1 files changed, 232 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch
new file mode 100644
index 0000000000..65f59287a8
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch
@@ -0,0 +1,232 @@
+Backport of:
+From 221c26685354dea2b2732df94404e8e5e77a1591 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@endlessos.org>
+Date: Wed, 10 Feb 2021 21:21:36 +0000
+Subject: [PATCH 3/3] tests: Add tests for key name handling in the keyfile
+ backend
+This tests the two recent commits.
+Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
+Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
+CVE: CVE-2021-27219
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+---
+ gio/tests/gsettings.c | 170 +++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 169 insertions(+), 1 deletion(-)
+--- a/gio/tests/gsettings.c
+++ b/gio/tests/gsettings.c
+@@ -1,3 +1,4 @@
+#include <errno.h>
+ #include <stdlib.h>
+ #include <locale.h>
+ #include <libintl.h>
+@@ -1740,6 +1741,14 @@ key_changed_cb (GSettings *settings, con
+   (*b) = TRUE;
+ }
+ 
+typedef struct
+{
+  const gchar *path;
+  const gchar *root_group;
+  const gchar *keyfile_group;
+  const gchar *root_path;
+} KeyfileTestData;
+
+ /*
+  * Test that using a keyfile works
+  */
+@@ -1834,7 +1843,11 @@ test_keyfile (Fixture       *fixture,
+   g_free (str);
+ 
+   g_settings_set (settings, "farewell", "s", "cheerio");
+-  
+
+  /* Check that empty keys/groups are not allowed. */
+  g_assert_false (g_settings_is_writable (settings, ""));
+  g_assert_false (g_settings_is_writable (settings, "/"));
+
+   /* When executing as root, changing the mode of the keyfile will have
+    * no effect on the writability of the settings.
+    */
+@@ -1866,6 +1879,149 @@ test_keyfile (Fixture       *fixture,
+   g_free (keyfile_path);
+ }
+ 
+/*
+ * Test that using a keyfile works with a schema with no path set.
+ */
+static void
+test_keyfile_no_path (Fixture       *fixture,
+                      gconstpointer  user_data)
+{
+  const KeyfileTestData *test_data = user_data;
+  GSettingsBackend *kf_backend;
+  GSettings *settings;
+  GKeyFile *keyfile;
+  gboolean writable;
+  gchar *key = NULL;
+  GError *error = NULL;
+  gchar *keyfile_path = NULL, *store_path = NULL;
+
+  keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL);
+  store_path = g_build_filename (keyfile_path, "gsettings.store", NULL);
+  kf_backend = g_keyfile_settings_backend_new (store_path, test_data->root_path, test_data->root_group);
+  settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, test_data->path);
+  g_object_unref (kf_backend);
+
+  g_settings_reset (settings, "test-boolean");
+  g_assert_true (g_settings_get_boolean (settings, "test-boolean"));
+
+  writable = g_settings_is_writable (settings, "test-boolean");
+  g_assert_true (writable);
+  g_settings_set (settings, "test-boolean", "b", FALSE);
+
+  g_assert_false (g_settings_get_boolean (settings, "test-boolean"));
+
+  g_settings_delay (settings);
+  g_settings_set (settings, "test-boolean", "b", TRUE);
+  g_settings_apply (settings);
+
+  keyfile = g_key_file_new ();
+  g_assert_true (g_key_file_load_from_file (keyfile, store_path, 0, NULL));
+
+  g_assert_true (g_key_file_get_boolean (keyfile, test_data->keyfile_group, "test-boolean", NULL));
+
+  g_key_file_free (keyfile);
+
+  g_settings_reset (settings, "test-boolean");
+  g_settings_apply (settings);
+  keyfile = g_key_file_new ();
+  g_assert_true (g_key_file_load_from_file (keyfile, store_path, 0, NULL));
+
+  g_assert_false (g_key_file_get_string (keyfile, test_data->keyfile_group, "test-boolean", &error));
+  g_assert_error (error, G_KEY_FILE_ERROR, G_KEY_FILE_ERROR_KEY_NOT_FOUND);
+  g_clear_error (&error);
+
+  /* Check that empty keys/groups are not allowed. */
+  g_assert_false (g_settings_is_writable (settings, ""));
+  g_assert_false (g_settings_is_writable (settings, "/"));
+
+  /* Keys which ghost the root group name are not allowed. This can only be
+   * tested when the path is `/` as otherwise it acts as a prefix and prevents
+   * any ghosting. */
+  if (g_str_equal (test_data->path, "/"))
+    {
+      key = g_strdup_printf ("%s/%s", test_data->root_group, "");
+      g_assert_false (g_settings_is_writable (settings, key));
+      g_free (key);
+
+      key = g_strdup_printf ("%s/%s", test_data->root_group, "/");
+      g_assert_false (g_settings_is_writable (settings, key));
+      g_free (key);
+
+      key = g_strdup_printf ("%s/%s", test_data->root_group, "test-boolean");
+      g_assert_false (g_settings_is_writable (settings, key));
+      g_free (key);
+    }
+
+  g_key_file_free (keyfile);
+  g_object_unref (settings);
+
+  /* Clean up the temporary directory. */
+  g_assert_cmpint (g_chmod (keyfile_path, 0777) == 0 ? 0 : errno, ==, 0);
+  g_assert_cmpint (g_remove (store_path) == 0 ? 0 : errno, ==, 0);
+  g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0);
+  g_free (store_path);
+  g_free (keyfile_path);
+}
+
+/*
+ * Test that a keyfile rejects writes to keys outside its root path.
+ */
+static void
+test_keyfile_outside_root_path (Fixture       *fixture,
+                                gconstpointer  user_data)
+{
+  GSettingsBackend *kf_backend;
+  GSettings *settings;
+  gchar *keyfile_path = NULL, *store_path = NULL;
+
+  keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL);
+  store_path = g_build_filename (keyfile_path, "gsettings.store", NULL);
+  kf_backend = g_keyfile_settings_backend_new (store_path, "/tests/basic-types/", "root");
+  settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, "/tests/");
+  g_object_unref (kf_backend);
+
+  g_assert_false (g_settings_is_writable (settings, "test-boolean"));
+
+  g_object_unref (settings);
+
+  /* Clean up the temporary directory. The keyfile probably doesn’t exist, so
+   * don’t error on failure. */
+  g_remove (store_path);
+  g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0);
+  g_free (store_path);
+  g_free (keyfile_path);
+}
+
+/*
+ * Test that a keyfile rejects writes to keys in the root if no root group is set.
+ */
+static void
+test_keyfile_no_root_group (Fixture       *fixture,
+                            gconstpointer  user_data)
+{
+  GSettingsBackend *kf_backend;
+  GSettings *settings;
+  gchar *keyfile_path = NULL, *store_path = NULL;
+
+  keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL);
+  store_path = g_build_filename (keyfile_path, "gsettings.store", NULL);
+  kf_backend = g_keyfile_settings_backend_new (store_path, "/", NULL);
+  settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, "/");
+  g_object_unref (kf_backend);
+
+  g_assert_false (g_settings_is_writable (settings, "test-boolean"));
+  g_assert_true (g_settings_is_writable (settings, "child/test-boolean"));
+
+  g_object_unref (settings);
+
+  /* Clean up the temporary directory. The keyfile probably doesn’t exist, so
+   * don’t error on failure. */
+  g_remove (store_path);
+  g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0);
+  g_free (store_path);
+  g_free (keyfile_path);
+}
+
+ /* Test that getting child schemas works
+  */
+ static void
+@@ -2844,6 +3000,14 @@ main (int argc, char *argv[])
+   gchar *override_text;
+   gchar *enums;
+   gint result;
+  const KeyfileTestData keyfile_test_data_explicit_path = { "/tests/", "root", "tests", "/" };
+  const KeyfileTestData keyfile_test_data_empty_path = { "/", "root", "root", "/" };
+  const KeyfileTestData keyfile_test_data_long_path = {
+    "/tests/path/is/very/long/and/this/makes/some/comparisons/take/a/different/branch/",
+    "root",
+    "tests/path/is/very/long/and/this/makes/some/comparisons/take/a/different/branch",
+    "/"
+  };
+ 
+ /* Meson build sets this */
+ #ifdef TEST_LOCALE_PATH
+@@ -2967,6 +3131,11 @@ main (int argc, char *argv[])
+     }
+ 
+   g_test_add ("/gsettings/keyfile", Fixture, NULL, setup, test_keyfile, teardown);
+  g_test_add ("/gsettings/keyfile/explicit-path", Fixture, &keyfile_test_data_explicit_path, setup, test_keyfile_no_path, teardown);
+  g_test_add ("/gsettings/keyfile/empty-path", Fixture, &keyfile_test_data_empty_path, setup, test_keyfile_no_path, teardown);
+  g_test_add ("/gsettings/keyfile/long-path", Fixture, &keyfile_test_data_long_path, setup, test_keyfile_no_path, teardown);
+  g_test_add ("/gsettings/keyfile/outside-root-path", Fixture, NULL, setup, test_keyfile_outside_root_path, teardown);
+  g_test_add ("/gsettings/keyfile/no-root-group", Fixture, NULL, setup, test_keyfile_no_root_group, teardown);
+   g_test_add_func ("/gsettings/child-schema", test_child_schema);
+   g_test_add_func ("/gsettings/strinfo", test_strinfo);
+   g_test_add_func ("/gsettings/enums", test_enums);

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch new file mode 100644 index 0000000000..65f59287a8 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg2-3.patch
@@ -0,0 +1,232 @@
	1	Backport of:
	2
	3	From 221c26685354dea2b2732df94404e8e5e77a1591 Mon Sep 17 00:00:00 2001
	4	From: Philip Withnall <pwithnall@endlessos.org>
	5	Date: Wed, 10 Feb 2021 21:21:36 +0000
	6	Subject: [PATCH 3/3] tests: Add tests for key name handling in the keyfile
	7	backend
	8
	9	This tests the two recent commits.
	10
	11	Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
	12
	13	Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
	14	CVE: CVE-2021-27219
	15	Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
	16
	17	---
	18	gio/tests/gsettings.c \| 170 +++++++++++++++++++++++++++++++++++++++++-
	19	1 file changed, 169 insertions(+), 1 deletion(-)
	20
	21	--- a/gio/tests/gsettings.c
	22	+++ b/gio/tests/gsettings.c
	23	@@ -1,3 +1,4 @@
	24	+#include <errno.h>
	25	#include <stdlib.h>
	26	#include <locale.h>
	27	#include <libintl.h>
	28	@@ -1740,6 +1741,14 @@ key_changed_cb (GSettings *settings, con
	29	(*b) = TRUE;
	30	}
	31
	32	+typedef struct
	33	+{
	34	+ const gchar *path;
	35	+ const gchar *root_group;
	36	+ const gchar *keyfile_group;
	37	+ const gchar *root_path;
	38	+} KeyfileTestData;
	39	+
	40	/*
	41	* Test that using a keyfile works
	42	*/
	43	@@ -1834,7 +1843,11 @@ test_keyfile (Fixture *fixture,
	44	g_free (str);
	45
	46	g_settings_set (settings, "farewell", "s", "cheerio");
	47	-
	48	+
	49	+ /* Check that empty keys/groups are not allowed. */
	50	+ g_assert_false (g_settings_is_writable (settings, ""));
	51	+ g_assert_false (g_settings_is_writable (settings, "/"));
	52	+
	53	/* When executing as root, changing the mode of the keyfile will have
	54	* no effect on the writability of the settings.
	55	*/
	56	@@ -1866,6 +1879,149 @@ test_keyfile (Fixture *fixture,
	57	g_free (keyfile_path);
	58	}
	59
	60	+/*
	61	+ * Test that using a keyfile works with a schema with no path set.
	62	+ */
	63	+static void
	64	+test_keyfile_no_path (Fixture *fixture,
	65	+ gconstpointer user_data)
	66	+{
	67	+ const KeyfileTestData *test_data = user_data;
	68	+ GSettingsBackend *kf_backend;
	69	+ GSettings *settings;
	70	+ GKeyFile *keyfile;
	71	+ gboolean writable;
	72	+ gchar *key = NULL;
	73	+ GError *error = NULL;
	74	+ gchar keyfile_path = NULL, store_path = NULL;
	75	+
	76	+ keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL);
	77	+ store_path = g_build_filename (keyfile_path, "gsettings.store", NULL);
	78	+ kf_backend = g_keyfile_settings_backend_new (store_path, test_data->root_path, test_data->root_group);
	79	+ settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, test_data->path);
	80	+ g_object_unref (kf_backend);
	81	+
	82	+ g_settings_reset (settings, "test-boolean");
	83	+ g_assert_true (g_settings_get_boolean (settings, "test-boolean"));
	84	+
	85	+ writable = g_settings_is_writable (settings, "test-boolean");
	86	+ g_assert_true (writable);
	87	+ g_settings_set (settings, "test-boolean", "b", FALSE);
	88	+
	89	+ g_assert_false (g_settings_get_boolean (settings, "test-boolean"));
	90	+
	91	+ g_settings_delay (settings);
	92	+ g_settings_set (settings, "test-boolean", "b", TRUE);
	93	+ g_settings_apply (settings);
	94	+
	95	+ keyfile = g_key_file_new ();
	96	+ g_assert_true (g_key_file_load_from_file (keyfile, store_path, 0, NULL));
	97	+
	98	+ g_assert_true (g_key_file_get_boolean (keyfile, test_data->keyfile_group, "test-boolean", NULL));
	99	+
	100	+ g_key_file_free (keyfile);
	101	+
	102	+ g_settings_reset (settings, "test-boolean");
	103	+ g_settings_apply (settings);
	104	+ keyfile = g_key_file_new ();
	105	+ g_assert_true (g_key_file_load_from_file (keyfile, store_path, 0, NULL));
	106	+
	107	+ g_assert_false (g_key_file_get_string (keyfile, test_data->keyfile_group, "test-boolean", &error));
	108	+ g_assert_error (error, G_KEY_FILE_ERROR, G_KEY_FILE_ERROR_KEY_NOT_FOUND);
	109	+ g_clear_error (&error);
	110	+
	111	+ /* Check that empty keys/groups are not allowed. */
	112	+ g_assert_false (g_settings_is_writable (settings, ""));
	113	+ g_assert_false (g_settings_is_writable (settings, "/"));
	114	+
	115	+ /* Keys which ghost the root group name are not allowed. This can only be
	116	+ * tested when the path is `/` as otherwise it acts as a prefix and prevents
	117	+ * any ghosting. */
	118	+ if (g_str_equal (test_data->path, "/"))
	119	+ {
	120	+ key = g_strdup_printf ("%s/%s", test_data->root_group, "");
	121	+ g_assert_false (g_settings_is_writable (settings, key));
	122	+ g_free (key);
	123	+
	124	+ key = g_strdup_printf ("%s/%s", test_data->root_group, "/");
	125	+ g_assert_false (g_settings_is_writable (settings, key));
	126	+ g_free (key);
	127	+
	128	+ key = g_strdup_printf ("%s/%s", test_data->root_group, "test-boolean");
	129	+ g_assert_false (g_settings_is_writable (settings, key));
	130	+ g_free (key);
	131	+ }
	132	+
	133	+ g_key_file_free (keyfile);
	134	+ g_object_unref (settings);
	135	+
	136	+ /* Clean up the temporary directory. */
	137	+ g_assert_cmpint (g_chmod (keyfile_path, 0777) == 0 ? 0 : errno, ==, 0);
	138	+ g_assert_cmpint (g_remove (store_path) == 0 ? 0 : errno, ==, 0);
	139	+ g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0);
	140	+ g_free (store_path);
	141	+ g_free (keyfile_path);
	142	+}
	143	+
	144	+/*
	145	+ * Test that a keyfile rejects writes to keys outside its root path.
	146	+ */
	147	+static void
	148	+test_keyfile_outside_root_path (Fixture *fixture,
	149	+ gconstpointer user_data)
	150	+{
	151	+ GSettingsBackend *kf_backend;
	152	+ GSettings *settings;
	153	+ gchar keyfile_path = NULL, store_path = NULL;
	154	+
	155	+ keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL);
	156	+ store_path = g_build_filename (keyfile_path, "gsettings.store", NULL);
	157	+ kf_backend = g_keyfile_settings_backend_new (store_path, "/tests/basic-types/", "root");
	158	+ settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, "/tests/");
	159	+ g_object_unref (kf_backend);
	160	+
	161	+ g_assert_false (g_settings_is_writable (settings, "test-boolean"));
	162	+
	163	+ g_object_unref (settings);
	164	+
	165	+ /* Clean up the temporary directory. The keyfile probably doesn’t exist, so
	166	+ * don’t error on failure. */
	167	+ g_remove (store_path);
	168	+ g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0);
	169	+ g_free (store_path);
	170	+ g_free (keyfile_path);
	171	+}
	172	+
	173	+/*
	174	+ * Test that a keyfile rejects writes to keys in the root if no root group is set.
	175	+ */
	176	+static void
	177	+test_keyfile_no_root_group (Fixture *fixture,
	178	+ gconstpointer user_data)
	179	+{
	180	+ GSettingsBackend *kf_backend;
	181	+ GSettings *settings;
	182	+ gchar keyfile_path = NULL, store_path = NULL;
	183	+
	184	+ keyfile_path = g_build_filename (fixture->tmp_dir, "keyfile", NULL);
	185	+ store_path = g_build_filename (keyfile_path, "gsettings.store", NULL);
	186	+ kf_backend = g_keyfile_settings_backend_new (store_path, "/", NULL);
	187	+ settings = g_settings_new_with_backend_and_path ("org.gtk.test.no-path", kf_backend, "/");
	188	+ g_object_unref (kf_backend);
	189	+
	190	+ g_assert_false (g_settings_is_writable (settings, "test-boolean"));
	191	+ g_assert_true (g_settings_is_writable (settings, "child/test-boolean"));
	192	+
	193	+ g_object_unref (settings);
	194	+
	195	+ /* Clean up the temporary directory. The keyfile probably doesn’t exist, so
	196	+ * don’t error on failure. */
	197	+ g_remove (store_path);
	198	+ g_assert_cmpint (g_rmdir (keyfile_path) == 0 ? 0 : errno, ==, 0);
	199	+ g_free (store_path);
	200	+ g_free (keyfile_path);
	201	+}
	202	+
	203	/* Test that getting child schemas works
	204	*/
	205	static void
	206	@@ -2844,6 +3000,14 @@ main (int argc, char *argv[])
	207	gchar *override_text;
	208	gchar *enums;
	209	gint result;
	210	+ const KeyfileTestData keyfile_test_data_explicit_path = { "/tests/", "root", "tests", "/" };
	211	+ const KeyfileTestData keyfile_test_data_empty_path = { "/", "root", "root", "/" };
	212	+ const KeyfileTestData keyfile_test_data_long_path = {
	213	+ "/tests/path/is/very/long/and/this/makes/some/comparisons/take/a/different/branch/",
	214	+ "root",
	215	+ "tests/path/is/very/long/and/this/makes/some/comparisons/take/a/different/branch",
	216	+ "/"
	217	+ };
	218
	219	/* Meson build sets this */
	220	#ifdef TEST_LOCALE_PATH
	221	@@ -2967,6 +3131,11 @@ main (int argc, char *argv[])
	222	}
	223
	224	g_test_add ("/gsettings/keyfile", Fixture, NULL, setup, test_keyfile, teardown);
	225	+ g_test_add ("/gsettings/keyfile/explicit-path", Fixture, &keyfile_test_data_explicit_path, setup, test_keyfile_no_path, teardown);
	226	+ g_test_add ("/gsettings/keyfile/empty-path", Fixture, &keyfile_test_data_empty_path, setup, test_keyfile_no_path, teardown);
	227	+ g_test_add ("/gsettings/keyfile/long-path", Fixture, &keyfile_test_data_long_path, setup, test_keyfile_no_path, teardown);
	228	+ g_test_add ("/gsettings/keyfile/outside-root-path", Fixture, NULL, setup, test_keyfile_outside_root_path, teardown);
	229	+ g_test_add ("/gsettings/keyfile/no-root-group", Fixture, NULL, setup, test_keyfile_no_root_group, teardown);
	230	g_test_add_func ("/gsettings/child-schema", test_child_schema);
	231	g_test_add_func ("/gsettings/strinfo", test_strinfo);
	232	g_test_add_func ("/gsettings/enums", test_enums);