diff options
-rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch | 62 | ||||
-rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0_2.60.4.bb (renamed from meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb) | 5 |
2 files changed, 2 insertions, 65 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch deleted file mode 100644 index 59e49195cc..0000000000 --- a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch +++ /dev/null | |||
@@ -1,62 +0,0 @@ | |||
1 | glib-2.0: fix CVE-2019-12450 | ||
2 | |||
3 | Not in release 2.61.1. | ||
4 | |||
5 | CVE: CVE-2019-12450 | ||
6 | |||
7 | Upstream-Status: Backport [github.com/GNOME/glib.git] | ||
8 | Signed-off-by: Joe Slater <joe.slater@windrivere.com> | ||
9 | --- | ||
10 | From d8f8f4d637ce43f8699ba94c9b7648beda0ca174 Mon Sep 17 00:00:00 2001 | ||
11 | From: Ondrej Holy <oholy@redhat.com> | ||
12 | Date: Thu, 23 May 2019 10:41:53 +0200 | ||
13 | Subject: [PATCH] gfile: Limit access to files when copying | ||
14 | |||
15 | file_copy_fallback creates new files with default permissions and | ||
16 | set the correct permissions after the operation is finished. This | ||
17 | might cause that the files can be accessible by more users during | ||
18 | the operation than expected. Use G_FILE_CREATE_PRIVATE for the new | ||
19 | files to limit access to those files. | ||
20 | --- | ||
21 | gio/gfile.c | 11 ++++++----- | ||
22 | 1 file changed, 6 insertions(+), 5 deletions(-) | ||
23 | |||
24 | diff --git a/gio/gfile.c b/gio/gfile.c | ||
25 | index 24b136d80..74b58047c 100644 | ||
26 | --- a/gio/gfile.c | ||
27 | +++ b/gio/gfile.c | ||
28 | @@ -3284,12 +3284,12 @@ file_copy_fallback (GFile *source, | ||
29 | out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)), | ||
30 | FALSE, NULL, | ||
31 | flags & G_FILE_COPY_BACKUP, | ||
32 | - G_FILE_CREATE_REPLACE_DESTINATION, | ||
33 | - info, | ||
34 | + G_FILE_CREATE_REPLACE_DESTINATION | | ||
35 | + G_FILE_CREATE_PRIVATE, info, | ||
36 | cancellable, error); | ||
37 | else | ||
38 | out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)), | ||
39 | - FALSE, 0, info, | ||
40 | + FALSE, G_FILE_CREATE_PRIVATE, info, | ||
41 | cancellable, error); | ||
42 | } | ||
43 | else if (flags & G_FILE_COPY_OVERWRITE) | ||
44 | @@ -3297,12 +3297,13 @@ file_copy_fallback (GFile *source, | ||
45 | out = (GOutputStream *)g_file_replace (destination, | ||
46 | NULL, | ||
47 | flags & G_FILE_COPY_BACKUP, | ||
48 | - G_FILE_CREATE_REPLACE_DESTINATION, | ||
49 | + G_FILE_CREATE_REPLACE_DESTINATION | | ||
50 | + G_FILE_CREATE_PRIVATE, | ||
51 | cancellable, error); | ||
52 | } | ||
53 | else | ||
54 | { | ||
55 | - out = (GOutputStream *)g_file_create (destination, 0, cancellable, error); | ||
56 | + out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error); | ||
57 | } | ||
58 | |||
59 | if (!out) | ||
60 | -- | ||
61 | 2.17.1 | ||
62 | |||
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.60.4.bb index 5942241de5..f7280090bb 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.60.4.bb | |||
@@ -16,11 +16,10 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ | |||
16 | file://0001-Do-not-write-bindir-into-pkg-config-files.patch \ | 16 | file://0001-Do-not-write-bindir-into-pkg-config-files.patch \ |
17 | file://0001-meson.build-do-not-hardcode-linux-as-the-host-system.patch \ | 17 | file://0001-meson.build-do-not-hardcode-linux-as-the-host-system.patch \ |
18 | file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \ | 18 | file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \ |
19 | file://CVE-2019-12450.patch \ | ||
20 | " | 19 | " |
21 | 20 | ||
22 | SRC_URI_append_class-native = " file://relocate-modules.patch" | 21 | SRC_URI_append_class-native = " file://relocate-modules.patch" |
23 | SRC_URI_append_class-target = " file://glib-meson.cross" | 22 | SRC_URI_append_class-target = " file://glib-meson.cross" |
24 | 23 | ||
25 | SRC_URI[md5sum] = "112a850caa8d2c21e24d4c9844e8b1fe" | 24 | SRC_URI[md5sum] = "87e2c4973470811dfed3d6746c961488" |
26 | SRC_URI[sha256sum] = "04ab0d560d45790d055f50db2d69974eab8b693a77390075462c56e652b760b9" | 25 | SRC_URI[sha256sum] = "2b941ec5dcb92e5ea83fe42f9eb55a827bc8a12c153ad2489d551c31d04733dd" |