diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2019-08-02 19:14:55 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2019-08-02 19:14:55 +0100 |
commit | b24bd25253fe093f722ab576d29fdc41d04cb1ee (patch) | |
tree | 0fcf2afd9f852c4d4c291cf8afaa2c244d598105 /dev-libs/glib/files | |
parent | 121ed4eec41fbf03e1998d09eede1bf449da63b9 (diff) |
gentoo resync : 02.08.2019
Diffstat (limited to 'dev-libs/glib/files')
-rw-r--r-- | dev-libs/glib/files/2.58.3-CVE-2019-12450.patch | 53 | ||||
-rw-r--r-- | dev-libs/glib/files/2.58.3-gdbusmessage-limit-fix.patch | 120 |
2 files changed, 173 insertions, 0 deletions
diff --git a/dev-libs/glib/files/2.58.3-CVE-2019-12450.patch b/dev-libs/glib/files/2.58.3-CVE-2019-12450.patch new file mode 100644 index 000000000000..949ac56431f1 --- /dev/null +++ b/dev-libs/glib/files/2.58.3-CVE-2019-12450.patch @@ -0,0 +1,53 @@ +From e6b769819d63d2b24b251dbc9f902fe6fd614da3 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy <oholy@redhat.com> +Date: Thu, 23 May 2019 10:41:53 +0200 +Subject: [PATCH] gfile: Limit access to files when copying + +file_copy_fallback creates new files with default permissions and +set the correct permissions after the operation is finished. This +might cause that the files can be accessible by more users during +the operation than expected. Use G_FILE_CREATE_PRIVATE for the new +files to limit access to those files. +--- + gio/gfile.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/gio/gfile.c b/gio/gfile.c +index 1cc69166a..13b435480 100644 +--- a/gio/gfile.c ++++ b/gio/gfile.c +@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile *source, + out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)), + FALSE, NULL, + flags & G_FILE_COPY_BACKUP, +- G_FILE_CREATE_REPLACE_DESTINATION, +- info, ++ G_FILE_CREATE_REPLACE_DESTINATION | ++ G_FILE_CREATE_PRIVATE, info, + cancellable, error); + else + out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)), +- FALSE, 0, info, ++ FALSE, G_FILE_CREATE_PRIVATE, info, + cancellable, error); + } + else if (flags & G_FILE_COPY_OVERWRITE) +@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile *source, + out = (GOutputStream *)g_file_replace (destination, + NULL, + flags & G_FILE_COPY_BACKUP, +- G_FILE_CREATE_REPLACE_DESTINATION, ++ G_FILE_CREATE_REPLACE_DESTINATION | ++ G_FILE_CREATE_PRIVATE, + cancellable, error); + } + else + { +- out = (GOutputStream *)g_file_create (destination, 0, cancellable, error); ++ out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error); + } + + if (!out) +-- +2.20.1 + diff --git a/dev-libs/glib/files/2.58.3-gdbusmessage-limit-fix.patch b/dev-libs/glib/files/2.58.3-gdbusmessage-limit-fix.patch new file mode 100644 index 000000000000..0828132003d3 --- /dev/null +++ b/dev-libs/glib/files/2.58.3-gdbusmessage-limit-fix.patch @@ -0,0 +1,120 @@ +From 2d655ef8954695cabf9e99cc61411de2bb4cb847 Mon Sep 17 00:00:00 2001 +From: Philip Withnall <withnall@endlessm.com> +Date: Mon, 28 Jan 2019 14:36:42 +0000 +Subject: [PATCH] gdbusmessage: Fix check on upper limit of message size + +There was a typo in the figure checked against. Add a unit test. + +Signed-off-by: Philip Withnall <withnall@endlessm.com> + +https://gitlab.gnome.org/GNOME/glib/issues/1642 +--- + gio/gdbusmessage.c | 2 +- + gio/tests/gdbus-message.c | 72 ++++++++++++++++++++++++++++++++++++++- + 2 files changed, 72 insertions(+), 2 deletions(-) + +diff --git a/gio/gdbusmessage.c b/gio/gdbusmessage.c +index 169e6fd15..2ad51f888 100644 +--- a/gio/gdbusmessage.c ++++ b/gio/gdbusmessage.c +@@ -1984,7 +1984,7 @@ g_dbus_message_bytes_needed (guchar *blob, + "Unable to determine message blob length - given blob is malformed"); + } + +- if (ret > (2<<27)) ++ if (ret > (1<<27)) + { + g_set_error (error, + G_IO_ERROR, +diff --git a/gio/tests/gdbus-message.c b/gio/tests/gdbus-message.c +index 88a9c5d86..74e0f712e 100644 +--- a/gio/tests/gdbus-message.c ++++ b/gio/tests/gdbus-message.c +@@ -141,6 +141,74 @@ message_copy (void) + + /* ---------------------------------------------------------------------------------------------------- */ + ++/* Test g_dbus_message_bytes_needed() returns correct results for a variety of ++ * arbitrary binary inputs.*/ ++static void ++message_bytes_needed (void) ++{ ++ const struct ++ { ++ const guint8 blob[16]; ++ gssize expected_bytes_needed; ++ } ++ vectors[] = ++ { ++ /* Little endian with header rounding */ ++ { { 'l', 0, 0, 1, /* endianness, message type, flags, protocol version */ ++ 50, 0, 0, 0, /* body length */ ++ 1, 0, 0, 0, /* message serial */ ++ 7, 0, 0, 0 /* header length */}, 74 }, ++ /* Little endian without header rounding */ ++ { { 'l', 0, 0, 1, /* endianness, message type, flags, protocol version */ ++ 50, 0, 0, 0, /* body length */ ++ 1, 0, 0, 0, /* message serial */ ++ 8, 0, 0, 0 /* header length */}, 74 }, ++ /* Big endian with header rounding */ ++ { { 'B', 0, 0, 1, /* endianness, message type, flags, protocol version */ ++ 0, 0, 0, 50, /* body length */ ++ 0, 0, 0, 1, /* message serial */ ++ 0, 0, 0, 7 /* header length */}, 74 }, ++ /* Big endian without header rounding */ ++ { { 'B', 0, 0, 1, /* endianness, message type, flags, protocol version */ ++ 0, 0, 0, 50, /* body length */ ++ 0, 0, 0, 1, /* message serial */ ++ 0, 0, 0, 8 /* header length */}, 74 }, ++ /* Invalid endianness */ ++ { { '!', 0, 0, 1, /* endianness, message type, flags, protocol version */ ++ 0, 0, 0, 50, /* body length */ ++ 0, 0, 0, 1, /* message serial */ ++ 0, 0, 0, 8 /* header length */}, -1 }, ++ /* Oversized */ ++ { { 'l', 0, 0, 1, /* endianness, message type, flags, protocol version */ ++ 0, 0, 0, 0x08, /* body length (128MiB) */ ++ 1, 0, 0, 0, /* message serial */ ++ 7, 0, 0, 0 /* header length */}, -1 }, ++ }; ++ gsize i; ++ ++ for (i = 0; i < G_N_ELEMENTS (vectors); i++) ++ { ++ gssize bytes_needed; ++ GError *local_error = NULL; ++ ++ g_test_message ("Vector: %" G_GSIZE_FORMAT, i); ++ ++ bytes_needed = g_dbus_message_bytes_needed ((guchar *) vectors[i].blob, ++ G_N_ELEMENTS (vectors[i].blob), ++ &local_error); ++ ++ if (vectors[i].expected_bytes_needed < 0) ++ g_assert_error (local_error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT); ++ else ++ g_assert_no_error (local_error); ++ g_assert_cmpint (bytes_needed, ==, vectors[i].expected_bytes_needed); ++ ++ g_clear_error (&local_error); ++ } ++} ++ ++/* ---------------------------------------------------------------------------------------------------- */ ++ + int + main (int argc, + char *argv[]) +@@ -151,6 +219,8 @@ main (int argc, + + g_test_add_func ("/gdbus/message/lock", message_lock); + g_test_add_func ("/gdbus/message/copy", message_copy); +- return g_test_run(); ++ g_test_add_func ("/gdbus/message/bytes-needed", message_bytes_needed); ++ ++ return g_test_run (); + } + +-- +2.20.1 + |