diff --git a/GDBusConnection-does-not-handle-serial-number-overflow.patch b/GDBusConnection-does-not-handle-serial-number-overflow.patch new file mode 100644 index 0000000000000000000000000000000000000000..bec8635c8749958a5b96ac5309b3859d994b48aa --- /dev/null +++ b/GDBusConnection-does-not-handle-serial-number-overflow.patch @@ -0,0 +1,41 @@ +From 6fb5fdaca0938b50f7b19a6cab19df9af3d2b4c1 Mon Sep 17 00:00:00 2001 +From: zhuhongbo +Date: Thu, 11 Dec 2025 13:13:05 +0800 +Subject: [PATCH] gdbusconnection: Prevent sending a serial of zero on overflow + +--- + gio/gdbusconnection.c | 17 +++++++++++++++-- + 1 file changed, 15 insertions(+), 2 deletions(-) + +diff --git a/gio/gdbusconnection.c b/gio/gdbusconnection.c +index b4cdc7e..45d7861 100644 +--- a/gio/gdbusconnection.c ++++ b/gio/gdbusconnection.c +@@ -1790,9 +1790,22 @@ g_dbus_connection_send_message_unlocked (GDBusConnection *connection, + goto out; + + if (flags & G_DBUS_SEND_MESSAGE_FLAGS_PRESERVE_SERIAL) +- serial_to_use = g_dbus_message_get_serial (message); ++ { ++ serial_to_use = g_dbus_message_get_serial (message); ++ } + else +- serial_to_use = ++connection->last_serial; /* TODO: handle overflow */ ++ { ++ /* The serial_to_use must not be zero, as per ++ * https://dbus.freedesktop.org/doc/dbus-specification.html#message-protocol-messages. */ ++ if (connection->last_serial == G_MAXUINT32) ++ connection->last_serial = 1; ++ else ++ connection->last_serial++; ++ ++ serial_to_use = connection->last_serial; ++ } ++ ++ g_assert (serial_to_use != 0); + + switch (blob[0]) + { +-- +2.47.3 + diff --git a/glib2.spec b/glib2.spec index f974283aed7d20ca5620d59b88ad93338b09c9be..9a8f0b54db90acf06fc0b820a367069b82570986 100644 --- a/glib2.spec +++ b/glib2.spec @@ -2,7 +2,7 @@ Name: glib2 Version: 2.56.1 -Release: 9%{?dist} +Release: 10%{?dist} Summary: A library of handy utility functions License: LGPLv2+ @@ -50,6 +50,7 @@ Patch40: 0001-gsignal-Plug-g_signal_connect_object-leak.patch # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1927 # https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2000 Patch50: CVE-2021-27219.patch +Patch51: GDBusConnection-does-not-handle-serial-number-overflow.patch # for GIO content-type support Requires: shared-mime-info @@ -242,6 +243,9 @@ gio-querymodules-%{__isa_bits} %{_libdir}/gio/modules %{_datadir}/installed-tests %changelog +* Thu Dec 11 2025 zhuhongbo - 2.56.1-10 +- gdbusconnection: Prevent sending a serial of zero on overflow + * Mon May 24 2021 Michael Catanzaro - 2.56.1-9 - Fix CVE-2021-27219 Resolves: #1960596