diff options
| author | Peter Kjellerstedt <peter.kjellerstedt@axis.com> | 2019-06-27 07:00:49 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-06-28 13:28:37 +0100 |
| commit | ffbd8bd4ca1b651701a44f92f3c8e735c99132c0 (patch) | |
| tree | 5797e844043ed70d355992aaa389f22bf3087fae /meta/recipes-core/glib-2.0 | |
| parent | dc3b7bd2eb31c32443811466aa32e0d58d969f8a (diff) | |
| download | poky-ffbd8bd4ca1b651701a44f92f3c8e735c99132c0.tar.gz | |
glib-2.0: Update to 2.60.4
* For changes, see:
https://gitlab.gnome.org/GNOME/glib/blob/glib-2-60/NEWS
* Remove backported CVE-2019-12450.patch.
(From OE-Core rev: 82714d374744d55f57d48fd08971e8b952a7bcdd)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/glib-2.0')
| -rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch | 62 | ||||
| -rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0_2.60.4.bb (renamed from meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb) | 5 |
2 files changed, 2 insertions, 65 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch deleted file mode 100644 index 59e49195cc..0000000000 --- a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch +++ /dev/null | |||
| @@ -1,62 +0,0 @@ | |||
| 1 | glib-2.0: fix CVE-2019-12450 | ||
| 2 | |||
| 3 | Not in release 2.61.1. | ||
| 4 | |||
| 5 | CVE: CVE-2019-12450 | ||
| 6 | |||
| 7 | Upstream-Status: Backport [github.com/GNOME/glib.git] | ||
| 8 | Signed-off-by: Joe Slater <joe.slater@windrivere.com> | ||
| 9 | --- | ||
| 10 | From d8f8f4d637ce43f8699ba94c9b7648beda0ca174 Mon Sep 17 00:00:00 2001 | ||
| 11 | From: Ondrej Holy <oholy@redhat.com> | ||
| 12 | Date: Thu, 23 May 2019 10:41:53 +0200 | ||
| 13 | Subject: [PATCH] gfile: Limit access to files when copying | ||
| 14 | |||
| 15 | file_copy_fallback creates new files with default permissions and | ||
| 16 | set the correct permissions after the operation is finished. This | ||
| 17 | might cause that the files can be accessible by more users during | ||
| 18 | the operation than expected. Use G_FILE_CREATE_PRIVATE for the new | ||
| 19 | files to limit access to those files. | ||
| 20 | --- | ||
| 21 | gio/gfile.c | 11 ++++++----- | ||
| 22 | 1 file changed, 6 insertions(+), 5 deletions(-) | ||
| 23 | |||
| 24 | diff --git a/gio/gfile.c b/gio/gfile.c | ||
| 25 | index 24b136d80..74b58047c 100644 | ||
| 26 | --- a/gio/gfile.c | ||
| 27 | +++ b/gio/gfile.c | ||
| 28 | @@ -3284,12 +3284,12 @@ file_copy_fallback (GFile *source, | ||
| 29 | out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)), | ||
| 30 | FALSE, NULL, | ||
| 31 | flags & G_FILE_COPY_BACKUP, | ||
| 32 | - G_FILE_CREATE_REPLACE_DESTINATION, | ||
| 33 | - info, | ||
| 34 | + G_FILE_CREATE_REPLACE_DESTINATION | | ||
| 35 | + G_FILE_CREATE_PRIVATE, info, | ||
| 36 | cancellable, error); | ||
| 37 | else | ||
| 38 | out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)), | ||
| 39 | - FALSE, 0, info, | ||
| 40 | + FALSE, G_FILE_CREATE_PRIVATE, info, | ||
| 41 | cancellable, error); | ||
| 42 | } | ||
| 43 | else if (flags & G_FILE_COPY_OVERWRITE) | ||
| 44 | @@ -3297,12 +3297,13 @@ file_copy_fallback (GFile *source, | ||
| 45 | out = (GOutputStream *)g_file_replace (destination, | ||
| 46 | NULL, | ||
| 47 | flags & G_FILE_COPY_BACKUP, | ||
| 48 | - G_FILE_CREATE_REPLACE_DESTINATION, | ||
| 49 | + G_FILE_CREATE_REPLACE_DESTINATION | | ||
| 50 | + G_FILE_CREATE_PRIVATE, | ||
| 51 | cancellable, error); | ||
| 52 | } | ||
| 53 | else | ||
| 54 | { | ||
| 55 | - out = (GOutputStream *)g_file_create (destination, 0, cancellable, error); | ||
| 56 | + out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error); | ||
| 57 | } | ||
| 58 | |||
| 59 | if (!out) | ||
| 60 | -- | ||
| 61 | 2.17.1 | ||
| 62 | |||
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.60.4.bb index 5942241de5..f7280090bb 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.60.4.bb | |||
| @@ -16,11 +16,10 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ | |||
| 16 | file://0001-Do-not-write-bindir-into-pkg-config-files.patch \ | 16 | file://0001-Do-not-write-bindir-into-pkg-config-files.patch \ |
| 17 | file://0001-meson.build-do-not-hardcode-linux-as-the-host-system.patch \ | 17 | file://0001-meson.build-do-not-hardcode-linux-as-the-host-system.patch \ |
| 18 | file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \ | 18 | file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \ |
| 19 | file://CVE-2019-12450.patch \ | ||
| 20 | " | 19 | " |
| 21 | 20 | ||
| 22 | SRC_URI_append_class-native = " file://relocate-modules.patch" | 21 | SRC_URI_append_class-native = " file://relocate-modules.patch" |
| 23 | SRC_URI_append_class-target = " file://glib-meson.cross" | 22 | SRC_URI_append_class-target = " file://glib-meson.cross" |
| 24 | 23 | ||
| 25 | SRC_URI[md5sum] = "112a850caa8d2c21e24d4c9844e8b1fe" | 24 | SRC_URI[md5sum] = "87e2c4973470811dfed3d6746c961488" |
| 26 | SRC_URI[sha256sum] = "04ab0d560d45790d055f50db2d69974eab8b693a77390075462c56e652b760b9" | 25 | SRC_URI[sha256sum] = "2b941ec5dcb92e5ea83fe42f9eb55a827bc8a12c153ad2489d551c31d04733dd" |