summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAdrian Bunk <bunk@stusta.de>2020-01-17 17:14:29 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-01-28 11:15:01 (GMT)
commit707e2b9d7d1e4969a609900faf9eac1849e56e0c (patch)
tree8f51dc7bcd21ae503c1951f0853f3970d61c5b25
parent057dcb3ee3f85e69323c7d7ebe5426b2b3656c39 (diff)
downloadpoky-707e2b9d7d1e4969a609900faf9eac1849e56e0c.tar.gz
glib-2.0: Backport the CVE-2019-12450 fix
(From OE-Core rev: 9c4d7a92f4f6e4070102b12de44d9bfe6f944735) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/glib-2.0/glib-2.0/0001-gfile-Limit-access-to-files-when-copying.patch57
-rw-r--r--meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb1
2 files changed, 58 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/0001-gfile-Limit-access-to-files-when-copying.patch b/meta/recipes-core/glib-2.0/glib-2.0/0001-gfile-Limit-access-to-files-when-copying.patch
new file mode 100644
index 0000000..8fc03d1
--- /dev/null
+++ b/meta/recipes-core/glib-2.0/glib-2.0/0001-gfile-Limit-access-to-files-when-copying.patch
@@ -0,0 +1,57 @@
1From e6b769819d63d2b24b251dbc9f902fe6fd614da3 Mon Sep 17 00:00:00 2001
2From: Ondrej Holy <oholy@redhat.com>
3Date: Thu, 23 May 2019 10:41:53 +0200
4Subject: gfile: Limit access to files when copying
5
6file_copy_fallback creates new files with default permissions and
7set the correct permissions after the operation is finished. This
8might cause that the files can be accessible by more users during
9the operation than expected. Use G_FILE_CREATE_PRIVATE for the new
10files to limit access to those files.
11
12CVE: CVE-2019-12450
13Upstream-Status: Backport
14Signed-off-by: Adrian Bunk <bunk@stusta.de>
15---
16 gio/gfile.c | 11 ++++++-----
17 1 file changed, 6 insertions(+), 5 deletions(-)
18
19diff --git a/gio/gfile.c b/gio/gfile.c
20index 1cc69166a..13b435480 100644
21--- a/gio/gfile.c
22+++ b/gio/gfile.c
23@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile *source,
24 out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
25 FALSE, NULL,
26 flags & G_FILE_COPY_BACKUP,
27- G_FILE_CREATE_REPLACE_DESTINATION,
28- info,
29+ G_FILE_CREATE_REPLACE_DESTINATION |
30+ G_FILE_CREATE_PRIVATE, info,
31 cancellable, error);
32 else
33 out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
34- FALSE, 0, info,
35+ FALSE, G_FILE_CREATE_PRIVATE, info,
36 cancellable, error);
37 }
38 else if (flags & G_FILE_COPY_OVERWRITE)
39@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile *source,
40 out = (GOutputStream *)g_file_replace (destination,
41 NULL,
42 flags & G_FILE_COPY_BACKUP,
43- G_FILE_CREATE_REPLACE_DESTINATION,
44+ G_FILE_CREATE_REPLACE_DESTINATION |
45+ G_FILE_CREATE_PRIVATE,
46 cancellable, error);
47 }
48 else
49 {
50- out = (GOutputStream *)g_file_create (destination, 0, cancellable, error);
51+ out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error);
52 }
53
54 if (!out)
55--
562.20.1
57
diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb
index 2286d03..f151a33 100644
--- a/meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb
+++ b/meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb
@@ -19,6 +19,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
19 file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \ 19 file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \
20 file://glib-meson.cross \ 20 file://glib-meson.cross \
21 file://CVE-2019-13012.patch \ 21 file://CVE-2019-13012.patch \
22 file://0001-gfile-Limit-access-to-files-when-copying.patch \
22 " 23 "
23 24
24SRC_URI_append_class-native = " file://relocate-modules.patch" 25SRC_URI_append_class-native = " file://relocate-modules.patch"