[AutoPR- Security] Patch glib for CVE-2025-7039 [LOW]

SPECS/glib/CVE-2025-7039.patch

@@ -0,0 +1,45 @@
+From 92af876f24ff6187b73c4bb489751fc5202a6a23 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <[email protected]>
+Date: Tue, 1 Jul 2025 10:58:07 -0500
+Subject: [PATCH] gfileutils: fix computation of temporary file name
+
+We need to ensure that the value we use to index into the letters array
+is always positive.
+
+Fixes #3716
+
+Signed-off-by: Azure Linux Security Servicing Account <[email protected]>
+Upstream-reference: https://gitlab.gnome.org/GNOME/glib/-/commit/61e963284889ddb4544e6f1d5261c16120f6fcc3.patch
+---
+ glib/gfileutils.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/glib/gfileutils.c b/glib/gfileutils.c
+index 0918a65..a46e008 100644
+--- a/glib/gfileutils.c
++++ b/glib/gfileutils.c
+@@ -1532,9 +1532,9 @@ get_tmp_file (gchar            *tmpl,
+   static const char letters[] =
+     "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+   static const int NLETTERS = sizeof (letters) - 1;
+-  gint64 value;
+-  gint64 now_us;
+-  static int counter = 0;
++  guint64 value;
++  guint64 now_us;
++  static guint counter = 0;
+
+   g_return_val_if_fail (tmpl != NULL, -1);
+
+@@ -1553,7 +1553,7 @@ get_tmp_file (gchar            *tmpl,
+
+   for (count = 0; count < 100; value += 7777, ++count)
+     {
+-      gint64 v = value;
++      guint64 v = value;
+
+       /* Fill in the random bits.  */
+       XXXXXX[0] = letters[v % NLETTERS];
+-- 
+2.45.4
+

SPECS/glib/glib.spec

@@ -2,7 +2,7 @@
 Summary:        Low-level libraries useful for providing data structure handling for C.
 Name:           glib
 Version:        2.78.6
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -13,6 +13,7 @@ Patch0:         CVE-2024-52533.patch
 Patch1:         CVE-2025-3360.patch
 Patch2:         CVE-2025-4373.patch
 Patch3:         CVE-2025-6052.patch
+Patch4:         CVE-2025-7039.patch
 BuildRequires:  cmake
 BuildRequires:  gtk-doc
 BuildRequires:  libffi-devel
@@ -125,6 +126,9 @@ touch %{buildroot}%{_libdir}/gio/modules/giomodule.cache
 %doc %{_datadir}/gtk-doc/html/*
 
 %changelog
+* Sun Sep 07 2025 Azure Linux Security Servicing Account <[email protected]> - 2.78.6-4
+- Patch for CVE-2025-7039
+
 * Mon Jun 09 2025 Aninda Pradhan <[email protected]> - 2.78.6-3
 - Patch CVE-2025-4373 and CVE-2025-6052.patch
 

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -208,7 +208,7 @@ libxml2-devel-2.11.5-6.azl3.aarch64.rpm
 docbook-dtd-xml-4.5-11.azl3.noarch.rpm
 docbook-style-xsl-1.79.1-14.azl3.noarch.rpm
 libsepol-3.6-2.azl3.aarch64.rpm
-glib-2.78.6-3.azl3.aarch64.rpm
+glib-2.78.6-4.azl3.aarch64.rpm
 libltdl-2.4.7-1.azl3.aarch64.rpm
 libltdl-devel-2.4.7-1.azl3.aarch64.rpm
 lua-5.4.6-1.azl3.aarch64.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

@@ -208,7 +208,7 @@ libxml2-devel-2.11.5-6.azl3.x86_64.rpm
 docbook-dtd-xml-4.5-11.azl3.noarch.rpm
 docbook-style-xsl-1.79.1-14.azl3.noarch.rpm
 libsepol-3.6-2.azl3.x86_64.rpm
-glib-2.78.6-3.azl3.x86_64.rpm
+glib-2.78.6-4.azl3.x86_64.rpm
 libltdl-2.4.7-1.azl3.x86_64.rpm
 libltdl-devel-2.4.7-1.azl3.x86_64.rpm
 lua-5.4.6-1.azl3.x86_64.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

@@ -122,11 +122,11 @@ gdbm-lang-1.23-1.azl3.aarch64.rpm
 gettext-0.22-1.azl3.aarch64.rpm
 gettext-debuginfo-0.22-1.azl3.aarch64.rpm
 gfortran-13.2.0-7.azl3.aarch64.rpm
-glib-2.78.6-3.azl3.aarch64.rpm
-glib-debuginfo-2.78.6-3.azl3.aarch64.rpm
-glib-devel-2.78.6-3.azl3.aarch64.rpm
-glib-doc-2.78.6-3.azl3.noarch.rpm
-glib-schemas-2.78.6-3.azl3.aarch64.rpm
+glib-2.78.6-4.azl3.aarch64.rpm
+glib-debuginfo-2.78.6-4.azl3.aarch64.rpm
+glib-devel-2.78.6-4.azl3.aarch64.rpm
+glib-doc-2.78.6-4.azl3.noarch.rpm
+glib-schemas-2.78.6-4.azl3.aarch64.rpm
 glibc-2.38-12.azl3.aarch64.rpm
 glibc-debuginfo-2.38-12.azl3.aarch64.rpm
 glibc-devel-2.38-12.azl3.aarch64.rpm

toolkit/resources/manifests/package/toolchain_x86_64.txt

@@ -129,11 +129,11 @@ gdbm-lang-1.23-1.azl3.x86_64.rpm
 gettext-0.22-1.azl3.x86_64.rpm
 gettext-debuginfo-0.22-1.azl3.x86_64.rpm
 gfortran-13.2.0-7.azl3.x86_64.rpm
-glib-2.78.6-3.azl3.x86_64.rpm
-glib-debuginfo-2.78.6-3.azl3.x86_64.rpm
-glib-devel-2.78.6-3.azl3.x86_64.rpm
-glib-doc-2.78.6-3.azl3.noarch.rpm
-glib-schemas-2.78.6-3.azl3.x86_64.rpm
+glib-2.78.6-4.azl3.x86_64.rpm
+glib-debuginfo-2.78.6-4.azl3.x86_64.rpm
+glib-devel-2.78.6-4.azl3.x86_64.rpm
+glib-doc-2.78.6-4.azl3.noarch.rpm
+glib-schemas-2.78.6-4.azl3.x86_64.rpm
 glibc-2.38-12.azl3.x86_64.rpm
 glibc-debuginfo-2.38-12.azl3.x86_64.rpm
 glibc-devel-2.38-12.azl3.x86_64.rpm