_maybe_expand (GString *string,
                        gsize    len)
 {
+  /* Detect potential overflow */
+  if G_UNLIKELY ((G_MAXSIZE - string->len - 1) < len)
+    g_error ("adding %" G_GSIZE_FORMAT " to string would overflow", len);
+
   if (G_UNLIKELY (string->len + len >= string->allocated_len))
     g_string_expand (string, len);
 }
diff -Nru glib2.0-2.84.2/meson.build glib2.0-2.84.3/meson.build
--- glib2.0-2.84.2/meson.build	2025-05-20 17:22:25.000000000 +0100
+++ glib2.0-2.84.3/meson.build	2025-06-13 12:55:59.000000000 +0100
@@ -1,5 +1,5 @@
 project('glib', 'c',
-  version : '2.84.2',
+  version : '2.84.3',
   # NOTE: See the policy in docs/meson-version.md before changing the Meson dependency
   meson_version : '>= 1.4.0',
   default_options : [
diff -Nru glib2.0-2.84.2/NEWS glib2.0-2.84.3/NEWS
--- glib2.0-2.84.2/NEWS	2025-05-20 17:22:25.000000000 +0100
+++ glib2.0-2.84.3/NEWS	2025-06-13 12:55:59.000000000 +0100
@@ -1,3 +1,11 @@
+Overview of changes in GLib 2.84.3, 2025-06-13
+==============================================
+
+* Bugs fixed:
+  - !4656 Backport !4655 “gstring: Fix overflow check when expanding the string”
+    to glib-2-84
+
+
 Overview of changes in GLib 2.84.2, 2025-05-20
 ==============================================

--- End Message ---
--- Begin Message --- 
Unblocked glib2.0.

--- End Message ---
Reply to: