diff options
author | Armin Kuster <akuster@mvista.com> | 2019-06-05 12:44:58 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-07-27 18:05:18 +0100 |
commit | f2d2148adba3d989f5f061b194fe57bd67ee215b (patch) | |
tree | c04163f292312cfd4bdca002974f7a41583ca1bd /meta/recipes-core/glib-2.0 | |
parent | abefff23cd1f3ae0242f45a98dac09223870a826 (diff) | |
download | poky-f2d2148adba3d989f5f061b194fe57bd67ee215b.tar.gz |
glib-2.0: Security fix for CVE-2019-12450
Source: glib-2.0
MR: 98443
Type: Security Fix
Disposition: Backport from https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
ChangeID: 880b9b349cb8d82c7c1314a3657ec9094baba741
Description:
(From OE-Core rev: 71bfb9dfdc806e0e95f1302d0d6c3c751f03bb4b)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/glib-2.0')
-rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch | 59 | ||||
-rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb | 1 |
2 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch new file mode 100644 index 0000000000..37ad5808f5 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch | |||
@@ -0,0 +1,59 @@ | |||
1 | From d8f8f4d637ce43f8699ba94c9b7648beda0ca174 Mon Sep 17 00:00:00 2001 | ||
2 | From: Ondrej Holy <oholy@redhat.com> | ||
3 | Date: Thu, 23 May 2019 10:41:53 +0200 | ||
4 | Subject: [PATCH] gfile: Limit access to files when copying | ||
5 | |||
6 | file_copy_fallback creates new files with default permissions and | ||
7 | set the correct permissions after the operation is finished. This | ||
8 | might cause that the files can be accessible by more users during | ||
9 | the operation than expected. Use G_FILE_CREATE_PRIVATE for the new | ||
10 | files to limit access to those files. | ||
11 | |||
12 | Upstream-Status: Backport | ||
13 | https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174 | ||
14 | CVE: CVE-2019-12450 | ||
15 | Signed-off-by: Armin kuster <akuster@mvista.com> | ||
16 | |||
17 | --- | ||
18 | gio/gfile.c | 11 ++++++----- | ||
19 | 1 file changed, 6 insertions(+), 5 deletions(-) | ||
20 | |||
21 | diff --git a/gio/gfile.c b/gio/gfile.c | ||
22 | index 24b136d..74b5804 100644 | ||
23 | --- a/gio/gfile.c | ||
24 | +++ b/gio/gfile.c | ||
25 | @@ -3284,12 +3284,12 @@ file_copy_fallback (GFile *source, | ||
26 | out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)), | ||
27 | FALSE, NULL, | ||
28 | flags & G_FILE_COPY_BACKUP, | ||
29 | - G_FILE_CREATE_REPLACE_DESTINATION, | ||
30 | - info, | ||
31 | + G_FILE_CREATE_REPLACE_DESTINATION | | ||
32 | + G_FILE_CREATE_PRIVATE, info, | ||
33 | cancellable, error); | ||
34 | else | ||
35 | out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)), | ||
36 | - FALSE, 0, info, | ||
37 | + FALSE, G_FILE_CREATE_PRIVATE, info, | ||
38 | cancellable, error); | ||
39 | } | ||
40 | else if (flags & G_FILE_COPY_OVERWRITE) | ||
41 | @@ -3297,12 +3297,13 @@ file_copy_fallback (GFile *source, | ||
42 | out = (GOutputStream *)g_file_replace (destination, | ||
43 | NULL, | ||
44 | flags & G_FILE_COPY_BACKUP, | ||
45 | - G_FILE_CREATE_REPLACE_DESTINATION, | ||
46 | + G_FILE_CREATE_REPLACE_DESTINATION | | ||
47 | + G_FILE_CREATE_PRIVATE, | ||
48 | cancellable, error); | ||
49 | } | ||
50 | else | ||
51 | { | ||
52 | - out = (GOutputStream *)g_file_create (destination, 0, cancellable, error); | ||
53 | + out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error); | ||
54 | } | ||
55 | |||
56 | if (!out) | ||
57 | -- | ||
58 | 2.7.4 | ||
59 | |||
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb index 1271a7c269..879bc48aef 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb | |||
@@ -14,6 +14,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ | |||
14 | file://0001-Do-not-ignore-return-value-of-write.patch \ | 14 | file://0001-Do-not-ignore-return-value-of-write.patch \ |
15 | file://0010-Do-not-hardcode-python-path-into-various-tools.patch \ | 15 | file://0010-Do-not-hardcode-python-path-into-various-tools.patch \ |
16 | file://date-lt.patch \ | 16 | file://date-lt.patch \ |
17 | file://CVE-2019-12450.patch \ | ||
17 | " | 18 | " |
18 | 19 | ||
19 | SRC_URI_append_class-native = " file://relocate-modules.patch" | 20 | SRC_URI_append_class-native = " file://relocate-modules.patch" |