Skip to content

Commit 1f977bc

Browse files
azurelinux-securityazurelinux-security
committed
Patch glib for CVE-2025-7039
1 parent 559db0b commit 1f977bc

File tree

6 files changed

+62
-13
lines changed

6 files changed

+62
-13
lines changed

SPECS/glib/CVE-2025-7039.patch

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
From 92af876f24ff6187b73c4bb489751fc5202a6a23 Mon Sep 17 00:00:00 2001
2+
From: Michael Catanzaro <[email protected]>
3+
Date: Tue, 1 Jul 2025 10:58:07 -0500
4+
Subject: [PATCH] gfileutils: fix computation of temporary file name
5+
6+
We need to ensure that the value we use to index into the letters array
7+
is always positive.
8+
9+
Fixes #3716
10+
11+
Signed-off-by: Azure Linux Security Servicing Account <[email protected]>
12+
Upstream-reference: https://gitlab.gnome.org/GNOME/glib/-/commit/61e963284889ddb4544e6f1d5261c16120f6fcc3.patch
13+
---
14+
glib/gfileutils.c | 8 ++++----
15+
1 file changed, 4 insertions(+), 4 deletions(-)
16+
17+
diff --git a/glib/gfileutils.c b/glib/gfileutils.c
18+
index 0918a65..a46e008 100644
19+
--- a/glib/gfileutils.c
20+
+++ b/glib/gfileutils.c
21+
@@ -1532,9 +1532,9 @@ get_tmp_file (gchar *tmpl,
22+
static const char letters[] =
23+
"ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
24+
static const int NLETTERS = sizeof (letters) - 1;
25+
- gint64 value;
26+
- gint64 now_us;
27+
- static int counter = 0;
28+
+ guint64 value;
29+
+ guint64 now_us;
30+
+ static guint counter = 0;
31+
32+
g_return_val_if_fail (tmpl != NULL, -1);
33+
34+
@@ -1553,7 +1553,7 @@ get_tmp_file (gchar *tmpl,
35+
36+
for (count = 0; count < 100; value += 7777, ++count)
37+
{
38+
- gint64 v = value;
39+
+ guint64 v = value;
40+
41+
/* Fill in the random bits. */
42+
XXXXXX[0] = letters[v % NLETTERS];
43+
--
44+
2.45.4
45+

SPECS/glib/glib.spec

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
Summary: Low-level libraries useful for providing data structure handling for C.
33
Name: glib
44
Version: 2.78.6
5-
Release: 3%{?dist}
5+
Release: 4%{?dist}
66
License: LGPLv2+
77
Vendor: Microsoft Corporation
88
Distribution: Azure Linux
@@ -13,6 +13,7 @@ Patch0: CVE-2024-52533.patch
1313
Patch1: CVE-2025-3360.patch
1414
Patch2: CVE-2025-4373.patch
1515
Patch3: CVE-2025-6052.patch
16+
Patch4: CVE-2025-7039.patch
1617
BuildRequires: cmake
1718
BuildRequires: gtk-doc
1819
BuildRequires: libffi-devel
@@ -125,6 +126,9 @@ touch %{buildroot}%{_libdir}/gio/modules/giomodule.cache
125126
%doc %{_datadir}/gtk-doc/html/*
126127

127128
%changelog
129+
* Sun Sep 07 2025 Azure Linux Security Servicing Account <[email protected]> - 2.78.6-4
130+
- Patch for CVE-2025-7039
131+
128132
* Mon Jun 09 2025 Aninda Pradhan <[email protected]> - 2.78.6-3
129133
- Patch CVE-2025-4373 and CVE-2025-6052.patch
130134

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -208,7 +208,7 @@ libxml2-devel-2.11.5-6.azl3.aarch64.rpm
208208
docbook-dtd-xml-4.5-11.azl3.noarch.rpm
209209
docbook-style-xsl-1.79.1-14.azl3.noarch.rpm
210210
libsepol-3.6-2.azl3.aarch64.rpm
211-
glib-2.78.6-3.azl3.aarch64.rpm
211+
glib-2.78.6-4.azl3.aarch64.rpm
212212
libltdl-2.4.7-1.azl3.aarch64.rpm
213213
libltdl-devel-2.4.7-1.azl3.aarch64.rpm
214214
lua-5.4.6-1.azl3.aarch64.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -208,7 +208,7 @@ libxml2-devel-2.11.5-6.azl3.x86_64.rpm
208208
docbook-dtd-xml-4.5-11.azl3.noarch.rpm
209209
docbook-style-xsl-1.79.1-14.azl3.noarch.rpm
210210
libsepol-3.6-2.azl3.x86_64.rpm
211-
glib-2.78.6-3.azl3.x86_64.rpm
211+
glib-2.78.6-4.azl3.x86_64.rpm
212212
libltdl-2.4.7-1.azl3.x86_64.rpm
213213
libltdl-devel-2.4.7-1.azl3.x86_64.rpm
214214
lua-5.4.6-1.azl3.x86_64.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -122,11 +122,11 @@ gdbm-lang-1.23-1.azl3.aarch64.rpm
122122
gettext-0.22-1.azl3.aarch64.rpm
123123
gettext-debuginfo-0.22-1.azl3.aarch64.rpm
124124
gfortran-13.2.0-7.azl3.aarch64.rpm
125-
glib-2.78.6-3.azl3.aarch64.rpm
126-
glib-debuginfo-2.78.6-3.azl3.aarch64.rpm
127-
glib-devel-2.78.6-3.azl3.aarch64.rpm
128-
glib-doc-2.78.6-3.azl3.noarch.rpm
129-
glib-schemas-2.78.6-3.azl3.aarch64.rpm
125+
glib-2.78.6-4.azl3.aarch64.rpm
126+
glib-debuginfo-2.78.6-4.azl3.aarch64.rpm
127+
glib-devel-2.78.6-4.azl3.aarch64.rpm
128+
glib-doc-2.78.6-4.azl3.noarch.rpm
129+
glib-schemas-2.78.6-4.azl3.aarch64.rpm
130130
glibc-2.38-12.azl3.aarch64.rpm
131131
glibc-debuginfo-2.38-12.azl3.aarch64.rpm
132132
glibc-devel-2.38-12.azl3.aarch64.rpm

toolkit/resources/manifests/package/toolchain_x86_64.txt

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -129,11 +129,11 @@ gdbm-lang-1.23-1.azl3.x86_64.rpm
129129
gettext-0.22-1.azl3.x86_64.rpm
130130
gettext-debuginfo-0.22-1.azl3.x86_64.rpm
131131
gfortran-13.2.0-7.azl3.x86_64.rpm
132-
glib-2.78.6-3.azl3.x86_64.rpm
133-
glib-debuginfo-2.78.6-3.azl3.x86_64.rpm
134-
glib-devel-2.78.6-3.azl3.x86_64.rpm
135-
glib-doc-2.78.6-3.azl3.noarch.rpm
136-
glib-schemas-2.78.6-3.azl3.x86_64.rpm
132+
glib-2.78.6-4.azl3.x86_64.rpm
133+
glib-debuginfo-2.78.6-4.azl3.x86_64.rpm
134+
glib-devel-2.78.6-4.azl3.x86_64.rpm
135+
glib-doc-2.78.6-4.azl3.noarch.rpm
136+
glib-schemas-2.78.6-4.azl3.x86_64.rpm
137137
glibc-2.38-12.azl3.x86_64.rpm
138138
glibc-debuginfo-2.38-12.azl3.x86_64.rpm
139139
glibc-devel-2.38-12.azl3.x86_64.rpm

0 commit comments

Comments
 (0)