mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-08 17:19:20 +00:00
Code Issues Projects Releases Wiki Activity

glib-2.0: Update to 2.60.4

Browse Source 
* For changes, see:
  https://gitlab.gnome.org/GNOME/glib/blob/glib-2-60/NEWS
* Remove backported CVE-2019-12450.patch.

(From OE-Core rev: 82714d374744d55f57d48fd08971e8b952a7bcdd)

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Peter Kjellerstedt
2019-06-27 07:00:49 +02:00
committed by Richard Purdie
parent dc3b7bd2eb
commit ffbd8bd4ca
2 changed files with 2 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch
-62
View File
@@ -1,62 +0,0 @@
glib-2.0: fix CVE-2019-12450
Not in release 2.61.1.
CVE: CVE-2019-12450
Upstream-Status: Backport [github.com/GNOME/glib.git]
Signed-off-by: Joe Slater <joe.slater@windrivere.com>
---
From d8f8f4d637ce43f8699ba94c9b7648beda0ca174 Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Thu, 23 May 2019 10:41:53 +0200
Subject: [PATCH] gfile: Limit access to files when copying
file_copy_fallback creates new files with default permissions and
set the correct permissions after the operation is finished. This
might cause that the files can be accessible by more users during
the operation than expected. Use G_FILE_CREATE_PRIVATE for the new
files to limit access to those files.
---
gio/gfile.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/gio/gfile.c b/gio/gfile.c
index 24b136d80..74b58047c 100644
--- a/gio/gfile.c
+++ b/gio/gfile.c
@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile *source,
out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
FALSE, NULL,
flags & G_FILE_COPY_BACKUP,
- G_FILE_CREATE_REPLACE_DESTINATION,
- info,
+ G_FILE_CREATE_REPLACE_DESTINATION |
+ G_FILE_CREATE_PRIVATE, info,
cancellable, error);
else
out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
- FALSE, 0, info,
+ FALSE, G_FILE_CREATE_PRIVATE, info,
cancellable, error);
}
else if (flags & G_FILE_COPY_OVERWRITE)
@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile *source,
out = (GOutputStream *)g_file_replace (destination,
NULL,
flags & G_FILE_COPY_BACKUP,
- G_FILE_CREATE_REPLACE_DESTINATION,
+ G_FILE_CREATE_REPLACE_DESTINATION |
+ G_FILE_CREATE_PRIVATE,
cancellable, error);
}
else
{
- out = (GOutputStream *)g_file_create (destination, 0, cancellable, error);
+ out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error);
}
if (!out)
--
2.17.1
meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb → meta/recipes-core/glib-2.0/glib-2.0_2.60.4.bb
+2 -3
View File
@@ -16,11 +16,10 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \
file://0001-Do-not-write-bindir-into-pkg-config-files.patch \
file://0001-meson.build-do-not-hardcode-linux-as-the-host-system.patch \
file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \
file://CVE-2019-12450.patch \
"
SRC_URI_append_class-native = " file://relocate-modules.patch"
SRC_URI_append_class-target = " file://glib-meson.cross"
SRC_URI[md5sum] = "112a850caa8d2c21e24d4c9844e8b1fe"
SRC_URI[sha256sum] = "04ab0d560d45790d055f50db2d69974eab8b693a77390075462c56e652b760b9"
SRC_URI[md5sum] = "87e2c4973470811dfed3d6746c961488"
SRC_URI[sha256sum] = "2b941ec5dcb92e5ea83fe42f9eb55a827bc8a12c153ad2489d551c31d04733dd"