glib-2.0: Security fix for CVE-2019-12450

Source: glib-2.0 MR: 98443 Type: Security Fix Disposition: Backport from https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174 ChangeID: 880b9b349cb8d82c7c1314a3657ec9094baba741 Description: (From OE-Core rev: 71bfb9dfdc806e0e95f1302d0d6c3c751f03bb4b) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2019-06-05 12:44:58 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-07-27 18:05:18 +0100
commit: f2d2148adba3d989f5f061b194fe57bd67ee215b (patch)
tree: c04163f292312cfd4bdca002974f7a41583ca1bd
parent: abefff23cd1f3ae0242f45a98dac09223870a826 (diff)
download: poky-f2d2148adba3d989f5f061b194fe57bd67ee215b.tar.gz
2 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch
new file mode 100644
index 0000000000..37ad5808f5
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch
@@ -0,0 +1,59 @@
+From d8f8f4d637ce43f8699ba94c9b7648beda0ca174 Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Thu, 23 May 2019 10:41:53 +0200
+Subject: [PATCH] gfile: Limit access to files when copying
+file_copy_fallback creates new files with default permissions and
+set the correct permissions after the operation is finished. This
+might cause that the files can be accessible by more users during
+the operation than expected. Use G_FILE_CREATE_PRIVATE for the new
+files to limit access to those files.
+Upstream-Status: Backport
+https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
+CVE: CVE-2019-12450
+Signed-off-by: Armin kuster <akuster@mvista.com>
+---
+ gio/gfile.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+diff --git a/gio/gfile.c b/gio/gfile.c
+index 24b136d..74b5804 100644
+--- a/gio/gfile.c
+++ b/gio/gfile.c
+@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile                  *source,
+         out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
+                                                                    FALSE, NULL,
+                                                                    flags & G_FILE_COPY_BACKUP,
+-                                                                   G_FILE_CREATE_REPLACE_DESTINATION,
+-                                                                   info,
+                                                                   G_FILE_CREATE_REPLACE_DESTINATION |
+                                                                   G_FILE_CREATE_PRIVATE, info,
+                                                                    cancellable, error);
+       else
+         out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
+-                                                                  FALSE, 0, info,
+                                                                  FALSE, G_FILE_CREATE_PRIVATE, info,
+                                                                   cancellable, error);
+     }
+   else if (flags & G_FILE_COPY_OVERWRITE)
+@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile                  *source,
+       out = (GOutputStream *)g_file_replace (destination,
+                                              NULL,
+                                              flags & G_FILE_COPY_BACKUP,
+-                                             G_FILE_CREATE_REPLACE_DESTINATION,
+                                             G_FILE_CREATE_REPLACE_DESTINATION |
+                                             G_FILE_CREATE_PRIVATE,
+                                              cancellable, error);
+     }
+   else
+     {
+-      out = (GOutputStream *)g_file_create (destination, 0, cancellable, error);
+      out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error);
+     }
+ 
+   if (!out)
+-- 
+2.7.4
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb
index 1271a7c269..879bc48aef 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb
@@ -14,6 +14,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
           file://0001-Do-not-ignore-return-value-of-write.patch \
           file://0010-Do-not-hardcode-python-path-into-various-tools.patch \
           file://date-lt.patch \
+           file://CVE-2019-12450.patch \
           "
 SRC_URI_append_class-native = " file://relocate-modules.patch"
author	Armin Kuster <akuster@mvista.com>	2019-06-05 12:44:58 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-27 18:05:18 +0100
commit	f2d2148adba3d989f5f061b194fe57bd67ee215b (patch)
tree	c04163f292312cfd4bdca002974f7a41583ca1bd
parent	abefff23cd1f3ae0242f45a98dac09223870a826 (diff)
download	poky-f2d2148adba3d989f5f061b194fe57bd67ee215b.tar.gz

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch new file mode 100644 index 0000000000..37ad5808f5 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch
@@ -0,0 +1,59 @@
		1	From d8f8f4d637ce43f8699ba94c9b7648beda0ca174 Mon Sep 17 00:00:00 2001
		2	From: Ondrej Holy <oholy@redhat.com>
		3	Date: Thu, 23 May 2019 10:41:53 +0200
		4	Subject: [PATCH] gfile: Limit access to files when copying
		5
		6	file_copy_fallback creates new files with default permissions and
		7	set the correct permissions after the operation is finished. This
		8	might cause that the files can be accessible by more users during
		9	the operation than expected. Use G_FILE_CREATE_PRIVATE for the new
		10	files to limit access to those files.
		11
		12	Upstream-Status: Backport
		13	https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
		14	CVE: CVE-2019-12450
		15	Signed-off-by: Armin kuster <akuster@mvista.com>
		16
		17	---
		18	gio/gfile.c \| 11 ++++++-----
		19	1 file changed, 6 insertions(+), 5 deletions(-)
		20
		21	diff --git a/gio/gfile.c b/gio/gfile.c
		22	index 24b136d..74b5804 100644
		23	--- a/gio/gfile.c
		24	+++ b/gio/gfile.c
		25	@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile *source,
		26	out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
		27	FALSE, NULL,
		28	flags & G_FILE_COPY_BACKUP,
		29	- G_FILE_CREATE_REPLACE_DESTINATION,
		30	- info,
		31	+ G_FILE_CREATE_REPLACE_DESTINATION \|
		32	+ G_FILE_CREATE_PRIVATE, info,
		33	cancellable, error);
		34	else
		35	out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
		36	- FALSE, 0, info,
		37	+ FALSE, G_FILE_CREATE_PRIVATE, info,
		38	cancellable, error);
		39	}
		40	else if (flags & G_FILE_COPY_OVERWRITE)
		41	@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile *source,
		42	out = (GOutputStream *)g_file_replace (destination,
		43	NULL,
		44	flags & G_FILE_COPY_BACKUP,
		45	- G_FILE_CREATE_REPLACE_DESTINATION,
		46	+ G_FILE_CREATE_REPLACE_DESTINATION \|
		47	+ G_FILE_CREATE_PRIVATE,
		48	cancellable, error);
		49	}
		50	else
		51	{
		52	- out = (GOutputStream *)g_file_create (destination, 0, cancellable, error);
		53	+ out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error);
		54	}
		55
		56	if (!out)
		57	--
		58	2.7.4
		59


diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb index 1271a7c269..879bc48aef 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb
@@ -14,6 +14,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
14	file://0001-Do-not-ignore-return-value-of-write.patch \	14	file://0001-Do-not-ignore-return-value-of-write.patch \
15	file://0010-Do-not-hardcode-python-path-into-various-tools.patch \	15	file://0010-Do-not-hardcode-python-path-into-various-tools.patch \
16	file://date-lt.patch \	16	file://date-lt.patch \
		17	file://CVE-2019-12450.patch \
17	"	18	"
18		19
19	SRC_URI_append_class-native = " file://relocate-modules.patch"	20	SRC_URI_append_class-native = " file://relocate-modules.patch"