1 files changed, 55 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-5.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-5.patch
new file mode 100644
index 0000000000..2334147f7d
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-5.patch
@@ -0,0 +1,55 @@
+From 6c6439261bc7a8a0627519848a7222b3e1bd4ffe Mon Sep 17 00:00:00 2001
+From: Philip Withnall <pwithnall@endlessos.org>
+Date: Wed, 24 Feb 2021 17:42:24 +0000
+Subject: [PATCH 5/5] glocalfileoutputstream: Add a missing O_CLOEXEC flag to
+ replace()
+Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
+Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
+CVE: CVE-2021-28153
+Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com>
+Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
+---
+ gio/glocalfileoutputstream.c | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+--- a/gio/glocalfileoutputstream.c
+++ b/gio/glocalfileoutputstream.c
+@@ -58,6 +58,12 @@
+ #define O_BINARY 0
+ #endif
+ 
+#ifndef O_CLOEXEC
+#define O_CLOEXEC 0
+#else
+#define HAVE_O_CLOEXEC 1
+#endif
+
+ struct _GLocalFileOutputStreamPrivate {
+   char *tmp_filename;
+   char *original_filename;
+@@ -1223,7 +1229,7 @@ _g_local_file_output_stream_replace (con
+   sync_on_close = FALSE;
+ 
+   /* If the file doesn't exist, create it */
+-  open_flags = O_CREAT | O_EXCL | O_BINARY;
+  open_flags = O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC;
+   if (readable)
+     open_flags |= O_RDWR;
+   else
+@@ -1253,8 +1259,11 @@ _g_local_file_output_stream_replace (con
+       set_error_from_open_errno (filename, error);
+       return NULL;
+     }
+-  
+- 
+#if !defined(HAVE_O_CLOEXEC) && defined(F_SETFD)
+  else
+    fcntl (fd, F_SETFD, FD_CLOEXEC);
+#endif
+
+   stream = g_object_new (G_TYPE_LOCAL_FILE_OUTPUT_STREAM, NULL);
+   stream->priv->fd = fd;
+   stream->priv->sync_on_close = sync_on_close;

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-5.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-5.patch new file mode 100644 index 0000000000..2334147f7d --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-28153-5.patch
@@ -0,0 +1,55 @@
	1	From 6c6439261bc7a8a0627519848a7222b3e1bd4ffe Mon Sep 17 00:00:00 2001
	2	From: Philip Withnall <pwithnall@endlessos.org>
	3	Date: Wed, 24 Feb 2021 17:42:24 +0000
	4	Subject: [PATCH 5/5] glocalfileoutputstream: Add a missing O_CLOEXEC flag to
	5	replace()
	6
	7	Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
	8
	9	Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
	10	CVE: CVE-2021-28153
	11	Signed-off-by: Neetika Singh <Neetika.Singh@kpit.com>
	12	Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
	13
	14	---
	15	gio/glocalfileoutputstream.c \| 15 ++++++++++++---
	16	1 file changed, 12 insertions(+), 3 deletions(-)
	17
	18	--- a/gio/glocalfileoutputstream.c
	19	+++ b/gio/glocalfileoutputstream.c
	20	@@ -58,6 +58,12 @@
	21	#define O_BINARY 0
	22	#endif
	23
	24	+#ifndef O_CLOEXEC
	25	+#define O_CLOEXEC 0
	26	+#else
	27	+#define HAVE_O_CLOEXEC 1
	28	+#endif
	29	+
	30	struct _GLocalFileOutputStreamPrivate {
	31	char *tmp_filename;
	32	char *original_filename;
	33	@@ -1223,7 +1229,7 @@ _g_local_file_output_stream_replace (con
	34	sync_on_close = FALSE;
	35
	36	/* If the file doesn't exist, create it */
	37	- open_flags = O_CREAT \| O_EXCL \| O_BINARY;
	38	+ open_flags = O_CREAT \| O_EXCL \| O_BINARY \| O_CLOEXEC;
	39	if (readable)
	40	open_flags \|= O_RDWR;
	41	else
	42	@@ -1253,8 +1259,11 @@ _g_local_file_output_stream_replace (con
	43	set_error_from_open_errno (filename, error);
	44	return NULL;
	45	}
	46	-
	47	-
	48	+#if !defined(HAVE_O_CLOEXEC) && defined(F_SETFD)
	49	+ else
	50	+ fcntl (fd, F_SETFD, FD_CLOEXEC);
	51	+#endif
	52	+
	53	stream = g_object_new (G_TYPE_LOCAL_FILE_OUTPUT_STREAM, NULL);
	54	stream->priv->fd = fd;
	55	stream->priv->sync_on_close = sync_on_close;