0e7daa2717
Backport upstream patch, that was released in GLib 2.84.4 [1],
such that we can apply it onto GLib 2.82 in Buildroot LTS
This fixes the following vulnerability:
- CVE-2025-7039:
A flaw was found in glib. An integer overflow during temporary file
creation leads to an out-of-bounds memory access, allowing an attacker
to potentially perform path traversal or access private temporary file
content by creating symbolic links. This vulnerability allows a local
attacker to manipulate file paths and access unauthorized data. The
core issue stems from insufficient validation of file path lengths
during temporary file operations.
https://www.cve.org/CVERecord?id=CVE-2025-7039
[1] https://gitlab.gnome.org/GNOME/glib/-/releases/2.84.4
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
(cherry picked from commit 3252f45279)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>