diff options
| author |   Armin Kuster <akuster@mvista.com> | 2019-06-05 12:44:58 -0700 |
|---|---|---|
| committer |   Armin Kuster <akuster808@gmail.com> | 2019-06-25 07:26:36 -0700 |
| commit | 71bfb9dfdc806e0e95f1302d0d6c3c751f03bb4b (patch) | |
| tree | d93bfef4b62db901fac8f05877dce9742182ef3c /meta/recipes-core | |
| parent | fc77edc8245ab90eee1f1e857f470b6842dc256f (diff) | |
| download | openembedded-core-contrib-71bfb9dfdc806e0e95f1302d0d6c3c751f03bb4b.tar.gz | |
glib-2.0: Security fix for CVE-2019-12450
Source: glib-2.0
MR: 98443
Type: Security Fix
Disposition: Backport from https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
ChangeID: 880b9b349cb8d82c7c1314a3657ec9094baba741
Description:
Signed-off-by: Armin Kuster <akuster@mvista.com>
Diffstat (limited to 'meta/recipes-core')
| -rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch | 59 | ||||
| -rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb | 1 |
2 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch new file mode 100644 index 0000000000..37ad5808f5 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch @@ -0,0 +1,59 @@ +From d8f8f4d637ce43f8699ba94c9b7648beda0ca174 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy <oholy@redhat.com> +Date: Thu, 23 May 2019 10:41:53 +0200 +Subject: [PATCH] gfile: Limit access to files when copying + +file_copy_fallback creates new files with default permissions and +set the correct permissions after the operation is finished. This +might cause that the files can be accessible by more users during +the operation than expected. Use G_FILE_CREATE_PRIVATE for the new +files to limit access to those files. + +Upstream-Status: Backport +https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174 +CVE: CVE-2019-12450 +Signed-off-by: Armin kuster <akuster@mvista.com> + +--- + gio/gfile.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/gio/gfile.c b/gio/gfile.c +index 24b136d..74b5804 100644 +--- a/gio/gfile.c ++++ b/gio/gfile.c +@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile *source, + out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)), + FALSE, NULL, + flags & G_FILE_COPY_BACKUP, +- G_FILE_CREATE_REPLACE_DESTINATION, +- info, ++ G_FILE_CREATE_REPLACE_DESTINATION | ++ G_FILE_CREATE_PRIVATE, info, + cancellable, error); + else + out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)), +- FALSE, 0, info, ++ FALSE, G_FILE_CREATE_PRIVATE, info, + cancellable, error); + } + else if (flags & G_FILE_COPY_OVERWRITE) +@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile *source, + out = (GOutputStream *)g_file_replace (destination, + NULL, + flags & G_FILE_COPY_BACKUP, +- G_FILE_CREATE_REPLACE_DESTINATION, ++ G_FILE_CREATE_REPLACE_DESTINATION | ++ G_FILE_CREATE_PRIVATE, + cancellable, error); + } + else + { +- out = (GOutputStream *)g_file_create (destination, 0, cancellable, error); ++ out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error); + } + + if (!out) +-- +2.7.4 + diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb index 1271a7c269..879bc48aef 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb @@ -14,6 +14,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://0001-Do-not-ignore-return-value-of-write.patch \ file://0010-Do-not-hardcode-python-path-into-various-tools.patch \ file://date-lt.patch \ + file://CVE-2019-12450.patch \ " SRC_URI_append_class-native = " file://relocate-modules.patch" |