[LOW] Patch glib for CVE-2026-1484 (#15774)

Author: archana25-ms

SPECS/glib/CVE-2026-1484.patch

@@ -0,0 +1,67 @@
+From 5ba0ed9ab2c28294713bdc56a8744ff0a446b59c Mon Sep 17 00:00:00 2001
+From: Marco Trevisan <mail@3v1n0.net>
+Date: Fri, 23 Jan 2026 18:48:30 +0100
+Subject: [PATCH 1/2] gbase64: Use gsize to prevent potential overflow
+[PATCH 2/2] gbase64: Ensure that the out value is within allocated
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Both g_base64_encode_step() and g_base64_encode_close() return gsize
+values, but these are summed to an int value.
+
+If the sum of these returned values is bigger than MAXINT, we overflow
+while doing the null byte write.
+
+Spotted by treeplus.
+Thanks to the Sovereign Tech Resilience programme from the Sovereign
+Tech Agency.
+
+ID: #YWH-PGM9867-168
+Closes: #3870
+
+
+(cherry picked from commit 6845f7776982849a2be1d8c9b0495e389092bff2)
+Upstream Patch reference: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4979.patch
+
+Co-authored-by: Marco Trevisan (Treviño) <mail@3v1n0.net>
+---
+ glib/gbase64.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/glib/gbase64.c b/glib/gbase64.c
+index f2d110e..19f8e5e 100644
+--- a/glib/gbase64.c
++++ b/glib/gbase64.c
+@@ -262,8 +262,10 @@ g_base64_encode (const guchar *data,
+                  gsize         len)
+ {
+   gchar *out;
+-  gint state = 0, outlen;
++  gint state = 0;
+   gint save = 0;
++  gsize outlen;
++  gsize allocsize;
+ 
+   g_return_val_if_fail (data != NULL || len == 0, NULL);
+ 
+@@ -271,10 +273,15 @@ g_base64_encode (const guchar *data,
+      +1 is needed for trailing \0, also check for unlikely integer overflow */
+   g_return_val_if_fail (len < ((G_MAXSIZE - 1) / 4 - 1) * 3, NULL);
+ 
+-  out = g_malloc ((len / 3 + 1) * 4 + 1);
++  allocsize = (len / 3 + 1) * 4 + 1;
++  out = g_malloc (allocsize);
+ 
+   outlen = g_base64_encode_step (data, len, FALSE, out, &state, &save);
++  g_assert (outlen < allocsize);
++
+   outlen += g_base64_encode_close (FALSE, out + outlen, &state, &save);
++  g_assert (outlen < allocsize);
++
+   out[outlen] = '\0';
+ 
+   return (gchar *) out;
+-- 
+2.45.4
+

SPECS/glib/glib.spec

@@ -2,7 +2,7 @@
 Summary:        Low-level libraries useful for providing data structure handling for C.
 Name:           glib
 Version:        2.71.0
-Release:        10%{?dist}
+Release:        11%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -21,6 +21,7 @@ Patch7:         CVE-2025-14087.patch
 Patch8:         CVE-2025-14512.patch
 Patch9:         CVE-2026-1489.patch
 Patch10:        CVE-2026-0988.patch
+Patch11:        CVE-2026-1484.patch
 BuildRequires:  cmake
 BuildRequires:  gtk-doc
 BuildRequires:  libffi-devel
@@ -134,6 +135,9 @@ touch %{buildroot}%{_libdir}/gio/modules/giomodule.cache
 %doc %{_datadir}/gtk-doc/html/*
 
 %changelog
+* Thu Feb 12 2026 Archana Shettigar <v-shettigara@microsoft.com> - 2.71.0-11
+- Patch for CVE-2026-1484
+
 * Thu Feb 05 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 2.71.0-10
 - Patch for CVE-2026-1489, CVE-2026-0988
 

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -199,7 +199,7 @@ libxml2-devel-2.10.4-11.cm2.aarch64.rpm
 docbook-dtd-xml-4.5-11.cm2.noarch.rpm
 docbook-style-xsl-1.79.1-14.cm2.noarch.rpm
 libsepol-3.2-2.cm2.aarch64.rpm
-glib-2.71.0-10.cm2.aarch64.rpm
+glib-2.71.0-11.cm2.aarch64.rpm
 libltdl-2.4.6-8.cm2.aarch64.rpm
 libltdl-devel-2.4.6-8.cm2.aarch64.rpm
 pcre-8.45-2.cm2.aarch64.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

@@ -199,7 +199,7 @@ libxml2-devel-2.10.4-11.cm2.x86_64.rpm
 docbook-dtd-xml-4.5-11.cm2.noarch.rpm
 docbook-style-xsl-1.79.1-14.cm2.noarch.rpm
 libsepol-3.2-2.cm2.x86_64.rpm
-glib-2.71.0-10.cm2.x86_64.rpm
+glib-2.71.0-11.cm2.x86_64.rpm
 libltdl-2.4.6-8.cm2.x86_64.rpm
 libltdl-devel-2.4.6-8.cm2.x86_64.rpm
 pcre-8.45-2.cm2.x86_64.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

@@ -101,11 +101,11 @@ gdbm-lang-1.21-1.cm2.aarch64.rpm
 gettext-0.21-3.cm2.aarch64.rpm
 gettext-debuginfo-0.21-3.cm2.aarch64.rpm
 gfortran-11.2.0-9.cm2.aarch64.rpm
-glib-2.71.0-10.cm2.aarch64.rpm
-glib-debuginfo-2.71.0-10.cm2.aarch64.rpm
-glib-devel-2.71.0-10.cm2.aarch64.rpm
-glib-doc-2.71.0-10.cm2.noarch.rpm
-glib-schemas-2.71.0-10.cm2.aarch64.rpm
+glib-2.71.0-11.cm2.aarch64.rpm
+glib-debuginfo-2.71.0-11.cm2.aarch64.rpm
+glib-devel-2.71.0-11.cm2.aarch64.rpm
+glib-doc-2.71.0-11.cm2.noarch.rpm
+glib-schemas-2.71.0-11.cm2.aarch64.rpm
 glibc-2.35-10.cm2.aarch64.rpm
 glibc-debuginfo-2.35-10.cm2.aarch64.rpm
 glibc-devel-2.35-10.cm2.aarch64.rpm

toolkit/resources/manifests/package/toolchain_x86_64.txt

@@ -106,11 +106,11 @@ gdbm-lang-1.21-1.cm2.x86_64.rpm
 gettext-0.21-3.cm2.x86_64.rpm
 gettext-debuginfo-0.21-3.cm2.x86_64.rpm
 gfortran-11.2.0-9.cm2.x86_64.rpm
-glib-2.71.0-10.cm2.x86_64.rpm
-glib-debuginfo-2.71.0-10.cm2.x86_64.rpm
-glib-devel-2.71.0-10.cm2.x86_64.rpm
-glib-doc-2.71.0-10.cm2.noarch.rpm
-glib-schemas-2.71.0-10.cm2.x86_64.rpm
+glib-2.71.0-11.cm2.x86_64.rpm
+glib-debuginfo-2.71.0-11.cm2.x86_64.rpm
+glib-devel-2.71.0-11.cm2.x86_64.rpm
+glib-doc-2.71.0-11.cm2.noarch.rpm
+glib-schemas-2.71.0-11.cm2.x86_64.rpm
 glibc-2.35-10.cm2.x86_64.rpm
 glibc-debuginfo-2.35-10.cm2.x86_64.rpm
 glibc-devel-2.35-10.cm2.x86_64.rpm