diff options
author | Anuj Mittal <anuj.mittal@intel.com> | 2019-08-19 21:47:10 +0800 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2019-09-04 08:22:03 -0700 |
commit | b7bc9c12219f5c48eb6698e4537f6c0be94ac06a (patch) | |
tree | a07de8fbfe2fe1966cb5e9f6980f622eba8e4497 /meta/recipes-core | |
parent | d2ce91ddd66d2c646b0fe273e66538f2724a5cdb (diff) | |
download | openembedded-core-contrib-b7bc9c12219f5c48eb6698e4537f6c0be94ac06a.tar.gz |
glib-2.0: fix CVE-2019-13012
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-13012.patch | 40 | ||||
-rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb | 1 |
2 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-13012.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-13012.patch new file mode 100644 index 0000000000..c882cba3b3 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-13012.patch @@ -0,0 +1,40 @@ +From 9fd6b4b21891adc318784f6a141f40d767b0d73c Mon Sep 17 00:00:00 2001 +From: Matthias Clasen <mclasen@redhat.com> +Date: Tue, 22 Jan 2019 13:26:31 -0500 +Subject: [PATCH] keyfile settings: Use tighter permissions + +When creating directories, create them with 700 permissions, +instead of 777. + +Closes: #1658 +CVE: CVE-2019-13012 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> + +--- + gio/gkeyfilesettingsbackend.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c +index a37978e..580a0b0 100644 +--- a/gio/gkeyfilesettingsbackend.c ++++ b/gio/gkeyfilesettingsbackend.c +@@ -89,7 +89,8 @@ g_keyfile_settings_backend_keyfile_write (GKeyfileSettingsBackend *kfsb) + + contents = g_key_file_to_data (kfsb->keyfile, &length, NULL); + g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, +- G_FILE_CREATE_REPLACE_DESTINATION, ++ G_FILE_CREATE_REPLACE_DESTINATION | ++ G_FILE_CREATE_PRIVATE, + NULL, NULL, NULL); + + compute_checksum (kfsb->digest, contents, length); +@@ -640,7 +641,7 @@ g_keyfile_settings_backend_new (const gchar *filename, + + kfsb->file = g_file_new_for_path (filename); + kfsb->dir = g_file_get_parent (kfsb->file); +- g_file_make_directory_with_parents (kfsb->dir, NULL, NULL); ++ g_mkdir_with_parents (g_file_peek_path (kfsb->dir), 0700); + + kfsb->file_monitor = g_file_monitor (kfsb->file, 0, NULL, NULL); + kfsb->dir_monitor = g_file_monitor (kfsb->dir, 0, NULL, NULL); diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb index 733a2d46d9..2286d03148 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.58.3.bb @@ -18,6 +18,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://0001-meson.build-do-not-hardcode-linux-as-the-host-system.patch \ file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \ file://glib-meson.cross \ + file://CVE-2019-13012.patch \ " SRC_URI_append_class-native = " file://relocate-modules.patch" |