2 files changed, 58 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0001-gfile-Limit-access-to-files-when-copying.patch b/meta/recipes-core/glib-2.0/glib-2.0/0001-gfile-Limit-access-to-files-when-copying.patch
new file mode 100644
index 0000000000..8fc03d1aed
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/0001-gfile-Limit-access-to-files-when-copying.patch
@@ -0,0 +1,57 @@
+From e6b769819d63d2b24b251dbc9f902fe6fd614da3 Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Thu, 23 May 2019 10:41:53 +0200
+Subject: gfile: Limit access to files when copying
+file_copy_fallback creates new files with default permissions and
+set the correct permissions after the operation is finished. This
+might cause that the files can be accessible by more users during
+the operation than expected. Use G_FILE_CREATE_PRIVATE for the new
+files to limit access to those files.
+CVE: CVE-2019-12450
+Upstream-Status: Backport
+Signed-off-by: Adrian Bunk <bunk@stusta.de>
+---
+ gio/gfile.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+diff --git a/gio/gfile.c b/gio/gfile.c
+index 1cc69166a..13b435480 100644
+--- a/gio/gfile.c
+++ b/gio/gfile.c
+@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile                  *source,
+         out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
+                                                                    FALSE, NULL,
+                                                                    flags & G_FILE_COPY_BACKUP,
+-                                                                   G_FILE_CREATE_REPLACE_DESTINATION,
+-                                                                   info,
+                                                                   G_FILE_CREATE_REPLACE_DESTINATION |
+                                                                   G_FILE_CREATE_PRIVATE, info,
+                                                                    cancellable, error);
+       else
+         out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
+-                                                                  FALSE, 0, info,
+                                                                  FALSE, G_FILE_CREATE_PRIVATE, info,
+                                                                   cancellable, error);
+     }
+   else if (flags & G_FILE_COPY_OVERWRITE)
+@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile                  *source,
+       out = (GOutputStream *)g_file_replace (destination,
+                                              NULL,
+                                              flags & G_FILE_COPY_BACKUP,
+-                                             G_FILE_CREATE_REPLACE_DESTINATION,
+                                             G_FILE_CREATE_REPLACE_DESTINATION |
+                                             G_FILE_CREATE_PRIVATE,
+                                              cancellable, error);
+     }
+   else
+     {
+-      out = (GOutputStream *)g_file_create (destination, 0, cancellable, error);
+      out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error);
+     }
+ 
+   if (!out)
+-- 
+2.20.1
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb
index 2286d03148..f151a3358f 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb
@@ -19,6 +19,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
           file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \
           file://glib-meson.cross \
           file://CVE-2019-13012.patch \
+           file://0001-gfile-Limit-access-to-files-when-copying.patch \
           "
 SRC_URI_append_class-native = " file://relocate-modules.patch"

diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0001-gfile-Limit-access-to-files-when-copying.patch b/meta/recipes-core/glib-2.0/glib-2.0/0001-gfile-Limit-access-to-files-when-copying.patch new file mode 100644 index 0000000000..8fc03d1aed --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/0001-gfile-Limit-access-to-files-when-copying.patch
@@ -0,0 +1,57 @@
		1	From e6b769819d63d2b24b251dbc9f902fe6fd614da3 Mon Sep 17 00:00:00 2001
		2	From: Ondrej Holy <oholy@redhat.com>
		3	Date: Thu, 23 May 2019 10:41:53 +0200
		4	Subject: gfile: Limit access to files when copying
		5
		6	file_copy_fallback creates new files with default permissions and
		7	set the correct permissions after the operation is finished. This
		8	might cause that the files can be accessible by more users during
		9	the operation than expected. Use G_FILE_CREATE_PRIVATE for the new
		10	files to limit access to those files.
		11
		12	CVE: CVE-2019-12450
		13	Upstream-Status: Backport
		14	Signed-off-by: Adrian Bunk <bunk@stusta.de>
		15	---
		16	gio/gfile.c \| 11 ++++++-----
		17	1 file changed, 6 insertions(+), 5 deletions(-)
		18
		19	diff --git a/gio/gfile.c b/gio/gfile.c
		20	index 1cc69166a..13b435480 100644
		21	--- a/gio/gfile.c
		22	+++ b/gio/gfile.c
		23	@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile *source,
		24	out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
		25	FALSE, NULL,
		26	flags & G_FILE_COPY_BACKUP,
		27	- G_FILE_CREATE_REPLACE_DESTINATION,
		28	- info,
		29	+ G_FILE_CREATE_REPLACE_DESTINATION \|
		30	+ G_FILE_CREATE_PRIVATE, info,
		31	cancellable, error);
		32	else
		33	out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
		34	- FALSE, 0, info,
		35	+ FALSE, G_FILE_CREATE_PRIVATE, info,
		36	cancellable, error);
		37	}
		38	else if (flags & G_FILE_COPY_OVERWRITE)
		39	@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile *source,
		40	out = (GOutputStream *)g_file_replace (destination,
		41	NULL,
		42	flags & G_FILE_COPY_BACKUP,
		43	- G_FILE_CREATE_REPLACE_DESTINATION,
		44	+ G_FILE_CREATE_REPLACE_DESTINATION \|
		45	+ G_FILE_CREATE_PRIVATE,
		46	cancellable, error);
		47	}
		48	else
		49	{
		50	- out = (GOutputStream *)g_file_create (destination, 0, cancellable, error);
		51	+ out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error);
		52	}
		53
		54	if (!out)
		55	--
		56	2.20.1
		57


diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb index 2286d03148..f151a3358f 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb
@@ -19,6 +19,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
19	file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \	19	file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \
20	file://glib-meson.cross \	20	file://glib-meson.cross \
21	file://CVE-2019-13012.patch \	21	file://CVE-2019-13012.patch \
		22	file://0001-gfile-Limit-access-to-files-when-copying.patch \
22	"	23	"
23		24
24	SRC_URI_append_class-native = " file://relocate-modules.patch"	25	SRC_URI_append_class-native = " file://relocate-modules.patch"