From 074e63a653ca8d9acbebfdea97861ef89588e235 Mon Sep 17 00:00:00 2001
From: Wei-Ting Yang <williamatcg@gmail.com>
Date: Thu, 21 Aug 2025 15:13:49 +0800
Subject: [PATCH] glib2: address CVE-2024-52533

More information can be found in
- https://www.openwall.com/lists/oss-security/2024/11/12/11
- https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4281

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
---
 libs/glib2/Makefile                         |  2 +-
 libs/glib2/patches/021-CVE-2024-52533.patch | 34 +++++++++++++++++++++
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 libs/glib2/patches/021-CVE-2024-52533.patch

diff --git a/libs/glib2/Makefile b/libs/glib2/Makefile
index 37c64dd6a8..2ad96415e1 100644
--- a/libs/glib2/Makefile
+++ b/libs/glib2/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=glib2
 PKG_VERSION:=2.74.7
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=glib-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@GNOME/glib/$(basename $(PKG_VERSION))
diff --git a/libs/glib2/patches/021-CVE-2024-52533.patch b/libs/glib2/patches/021-CVE-2024-52533.patch
new file mode 100644
index 0000000000..39e02b70ac
--- /dev/null
+++ b/libs/glib2/patches/021-CVE-2024-52533.patch
@@ -0,0 +1,34 @@
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Thu, 19 Sep 2024 18:35:53 +0100
+Subject: [PATCH] gsocks4aproxy: Fix a single byte buffer overflow in connect
+ messages
+
+`SOCKS4_CONN_MSG_LEN` failed to account for the length of the final nul
+byte in the connect message, which is an addition in SOCKSv4a vs
+SOCKSv4.
+
+This means that the buffer for building and transmitting the connect
+message could be overflowed if the username and hostname are both
+`SOCKS4_MAX_LEN` (255) bytes long.
+
+Proxy configurations are normally statically configured, so the username
+is very unlikely to be near its maximum length, and hence this overflow
+is unlikely to be triggered in practice.
+
+(Commit message by Philip Withnall, diagnosis and fix by Michael
+Catanzaro.)
+
+--- a/gio/gsocks4aproxy.c
++++ b/gio/gsocks4aproxy.c
+@@ -79,9 +79,9 @@ g_socks4a_proxy_init (GSocks4aProxy *pro
+  * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
+  * | VN | CD | DSTPORT |      DSTIP        | USERID       |NULL| HOST |    | NULL |
+  * +----+----+----+----+----+----+----+----+----+----+....+----+------+....+------+
+- *    1    1      2              4           variable       1    variable
++ *    1    1      2              4           variable       1    variable    1
+  */
+-#define SOCKS4_CONN_MSG_LEN	    (9 + SOCKS4_MAX_LEN * 2)
++#define SOCKS4_CONN_MSG_LEN	    (10 + SOCKS4_MAX_LEN * 2)
+ static gint
+ set_connect_msg (guint8      *msg,
+ 		 const gchar *hostname,