summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch62
-rw-r--r--meta/recipes-core/glib-2.0/glib-2.0_2.60.4.bb (renamed from meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb)5
2 files changed, 2 insertions, 65 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch
deleted file mode 100644
index 59e49195cc..0000000000
--- a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch
+++ /dev/null
@@ -1,62 +0,0 @@
1glib-2.0: fix CVE-2019-12450
2
3Not in release 2.61.1.
4
5CVE: CVE-2019-12450
6
7Upstream-Status: Backport [github.com/GNOME/glib.git]
8Signed-off-by: Joe Slater <joe.slater@windrivere.com>
9---
10From d8f8f4d637ce43f8699ba94c9b7648beda0ca174 Mon Sep 17 00:00:00 2001
11From: Ondrej Holy <oholy@redhat.com>
12Date: Thu, 23 May 2019 10:41:53 +0200
13Subject: [PATCH] gfile: Limit access to files when copying
14
15file_copy_fallback creates new files with default permissions and
16set the correct permissions after the operation is finished. This
17might cause that the files can be accessible by more users during
18the operation than expected. Use G_FILE_CREATE_PRIVATE for the new
19files to limit access to those files.
20---
21 gio/gfile.c | 11 ++++++-----
22 1 file changed, 6 insertions(+), 5 deletions(-)
23
24diff --git a/gio/gfile.c b/gio/gfile.c
25index 24b136d80..74b58047c 100644
26--- a/gio/gfile.c
27+++ b/gio/gfile.c
28@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile *source,
29 out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
30 FALSE, NULL,
31 flags & G_FILE_COPY_BACKUP,
32- G_FILE_CREATE_REPLACE_DESTINATION,
33- info,
34+ G_FILE_CREATE_REPLACE_DESTINATION |
35+ G_FILE_CREATE_PRIVATE, info,
36 cancellable, error);
37 else
38 out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
39- FALSE, 0, info,
40+ FALSE, G_FILE_CREATE_PRIVATE, info,
41 cancellable, error);
42 }
43 else if (flags & G_FILE_COPY_OVERWRITE)
44@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile *source,
45 out = (GOutputStream *)g_file_replace (destination,
46 NULL,
47 flags & G_FILE_COPY_BACKUP,
48- G_FILE_CREATE_REPLACE_DESTINATION,
49+ G_FILE_CREATE_REPLACE_DESTINATION |
50+ G_FILE_CREATE_PRIVATE,
51 cancellable, error);
52 }
53 else
54 {
55- out = (GOutputStream *)g_file_create (destination, 0, cancellable, error);
56+ out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error);
57 }
58
59 if (!out)
60--
612.17.1
62
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.60.4.bb
index 5942241de5..f7280090bb 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.60.4.bb
@@ -16,11 +16,10 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
16 file://0001-Do-not-write-bindir-into-pkg-config-files.patch \ 16 file://0001-Do-not-write-bindir-into-pkg-config-files.patch \
17 file://0001-meson.build-do-not-hardcode-linux-as-the-host-system.patch \ 17 file://0001-meson.build-do-not-hardcode-linux-as-the-host-system.patch \
18 file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \ 18 file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \
19 file://CVE-2019-12450.patch \
20 " 19 "
21 20
22SRC_URI_append_class-native = " file://relocate-modules.patch" 21SRC_URI_append_class-native = " file://relocate-modules.patch"
23SRC_URI_append_class-target = " file://glib-meson.cross" 22SRC_URI_append_class-target = " file://glib-meson.cross"
24 23
25SRC_URI[md5sum] = "112a850caa8d2c21e24d4c9844e8b1fe" 24SRC_URI[md5sum] = "87e2c4973470811dfed3d6746c961488"
26SRC_URI[sha256sum] = "04ab0d560d45790d055f50db2d69974eab8b693a77390075462c56e652b760b9" 25SRC_URI[sha256sum] = "2b941ec5dcb92e5ea83fe42f9eb55a827bc8a12c153ad2489d551c31d04733dd"